IEEE Symposium on Security and Privacy

The symposium will include presentations of the 31 accepted papers listed below. More details on the full program and schedule will be available soon.

Accepted Systematization of Knowledge Papers
All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)
Thanassis Avgerinos, Edward Schwartz, David Brumley (Carnegie Mellon University)
State of the Art: Automated Black-Box Web Application Vulnerability Testing
Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell (Stanford University)
How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation
Elie Bursztein, Steven Bethard, John C. Mitchell, Dan Jurafsky (Stanford University), Céline Fabry
Bootstrapping Trust in Commodity Computers
Bryan Parno, Jonathan M. McCune, Adrian Perrig (Carnegie Mellon University)
Outside the Closed World: On Using Machine Learning For Network Intrusion Detection
Robin Sommer (International Computer Science Institute / Lawrence Berkeley National Laboratory), Vern Paxson (International Computer Science Institute / University of California, Berkeley)

Accepted Research Papers

Round-Efficient Broadcast Authentication Protocols for Fixed Topology Classes
Haowen Chan, Adrian Perrig (Carnegie Mellon University)
Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow
Shuo Chen (Microsoft Research), Rui Wang (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington), Kehuan Zhang (Indiana University Bloomington)
Identifying Dormant Functionality in Malware Programs
Paolo Milani Comparetti (Technical University Vienna), Guido Salvaneschi (Politecnico di Milano), Clemens Kolbitsch (Technical University Vienna), Engin Kirda (Institut Eurecom), Christopher Kruegel (University of California, Santa Barbara), Stefano Zanero (Politecnico di Milano)
Non-Interference Through Secure Multi-Execution
Chip and PIN is Broken
Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond (University of Cambridge)
Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size
Jason Franklin (Carnegie Mellon University), Sagar Chaki (Carnegie Mellon University), Anupam Datta (Carnegie Mellon University), Arvind Seshadri (IBM Research)
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
Matt Fredrikson (University of Wisconsin), Mihai Christodorescu (IBM Research), Somesh Jha (University of Wisconsin), Reiner Sailer (IBM Research), Xifeng Yan (University of California, Santa Barbara)
A Proof-Carrying File System
Deepak Garg, Frank Pfenning (Carnegie Mellon University)
Reconciling Belief and Vulnerability in Information Flow
Sardaouna Hamadou (University of Southampton), Vladimiro Sassone (University of Southampton), Catuscia Palamidessi (École Polytechnique)
Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically
Matthew Hicks (University of Illinois), Murph Finnicum (University of Illinois), Samuel T. King (University of Illinois), Milo M. K. Martin (University of Pennsylvania), Jonathan M. Smith (University of Pennsylvania)
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
Clemens Kolbitsch (Vienna University of Technology), Thorsten Holz (Vienna University of Technology), Christopher Kruegel (University of California, Santa Barbara), Engin Kirda (Institute Eurecom)
Experimental Security Analysis of a Modern Automobile
Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno (University of Washington), Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage (University of California, San Diego)
Revocation Systems with Very Small Private Keys
Allison Lewko (University of Texas at Austin), Amit Sahai (University of California, Los Angeles), Brent Waters (University of Texas at Austin)
Authenticating Primary Users' Signals in Cognitive Radio Networks via Integrated Cryptographic and Wireless Link Signatures
Yao Liu, Peng Ning, Huaiyu Dai (North Carolina State University)
Object Capabilities and Isolation of Untrusted Web Applications
Sergio Maffeis (Imperial College London), John C. Mitchell (Stanford University), Ankur Taly (Stanford University)
TrustVisor: Efficient TCB Reduction and Attestation
Jonathan McCune (Carnegie Mellon University), Yanlin Li (Carnegie Mellon University), Ning Qu (Nvidia), Zongwei Zhou (Carnegie Mellon University), Anupam Datta (Carnegie Mellon University), Virgil Gligor (Carnegie Mellon University), Adrian Perrig (Carnegie Mellon University)
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser
Leo Meyerovich (University of California, Berkeley), Benjamin Livshits (Microsoft Research)
SCiFI - A System for Secure Face Identification
Margarita Osadchy, Benny Pinkas, Ayman Jarrous, Boaz Moskovich (Univesity of Haifa)
Investigation of Triangular Spamming: a Stealthy and Efficient Spamming Technique
Zhiyun Qian (University of Michigan), Z. Morley Mao (University of Michigan), Yinglian Xie (Microsoft Research Silicon Valley), Fang Yu (Microsoft Research Silicon Valley)
Towards Static Flow-based Declassification for Legacy and Untrusted Programs
Bruno P.S. Rocha (Eindhoven University of Technology), Sruthi Bandhakavi (University of Illinois at Urbana Champaign), Jerry I. den Hartog (Eindhoven University of Technology), William H. Winsborough (University of Texas at San Antonio), Sandro Etalle (Eindhoven University of Technology)
A Symbolic Execution Framework for JavaScript
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Dawn Song, Feng Mao (University of California, Berkeley)
On the Incoherencies in Web Browser Access Control Policies
Kapil Singh (Georgia Institute of Technology), Alexander Moshchuk (Microsoft Research), Helen J. Wang (Microsoft Research), Wenke Lee (Georgia Institute of Technology)
Tamper Evident Microprocessors
Adam Waksman, Simha Sethumadhavan (Columbia University)
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
Tielei Wang (Peking University), Tao Wei (Peking University), Guofei Gu (Texas A & M University), Wei Zou (Peking University)
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
Zhi Wang, Xuxian Jiang (North Carolina State University)
A Practical Attack to De-Anonymize Social Network Users
Gilbert Wondracek (Vienna University of Technology), Thorsten Holz (Vienna University of Technology), Engin Kirda (Institute Eurecom), Christopher Kruegel (University of California, Santa Barbara)