ACSAC2021 Program – powered by OpenConf

Monday, 6 December 2021

03:45-11:30

Program Analysis and Verification on Trusted Platforms (PAVeTrust) Workshop

One-Day Workshop (Note the non-standard time)

Program Chair: Bill Roscoe (University of Oxford and TBTL Oxford, UK)

10:00-16:00

Tracer FIRE Workshop

CANCELLED

Tuesday, 7 December 2021

08:30-16:30

Seventh Annual Industrial Control System Security (ICSS) Workshop

One-Day Workshop

General Co-Chairs: Harvey Rubinovitz (The MITRE Corporation), Adam Hahn (The MITRE Corporation)

Program Chair: Irfan Ahmed (Virginia Commonwealth University)

10:00-16:45

Learning from Authoritative Security Experiment Results (LASER) Workshop

One-Day Workshop

Workshop Co-Organizers: David Balenson (SRI International), Laura Tinnel (SRI International), Terry Benzel (USC-ISI)

10:00-16:00

Tracer FIRE Workshop

CANCELLED

Wednesday, 8 December 2021

10:00-10:30

Welcome

ACSAC Conference Welcome: Kevin Butler, Conference Chair

PC Chair Opening Remarks and Distinguished Paper Awards: Heng Yin and Gabriela Ciocarlie, Program Chairs

SWSIS Scholarship Awards: Jeremy Epstein, ACSA

10:30-11:45

Keynote Address: Wait, there are people here? Using HCI methods to answer impactful security and privacy questionsSession Chair: Kevin Butler

Michelle Mazurek, Associate Professor, University of Maryland

11:45-12:00

Break

12:00-13:15

Panel: SBOM and Securing the Supply ChainSession Chair: L. Jean Camp, Indiana University

Panelists:

Zachary Tudor, Idaho National Laboratory
Allan Friedman, CISA
Kevin Kane, Microsoft Research
Daniel Hein, Garmin International

Technical Papers 1A: Machine Learning Security 1Session Chair: S. Jay Yang, Rochester Institute of TechnologyStealing Machine Learning Models: Attacks and Countermeasures for Generative Adversarial NetworksHailong Hu; Jun PangThe Many-faced God: Attacking Face Verification System with Embedding and Image RecoveryMingtian Tan; Zhe Zhou; Zhou LiTwo Souls in an Adversarial Image: Towards Universal Adversarial Example Detection using Multi-view InconsistencySohaib Kiani; Sana Awan; Chao Lan; Fengjun Li; Bo LuoEfficient, Private and Robust Federated LearningMeng Hao; Hongwei Li; Guowen Xu; Hanxiao Chen; Tianwei ZhangMorphence: Moving Target Defense Against Adversarial ExamplesAbderrahmen Amich; Birhanu Eshete

Technical Papers 1B: Applied CryptographySession Chair: Thang Hoang, Virginia TechHeterogeneous-PAKE: Bridging the Gap between PAKE Protocols and Their Real-World DeploymentRong Wei; Fangyu Zheng; Lili Gao; Jiankuo Dong; Guang Fan; Lipeng Wan; Jingqiang Lin; Yuewu WangA formal analysis of IKEv2's post-quantum extensionStefan-Lukas Gazdag; Sophia Grundner-Culemann; Tobias Guggemos; Tobias Heider; Daniel LoebenbergerOptimized Paillier's Cryptosystem with Fast Encryption and DecryptionHuanyu Ma; Shuai Han; Hao LeiTowards Practical Post-quantum Signatures for Resource-Limited Internet of ThingsRouzbeh Behnia; Attilla Altay YavuzVASA: Vector AES Instructions for Security ApplicationsJean-Pierre Münch; Thomas Schneider; Hossein Yalame

13:15-14:00

Lunch Break

14:00-15:15

Panel: National Cybersecurity Research DirectionsSession Chair: Daniel Faigin, The Aerospace Corporation

Panelists:

Jeremy Epstein, National Science Foundation
Chester Maciag, U.S. Department of Defense, OUSD(R&E) Director for Cyber Technologies
Martin Stanley, U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency
Robinson Pino, U.S. Department of Energy
William Newhouse, National Institute of Standards and Technology

Technical Papers 2A: Software Security 1Session Chair: Sébastien Bardin and Behnaz Hassanshahi, CEA & OracleProgram Obfuscation via ABI DebiasingDavid Demicco; Rukayat Erinfolami; Aravind PrakashA Look Back on a Function Identification ProblemHyungjoon Koo; Soyeon Park; Taesoo KimSoftMark: Software Watermarking via a Binary Function RelocationHonggoo Kang; Yonghwi Kwon; Sangjin Lee; Hyungjoon KooDynamic Taint Analysis versus Obfuscated Self-CheckingSebastian Banescu; Samuel Valenzuela; Marius Guggenmos; Mohsen Ahmadvand; Alexander PretschnerDicos: Discovering Insecure Code Snippets from Stack Overflow Posts by Leveraging User DiscussionsHyunji Hong; Seunghoon Woo; Heejo Lee

Technical Papers 2B: Privacy and AnonymitySession Chair: Bo Chen, Michigan TechARID: Anonymous Remote IDentification of Unmanned Aerial VehiclesPietro Tedeschi; Savio Sciancalepore; Roberto Di PietroSipster: Settling IOU Privately and Quickly with Smart MetersSherman S. M. Chow; Ming Li; Yongjun Zhao; Wenqiang JinTEEKAP: Self-Expiring Data Capsule using Trusted Execution EnvironmentMingyuan Gao; Hung Dang; Ee-Chien ChangBAPM: Block Attention Profiling Model for Multi-tab Website Fingerprinting Attacks on TorZhong Guan; Gang Xiong; Gaopeng Gou; Zhen Li; Mingxin Cui; Chang LiuTry before You Buy: Privacy-preserving Data Evaluation on Cloud-based Machine Learning Data MarketplaceQiyang Song; Jiahao Cao; Kun Sun; Qi Li; Ke Xu

15:15-15:30

Break

15:30-16:30

Posters and Works in Progress Talks

Thursday, 9 December 2021

10:00-10:30

Test of Time Awards Session Chair: Jeremy Epstein, National Science Foundation

10:30-11:45

Case StudiesSession Chair: Saurabh Shintre, Splunk

Trustworthy Selection and Use of Commodity Products and Services, Prof. Ian Bryant

Differential Privacy in Practice, Dr. Aleatha Parker-Wood

The Technology Behind IATA Travel Pass:Ensuring Privacy With Verifiable Credentials, Drummond Reed

Technical Papers 3A: Distributed systemsSession Chair: Brendan Saltaformaggio, Georgia TechVIA: Analyzing Device Interfaces of Protected Virtual MachinesFelicitas Hetzelt; Martin Radev; Robert Buhren; Mathias Morbitzer; Jean-Pierre SeifertRocky: Replicating Block Devices for Tamper and Failure Resistant Edge-based Virtualized Desktop InfrastructureBeom Heyn Kim; Hyoungshick KimOn Detecting Growing-Up Behaviors of Malicious Accounts in Privacy-Centric Mobile Social NetworksZijie Yang; Binghui Wang; Haoran Li; Dong Yuan; Zhuotao Liu; Neil Gong; Chang Liu; Qi Li; Xiao Liang; Shaofeng HuReCFA: Resilient Control-Flow AttestationYumei Zhang; Xinzhi Liu; Cong Sun; Dongrui Zeng; Gang Tan; Xiao Kan; Siqi MaPractical Attestation for Edge Devices Running Compute Heavy Machine Learning ApplicationsIsmi Abidi; Vireshwar Kumar; Rijurekha Sen

Technical Papers 3B: Usability and Human-Centric Aspects of SecuritySession Chair: Aiping Xiong, Penn StateIs Visualization Enough? Evaluating the Efficacy of MUD-Visualizer in Enabling Ease of Deployment for Manufacturer Usage Description (MUD)Vafa Andalibi; Jayati Dev; DongInn Kim; Eliot Lear; L. Jean CampA Cross-role and Bi-national Analysis on Security Efforts and Constraints of Software Development ProjectsFumihiro Kanei; Ayako Akiyama Hasegawa; Eitaro Shioji; Mitsuaki AkiyamaAn Efficient Man-Machine Recognition Method Based On Mouse Trajectory Feature De-redundancyXiaofeng Lu; Zhenhan Feng; Jupeng XiaOPay: an Orientation-based Contactless Payment Solution Against Passive AttacksMahshid Mehr Nezhd; Feng HaoWhat’s in a Cyber Threat Intelligence sharing platform? A mixed-methods user experience investigation of MISPBorce Stojkovski; Gabriele LENZINI; Vincent KOENIG; Salvador RIVAS

11:45-12:00

Break

12:00-13:15

Panel: The Role of Convergence Research in Applied CybersecuritySession Chair: David Balenson, SRI International

Panelists:

W. Douglas Maughan, Office Head, NSF Convergence Accelerator Program
Mike Pozmantier, Program Director, Trust & Authenticity in Communications Systems and AI Innovation Tracks, NSF Convergence Accelerator Program
Giulia Fanti, Assistant Professor of Electrical and Computer Engineering, Carnegie Mellon University
Dan Massey, Program Lead, OUSD(R&E) 5G-to-NextG Operate Through Program

Technical Papers 4A: CPS and IoTSession Chair: Mu Zhang, University of UtahThey See Me Rollin': Inherent Vulnerability of the Rolling Shutter in CMOS Image SensorsSebastian Köhler; Giulio Lovisotto; Simon Birnbach; Richard Baker; Ivan MartinovicEvaluating the Effectiveness of Protection Jamming Devices in Mitigating Smart Speaker Eavesdropping Attacks Using Gaussian White NoisePayton Walker; Nitesh SaxenaS2-CAN: Sufficiently Secure Controller Area NetworkMert D. Pesé; Jay W. Schauer; Junhui Li; Kang G. ShinCrypto-Chain: A Relay Resilience Framework for Smart VehiclesAbubakar Sadiq Sani; Dong Yuan; Elisa Bertino; Zhao Yang DongAdvanced System Resiliency Based on Virtualization Techniques for IoT DevicesJonas Röckl; Mykolai Protsenko; Monika Huber; Tilo Müller; Felix C. Freiling

Technical Papers 4B: Authentication and PasswordsSession Chair: Ding Wang, Nankai UniversityGlobal Feature Analysis and Comparative Evaluation of Freestyle In-Air-Handwriting Passcode for User AuthenticationDuo Lu; Yuli Deng; Dijiang Huang2D-2FA: A New Dimension in Two-Factor AuthenticationMaliheh Shirvanian; Shashank AgrawalGroup Time-based One-time Passwords and its Application to Efficient Privacy-Preserving Proof of LocationZheng Yang; Chenglu Jin; Jianting Ning; Zengpeng Li; Anh Dinh; Jianying ZhouDigit Semantics based Optimization for Practical Password Cracking ToolsHaodong Zhang; Chuanwang Wang; Wenqiang Ruan; Junjie Zhang; Ming Xu; Weili HanSystematization of Password Manager Use Cases and Design ParadigmsJames Simmons; Oumar Diallo; Sean Oesch; Scott Ruoti

13:15-14:00

Lunch Break

13:30-14:00

Sponsored Talk: A Tutorial on using Speculator for studying and prototyping speculative execution attacksAndrea Mambretti, IBM Research

14:00-15:15

Panel: Diversity in IndustrySession Chair: Elizabeth Scruggs, The Aerospace Corporation

Panelists:

Keyaan Williams, CLASS-LLC
Gary Hayslip, Softbank Investment Advisers (SBIA)
Jandria Alexander, BAH
Jessica Gulick, Katzcy/US Cyber Games

Technical Papers 5A: Machine Learning Security 2Session Chair: Andrew Paverd, Microsoft ResearchEluding ML-based Adblockers With Actionable Adversarial ExamplesShitong Zhu; Zhongjie Wang; Xun Chen; Shasha Li; Keyu Man; Umar Iqbal; Zhiyun Qian; Kevin Chan; Srikanth Krishnamurthy; Zubair ShafiqBadNL: Backdoor Attacks against NLP models with Semantic-preserving ImprovementsXiaoyi Chen; Ahmed Salem; Dingfan Chen; Michael Backes; Shiqing Ma; Qingni Shen; Zhonghai Wu; Yang ZhangMISA: Online Defense of Trojaned Models using MisattributionsPanagiota Kiourti; Wenchao Li; Karan Sikka; Anirban Roy; Susmit JhaDetecting Audio Adversarial Examples with Logit NoisingNamgyu Park; Sangwoo Ji; Jong KimCan We Leverage Predictive Uncertainty to Detect Dataset Shift and Adversarial Examples in Android Malware Detection?Deqiang Li; Tian Qiu; Shuo Chen; Qianmu Li; Shouhuai Xu

Technical Papers 5B: Hardware and ArchitectureSession Chair: Aravind Prakash, Binghamton UniveresityTLB Poisoning Attacks on AMD Secure Encrypted VirtualizationMengyuan Li; Yinqian Zhang; Huibo Wang; Kang Li; Yueqiang ChengReinhardt: Real-time Reconfigurable Hardware Architecture for Regular Expression Matching in DPITaejune Park; Jaehyun Nam; Seung Ho Na; Jaewoong Chung; Seungwon ShinUnderstanding the Threats of Trojaned Quantized Neural Network in Model Supply ChainsXudong Pan; Mi Zhang; Yifan Yan; Min YangFlexFilt: Towards Flexible Instruction Filtering for SecurityLeila Delshadtehrani; Sadullah Canakci; William Blair; Manuel Egele; Ajay JoshiRingRAM: A Unified Hardware Security Primitive for IoT Devices that Gets Better with AgeMichael Moukarzel; Matthew Hicks

Friday, 10 December 2021

10:00-11:15

Panel: Secure Manufacturing/C-SCRMSession Chair: Greg Shannon, CyManII

Panelists:

Gabriela F. Ciocarlie, VP for Securing Automation and Secure Manufacturing Architecture, CyManII
Paul Forney, Director, Digital Grid Cybersecurity, Schneider Electric
Michael Mylrea, Senior Distinguished Engineer at Resilience
Virignia Wright, Idaho National Laboratory

Technical Papers 6A: Malware and Novel AttacksSession Chair: Yonghwi Kwon, University of VirginiaSODA: A System for Cyber Deception Orchestration and AutomationMd Sajidul Islam Sajid; Jinpeng Wei; Basel Abdeen; Ehab Al-Shaer; Md Mazharul Islam; Walter Diong; Latifur KhanReproducible and Adaptable Log Data Generation for Sound Cybersecurity ExperimentsRafael Uetz; Christian Hemminghaus; Louis Hackländer; Philipp Schlipper; Martin HenzeObfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware ClassificationDuy-Phuc Pham; Damien Marion; Matthieu Mastio; Annelie HeuserCommanderGabble: A Universal Attack Against ASR Systems Leveraging Fast SpeechZhaohe (John) Zhang; Edwin Yang; Song FangPhysical Logic Bombs in 3D Printers via Emerging 4D TechniquesTuan Le; Sriharsha Etigowni; Sizhuang Liang; Xirui Peng; Jerry Qi; Mehdi Javanmard; Saman Zonouz; Raheem Beyah

Technical Papers 6B: Cryptocurrency and Side ChannelsSession Chair: Mu Zhang, University of UtahSolSaviour: A Defending Framework for Deployed Defective Smart ContractsLi Zecheng; Zhou Yu; Songtao Guo; Xiao BinImproving Streaming Cryptocurrency Transaction Classification via Biased Sampling and Graph FeedbackShaltiel Eloul; Sean J Moran; Jacob MendelMITOSIS: Practically Scaling Permissioned BlockchainsGiorgia Azzurra Marson; Sebastien Andreina; Lorenzo Alluminio; Konstantin Munichev; Ghassan KarameAn Exploration of ARM System-Level Cache and GPU Side ChannelsPatrick Cronin; Xing Gao; Haining Wang; Chase CottonLaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped SystemsNiclas Kühnapfel; Stefan Preußler; Maximilian Noppel; Thomas Schneider; Konrad Rieck; Christian Wressnegger

11:15-11:30

Break

11:30-12:45

NITRD Panel: Information Integrity R&DSession Chair: Tomas Vagoun, NITRD

Sara Kiesler, Program Director, National Science Foundation
Bob Lawton, Chief of Mission Capabilities, Science and Technology Group, Office of the Director of National Intelligence
Suresh Venkatasubramanian, Assistant Director for Science and Justice, White House Office of Science and Technology Policy

Technical Papers 7A: Software Security 2Session Chair: Aravind Prakash, Binghamton UniversityRUPAIR: Towards Automatic Buffer Overflow Detection and Rectification for RustBaojian Hua; Wanrong Ouyang; Chengman Jiang; Qiliang Fan; Zhizhong PanKeeping Safe Rust Safe with GaleedElijah Rivera; Samuel Mergendahl; Howard Shrobe; Hamed Okhravi; Nathan BurowDistAppGaurd: Distributed Application Behaviour Profiling in Cloud-Based Environmentmohammadmahdi ghorbani; Fereydoun Farrahi Moghaddam; Mengyuan Zhang; Makan Pourzandi; Kim Khoa Nguyen; Mohamed CherietICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by FuzzingDongliang Fang; Zhanwei Song; Le Guan; Puzhuo Liu; Anni Peng; Kai Cheng; Yaowen Zheng; Peng Liu; Hongsong Zhu; Limin SunargXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Cortex-M BinariesPallavi Sivakumaran; Jorge Blasco

Technical Papers 7B: Wireless SecuritySession Chair: Arup Bhuyan, Idaho National LaboratoryOn Key Reinstallation Attacks over 4G LTE Network: Feasibility and Negative ImpactMuhammad Taqi Raza; Yunqi Guo; Songwu Lu; Fatima Muhammad AnwarSecurity of Multicarrier Time-of-Flight RangingPatrick Leu; Martin Kotuliak; Marc Roeschlin; Srdjan CapkunDon’t hand it Over: Vulnerabilities in the Handover Procedure of Cellular TelecommunicationsEvangelos Bitsikas; Christina PöpperTime to Rethink the Design of Qi Standard? Security and Privacy Vulnerability Analysis of Qi Wireless ChargingYi Wu; Zhuohang Li; Nicholas Van Nostrand; Jian LiuDetecting and Characterizing SMS Spearphising AttacksMingxuan Liu; Yiming Zhang; Baojun Liu; Zhou Li; Haixin Duan; Donghong Sun

12:45-13:00

Break

13:00-14:15

Technical Papers 8A: Mobile and Smart AppsSession Chair: Yousra Aafer, Universeity of WaterlooCharacterizing Improper Input Validation Vulnerabilities of Mobile Crowdsourcing ServicesSojhal Ismail Khan; Dominika C Woszczyk; Chengzeng You; Soteris Demetriou; Muhammad NaveedTowards Stalkerware Detection with Precise WarningsYufei Han; Kevin Alejandro Roundy; Acar TamersoyRepack Me If You Can: An Anti-Repackaging Solution based on Android VirtualizationAntonio Ruggia; Eleonora Losiouk; Luca Verderame; Mauro Conti; Alessio MerloWestworld: Fuzzing-Assisted Remote Dynamic Symbolic Execution of Smart Apps on IoT Cloud PlatformsLannan Luo; Qiang Zeng; Bokai Yang; Fei Zuo; Junzhe WangThe Emperor's New Autofill Framework: A Security Analysis of Autofill on iOS and AndroidSean Oesch; Anuj Gautam; Scott Ruoti

Technical Papers 8B: Internet TrafficSession Chair: Bo Chen, Michigan TechFINN: Fingerprinting Network Flows using Neural NetworksFatemeh Rezaei; Amir HoumansadrMAppGraph: Mobile-App Classification on Encrypted Network Traffic using Deep Graph Convolution Neural NetworksThai-Dien Pham; Thien-Lac Ho; Tram Truong-Huu; Tien-Dung Cao; Hong-Linh TruongSMap: Internet-Wide Scanning for SpoofingTianxiang Dai; Haya ShulmanMineHunter: A Practical Cryptomining Traffic Detection Algorithm Based on Time Series TrackingShize Zhang; Zhiliang Wang; Jiahai Yang; Xin Cheng; XiaoQian Ma; Hui Zhang; Bo Wang; Zimu Li; Jianping WuPlatform-Oblivious Anti-Spam GatewayYihe Zhang; Xu Yuan; Nianfeng Tzeng

14:15-14:30

Closing Remarks

14:45-16:00

BoF: Cybersecurity Experimentation "Artifacts Party" (We Want Your Artifacts!!)