The 12^th ACM Conference on Data and Application Security and Privacy

How (Not) to Deploy Cryptography on the Internet
Haya Shulman (Fraunhofer Institute for Secure Information Technology, Germany)

GINN: Fast GPU-TEE Based Integrity for Neural Network Training
Aref Asvadishirehjini, Murat Kantarcioglu and Bradley Malin.

EG-Booster: Explanation-Guided Booster of ML Evasion Attacks
Abderrahmen Amich and Birhanu Eshete.

Leveraging Synthetic Data and PU Learning For Phishing Email Detection
Fatima Zahra Qachfar, Rakesh Verma and Arjun Mukherjee.

DP-UTIL: Comprehensive Utility Analysis of Differential Privacy in Machine Learning
Ismat Jarin and Birhanu Eshete.

Privacy-Preserving Maximum Matching on General Graphs and its Application to Enable Privacy-Preserving Kidney Exchange
Malte Breuer, Ulrike Meyer and Susanne Wetzel.

Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks
Nishant Vishwamitra, Yifang Li, Hongxin Hu, Kelly Caine, Long Cheng, Ziming Zhao and Gail-Joon Ahn.

Genomic Data Sharing under Dependent Local Differential Privacy
Emre Yilmaz, Tianxi Ji, Erman Ayday and Pan Li.

Prediction of Mobile App Privacy Preferences with User Profiles via Federated Learning
André Brandão, Ricardo Mendes and Joao P. Vilela.

Panelists
Elisa Bertino - Purdue University
Ravi Sandhu - The University of Texas at San Antonio
Bhavani Thuraisingham - The University of Texas at Dallas
Indrakshi Ray - Colorado State University
Wenjia Li - NYIT

Moderators
Maanak Gupta - Tennessee Technological University
Sudip Mittal - Mississippi State University

Abstract

The proliferation of IoT and CPS technologies demand novel conceptual, foundational and applied cybersecurity solutions. The dynamic behaviour of these distributed systems augmented with physical and computational constraints of smart devices, require cybersecurity approaches for timely prevention and detection of attacks. This panel aims to discuss open challenges and highlight future research directions for cybersecurity in IoT and CPS.

(Tool/dataset Paper) Building a Commit-level Dataset of Real-world Vulnerabilities
Alexis Challande, Robin David and Guénaël Renault.

ReSIL: Revivifying Function Signature Inference using Deep Learning with Domain-Specific Knowledge
Yan Lin, Debin Gao and David Lo.

(Tool/dataset Paper) A Modular and Extensible Framework for Securing TLS
Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta and Silvio Ranise.

Recovering Structure of Input of a Binary Program
Seshagiri Prabhu Narasimha and Arun Lakhotia.

(Tool/dataset Paper) Hardening with Scapolite: A DevOps-based Approach for Improved Authoring, Maintaining, and Testing of Security-Configuration Guides in Large-Scale Organizations
Patrick Stöckle, Ionuț Pruteanu, Bernd Grobauer and Alexander Pretschner.

Predicting Asymptotic Behavior of Network Covert Channels: Experimental Results
Catherine Meadows (Naval Research Laboratory, United States)

Toward Deep Learning Based Access Control
Mohammad Nur Nobi, Ram Krishnan, Yufei Huang, Mehrnoosh Shakarami and Ravi Sandhu.

ProSPEC: Proactive Security Policy Enforcement for Containers
Hugo Kermabon-Bobinnec, Mahmood Gholipourchoubeh, Sima Bagheri, Suryadipta Majumdar, Yosr Jarraya, Makan Pourzandi and Lingyu Wang.

NEUTRON: A Graph-based Pipeline for Zero-trust Network Architectures
Charalampos Katsis, Fabrizio Cicala, Dan Thomsen, Nathan Ringo and Elisa Bertino.

Landmark Privacy: Configurable Differential Privacy Protection for Time Series
Manos Katsomallos, Katerina Tzompanaki and Dimitris Kotzinos.

Securing Smart Grids Through an Incentive Mechanism for Blockchain-Based Data Sharing
Daniel Reijsbergen, Aung Maw, Anh Dinh, Yuen Chau and Wentai Li.

Security Analysis of IoT Frameworks using Static Taint Analysis
Tuba Yavuz and Christopher Brant.

Toward a Resilient Key Exchange Protocol for IoT
Zhangxiang Hu, Jun Li, Samuel Mergendahl and Christopher Wilson.

A TOCTOU Attack on DICE Attestation
Stefan Hristozov, Moritz Wettermann and Manuel Huber.

Panelists
Barbara Carminati - University of Insubria
Murat Kantarcioglu - The University of Texas at Dallas
Sagar Samtani - Indiana University

Moderators
Sudip Mittal - Mississippi State University
Maanak Gupta - Tennessee Technological University

Abstract

Modern civilization is highly dependent on computing systems, touching all aspects of business, government, and individual life. At the same time, there has been an increase in laws and privacy preferences whose implementation and effectiveness depend on software. Whereas organizations and individuals have been expected to comply with laws and regulations, now computing systems must also be compliant and accountable. Computing systems need to be designed with privacy preferences and legal statutes in mind, and should be adaptable to change.

(Tool/dataset Paper) Shared Multi-Keyboard and Bilingual Datasets to Support Keystroke Dynamics Research
Ahmed Wahab and Daqing Hou.

Leveraging Disentangled Representations to Improve Keystroke Inference Attacks Under Low Data Constraints
John Lim, Jan-Michael Frahm and Fabian Monrose.

Cache Shaping: An Effective Defense Against Cache-Based Website Fingerprinting
Haipeng Li, Nan Niu and Boyang Wang.

Quantifying the Risk of Wormhole Attacks on Bluetooth Contact Tracing
Stefan Czybik, Daniel Arp and Konrad Rieck.

Towards Resiliency of Heavy Vehicles through Compromised Sensor Data Reconstruction
Hossein Shirazi, William Pickard, Indrakshi Ray and Haonan Wang.

Parallel Operations over TFHE-Encrypted Multi-Digit Integers
Jakub Klemsa and Melek Önen.

Private Lives Matter: A Differential Private Functional Encryption Scheme
Alexandros Bakas, Antonis Michalas and Tassos Dimitriou.

Efficient Dynamic Searchable Encryption with Forward Privacy under the Decent Leakage
Yohei Watanabe, Kazuma Ohara, Mitsugu Iwamoto and Kazuo Ohta.

RS-PKE: Ranked Searchable Public-Key Encryption for Cloud-Assisted Lightweight Platforms
Israt Jahan Mouri, Muhammad Ridowan and Muhammad Abdullah Adnan.