The Community for Technology Leaders
2018 IEEE Symposium on Security and Privacy (SP) (2018)
San Fransisco, CA, US
May 21, 2018 to May 23, 2018
ISSN: 2375-1207
ISBN: 978-1-5386-4353-2
TABLE OF CONTENTS

Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage (PDF)

Marie-Sarah Lacharite , Royal Holloway, University of London
Brice Minaud , Royal Holloway, University of London
Kenneth G. Paterson , Royal Holloway, University of London
pp. 1-18

On the Economics of Offline Password Cracking (PDF)

Jeremiah Blocki , Purdue University
Benjamin Harsha , Purdue University
Samson Zhou , Purdue University
pp. 35-53

FP-STALKER: Tracking Browser Fingerprint Evolutions Along Time (PDF)

Antoine Vastel , University of Lille / INRIA
Pierre Laperdrix , INSA / INRIA
Walter Rudametkin , University of Lille / INRIA
Romain Rouvoy , University of Lille / INRIA
pp. 54-67

Implementing Conjunction Obfuscation under Entropic Ring LWE (PDF)

David Bruce Cousins , Raytheon BBN Technologies
Giovanni Di Crescenzo , Applied Communication Sciences / Vencore Labs
Kamil Doruk G\"{u}r , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
Kevin King , Massachusetts Institute of Technology
Yuriy Polyakov , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
Kurt Rohloff , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
Gerard W. Ryan , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
Erkay Sava\c{s} , NJIT Cybersecurity Research Center, New Jersey Institute of Technology
pp. 68-85

Sonar: Detecting SS7 Redirection Attacks With Audio-Based Distance Bounding (PDF)

Christian Peeters , University of Florida
Hadi Abdullah , University of Florida
Nolen Scaife , University of Florida
Jasmine Bowers , University of Florida
Patrick Traynor , University of Florida
Bradley Reaves , North Carolina State University
Kevin Butler , University of Florida
pp. 86-101

The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators (PDF)

Marten Oltrogge , CISPA, Saarland University
Erik Derr , CISPA, Saarland University
Christian Stransky , CISPA, Saarland University
Yasemin Acar , Leibniz University Hannover
Sascha Fahl , Leibniz University Hannover
Christian Rossow , CISPA, Saarland University
Giancarlo Pellegrino , CISPA, Saarland University, Stanford University
Sven Bugiel , CISPA, Saarland University
Michael Backes , CISPA, Saarland University
pp. 102-115

Speechless: Analyzing the Threat to Speech Privacy from Smartphone Motion Sensors (PDF)

S Abhishek Anand , University of Alabama at Birmingham
Nitesh Saxena , University of Alabama at Birmingham
pp. 116-133

Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes (PDF)

Daniel Votipka , University of Maryland
Rock Stevens , University of Maryland
Elissa Redmiles , University of Maryland
Jeremy Hu , University of Maryland
Michelle Mazurek , University of Maryland
pp. 134-151

Distance-Bounding Protocols: Verification without Time and Location (PDF)

Sjouke Mauw , CSC/SnT, University of Luxembourg
Zach Smith , CSC, University of Luxembourg
Jorge Toro-Pozo , CSC, University of Luxembourg
Rolando Trujillo-Rasua , SnT, University of Luxembourg
pp. 152-169

Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency --- Choose Two (PDF)

Debajyoti Das , Purdue University
Sebastian Meiser , University College London
Esfandiar Mohammadi , ETH Zurich
Aniket Kate , Purdue University
pp. 170-188

Crowd-GPS-Sec: Leveraging Crowdsourcing to Detect and Localize GPS Spoofing Attacks (PDF)

Kai Jansen , Ruhr-University Bochum
Matthias Schäfer , University of Kaiserslautern
Daniel Moser , ETH Zurich
Vincent Lenders , armasuisse
Christina Pöpper , New York University Abu Dhabi
Jens Schmitt , University of Kaiserslautern
pp. 189-202

vRAM: Faster Verifiable RAM With Program-Independent Preprocessing (PDF)

Yupeng Zhang , University of Maryland
Daniel Genkin , University of Maryland and University of Pennsylvania
Jonathan Katz , University of Maryland
Dimitrios Papadopoulos , Hong Kong University of Science and Technology
Charalampos Papamanthou , University of Maryland
pp. 203-220

Privacy Risks with Facebook's PII-based Targeting: Auditing a Data Broker?s Advertising Interface (PDF)

Giridhari Venkatadri , Northeastern University
Yabing Liu , Northeastern University
Alan Mislove , Northeastern University
Patrick Loiseau , Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG and MPI-SWS
Oana Goga , Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG
pp. 221-239

Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System (PDF)

Yuqi Chen , Singapore University of Technology and Design
Christopher M. Poskitt , Singapore University of Technology and Design
Jun Sun , Singapore University of Technology and Design
pp. 240-252

EyeTell: Video-Assisted Touchscreen Keystroke Inference from Eye Movements (PDF)

Yimin Chen , Arizona State University
Tao Li , Arizona State University
Rui Zhang , University of Delaware
Yanchao Zhang , Arizona State University
Terri Hedgpeth , Arizona State University
pp. 253-269

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels (PDF)

Meng Xu , Georgia Institute of Technology
Chenxiong Qian , Georgia Institute of Technology
Kangjie Lu , University of Minnesota
Michael Backes , CISPA Helmholtz Center i.G.
Taesoo Kim , Georgia Institute of Technology
pp. 270-287

Tracking Certificate Misissuance in the Wild (PDF)

Deepak Kumar , University of Illinois, Urbana-Champaign
Zhengping Wang , University of Illinois, Urbana-Champaign
Matthew Hyder , University of Illinois, Urbana-Champaign
Joseph Dickinson , University of Illinois, Urbana-Champaign
Gabrielle Beck , University of Michigan
David Adrian , University of Michigan
Joshua Mason , University of Illinois, Urbana-Champaign
Zakir Durumeric , University of Michigan
J. Alex Halderman , University of Michigan
Michael Bailey , University of Illinois, Urbana-Champaign
pp. 288-301

On Enforcing the Digital Immunity of a Large Humanitarian Organization (PDF)

Stevens Le Blond , École polytechnique fédérale de Lausanne
Alejandro Cuevas , École polytechnique fédérale de Lausanne
Juan Ramón Troncoso-Pastoriza , École polytechnique fédérale de Lausanne
Philipp Jovanovic , École polytechnique fédérale de Lausanne
Bryan Ford , École polytechnique fédérale de Lausanne
Jean-Pierre Hubaux , École polytechnique fédérale de Lausanne
pp. 302-318

Bulletproofs: Short Proofs for Confidential Transactions and More (PDF)

Benedikt Bünz , Stanford University
Jonathan Bootle , University College London
Dan Boneh , Stanford University
Andrew Poelstra , Blockstream
Pieter Wuille , Blockstream
pp. 319-338

A formal treatment of accountable proxying over TLS (PDF)

Karthikeyan Bhargavan , INRIA de Paris, France
Ioana Boureanu , Univ. of Surrey, SCCS, UK
Antoine Delignat-Lavaud , Microsoft Research, UK
Pierre-Alain Fouque , Univ. of Rennes 1, IRISA, France
Cristina Onete , Univ. of Limoges, XLIM, CNRS, France
pp. 339-356

Computer Security and Privacy for Refugees in the United States (PDF)

Lucy Simko , University of Washington
Ada Lerner , Wellesley College
Samia Ibtasam , University of Washington
Franziska Roesner , University of Washington
Tadayoshi Kohno , University of Washington
pp. 373-387

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races (PDF)

Guoxing Chen , The Ohio State University
Wenhao Wang , Indiana University Bloomington & SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences
Tianyu Chen , Indiana University Bloomington
Sanchuan Chen , The Ohio State University
Yinqian Zhang , The Ohio State University
XiaoFeng Wang , Indiana University Bloomington
Ten-Hwang Lai , The Ohio State University
Dongdai Lin , SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences
pp. 388-404

EnclaveDB: A Secure Database using SGX (PDF)

Christian Priebe , Imperial College London
Kapil Vaswani , Microsoft Research
Manuel Costa , Microsoft Research
pp. 405-419

SoK: Keylogging Side Channels (PDF)

John Monaco , U.S. Army Research Laboratory
pp. 420-437

Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones (PDF)

Kevin Borgolte , University of California, Santa Barbara
Shuang Hao , University of Texas at Dallas
Tobias Fiebig , Delft University of Technology
Giovanni Vigna , University of California, Santa Barbara
pp. 438-452

FuturesMEX: Secure, Distributed Futures Market Exchange (PDF)

Fabio Massacci , University of Trento, IT
Chan Nam Ngo , University of Trento, IT
Jing Nie , University of International Business and Economics Beijing, CN
Daniele Venturi , University of Rome "La Sapienza", IT
Julian Williams , University of Durham, UK
pp. 453-471

Compiler-assisted Code Randomization (PDF)

Hyungjoon Koo , Stony Brook University
Yaohui Chen , Northeastern University
Long Lu , Northeastern University
Vasileios P. Kemerlis , Brown University
Michalis Polychronakis , Stony Brook University
pp. 472-488

Another Flip in the Wall of Rowhammer Defenses (PDF)

Daniel Gruss , Graz University of Technology, Graz, Austria
Moritz Lipp , Graz University of Technology, Graz, Austria
Michael Schwarz , Graz University of Technology, Graz, Austria
Daniel Genkin , University of Pennsylvania and University of Maryland, USA
Jonas Juffinger , Graz University of Technology, Graz, Austria
Sioli O'Connell , University of Adelaide, Adelaide, Australia
Wolfgang Schoechl , Graz University of Technology, Graz, Austria
Yuval Yarom , University of Adelaide and Data61, Adelaide, Australia
pp. 489-505
(Ver 3.3 (11022016))