NDSS·2018
NDSS 会议(全称The Network and Distributed System Security Symposium)是和CCS,USENIX SECURITY及IEEE S&P并称的计算机系统安全领域的四大顶级会议之一。CCF B 类会议,2018年共收到331篇论文, 共录取了71份论文,接受率为21.5%。
Session 1A: IoT(物联网)
1、IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
IoTFuzzer:通过基于应用程序的模糊测试发现物联网中的内存损坏
2、Fear and Logging in the Internet of Things
恐惧和登录物联网
3、Decentralized Action Integrity for Trigger-Action IoT Platforms
触发动作物联网平台的分散动作完整性
4、What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
你腐败的不是你的崩溃:模糊嵌入式设备的挑战
Session 1B: Attacks and Vulnerabilities(攻击和漏洞)
1、Didn’t You Hear Me? – Towards More Successful Web Vulnerability Notifications
你没听见我吗? - 迈向更成功的Web漏洞通知
2、Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control、
基于交通信号控制的新兴联网车辆暴露拥塞攻击
3、Removing Secrets from Android’s TLS
从Android的TLS中删除秘密
4、rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System
rtCaptcha:基于实时CAPTCHA的实时检测系统
Session 2A: Network Security/Cellular Networks(网络安全/蜂窝网络)
1、Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach
使用模型引导方法在TCP拥塞控制中自动发现攻击
2、Preventing (Network) Time Travel with Chronos
使用Chronos预防(网络)时间旅行
3、LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE
LTEInspector:用于4G LTE的对抗性测试的系统方法
4、GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier
GUTI重新分配揭秘:移动临时标识符的蜂窝位置跟踪
Session 2B: Crypto(加密)
1、Mind Your Keys? A Security Evaluation of Java Keystores
记住你的钥匙? Java Keystore的安全评估
2、A Security Analysis of Honeywords
蜜语的安全性分析
3、Revisiting Private Stream Aggregation: Lattice-Based PSA
重新审视私有流聚合:基于格的PSA
4、ZeroTrace : Oblivious Memory Primitives from Intel SGX
ZeroTrace:来自英特尔SGX的不经意的内存基元
Session 3A: Deep Learning and Adversarial ML(深度学习和对抗性ML)
1、Automated Website Fingerprinting through Deep Learning
通过深度学习自动化网站指纹识别
2、VulDeePecker: A Deep Learning-Based System for Vulnerability Detection
VulDeePecker:基于深度学习的漏洞检测系统
3、Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection
Kitsune:用于在线网络入侵检测的自动编码器集合
4、Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks
特征压缩:检测深度神经网络中的对抗性实例
5、Trojaning Attack on Neural Networks
对神经网络的木马攻击
Session 3B: Authentication(认证)
1、Broken Fingers: On the Usage of the Fingerprint API in Android
Broken Fingers:关于Android中指纹API的用法
2、K-means++ vs. Behavioral Biometrics: One Loop to Rule Them All
K-means ++与行为生物识别:一个循环来统治它们
3、ABC: Enabling Smartphone Authentication with Built-in Camera
ABC:使用内置摄像头启用智能手机身份验证
4、Device Pairing at the Touch of an Electrode
触摸电极时的设备配对
5、Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections
面部闪烁:基于光反射的安全实时检测协议
Session 4A: Measurements(测量)
1、A Large-scale Analysis of Content Modification by Open HTTP Proxies
Open HTTP代理对内容修改的大规模分析
2、Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis
使用差异执行分析来测量和中断反Adblocker
3、Towards Measuring the Effectiveness of Telephony Blacklists
测量电话黑名单的有效性
4、Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation
你可能不知道的关于Android(Un)Packers的事情:基于全系统仿真的系统研究
Session 4B: Software Attacks and Secure Architectures(软件攻击和安全架构)
1、KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
KeyDrown:消除基于软件的击键定时侧信道攻击
2、Securing Real-Time Microcontroller Systems through Customized Memory View Switching
通过定制的内存视图切换保护实时微控制器系统
3、Automated Generation of Event-Oriented Exploits in Android Hybrid Apps
在Android混合应用程序中自动生成面向事件的漏洞利用
4、Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images
内存分配器提示:Android内存映像中的设备范围用户活动排序
Session 5A: Software Security(软件安全)
1、K-Miner: Uncovering Memory Corruption in Linux
K-Miner:揭示Linux中的内存损坏
2、CFIXX: Object Type Integrity for C++
CFIXX:C ++的对象类型完整性
3、Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets
回到结语:通过未对齐的目标逃避控制流量守卫
4、Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics
超集拆卸:静态重写x86二进制文件而不带启发式算法
5、Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing
增强大规模应用程序和模糊测试的内存错误检测
Session 5B: Privacy in Mobile(移动中的隐私)
1、Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps
寻找秘密的线索:移动应用中基于语义驱动,基于学习的隐私发现
2、Bug Fixes, Improvements, … and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions
错误修复,改进,...和隐私泄漏 - 跨Android应用程序版本的PII泄漏的纵向研究
3、Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem
应用程序,跟踪器,隐私和监管机构:移动跟踪生态系统的全球研究
4、OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS
没有Procfs的操作系统级侧通道:探索iOS上的跨应用程序信息泄漏
5、Knock Knock, Who’s There? Membership Inference on Aggregate Location Data
Knock Knock,谁在那里? 聚合位置数据的成员资格推断
Session 6A: Cloud(云)
1、Reduced Cooling Redundancy: A New Security Vulnerability in a Hot Data Center
减少冷却冗余:热数据中心的新安全漏洞
2、OBLIVIATE: A Data Oblivious Filesystem for Intel SGX
OBLIVIATE:英特尔SGX的数据遗忘文件系统
3、Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in Iaas Clouds
微架构雷场:Iaas云中的4K混叠隐蔽信道和多租户检测
4、Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates
Cloud Strife:降低域验证证书的安全风险
Session 6B: Privacy and De-Anonymization(隐私和去匿名化)
1、Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data
保持共享和隐私保护共享多主题和相互依赖的数据
2、When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries
当编码风格生存编译时:从可执行二进制文件中对程序员进行去匿名化
3、De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and Practice
流动轨迹的去匿名化:剖析理论与实践之间的差距
4、Veil: Private Browsing Semantics Without Browser-side Assistance
面纱:没有浏览器端辅助的私有浏览语义
Session 7A: Web Security(网络安全)
1、Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations
Missuggestions游戏:搜索 - 自动完成操作的语义分析
2、SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS
SYNODE:了解并自动防止NODE.JS上的注入攻击
3、JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks
JavaScript Zero:真正的JavaScript和零边通道攻击
4、Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting
淘汰DOMsday:探索和防止DOM跨站点脚本
Session 7B: Audit Logs(审核日志)
1、Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs
通过源图的语法推理实现可扩展的集群审计
2、MCI : Modeling-based Causality Inference in Audit Logging for Attack InvestigationcTowards a Timely Causality Analysis for Enterprise Security
MCI:攻击调查审计日志中基于建模的因果关系推断,及时为企业安全提供因果关系分析
3、Towards a Timely Causality Analysis for Enterprise Security
走向企业安全的及时因果分析
4、JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions
JSgraph:通过有效跟踪实时浏览器中的JavaScript执行来实现Web攻击的重建
Session 8: Android
1、AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection
AceDroid:规范化多样化的Android访问控制检查不一致性检测
2、InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android
InstaGuard:Android上易受攻击的系统程序的即时可部署热补丁
3、BreakApp: Automated, Flexible Application Compartmentalization
BreakApp:自动化,灵活的应用程序划分
4、Resolving the Predicament of Android Custom Permissions
解决Android自定义权限的困境
Session 9: Blockchain and Smart Contracts(区块链和智能合约)
1、ZEUS: Analyzing Safety of Smart Contracts
ZEUS:分析智能合约的安全性
2、Chainspace: A Sharded Smart Contracts Platform
Chainspace:一个破碎的智能合约平台
3、Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions
快速和私密结算付款:基于路径的交易的高效分散路由
4、TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing
TLS-N:对TLS Enablign无处不在内容签名的不可否认性
Session 10: Social Networks and Anonymity(社交网络和匿名)
1、Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebooks Explanations
调查社交媒体中的广告透明度机制:Facebook解释的案例研究
2、Inside Job: Applying Traffic Analysis to Measure Tor from Within
内部工作:从内部分析应用流量来测量Tor
3、Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks
烟雾筛选器或直射手:在用户评论社交网络中检测精英Sybil攻击
