Final Full Program

October 22

ATCS Workshop (full day) – Program

Room King George

October, 23

Main Conference Day 1

8:00 – 18:00        Registration 


8:30 – 9:00          Opening session 


9:00 – 10:00        Keynote speech (Venue: Room Canadian A+B)

Attacks, Defenses, and Impacts of Machine Learning in Adversarial Settings
Patrick McDaniel (Penn State University)


10:00 – 10:30      Coffee-break


10:30 – 12:05     Session 1 Attacks and SDN Security (Venue: Room Canadian A+B)

Session Chair: Kui Ren

Disrupting SDN via the Data Plane: A Low-Rate Flow Table Overflow Attack
Jiahao Cao (Tsinghua University), Mingwei Xu (Tsinghua University),
Qi Li (Tsinghua University), Kun Sun (George Mason University),
Yuan Yang (Tsinghua University), and Jing Zheng (Tsinghua University).

SDN-Based Kernel Modular Countermeasure for Intrusion Detection
Tommy Chin (Rochester Institute of Technology), Kaiqi Xiong (University of South Florida), and Mohamed Rahouti (University of South Florida).

Exposing LTE Security Weaknesses at Protocol Inter-Layer, and Inter-Radio Interactions
Muhammad Taqi Raza (UCLA), Fatima Muhammad Anwar (UCLA), and Songwu Lu (UCLA).

TOPHAT: Topology-based Host-Level Attribution for Multi-Stage Attacks in Enterprise Systems using Software Defined Networks (short)
Subramaniyam Kannan (Purdue University), Paul Wood (Purdue University),
Larry Deatrick (Northrop Grumman), Patricia Beane (Northrop Grumman),
Somali Chaterji (Purdue University), and Saurabh Bagchi (Purdue University).


12:05 – 13:35      Lunch


13:35 – 15:30      Session 2  User Security (Venue: Room Canadian A+B)

Session Chair: Saurabh Bagchi

All Your Accounts Are Belong to Us
Vlad Bulakh (Indiana University), Andrew J. Kaizer (Indiana University), and Minaxi Gupta (Edmodo Inc.).

BluePass: A Secure Hand-free Password Manager
Yue Li (College of William and Mary), Haining Wang (University of Delaware), and Kun Sun (George Mason University).

Exploring the Network of Real-World Passwords: Visualization and Estimation
Xiujia Guo (Peking University), Zhao Wang (Peking University), and Zhong Chen (Peking University).

VaultIME: Regaining User Control for Password Managers through Auto-correction (short)
Le Guan (Pennsylvania State University), Sadegh Farhang (Pennsylvania State University),
Yu Pu (Pennsylvania State University), Pinyao Guo (Pennsylvania State University),
Jens Grossklags (Technical University of Munich), and Peng Liu (Pennsylvania State University).

A Sudoku Matrix-based Method of Pitch Period Steganography in Low-rate Speech Coding (short)
Zhongliang Yang (Tsinghua University), Xueshun Peng (Tsinghua University), and Yongfeng Huang (Tsinghua University).


15:30 – 16:00      Coffee-break


16:00 – 17:30       Session 3 Network Security I (Venue: Room Canadian A+B)

Session Chair: Ninghui Li

Guilt-by-Association: Detecting Malicious Entities via Graph Mining
Pejman Najafi (Hasso Plattner Institute,Germany),
Andrey Sapegin (Hasso Plattner Institute,Germany),
Feng Cheng (Hasso Plattner Institute,Germany),
and Christoph Meinel (Hasso Plattner Institute,Germany).

Understanding Adversarial Strategies from Bot Recruitment to Scheduling
Wentao Chang (George Mason University), Aziz Mohaisen (University of Central Florida),
An Wang (George Mason University), and Songqing Chen (George Mason University).

BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain (short)
Zhiguo Wan (Shandong University, China).

A-Tor: Accountable Anonymity in Tor (short)
Quanwei Cai (Institute of Information Engineering, Chinese Academy of Sciences),
Jonathan Lutes (University of Kansas),
Jingqiang Lin  (Institute of Information Engineering, Chinese Academy of Sciences),
and Bo Luo (University of Kansas)


October, 24

Main Conference Day 2

8:00 – 18:00        Registration


8:30 – 9:30        Keynote speech (Venue: Room Canadian A+B)

Differential Privacy: Potential and Limitations
Professor Ninghui Li, Purdue University


9:35 – 10:45     Panel session (Venue: Room Canadian A+B)

Title: Mobile security
Session Chair: Wenliang Du

Ninghui Li (Purdue University),
Qi Li (Tsinghua University),
Kui Ren (University at Buffalo),
Sencun Zhu (Penn State University).


10:45 – 11:00      Coffee-break


11:00 – 12:35      Session 4 Mobile Security I (Venue: Room Canadian A+B)

Session Chair: Jose Maria de Fuentes

ThiefTrap – An Anti-Theft Framework for Android
Sascha Groß (University of Potsdam), Abhishek Tiwari (University of Potsdam), and Christian Hammer (University of Potsdam)

An efficient Trustzone-based In-application Isolation Schema for Mobile Authenticators
Zhang Yingjun (Institute of Software, Chinese Academy of Sciences),
Qin Yu (Institute of Software, Chinese Academy of Sciences),
Feng Dengguo (Institute of Software, Chinese Academy of Sciences),
Yang Bo (Institute of Software, Chinese Academy of Sciences),
and Wang Weijin (Institute of Software, Chinese Academy of Sciences).

Inferring Implicit Assumptions and Correct Usage of Mobile Payment Protocols
Quanqi Ye (National University of Singapore), Guangdong Bai (Singapore Institute of Technology),
Naipeng Dong (National University of Singapore),
and Jin Song Dong (National University of Singapore, Griffith University)

Cross-site Input Inference Attacks on Mobile Web Users (short)
Rui Zhao (Colorado School of Mines), Chuan Yue(Colorado School of Mines), and Qi Han (Colorado School of Mines).


11:00 – 12:35      Session 5 Web Security I (Venue: Room King George)

Session Chair: Lorena Gonzalez

H2DoS: An Application-Layer DoS Attack towards HTTP/2 Protocol
Xiang Ling (Zhejiang University, China), Chunming Wu (Zhejiang University, China),
Shouling Ji (Zhejiang University, China) and Meng Han (Kennesaw State University, USA).

HSTS Measurement and An Enhanced Stripping Attack Against HTTPS
Xurong Li (Zhejiang University), Chunming Wu (Zhejiang University),
Shouling Ji (Zhejiang University), Qinchen Gu (Georgia Institute of Technology),
and Raheem Beyah (Georgia Institute of Technology).

A Deep Learning based Online Malicious URL and DNS Detection Scheme
Jianguo Jiang (Institute of Information Engineering, Chinese Academy of Sciences),
Jiuming Chen (Institute of Information Engineering, Chinese Academy of Sciences),
Kim-Kwang Raymond Choo (University of Texas at San Antonio),
Chao Liu (Institute of Information Engineering, Chinese Academy of Sciences),
Kunying Liu (Institute of Information Engineering, Chinese Academy of Sciences),
Min Yu (Institute of Information Engineering, Chinese Academy of Sciences),
and Yongjian Wang (The Third Research Institute of Ministry of Public Security)

A Framework for Formal Analysis of Privacy on SSO Protocols (short)
Kailong Wang (National University of Singapore),
Guangdong Bai (Singapore Institute of Technology),
Naipeng Dong (National University of Singapore),
and Jin Song Dong (National University of Singapore and Griffith University).


12:35 – 14:00      Lunch


14:00 – 15:35      Session 6 Cloud Security (Venue: Room Canadian A+B)

Session Chair: Mahesh Tripunitara

Query Recovery Attacks on Searchable Encryption Based on Partial Knowledge
Guofeng Wang (Beijing University of Posts and Telecommunications, China),
Chuanyi Liu (Harbin Institute of Technology -Shenzhen, China),
Yingfei Dong (University of Hawaii),
Hezhong Pan (Beijing University of Posts and Telecommunications, China),
Peiyi Han (Beijing University of Posts and Telecommunications, China),
and Binxing Fang (Harbin Institute of Technology -Shenzhen, China).

Outsourced k-Means Clustering over Encrypted Data under Multiple Keys in Spark Framework
Hong Rong (National University of Defense Technology, China),
Huimei Wang (National University of Defense Technology, China),
Jian Liu (National University of Defense Technology, China),
Jialu Hao (National University of Defense Technology, China),
and Ming Xian (National University of Defense Technology, China).

Privacy-Preserving Relevance Ranking Scheme and Its Application in Multi-Keyword Searchable Encryption
Peisong Shen(Institute of Information Engineering, CAS),
Chi Chen (Institute of Information Engineering, CAS), and Xiaojie Zhu (University of Oslo).

MPOPE: Multi-Provider Order-Preserving Encryption for Cloud Data Privacy (short)
Jinwen Liang (Hunan University), Zheng Qin (Hunan University),
Sheng Xiao (Hunan University), Jixin Zhang (Hunan University),
Hui Yin (Hunan University), and  Keqin Li (State University of New York, New Paltz).


14:00 – 15:40      Session 7 Systems and Software Security I (Venue: Room King George)

Session Chair: Chuan Yue

Gray-box Software Integrity Checking via Side-channels
Hong Liu (Kansas State University), and Eugene Y. Vasserman (Kansas State University).

A Program Manipulation Middleware And Its Applications on System Security
Ting Chen (University of Electronic Science and Technology of China),
Yang Xu (University of Electronic Science and Technology of China),
and Xiaosong Zhang (University of Electronic Science and Technology of China)

Optimizing TLB for Access Pattern Privacy Protection in Data Outsourcing
Yao Liu (Nanjing University), Qingkai Zeng(Nanjing University),
And Pinghai Yuan(Nanjing University).

Turing Obfuscation
Yan Wang (Pennsylvania State University), Shuai Wang (Pennsylvania State University),
Pei Wang (Pennsylvania State University) and Dinghao Wu (Pennsylvania State University)


15:40 – 16:05      Coffee-break


16:05 – 17:35            Session 8 Network Security II (Venue: Room Canadian A+B)

Session Chair: Eugene Vasserman

Very Short Intermittent DDoS Attacks in an Unsaturated System
Huasong Shan (Louisiana State University), Qingyang Wang (Louisiana State University), and Qiben Yan (University of Nebraska-Lincoln).

VCIDS: Collaborative Intrusion Detection of Sensor and Actuator Attacks on Connected Vehicles
Pinyao Guo (Pennsylvania State University), Hunmin Kim (Pennsylvania State University),
Le Guan (Pennsylvania State University), Minghui Zhu (Pennsylvania State University),
and Peng Liu (Pennsylvania State University).

An On-Demand Defense Scheme Against DNS Cache Poisoning Attacks
Zheng Wang (National Institute of Standards and Technology), Shui Yu (Deakin University),
and Scott Rose (National Institute of Standards and Technology).

SLIM: Secure and Lightweight Identity Management in VANETs with Minimum Infrastructure Reliance(short)
Jian Kang (Missouri University of Science and Technology), Yousef Elmehdwi (Emory University),
and Dan Lin (Missouri University of Science and Technology)


16:05 – 17:50            Session 9 Systems and Software Security II (Venue: Room King George)

Session Chair: Felix Wu

Lambda Obfuscation
Pengwei Lan (The Pennsylvania State University), Pei Wang (The Pennsylvania State University),
Shuai Wang (The Pennsylvania State University), and Dinghao Wu (The Pennsylvania State University).

HProve: A Hypervisor Level Provenance System to Reconstruct Attack Story Caused by Kernel Malware (short)
Chonghua Wang (Institute of Information Engineering,
Chinese Academy of Sciences & School of Cyber Security, Chinese Academy of Sciences),
Shiqing Ma (Purdue University ), Xiangyu Zhang(Purdue University ),
Junghwan Rhee(NEC Laboratories America),
Xiaochun Yun(Institute of Information Engineering, Chinese Academy of Sciences),
and Zhiyu Hao(Institute of Information Engineering, Chinese Academy of Sciences)

DiffGuard: Obscuring sensitive information in Canary based Protections (short)
Jun Zhu(Nanjing University), Weiping Zhou(Nanjing University),
Zhilong Wang(Nanjing University), Dongliang Mu(Nanjing University),
and Bing Mao(Nanjing University)

ROPOB: Obfuscating Binary Code via Return Oriented Programming (short)
Dongliang Mu(Nanjing University), Jia Guo(Nanjing University),
Wenbiao Ding(Nanjing University), Zhilong Wang(Nanjing University),
and Bing Mao(Nanjing University), Lei Shi(Zhengzhou University).

FRProtector: Defeating Control Flow Hijacking Through Function-level Randomization and Transfer Protection (short)
Jianming Fu(Wuhan University), Rui Jin(Wuhan University), and Yan Lin(Singapore Management University)


18:30 – 21:00      Banquet

 October, 25

Main Conference Day 3

8:00 – 12:00        Registration


8:30 – 10:10        Session 10 Mobile Security II (Venue: Room Canadian A+B)

Session Chair: Dinghao Wu

Visual Analysis of Android Malware Behavior Profile Based on PMCGdroid: A Pruned Lightweight APP Call Graph
Yan Zhang (Institute of information engineering, Chinese Academy of Sciences),
Gui Peng (Institute of information engineering, Chinese Academy of Sciences),
Lu Yang (Institute of information engineering, Chinese Academy of Sciences, Beijing, China),
Yazhe Wang (Institute of information engineering, Chinese Academy of Sciences),
Minghui Tian (Institute of information engineering, Chinese Academy of Sciences),
Jianxing Hu (Institute of information engineering, Chinese Academy of Sciences),
Liming Wang (Institute of information engineering, Chinese Academy of Sciences),
and Chen Song (Institute of information engineering, Chinese Academy of Sciences).

Defining and Detecting Environment Discrimination in Android Apps
Yunfeng Hong (University of California, Davis), Yongjian Hu (University of California, Riverside),
Chun-Ming Lai (University of California, Davis),  Felix Wu (University of California, Davis),
Iulian Neamtiu (New Jersey Institute of Technology), Patrick McDaniel (Pennsylvania State University),
Paul Yu (U.S. Army Research Lab), Hasan Cam (U.S. Army Research Lab), Gail-Joon Ahn (Arizona State University).

LinkFlow: Efficient Large-Scale Inter-App Privacy Leakage Detection
Yi He (Tsinghua University), Qi Li (Tsinghua University) and Kun Sun (George Mason University).

Enhancing Android Security through App Splitting
Drew Davidson, Vaibhav Rastogi, Mihai Christodorescu and Somesh Jha.


10:10 – 10:40      Coffee-break


10:40 – 12:15      Session 11 Web Security II (Venue: Room Canadian A+B)

Session Chair: Sencun Zhu

Achieve Efficient and Privacy-preserving Proximity Detection scheme for Social Applications
Fengwei Wang(1.Xidian University,2.Science and Technology on Communication Networks Laboratory),
Hui Zhu(Xidian University), Rongxing Lu(University of New Brunswick),
Fen Liu(Xidian University), Cheng Huang(University of Waterloo),
and Hui Li(Xidian University)

Twisting Lattice and Graph Techniques to Compress Transactional Ledgers
Rémi Géraud (ENS, CNRS, INRIA and PSL Research University, Paris, France),
David Naccache (ENS, CNRS, INRIA and PSL Research University, Paris, France),
and Răzvan Roşie (ENS, CNRS, INRIA and PSL Research University, Paris, France).

Mending Wall: On the Implementation of Censorship in India
Devashish Gosain (IIIT Delhi), Anshika Agarwal (IIIT Delhi), Sahil Shekhawat (IIIT Delhi),
H. B. Acharya (Rochester Institute of Information Technology, NY, USA),
and Sambuddho Chakravarty (IIIT Delhi).

JSForce: A Forced Execution Engine for Malicious JavaScript Detection (short)
Xunchao Hu and  Yao Cheng (Syracuse University), Yue Duan (University of California, Riverside),
Andrew Henderson (Syracuse University), Heng Yin (University of California, Riverside)


12:15 – 13:45      Lunch


1st Workshop on Security and Privacy in the Internet Of Things (SePrIoT) – Program

13:30-17:30pm, Room Canadian A+B