USENIX Security '18 Technical Sessions

USENIX Security '18 Program Grid

Download the program in grid format (PDF). (Updated 6/15/18)

Wednesday, August 15, 2018

7:30 am–8:45 am

Continental Breakfast

8:45 am–9:00 am

Opening Remarks and Awards

Program Co-Chairs William Enck, North Carolina State University, and Adrienne Porter Felt, Google

9:00 am–10:00 am

Keynote Address


James Mickens, Harvard University

James Mickens is an associate professor of computer science at Harvard University. His research focuses on the performance, security, and robustness of large-scale distributed web services. Mickens received a B.S. degree in computer science from the Georgia Institute of Technology, and a Ph.D. in computer science from the University of Michigan. Before coming to Harvard, he spent six years as a researcher at Microsoft. He is also the creator of Mickens-do, a martial art so deadly that he refuses to teach it to anyone (including himself).

10:00 am–10:30 am

Break with Refreshments

10:30 am–12:10 pm

Track 1

Security Impacting the Physical World

CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition

Xuejing Yuan, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Yuxuan Chen, Florida Institute of Technology; Yue Zhao, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Yunhui Long, University of Illinois at Urbana-Champaign; Xiaokang Liu and Kai Chen, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Shengzhi Zhang, Florida Institute of Technology; Heqing Huang, IBM Thomas J. Watson Research Center; Xiaofeng Wang, Indiana University Bloomington; Carl A. Gunter, University of Illinois at Urbana-Champaign

Track 2

Memory Defenses

Track 3

Censorship and Web Privacy

12:10 pm–1:40 pm

Lunch (on your own)

The Career Luncheon for Students and Recent Grads will occur at this time.

1:40 pm–3:20 pm

Track 1

Understanding How Humans Authenticate

Track 2

Vulnerability Discovery

Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices

Xuan Feng, Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China; Qiang Li, School of Computer and Information Technology, Beijing Jiaotong University, China; Haining Wang, Department of Electrical and Computer Engineering, University of Delaware, USA; Limin Sun, Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China

Track 3

Invited Talks

Privacy for Tigers

Ross Anderson, Cambridge University

 

Ross Anderson, Cambridge University

Ross Anderson is Professor of Security Engineering at Cambridge University, and leads the Cambridge Cybercrime Centre. He was a pioneer of security economics, peer-to-peer systems, hardware tamper-resistance and API security, and was one of the inventors of the AES finalist encryption algorithm Serpent. He has contributed to industrial standards from prepayment metering to powerline communications, and wrote the textbook Security Engineering—A Guide to Building Dependable Distributed Systems.

Cybersecurity: Is It about Business or Technology?

Donna Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Technology

If recent events involving the security of information and operations have taught us anything, it is that cybersecurity and the way cybersecurity risks are managed are no longer solely the domain of computer scientists. Cybersecurity risk management issues are becoming increasingly familiar topics in C-suites and boardrooms. The National Institute of Standards and Technology (NIST) began its program almost 50 years ago focusing on both advanced technologies as well as cybersecurity risk management. Today, NIST conducts foundational and applied cybersecurity research to produce and advance cybersecurity standards, best practices, measurements, and reference resources to address this fundamental question—is cybersecurity about business or technology?

Donna Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Technology

Donna Dodson is the Chief Cybersecurity Advisor for the National Institute of Standards and Technology and Director of the National Cybersecurity Center of Excellence (NCCoE). Since joining NIST in 1987, Donna has been selected as a Fed 100 winner for innovations in cybersecurity, as one of the top 10 influential people in government IT in 2011, and as one of Fed Scoop’s Top 50 D.C. Women in Tech.

3:20 pm–3:50 pm

Break with Refreshments

3:50 pm–5:30 pm

Track 1

Web Applications

Track 2

Anonymity

Track 3

Invited Talks

Rethinking Architectures and Abstraction for a World Where Security Improvements Matter More than Performance Gains

Paul Kocher

 

Paul Kocher

Paul Kocher is an entrepreneur and researcher focused on cryptography and data security and is currently exploring independent research topics. Areas of interest include trade-offs between complexity/performance and security, as well as how computer systems could be architected to reduce the likelihood and severity of exploitable security vulnerabilities. One of the results of this work discovering a class of vulnerabilities (which I named Spectre) arising from the use of speculative execution in microprocessors.

Paul was elected to the National Academy of Engineering in 2009 for contributions to cryptography and Internet security. He's a member of the Forum on Cyber Resilience, which is a National Academies roundtable. He's also a member of the Cybersecurity Hall of Fame and is a frequent speaker on security topics.

Solving the Next Billion-People Privacy Problem

Monica Lam, Stanford University

 

Monica Lam, Stanford University

Dr. Monica Lam has been a Professor of Computer Science at Stanford University since 1988, and is the Faculty Director of the Stanford MobiSocial Computing Laboratory. Starting from 2008, as a co-PI of the NSF Programmable Open Mobile Internet (POMI) 2020 Expedition, she has focused on creating open software to protect user privacy and disrupt monopolies. She is currently leading Almond, an open programmable virtual assistant project, which protects privacy through user-friendly decentralized systems.

Dr. Lam has made significant contributions to the fields of compilers and architectures for high-performance computing, and open communication platforms for mobile computing. Her research results have been widely used in academia as well as in industry, including two startups she helped found: Tensilica, a configurable processor core company and Omlet, an open mobile-gaming social network company.

Prof. Lam is an ACM Fellow, has won ACM-SIGARCH, ACM-PLDI, ACM-SIGSOFT Most Influential and Best Paper Awards, and has published over 150 papers on compilers, computer architecture, operating systems, high-performance computing, databases, security, and human-computer interaction. She is an author of the Compilers: Principles, Techniques, & Tools, also known as the ``Dragon Book'', the definitive text on compiler technology. She received a B.Sc. from University of British Columbia (1980) and a Ph.D. from Carnegie Mellon University (1987).

6:00 pm–7:30 pm

USENIX Security '18 Reception

Mingle with fellow attendees at the USENIX Security '18 Reception, featuring dinner, drinks, and the chance to connect with other attendees, speakers, and symposium organizers

7:30 pm–8:30pm

USENIX Security '18 Lightning Talks

This is intended as an informal session for short and engaging presentations on recent unpublished results, work in progress, or other topics of interest to USENIX Security attendees. As in the past, talks do not always need to be serious and funny talks are encouraged! This year, USENIX will generously sponsor awards for the most engaging talks. Bragging rights and small cash prizes can be yours for a great talk! For full consideration, submit your lightning talk via the lighting talk submission form through July 27, 2018. Only talks submitted by this deadline will be considered for the awards. You can continue submitting talks via the submission form or by emailing sec18lightning@usenix.org until Wednesday, August 15, 2018, 12:00 pm EDT.

Thursday, August 16, 2018

8:00 am–9:00 am

Continental Breakfast

9:00 am–10:40 am

Track 1

Privacy in a Digital World

Track 2

Attacks on Crypto & Crypto Libraries

Track 3

Invited Talks

Analogy Cyber Security—From 0101 to Mixed Signals

Wenyuan Xu, Zhejiang University

With the rapid development of sensing technologies, an increasing number of devices rely on sensors to measure environments or human beings and to control actuators. For instance, smartphones have a rich set of sensors, which range from accelerometers, microphones, to gyroscopes. Voice controllable systems rely on microphones to record voice command and autonomous vehicles depend on the barrier detection sensors to make driving decisions. Such a trend incurs new threats jeopardizing the system security and user privacy. In this talk, we show a collection of threats against the integrity of sensors and their impact on the systems level. For instance, we show that interference (EMI) can alter the measurement of analog sensors and thus affect the reliability of a close loop system. Finally, we discuss defense solutions that can improve the security of sensors.

Wenyuan Xu, Zhejiang University

Wenyuan Xu is a professor in the college of Electrical Engineering, Zhejiang University. She received her B.S. degree in electrical engineering with the highest honor from Zhejiang University in 1998, an M.S. degree in computer science and engineering from Zhejiang University in 2001, and the Ph.D. degree in electrical and computer engineering from Rutgers University in 2007. She was an associate professor in the Department of Computer Science and Engineering, University of South Carolina. Her research interests include embedded system security, smart grid security, and smart systems security. Dr. Xu is a co-author of the book Securing Emerging Wireless Systems: Lower-layer Approaches, Springer, 2009. She received the United State NSF Career Award in 2009 and was selected as the 1000 Young talents of China in 2012. She obtained an ACM CCS best paper award in 2017 and listed on the security researcher hall of fame in 2014 and 2016. She has served on the technical program committees for several IEEE/ACM conferences on wireless networking and security, and she currently serves as the associate editor of TOSN.

Title TBA

Vijay Balasubramaniyan, CEO and Founder, Pindrop

 

Vijay Balasubramaniyan, CEO and Founder, Pindrop

Vijay Balasubramaniyan is Co-Founder, CEO & CTO of Pindrop. He’s held various engineering and research roles with Google, Siemens, IBM Research and Intel.

Vijay holds patents in VoIP security and scalability and he frequently speaks on phone fraud threats at technical conferences, including RSA, Black Hat, FS-ISAC, CCS and ICDCS. Vijay earned a PhD in Computer Science from Georgia Institute of Technology. His PhD thesis was on telecommunications security.

10:40 am–11:10 am

Break with Refreshments

11:10 am–12:00 pm

Track 1

Enterprise Security

Track 2
Track 3

12:00 pm–1:30 pm

USENIX Security '18 Luncheon

Sponsored by Facebook
The Internet Defense Prize will be presented at the USENIX Security '18 Luncheon.

1:30 pm–3:10 pm

Track 1

Fuzzing and Exploit Generation

Track 2

TLS and PKI

Track 3

Vulnerability Mitigations

3:10 pm–3:40 pm

Break with Refreshments

3:40 pm–5:20 pm

Track 1

Side Channels

Meltdown: Reading Kernel Memory from User Space

Moritz Lipp, Michael Schwarz, and Daniel Gruss, Graz University of Technology; Thomas Prescher and Werner Haas, Cyberus Technology; Anders Fogh, G DATA Advanced Analytics; Jann Horn, Google Project Zero; Stefan Mangard, Graz University of Technology; Paul Kocher, unaffiliated; Daniel Genkin, University of Pennsylvania and University of Maryland; Yuval Yarom, University of Adelaide and Data61; Mike Hamburg, Rambus, Cryptography Research Division

Track 2

Cybercrime

Track 3

Invited Talks

The Law and Economics of Bug Bounties

Amit Elazari Bar On, Doctoral Candidate, Berkeley Law, Center for Long-Term Cybersecurity Grantee

Bug Bounties are one of the fastest growing, popular and cost-effective ways for companies to engage with the security community and find unknown security vulnerabilities. Now it’s time to make them fair to the most important element in the Internet’s immune system: security researchers. This talk will showcase how lacking policies in bug bounty programs put hackers at legal risk and affect their incentives, and how to fix this problem that affects all of us, researchers, security practitioners and technology users.

Amit Elazari Bar On, Doctoral Candidate, Berkeley Law, Center for Long-Term Cybersecurity Grantee

Amit is a Doctoral Law Candidate at UC Berkeley School of Law and a Berkeley Center for Long-Term Cybersecurity Grantee. She graduated Summa Cum Laude from her LL.M. (Master of Laws), LL.B. (Law) and B.A. (Business Administration) from IDC, Israel. Her research work on technology law has been published in leading legal and privacy journals, presented in conferences such as RSA, USENIX Enigma, BsidesLV and DEF CON-Skytalks, and featured in popular news sites such as Vice (Motherboard), the Washington Post and The Guardian. Additionally, Amit teaches at Berkeley’s Legal Studies program and serves as the submissions editor of BTLJ, the world’s leading Tech Law Journal.

6:00 pm–7:30 pm

USENIX Security '18 Poster Session and Happy Hour

To submit a poster, please submit a draft of your poster, in PDF (maximum size 36" by 48"), or a one-page abstract via the poster session submission form, by Thursday, July 5, 2018, 9:00 pm PDT. Decisions will be made by Thursday, July 12, 2018. Posters will not be included in the proceedings but may be made available online if circumstances permit. Poster submissions must include the authors’ names, affiliations, and contact information. At least one author of each accepted poster must register for and attend the Symposium to present the poster.

Friday, August 17, 2018

8:00 am–9:00 am

Continental Breakfast

9:00 am–10:40 am

Track 1

Web and Network Measurement

We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS

Jianjun Chen, Tsinghua University, Tsinghua National Laboratory for Information Science and Technology; Jian Jiang, Shape Security; Haixin Duan, Institute for Network Science and Cyber Space, Tsinghua University; Tao Wan, Huawei Canada; Shuo Chen, Microsoft Research Redmond; Vern Paxson, UC Berkeley, ICSI; Min Yang, Fudan University

Track 2

Malware

Track 3

Invited Talks

The Second Crypto War—What's Different Now

Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University

The First Crypto War were fought over end-to-end encryption for communications, and appeared largely over as a result of the EU's and US's loosening of export regulations in the late 1990s. The Second Crypto War, which began rearing its head shortly after the First Crypto War ended, appears to be about end-to-end encryption and locked mobile devices. It looks as if law enforcement is seeking exceptional access—access to encrypted communications and secured devices—through regulation or legislation.

But things are seldom as they seem, and so it is with the Second Crypto War. I'll discuss why the fight is really over locked devices, the security risks involved should law enforcement's desires win out, and why end-to-end encrypted communications are here to stay.

Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University

Susan Landau is Bridge Professor of Cyber Security and Policy at Tufts University. Landau has testified before Congress and frequently briefed US and European policymakers on encryption, surveillance, and cybersecurity issues. Landau has been a Senior Staff Privacy Analyst at Google, a Distinguished Engineer at Sun Microsystems, and a faculty member at Worcester Polytechnic Institute, the University of Massachusetts Amherst and Wesleyan University. She is a member of the Cybersecurity Hall of Fame, and an AAAS and ACM Fellow.

Title TBA

Suzanne B. Schwartz, US Food and Drug Administration

 

Suzanne B. Schwartz, US Food and Drug Administration

Suzanne B. Schwartz, MD, MBA is the Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices & Radiological Health (CDRH). She chairs CDRH’s Cybersecurity Working Group and co-chairs the Healthcare and Public Health Government Coordinating Council. Suzanne graduated from Albert Einstein College of Medicine, trained in General Surgery and Burn Trauma at Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business, and completed Harvard’s National Preparedness Leadership Initiative. Suzanne was recently recognized for Excellence in Innovation at FDA’s Women’s History Month for her work in Medical Device Cybersecurity.

10:40 am–11:10 am

Break with Refreshments

11:10 am–12:00 pm

Track 1
Track 2
Track 3

12:00 pm–1:30 pm

Lunch (on your own)

1:30 pm–3:10 pm

Track 1

Smart Contracts

Track 2

Executing in Untrusted Environments

Simple Password-Hardened Encryption Services

Russell W. F. Lai and Christoph Egger, Friedrich-Alexander-University Erlangen-Nürnberg; Manuel Reinert, Saarland University; Sherman S. M. Chow, The Chinese University of Hong Kong; Matteo Maffei, TU Wien; Dominique Schröder, Friedrich-Alexander-University Erlangen-Nürnberg

Track 3

Web Authentication

3:10 pm–3:40 pm

Break with Refreshments

3:40 pm–5:20 pm

Track 1

Wireless Attacks

Track 2

Neural Networks

Track 3

Information Tracking

Sensitive Information Tracking in Commodity IoT

Z. Berkay Celik, The Pennsylvania State University; Leonardo Babun, Amit Kumar Sikder, and Hidayet Aksu, Florida International University; Gang Tan and Patrick McDaniel, The Pennsylvania State University; A. Selcuk Uluagac, Florida International University