Annual Computer Security Applications Conference（ACSAC）会议关注计算机应用安全领域的研究工作，与DSN, ESORICS和RAID并称为网络与信息安全领域的“四小安全顶级会议”（简称四小），代表着国际网络与信息安全学术研究的最高水平。ACSAC 2020年共收到论文300篇(2019:266, 2018:299)，录取70篇(2019:60, 2018:60)，录用率为23.33%(2019:22.56%, 2018:20.1%)，国内单位主要有电子科大、清华大学、信工所等机构，所有录用论文标题如下：

• HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities

Zekun Shen, Brendan Dolan-Gavitt (New York University)

• Up2Dep: Android Tool Support to Fix Insecure Code Dependencies

Duc Cuong Nguyen, Erik Derr, Michael Backes, Sven Bugiel (CISPA Helmholtz Center for Information Security)

• Query-Efficient Black-Box Attack Against Sequence-Based Malware Classifiers

Ishai Rosenberg, Asaf Shabtai, Yuval Elovici, Lior Rokach (Ben-Gurion University of the Negev)

• Talek: Private Group Messaging with Hidden Access Patterns

Raymond Cheng, William Scott (University of Washington), Elisaweta Masserova (Carnegie Mellon University), Irene Zhang (Microsoft Research), Vipul Goyal (Carnegie Mellon University), Thomas Anderson, Arvind Krishnamurthy (University of Washington), Bryan Parno (Carnegie Mellon University)

• Secure and Verifiable Inference in Deep Neural Networks

Guowen Xu, Hongwei Li, Hao Ren, Jianfei Sun (University of Electronic Science and Technology of China), Shengmin Xu (Singapore University of Technology and Design), Jianting Ning (Fujian Normal University & Singapore Management University), Haomiao Yang (University of Electronic Science and Technology of China), Kan Yang (The University of Memphis), Robert Deng (Singapore Management University)

• SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers

Martin Rosso, Michele Campobasso, Ganduulga Gankhuyag, Luca Allodi (Eindhoven University of Technology)

• DPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUIC

Gaganjeet Reen, Christian Rossow (CISPA – Helmholtz Center for Information Security)

• SERENIoT: Distributed Network Security Policy Management and Enforcement for Smart Homes

Corentin Thomasset (Polytechnique Montréal), David Barrera (Carleton University)

• CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications

Yuhang Lin, Olufogorehan Tunde-Onadele, Xiaohui Gu (North Carolina State University)

• Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems

Alessandro Erba (CISPA Helmholtz Center for Information Security), Riccardo Taormina (TU Delft), Stefano Galelli (Singapore University of Technology and Design), Marcello Pogliani, Michele Carminati, Stefano Zanero (Politecnico di Milano), Nils Ole Tippenhauer (CISPA Helmholtz Center for Information Security)

• Quantifying measurement quality and load distribution in Tor

Andre Greubel, Steffen Pohl, Samuel Kounev (University of Wuerzburg)

• Towards a Practical Differentially Private Collaborative Phone Blacklisting System

Ucci Daniele (University of Rome), Roberto Perdisci, Jaewoo Lee (University of Georgia), Mustaque Ahamad (Georgia Institute of Technology)

• Widely Reused and Shared, Infrequently Updated, and Sometimes Inherited: A Holistic View of PIN Authentication in Digital Lives and Beyond

Hassan Khan, Jason Ceci, Jonah Stegman (University of Guelph), Adam Aviv (The George Washington University), Rozita Dara (University of Guelph), Ravi Kuber (University of Maryland, Baltimore County)

• On the Feasibility of Automating Stock Market Manipulation

Carter Yagemann, Simon Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, Wenke Lee (Georgia Institute of Technology)

• Advanced Windows Methods on Malware Detection and Family Classification

Dima Rabadi, Sin Teo (Institute for Infocomm Research (I2R), A*STAR, Singapore)

• More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

Stephan Wiefling (H-BRS University of Applied Sciences, Ruhr University Bochum), Markus Dürmuth (Ruhr University Bochum), Luigi Lo Iacono (H-BRS University of Applied Sciences)

• App-Agnostic Post-Execution Semantic Analysis of Android In-Memory Forensics Artifacts

Aisha Ali-Gombe, Alexandra Tambaoan, Angela Gurfolino (Towson University), Golden Richard (Louisiana State University)

• Attacking Graph-Based Classification without Changing Existing Connections

Xuening Xu, Xiaojiang Du (Temple University), Qiang Zeng (University of South Carolina)

• ρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings

Paul Muntean, Mathias Neumayer (TU Munich), Zhiqiang Lin (Ohio State University), Gang Tan (Penn State University), Jens Grossklags, Claudia Eckert (TU Munich)

• Policy-based Chameleon Hash for Blockchain Rewriting with Black-box Accountability

Yangguang Tian, Pawel Szalachowski, Jianying Zhou (Singapore University of Technology and Design), Yingjiu Li (University of Oregon), Nan Li (University of Newcastle)

• Privacy-Preserving Production Process Parameter Exchange

Jan Pennekamp, Erik Buchholz, Yannik Lockner, Markus Dahlmanns, Tiandong Xi, Marcel Fey, Christian Brecher, Christian Hopmann, Klaus Wehrle (RWTH Aachen University)

• ZeroAUDIT

Xiang Fu, Aman Luthra, James Cavanaugh, Hugo Renzzo Oclese, Rina Hirsch (Hofstra University)

• Measuring the Effectiveness of Privacy Policies for Voice Assistant Applications

Song Liao, Christin Wilson, Long Cheng, Hongxin Hu, Huixing Deng (Clemson University)

• Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual

Machine Fadi Yilmaz, Meera Sridhar, Wontae Choi (University of North Carolina at Charlotte)

• Double Patterns: A Usable Solution to Increase the Security of Android Unlock Patterns

Tim Forman (United States Naval Academy), Adam Aviv (The George Washington University)

• Verify&Revive: Secure Detection and Recovery of Compromised Low-end Embedded Devices

Mahmoud Ammar (KU Leuven), Bruno Crispo (University of Trento)

• DeepSIM: GPS Spoofing Detection on UAVs using Satellite Imagery Matching

Nian Xue, Liang Niu (New York University), Xianbin Hong (University of Liverpool), Zhen Li (Shanghai Glotech Information Technology Co.), Larissa Hoffaeller (Hasso Plattner Institute), Christina Poepper (New York University Abu Dhabi)

• This is Why We Can’t Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage

Wajih Ul Hassan (University of Illinois Urbana-Champaign), Ding Li (NEC Laboratories America), Kangkook Jee (University of Texas at Dallas), Xiao Yu (NEC Laboratories America), Kexuan (Klaus) Zou, Dawei Wang (University of Illinois Urbana-Champaign), Zhengzhang Chen, Zhichun Li, Junghwan Rhee, Jiaping Gui (NEC Laboratories America), Adam Bates (University of Illinois Urbana-Champaign)

• The Tangled Genealogy of IoT Malware

Emanuele Cozzi (Eurecom), Pierre-Antoine Vervier, Matteo Dell'Amico, Yun Shen, Leyla Bilge (NortonLifeLock Research Group), Davide Balzarotti (Eurecom)

• Measurements of the Most Significant Software Security Weaknesses

Carlos Cardoso Galhardo (National Institute of Standards and Technology; INMETRO), Peter Mell, Irena Bojanova (National Institute of Standards and Technology), Assane Gueye (UADB-Senegal & Prometheus Computing)

• Understanding Promotion-as-a-Service on GitHub

Kun Du, Hao Yang (TsingHua University), Yubao Zhang (University of Delaware), Haixin Duan (Tsinghua University; Qi An Xin Group Corp.), Haining Wang (Virginia Tech), Shuang Hao (University of Texas at Dallas), Zhou Li (University of California, Irvine), Min Yang (Fudan University)

• WearID: Low-Effort Wearable-Assisted Authentication of Voice Commands via Cross-Domain Comparison without Training

Cong Shi (Rutgers University), Yan Wang (Temple University), Yingying Chen (Rutgers University), Nitesh Saxena (The University of Alabama at Birmingham), Chen Wang (Rutgers University)

• NoSQL Breakdown: A Large-scale Analysis of Misconfigured NoSQL Services

Dario Ferrari, Michele Carminati, Mario Polino, Stefano Zanero (Politecnico di Milano)

• AVClass2: Massive Malware Tag Extraction from AV Labels

Silvia Sebastián, Juan Caballero (IMDEA Software Institute)

• RusTEE: Developing Memory-Safe ARM TrustZone Applications

Shengye Wan (The College of William & Mary), Mingshen Sun (Baidu), Kun Sun (George Mason University), Ning Zhang (Washington University in St. Louis), Xu He (George Mason University)

• Certified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone Services

Siqi Ma (CSIRO), Haohe Li, Wenbo Yang (Shanghai Jiao Tong University), Surya Nepal (CSIRO), Elisa Bertino (Purdue University), Juanru Li (Shanghai Jiao Tong University)

• Februus: Input Purification Defense Against Trojan Attacks on Deep Neural Network Systems

Bao Gia Doan, Ehsan Abbasnejad, Damith Ranasinghe (The University of Adelaide)

• Probabilistic Naming of Functions in Stripped Binaries

James Patrick-Evans (Royal Holloway, University of London), Lorenzo Cavallaro (King's College London), Johannes Kinder (Bundeswehr University Munich)

• Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing

Emre Güler, Philipp Görz (Ruhr-Universität Bochum), Elia Geretto, Andrea Jemmett, Sebastian Österlund, Herbert Bos, Cristiano Giuffrida (Vrije Universiteit Amsterdam), Thorsten Holz (Ruhr-Universtität Bochum)

• Practical Over-Threshold Multi-Party Private Set Intersection

Rasoul Akhavan Mahdavi, Thomas Humphries, Bailey Kacsmar, Simeon Krastnikov, Nils Lukas, John Abraham Premkumar, Masoumeh Shafieinejad, Simon Oya, Florian Kerschbaum (University of Waterloo), Erik-Oliver Blass (Airbus)

• StegoNet: Turn Deep Neural Network into a Stegomalware

Tao Liu (Lawrence Technological University), Zihao Liu (Florida International University), Qi Liu, Wujie Wen (Lehigh University), Wenyao Xu (SUNY Buffalo), Ming Li (University of Arizona)

• A Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New Bugs

Sanjeev Das (IBM Research), Kedrian James, Jan Werner (University of North Carolina at Chapel Hill), Manos Antonakakis (Georgia Tech), Michalis Polychronakis (Stony Brook University), Fabian Monrose (University of North Carolina at Chapel Hill)

• Faulty Point Unit: ABI Poisoning Attacks on Intel SGX

Fritz Alder, Jo Van Bulck (imec-DistriNet, KU Leuven), David Oswald (The University of Birmingham, UK), Frank Piessens (imec-DistriNet, KU Leuven)

• Effect of Security Controls on Patching Window: A Causal Inference based Approach

Aditya Kuppa (University College Dublin), Lamine Aouad (Tenable Network Security), Nhien-An Le-Khac (University College Dublin)

• On the Forensic Validity of Approximated Audit Logs

Noor Michael, Jaron Mink, Jason Liu, Sneha Gaur, Wajih Ul Hassan, Adam Bates (University of Illinois Urbana-Champaign)

• Burning the Haystack: Malware Lead Generation at Scale

Fabian Kaczmarczyck, Bernhard Grill, Luca Invernizzi, Magda Procopiuc, Jennifer Pullman, David Tao, Elie Bursztein (Google)

• SEEF-ALDR: A Speaker Embedding Enhancement Framework via Adversarial Learning based Disentangled Representation

Jianwei Tai, Xiaoqi Jia, Qingjia Huang, Weijuan Zhang, Haichao Du (Institute of Information Engineering, Chinese Academy of Sciences), Shengzhi Zhang (Boston University)

• Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UK

Sean Oesch (University of Tennessee, Knoxville), Ruba Abu-Salma (University College London), Juliane Krämer (TU Darmstadt, Germany), Justin Wu (Brigham Young University), Oumar Diallo, James Simmons, Scott Ruoti (University of Tennessee, Knoxville)

• Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems

Lea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa (Ruhr University Bochum)

• LeakyPick: IoT Audio Spy Detector

Richard Mitev, Ahmad-Reza Sadeghi (Technical University of Darmstadt), Anna Pazii (University of Paris Saclay), Markus Miettinen (Technical University of Darmstadt), William Enck (North Carolina State University)

• Session Key Distribution Made Practical for CAN and CAN-FD Message Authentication

Yang Xiao, Shanghao Shi (Virginia Tech), Ning Zhang (Washington University in St. Louis), Wenjing Lou, Y. Thomas Hou (Virginia Tech)

• IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging Wearables

Prakash Shrestha, Zengrui Liu, Nitesh Saxena (The University of Alabama at Birmingham)

• Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation

Chen Cao (The Pennsylvania State University), Le Guan (University of Georgia), Jiang Ming (University of Texas at Arlington), Peng Liu (The Pennsylvania State University)

• VibLive: A Continuous Liveness Detection for Secure Voice User Interface in IoT Environment

Linghan Zhang (Florida State University), Sheng Tan (Trinity University), Zi Wang, Yili Ren, Zhi Wang, Jie Yang (Florida State University)

• Towards Realistic Membership Inferences: The Case of Survey Data

Luke Bauer, Vincent Bindschaedler (University of Florida)

• Workflow Integration Alleviates Identity and Access Management in Serverless Computing

Arnav Sankaran, Pubali Datta, Adam Bates (University of Illinois at Urbana–Champaign)

• CAPS: Smoothly Transitioning to a More Resilient Web PKI

Stephanos Matsumoto (Olin College of Engineering), Jay Bosamiya, Yucheng Dai (Carnegie Mellon University), Paul van Oorschot (Carleton University), Bryan Parno (Carnegie Mellon University)

• NoiseScope: Spotting Deepfake Images in a Blind Setting

Jiameng Pu, Neal Mangaokar (Virginia Tech), Bolun Wang (Facebook), Chandan Reddy, Bimal Viswanath (Virginia Tech)

• GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark

Tao Xue, Yu Wen (Institute of Information Engineering, Chinese Academy of Sciences), Bo Luo (The University of Kansas), Boyang Zhang, Yang Zheng, Yanfei Hu (Institute of Information Engineering, Chinese Academy of Sciences), Yingjiu Li (Singapore Management University), Gang Li (Deakin University), Dan Meng (Institute of Information Engineering, Chinese Academy of Sciences)

• Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions

Suzan Ali, Mounir Elgharabawy, Quentin Duchaussoy, Mohammad Mannan, Amr Youssef (Concordia University)

• dStyle-GAN: Generative Adversarial Network based on Writing and Photography Styles for Drug Identification in Darknet Markets

Yiming Zhang, Yiyue Qian, Yujie Fan, Yanfang (Fanny) Ye (Case Western Reserve University), Xin Li (West Virginia University), Qi Xiong, Fudong Shao (Tencent Security Lab)

• Voicefox: Leveraging Inbuilt Transcription to Enhance the Security of Machine-Human Speaker Verification against Voice Synthesis Attacks

Maliheh Shirvanian (Visa Research), Manar Mohammed (Miami University), Nitesh Saxena (The University of Alabama at Birmingham), Abhishek Anand (Bloomberg)

• Security Study of Service Worker Cross-Site Scripting

Phakpoom Chinprutthiwong, Raj Vardhan, GuangLiang Yang, Guofei Gu (Texas A&M University)

• Set It and Forget It! Turnkey ECC for Instant Integration

Dmitry Belyavsky (Cryptocom), Billy Brumley, Jesús-Javier Chi-Domínguez, Luis Rivera-Zamarripa (Tampere University), Igor Ustinov (Cryptocom)

• Practical Fine-Grained Binary Code Randomization

Soumyakant Priyadarshan, Huan Nguyen, R. Sekar (Stony Brook University)

• Reboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devices

Kuniyasu Suzaki, Akira Tsukamoto (National Institute of Advanced Industrial Science and Technology), Andy Green (Warmcat), Mohammad Mannan (Concordia University)

• FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

Mingeun Kim (The Affiliated Institute of ETRI), Dongkwan Kim, Eunsoo Kim (KAIST), Suryeon Kim (Ministry of National Defense, Republic of Korea), Yeongjin Jang (Oregon State University), Yongdae Kim (KAIST)

• Dragonblood is Still Leaking: Practical Cache-based Side-Channel in the Wild

Daniel De Almeida Braga, Pierre-Alain Fouque, Sabt Mohamed (Univ Rennes, CNRS, IRISA)

• Efficient Oblivious Substring Search via Architectural Support

Nicholas Mainardi, Davide Sampietro, Alessandro Barenghi, Gerardo Pelosi (Politecnico di Milano)

• FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms

Nampoina Andriamilanto (Institute of Research and Technology b<>com and Univ Rennes, CNRS, IRISA), Tristan Allard (Univ Rennes, CNRS, IRISA), Gaëtan Le Guelvouit (Institute of Research and Technology b<>com)

会议主页

https://www.acsac.org/