To authors: A regular paper presentation would be 30 mins in total (including 5 mins Q&A).

March 16 - March 17 - March 18

March 16

Keynote I

09:00AM - 10:00AM


Towards Privacy-Preserving Access Control and Authority Transparency

James Joshi, University of Pittsburgh/National Science Foundation


Recent advances in cloud services and outsourced computation provide a promising paradigm for applications that generate, collect or process large amounts of sensitive data. However, they introduce significant security and privacy issues. Among others, ensuring proper access control and trust on the infrastructure is a crucial challenge. In this talk, I will overview the challenges and solutions related to attribute-based encryption for access control and related transparency issues. I will present some of our recent work related to integrated privacy-preserving user-centric access control supporting secure deduplication to address key security and privacy challenges in cloud services. Such attribute-based encryption approaches, as well as other emerging cryptographic mechanisms for secure computation typically employ a third-party authority (TPA) as an integral component that need to be trusted. Recent work on certificate transparency approaches provides a promising direction to address such general trust issues related to a TPA. We will present our recent work tailored towards such authority transparency issues and discuss challenges ahead.

Short Bio

James Joshi is a professor of School of Computing and Information at the University of Pittsburgh, and the director/founder of the Laboratory of Education and Research on Security Assured Information Systems (LERSAIS). He is currently serving as an NSF Program Director in the Computer and Network System (CNS) division and in the Secure and Trustworthy Cyberspace (SaTC) program. He is an elected Fellow of the Society of Information Reuse and Integration (SIRI), a Senior member of the IEEE and a Distinguished Member of the ACM. His research interests include access control models, security and privacy of distributed systems, trust management and network security. He is a recipient of the NSF CAREER award in 2006. He established and managed the NSF CyberCorp Scholarship for Service program at Pitt in 2006. He has served as program co-chair and/or general co-chair of several international conferences/workshops, including, ACM SACMAT, IEEE BigData, IEEE IRI, IEEE CIC, IEEE ISM, IEEE EDGE, etc. He currently serves as the steering committee chair of IEEE CIC/TPS/CogMI. Currently, he is the EIC of the IEEE Transactions on Services Computing. He had also served in or is in the editorial board of several international journals. He has published over 120 articles as book chapters and papers in journals, conferences and workshops, and has served as a special issue editor of several journals including Elsevier Computer & Security, ACM TOPS, Springer MONET, IJCIS, and Information Systems Frontiers. His research has been supported by NSF, NSA/DoD, and Cisco. Earlier in 1995, he had led the efforts to establish the first Computer Science & Engineering undergraduate degree program in Nepal.

Break (15 Minutes)

10:00AM - 10:15AM

Session 1: Trusted Environment

10:15AM - 12:15PM

ProximiTEE: Hardened SGX Attestation by Proximity Verification
Aritra Dhar, Ivan Puddu, Kari Kostiainen and Srdjan Capkun.
MOSE: Practical Multi-User Oblivious Storage via Secure Enclaves
Thang Hoang, Rouzbeh Behnia, Yeongjin Jang and Attila Yavuz.
DeepTrust: An Automatic Framework to Detect Trustworthy Users in Opinion-based Systems
Edoardo Serra, Anu Shrestha, Francesca Spezzano and Anna Squicciarini.
TrustAV: Practical and Privacy Preserving Malware Analysis in the Cloud
Dimitris Deyannis, Eva Papadogiannaki, George Kalivianakis, Giorgos Vasiliadis and Sotiris Ioannidis.


12:15PM - 1:30PM

Session 2: Access Control and Authentication

1:30PM - 3:00PM

CREHMA: Cache-aware REST-ful HTTP Message Authentication
Hoai Viet Nguyen and Luigi Lo Iacono.
Tap-Pair: Using Spatial Secrets for Single-Tap Device Pairing of Augmented Reality Headsets
Ivo Sluganovic, Mihael Liskij, Ante Derek and Ivan Martinovic.
Admin-CBAC: An Administration Model for Category-Based Access Control
Clara Bertolissi, Maribel Fernandez and Bhavani Thuraisingham.

Break (15 Minutes)

3:00PM - 3:15PM

Session 3: Adversarial Machine Learning

3:15PM - 4:45PM

Random Spiking and Systematic Evaluation of Defenses Against Adversarial Examples
Huangyi Ge, Sze Yiu Chau, Bruno Ribeiro and Ninghui Li.
DeepDoor: Targeted Attack Against Convolutional Neural Networks via Stealthy Backdoor Injection
Haoti Zhong, Cong Liao, Anna Squicciarini, Sencun Zhu and David Miller.
Explore the Transformation Space for Adversarial Images
Jiyu Chen and Hao Chen.

Break (15 Minutes)

4:45PM - 5:00PM

Session 4: Privacy I

5:00PM - 6:00PM

AuthPDB: Authentication of Probabilistic Queries on Outsourced Uncertain Data
Bo Zhang, Boxiang Dong, Haipei Sun and Hui Wang.
A Baseline for Attribute Disclosure Risk in Synthetic Data
Markus Hittmeir, Rudolf Mayer and Andreas Ekelhart.

Reception and Posters


March 17

Keynote II

09:00AM - 10:00AM


Trustworthy Machine Learning: Past, Present, and Future

Somesh Jha, University of Wisconsin, Madison


Fueled by massive amounts of data, models produced by machine-learning (ML) algorithms, especially deep neural networks (DNNs), are being used in diverse domains where trustworthiness is a concern, including automotive systems, finance, healthcare, natural language processing, and malware detection. Of particular concern is the use of ML algorithms in cyber-physical systems (CPS), such as self-driving cars and aviation, where an adversary can cause serious consequences. Interest in this area of research has simply exploded. In this work, we will cover the state-of-the-art in trustworthy machine learning, and then cover some interesting future trends.

Short Bio

Somesh Jha received his B.Tech from Indian Institute of Technology, New Delhi in Electrical Engineering. He received his Ph.D. in Computer Science from Carnegie Mellon University under the supervision of Prof. Edmund Clarke (a Turing award winner). Currently, Somesh Jha is the Lubar Professor in the Computer Sciences Department at the University of Wisconsin (Madison). His work focuses on analysis of security protocols, survivability analysis, intrusion detection, formal methods for security, and analyzing malicious code. Recently, he has focussed his interested on privacy and adversarial ML (AML). Somesh Jha has published several articles in highly-refereed conferences and prominent journals. He has won numerous best-paper and distinguished-paper awards. Prof Jha also received the NSF career award. Prof. Jha is the fellow of the ACM and IEEE.

Break (15 Minutes)

10:00AM - 10:15AM

Session 5: Mobile Security

10:15AM - 12:00PM

Defensive Charging: Mitigating Power Side-Channel Attacks on Charging Smartphones
Richard Matovu, Abdul Serwadda, Argenis V. Bilbao and Isaac Griswold-Steiner.
Dissecting Android Cryptocurrency Miners
Stanislav Dashevskyi, Yury Zhauniarovich, Olga Gadyatskaya, Aleksandr Pilgun and Hamza Ouhssain.
Understanding Privacy Awareness in Android App Descriptions Using Deep Learning
Johannes Feichtner and Stefan Gruber.
(Dataset/Tool Paper) FridgeLock: Preventing Data Theft on Suspended Linux with Usable Memory Encryption
Fabian Franzen, Manuel Andreas and Manuel Huber.


12:00PM - 1:15PM

Panel: A Vision for Winning the Cybersecurity Arms Race

1:15PM - 2:30PM

Elisa Bertino (Purdue University)
Anoop Singhal (NIST)
Srivathsan Srinivasagopalan (AT&T Cybersecurity)
Rakesh Verma (University of Houston, Panel Moderator)

Break (15 Minutes)

2:30PM - 2:45PM

Session 6: System Security

2:45PM - 4:15PM

The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
Marco Pernpruner, Roberto Carbone, Silvio Ranise and Giada Sciarretta.
n-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications
Isaac Polinsky, Kyle Martin, William Enck and Mike Reiter.
ZeroLender: Trustless Peer-to-Peer Bitcoin Lending Platform
Yi Xie, Joshua Holmes and Gaby G. Dagher.

Break (15 Minutes)

4:15PM - 4:30PM

Session 7: IoT

4:30PM - 6:00PM

Attacking and Protecting Tunneled Traffic of Smart Home Devices
Ahmed Alshehri, Jacob Granley and Chuan Yue.
SeCaS: Secure Capability Sharing Framework for IoT Devices in a Structured P2P Network
Angeliki Aktypi, Kubra Kalkan and Kasper Rasmussen.
IoT Expunge: Implementing Verifiable Retention of IoT Data
Nisha Panwar, Shantanu Sharma, Peeyush Gupta, Dhrubajyoti Ghosh, Sharad Mehrotra and Nalini Venkatasubramanian.



March 18

Session 8: Privacy II

8:00AM - 10:00AM

CRAPE: A Privacy-Enhanced Crash Reporting System
Kiavash Satvat, Maliheh Shirvanian, Mahshid Hosseini and Nitesh Saxena.
A Hypothesis Testing Approach to Sharing Logs with Confidence
Yunhui Long, Le Xu and Carl Gunter.
Renyi Differentially Private ADMM for Non-Smooth Regularized Optimization
Chen Chen and Jaewoo Lee.
Efficient Private Disease Susceptibility Testing inDirect-to-Consumer Model
Chibuike Ugwuoke, Zekeriya Erkin, Reginald Lagendijk and Marcel Reinders.

Break (15 Minutes)

10:00AM - 10:15AM

Session 9: Malware Detection

10:15AM - 12:00PM

Deceiving Portable Executable Malware Classifiers into Targeted Misclassification with Practical Adversarial Examples
Yunus Kucuk and Guanhua Yan.
DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection
Stuart Millar, Niall McLaughlin, Jesus Martinez del Rincon, Paul Miller and Ziming Zhao.
PESC: A Per System-Call Stack Canary Design for Linux Kernel
Jiadong Sun, Xia Zhou, Wenbo Shen, Yajin Zhou and Kui Ren.
(Dataset/Toool Paper) ISAdetect: Usable Automated Detection of CPU Architecture and Endianness for Arbitrary Binary Files and Object Code Sequences
Sami Kairajärvi, Andrei Costin and Timo Hamalainen.