USENIX Security 2016 발표자료

https://www.usenix.org/conference/usenixsecurity16/technical-sessions

Technical Sessions

The full Proceedings published by USENIX for the conference are available for download below. Individual papers can also be downloaded from the presentation page. Copyright to the individual works is retained by the author[s].

Proceedings Front Matter
Proceedings Cover | Title Page and List of Organizers | Table of Contents | Message from the Program Co-Chairs

Full Proceedings PDFs
 USENIX Security '16 Full Proceedings (PDF)
 USENIX Security '16 Proceedings Interior (PDF, best for mobile devices)
 USENIX Security '16 Proceedings Errata Slip (PDF)
 USENIX Security '16 Proceedings Errata Slip 2 (PDF) (11/17/16)

Full Proceedings ePub (for iPad and most eReaders)
 USENIX Security '16 Full Proceedings (ePub)

Full Proceedings Mobi (for Kindle)
 USENIX Security '16 Full Proceedings (Mobi)

Downloads for Registered Attendees

 USENIX Security '16 Attendee List (PDF)

 USENIX Security '16 Proceedings Archive (7z)

 

All sessions will take place at the Hyatt Regency Austin.

Wednesday, August 10, 2016

7:30 am–9:00 am	Wednesday
Continental Breakfast Zilker Ballroom Foyer
8:25 am–8:45 am	Wednesday
Daily Lightning Talks Zilker Ballroom 2–4 We begin each day with a lightning talks session, offering a 60-second preview of the papers to be presented on the day. For authors, it’s an opportunity to provide more reasons why people should come to your talk. For attendees, it’s an opportunity to hear an elevator pitch for the papers you will have to miss today.
8:45 am–9:00 am	Wednesday
Opening Remarks and Awards Zilker Ballroom 2–4 Program Co-Chairs: Thorsten Holz, Ruhr-Universtät Bochum and Stefan Savage, University of California, San Diego Available Media
9:00 am–10:30 am	Wednesday
Keynote Address Zilker Ballroom 2–4 Session Chair: Thorsten Holz, Ruhr-Universtät Bochum Crashing Drones and Hijacked Cameras: CyberTrust Meets CyberPhysical Jeannette M. Wing, Microsoft Research Cyber-physical systems are engineered systems that require tight conjoining of and coordination between the computational (discrete) and the physical (continuous). Cyber-physical systems are rapidly penetrating every aspect of our lives, with potential impact on sectors critical to national security and competitiveness, including aerospace, automotive, chemical production, civil infrastructure, energy, finance, healthcare, manufacturing, materials, and transportation. As these systems fulfill the promise of the Internet of Things, smart cities, household robots, and personalized medicine, we need to ensure they are trustworthy: reliable, secure, and privacy-preserving. This talk will look at cyber-physical systems from the lens of trustworthy computing. Throughout my talk, I will raise research challenges for how to make cyber-physical systems trustworthy. Available Media
10:30 am–11:00 am	Wednesday
Break with Refreshments Zilker Ballroom Foyer

11:00 am–12:30 pm		Wednesday
Low-Level Attacks Refereed Papers I Zilker Ballroom 2 Session Chair: Dan Boneh, Stanford University Flip Feng Shui: Hammering a Needle in the Software Stack Kaveh Razavi, Ben Gras, and Erik Bosman, Vrije Universiteit Amsterdam; Bart Preneel, Katholieke Universiteit Leuven; Cristiano Giuffrida and Herbert Bos, Vrije Universiteit Amsterdam Available Media One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu, The Ohio State University Available Media PIkit: A New Kernel-Independent Processor-Interconnect Rootkit Wonjun Song, Hyunwoo Choi, Junhong Kim, Eunsoo Kim, Yongdae Kim, and John Kim, Korea Advanced Institute of Science and Technology (KAIST) Available Media	Verification and Timing Refereed Papers II Zilker Ballroom 3 Session Chair: Deian Stefan, University of California, San Diego Verifying Constant-Time Implementations José Bacelar Almeida, HASLab/INESC TEC and University of Minho; Manuel Barbosa, HASLab/INESC TEC and DCC FCUP; Gilles Barthe and François Dupressoir, IMDEA Software Institute; Michael Emmi, Bell Labs and Nokia Available Media Secure, Precise, and Fast Floating-Point Operations on x86 Processors Ashay Rane, Calvin Lin, and Mohit Tiwari, The University of Texas at Austin Available Media überSpark: Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor Amit Vasudevan and Sagar Chaki, Carnegie Mellon University; Petros Maniatis, Google Inc.; Limin Jia and Anupam Datta, Carnegie Mellon University Available Media	Panel Zilker Ballroom 4 2016 Test of Time Award Panel Moderator: Matt Blaze, University of Pennsylvania Panelists: Peter Honeyman, University of Michigan, and Niels Provos, Google Available Media

12:30 pm–2:00 pm	Wednesday
Lunch (on your own)

2:00 pm–3:30 pm		Wednesday
Software Attacks Refereed Papers I Zilker Ballroom 2 Session Chair: Martin Johns, SAP Research Undermining Information Hiding (and What to Do about It) Enes Göktaş, Vrije Universiteit Amsterdam; Robert Gawlik and Benjamin Kollenda, Ruhr Universität Bochum; Elias Athanasopoulos, Vrije Universiteit Amsterdam; Georgios Portokalidis, Stevens Institute of Technology; Cristiano Giuffrida and Herbert Bos, Vrije Universiteit Amsterdam Available Media Poking Holes in Information Hiding Angelos Oikonomopoulos, Elias Athanasopoulos, Herbert Bos, and Cristiano Giuffrida,Vrije Universiteit Amsterdam Available Media What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses Giorgi Maisuradze, Michael Backes, and Christian Rossow, Saarland University Available Media	Password and Key-Fingerprints Refereed Papers II Zilker Ballroom 3 Session Chair: Tom Ristenpart, Cornell Tech zxcvbn: Low-Budget Password Strength Estimation Daniel Lowe Wheeler, Dropbox Inc. Available Media Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor, Carnegie Mellon University Awarded Best Paper Available Media An Empirical Study of Textual Key-Fingerprint Representations Sergej Dechand, University of Bonn; Dominik Schürmann, Technische Universität Braunschweig; Karoline Busse, University of Bonn; Yasemin Acar and Sascha Fahl, Saarland University; Matthew Smith, University of Bonn Available Media	Invited Talk Zilker Ballroom 4 Session Chair: Adrienne Porter Felt, Google Making HTTPS the Default in the World's Largest Bureaucracy Eric Mill, 18F, U.S. General Services Administration The US government is in the process of requiring secure connections to its public web services through HTTPS and HSTS. It is a lot of hard work by a lot of good people working in an enterprise of enterprises of enterprises, and it is not strongly centrally coordinated. This talk will discuss the technical and political challenges that have come up during the process, offer a glimpse into the US government's evolving relationship with technology, and share some lessons that may be useful to those pushing for change in their own bureaucracies. Eric Mill is an engineer at 18F, an office of the U.S. General Services Administration that provides in-house technology services for the federal government. Eric's work at 18F focuses on privacy, security, and open government. Previously, Eric was an engineer at the Sunlight Foundation, a non-profit dedicated to government transparency, where he worked on open data infrastructure and policy. Available Media

3:30 pm–4:00 pm		Wednesday
Break with Refreshments Zilker Ballroom Foyer

4:00 pm–6:00 pm		Wednesday
Network Security Refereed Papers I Zilker Ballroom 2 Session Chair: Guofei Gu, Texas A&M University Off-Path TCP Exploits: Global Rate Limit Considered Dangerous Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V. Krishnamurthy, University of California, Riverside; Lisa M. Marvel, United States Army Research Laboratory Available Media Website-Targeted False Content Injection by Network Operators Gabi Nakibly, Rafael—Advanced Defense Systems and Technion—Israel Institute of Technology; Jaime Schcolnik, Interdisciplinary Center Herzliya; Yossi Rubin, Rafael—Advanced Defense Systems Available Media The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO Kun Du and Hao Yang, Tsinghua University; Zhou Li, IEEE Member; Haixin Duan, Tsinghua University; Kehuan Zhang, The Chinese University of Hong Kong Available Media A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann, Fraunhofer FKIE; Khaled Yakdan, University of Bonn; Michael Klatt, DomainTools; Johannes Bader; Elmar Gerhards-Padilla, Fraunhofer FKIE Available Media	Applied Cryptography Refereed Papers II Zilker Ballroom 3 Session Chair: David Evans, University of Virginia Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing Eleftherios Kokoris Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, and Bryan Ford, École Polytechnique Fédérale de Lausanne (EPFL) Available Media Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution Peter Rindal and Mike Rosulek, Oregon State University Available Media Egalitarian Computing Alex Biryukov and Dmitry Khovratovich, University of Luxembourg Available Media Post-quantum Key Exchange—A New Hope Erdem Alkim, Ege University; Léo Ducas, Centrum voor Wiskunde en Informatica; Thomas Pöppelmann, Infineon Technologies AG; Peter Schwabe, Radboud University Winner of the 2016 Internet Defense Prize Available Media	Invited Talk Zilker Ballroom 4 Session Chair: Alex Halderman, University of Michigan When Governments Attack: Malware Targeting Activists, Lawyers, and Journalists Eva Galperin, Electronic Frontier Foundation Targeted malware campaigns against activists, lawyers, and journalists are becoming extremely commonplace. These attacks range in sophistication from simple spear-phishing campaigns using off the shelf malware, to APT-level attacks employing exploits, large budgets, and increasingly sophisticated techniques. Activists, lawyers and journalists are, for the most part, completely unprepared to deal with cyber-attacks; most of them don't even have a single security professional on staff. In this session, Eva Galperin of the Electronic Frontier Foundation will discuss the technical and operational details of malware campaigns against activists, journalists, and lawyers around the world, including EFF employees and clients, as well as what the security community can do to protect these highly vulnerable populations. Available Media

6:30 pm–8:00 pm	Wednesday
USENIX Security '16 Symposium Reception Zilker Ballroom 1 Sponsored by Facebook Don’t miss the USENIX Security ’16 Reception, featuring the 2016 Internet Defense Prize award presentation, dinner, drinks, and the chance to connect with other attendees, speakers, and conference organizers.
8:00 pm–10:00 pm	Wednesday
USENIX Security '16 Work-in-Progress Reports (WiPs) Zilker Ballroom 2 This session offers short presentations about work in progress, new results, or timely topics. View the list of accepted WiPs.

 

Thursday, August 11, 2016

7:30 am–9:00 am	Thursday
Continental Breakfast Zilker Ballroom Foyer
8:30 am–9:00 am	Thursday
Daily Lightning Talks Zilker Ballroom 2, 3, and 4 We begin each day with a lightning talks session, offering a 60-second preview of the papers to be presented on the day. For authors, it’s an opportunity to provide more reasons why people should come to your talk. For attendees, it’s an opportunity to hear an elevator pitch for the papers you will have to miss today.

9:00 am–10:30 am		Thursday
Software Security Refereed Papers I Zilker Ballroom 2 Session Chair: Stephen McCamant, University of Minnesota Automatically Detecting Error Handling Bugs Using Error Specifications Suman Jana and Yuan Kang, Columbia University; Samuel Roth, Ohio Northern University; Baishakhi Ray, University of Virginia Available Media APISan: Sanitizing API Usages through Semantic Cross-Checking Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, and Mayur Naik, Georgia Institute of Technology Available Media On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities Santiago Torres-Arias, New York University; Anil Kumar Ammula and Reza Curtmola, New Jersey Institute of Technology; Justin Cappos, New York University Available Media	Hardware I Refereed Papers II Zilker Ballroom 3 Per Larsen, University of California, Irvine Defending against Malicious Peripherals with Cinch Sebastian Angel, The University of Texas at Austin and New York University; Riad S. Wahby, Stanford University; Max Howald, The Cooper Union and New York University; Joshua B. Leners, Two Sigma; Michael Spilo and Zhen Sun, New York University; Andrew J. Blumberg, The University of Texas at Austin; Michael Walfish, New York University Available Media Making USB Great Again with USBFILTER Dave (Jing) Tian and Nolen Scaife, University of Florida; Adam Bates, University of Illinois at Urbana–Champaign; Kevin R. B. Butler and Patrick Traynor, University of Florida Available Media Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks Stefano Cristalli and Mattia Pagnozzi, University of Milan; Mariano Graziano, Cisco Systems Inc.; Andrea Lanzi, University of Milan; Davide Balzarotti, Eurecom Available Media	Invited Talk Zilker Ballroom 4 Session Chair: Adrienne Porter Felt, Google The Moral Character of Cryptographic Work Phillip Rogaway, University of California, Davis Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension. The Snowden revelations motivate a reassessment of the political and moral positioning of cryptography. They lead one to ask if our inability to effectively address mass surveillance constitutes a failure of our field. I believe that it does. I call for a community-wide effort to develop more effective means to resist mass surveillance. I plead for a reinvention of our disciplinary culture to attend not only to puzzles and math, but, also, to the societal implications of our work. Available Media

10:30 am–11:00 am	Thursday
Break with Refreshments Zilker Ballroom Foyer

11:00 am–12:30 pm		Thursday
Web Security Refereed Papers I Zilker Ballroom 2 Session Chair: Nektarios Leontiadis, Facebook Request and Conquer: Exposing Cross-Origin Resource Size Tom Van Goethem, Mathy Vanhoef, Frank Piessens, and Wouter Joosen, Katholieke Universiteit Leuven Available Media Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham, University of California, San Diego Available Media Tracing Information Flows Between Ad Exchanges Using Retargeted Ads Muhammad Ahmad Bashir, Sajjad Arshad, William Robertson, and Christo Wilson, Northeastern University Available Media	Cyber-Physical Systems Refereed Papers II Zilker Ballroom 3 Session Chair: Christina Pöpper, New York University Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose, The University of North Carolina at Chapel Hill Available Media Hidden Voice Commands Nicholas Carlini and Pratyush Mishra, University of California, Berkeley; Tavish Vaidya, Yuankai Zhang, Micah Sherr, and Clay Shields, Georgetown University; David Wagner, University of California, Berkeley; Wenchao Zhou, Georgetown University Available Media FlowFence: Practical Data Protection for Emerging IoT Application Frameworks Earlence Fernandes, Justin Paupore, and Amir Rahmati, University of Michigan; Daniel Simionato and Mauro Conti, University of Padova; Atul Prakash, University of Michigan Available Media	Invited Talk Zilker Ballroom 4 Franziska Roesner, University of Washington Privacy and Threat in Practice: Mobile Messaging by Low-Income New Yorkers Ame Elliot, Simply Secure Is a theoretically-secure system any good if it doesn’t address users’ real-world threat models? Is the security community today meeting the needs of a mass, global audience, or simply building tools and features for itself? Do we know how to understand what people really need? We asked a group of straight-talking New Yorkers about the data-security threats they face. Their answers indicate a significant gap between their lived experience and the way our community thinks about security. To bridge this gap and get privacy-preserving systems into the hands of real people, we need more foundational research to understand user needs, not only late-stage usability studies in a lab. Available Media

12:30 pm–2:00 pm	Thursday
Lunch (on your own)

2:00 pm–3:30 pm		Thursday
Low-Level Attacks and Defenses Refereed Papers I Zilker Ballroom 2 Session Chair: Will Robertson, Northeastern University ARMageddon: Cache Attacks on Mobile Devices Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard, Graz University of Technology Available Media DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard, Graz University of Technology Available Media An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries Dennis Andriesse, Xi Chen, and Victor van der Veen, Vrije Universiteit Amsterdam; Asia Slowinska, Lastline, Inc.; Herbert Bos, Vrije Universiteit Amsterdam Available Media	Machine Learning and Data Retrieval Systems Refereed Papers II Zilker Ballroom 3 Session Chair: Niels Provos, Google Stealing Machine Learning Models via Prediction APIs Florian Tramèr, École Polytechnique Fédérale de Lausanne (EPFL); Fan Zhang, Cornell University; Ari Juels, Cornell Tech; Michael K. Reiter, The University of North Carolina at Chapel Hill; Thomas Ristenpart, Cornell Tech Available Media Oblivious Multi-Party Machine Learning on Trusted Processors Olga Ohrimenko, Felix Schuster, and Cédric Fournet, Microsoft Research; Aastha Mehta, Microsoft Research and Max Planck Institute for Software Systems (MPI-SWS); Sebastian Nowozin, Kapil Vaswani, and Manuel Costa, Microsoft Research Available Media Thoth: Comprehensive Policy Compliance in Data Retrieval Systems Eslam Elnikety, Aastha Mehta, Anjo Vahldiek-Oberwagner, Deepak Garg, and Peter Druschel, Max Planck Institute for Software Systems (MPI-SWS) Available Media	Invited Talk Zilker Ballroom 4 Session Chair: Franziska Roesner, University of Washington The Unfalsifiability of Security Claims Cormac Herley, Microsoft Research There is an inherent asymmetry in computer security: things can be declared insecure by observation, but not the reverse. There is no test that allows us to declare an arbitrary system or technique secure. This implies that claims of necessary conditions for security are unfalsifiable. This in turn implies an asymmetry in self-correction: while the claim that countermeasures are sufficient can always be refuted, the claim that they are necessary cannot. Thus, we ratchet upward: there are many ways to argue countermeasures in, but no possible observation argues one out. Once we go wrong we stay wrong and errors accumulate. I show that attempts to evade this difficulty lead to dead-ends and then explore implications. Available Media

3:30 pm–4:00 pm	Thursday
Break with Refreshments Zilker Ballroom Foyer

4:00 pm–6:00 pm		Thursday
Crypto Attacks Refereed Papers I Zilker Ballroom 2 Session Chair: Thorsten Holz, Ruhr-Universtät Bochum Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan, Johns Hopkins University Available Media Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys Mathy Vanhoef and Frank Piessens, Katholieke Universiteit Leuven Available Media DROWN: Breaking TLS Using SSLv2 Nimrod Aviram, Tel Aviv University; Sebastian Schinzel, Münster University of Applied Sciences; Juraj Somorovsky, Ruhr University Bochum; Nadia Heninger, University of Pennsylvania; Maik Dankel, Münster University of Applied Sciences; Jens Steube, Hashcat Project; Luke Valenta, University of Pennsylvania; David Adrian and J. Alex Halderman, University of Michigan; Viktor Dukhovni, Two Sigma and OpenSSL; Emilia Käsper, Google and OpenSSL; Shaanan Cohney, University of Pennsylvania; Susanne Engels and Christof Paar, Ruhr University Bochum; Yuval Shavitt, Tel Aviv University Available Media All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption Yupeng Zhang, Jonathan Katz, and Charalampos Papamanthou, University of Maryland Available Media	Malware Refereed Papers II Zilker Ballroom 3 Session Chair: Gianluca Stringhini, University College London Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software Kurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-André Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, and Elie Bursztein, Google; Damon McCoy, New York University and International Computer Science Institute Available Media Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services Platon Kotzias, IMDEA Software Institute and Universidad Politécnica de Madrid; Leyla Bilge, Symantec Research Labs; Juan Caballero, IMDEA Software Institute Available Media UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Amin Kharaz and Sajjad Arshad, Northeastern University; Collin Mulliner, Square, Inc.; William Robertson and Engin Kirda, Northeastern University Available Media Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms, Georgia Institute of Technology and Damballa; Roberto Perdisci, University of Georgia and Georgia Institute of Technology; Manos Antonakakis, Georgia Institute of Technology; Mustaque Ahamad, Georgia Institute of Technology and New York University Abu Dhabi Available Media	Panel Zilker Ballroom 4 Session Chair: Adrienne Porter Felt, Google Teaching Computer Security: Thoughts from the Field David Evans, University of Virginia; Zachary Peterson, California Polytechnic State University; Colleen Lewis, Harvey Mudd College; Tadayoshi Kohno, University of Washington Many researchers and engineers first learn about computer security in a classroom. In this interactive workshop, four professors will share lessons and opinions about how and when to teach security. What are the “right” security topics to teach? What is the best time in a curriculum to introduce students to security? And must the entire burden of security education fall on the computing disciplines? If you teach (or plan to teach in the future), come participate in this workshop. Available Media

6:30 pm–8:00 pm	Thursday
USENIX Security '16 Poster Session and Happy Hour Zilker Ballroom 1 Check out the cool new ideas and the latest preliminary research on display at the Poster Session and Happy Hour. Take part in discussions with your colleagues over complimentary drinks and snacks. The list of accepted posters is now available.
8:00 pm–10:00 pm	Thursday
USENIX Security '16 Doctoral Colloquium Zilker Ballroom 2 Moderator: Jaeyeon Jung, Microsoft Research Panelists: Úlfar Erlingsson, Google; Rachel Greenstadt, Drexel University; Martin Johns, SAP; Thomas Ristenpart, Cornell Tech What opportunities await security students graduating with a Ph.D.? On Thursday evening, students will have the opportunity to listen to informal panels of faculty and industrial researchers providing personal perspectives on their post-Ph.D. career search. Learn about the academic job search, the industrial research job search, research fundraising, dual-career challenges, life uncertainty, and other idiosyncrasies of the ivory tower.

 

Friday, August 12, 2016

7:30 am–9:00 am	Friday
Continental Breakfast Zilker Ballroom Foyer
8:30 am–9:00 am	Friday
Daily Lightning Talks Zilker Ballroom 2, 3, and 4 We begin each day with a lightning talks session, offering a 60-second preview of the papers to be presented on the day. For authors, it’s an opportunity to provide more reasons why people should come to your talk. For attendees, it’s an opportunity to hear an elevator pitch for the papers you will have to miss today.

9:00 am–10:30 am		Friday
Network Security II Refereed Papers I Zilker Ballroom 2 Session Chair: Damon McCoy, New York University/ICSI Specification Mining for Intrusion Detection in Networked Control Systems Marco Caselli, University of Twente; Emmanuele Zambon, University of Twente and SecurityMatters B.V.; Johanna Amann, International Computer Science Institute; Robin Sommer, International Computer Science Institute and Lawrence Berkeley National Laboratory; Frank Kargl, Ulm University Available Media Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants Karel Bartos and Michal Sofka, Cisco Systems, Inc.; Vojtech Franc, Czech Technical University in Prague Available Media Authenticated Network Time Synchronization Benjamin Dowling, Queensland University of Technology; Douglas Stebila, McMaster University; Greg Zaverucha, Microsoft Research Available Media	Hardware II Refereed Papers II Zilker Ballroom 3 Session Chair: Cynthia Irvine, Naval Postgraduate School fTPM: A Software-Only Implementation of a TPM Chip Himanshu Raj, ContainerX; Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner, Kinshuman Kinshumann, Jork Loeser, Dennis Mattoon, Magnus Nystrom, David Robinson, Rob Spiger, Stefan Thom, and David Wooten, Microsoft Available Media Sanctum: Minimal Hardware Extensions for Strong Software Isolation Victor Costan, Ilia Lebedev, and Srinivas Devadas, MIT CSAIL Available Media Ariadne: A Minimal Approach to State Continuity Raoul Strackx and Frank Piessens, Katholieke Universiteit Leuven Available Media	Invited Talk Zilker Ballroom 4 Session Chair: Adrienne Porter Felt, Google Finding and Fixing Security Bugs in Flash Natalie Silvanovich, Google Over the past couple of years, Adobe Flash has been repeatedly targeted by attackers in the wild. Despite an increasing number of bug fixes and mitigations implemented in the software, previously unknown 0-day vulnerabilities continue to be uncovered and used by malicious attackers. This presentation describes my team's work to reduce the number and impact of 0-day vulnerabilities in Adobe Flash. It will start with an overview of how attackers have targeted Flash in the past, and then explain how some of the most common types of bugs work. It will then discuss how we find similar vulnerabilities. It will go through some examples of typical, and less typical bugs, showing how they violate the assumptions made by Flash Player, and how they can be exploited. This talk will also discuss recent Flash and platform mitigations, and how they impact the severity and discoverability of security bugs. Available Media

10:30 am–11:00 am	Friday
Break with Refreshments Zilker Ballroom Foyer

11:00 am–12:30 pm		Friday
Cyber-Physical Systems II Refereed Papers I Zilker Ballroom 2 Session Chair: Tudor Dumitraș, University of Maryland, College Park The Million-Key Question—Investigating the Origins of RSA Public Keys Petr Švenda, Matúš Nemec, Peter Sekan, Rudolf Kvašňovský, David Formánek, David Komárek, and Vashek Matyáš, Masaryk University Awarded Best Paper Available Media Fingerprinting Electronic Control Units for Vehicle Intrusion Detection Kyong-Tak Cho and Kang G. Shin, University of Michigan Available Media Lock It and Still Lose It —on the (In)Security of Automotive Remote Keyless Entry Systems Flavio D. Garcia and David Oswald, University of Birmingham; Timo Kasper, Kasper & Oswald GmbH; Pierre Pavlidès, University of Birmingham Available Media	Distributed Systems Refereed Papers II Zilker Ballroom 3 Session Chair: Nikita Borisov, University of Illinois at Urbana-Champaign OblivP2P: An Oblivious Peer-to-Peer Content Sharing System Yaoqi Jia, National University of Singapore; Tarik Moataz, Colorado State University and Telecom Bretagne; Shruti Tople and Prateek Saxena, National University of Singapore Available Media AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels Bradley Reaves, Logan Blue, and Patrick Traynor, University of Florida Available Media You Are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and Behaviors Neil Zhenqiang Gong, Iowa State University; Bin Liu, Rutgers University Available Media	Invited Talk Zilker Ballroom 4 Session Chair: Alex Halderman, University of Michigan Report from the Field: A CDN's Role in Repelling Attacks against Banking Industry Web Sites Bruce Maggs, Duke University and Akamai Technologies This talk describes several types of attacks aimed at content delivery networks (CDNs) and their customers, along with strategies for mitigating these attacks. The attacks range from simple but large-scale denial-of-service attacks, to efforts to deface web sites, to click fraud. The talk presents examples of real attack campaigns, and analyzes the effectiveness of the CDN operated by Akamai Technologies in protecting its customers from them. Available Media

12:30 pm–2:00 pm	Friday
Lunch (on your own)

2:00 pm–3:30 pm		Friday
Web Measurements Refereed Papers I Zilker Ballroom 2 Session Chair: Adam Doupé, Arizona State University Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 Adam Lerner, Anna Kornfeld Simpson, Tadayoshi Kohno, and Franziska Roesner, University of Washington Available Media Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification Ben Stock, Giancarlo Pellegrino, and Christian Rossow, Saarland University; Martin Johns, SAP SE; Michael Backes, Saarland University and Max Planck Institute for Software Systems (MPI-SWS) Available Media You've Got Vulnerability: Exploring Effective Vulnerability Notifications Frank Li, University of California, Berkeley; Zakir Durumeric, University of Michigan, University of Illinois at Urbana–Champaign, and International Computer Science Institute; Jakub Czyz, University of Michigan; Mohammad Karami, George Mason University; Michael Bailey, University of Illinois at Urbana–Champaign; Damon McCoy, New York University; Stefan Savage, University of California, San Diego; Vern Paxson, University of California, Berkeley, and International Computer Science Institute Available Media	Proofs Refereed Papers II Zilker Ballroom 3 Session Chair: Cédric Fournet, Microsoft Research Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud Frederik Armknecht, University of Mannheim; Ludovic Barman, Jens-Matthias Bohli, and Ghassan O. Karame, NEC Laboratories Europe Available Media ZKBoo: Faster Zero-Knowledge for Boolean Circuits Irene Giacomelli, Jesper Madsen, and Claudio Orlandi, Aarhus University Awarded Best Student Paper Available Media The Cut-and-Choose Game and Its Application to Cryptographic Protocols Ruiyu Zhu and Yan Huang, Indiana University; Jonathan Katz, University of Maryland; Abhi Shelat, Northeastern University Available Media	Invited Talk Zilker Ballroom 4 Session Chair: Cynthia Sturton, The University of North Carolina at Chapel Hill AMD x86 Memory Encryption Technologies David Kaplan, Advanced Micro Devices This talk will introduce the audience to two new x86 ISA features developed by AMD which will provide new security enhancements by leveraging integrated memory encryption hardware. These features provide the ability to selectively encrypt some or all of system memory as well as the ability to run encrypted virtual machines, isolated from the hypervisor. The talk will cover technical details related to these features, including the ISA changes, security benefits, key management framework, and practical enablement. The main objective of the talk is to educate the audience on the design and use of these features which are the first general-purpose memory encryption features to be integrated into the x86 architecture. Available Media

3:30 pm–4:00 pm	Friday
Break with Refreshments Zilker Ballroom Foyer

4:00 pm–6:00 pm		Friday
Android Refereed Papers I Zilker Ballroom 2 Session Chair: Stefan Savage, University of California, San Diego On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis Michael Backes, Saarland University and Max Planck Institute for Software Systems (MPI-SWS); Sven Bugiel and Erik Derr, Saarland University; Patrick McDaniel, The Pennsylvania State University; Damien Octeau, The Pennsylvania State University and University of Wisconsin—Madison; Sebastian Weisgerber, Saarland University Available Media Practical DIFC Enforcement on Android Adwait Nadkarni, Benjamin Andow, and William Enck, North Carolina State University; Somesh Jha, University of Wisconsin—Madison Available Media Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images Brendan Saltaformaggio, Rohit Bhatia, Xiangyu Zhang, and Dongyan Xu, Purdue University; Golden G. Richard III, University of New Orleans Available Media Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis Yousra Aafer, Xiao Zhang, and Wenliang Du, Syracuse University Available Media	Privacy Refereed Papers II Zilker Ballroom 3 Session Chair: Prateek Mittal, Princeton University Identifying and Characterizing Sybils in the Tor Network Philipp Winter, Princeton University and Karlstad University; Roya Ensafi, Princeton University; Karsten Loesing, The Tor Project; Nick Feamster, Princeton University Available Media k-fingerprinting: A Robust Scalable Website Fingerprinting Technique Jamie Hayes and George Danezis, University College London Available Media Protecting Privacy of BLE Device Users Kassem Fawaz, University of Michigan; Kyu-Han Kim, Hewlett Packard Labs; Kang G. Shin, University of Michigan Available Media Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles Michael Backes, Saarland University and Max Planck Institute for Software Systems (MPI-SWS); Pascal Berrang, Anna Hecksteden, Mathias Humbert, Andreas Keller, and Tim Meyer, Saarland University Available Media	Panel Zilker Ballroom 4 Moderator: Adam Doupé, Arizona State University Security Competitions William Robertson, Northeastern University; Dave Levin, University of Maryland; Sophia D'Antoine, Trail of Bits Security competitions and, in particular, Capture-the-Flag (CTF), have emerged as an engaging way for people to learn about attacking and defending systems. In this panel, three veterans of the CTF world will share their experiences in playing and running security competitions, and talk about how integrating CTFs into your curriculum or training programs can help to identify and develop security awareness and expertise. Do CTF skills translate into the real world? Does learning how to attack have value in producing safer systems? Are CGC-inspired autonomous agents the future of systems security? All these questions and more will be on the table in this interactive session. Available Media