The Community for Technology Leaders
2018 IEEE Symposium on Security and Privacy (SP) (2018)
San Francisco, CA, US
May 21, 2018 to May 23, 2018
ISSN: 2375-1207
ISBN: 978-1-5386-4353-2
TABLE OF CONTENTS

Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage (Abstract)

Marie-Sarah Lacharite , Royal Holloway, University of London
Brice Minaud , Royal Holloway, University of London
Kenneth G. Paterson , Royal Holloway, University of London
pp. 1-18

On the Economics of Offline Password Cracking (Abstract)

Jeremiah Blocki , Purdue University
Benjamin Harsha , Purdue University
Samson Zhou , Purdue University
pp. 35-53

FP-STALKER: Tracking Browser Fingerprint Evolutions Along Time (Abstract)

Antoine Vastel , University of Lille / INRIA
Pierre Laperdrix , INSA / INRIA
Walter Rudametkin , University of Lille / INRIA
Romain Rouvoy , University of Lille / INRIA
pp. 54-67

Implementing Conjunction Obfuscation under Entropic Ring LWE (Abstract)

David Bruce Cousins , Raytheon BBN Technologies
Giovanni Di Crescenzo , Applied Communication Sciences / Vencore Labs
Kamil Doruk Gür , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
Kevin King , Massachusetts Institute of Technology
Yuriy Polyakov , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
Kurt Rohloff , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
Gerard W. Ryan , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
Erkay Savaş , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
pp. 68-85

Sonar: Detecting SS7 Redirection Attacks With Audio-Based Distance Bounding (Abstract)

Christian Peeters , University of Florida
Hadi Abdullah , University of Florida
Nolen Scaife , University of Florida
Jasmine Bowers , University of Florida
Patrick Traynor , University of Florida
Bradley Reaves , North Carolina State University
Kevin Butler , University of Florida
pp. 86-101

The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators (Abstract)

Marten Oltrogge , CISPA, Saarland University
Erik Derr , CISPA, Saarland University
Christian Stransky , CISPA, Saarland University
Yasemin Acar , Leibniz University Hannover
Sascha Fahl , Leibniz University Hannover
Christian Rossow , CISPA, Saarland University
Giancarlo Pellegrino , CISPA, Saarland University, Stanford University
Sven Bugiel , CISPA, Saarland University
Michael Backes , CISPA, Saarland University
pp. 102-115

Speechless: Analyzing the Threat to Speech Privacy from Smartphone Motion Sensors (Abstract)

S Abhishek Anand , University of Alabama at Birmingham
Nitesh Saxena , University of Alabama at Birmingham
pp. 116-133

Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes (Abstract)

Daniel Votipka , University of Maryland
Rock Stevens , University of Maryland
Elissa Redmiles , University of Maryland
Jeremy Hu , University of Maryland
Michelle Mazurek , University of Maryland
pp. 134-151

Distance-Bounding Protocols: Verification without Time and Location (Abstract)

Sjouke Mauw , CSC/SnT, University of Luxembourg
Zach Smith , CSC, University of Luxembourg
Jorge Toro-Pozo , CSC, University of Luxembourg
Rolando Trujillo-Rasua , SnT, University of Luxembourg
pp. 152-169

Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency --- Choose Two (Abstract)

Debajyoti Das , Purdue University
Sebastian Meiser , University College London
Esfandiar Mohammadi , ETH Zurich
Aniket Kate , Purdue University
pp. 170-188

Crowd-GPS-Sec: Leveraging Crowdsourcing to Detect and Localize GPS Spoofing Attacks (Abstract)

Kai Jansen , Ruhr-University Bochum
Matthias Schäfer , University of Kaiserslautern
Daniel Moser , ETH Zurich
Vincent Lenders , armasuisse
Christina Pöpper , New York University Abu Dhabi
Jens Schmitt , University of Kaiserslautern
pp. 189-202

vRAM: Faster Verifiable RAM With Program-Independent Preprocessing (Abstract)

Yupeng Zhang , University of Maryland
Daniel Genkin , University of Maryland and University of Pennsylvania
Jonathan Katz , University of Maryland
Dimitrios Papadopoulos , Hong Kong University of Science and Technology
Charalampos Papamanthou , University of Maryland
pp. 203-220

Privacy Risks with Facebook's PII-based Targeting: Auditing a Data Broker?s Advertising Interface (Abstract)

Giridhari Venkatadri , Northeastern University
Yabing Liu , Northeastern University
Alan Mislove , Northeastern University
Patrick Loiseau , Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG and MPI-SWS
Oana Goga , Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG
pp. 221-239

Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System (Abstract)

Yuqi Chen , Singapore University of Technology and Design
Christopher M. Poskitt , Singapore University of Technology and Design
Jun Sun , Singapore University of Technology and Design
pp. 240-252

EyeTell: Video-Assisted Touchscreen Keystroke Inference from Eye Movements (Abstract)

Yimin Chen , Arizona State University
Tao Li , Arizona State University
Rui Zhang , University of Delaware
Yanchao Zhang , Arizona State University
Terri Hedgpeth , Arizona State University
pp. 253-269

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels (Abstract)

Meng Xu , Georgia Institute of Technology
Chenxiong Qian , Georgia Institute of Technology
Kangjie Lu , University of Minnesota
Michael Backes , CISPA Helmholtz Center i.G.
Taesoo Kim , Georgia Institute of Technology
pp. 270-287

Tracking Certificate Misissuance in the Wild (Abstract)

Deepak Kumar , University of Illinois, Urbana-Champaign
Zhengping Wang , University of Illinois, Urbana-Champaign
Matthew Hyder , University of Illinois, Urbana-Champaign
Joseph Dickinson , University of Illinois, Urbana-Champaign
Gabrielle Beck , University of Michigan
David Adrian , University of Michigan
Joshua Mason , University of Illinois, Urbana-Champaign
Zakir Durumeric , University of Michigan
J. Alex Halderman , University of Michigan
Michael Bailey , University of Illinois, Urbana-Champaign
pp. 288-301

On Enforcing the Digital Immunity of a Large Humanitarian Organization (Abstract)

Stevens Le Blond , École polytechnique fédérale de Lausanne
Alejandro Cuevas , École polytechnique fédérale de Lausanne
Juan Ramón Troncoso-Pastoriza , École polytechnique fédérale de Lausanne
Philipp Jovanovic , École polytechnique fédérale de Lausanne
Bryan Ford , École polytechnique fédérale de Lausanne
Jean-Pierre Hubaux , École polytechnique fédérale de Lausanne
pp. 302-318

Bulletproofs: Short Proofs for Confidential Transactions and More (Abstract)

Benedikt Bünz , Stanford University
Jonathan Bootle , University College London
Dan Boneh , Stanford University
Andrew Poelstra , Blockstream
Pieter Wuille , Blockstream
pp. 319-338

A Formal Treatment of Accountable Proxying over TLS (Abstract)

Karthikeyan Bhargavan , INRIA de Paris, France
Ioana Boureanu , Univ. of Surrey, SCCS, UK
Antoine Delignat-Lavaud , Microsoft Research, UK
Pierre-Alain Fouque , Univ. of Rennes 1, IRISA, France
Cristina Onete , Univ. of Limoges, XLIM, CNRS, France
pp. 339-356

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU (Abstract)

Pietro Frigo , Vrije Universiteit Amsterdam
Cristiano Giuffrida , Vrije Universiteit Amsterdam
Herbert Bos , Vrije Universiteit Amsterdam
Kaveh Razavi , Vrije Universiteit Amsterdam
pp. 357-372

Computer Security and Privacy for Refugees in the United States (Abstract)

Lucy Simko , University of Washington
Ada Lerner , Wellesley College
Samia Ibtasam , University of Washington
Franziska Roesner , University of Washington
Tadayoshi Kohno , University of Washington
pp. 373-387

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races (Abstract)

Guoxing Chen , The Ohio State University
Wenhao Wang , Indiana University Bloomington & SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences
Tianyu Chen , Indiana University Bloomington
Sanchuan Chen , The Ohio State University
Yinqian Zhang , The Ohio State University
XiaoFeng Wang , Indiana University Bloomington
Ten-Hwang Lai , The Ohio State University
Dongdai Lin , SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences
pp. 388-404

EnclaveDB: A Secure Database using SGX (Abstract)

Christian Priebe , Imperial College London
Kapil Vaswani , Microsoft Research
Manuel Costa , Microsoft Research
pp. 405-419

SoK: Keylogging Side Channels (Abstract)

John Monaco , U.S. Army Research Laboratory
pp. 420-437

Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones (Abstract)

Kevin Borgolte , University of California, Santa Barbara
Shuang Hao , University of Texas at Dallas
Tobias Fiebig , Delft University of Technology
Giovanni Vigna , University of California, Santa Barbara
pp. 438-452

FuturesMEX: Secure, Distributed Futures Market Exchange (Abstract)

Fabio Massacci , University of Trento, IT
Chan Nam Ngo , University of Trento, IT
Jing Nie , University of International Business and Economics Beijing, CN
Daniele Venturi , University of Rome "La Sapienza", IT
Julian Williams , University of Durham, UK
pp. 453-471

Compiler-assisted Code Randomization (Abstract)

Hyungjoon Koo , Stony Brook University
Yaohui Chen , Northeastern University
Long Lu , Northeastern University
Vasileios P. Kemerlis , Brown University
Michalis Polychronakis , Stony Brook University
pp. 472-488

Another Flip in the Wall of Rowhammer Defenses (Abstract)

Daniel Gruss , Graz University of Technology, Graz, Austria
Moritz Lipp , Graz University of Technology, Graz, Austria
Michael Schwarz , Graz University of Technology, Graz, Austria
Daniel Genkin , University of Pennsylvania and University of Maryland, USA
Jonas Juffinger , Graz University of Technology, Graz, Austria
Sioli O'Connell , University of Adelaide, Adelaide, Australia
Wolfgang Schoechl , Graz University of Technology, Graz, Austria
Yuval Yarom , University of Adelaide and Data61, Adelaide, Australia
pp. 489-505

Routing Around Congestion: Defeating DDoS Attacks and Adverse Network Conditions via Reactive BGP Routing (Abstract)

Jared M Smith , University of Tennessee, Knoxville
Max Schuchard , University of Tennessee, Knoxville
pp. 506-524

DEEPSEC: Deciding Equivalence Properties in Security Protocols -- Theory and Practice (Abstract)

Vincent Cheval , Inria Nancy & Loria
Steve Kremer , Inria Nancy & Loria
Itsaka Rakotonirina , Inria Nancy & Loria
pp. 525-542

xJsnark: A Framework for Efficient Verifiable Computation (Abstract)

Ahmed Kosba , University of Maryland
Charalampos Papamanthou , University of Maryland
Elaine Shi , Cornell University
pp. 543-560

A Machine Learning Approach To Prevent Malicious Calls Over Telephony Networks (Abstract)

Huichen Li , Shanghai Jiao Tong University
Xiaojun Xu , Shanghai Jiao Tong University
Chang Liu , University of California, Berkeley
Teng Ren , TouchPal Inc.
Kun Wu , TouchPal Inc.
Xuezhi Cao , Shanghai Jiao Tong University
Weinan Zhang , Shanghai Jiao Tong University
Yong Yu , Shanghai Jiao Tong University
Dawn Song , University of California, Berkeley
pp. 561-577

Locally Differentially Private Frequent Itemset Mining (Abstract)

Tianhao Wang , Purdue University
Ninghui Li , Purdue University
Somesh Jha , University of Wisconsin-Madison
pp. 578-594

Secure Two-party Threshold ECDSA from ECDSA Assumptions (Abstract)

Jack Doerner , Northeastern University
Yashvanth Kondi , Northeastern University
Eysa Lee , Northeastern University
abhi shelat , Northeastern University
pp. 595-612

SoK: "Plug & Pray" Today - Understanding USB Insecurity in Versions 1 through C (Abstract)

Jing Tian , University of Florida
Nolen Scaife , University of Florida
Deepak Kumar , University of Illinois at Urbana-Champaign
Michael Bailey , University of Illinois at Urbana-Champaign
Adam Bates , University of Illinois at Urbana-Champaign
Kevin Butler , University of Florida
pp. 613-628

Stealing Hyperparameters in Machine Learning (Abstract)

Binghui Wang , ECE Department, Iowa State University
Neil Zhenqiang Gong , ECE Department, Iowa State University
pp. 629-645

CollAFL: Path Sensitive Fuzzing (Abstract)

Shuitao Gan , State Key Laboratory of Mathematical Engineering and Advanced Computing
Chao Zhang , Tsinghua University
Xiaojun Qin , State Key Laboratory of Mathematical Engineering and Advanced Computing
Xuwen Tu , State Key Laboratory of Mathematical Engineering and Advanced Computing
Kang Li , Cyber Immunity Lab
Zhongyu Pei , Tsinghua University
Zuoning Chen , National Research Center of Parallel Computer Engineering and Technology
pp. 660-677

Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing using Different Sensor Types (Abstract)

Jun Han , Carnegie Mellon University
Albert Jin Chung , Carnegie Mellon University
Manal Kumar Sinha , Carnegie Mellon University
Madhumitha Harishankar , Carnegie Mellon University
Shijia Pan , Carnegie Mellon University
Hae Young Noh , Carnegie Mellon University
Pei Zhang , Carnegie Mellon University
Patrick Tague , Carnegie Mellon University
pp. 678-694

The Cards Aren't Alright: Detecting Counterfeit Gift Cards Using Encoding Jitter (Abstract)

Nolen Scaife , University of Florida
Christian Peeters , University of Florida
Camilo Velez , University of Florida
Hanqing Zhao , University of Florida
Patrick Traynor , University of Florida
David Arnold , University of Florida
pp. 695-708

Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications (Abstract)

guangliang yang , Texas A&M University
Jeff Huang , Texas A&M University
Guofei Gu , Texas A&M University
Abner Mendoza , Texas A&M University
pp. 709-722

Surveylance: Automatically Detecting Online Survey Scams (Abstract)

Amin Kharraz , University of Illinois Urbana-Champaign
William Robertson , Northeastern University
Engin Kirda , Northeastern University
pp. 723-739

When Your Fitness Tracker Betrays You: Quantifying the Predictability of Biometric Features Across Contexts (Abstract)

Simon Eberz , University of Oxford
Giulio Lovisotto , University of Oxford
Andrea Patanč , University of Oxford
Marta Kwiatkowska , University of Oxford
Vincent Lenders , armasuisse
Ivan Martinovic , University of Oxford
pp. 740-756

Impossibility of Precise and Sound Termination-Sensitive Security Enforcements (Abstract)

Minh Ngo , INRIA, France
Frank Piessens , imec-DistriNet, KU Leuven, Belgium
Tamara Rezk , INRIA, France
pp. 757-774

Oblix: An Efficient Oblivious Search Index (Abstract)

Pratyush Mishra , UC Berkeley
Rishabh Poddar , UC Berkeley
Jerry Chen , UC Berkeley
Alessandro Chiesa , UC Berkeley
Raluca Ada Popa , UC Berkeley
pp. 775-792

Tracking Ransomware End-to-end (Abstract)

Danny Yuxing Huang , Princeton University
Maxwell Matthaios Aliapoulios , New York University
Vector Guo Li , University of California, San Diego
Jonathan Levin , Chainalysis
Kirill Levchenko , University of California, San Diego
Alex C. Snoeren , University of California, San Diego
Damon McCoy , New York University
pp. 793-806

Towards Security and Privacy for Multi-User Augmented Reality: Foundations with End Users (Abstract)

Kiron Lebeck , University of Washington
Kimberly Ruth , University of Washington
Tadayoshi Kohno , University of Washington
Franziska Roesner , University of Washington
pp. 807-823

Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems (Abstract)

Connor Bolton , University of Michigan
Sara Rampazzi , University of Michigan
Chaohao Li , Zhejiang University
Andrew Kwong , University of Michigan
Wenyuan Xu , Zhejiang University
Kevin Fu , University of Michigan
pp. 824-838

FPGA-Based Remote Power Side-Channel Attacks (Abstract)

Mark Zhao , Cornell University
G. Edward Suh , Cornell University
pp. 839-854

Angora: Efficient Fuzzing by Principled Search (Abstract)

Peng Chen , ShanghaiTech University
Hao Chen , University of California, Davis
pp. 855-869

Understanding Linux Malware (Abstract)

Emanuele Cozzi , Eurecom
Mariano Graziano , Cisco Systems, Inc.
pp. 870-884

Static Evaluation of Noninterference using Approximate Model Counting (Abstract)

Ziqiao Zhou , University of North Carolina at Chapel Hill
Zhiyun Qian , University of California, Riverside
Michael K. Reiter , University of North Carolina
Yinqian Zhang , The Ohio State University
pp. 885-899

Secure Device Bootstrapping without Secrets Resistant to Signal Manipulation Attacks (Abstract)

Nirnimesh Ghose , Department of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USA
Loukas Lazos , Department of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USA
Ming Li , Department of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USA
pp. 900-916

T-Fuzz: fuzzing by program transformation (Abstract)

Hui Peng , Purdue University
Yan Shoshitaishvili , Arizona State University
Mathias Payer , Purdue University
pp. 917-930

Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning (Abstract)

Matthew Jagielski , Northeastern University
Alina Oprea , Northeastern University
Battista Biggio , University of Cagliary
Chang Liu , University of California Berkeley
Cristina Nita-Rotaru , Northeastern University
Bo Li , University of California Berkeley
pp. 931-947

Doubly-efficient zkSNARKs without trusted setup (Abstract)

Riad S. Wahby , Stanford University
Ioanna Tzialla , New York University
abhi shelat , Northeastern University
Justin Thaler , Georgetown University
Michael Walfish , New York University
pp. 975-992

The Spyware Used in Intimate Partner Violence (Abstract)

Rahul Chatterjee , Cornell Tech
Hadas Orgad , Technion
Sam Havron , Cornell University
Jackeline Palmer , Hunter College
Diana Freed , Cornell Tech
Karen Levy , Cornell University
Nicola Dell , Cornell Tech
Thomas Ristenpart , Cornell Tech
pp. 993-1010

PIR with compressed queries and amortized query processing (Abstract)

Sebastian Angel , The University of Texas at Austin and New York University
Hao Chen , Microsoft Research
Kim Laine , Microsoft Research
Srinath Setty , Microsoft Research
pp. 1011-1028

Static Evaluation of Noninterference using Approximate Model Counting (Abstract)

Ziqiao Zhou , University of North Carolina at Chapel Hill
Zhiyun Qian , University of California, Riverside
Michael K. Reiter , University of North Carolina at Chapel Hill
Yinqian Zhang , The Ohio State University
pp. 1029-1043

Fingerprinting Cryptographic Protocols with Key Exchange using an Entropy Measure (Abstract)

Shoufu Luo , The Graduate Center, City University of New York
Jeremy D. Seideman , The Graduate Center, City University of New York
Sven Dietrich , The Graduate Center, City University of New York, John Jay College, City University of New York
pp. 1044-1053

Secure Two-party Threshold ECDSA from ECDSA Assumptions (Abstract)

Jack Doerner , Northeastern University
Yashvanth Kondi , Northeastern University
Eysa Lee , Northeastern University
abhi shelat , Northeastern University
pp. 1054-1071

Protecting the Stack with Metadata Policies and Tagged Hardware (Abstract)

Nick Roessler , University of Pennsylvania
André DeHon , University of Pennsylvania
pp. 1072-1089

A Tale of Two Studies: The Best and Worst of YubiKey Usability (Abstract)

Joshua Reynolds , University of Illinois at Urbana-Champaign and Brigham Young University
Trevor Smith , Brigham Young University
Ken Reese , Brigham Young University
Luke Dickinson , Brigham Young University
Scott Ruoti , MIT Lincoln Laboratory
Kent Seamons , Brigham Young University
pp. 1090-1106
89 ms
(Ver 3.3 (11022016))