USENIX Security '18 Technical Sessions
Wednesday, August 15, 2018
7:30 am–8:45 am
9:00 am–10:00 am
James Mickens is an associate professor of computer science at Harvard University. His research focuses on the performance, security, and robustness of large-scale distributed web services. Mickens received a B.S. degree in computer science from the Georgia Institute of Technology, and a Ph.D. in computer science from the University of Michigan. Before coming to Harvard, he spent six years as a researcher at Microsoft. He is also the creator of Mickens-do, a martial art so deadly that he refuses to teach it to anyone (including himself).
10:00 am–10:30 am
Break with Refreshments
10:30 am–12:10 pm
Security Impacting the Physical World
Nolen Scaife, Christian Peeters, and Patrick Traynor, University of Florida
Saleh Soltan, Prateek Mittal, and H. Vincent Poor, Princeton University
Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, and Michael Bailey, University of Illinois, Urbana-Champaign
Xuejing Yuan, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Yuxuan Chen, Florida Institute of Technology; Yue Zhao, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Yunhui Long, University of Illinois at Urbana-Champaign; Xiaokang Liu and Kai Chen, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Shengzhi Zhang, Florida Institute of Technology; Heqing Huang, IBM Thomas J. Watson Research Center; Xiaofeng Wang, Indiana University Bloomington; Carl A. Gunter, University of Illinois at Urbana-Champaign
Abraham A Clements, Purdue University and Sandia National Labs; Naif Saleh Almakhdhub, Saurabh Bagchi, and Mathias Payer, Purdue University
Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, and Ahmad-Reza Sadeghi, Technische Universität Darmstadt
Moritz Eckert, Antonio Bianchi, and Ruoyu Wang, University of California, Santa Barbara; Yan Shoshitaishvili, Arizona State University; Christopher Kruegel and Giovanni Vigna, University of California, Santa Barbara
Sam Silvestro, Hongyu Liu, and Tianyi Liu, University of Texas at San Antonio; Zhiqiang Lin, Ohio State University; Tongping Liu, University of Texas at San Antonio
Censorship and Web Privacy
Antoine Vastel, Univ. Lille / Inria / Inria; Pierre Laperdrix, Stony Brook University; Walter Rudametkin, Univ. Lille / Inria / Inria; Romain Rouvoy, Univ. Lille / Inria / IUF
Gertjan Franken, Tom Van Goethem, and Wouter Joosen, imec-Distrinet, KU Leuven
Diogo Barradas, Nuno Santos, and Luís Rodrigues, INESC-ID, Instituto Superior Técnico, Universidade de Lisboa
Benjamin VanderSloot, Allison McDonald, Will Scott, J. Alex Halderman, and Roya Ensafi, University of Michigan
12:10 pm–1:40 pm
1:40 pm–3:20 pm
Understanding How Humans Authenticate
Sanam Ghorbani Lyastani, CISPA, Saarland University; Michael Schilling, Saarland University; Sascha Fahl, Leibniz University Hannover; Sven Bugiel, CISPA, Saarland University; Michael Backes, CISPA Helmholtz Center i.G.
Xianyi Gao, Yulong Yang, Can Liu, Christos Mitropoulos, and Janne Lindqvist, Rutgers University; Antti Oulasvirta, Aalto University
Ingolf Becker, Simon Parkin, and M. Angela Sasse, University College London
Weijia He, University of Chicago; Maximilian Golla, Ruhr-University Bochum; Roshni Padhi and Jordan Ofek, University of Chicago; Markus Dürmuth, Ruhr-University Bochum; Earlence Fernandes, University of Washington; Blase Ur, University of Chicago
Dave (Jing) Tian, Grant Hernandez, Joseph Choi, Vanessa Frost, Christie Raules, Kevin Butler, and Patrick Traynor, University of Florida; Hayawardh Vijayakumar, Lee Harrison, Amir Rahmati, and Mike Grace, Samsung Research America
Seyed Mohammadjavad Seyed Talebi and Hamid Tavakoli, UC Irvine; Hang Zhang and Zheng Zhang, UC Riverside; Ardalan Amiri Sani, UC Irvine; Zhiyun Qian, UC Riverside
Nassim Corteggiani, EURECOM, Maxim Integrated; Giovanni Camurati and Aurélien Francillon, EURECOM
Xuan Feng, Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China; Qiang Li, School of Computer and Information Technology, Beijing Jiaotong University, China; Haining Wang, Department of Electrical and Computer Engineering, University of Delaware, USA; Limin Sun, Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China
Ross Anderson, Cambridge University
Ross Anderson is Professor of Security Engineering at Cambridge University, and leads the Cambridge Cybercrime Centre. He was a pioneer of security economics, peer-to-peer systems, hardware tamper-resistance and API security, and was one of the inventors of the AES finalist encryption algorithm Serpent. He has contributed to industrial standards from prepayment metering to powerline communications, and wrote the textbook Security Engineering—A Guide to Building Dependable Distributed Systems.
If recent events involving the security of information and operations have taught us anything, it is that cybersecurity and the way cybersecurity risks are managed are no longer solely the domain of computer scientists. Cybersecurity risk management issues are becoming increasingly familiar topics in C-suites and boardrooms. The National Institute of Standards and Technology (NIST) began its program almost 50 years ago focusing on both advanced technologies as well as cybersecurity risk management. Today, NIST conducts foundational and applied cybersecurity research to produce and advance cybersecurity standards, best practices, measurements, and reference resources to address this fundamental question—is cybersecurity about business or technology?
Donna Dodson is the Chief Cybersecurity Advisor for the National Institute of Standards and Technology and Director of the National Cybersecurity Center of Excellence (NCCoE). Since joining NIST in 1987, Donna has been selected as a Fed 100 winner for innovations in cybersecurity, as one of the top 10 influential people in government IT in 2011, and as one of Fed Scoop’s Top 50 D.C. Women in Tech.
3:20 pm–3:50 pm
Break with Refreshments
3:50 pm–5:30 pm
James C. Davis, Eric R. Williamson, and Dongyoon Lee, Virginia Tech
Cristian-Alexandru Staicu and Michael Pradel, TU Darmstadt
Abeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, and V.N. Venkatakrishnan, UIC
Wei Meng, Chinese University of Hong Kong; Chenxiong Qian, Georgia Institute of Technology; Shuang Hao, University of Texas at Dallas; Kevin Borgolte, Giovanni Vigna, and Christopher Kruegel, University of California, Santa Barbara; Wenke Lee, Georgia Institute of Technology
Philipp Winter, Anne Edmundson, Laura M. Roberts, Marshini Chetty, and Nick Feamster, Princeton University
Armon Barton, University of Texas at Arlington; Matthew Wright, Rochester Institute of Technology; Jiang Ming and Mohsen Imani, University of Texas at Arlington
Nirvan Tyagi, Cornell Tech; Muhammad Haris Mughees, Cornell Tech and UIUC; Thomas Ristenpart and Ian Miers, Cornell Tech
George Kappos, Haaroon Yousaf, Mary Maller, and Sarah Meiklejohn, University College London
Rethinking Architectures and Abstraction for a World Where Security Improvements Matter More than Performance Gains
Paul Kocher is an entrepreneur and researcher focused on cryptography and data security and is currently exploring independent research topics. Areas of interest include trade-offs between complexity/performance and security, as well as how computer systems could be architected to reduce the likelihood and severity of exploitable security vulnerabilities. One of the results of this work discovering a class of vulnerabilities (which I named Spectre) arising from the use of speculative execution in microprocessors.
Paul was elected to the National Academy of Engineering in 2009 for contributions to cryptography and Internet security. He's a member of the Forum on Cyber Resilience, which is a National Academies roundtable. He's also a member of the Cybersecurity Hall of Fame and is a frequent speaker on security topics.
Monica Lam, Stanford University
Dr. Monica Lam has been a Professor of Computer Science at Stanford University since 1988, and is the Faculty Director of the Stanford MobiSocial Computing Laboratory. Starting from 2008, as a co-PI of the NSF Programmable Open Mobile Internet (POMI) 2020 Expedition, she has focused on creating open software to protect user privacy and disrupt monopolies. She is currently leading Almond, an open programmable virtual assistant project, which protects privacy through user-friendly decentralized systems.
Dr. Lam has made significant contributions to the fields of compilers and architectures for high-performance computing, and open communication platforms for mobile computing. Her research results have been widely used in academia as well as in industry, including two startups she helped found: Tensilica, a configurable processor core company and Omlet, an open mobile-gaming social network company.
Prof. Lam is an ACM Fellow, has won ACM-SIGARCH, ACM-PLDI, ACM-SIGSOFT Most Influential and Best Paper Awards, and has published over 150 papers on compilers, computer architecture, operating systems, high-performance computing, databases, security, and human-computer interaction. She is an author of the Compilers: Principles, Techniques, & Tools, also known as the ``Dragon Book'', the definitive text on compiler technology. She received a B.Sc. from University of British Columbia (1980) and a Ph.D. from Carnegie Mellon University (1987).
6:00 pm–7:30 pm
USENIX Security '18 ReceptionMingle with fellow attendees at the USENIX Security '18 Reception, featuring dinner, drinks, and the chance to connect with other attendees, speakers, and symposium organizers
USENIX Security '18 Lightning TalksThis is intended as an informal session for short and engaging presentations on recent unpublished results, work in progress, or other topics of interest to USENIX Security attendees. As in the past, talks do not always need to be serious and funny talks are encouraged! This year, USENIX will generously sponsor awards for the most engaging talks. Bragging rights and small cash prizes can be yours for a great talk! For full consideration, submit your lightning talk via the lighting talk submission form through July 27, 2018. Only talks submitted by this deadline will be considered for the awards. You can continue submitting talks via the submission form or by emailing email@example.com until Wednesday, August 15, 2018, 12:00 pm EDT.
Thursday, August 16, 2018
8:00 am–9:00 am
9:00 am–10:40 am
Privacy in a Digital World
José González Cabañas, Ángel Cuevas, and Rubén Cuevas, Department of Telematic Engineering, Universidad Carlos III de Madrid
Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide?
Wajih Ul Hassan, Saad Hussain, and Adam Bates, University Of Illinois Urbana-Champaign
AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning
Jinyuan Jia and Neil Zhenqiang Gong, Iowa State University
Hamza Harkous, EPFL; Kassem Fawaz, University of Wisconsin-Madison; Rémi Lebret, EPFL; Florian Schaub and Kang G. Shin, University of Michigan; Karl Aberer, EPFL
Attacks on Crypto & Crypto Libraries
Damian Poddebniak, Münster University of Applied Sciences; Jens Müller, Ruhr University Bochum; Christian Dresen, Fabian Ising, and Sebastian Schinzel, Münster University of Applied Sciences; Simon Friedberger, KU Leuven; Juraj Somorovsky and Jörg Schwenk, Ruhr University Bochum
Martin Grothe, Dennis Felsch, and Jörg Schwenk, Ruhr-University Bochum; Adam Czubak and Marcin Szymanek, University of Opole
Monjur Alam, Haider Adnan Khan, Moumita Dey, Nishith Sinha, Robert Callan, Alenka Zajic, and Milos Prvulovic, Georgia Tech
Samuel Weiser, Graz University of Technology; Andreas Zankl, Fraunhofer AISEC; Raphael Spreitzer, Graz University of Technology; Katja Miller, Fraunhofer AISEC; Stefan Mangard, Graz University of Technology; Georg Sigl, Technical University of Munich
Wenyuan Xu, Zhejiang University
With the rapid development of sensing technologies, an increasing number of devices rely on sensors to measure environments or human beings and to control actuators. For instance, smartphones have a rich set of sensors, which range from accelerometers, microphones, to gyroscopes. Voice controllable systems rely on microphones to record voice command and autonomous vehicles depend on the barrier detection sensors to make driving decisions. Such a trend incurs new threats jeopardizing the system security and user privacy. In this talk, we show a collection of threats against the integrity of sensors and their impact on the systems level. For instance, we show that interference (EMI) can alter the measurement of analog sensors and thus affect the reliability of a close loop system. Finally, we discuss defense solutions that can improve the security of sensors.
Wenyuan Xu is a professor in the college of Electrical Engineering, Zhejiang University. She received her B.S. degree in electrical engineering with the highest honor from Zhejiang University in 1998, an M.S. degree in computer science and engineering from Zhejiang University in 2001, and the Ph.D. degree in electrical and computer engineering from Rutgers University in 2007. She was an associate professor in the Department of Computer Science and Engineering, University of South Carolina. Her research interests include embedded system security, smart grid security, and smart systems security. Dr. Xu is a co-author of the book Securing Emerging Wireless Systems: Lower-layer Approaches, Springer, 2009. She received the United State NSF Career Award in 2009 and was selected as the 1000 Young talents of China in 2012. She obtained an ACM CCS best paper award in 2017 and listed on the security researcher hall of fame in 2014 and 2016. She has served on the technical program committees for several IEEE/ACM conferences on wireless networking and security, and she currently serves as the associate editor of TOSN.
Vijay Balasubramaniyan, CEO and Founder, Pindrop
Vijay Balasubramaniyan is Co-Founder, CEO & CTO of Pindrop. He’s held various engineering and research roles with Google, Siemens, IBM Research and Intel.
Vijay holds patents in VoIP security and scalability and he frequently speaks on phone fraud threats at technical conferences, including RSA, Black Hat, FS-ISAC, CCS and ICDCS. Vijay earned a PhD in Computer Science from Georgia Institute of Technology. His PhD thesis was on telecommunications security.
10:40 am–11:10 am
Break with Refreshments
11:10 am–12:00 pm
Rock Stevens, Daniel Votipka, and Elissa M. Redmiles, University of Maryland; Colin Ahern, NYC Cyber Command; Patrick Sweeney, Wake Forest University; Michelle L. Mazurek, University of Maryland
Peng Gao, Princeton University; Xusheng Xiao, Case Western Reserve University; Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, and Chung Hwan Kim, NEC Labs America; Sanjeev R. Kulkarni and Prateek Mittal, Princeton University
Jonathan Frankle, Sunoo Park, Daniel Shaar, Shafi Goldwasser, and Daniel Weitzner, Massachusetts Institute of Technology
Howard Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, and Ion Stoica, UC Berkeley
Roland Meier and Petar Tsankov, ETH Zurich; Vincent Lenders, armasuisse; Laurent Vanbever and Martin Vechev, ETH Zurich
Zhiheng Liu, Zhen Zhang, Yinzhi Cao, Zhaohan Xi, and Shihao Jing, Lehigh University; Humberto La Roche, Cisco Systems
12:00 pm–1:30 pm
USENIX Security '18 Luncheon
Sponsored by Facebook
The Internet Defense Prize will be presented at the USENIX Security '18 Luncheon.
1:30 pm–3:10 pm
Fuzzing and Exploit Generation
Shankara Pailoor, Andrew Aday, and Suman Jana, Columbia University
Insu Yun, Sangho Lee, and Meng Xu, Georgia Institute of Technology; Yeongjin Jang, Oregon State University; Taesoo Kim, Georgia Institute of Technology
Sean Heelan, Tom Melham, and Daniel Kroening, University of Oxford
Wei Wu, University of Chinese Academy of Sciences; Yueqi Chen, Jun Xu, and Xinyu Xing, Penn State University; Wei Zou and Xiaorui Gong, University of Chinese Academy of Sciences
TLS and PKI
Mark O'Neill, Scott Heidbrink, Jordan Whitehead, Tanner Perdue, Luke Dickinson, Torstein Collett, Matthew Martindale, Kent Seamons, and Daniel Zappala, Brigham Young University
Hanno Böck, unaffiliated; Juraj Somorovsky, Ruhr-Universität Bochum, Hackmanit GmbH; Craig Young, Tripwire VERT
Henry Birge-Lee, Yixin Sun, Annie Edmundson, Jennifer Rexford, and Prateek Mittal, Princeton University
Doowon Kim and Bum Jun Kwon, University of Maryland, College Park; Kristián Kozák, Masaryk University, Czech Republic; Christopher Gates, Symantec; Tudor Dumitraș, University of Maryland, College Park
Anh Quach and Aravind Prakash, Binghamton University; Lok Kwong Yan, Air Force Research Laboratory
Hang Zhang and Zhiyun Qian, University of California, Riverside
From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild
Chaowei Xiao and Armin Sarabi, University of Michigan; Yang Liu, Harvard University; Bo Li, University of California, Berkeley; Mingyan Liu, University of Michigan; Tudor Dumitras, University of Maryland
Dongliang Mu, Nanjing University; Alejandro Cuevas, The Pennsylvania State University; Limin Yang, East China Normal University; Hang Hu and Gang Wang, Virginia Polytechnic Institute and State University; Xinyu Xing, The Pennsylvania State University; Bing Mao, Nanjing University
3:10 pm–3:40 pm
Break with Refreshments
3:40 pm–5:20 pm
Jo Van Bulck, Frank Piessens, and Raoul Strackx, imec-DistriNet, KU Leuven
Stephan van Schaik, Kaveh Razavi, Cristiano Giuffrida, and Herbert Bos, Vrije Universiteit Amsterdam
Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida, VU University Amsterdam
Moritz Lipp, Michael Schwarz, and Daniel Gruss, Graz University of Technology; Thomas Prescher and Werner Haas, Cyberus Technology; Anders Fogh, G DATA Advanced Analytics; Jann Horn, Google Project Zero; Stefan Mangard, Graz University of Technology; Paul Kocher, unaffiliated; Daniel Genkin, University of Pennsylvania and University of Maryland; Yuval Yarom, University of Adelaide and Data61; Mike Hamburg, Rambus, Cryptography Research Division
Rolf van Wegberg and Samaneh Tajalizadehkhoob, Delft University of Technology; Kyle Soska, Carnegie Mellon University; Ugur Akyazi, Carlos Hernandez Ganan, and Bram Klievink, Delft University of Technology; Nicolas Christin, Carnegie Mellon University; Michel van Eeten, Delft University of Technology
Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces
Kan Yuan, Indiana University Bloomington; Haoran Lu and Xiaojing Liao, College of William & Mary; XiaoFeng Wang, Indiana University Bloomington
Mohammad Rezaeirad, George Mason University; Brown Farinholt, University of California, San Diego; Hitesh Dharmdasani, Informant Networks; Paul Pearce, University of California, Berkeley; Kirill Levchenko, University of California, San Diego; Damon McCoy, New York University
Leah Zhang-Kennedy, University of Waterloo, Stratford Campus; Hala Assal, Jessica Rocheleau, Reham Mohamed, Khadija Baig, and Sonia Chiasson, Carleton University
Moderator: Nick Feamster, Princeton University
Amit Elazari Bar On, Doctoral Candidate, Berkeley Law, Center for Long-Term Cybersecurity Grantee
Bug Bounties are one of the fastest growing, popular and cost-effective ways for companies to engage with the security community and find unknown security vulnerabilities. Now it’s time to make them fair to the most important element in the Internet’s immune system: security researchers. This talk will showcase how lacking policies in bug bounty programs put hackers at legal risk and affect their incentives, and how to fix this problem that affects all of us, researchers, security practitioners and technology users.
Amit is a Doctoral Law Candidate at UC Berkeley School of Law and a Berkeley Center for Long-Term Cybersecurity Grantee. She graduated Summa Cum Laude from her LL.M. (Master of Laws), LL.B. (Law) and B.A. (Business Administration) from IDC, Israel. Her research work on technology law has been published in leading legal and privacy journals, presented in conferences such as RSA, USENIX Enigma, BsidesLV and DEF CON-Skytalks, and featured in popular news sites such as Vice (Motherboard), the Washington Post and The Guardian. Additionally, Amit teaches at Berkeley’s Legal Studies program and serves as the submissions editor of BTLJ, the world’s leading Tech Law Journal.
6:00 pm–7:30 pm
USENIX Security '18 Poster Session and Happy HourTo submit a poster, please submit a draft of your poster, in PDF (maximum size 36" by 48"), or a one-page abstract via the poster session submission form, by Thursday, July 5, 2018, 9:00 pm PDT. Decisions will be made by Thursday, July 12, 2018. Posters will not be included in the proceedings but may be made available online if circumstances permit. Poster submissions must include the authors’ names, affiliations, and contact information. At least one author of each accepted poster must register for and attend the Symposium to present the poster.
Friday, August 17, 2018
8:00 am–9:00 am
9:00 am–10:40 am
Web and Network Measurement
Jianjun Chen, Tsinghua University, Tsinghua National Laboratory for Information Science and Technology; Jian Jiang, Shape Security; Haixin Duan, Institute for Network Science and Cyber Space, Tsinghua University; Tao Wan, Huawei Canada; Shuo Chen, Microsoft Research Redmond; Vern Paxson, UC Berkeley, ICSI; Min Yang, Fudan University
Hang Hu and Gang Wang, Virginia Tech
Who Is Answering My Queries: Understanding and Characterizing Illegal Interception of DNS Resolution Path at ISP Level
Baojun Liu, Chaoyi Lu, Haixin Duan, and Ying Liu, Tsinghua University; Zhou Li, IEEE member; Shuang Hao, University of Texas at Dallas; Min Yang, Fudan University
Shuai Hao, Yubao Zhang, and Haining Wang, University of Delaware; Angelos Stavrou, George Mason University
Jonathan P. Chapman, Fraunhofer FKIE
Samuel Schüppen, RWTH Aachen University; Dominik Teubert, Siemens CERT; Patrick Herrmann and Ulrike Meyer, RWTH Aachen University
Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, and Min Yang, Fudan University; Xiaofeng Wang, Indiana University, Bloomington; Long Lu, Northeastern University; Haixin Duan, Tsinghua University
Ashton Webster, Ryan Eckenrod, and James Purtilo, University of Maryland
Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University
The First Crypto War were fought over end-to-end encryption for communications, and appeared largely over as a result of the EU's and US's loosening of export regulations in the late 1990s. The Second Crypto War, which began rearing its head shortly after the First Crypto War ended, appears to be about end-to-end encryption and locked mobile devices. It looks as if law enforcement is seeking exceptional access—access to encrypted communications and secured devices—through regulation or legislation.
But things are seldom as they seem, and so it is with the Second Crypto War. I'll discuss why the fight is really over locked devices, the security risks involved should law enforcement's desires win out, and why end-to-end encrypted communications are here to stay.
Susan Landau is Bridge Professor of Cyber Security and Policy at Tufts University. Landau has testified before Congress and frequently briefed US and European policymakers on encryption, surveillance, and cybersecurity issues. Landau has been a Senior Staff Privacy Analyst at Google, a Distinguished Engineer at Sun Microsystems, and a faculty member at Worcester Polytechnic Institute, the University of Massachusetts Amherst and Wesleyan University. She is a member of the Cybersecurity Hall of Fame, and an AAAS and ACM Fellow.
Suzanne B. Schwartz, US Food and Drug Administration
Suzanne B. Schwartz, MD, MBA is the Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices & Radiological Health (CDRH). She chairs CDRH’s Cybersecurity Working Group and co-chairs the Healthcare and Public Health Government Coordinating Council. Suzanne graduated from Albert Einstein College of Medicine, trained in General Surgery and Burn Trauma at Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business, and completed Harvard’s National Preparedness Leadership Initiative. Suzanne was recently recognized for Excellence in Innovation at FDA’s Women’s History Month for her work in Medical Device Cybersecurity.
10:40 am–11:10 am
Break with Refreshments
11:10 am–12:00 pm
Subverting Hardware Protections
Andrea Biondo and Mauro Conti, University of Padua; Lucas Davi, University of Duisburg-Essen; Tommaso Frassetto and Ahmad-Reza Sadeghi, Technische Universität Darmstadt
Seunghun Han, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim, National Security Research Institute
Michelle Y. Wong and David Lie, University of Toronto
Discovering Vulnerabilities in Security-Focused Static Analysis Tools for Android using Systematic Mutation
Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, and Denys Poshyvanyk, College of William & Mary
Attacks on Systems That Learn
Bolun Wang, UC Santa Barbara; Yuanshun Yao, Bimal Viswanath, Haitao Zheng, and Ben Y. Zhao, University of Chicago
Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daume III, and Tudor Dumitras, University of Maryland
12:00 pm–1:30 pm
Lunch (on your own)
1:30 pm–3:10 pm
Johannes Krupp and Christian Rossow, CISPA
Lorenz Breindenbach, ETH Zurich; Phil Daian, Cornell Tech; Florian Tramer, Stanford University; Ari Juels, Cornell Tech Jacobs Institute
Harry Kalodner, Steven Goldfeder, Xiaoqi Chen, Matt Weinberg, and Edward Felten, Princeton University
Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, and Michael Bailey, University of Illinois, Urbana-Champaign
Executing in Untrusted Environments
Sinisa Matetic and Moritz Schneider, ETH Zurich; Andrew Miller, UIUC; Ari Juels, Cornell Tech; Srdjan Capkun, ETH Zurich
Russell W. F. Lai and Christoph Egger, Friedrich-Alexander-University Erlangen-Nürnberg; Manuel Reinert, Saarland University; Sherman S. M. Chow, The Chinese University of Hong Kong; Matteo Maffei, TU Wien; Dominique Schröder, Friedrich-Alexander-University Erlangen-Nürnberg
Yuqiong Sun, Symantec Research Labs; David Safford, GE Global Research; Mimi Zohar, Dimitrios Pendarakis, and Zhongshu Gu, IBM Research; Trent Jaeger, Pennsylvania State University
Xiaowan Dong, Zhuojia Shen, and John Criswell, University of Rochester; Alan Cox, Rice University; Sandhya Dwarkadas, University of Rochester
Ronghai Yang, Wing Cheong Lau, Jiongyi Chen, and Kehuan Zhang, The Chinese University of Hong Kong
O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web
Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, and Jason Polakis, University of Illinois at Chicago
Stefano Calzavara and Riccardo Focardi, Università Ca' Foscari Venezia; Matteo Maffei and Clara Schneidewind, TU Wien; Marco Squarcina and Mauro Tempesta, Università Ca' Foscari Venezia
Thanh Bui and Siddharth Prakash Rao, Aalto University; Markku Antikainen, University of Helsinki; Viswanathan Manihatty Bojan and Tuomas Aura, Aalto University
3:10 pm–3:40 pm
Break with Refreshments
3:40 pm–5:20 pm
Kexiong (Curtis) Zeng, Virginia Tech; Shinan Liu, University of Electronic Science and Technology of China; Yuanchao Shu, Microsoft Research; Dong Wang, Haoyu Li, Yanzhi Dou, Gang Wang, and Yaling Yang, Virginia Tech
Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors
Yazhou Tu, University of Louisiana at Lafayette; Zhiqiang Lin, Ohio State University; Insup Lee, University of Pennsylvania; Xiali Hei, University of Louisiana at Lafayette
Tom Chothia, Univ. of Birmingham; Joeri de Ruiter, Radboud University Nijmegen; Ben Smyth, University of Luxembourg
Weiteng Chen and Zhiyun Qian, University of California, Riverside
Shiqi Wang, Kexin Pei, Justin Whitehouse, Junfeng Yang, and Suman Jana, Columbia University
Yossi Adi and Carsten Baum, Bar Ilan University; Moustapha Cisse, Facebook AI Research; Benny Pinkas and Joseph Keshet, Bar Ilan University
Rakshith Shetty, Bernt Schiele, and Mario Fritz, Max Planck Institute for Informatics
Chiraag Juvekar, Vinod Vaikuntanathan, and Anantha Chandrakasan, MIT
Xiang Pan, Google Inc.; Yinzhi Cao, Lehigh University; Xuechao Du, Zhejiang University; Gan Fang, Northwestern University; Rui Shao, Zhejiang University; Yan Chen, Northwestern University
Z. Berkay Celik, The Pennsylvania State University; Leonardo Babun, Amit Kumar Sikder, and Hidayet Aksu, Florida International University; Gang Tan and Patrick McDaniel, The Pennsylvania State University; A. Selcuk Uluagac, Florida International University
Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, and Wenke Lee, Georgia Institute of Technology
Md Nahid Hossain, Junao Wang, R. Sekar, and Scott D. Stoller, Stony Brook University