AUGUST 15–17, 2018 BALTIMORE, MD, USA Wednesday, August 15 7:30 am–8:45 am Continental Breakfast 8:45 am–9:00 am Opening Remarks and Awards Program Co-Chairs: William Enck, North Carolina State University, and Adrienne Porter Felt, Google

9:00 am–10:00 am Keynote Address Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models James Mickens, Harvard University 10:00 am–10:30 am Break with Refreshments 10:30 am–12:10 pm Track 1 Track 2 Track 3

Security Impacting the Memory Defenses Censorship and Web Privacy Physical World ACES: Automatic Compartments for Fp-Scanner: The Privacy Implications of Fear the Reaper: Characterization and Fast Embedded Systems Browser Fingerprint Inconsistencies Detection of Card Skimmers Abraham A Clements, Purdue University and Antoine Vastel, Univ. Lille / Inria / Inria; Pierre Nolen Scaife, Christian Peeters, and Patrick Sandia National Labs; Naif Saleh Almakhdhub, Laperdrix, Stony Brook University; Walter Traynor, University of Florida Saurabh Bagchi, and Mathias Payer, Purdue Rudametkin, Univ. Lille / Inria / Inria; Romain BlackIoT: IoT Botnet of High Wattage University Rouvoy, Univ. Lille / Inria / IUF Devices Can Disrupt the Power Grid IMIX: In-Process Memory Isolation Who Left Open the Cookie Jar? A Saleh Soltan, Prateek Mittal, and H. Vincent EXtension Comprehensive Evaluation of Third-Party Poor, Princeton University Tommaso Frassetto, Patrick Jauernig, Cookie Policies Skill Squatting Attacks on Amazon Alexa Christopher Liebchen, and Ahmad-Reza Gertjan Franken, Tom Van Goethem, and Sadeghi, Technische Universität Darmstadt Wouter Joosen, imec-Distrinet, KU Leuven Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam HeapHopper: Bringing Bounded Model Effective Detection of Multimedia Protocol Bates, and Michael Bailey, University of Illinois, Checking to Heap Implementation Security Tunneling using Machine Learning Urbana-Champaign Moritz Eckert, Antonio Bianchi, and Ruoyu Diogo Barradas, Nuno Santos, and Luís CommanderSong: A Systematic Approach Wang, University of California, Santa Barbara; Rodrigues, INESC-ID, Instituto Superior Técnico, for Practical Adversarial Voice Recognition Yan Shoshitaishvili, Arizona State University; Universidade de Lisboa Christopher Kruegel and Giovanni Vigna, Xuejing Yuan, SKLOIS, Institute of Information Scalable Remote Measurement of University of California, Santa Barbara Engineering, Chinese Academy of Sciences. School Application-Layer Censorship of Cyber Security, University of Chinese Academy Guarder: An Efficient Heap Allocator with Benjamin VanderSloot, Allison McDonald, Will of Sciences.; Yuxuan Chen, Florida Institute Strongest and Tunable Security Scott, J. Alex Halderman, and Roya Ensafi, of Technology; Yue Zhao, SKLOIS, Institute of Sam Silvestro, Hongyu Liu, and Tianyi Liu, University of Michigan Information Engineering, Chinese Academy of University of Texas at San Antonio; Zhiqiang Lin, Sciences. School of Cyber Security, University Ohio State University; Tongping Liu, University of of Chinese Academy of Sciences.; Yunhui Long, Texas at San Antonio University of Illinois at Urbana-Champaign; Xiaokang Liu and Kai Chen, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Shengzhi Zhang, Florida Institute of Technology; Heqing Huang, IBM Thomas J. Watson Research Center; Xiaofeng Wang, Indiana University Bloomington; Carl A. Gunter, University of Illinois at Urbana-Champaign 12:10 pm–1:40 pm Lunch (on your own) The Career Luncheon for Students and Recent Grads will occur at this time.

Wednesday, August 15 continues on next page ➜ Wednesday, August 15 (continued)

1:40 pm–3:20 pm Track 1 Track 2 Track 3

Understanding How Humans Vulnerability Discovery Invited Talks Authenticate ATtention Spanned: Comprehensive TBA Better managed than memorized? Studying Vulnerability Analysis of AT Commands the Impact of Managers on Password Within the Android Ecosystem Strength and Reuse Dave (Jing) Tian, Grant Hernandez, Joseph Sanam Ghorbani Lyastani, CISPA, Saarland Choi, Vanessa Frost, Christie Raules, Kevin University; Michael Schilling, Saarland University; Butler, and Patrick Traynor, University of Florida; Sascha Fahl, Leibniz University Hannover; Sven Hayawardh Vijayakumar, Lee Harrison, Amir Bugiel, CISPA, Saarland University; Michael Rahmati, and Mike Grace, Samsung Research Backes, CISPA Helmholtz Center i.G. America Forgetting of Passwords: Ecological Theory Charm: Facilitating Dynamic Analysis of and Data Device Drivers of Mobile Systems Xianyi Gao, Yulong Yang, Can Liu, Christos Seyed Mohammadjavad Seyed Talebi and Mitropoulos, and Janne Lindqvist, Rutgers Hamid Tavakoli, UC Irvine; Hang Zhang and University; Antti Oulasvirta, Aalto University Zheng Zhang, UC Riverside; Ardalan Amiri Sani, The Rewards and Costs of Stronger UC Irvine; Zhiyun Qian, UC Riverside Passwords in a University: Linking Inception: System-wide Security Testing of Password Lifetime to Strength Real-World Embedded Systems Software Ingolf Becker, Simon Parkin, and M. Angela Nassim Corteggiani, EURECOM, Maxim Sasse, University College London Integrated; Giovanni Camurati and Aurélien Rethinking Authentication and Access Francillon, EURECOM Control for the Home Internet of Things Acquisitional Rule-based Engine for (IoT) Discovering Internet-of-Thing Devices Weijia He, University of Chicago; Maximilian Xuan Feng, Beijing Key Laboratory of IOT Golla, Ruhr-University Bochum; Roshni Padhi Information Security Technology, Institute of and Jordan Ofek, University of Chicago; Markus Information Engineering, CAS, China; Qiang Li, Dürmuth, Ruhr-University Bochum; Earlence School of Computer and Information Technology, Fernandes, University of Washington; Blase Ur, Beijing Jiaotong University, China; Haining University of Chicago Wang, Department of Electrical and Computer Engineering, University of Delaware, USA; Limin Sun, Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China

3:20pm–3:50 pm Break with Refreshments 3:50 pm–5:30 pm Track 1 Track 2 Track 3

Web Applications Anonymity Invited Talks A Sense of Time for JavaScript and Node. How do Tor users interact with onion TBA js: First-Class Timeouts as a Cure for Event services? Handler Poisoning Philipp Winter, Anne Edmundson, Laura M. James C. Davis, Eric R. Williamson, and Roberts, Marshini Chetty, and Nick Feamster, Dongyoon Lee, Virginia Tech Princeton University Freezing the Web: A Study of ReDoS Towards Predicting Efficient and Vulnerabilities in JavaScript-based Web Tor Circuits Servers Armon Barton, University of Texas at Arlington; Cristian-Alexandru Staicu and Michael Pradel, Matthew Wright, Rochester Institute of TU Darmstadt Technology; Jiang Ming and Mohsen Imani, NAVEX: Precise and Scalable Exploit University of Texas at Arlington Generation for Dynamic Web Applications BurnBox: Self-Revocable in a Abeer Alhuzali, Rigel Gjomemo, Birhanu World Of Compelled Access Eshete, and V.N. Venkatakrishnan, UIC Nirvan Tyagi, Cornell Tech; Muhammad Haris Rampart: Protecting Web Applications from Mughees, Cornell Tech and UIUC; Thomas CPU-Exhaustion Denial-of-Service Attacks Ristenpart and Ian Miers, Cornell Tech Wei Meng, Chinese University of Hong An Empirical Analysis of Anonymity in Kong; Chenxiong Qian, Georgia Institute of Zcash Technology; Shuang Hao, University of Texas George Kappos, Haaroon Yousaf, Mary Maller, at Dallas; Kevin Borgolte, Giovanni Vigna, and and Sarah Meiklejohn, University College Christopher Kruegel, University of California, London Santa Barbara; Wenke Lee, Georgia Institute of Technology

Wednesday, August 15 continues on next page ➜ Wednesday, August 15 (continued)

6:00 pm–7:30 pm USENIX Security ’18 Symposium Reception Mingle with fellow attendees at the USENIX Security ‘18 Reception, featuring dinner, drinks, and the chance to connect with other attendees, speakers, and symposium organizers. 7:30 pm–8:30 pm USENIX Security ’18 Lightning Talks This is intended as an informal session for short and engaging presentations on recent unpublished results, work in progress, or other topics of interest to USENIX Security attendees. As in the past, talks do not always need to be serious and funny talks are encouraged! This year, USENIX will generously sponsor awards for the most engaging talks. Bragging rights and small cash prizes can be yours for a great talk! For full consideration, submit your lightning talk via the lighting talk submission form, which will be available here soon, through July 27, 2018. Only talks submitted by this deadline will be considered for the awards. You can continue submitting talks via the submission form or by emailing [email protected] until Wednesday, August 15, 2018, 12:00 pm EDT. Thursday, August 16

8:00 am–9:00 am Continental Breakfast 9:00 am–10:30 am

Track 1 Track 2 Track 3

Privacy in a Digital World Attacks on Crypto & Crypto Invited Talks Unveiling and Quantifying Facebook Libraries TBA Exploitation of Sensitive Personal Data for Efail: Breaking S/MIME and OpenPGP Advertising Purposes Encryption using Exfiltration Channels José González Cabañas, Ángel Cuevas, and Damian Poddebniak, Münster University of Rubén Cuevas, Department of Telematic Applied Sciences; Jens Müller, Ruhr University Engineering, Universidad Carlos III de Madrid Bochum; Christian Dresen, Fabian Ising, and Analysis of Privacy Protections in Fitness Sebastian Schinzel, Münster University of Applied Tracking Social Networks -or- You can run, Sciences; Simon Friedberger, KU Leuven; Juraj but can you hide? Somorovsky and Jörg Schwenk, Ruhr University Wajih Ul Hassan, Saad Hussain, and Adam Bochum Bates, University Of Illinois Urbana-Champaign The Dangers of Key Reuse - Practical AttriGuard: A Practical Defense Against Attacks on IPsec IKE Attribute Inference Attacks via Adversarial Martin Grothe, Dennis Felsch, and Jörg Machine Learning Schwenk, Ruhr-University Bochum; Adam Jinyuan Jia and Neil Zhenqiang Gong, Iowa State Czubak and Marcin Szymanek, University of University Opole Polisis: Automated Analysis and One&Done: A Single-Decryption EM-Based Presentation of Privacy Policies Using Deep Attack on OpenSSL’s Constant-Time Blinded Learning RSA Hamza Harkous, EPFL; Kassem Fawaz, Monjur Alam, Haider Adnan Khan, Moumita University of Wisconsin-Madison; Rémi Lebret, Dey, Nishith Sinha, Robert Callan, Alenka Zajic, EPFL; Florian Schaub and Kang G. Shin, and Milos Prvulovic, Georgia Tech University of Michigan; Karl Aberer, EPFL DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries Samuel Weiser, Graz University of Technology; Andreas Zankl, Fraunhofer AISEC; Raphael Spreitzer, Graz University of Technology; Katja Miller, Fraunhofer AISEC; Stefan Mangard, Graz University of Technology; Georg Sigl, Technical University of Munich 10:30 am–11:00 am Break with Refreshments 11:10 am–12:00 pm Enterprise Security Zero-Knowledge Network Defenses The Battle for New York: A Case Study of Practical Accountability of Secret Processes NetHide: Secure and Practical Network Applied Digital Threat Modeling at the Jonathan Frankle, Sunoo Park, Daniel Shaar, Topology Obfuscation Enterprise Level Shafi Goldwasser, and Daniel Weitzner, Roland Meier and Petar Tsankov, ETH Zurich; Rock Stevens, Daniel Votipka, and Elissa M. Massachusetts Institute of Technology Vincent Lenders, armasuisse; Laurent Vanbever Redmiles, University of Maryland; Colin Ahern, DIZK: Distributing Zero Knowledge Proof and Martin Vechev, ETH Zurich NYC Cyber Command; Patrick Sweeney, Wake Systems Towards a Secure Zero-rating Framework Forest University; Michelle L. Mazurek, University Howard Wu, Wenting Zheng, Alessandro with Three Parties of Maryland Chiesa, Raluca Ada Popa, and Ion Stoica, UC Zhiheng Liu, Zhen Zhang, Yinzhi Cao, Zhaohan SAQL: A Stream-based Query System for Berkeley Xi, and Shihao Jing, Lehigh University; Humberto Real-Time Abnormal System Behavior La Roche, Cisco Systems Detection Peng Gao, Princeton University; Xusheng Xiao, Case Western Reserve University; Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, and Chung Hwan Kim, NEC Labs America; Sanjeev R. Kulkarni

12:30 pm–1:30 pm USENIX Security ’18 Luncheon Sponsored by Facebook The Internet Defense Prize will be presented at the Symposium Luncheon.

Thursday, August 16 continues on next page ➜ Thursday, August 16 (continued)

1:30 pm–3:10 pm Track 1 Track 2 Track 3

Fuzzing and Exploit Generation TLS and PKI Vulnerability Mitigations MoonShine: Optimizing OS Fuzzer Seed The Secure Socket API: TLS as an Operating Debloating Software through Piece-Wise Selection with Trace Distillation System Service Compilation and Loading Shankara Pailoor, Andrew Aday, and Suman Mark O’Neill, Scott Heidbrink, Jordan Anh Quach and Aravind Prakash, Binghamton Jana, Columbia University Whitehead, Tanner Perdue, Luke Dickinson, University; Lok Kwong Yan, Air Force Research QSYM : A Practical Concolic Execution Torstein Collett, Matthew Martindale, Kent Laboratory Engine Tailored for Hybrid Fuzzing Seamons, and Daniel Zappala, Brigham Young Precise and Accurate Patch Presence Test University Insu Yun, Sangho Lee, and Meng Xu, Georgia for Binaries Institute of Technology; Yeongjin Jang, Oregon Return Of Bleichenbacher’s Oracle Threat Hang Zhang and Zhiyun Qian, University of State University; Taesoo Kim, Georgia Institute of (ROBOT) California, Riverside Technology Hanno Böck, unaffiliated; Juraj Somorovsky, From Patching Delays to Infection Automatic Heap Layout Manipulation for Ruhr-Universität Bochum, Hackmanit GmbH; Symptoms: Using Risk Profiles for an Early Exploitation Craig Young, Tripwire VERT Discovery of Vulnerabilities Exploited in the Sean Heelan, Tom Melham, and Daniel Bamboozling Certificate Authorities with Wild Kroening, University of Oxford BGP Chaowei xiao and Armin Sarabi, University FUZE: Towards Facilitating Exploit Henry Birge-Lee, Yixin Sun, Annie Edmundson, of Michigan; Yang Liu, Harvard University; Bo Generation for Kernel Use-After-Free Jennifer Rexford, and Prateek Mittal, Princeton Li, University of California, Berkeley; Mingyan Vulnerabilities University Liu, University of Michigan; Tudor Dumitras, University of Maryland Wei Wu, University of Chinese Academy of The Broken Shield: Measuring Revocation Sciences; Yueqi Chen, Jun Xu, and Xinyu Xing, Effectiveness in the Windows Code-Signing Understanding the Reproducibility of Penn State University; Wei Zou and Xiaorui PKI Crowd-reported Security Vulnerabilities Gong, University of Chinese Academy of Sciences Doowon Kim and Bum Jun Kwon, University Dongliang Mu, Nanjing University; Alejandro of Maryland, College Park; Kristián Kozák, Cuevas, The Pennsylvania State University; Masaryk University, Czech Republic; Christopher Limin Yang, East China Normal University; Gates, Symantec; Tudor Dumitraș, University of Hang Hu and Gang Wang, Virginia Polytechnic Maryland, College Park Institute and State University; Xinyu Xing, The Pennsylvania State University; Bing Mao, Nanjing University 3:10 pm–3:40 pm Break with Refreshments 3:40 pm–5:20 pm Side Channels Cybercrime Invited Talks : A Speculative Execution Plug and Prey? Measuring the TBA Attack against Enclaved Execution Commoditization of Cybercrime via Online Jo Van Bulck, Frank Piessens, and Raoul Anonymous Markets Strackx, imec-DistriNet, KU Leuven Rolf van Wegberg and Samaneh Malicious Management Unit: Why Stopping Tajalizadehkhoob, Delft University of Technology; Cache Attacks in Software is Harder Than Kyle Soska, Carnegie Mellon University; Ugur You Think Akyazi, Carlos Hernandez Ganan, and Bram Klievink, Delft University of Technology; Nicolas Stephan van Schaik, Kaveh Razavi, Cristiano Christin, Carnegie Mellon University; Michel van Giuffrida, and Herbert Bos, Vrije Universiteit Eeten, Delft University of Technology Amsterdam Reading Thieves’ Cant: Automatically Translation Leak-aside Buffer: Defeating Identifying and Understanding Dark Cache Side-channel Protections with TLB Jargons from Cybercrime Marketplaces Attacks Kan Yuan, Indiana University Bloomington; Ben Gras, Kaveh Razavi, Herbert Bos, and Haoran Lu and Xiaojing Liao, College of William Cristiano Giuffrida, VU University Amsterdam & Mary; XiaoFeng Wang, Indiana University Meltdown: Reading Kernel Memory from Bloomington User Space The Droste Effect: Profiling the Moritz Lipp, Michael Schwarz, and Daniel Stakeholders in the Remote Access Trojan Gruss, Graz University of Technology; Thomas Ecosystem Prescher and Werner Haas, Cyberus Technology; Mohammad Rezaeirad, George Mason Anders Fogh, G DATA Advanced Analytics; Jann University; Brown Farinholt, University of Horn, Google Project Zero; Stefan Mangard, California, San Diego; Hitesh Dharmdasani, Graz University of Technology; Paul Kocher, Informant Networks; Paul Pearce, University of unaffiliated; Daniel Genkin, University of California, Berkeley; Kirill Levchenko, University of Pennsylvania and University of Maryland; Yuval California, San Diego; Damon McCoy, New York Yarom, University of Adelaide and Data61; Mike University Hamburg, Rambus, Cryptography Research Division The aftermath of a crypto- attack at a large academic institution Leah Zhang-Kennedy, University of Waterloo, Stratford Campus; Hala Assal, Jessica Rocheleau, Reham Mohamed, Khadija Baig, and Sonia Chiasson, Carleton University Thursday, August 16 continues on next page ➜ Thursday, August 16 (continued) 6:00 pm–7:30 pm Poster Session and Happy Hour Check out the cool new ideas and the latest preliminary research on display at the Poster Session and Happy Hour. Take part in discussions with your colleagues over complimentary drinks and snacks.

Friday, August 17 8:00 am–9:00 am Continental Breakfast 9:00 am–10:40 am

Track 1 Track 2 Track 3

Web and Network Measurement Invited Talks We Still Don’t Have Secure Cross-Domain SAD THUG: Structural Anomaly Detection TBA Requests: an Empirical Study of CORS for Transmissions of High-value Jianjun Chen, Tsinghua University, Tsinghua Information Using Graphics National Laboratory for Information Science Jonathan P. Chapman, Fraunhofer FKIE and Technology; Jian Jiang, Shape Security; FANCI : Feature-based Automated Haixin Duan, Institute for Network Science and NXDomain Classification and Intelligence Cyber Space, Tsinghua University; Tao Wan, Samuel Schüppen, RWTH Aachen University; Huawei Canada; Shuo Chen, Microsoft Research Dominik Teubert, Siemens CERT; Patrick Redmond; Vern Paxson, UC Berkeley, ICSI; Min Herrmann and Ulrike Meyer, RWTH Aachen Yang, Fudan University University End-to-End Measurements of Email An Empirical Study of Web Resource Spoofing Attacks Manipulation in Real-world Mobile Hang Hu and Gang Wang, Virginia Tech Applications Who Is Answering My Queries: Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Understanding and Characterizing Illegal Hao Xia, Zhemin Yang, and Min Yang, Fudan Interception of DNS Resolution Path at ISP University; Xiaofeng Wang, Indiana University, Level Bloomington; Long Lu, Northeastern University; Baojun Liu, Chaoyi Lu, Haixin Duan, and Ying Haixin Duan, Tsinghua University Liu, Tsinghua University; Zhou Li, IEEE member; Fast and Service-preserving Recovery from Shuang Hao, University of Texas at Dallas; Min Malware Infections Using CRIU Yang, Fudan University Ashton Webster, Ryan Eckenrod, and James End Users Get Maneuvered: Empirical Purtilo, University of Maryland Analysis of Redirection Hijacking in Content Delivery Networks Shuai Hao, CAIDA/UC San Diego; Yubao Zhang and Haining Wang, University of Delaware; Angelos Stavrou, George Mason University 10:30 am–11:10 am Break with Refreshments 11:10 am–12:00 pm

Subverting Hardware Protections More Malware Attacks on Systems That Learn The Guard’s Dilemma: Efficient Code-Reuse Tackling runtime-based obfuscation in With Great Training Comes Great Attacks Against Intel SGX Android with TIRO Vulnerability: Practical Attacks against Andrea Biondo and Mauro Conti, University of Michelle Y. Wong and David Lie, University of Transfer Learning Padua; Lucas Davi, University of Duisburg-Essen; Toronto Bolun Wang, UC Santa Barbara; Yuanshun Yao, Tommaso Frassetto and Ahmad-Reza Sadeghi, Discovering Vulnerabilities in Security- Bimal Viswanath, Haitao Zheng, and Ben Y. Technische Universität Darmstadt Focused Static Analysis Tools for Android Zhao, University of Chicago A Bad Dream: Subverting Trusted Platform using Systematic Mutation When Does Machine Learning FAIL? Module While You Are Sleeping Richard Bonett, Kaushal Kafle, Kevin Moran, Generalized Transferability for Evasion and Seunghun Han, Wook Shin, Jun-Hyeok Park, Adwait Nadkarni, and Denys Poshyvanyk, Poisoning Attacks and HyoungChun Kim, National Security College of William & Mary Octavian Suciu, Radu Marginean, Yigitcan Kaya, Research Institute Hal Daume III, and Tudor Dumitras, University of Maryland 12:30 pm–2:00 pm Lunch (on your own)

Friday, August 17 continues on next page ➜ Friday, August 17 (continued)

1:30 pm–3:10 pm

Track 1 Track 2 Track 3

Smart Contracts Executing in Untrusted Web Authentication teEther: Gnawing at Ethereum to Environments Vetting Single Sign-On SDK Automatically Exploit Smart Contracts DelegaTEE: Brokered Delegation Using Implementations via Symbolic Reasoning Johannes Krupp and Christian Rossow, CISPA Trusted Execution Environments Ronghai Yang, Wing Cheong Lau, Jiongyi Chen, Enter the Hydra: Towards Principled Bug Sinisa Matetic and Moritz Schneider, ETH and Kehuan Zhang, The Chinese University of Bounties and Exploit-Resistant Smart Zurich; Andrew Miller, UIUC; Ari Juels, Cornell Hong Kong Contracts Tech; Srdjan Capkun, ETH Zurich O Single Sign-Off, Where Art Thou? An Lorenz Breindenbach, ETH Zurich; Phil Daian, Simple Password-Hardened Encryption Empirical Analysis of Single Sign-On Cornell Tech; Florian Tramer, Stanford University; Services Account Hijacking and Session Ari Juels, Cornell Tech Jacobs Institute Russell W. F. Lai and Christoph Egger, Friedrich- Management on the Web Arbitrum: Scalable smart contracts Alexander-University Erlangen-Nürnberg; Manuel Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, and Jason Harry Kalodner, Steven Goldfeder, Xiaoqi Chen, Reinert, Saarland University; Sherman S. M. Polakis, University of Illinois at Chicago Matt Weinberg, and Edward Felten, Princeton Chow, The Chinese University of Hong Kong; University Matteo Maffei, TU Wien; Dominique Schröder, WPSE: Fortifying Web Protocols via Friedrich-Alexander-University Erlangen-Nürnberg Browser-Side Security Monitoring Erays: Reverse Engineering Ethereum’s Opaque Smart Contracts Security Namespace: Making Linux Security Stefano Calzavara and Riccardo Focardi, Frameworks Available to Containers Università Ca’ Foscari Venezia; Matteo Maffei and Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Clara Schneidewind, TU Wien; Marco Squarcina Mason, Andrew Miller, and Michael Bailey, Yuqiong Sun, Symantec Research Labs; David and Mauro Tempesta, Università Ca’ Foscari University of Illinois, Urbana-Champaign Safford, GE Global Research; Mimi Zohar, Dimitrios Pendarakis, and Zhongshu Gu, Venezia IBM Research; Trent Jaeger, Pennsylvania State Man-in-the-Machine: Exploiting Ill-Secured University Communication Inside the Computer Shielding Software From Privileged Side- Thanh Bui and Siddharth Prakash Rao, Aalto Channel Attacks University; Markku Antikainen, University of Xiaowan Dong, Zhuojia Shen, and John Helsinki; Viswanathan Manihatty Bojan and Criswell, University of Rochester; Alan Cox, Rice Tuomas Aura, Aalto University University; Sandhya Dwarkadas, University of Rochester 3:10 pm–3:40 pm Break with Refreshments 3:40 pm–5:20 pm

Blockchains Neural Networks Information Tracking All Your GPS Are Belong To Us: Towards Formal Security Analysis of Neural FlowCog: Context-aware Semantics Stealthy Manipulation of Road Navigation Networks using Symbolic Intervals Extraction and Analysis of Information Flow Systems Shiqi Wang, Kexin Pei, Justin Whitehouse, Leaks in Android Apps Kexiong (Curtis) Zeng, Virginia Tech; Shinan Liu, Junfeng Yang, and Suman Jana, Columbia Xiang Pan, Google Inc.; Yinzhi Cao, Lehigh University of Electronic Science and Technology of University University; Xuechao Du, Zhejiang University; China; Yuanchao Shu, Microsoft Research; Dong Turning Your Weakness Into a Strength: Gan Fang, Northwestern University; Rui Shao, Wang, Haoyu Li, Yanzhi Dou, Gang Wang, and Watermarking Deep Neural Networks by Zhejiang University; Yan Chen, Northwestern Yaling Yang, Virginia Tech Backdooring University Injected and Delivered: Fabricating Implicit Yossi Adi and Carsten Baum, Bar Ilan University; Sensitive Information Tracking in Control over Actuation Systems by Spoofing Moustapha Cisse, Facebook AI Research; Benny Commodity IoT Inertial Sensors Pinkas and Joseph Keshet, Bar Ilan University Z. Berkay Celik, The Pennsylvania State Yazhou Tu, University of Louisiana at Lafayette; A4NT: Author Attribute Anonymity by University; Leonardo Babun, Amit Kumar Zhiqiang Lin, Ohio State University; Insup Lee, Adversarial Training of Neural Machine Sikder, and Hidayet Aksu, Florida International University of Pennsylvania; Xiali Hei, University of Translation University; Gang Tan and Patrick McDaniel, The Louisiana at Lafayette Pennsylvania State University; A. Selcuk Uluagac, Rakshith Shetty, Bernt Schiele, and Mario Fritz, Florida International University Modeling and Analysis of a Hierarchy of Max Planck Institute for Informatics Distance Bounding Attacks Enabling Refinable Cross-host Attack GAZELLE: A Low Latency Framework for Investigation with Efficient Data Flow Tom Chothia, Univ. of Birmingham; Joeri de Secure Neural Network Inference Ruiter, Radboud University Nijmegen; Ben Smyth, Tagging and Tracking Chiraag Juvekar, Vinod Vaikuntanathan, and University of Luxembourg Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Anantha Chandrakasan, MIT Off-Path TCP Exploit: How Wireless Routers Evan Downing, Taesoo Kim, Alessandro Orso, Can Jeopardize Your Secret and Wenke Lee, Georgia Institute of Technology Weiteng Chen and Zhiyun Qian, University of Dependence-Preserving Data Compaction California, Riverside for Scalable Forensic Analysis Md Nahid Hossain, Junao Wang, R. Sekar, and Scott D. Stoller, Stony Brook University