Donostia

Keynote


Riding the Fuzzing Hypetrain

Mathias Payer


Mathias Payer

Mathias Payer is a security researcher and associate professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. He is interested in software security, system security, binary exploitation, effective mitigations, fault isolation/privilege separation, strong sanitization, and software testing (fuzzing) using a combination of binary analysis and compiler-based techniques. All prototype implementations are open-source.


On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps

Zicheng Zhang

Singapore Management University

Daoyuan Wu

The Chinese University of Hong Kong

Lixiang Li

miHoYo Co., Ltd.

Debin Gao

Singapore Management University


Automated Least-Privilege Analysis

Nick Roessler

University of Pennsylvania

Lucas Atayde

Rice University

Imani Palmer

Null Hat Security

Derrick McKee

Purdue University

Jai Pandey

Nvidia

Vasileios P. Kemerlis

Brown University

Mathias Payer

EPFL

Adam Bates

University of Illinois

André DeHon

University of Pennsylvania

Jonathan M. Smith

University of Pennsylvania

Nathan Dautenhahn

Rice University


SecureFS: A Secure File System for Intel SGX

Sandeep Kumar

IIT Delhi

Smruti R. Sarangi

IIT Delhi


Crafting Adversarial Example to Bypass Flow-&ML-based Botnet Detector via RL

Junnan Wang

Institute of Information Engineering, Chinese Academy of Sciences

Liu Qixu

Institute of Information Engineering, Chinese Academy of Sciences Beijing

Wu Di

Huawei Technologies

Ying Dong

Beijing Venus Information Security Technology Incorporated Company

Xiang Cui

Guangzhou University


The Evolution of DNS-based Email Authentication: Measuring Adoption and Finding Flaws

Dennis Tatang

Ruhr University Bochum

Florian Zettl

Ruhr University Bochum

Thorsten Holz

Ruhr University Bochum


What Did You Add to My Additive Manufacturing Data?: Steganographic Attacks on 3D Printing Files

Mark Yampolskiy

Auburn University

Lynne Graves

University of South Alabama

Jacob Gatlin

Auburn University

Anthony Skjellum

University of Tennessee at Chattanooga

Moti Yung

Google LLC and Columbia University


Marked for Disruption: Tracing the Evolution of Malware Delivery Operations Targeted for Takedown

Colin C. Ife

University College London

Yun Shen

NortonLifeLock Research Group

Gianluca Stringhini

Boston University

Steven J. Murdoch

University College London


The Service Worker Hiding in Your Browser: The Next Web Attack Target?

Phakpoom Chinprutthiwong

Texas A&M University

Raj Vardhan

Texas A&M University

GuangLiang Yang

Texas A&M University

Yangyong Zhang

Texas A&M Univeristy

Guofei Gu

Texas A&M


Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks

Xhelal Likaj

Saarland University

Soheil Khodayari

CISPA Helmholtz Center for Information Security

Giancarlo Pellegrino

CISPA Helmholtz Center for Information Security


iTOP: Automating Counterfeit Object Oriented Programming Attacks

Paul Muntean

Technical Univ. of Munich

Richard Viehoever

Technical Univ. of Munich

Zhiqiang Lin

The Univ. of Ohio

Gang Tan

Penn State Univ.

Jens Grossklags

Technical Univ. of Munich

Claudia Eckert

Technical Univ. of Munich


Lost in the Loader: The Many Faces of the Windows PE File Format

Dario Nisi

EURECOM

Mariano Graziano

Cisco Talos

Yanick Fratantonio

Cisco Talos

Davide Balzarotti

EURECOM


Fast Intra-kernel Isolation and Security with IskiOS

Spyridoula Gravani

University of Rochester

Mohammad Hedayati

University of Rochester

John Criswell

University of Rochester

Michael L. Scott

University of Rochester


Encryption is Futile: Reconstructing 3D-Printed Models Using the Power Side-Channel

Jacob Gatlin

Auburn University

Mark Yampolskiy

Auburn University

Dr. Anthony Skjellum

University of Tennessee at Chattanooga

Sofia Belikovetsky

Johns Hopkins University

Yuval Elovici

Ben Gurion University of the Negev

Joshua Lubell

National Institute of Standards and Technology

Paul Witherell

National Institute of Standards and Technology


DisCo: Combining Disassemblers for Improved Performance

Sri Shaila G

University of California, Riverside

Ahmad Darki

University of California Riverside

Michalis Faloutsos

University of California Riverside

Nael Abu-Ghazaleh

University of California, Riverside

Manu Sridharan

University of California, Riverside


LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating

Xianya Mi

National University of Defense Technology

Sanjay Rawat

University of Bristol, UK

Cristiano Giuffrida

Vrije Universiteit Amsterdam

Herbert Bos

Vrije Universiteit Amsterdam


The Curse of Correlations for Robust Fingerprinting of Relational Databases

Tianxi Ji

Case Western Reserve University

Emre Yilmaz

University of Houston-Downtown

Erman Ayday

Case Western Reserve University

Pan Li

Case Western Reserve University


Stratosphere: Finding Vulnerable Cloud Storage Buckets

Jack Cable

Stanford University

Drew Gregory

Stanford University

Liz Izhikevich

Stanford University

Zakir Durumeric

Stanford University


Analysis and Mitigation of Function Interaction Risks in Robot Apps

Yuan Xu

Institute of Computing Technology, Chinese Academy of Sciences

Tianwei Zhang

Nanyang Technological University

Yungang Bao

Institute of Computing Technology, Chinese Academy of Sciences


Practical Speech Re-use Prevention in Voice-driven Services

Yangyong Zhang

Texas A&M Univeristy

Maliheh Shirvanian

Visa Research

Sunpreet Arora

Visa Research

Jianwei Huang

Texas A&M University

Guofei Gu

Texas A&M University


SniffMislead: Non-Intrusive Privacy Protection against Wireless Packet Sniffers in Smart Homes

Xuanyu Liu

Nanjing University

Qiang Zeng

University of South Carolina

Xiaojiang Du

Temple University

Siva Likitha Valluru

University of South Carolina

Chenglong Fu

Temple University

Xiao Fu

Nanjing University

Bin Luo

Nanjing University


BasicBlocker: ISA Redesign to Make Spectre-Immune CPUs Faster

Jan Philipp Thoma

Horst Görtz Institute for IT-Security, Ruhr University Bochum

Jakob Feldtkeller

Horst Görtz Institute for IT-Security, Ruhr University Bochum

Markus Krausz

Horst Görtz Institute for IT-Security, Ruhr University Bochum

Tim Güneysu

Horst Görtz Institute for IT-Security, Ruhr University Bochum

Daniel J. Bernstein

University of Illinois at Chicago and Ruhr University Bochum


Living-Off -The-Land Command Detection Using Active Learning

Talha Ongun

Northeastern University

Jack W. Stokes

Microsoft Research

Jonathan Bar Or

Microsoft Corporation

Ke Tian

Palo Alto Networks

Farid Tajaddodianfar

Amazon

Joshua Neil

Microsoft Corporation

Christian Seifert

Microsoft Corporation

Alina Oprea

Northeastern University

John Platt

Google


UFuzzer: Lightweight Detection of PHP-Based Unrestricted File Upload Vulnerabilities Via Static-Fuzzing Co-Analysis

Jin Huang

Wright State University

Junjie Zhang

Wright State University

Jialun Liu

Wright State University

Chuang Li

Wright State University

Rui Dai

University of Cincinnati


Designing Media Provenance Indicators to Combat Fake Media

Imani N. Sherman

University of Florida

Jack W. Stokes

Microsoft Research

Elissa M. Redmiles

Microsoft Research & Max Planck Institute for Software Systems


CADUE: Content-Agnostic Detection of Unwanted Emails for Enterprise Security

Mohamed Nabeel

QCRI

Enes Altinisik

QCRI

Haipei Sun

Stevens Institute of Technology

Issa Khalil

Qatar Computing Research Institute (QCRI), HBKU

Hui (Wendy) Wang

Stevens Institute of Technology

Ting Yu

Qatar Computing Research Institute


BSOD: Binary-only Scalable fuzzing Of device Drivers

Dominik Maier

TU Berlin

Fabian Toepfer

TU Berlin


AttkFinder: Discovering Attack Vectors in PLC Programs using Information Flow Analysis

John H. Castellanos

Singapore University of Technology and Design

Martin Ochoa

AppGate Inc.

Alvaro A. Cardenas

UC Santa Cruz

Owen Arden

University of California Santa Cruz

Jianying ZHOU

Singapore University of Technology and Design


SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning

Nicola Ruaro

UC Santa Barbara

Kyle Zeng

Arizona State University & The Chinese University of Hong Kong

Lukas Dresel

UC Santa Barbra

Mario Polino

Politecnico di Milano

Tiffany Bao

Arizona State University

Andrea Continella

University of Twente

Stefano Zanero

Politecnico di Milano

Christopher Kruegel

University of California, Santa Barbara

Giovanni Vigna

UC Santa Barbara


HandLock: Enabling 2-FA for Smart Home Voice Assistants using Inaudible Acoustic Signal

Shaohu Zhang

North Carolina State University

Anupam Das

North Carolina State University


An Investigation of Byzantine Threats in Multi-Robot Systems

Gelei Deng

Nanyang Technological University

Yuan Zhou

Nanyang Technological University

Yuan Xu

Institute of Computing Technology, Chinese Academy of Sciences

Tianwei Zhang

Nanyang Technological University

Yang Liu

Nanyang Technological University


GrandDetAuto: Detecting Malicious Nodes in Large-Scale Autonomous Networks

Tigist Abera

Technical University of Darmstadt

Ferdinand Brasser

Technical University of Darmstadt

Lachlan Gunn

Aalto University

Patrick Jauernig

Technical University of Darmstadt

David Koisser

Technical University of Darmstadt

Ahmad-Reza Sadeghi

Technical University of Darmstadt


Mini-Me, You Complete Me! Fine-grained Drone Security via DNN-based Approximate Computing

Aolin Ding

Rutgers University

Praveen Murthy

Swirlds Inc.

Luis Garcia

University of Southern California, Information Sciences Institute

Pengfei Sun

F5 Networks

Matthew Chan

Rutgers University

Saman Zonouz

Rutgers University