IEEE Security and Privacy, S&P 2016


Title/Authors Title Research Artifacts
[?] A research artifact is any by-product of a research project that is not directly included in the published research paper. In Computer Science research this is often source code and data sets, but it could also be media, documentation, inputs to proof assistants, shell-scripts to run experiments, etc.
Details

pASSWORD tYPOS and How to Correct Them Securely

Rahul Chatterjee, Anish Athayle, Devdatta Akhawe, Ari Juels, Thomas Ristenpart

pASSWORD tYPOS and How to Correct Them Securely

Details
Discussion Comments: 0
Verification: Authors have not verified information

Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation

Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Bryan Parno

Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation

Details
Discussion Comments: 0
Verification: Authors have not verified information

Users Really Do Plug in USB Drives They Find

Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, Michael Bailey

Users Really Do Plug in USB Drives They Find

Details
Discussion Comments: 0
Verification: Authors have not verified information

Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study

Khaled Yakdan, Sergej Dechand, Elmar Gerhards-Padilla, Matthew Smith

Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study

Details
Discussion Comments: 0
Verification: Authors have not verified information

Verifiable ASICs

Riad S. Wahby, Max Howald, Siddharth Garg, Abhi Shelat, Michael Walfish

Verifiable ASICs

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Cloak of Visibility: Detecting When Machines Browse a Different Web

Luca Invernizzi, Kurt Thomas, Alexandros Kapravelos, Oxana Comanescu, Jean Michel Picod, Elie Bursztein

Cloak of Visibility: Detecting When Machines Browse a Different Web

Details
Author Comments:
Discussion Comments: 0
Sharing: Not able to share produced artifacts
Verification: Authors have verified information

Prepose: Privacy, Security, and Reliability for Gesture-Based Programming

Lucas Silva Figueiredo, Benjamin Livshits, David Molnar, Margus Veanes

Prepose: Privacy, Security, and Reliability for Gesture-Based Programming

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

SoK: Everyone Hates Robocalls: A Survey of Techniques Against Telephone Spam

Huahong Tu, Adam Doupé, Ziming Zhao, Gail-Joon Ahn

SoK: Everyone Hates Robocalls: A Survey of Techniques Against Telephone Spam

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced no artifacts
Verification: Authors have verified information

CaSE: Cache-Assisted Secure Execution on ARM Processors

Ning Zhang, Kun Sun, Wenjing Lou, Yiwei Thomas Hou

CaSE: Cache-Assisted Secure Execution on ARM Processors

Details
Discussion Comments: 0
Verification: Authors have not verified information

Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways

Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, Kevin R. B. Butler

Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways

Details
Discussion Comments: 0
Verification: Authors have not verified information

Shreds: Fine-Grained Execution Units with Private Memory

Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu

Shreds: Fine-Grained Execution Units with Private Memory

Details
Discussion Comments: 0
Verification: Authors have not verified information

Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS

Kai Chen, Xueqiang Wang, Yi Chen, Peng Wang, Yeonjoon Lee, XiaoFeng Wang, Bin Ma, Aohui Wang, Yingjun Zhang, Wei Zou

Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS

Details
Discussion Comments: 0
Verification: Authors have not verified information

Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts

Ahmed E. Kosba, Andrew Miller, Elaine Shi, Zikai Wen, Charalampos Papamanthou

Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts

Details
Discussion Comments: 0
Verification: Authors have not verified information

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, Bryan Ford

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

Details
Discussion Comments: 0
Verification: Authors have not verified information

MitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era

Qi Alfred Chen, Eric Osterweil, Matthew Thomas, Zhuoqing Morley Mao

MitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era

Details
Discussion Comments: 0
Verification: Authors have not verified information

SoK: Lessons Learned from Android Security Research for Appified Software Platforms

Yasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick D. McDaniel, Matthew Smith

SoK: Lessons Learned from Android Security Research for Appified Software Platforms

Details
Discussion Comments: 0
Verification: Authors have not verified information

Downgrade Resilience in Key-Exchange Protocols

Karthikeyan Bhargavan, Christina Brzuska, Cédric Fournet, Matthew Green, Markulf Kohlweiss, Santiago Zanella Béguelin

Downgrade Resilience in Key-Exchange Protocols

Details
Discussion Comments: 0
Verification: Authors have not verified information

The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information

Suphannee Sivakorn, Iasonas Polakis, Angelos D. Keromytis

The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information

Details
Discussion Comments: 0
Verification: Authors have not verified information

Synthesizing Plausible Privacy-Preserving Location Traces

Vincent Bindschaedler, Reza Shokri

Synthesizing Plausible Privacy-Preserving Location Traces

Details
Discussion Comments: 0
Verification: Authors have not verified information

Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector

Erik Bosman, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida

Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector

Details
Author Comments:
Discussion Comments: 0
Sharing: Not able to share produced artifacts
Verification: Authors have verified information

A2: Analog Malicious Hardware

Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd M. Austin, Dennis Sylvester

A2: Analog Malicious Hardware

Details
Discussion Comments: 0
Verification: Authors have not verified information

Inferring User Routes and Locations Using Zero-Permission Mobile Sensors

Sashank Narain, Triet D. Vo-Huu, Kenneth Block, Guevara Noubir

Inferring User Routes and Locations Using Zero-Permission Mobile Sensors

Details
Discussion Comments: 0
Verification: Authors have not verified information

You Get Where You're Looking for: The Impact of Information Sources on Code Security

Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, Christian Stransky

You Get Where You're Looking for: The Impact of Information Sources on Code Security

Details
Discussion Comments: 0
Verification: Authors have not verified information

Verena: End-to-End Integrity Protection for Web Applications

Nikolaos Karapanos, Alexandros Filios, Raluca Ada Popa, Srdjan Capkun

Verena: End-to-End Integrity Protection for Web Applications

Details
Discussion Comments: 0
Verification: Authors have not verified information

Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search

Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhongyu Pei, Hao Yang, Jianjun Chen, Hai-Xin Duan, Kun Du, Eihal Alowaisheq, Sumayah A. Alrwais, Luyi Xing, Raheem A. Beyah

Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced no artifacts
Verification: Authors have verified information

Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures

Roberto Guanciale, Hamed Nemati, Christoph Baumann, Mads Dam

Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures

Details
Discussion Comments: 0
Verification: Authors have not verified information

SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis

Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Krügel, Giovanni Vigna

SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis

Details
Author Comments: The second link points to the DARPA Cyber Grand Challenge samples. While we didn't produce them, that's the dataset that we used for evaluating angr, so it is included for completeness. Our automatic ROP chain generation system is in the third link and the automatic exploitation system is in the fourth link.
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

LAVA: Large-Scale Automated Vulnerability Addition

Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, William K. Robertson, Frederick Ulrich, Ryan Whelan

LAVA: Large-Scale Automated Vulnerability Addition

Details
Author Comments: The bug corpora have been released publicly; anyone wishing to validate or extend our results can email to request the code of the injection system.
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Multiple Handshakes Security of TLS 1.3 Candidates

Xinyu Li, Jing Xu, Zhenfeng Zhang, Dengguo Feng, Honggang Hu

Multiple Handshakes Security of TLS 1.3 Candidates

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced no artifacts
Verification: Authors have verified information

Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks

Nicolas Papernot, Patrick D. McDaniel, Xi Wu, Somesh Jha, Ananthram Swami

Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks

Details
Discussion Comments: 0
Verification: Authors have not verified information

A Method for Verifying Privacy-Type Properties: The Unbounded Case

Lucca Hirschi, David Baelde, Stéphanie Delaune

A Method for Verifying Privacy-Type Properties: The Unbounded Case

Details
Discussion Comments: 0
Verification: Authors have not verified information

PhotoProof: Cryptographic Image Authentication for Any Set of Permissible Transformations

Assa Naveh, Eran Tromer

PhotoProof: Cryptographic Image Authentication for Any Set of Permissible Transformations

Details
Discussion Comments: 0
Verification: Authors have not verified information

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis

Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis

Details
Discussion Comments: 0
Verification: Authors have not verified information

Security Analysis of Emerging Smart Home Applications

Earlence Fernandes, Jaeyeon Jung, Atul Prakash

Security Analysis of Emerging Smart Home Applications

Details
Discussion Comments: 0
Verification: Authors have not verified information

SoK: Towards Grounding Censorship Circumvention in Empiricism

Michael Carl Tschantz, Sadia Afroz, anonymous, Vern Paxson

SoK: Towards Grounding Censorship Circumvention in Empiricism

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

HDFI: Hardware-Assisted Data-Flow Isolation

Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, Yunheung Paek

HDFI: Hardware-Assisted Data-Flow Isolation

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level

Victor van der Veen, Enes Göktas, Moritz Contag, Andre Pawlowski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, Cristiano Giuffrida

A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks

Kevin Z. Snow, Roman Rogowski, Jan Werner, Hyungjoon Koo, Fabian Monrose, Michalis Polychronakis

Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks

Details
Discussion Comments: 0
Verification: Authors have not verified information

Key Confirmation in Key Exchange: A Formal Treatment and Implications for TLS 1.3

Marc Fischlin, Felix Günther, Benedikt Schmidt, Bogdan Warinschi

Key Confirmation in Key Exchange: A Formal Treatment and Implications for TLS 1.3

Details
Discussion Comments: 0
Verification: Authors have not verified information

Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints

Pierre Laperdrix, Walter Rudametkin, Benoit Baudry

Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints

Details
Discussion Comments: 0
Verification: Authors have not verified information

Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response

Zhen Huang, Mariana D'Angelo, Dhaval Miyani, David Lie

Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response

Details
Author Comments: We have made the infrastructure used by Talos, particularly a static program analysis component, publicly available.
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Back in Black: Towards Formal, Black Box Analysis of Sanitizers and Filters

George Argyros, Ioannis Stais, Aggelos Kiayias, Angelos D. Keromytis

Back in Black: Towards Formal, Black Box Analysis of Sanitizers and Filters

Details
Discussion Comments: 0
Verification: Authors have not verified information

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf

Xiaolong Bai, Luyi Xing, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, Shi-Min Hu

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf

Details
Discussion Comments: 0
Verification: Authors have not verified information

TriggerScope: Towards Detecting Logic Bombs in Android Applications

Yanick Fratantonio, Antonio Bianchi, William K. Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna

TriggerScope: Towards Detecting Logic Bombs in Android Applications

Details
Discussion Comments: 0
Verification: Authors have not verified information

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

William C. Garrison III, Adam Shull, Steven Myers, Adam J. Lee

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

Details
Discussion Comments: 0
Verification: Authors have not verified information

Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication

Cas Cremers, Marko Horvat, Sam Scott, Thyla van der Merwe

Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

SoK: Verifiability Notions for E-Voting Protocols

Véronique Cortier, David Galindo, Ralf Küsters, Johannes Müller, Tomasz Truderung

SoK: Verifiability Notions for E-Voting Protocols

Details
Discussion Comments: 0
Verification: Authors have not verified information

Algorithmic Transparency via Quantitative Input Influence: Theory and Experiments with Learning Systems

Anupam Datta, Shayak Sen, Yair Zick

Algorithmic Transparency via Quantitative Input Influence: Theory and Experiments with Learning Systems

Details
Discussion Comments: 0
Verification: Authors have not verified information

Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks

Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, Zhenkai Liang

Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks

Details
Discussion Comments: 0
Verification: Authors have not verified information

Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains

Chaz Lever, Robert J. Walls, Yacin Nadji, David Dagon, Patrick D. McDaniel, Manos Antonakakis

Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains

Details
Discussion Comments: 0
Verification: Authors have not verified information

Revisiting Square-Root ORAM: Efficient Random Access in Multi-party Computation

Samee Zahur, Xiao Wang, Mariana Raykova, Adrià Gascón, Jack Doerner, David Evans, Jonathan Katz

Revisiting Square-Root ORAM: Efficient Random Access in Multi-party Computation

Details
Author Comments: Please fix the link to the paper to be a non-paywalled version of it: https://oblivc.org/docs/sqoram.pdf I'm not sure if there is a better place to put this, but it seems really obnoxious for a site intended to encourage sharing (or at least, to "shame" people for not sharing) to have this in your FAQ: 9. Do you share your code and data? We will be sharing both shortly. Inevitably, when I hear that from authors, it means they are likely to string us along for several months, and then decide they really don't want to share it. If you are serious about the mission you are advocating for, you need to live up to this with your own work and put all the data you collect into a public repository.
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

TaoStore: Overcoming Asynchronicity in Oblivious Data Storage

Cetin Sahin, Victor Zakhary, Amr El Abbadi, Huijia Lin, Stefano Tessaro

TaoStore: Overcoming Asynchronicity in Oblivious Data Storage

Details
Discussion Comments: 0
Verification: Authors have not verified information

A Practical Oblivious Map Data Structure with Secure Deletion and History Independence

Daniel S. Roche, Adam J. Aviv, Seung Geol Choi

A Practical Oblivious Map Data Structure with Secure Deletion and History Independence

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

High-Speed Inter-Domain Fault Localization

Cristina Basescu, Yue-Hsun Lin, Haoming Zhang, Adrian Perrig

High-Speed Inter-Domain Fault Localization

Details
Discussion Comments: 0
Verification: Authors have not verified information

I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security

Elissa M. Redmiles, Amelia R. Malone, Michelle L. Mazurek

I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced no artifacts
Verification: Authors have verified information