To authors: A full paper presentation would be 25 mins in total (including Q&A) and a short paper (S) presentation would be 15 mins in total.

March 19 - March 20 - March 21

March 19

Keynote I

09:00AM - 10:00AM

Managing the Crossroads of Academia and Industry
Brad Wardman (Paypal)

Break (30 Minutes)

10:00AM - 10:30AM

Session 1: Cloud Security

10:30AM - 12:00PM

Minimizing Privilege Assignment Errors in Cloud Services
Matthew Sanders (Colorado School of Mines); Chuan Yue (Colorado School of Mines)
Secure Storage with Replication and Transparent Deduplication
Iraklis Leontiadis (New Jersey Institute of Technology); Reza Curtmola (New Jersey Institute of Technology)
Server-Based Manipulation Attacks Against Machine Learning Models
Cong Liao (The Pennsylvania State University); Haoti Zhong (The Pennsylvania State University); Sencun Zhu (The Pennsylvania State University); Anna Squicciarini (The Pennsylvania State University)
SmartProvenance: A Distributed, Blockchain Based Data Provenance System (S)
Aravind Ramachandran (The University of Texas at Dallas); Murat Kantarcioglu (The University of Texas at Dallas)

Lunch (90 Minutes)

12:00PM - 1:30PM

Session 2: Privacy

1:30PM - 3:00PM

Cross-App Tracking via Nearby Bluetooth Low Energy Devices
Aleksandra Korolova (University of Southern California); Vinod Sharma (University of Southern California)
Privacy-Preserving Certification of Sustainability Metrics
Cetin Sahin (UCSB); Brandon Kuczenski (UCSB); Omer Egecioglu (UCSB); Amr El Abbadi (UCSB)
Capacity: an Abstract Model of Control over Personal Data
Pablo Rauzy (Université Paris 8 / LIASD); Daniel Le Métayer (Inria / Université de Lyon)
An Empirical Study on Online Price Differentiation (S)
Thomas Hupperich (Ruhr-University Bochum); Dennis Tatang (Ruhr-University Bochum); Nicolai Wilkop (Ruhr-University Bochum); Thorsten Holz (Ruhr-University Bochum)

Break (15 Minutes)

3:00PM - 3:15PM

Session 3: IoT Security

3:15PM - 4:25PM

Remote Attestation for Low-End Prover Devices with Post-Quantum Capabilities
Xiruo Liu (Intel), Rafael Misoczki (Intel); Manoj R. Sastry (Intel)
IoTVerif: An Automated Tool to Verify SSL/TLS Certificate Validation in Android MQTT Client Applications (S)
Khalid Alghamdi (Oakland University); Ali Alqazzaz (Oakland University); Anyi Liu (Oakland University); Hua Ming (Oakland University)
Keyboard Emanations in Remote Voice Calls: Password Leakage and Noise(less) Masking Defenses (S)
S Abhishek Anand (University of Alabama at Birmingham); Nitesh Saxena (University of Alabama at Birmingham)
SPEED: Secure Provable Erasure for Class-1 IoT Devices (S)
Mahmoud Ammar (Katholieke Universiteit Leuven); Wilfried Daniels (Katholieke Universiteit Leuven); Bruno Crispo (Katholieke Universiteit Leuven); Danny Hughes (Katholieke Universiteit Leuven)

Break (15 Minutes)

4:25PM - 4:40PM

Session 4: Attacks I (Vulnerability Analysis/Malware)

4:40PM - 5:25PM

Identifying Relevant Information Cues for Vulnerability Assessment Using CVSS (S)
Luca Allodi (Eindhoven University of Technology); Sebastian Banescu (Technical University of Munich); Henning Femmer (Technical University of Munich); Kristian Beckers (Social Engineering Academy GmbH)
Malware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention Mechanism (S)
Hiromu Yakura (University of Tsukuba); Shinnosuke Shinozaki (University of Tsukuba); Reon Nishimura (University of Tsukuba); Yoshihiro Oyama (University of Tsukuba); Jun Sakuma (University of Tsukuba)
Automated Generation of Attack Graphs Using NVD (S)
M. Ugur Aksu (STM Defence Technologies Engineering and Trade Inc.); Kemal Bicakci (TOBB University of Economics and Technology); M. Hadi Dilek (STM Defence Technologies Engineering and Trade Inc.); Murat Ozbayoglu (TOBB University of Economics and Technology); E. İslam Tatlı (STM Defence Technologies Engineering and Trade Inc.)

Session 5: Reception and Posters


March 20

Keynote II

09:00AM - 10:00AM

Code Obfuscation - Why is this Still a Thing?
Christian Collberg (University of Arizona)

Break (30 Minutes)

10:00AM - 10:30AM

Session 6: Access Control and Authentication

10:30AM - 11:50AM

Access Control Model for Virtual Objects (Shadows) Communication for AWS Internet of Things
Asma Alshehri (UTSA); James Benson (UTSA); Farhan Patwa (UTSA); Ravi Sandhu (UTSA)
Security Analysis of Relationship-Based Access Control Policies
Amirreza Masoumzadeh (University at Albany - SUNY)
The Next Domino To Fall: Empirical Analysis of User Passwords across Online Services (S)
Chun Wang (Virginia Tech); Steve T.K. Jan (Virginia Tech); Hang Hu (Virginia Tech); Douglas Bossart (Virginia Tech); Gang Wang (Virginia Tech)
Efficient Authorization of Graph Database Queries in an Attribute Supporting ReBAC Model (S)
Syed Zain Rizvi (University of Calgary); Philip W. L. Fong (University of Calgary)

Lunch (75 Minutes)

11:50AM - 1:20PM

Session 7: Virtualization/System Security

1:20PM - 2:50PM

Hyperagents: Migrating Host Agents to the Hypervisor
Micah Bushouse (North Carolina State University); Douglas Reeves (North Carolina State University)
CacheShield: Detecting Cache Attacks through Self-Observation
Samira Briongos (Universidad Politécnica de Madrid); Gorka Irazoqui (Worcester Polytechnic Institute); Pedro Malagón (Universidad Politécnica de Madrid); Thomas Eisenbarth (Worcester Polytechnic Institute)
Secure, Consistent, and High-Performance Memory Snapshotting
Guilherme Cox (Rutgers University); Zi Yan (Rutgers University); Abhishek Bhattacharjee (Rutgers University); Vinod Ganapathy (Indian Institute of Science)
Fidelius Charm: Isolating Unsafe Rust Code (S)
Hussain Almohri (Kuwait University); David Evans (University of Virginia)

Break (15 Minutes)

2:50PM - 3:05PM

Session 8: Mobile Security

3:05PM - 5:00PM

A Multi-Enterprise Containerization Approach With An Interoperable Position-Based System
Oyindamola Oluwatimi (Purdue University); Elisa Bertino (Purdue University)
DIALERAUTH: A Motion-assisted Touch-based Smartphone User Authentication Scheme
Attaullah Buriro (University of Trento); Bruno Crispo (DistriNet, Kuleuven, Belgium); Sandeep Gupta (University of Trento); Filippo Del Frari (University of Trento)
Authorship Attribution of Android Apps
Hugo Gonzalez (University of New Brunswick); Natalia Stakhanova (University of New Brunswick); Ali A Ghorbani (University of New Brunswick)
Securing wireless neurostimulators
Eduard Marin (Katholieke Universiteit Leuven); Dave Singelee (Katholieke Universiteit Leuven); Bohan Yang (Katholieke Universiteit Leuven); Vladimir Volskiy (ESAT- TELEMIC); Guy Vandenbosch (ESAT- TELEMIC); Bart Nuttin (UZ Leuven); Bart Preneel (Katholieke Universiteit Leuven)
SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications (S)
Daoyuan Wu (Singapore Management University); Yao Cheng (Institute for Infocomm Research); Debin Gao (Singapore Management University); Yingjiu Li (Singapore Management University); Robert H. Deng (Singapore Management University)



March 21

Session 10: Attacks II (Networks)

9:00AM - 9:50PM

SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in 6LoWPAN
Mahmud Hossain (The University of Alabama at Birmingham); Yasser Karim (The University of Alabama at Birmingham); Ragib Hasan (The University of Alabama at Birmingham)
Denial of Engineering Operations Attacks in Industrial Control Systems
Saranyan Senthivel (University of New Orleans); Shrey Dhungana (University of New Orleans); Hyunguk Yoo (University of New Orleans); Irfan Ahmed (University of New Orleans); Vassil Roussev (University of New Orleans)

Session 11: Web Security

9:50AM - 10:40AM

A Domain is only as Good as its Buddies: Detecting Stealthy Malicious Domains via Graph Inference
Issa Khalil (Qatar Computing Research Institute); Bei Guan (Qatar Computing Research Institute); Mohamed Nabeel (Qatar Computing Research Institute); Ting Yu (Qatar Computing Research Institute)
Forgetting with Puzzles: Using Cryptographic Puzzles to Support Digital Forgetting
Ghous Amjad (Brown University); Muhammad Shujaat Mirza (New York University); Christina Pöpper (New York University)

Break (15 Minutes)

10:40AM - 10:55AM

Session 12: Code Analysis

10:55AM - 12:10PM

Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary Analysis
Fabio Pagani (Eurecom); Matteo Dell'Amico (Symantec); Davide Balzarotti (Eurecom)
From Debugging-Information Based Binary-Level Type Inference to CFG Generation
Dongrui Zeng (The Pennsylvania State University); Gang Tan (The Pennsylvania State University)
MASCAT: Preventing Microarchitectural Attacks before Distribution
Gorka Irazoqui (Nagravision); Thomas Eisenbarth (Worcester Polytechnic Institute); Berk Sunar (Worcester Polytechnic Institute)

Take-out Lunch