NDSS 会议（全称The Network and Distributed System Security Symposium）是和CCS，USENIX SECURITY及IEEE S&P并称的计算机系统安全领域的四大顶级会议之一。CCF B 类会议，2021年共有两轮(夏季、秋季)论文征稿，2021年共收到?篇论文(2020:506篇,2019:521篇, 2018:331篇)， 共录取了87份论文(2020:88,2019:89篇，2018:71篇),国内高校主要有：清华大学、香港中文大学、北京邮电大学、浙江大学、信工所等，录用论文标题如下：

Summer Cycle

• All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers

Christoph Hagen (University of Würzburg); Christian Weinert (TU Darmstadt); Christoph Sendner and Alexandra Dmitrienko (University of Würzburg); Thomas Schneider (TU Darmstadt)

• As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service

Kai Li, Jiaqi Chen, Xianghong Liu, and Yuzhe Tang (Syracuse University); XiaoFeng Wang (Indiana University Bloomington); Xiapu Luo (The Hong Kong Polytechnic University)

• Awakening the Web’s Sleeper Agents: Misusing Service Workers for Privacy Leakage

Soroush Karami, Panagiotis Ilia, and Jason Polakis (University of Illinois at Chicago)

• Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework

Abdallah Dawoud and Sven Bugiel (CISPA Helmholtz Center for Information Security)

• CSR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis

Yonghwi Kwon (University of Virginia); Weihang Wang (University at Buffalo, SUNY); Jinho Jung (Georgia Institute of Technology); Kyu Hyung Lee (University of Georgia); Roberto Perdisci (University of Georgia and Georgia Tech)

• Deceptive Deletions for Protecting Withdrawn Posts on Social Media Platforms

Mohsen Minaei (Visa Research); S Chandra Mouli (Purdue University); Mainack Mondal (IIT Kharagpur); Bruno Ribeiro and Aniket Kate (Purdue University)

• DOVE: A Data-Oblivious Virtual Environment

Hyun Bin Lee (University of Illinois at Urbana-Champaign); Tushar Jois (Johns Hopkins University); Christopher Fletcher and Carl A. Gunter (University of Illinois at Urbana-Champaign)

• Evading Voltage-Based Intrusion Detection on Automotive CAN

Rohit Bhatia (Purdue University); Vireshwar Kumar (Indian Institute of Technology Delhi); Khaled Serag and Z. Berkay Celik (Purdue University); Mathias Payer (EPFL); Dongyan Xu (Purdue University)

• Forward and Backward Private Conjunctive Searchable Symmetric Encryption

Sikhar Patranabis (ETH Zurich); Debdeep Mukhopadhyay (IIT Kharagpur)

• From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR

Chaoyi Lu (Tsinghua University; Beijing National Research Center for Information Science and Technology); Baojun Liu (Tsinghua University; Beijing National Research Center for Information Science and Technology; Qi An Xin Group); Yiming Zhang (Tsinghua University; Beijing National Research Center for Information Science and Technology); Zhou Li (University of California, Irvine); Fenglu Zhang (Tsinghua University); Haixin Duan (Tsinghua University; Qi An Xin Group); Ying Liu (Tsinghua University); Joann Qiongna Chen (University of California, Irvine); Jinjin Liang and Zaifeng Zhang (360 Netlab); Shuang Hao (University of Texas at Dallas); Min Yang (Fudan University)

• Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem

Christopher Lentzsch (Ruhr-Universität Bochum); Sheel Jayesh Shah (North Carolina State University); Benjamin Andow (Google); Martin Degeling (Ruhr-Universität Bochum); Anupam Das and William Enck (North Carolina State University)

• Let’s Stride Blindfolded in a Forest: Sublinear Multi-Client Decision Trees Evaluation

Jack P. K. Ma and Raymond K. H. Tai (The Chinese University of Hong Kong); Yongjun Zhao (Nanyang Technological University); Sherman S.M. Chow (The Chinese University of Hong Kong)

• More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes

Leila Rashidi (University of Calgary); Daniel Kostecki (Northeastern University); Alexander James (University of Calgary); Anthony Peterson (Northeastern University); Majid Ghaderi (University of Calgary); Samuel Jero (MIT Lincoln Laboratory); Cristina Nita-Rotaru (Northeastern University); Hamed Okhravi (MIT Lincoln Laboratory); Reihaneh Safavi-Naini (University of Calgary)

• Obfuscated Access and Search Patterns in Searchable Encryption

Zhiwei Shang and Simon Oya (University of Waterloo); Andreas Peter (University of Twente); Florian Kerschbaum (University of Waterloo)

• Peerlock: Flexsealing BGP

Tyler McDaniel, Jared M. Smith, and Max Schuchard (University of Tennessee, Knoxville)

• POP and PUSH: Demystifying and Defending against (Mach) Port-oriented Programming

Min Zheng and Xiaolong Bai (Orion Security Lab, Alibaba Group); Yajin Zhou (Zhejiang University); Chao Zhang (Institute for Network Science and Cyberspace of Tsinghua University); Fuping Qu (Orion Security Lab, Alibaba Group)

• Processing Dangerous Paths – On Security and Privacy of the Portable Document Format

Jens Müller, Dominik Noss, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk (Ruhr University Bochum)

• Reining in the Web’s Inconsistencies with Site Policy

Stefano Calzavara (Università Ca’ Foscari Venezia); Tobias Urban (Institute for Internet Security, Westphalian University of Applied Sciences and Ruhr University Bochum); Dennis Tatang (Ruhr University Bochum); Marius Steffens and Ben Stock (CISPA Helmholtz Center for Information Security)

• Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers

Madura A. Shelton (University of Adelaide); Niels Samwel and Lejla Batina (Radboud University); Francesco Regazzoni (University of Amsterdam and ALaRI – USI); Markus Wagner (University of Adelaide); Yuval Yarom (University of Adelaide and Data61)

• Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel

Zhuoran Liu (Radboud university); Niels Samwel, Léo Weissbart, Zhengyu Zhao, Dirk Lauret, Lejla Batina, and Martha Larson (Radboud University)

• The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud

Joongyum Kim, Jung-hwan Park, and Sooel Son (KAIST)

• Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee (Georgia Institute of Technology)

• XDA: Accurate, Robust Disassembly with Transfer Learning

Kexin Pei (Columbia University); Jonas Guan (University of Toronto); David Williams-King, Junfeng Yang, and Suman Jana (Columbia University)

• Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks

Mohd Sabra (University of Texas at San Antonio); Anindya Maiti (University of Oklahoma); Murtuza Jadliwala (University of Texas at San Antonio)

Fall Cycle

• A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers?

Yarin Perry, Neta Rozen-Schiff, and Michael Schapira (Hebrew University of Jerusalem)

• A Formal Analysis of the FIDO UAF Protocol

Haonan Feng, Hui Li, and Xuesong Pan (Beijing University of Posts and Telecommunications, Beijing, China); Ziming Zhao (University at Buffalo)

• ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation

Le Yu (Purdue University); Shiqing Ma (Rutgers University); Zhuo Zhang, Guanhong Tao, Xiangyu Zhang, and Dongyan Xu (Purdue University); Vincent E. Urias and Han Wei Lin (Sandia National Laboratories); Gabriela Ciocarlie (SRI); Vinod Yegneswaran (SRI International); Ashish Gehani (SRI)

• BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols

Eunsoo Kim, Dongkwan Kim, CheolJun Park, Insu Yun, and Yongdae Kim (KAIST)

• Bitcontracts: Supporting Smart Contracts in Legacy Blockchains

Karl Wüst, Loris Diana, and Kari Kostiainen (ETH Zurich); Ghassan Karame (NEC Laboratories Europe GmbH); Sinisa Matetic and Srdjan Capkun (ETH Zurich)

• CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs

Adil Ahmad (Purdue University); Juhee Kim (Seoul National University); Jaebaek Seo (Google); Insik Shin (KAIST); Pedro Fonseca (Purdue University); Byoungyoung Lee (Seoul National University)

• CV-Inspector: Towards Automating Detection of Adblock Circumvention

Hieu Le (University of California, Irvine); Zubair Shafiq (University of California, Davis); Athina Markopoulou (University of California, Irvine)

• Data Poisoning Attacks to Deep Learning Based Recommender Systems

Hai Huang and Jiaming Mu (Tsinghua University); Neil Zhenqiang Gong (Duke University); Qi Li (Tsinghua University); Bin Liu (IBM); Mingwei Xu (Tsinghua University)

• Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning

Navid Emamdoost, Qiushi Wu, Kangjie Lu, and Stephen McCamant (University of Minnesota)

• Differential Training: A Generic Framework to Reduce Label Noises for Android Malware Detection

Jiayun Xu (School of Information Systems, Singapore Management University, Singapore); Yingjiu Li (University of Oregon); Robert H. Deng (School of Information Systems, Singapore Management University, Singapore)

• Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes

Alexander Küchler (Fraunhofer AISEC); Alessandro Mantovani (EURECOM); Yufei Han and Leyla Bilge (NortonLifeLock Research Group); Davide Balzarotti (EURECOM)

• EarArray: Defending against DolphinAttack via Acoustic Attenuation

Guoming Zhang, Xiaoyu Ji, and Xinfeng Li (Zhejiang University); Gang Qu (University of Maryland); Wenyuan Xu (Zhejing University)

• Emilia: Catching Iago in Legacy Code

Rongzhen Cui (University of Toronto); Lianying Zhao (Carleton University); David Lie (University of Toronto)

• FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data

Junjie Liang and Wenbo Guo (The Pennsylvania State University); Tongbo Luo (JD.com); Vasant Honavar (Pennsylvania State University); Gang Wang (University of Illinois at Urbana-Champaign); Xinyu Xing (Pennsylvania State University)

• Favocado: Fuzzing Binding Code of JavaScript Engines Using Semantically Correct Test Cases

Sung Ta Dinh and Haehyun Cho (Arizona State University); Kyle Martin (North Carolina State University); Adam Oest (PayPal, Inc.); Yihui Zeng (Arizona State University); Alexandros Kapravelos (North Carolina State University); Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, and Adam Doupe (Arizona State University); Gail-Joon Ahn (Arizona State University and Samsung Research)

• FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications

Diogo Barradas, Nuno Santos, and Luis Rodrigues (INESC-ID, Instituto Superior Técnico, Universidade de Lisboa); Salvatore Signorello (Faculdade de Ciências, Universidade de Lisboa); Fernando Ramos and André Madeira (INESC-ID, Instituto Superior Técnico, Universidade de Lisboa)

• FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping

Xiaoyu Cao (Duke University); Minghong Fang and Jia Liu (The Ohio State University); Neil Zhenqiang Gong (Duke University)

• From Library Portability to Para-rehosting: Natively Executing Open-source Microcontroller OSs on Commodity Hardware

Wenqiang Li (Institute of Information Engineering, Chinese Academy of Sciences and University of Kansas); Le Guan (University of Georgia); Jingqiang Lin (University of Science and Technology of China); Jiameng Shi (University of Georgia); Fengjun Li (University of Kansas)

• GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks

Qiao Zhang (Old Dominion University); Chunsheng Xin and Hongyi Wu (Old Dominion University, Norfolk, VA 23529, USA)

• HERA: Hotpatching of Embedded Real-time Applications

Christian Niesler, Sebastian Surminski, and Lucas Davi (University of Duisburg-Essen)

• Hunting the Haunter — Efficient Relational Symbolic Execution for Spectre with HauntedRelSE

Lesly-Ann Daniel and Sébastien Bardin (CEA, List, France); Tamara Rezk (Inria, France)

• Improving Signal’s Sealed Sender

Ian Martiny (University of Colorado); Gabriel Kaptchuk (Boston University); Adam Aviv (The George Washington University); Dan Roche (U.S. Naval Avademy); Eric Wustrow (University of Colorado Boulder)

• IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery

Wenbo Ding (Clemson University); Hongxin Hu (University at Buffalo); Long Cheng (Clemson University)

• KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS

Kernel Changming Liu (Northeastern University); Yaohui Chen (Facebook, Inc.); Long Lu (Northeastern University)

• Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning

Virat Shejwalkar and Amir Houmansadr (UMass Amherst)

• MINOS: A Lightweight Real-Time Cryptojacking Detection System

Faraz Naseem, Ahmet Aris, Leonardo Babun, Selcuk Uluagac, and Ege Tekiner (Florida International University)

• Mondrian: Comprehensive Inter-domain Network Zoning Architecture

Jonghoon Kwon and Hähni Claude (ETH Zürich); Patrick Bamert (Zürcher Kantonalbank); Adrian Perrig (ETH Zürich)

• NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces

Yapeng Ye, Zhuo Zhang, Fei Wang, Xiangyu Zhang, and Dongyan Xu (Purdue University)

• OblivSketch: Oblivious Network Measurement as a Cloud Service

Shangqi Lai, Xingliang YUAN, and Joseph Liu (Monash University); Xun Yi (RMIT University); Qi Li (Tsinghua University); Dongxi Liu (Data61, CSIRO); Nepal Surya (Data61 CSIRO Australia)

• On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices

Zeyu Lei and Yuhong Nan (Purdue University); Yanick Fratantonio (EURECOM); Antonio Bianchi (Purdue University)

• PFirewall: Semantics-Aware Customizable Data Flow Control for Home Automation Systems

Haotian Chi (Temple University); Qiang Zeng (University of South Carolina); Xiaojiang Du (Temple University); Lannan Luo (University of South Carolina)

• PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles

Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, and Dongyan Xu (Purdue University)

• PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification

Mitziu Echeverria, Zeeshan Ahmed, Bincheng Wang, and M. Fareed Arif (The University of Iowa); Syed Rafiul Hussain (Pennsylvania State University); Omar Chowdhury (The University of Iowa)

• POSEIDON: Privacy-Preserving Federated Neural Network Learning

Sinem Sav, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, David Froelicher, Jean-Philippe Bossuat, Joao André Gomes de Sá E Sousa, and Jean-Pierre Hubaux (EPFL)

• Practical Blind Membership Inference Attack via Differential Comparisons

Bo Hui, Yuchen Yang, and Haolin Yuan (Johns Hopkins University); Philippe Burlina (The Johns Hopkins University Applied Physics Laboratory); Neil Zhenqiang Gong (Duke University); Yinzhi Cao (Johns Hopkins University)

• Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy

Shi-Feng Sun, Ron Steinfeld, and Shangqi Lai (Monash University, Australia); Xingliang YUAN (Monash University); Amin Sakzad and Joseph Liu (Monash University, Australia); ‪Surya Nepal‬ (Data61 CSIRO, Australia); Dawu Gu (Shanghai Jiao Tong University, China)

• Preventing and Detecting State Inference Attacks on Android

Andrea Possemato (EURECOM / IDEMIA); Dario Nisi and Yanick Fratantonio (EURECOM)

• PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps

Sebastian Zimmeck, Rafael Goldstein, and David Baraka (Wesleyan University)

• ProPoS: A Probabilistic Proof-of-Stake Protocol

Daniel Reijsbergen, Pawel Szalachowski, Junming Ke, Zengpeng Li, and Jianying Zhou (Singapore University of Technology and Design)

• QPEP: An Actionable Approach to Secure and Performant Broadband From Geostationary Orbit

James Pavur (Oxford University); Martin Strohmeier and Vincent Lenders (armasuisse); Ivan Martinovic (Oxford University)

• RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness

Philipp Schindler, Aljosha Judmayer, and Markus Hittmeir (SBA Research); Nicholas Stifter (SBA Research, TU Wien); Edgar Weippl (Universität Wien)

• Refining Indirect Call Targets at the Binary Level

Sun Hyoung Kim (Penn State); Cong Sun (Xidian University); Dongrui Zeng and Gang Tan (Penn State)

• Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing

Jinghan Wang, Chengyu Song, and Heng Yin (University of California, Riverside)

• ROV++: Improved Deployable Defense against BGP Hijacking

Reynaldo Morillo, Justin Furuness, Cameron Morris, James Breslin, Amir Herzberg, and Bing Wang (University of Connecticut)

• SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web

Mikhail Shcherbakov and Musard Balliu (KTH Royal Institute of Technology)

• Shadow Attacks: Hiding and Replacing Content in Signed PDFs

Christian Mainka, Vladislav Mladenov, Simon Rohlmann, and Jörg Schwenk (Chair for Network and Data Security, Ruhr University Bochum)

• SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets

Zhenxiao Qi (UC Riverside); Qian Feng (Baidu USA); Yueqiang Cheng (Baidu Security); Mengjia Yan (UIUC); Peng Li (Baidu X-Lab); Heng Yin (UC Riverside); Tao Wei (Baidu X-Lab)

• SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning

Charlie Hou (CMU, IC3); Mingxun Zhou (Peking University); Yan Ji and Phil Daian (Cornell Tech, IC3); Florian Tramèr (Stanford University); Giulia Fanti (CMU, IC3); Ari Juels (Cornell Tech, IC3)

• SymQEMU: Compilation-based symbolic execution for binaries

Sebastian Poeplau (EURECOM and Code Intelligence); Aurélien Francillon (EURECOM)

• Tales of Favicons and Caches: Persistent Tracking in Modern Browsers

Konstantinos Solomos, John Kristoff, Chris Kanich, and Jason Polakis (University of Illinois at Chicago)

• TASE: Reducing Latency of Symbolic Execution with Transactional Memory

Adam Humphries (University of North Carolina); Kartik Cating-Subramanian (University of Colorado); Michael K. Reiter (Duke University)

• The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol

Michael Troncoso and Britta Hale (Naval Postgraduate School)

• To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

Beliz Kaleli (Boston University); Brian Kondracki (Stony Brook University); Manuel Egele (Boston University); Nick Nikiforakis (Stony Brook University); Gianluca Stringhini (Boston University)

• Towards Understanding and Detecting Cyberbullying in Real-world Images

Nishant Vishwamitra and Hongxin Hu (University at Buffalo); Feng Luo and Long Cheng (Clemson University)

• Trust the Crowd: Wireless Witnessing to Detect Attacks on ADS-B-Based Air-Traffic Surveillance

Kai Jansen (Ruhr University Bochum); Liang Niu and Nian Xue (New York University Abu Dhabi); Ivan Martinovic (University of Oxford); Christina Pöpper (New York University Abu Dhabi)

• Understanding and Detecting International Revenue Share Fraud

Merve Sahin (SAP Security Research); Aurélien Francillon (EURECOM)

• Understanding the Growth and Security Considerations of ECS

Athanasios Kountouras, Panagiotis Kintis, Athanasios Avgetidis, Thomas Papastergiou, and Charles Lever (Georgia Institute of Technology); Michalis Polychronakis (Stony Brook University); Manos Antonakakis (Georgia Institute of Technology)

• Understanding Worldwide Private Information Collection on Android

Yun Shen and Pierre-Antoine Vervier (NortonLifeLock Research Group); Gianluca Stringhini (Boston University)

• WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics

Jun Zeng (National University of Singapore); Zheng Leong Chua (Independent Researcher); Kaihang Ji and Zhenkai Liang (National University of Singapore); Jian Mao (Beihang University)

• Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI

Marius Steffens (CISPA Helmholtz Center for Information Security); Marius Musch and Martin Johns (TU Braunschweig); Ben Stock (CISPA Helmholtz Center for Information Security)

• WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning

Jinho Jung and Stephen Tong (Georgia Institute of Technology); Hong Hu (Pennsylvania State University); Jungwon Lim, Yonghwi Jin, and Taesoo Kim (Georgia Institute of Technology)

• Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks

Xianghang Mi (University at Buffalo); Siyuan Tang, Zhengyi Li, and Xiaojing Liao (Indiana University Bloomington); Feng Qian (University of Minnesota – Twin Cities); XiaoFeng Wang (Indiana University Bloomington)

• Доверя́й, но проверя́й: SFI safety for native-compiled Wasm

Evan Johnson, David Thien, and Yousef Alhessi (University of California San Diego); Shravan Narayan (University Of California San Diego); Fraser Brown (Stanford University); Sorin Lerner (University of California San Diego); Tyler McMullen (Fastly Labs); Stefan Savage and Deian Stefan (University of California San Diego)