2012

Session 1: System Security

• A Framework to Eliminate Backdoors from Response-Computable Authentication, pp. 3
  Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Zhenkai Liang, and Wei Zou
  
• Safe Loading - A Foundation for Secure Execution of Untrusted Programs, pp. 18
  Mathias Payer, Tobias Hartmann, and Thomas R. Gross
  
• Flash Memory for Ubiquitous Hardware Security Functions: True Random Number Generation and Device Fingerprints, pp. 33
  Yinglei Wang, Wing-kei Yu, Shuo Wu, Greg Malysa, G. Edward Suh, and Edwin C. Kan
  
• ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions, pp. 48
  Jiyong Jang, Abeer Agrawal, and David Brumley
  

Session 2: Malware

• Prudent Practices for Designing Malware Experiments: Status Quo and Outlook, pp. 65
  Christian Rossow, Christian J. Dietrich, Chris Grier, Christian Kreibich, Vern Paxson, Norbert Pohlmann, Herbert Bos, and Maarten van Steen
  
• Abusing File Processing in Malware Detectors for Fun and Profit, pp. 80
  Suman Jana and Vitaly Shmatikov
  
• Dissecting Android Malware: Characterization and Evolution, pp. 95
  Yajin Zhou and Xuxian Jiang
  

Session 3: Attacks 1

• Distance Hijacking Attacks on Distance Bounding Protocols, pp. 113
  Cas Cremers, Kasper B. Rasmussen, Benedikt Schmidt, and Srdjan Capkun
  
• Don't Trust Satellite Phones: A Security Analysis of Two Satphone Standards, pp. 128
  Benedikt Driessen, Ralf Hund, Carsten Willems, Christof Paar, and Thorsten Holz
  
• Memento: Learning Secrets from Process Footprints, pp. 143
  Suman Jana and Vitaly Shmatikov
  

Session 4: Foundations

• Foundations of Logic-Based Trust Management, pp. 161
  Moritz Y. Becker, Alessandra Russo, and Nik Sultana
  
• Formalizing and Enforcing Purpose Restrictions in Privacy Policies, pp. 176
  Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
  
• Sharing Mobile Code Securely with Information Flow Control, pp. 191
  Owen Arden, Michael D. George, Jed Liu, K. Vikram, Aslan Askarov, and Andrew C. Myers
  

Session 5: Access Control and Attestation

• The Psychology of Security for the Home Computer User, pp. 209
  Adele E. Howe, Indrajit Ray, Mark Roberts, Malgorzata Urbanska, and Zinta Byrne
  
• User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, pp. 224
  Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan Parno, Helen J. Wang, and Crispin Cowan
  
• New Results for Timing-Based Attestation, pp. 239
  Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, and John Butterworth
  

Session 6: Privacy

• ObliviAd: Provably Secure and Practical Online Behavioral Advertising, pp. 257
  Michael Backes, Aniket Kate, Matteo Maffei, and Kim Pecina
  
• Quid-Pro-Quo-tocols: Strengthening Semi-honest Protocols with Dual Execution, pp. 272
  Yan Huang, Jonathan Katz, and David Evans
  
• Hummingbird: Privacy at the Time of Twitter, pp. 285
  Emiliano De Cristofaro, Claudio Soriente, Gene Tsudik, and Andrew Williams
  
• On the Feasibility of Internet-Scale Author Identification, pp. 300
  Arvind Narayanan, Hristo Paskov, Neil Zhenqiang Gong, John Bethencourt, Emil Stefanov, Eui Chul Richard Shin, and Dawn Song
  

Session 7: Network Security

• Secure and Scalable Fault Localization under Dynamic Traffic Patterns, pp. 317
  Xin Zhang, Chang Lan, and Adrian Perrig
  
• Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail, pp. 332
  Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton
  
• Off-path TCP Sequence Number Inference Attack - How Firewall Middleboxes Reduce Security, pp. 347
  Zhiyun Qian and Z. Morley Mao
  

Session 8: Attacks 2

• Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services, pp. 365
  Rui Wang, Shuo Chen, and XiaoFeng Wang
  
• Unleashing Mayhem on Binary Code, pp. 380
  Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, and David Brumley
  
• Clash Attacks on the Verifiability of E-Voting Systems, pp. 395
  Ralf Küsters, Tomasz Truderung, and Andreas Vogt
  

Session 9: Web Security

• Third-Party Web Tracking: Policy and Technology, pp. 413
  Jonathan R. Mayer and John C. Mitchell
  
• EvilSeed: A Guided Approach to Finding Malicious Web Pages, pp. 428
  Luca Invernizzi and Paolo Milani Comparetti
  
• Rozzle: De-cloaking Internet Malware, pp. 443
  Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
  

Session 10: Privacy and Anonymity

• Detecting Hoaxes, Frauds, and Deception in Writing Style Online, pp. 461
  Sadia Afroz, Michael Brennan, and Rachel Greenstadt
  
• LASTor: A Low-Latency AS-Aware Tor Client, pp. 476
  Masoud Akhoondi, Curtis Yu, and Harsha V. Madhyastha
  
• OB-PWS: Obfuscation-Based Private Web Search, pp. 491
  Ero Balsa, Carmela Troncoso, and Claudia Diaz
  
• LAP: Lightweight Anonymity and Privacy, pp. 506
  Hsu-Chun Hsiao, Tiffany Hyun-Jin Kim, Adrian Perrig, Akira Yamada, Samuel C. Nelson, Marco Gruteser, and Wei Meng
  

Session 11: Passwords

• Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms, pp. 523
  Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio López
  
• The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords, pp. 538
  Joseph Bonneau
  
• The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes, pp. 553
  Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano
  

Session 12: System Security

• ILR: Where'd My Gadgets Go?, pp. 571
  Jason Hiser, Anh Nguyen-Tuong, Michele Co, Matthew Hall, and Jack W. Davidson
  
• Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection, pp. 586
  Yangchun Fu and Zhiqiang Lin
  
• Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization, pp. 601
  Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis
  
• Building Verifiable Trusted Path on Commodity x86 Computers, pp. 616
  Zongwei Zhou, Virgil D. Gligor, James Newsome, and Jonathan M. McCune