Monday, February 25
7:30 am - | Registration
7:30 am - 8:30 am | Continental Breakfast
8:30 am – 8:50 am | Opening Remarks
General Chair: Tom Hutton, San Diego Supercomputer Center
20 Years of Network and Distributed Systems Security: The Good, the Bad, and the Ugly
8:50 am – 9:35 am
Richard Kemmerer, Computer Science Leadership Chair and Professor, UC Santa Barbara
Since this is the 20th Network and Distributed Systems Security (NDSS) Symposium, we thought it would be appropriate to review some of the highlights, lowlights, and general trends in network and distributed systems over the past twenty years. We also plan to discuss the future trends in this area of research.
Session 1: Authentication
9:35 am - 10:15 am
Session Chair: Apu Kapadia, Indiana University
Best Paper Award
I can be you: Questioning the use of Keystroke Dynamics as Biometrics
This paper shows that contrary to the beliefs of prior studies, typing patterns of individuals can be imitated. Our results from a large scale user study of over 80 participants show that various factors such as the password used, gender, monetary incentives, time allowed and information about the target typing pattern affects the success rate of the attacker.
Tey Chee Meng, Payas Gupta and Debin Gao
A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication
WPA2-Enterprise wireless networks rely on TLS to protect the underlying MSCHAPv2 authentication. Other layers of the authentication process however, from the physical to the user interface, introduce weaknesses that allow hard to detect Man-In-The-Middle attacks. We propose a novel attack, a prototype implementation, and the evaluation of its end-to-end efficacy using user experiments to demonstrate the need for new security measures across the software stack.
Aldo Cassola, William Robertson, Engin Kirda and Guevara Noubir
Session 2: Mobile Security
10:35 am – 12:15 pm
Session Chair: Zhichun Li, NEC Lab
Unobservable Re-authentication for Smartphones
In this paper, we propose a novel biometrics based system to achieve continuous and unobservable re-authentication for smartphones. Our system uses a classifier to learn the owner’s finger movement patterns and checks the current user’s finger movement patterns against the owner’s. Experiments show that our system is efficient on smartphones and achieves high accuracy.
Lingjun Li, Xinxin Zhao and Guoliang Xue
PlaceRaider: Virtual Theft in Physical Spaces with Smartphones
We introduce PlaceRaider, a proof-of-concept mobile malware that exploits a smartphone’s camera and onboard sensors to reconstruct rich, 3D models of the victim’s indoor space using only opportunistically taken photos. Attackers can use these models to engage in remote reconnaissance and virtual theft of the victims' environment. We substantiate this threat through human subject studies.
Robert Templeman, Zahid Rahman, David Crandall and Apu Kapadia
Detecting Passive Content Leaks and Pollution in Android Applications
We systematically study two vulnerabilities in open content provider components of Android applications. The first vulnerability can be exploited to disclose various types of private in-app data while the second one can be leveraged to manipulate them and potentially cause serious side-effects. Our evaluation with 62,519 Android applications shows that 2.3% of them are susceptible to these two vulnerabilities.
Yajin Zhou and Xuxian Jiang
Security Enhanced (SE) Android: Bringing Flexible MAC to Android
In this paper, we motivate and describe our work to bring flexible mandatory access control (MAC) to Android by enabling the effective use of Security Enhanced Linux (SELinux) for kernel-level MAC and by developing a set of middleware MAC extensions to the Android permissions model.
Stephen Smalley and Robert Craig
The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers
Much of the attention surrounding mobile malware has focused on the in-depth analysis of malicious applications. In this paper, we present the first empirical network level analysis of mobile malware using traffic from a major US cellular provider and quantify the extent to which devices are actually infected in the network.
Charles Lever, Manos Antonakakis, Brad Reaves, Patrick Traynor and Wenke Lee
12:15 pm - 2:00 pm | Lunch
Session 3: Systems and Software Security
2:00 pm -- 3:40 pm
Session Chair: Guofei Gu, Texas A&M University
High Accuracy Attack Provenance via Binary-Based Execution Partition
To trace the provenance of cyber attacks, audit log analysis faces the challenge of input-output dependence explosion. We develop a binary analysis/hardening technique that partitions the execution of an event-driven process into multiple "units" so that logging can be performed with units -- not processes -- as subjects. Our evaluation shows significant improvement in attack provenance accuracy with low overhead.
Kyu Hyung Lee, Xiangyu Zhang and Dongyan Xu
Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring
We design and implement an automated approach to produce a kernel configuration that is adapted to a particular workload and hardware, and present an attack surface evaluation framework for evaluating security improvements for the different kernels obtained. Our results show that, for real-world server use cases, the attack surface reduction obtained by tailoring the kernel ranges from about 50% to 85%.
A. Kurmus, R. Tartler, D. Dorneau, B. Heinloth, V. Rothberg, A. Ruprecht, W. Schöder-Preikschat, D. Lohmann, R. Kapitza
Taming Hosted Hypervisors with (Mostly) Deprivileged Execution
Virtualizing a computer system is a complex task. Existing hosted hypervisors typically have a large code base which might introduce exploitable software bugs. DeHype is proposed to reduce the exposed attack surface of a hosted hypervisor by deprivileging most of its execution to user mode, which also brings additional benefits in allowing for better development as well as concurrent execution of multiple hosted hypervisors in the same physical machine.
Chiachih Wu, Zhi Wang and Xuxian Jiang
When Firmware Modifications Attack: A Case Study of Embedded Exploitation
The ability to update firmware is a feature found in nearly all modern embedded systems. We demonstrate how this feature can be exploited to allow attackers to inject malicious firmware modifications into vulnerable embedded devices. We discuss techniques for exploiting such vulnerable functionality, implement a proof-of-concept attack against HP LaserJet printers, survey the vulnerable population, analyze known vulnerabilities in third-party libraries and discuss defenses.
Ang Cui, Michael Costello and Salvatore J. Stolfo
CAMP: Content-Agnostic Malware Protection
We present CAMP, a content-agnostic malware protection system. CAMP works on top of Google's Safe Browsing API and leverages reputation data to improve blacklist-based protection mechanisms. This paper gives a detailed overview of CAMP and provides an evaluation of an operational deployment serving 200 million browser users. Our evaluation shows that CAMP detects approximately 5 million malware downloads per month. We also show that CAMP exhibits accuracy close to 99%.
Niels Provos, Moheeb Abu Rajab, Lucas Ballard, Noe Lutz and Panayiotis Mavrommatis
Session 4: Web Security
4:00 pm -- 5:40 pm
Session Chair: Xuxian Jiang, NC State University
InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations
We propose InteGuard, the first system that protects vulnerable web API integrations. InteGuard operates a proxy in front of the service integrator’s web site, performing security checks on a set of invariant relations among the HTTP messages the integrator receives during a transaction. Our evaluation shows that it can defeat complicated exploits on high-profile web services with a small performance impact.
Luyi Xing, Yangyi Chen, XiaoFeng Wang and Shuo Chen
Preventing Side-channel Leaks in Web Traffic: A Formal Approach
We present a novel framework for deriving formal security guarantees against traffic side-channels, and we propose algorithms for the efficient derivation of such guarantees for web applications. We demonstrate the utility of our techniques in two case studies, where we derive formal guarantees for the security of a regional-language Wikipedia and an auto-complete input field.
Michael Backes, Goran Doychev and Boris Köpf
NeighborWatcher: A Content-Agnostic Comment Spam Inference System
We present NeighborWatcher, a comment spam inference system that exploits spammers’ spamming infrastructure information to infer comment spam. At its core, NeighborWatcher runs a graph-based algorithm to characterize the spamming neighbor relationship, and reports a spam link when the same link also appears in the harbor’s neighbors.
Jialong Zhang and Guofei Gu
AuthScan: Automatic Extraction of Web Authentication Protocols From Implementations
This paper addresses the problem of automatically extracting specifications from implementations and finding security flaws in them. We propose AUTHSCAN, an end-to-end platform to recover the authentication protocol specification from its implementations. AUTHSCAN finds a total of 7 security vulnerabilities in web applications using SSO protocol implementations and in custom web authentication logic of several web sites with millions of users.
Guangdong Bai, Guozhu Meng, Jike Lei, Sai Sathyanarayan Venkatraman, Prateek Saxena, Jun Sun, Yang Liu and Jinsong Dong
Best Student Paper Award
The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites
The postMessage facility in HTML5 enables communication between web content from different origins. We analyze postMessage receivers used in Alexa top 10,000 sites and demonstrate that many of them perform origin checks incorrectly. This leads to multiple vulnerabilities, from cross-site scripting to injection of arbitrary content into localStorage. We then propose several patterns for safe usage of postMessage.
Sooel Son and Vitaly Shmatikov
7:00 pm – 9:00 pm | Dinner Cruise of Mission Bay aboard the William D. Evans