#
 

CSAW'17 Applied Research Winners

North America
1st: DRAMMER: Deterministic Rowhammer Attacks on Mobile Platforms

Presenter: Victor van der Veen (Vrije Universiteit Amsterdam)

2nd: NEZHA: Efficient Domain-Independent Differential Testing

Presenter: Theofilos Petsios (Columbia University)

3rd: NORAX: Enabling Execute-Only Memory for COTS Binaries on AArch 64

Presenter: Yaohui Chen (Northeastern University)

Europe
1st: On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs

Presenter: Shahin Tajik (Technische Universität Berlin)

2nd: MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models

Presenter: Enrico Mariconti (Dept. of Computer Science, University College London)

3rd: TriFlow: Triaging Android Applications using Speculative Information Flows

Presenter: Omid Mirzaei (Computer Security Lab, Universidad Carlos III de Madrid)

MENA
1st: Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

Presenter: Satwik Patnaik (New York University Abu Dhabi)

2nd: Dynamic Spatial Index for Efficient Query Processing on the Cloud

Presenter: Ayesha M. Talha (University of Sharjah)

3rd: Single-Clock-Cycle, Multilayer Encryption Algorithm for Single-Channel IoT Communications

Presenter: Shahzad Muzaffar (Masdar Institute)

India
1st: A PUF-Based Secure Communication Protocol for IoT

Urbi Chatterjee, Rajat Subhra Chakraborty, and Debdeep Mukhopadhyay (IIT Kharagpur)

2nd: Shakti-T : A RISC-V Processor with Light Weight Security Extensions

Arjun Menon, Subadra Murugan, Chester Rebeiro Neel Gala, and Kamakoti Veezhinathan (IIT Madras)

3rd: Counterfeit IC Detection By Image Texture Analysis

Pallabi Ghosh and Rajat Subhra Chakraborty (IIT Kharagpur)


CSAW'17 Applied Research Finalists

CSAW Europe finalists

Can’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory

Ferdinand Brasser, Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi

The Circle Game: Scalable Private Membership Test Using Trusted Hardware

Sandeep Tamrakar, Jian Liu, Andrew Paverd, Jan-Erik Ekberg, Benny Pinkas, and N. Asokan

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud

Clementine Maurice, Manuel Weber, Michael Schwarz, and Lukas Giner

MAMADROID: Detecting Android Malware by Building Markov Chains of Behavioral Models

Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon Ross, and Gianluca Stringhini

Mix&Slice: Efficient Access Revocation in the Cloud

Enrico Bacis, Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Marco Rosa, and Pierangela Samarati

On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs

Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, and Christian Boit

Reliably determining data leakage in the presence of strong attackers

Riccardo Bortolameotti, Andreas Peter, Maarten H. Everts, Willem Jonker, and Pieter Hartel

TriFlow: Triaging Android Applications using Speculative Information Flows

Omid Mirzaei, Guillermo Suarez-Tangil, Juan Tapiador, and Jose M. de Fuentes

Using Reflexive Eye Movements for Fast Challenge-Response

Ivo Sluganovic, Marc Roeschlin, Kasper B Rasmussen, and Ivan Martinovic

What Happens After You Are Pwnd: Understanding the Use of Leaked Webmail Credentials in the Wild

Jeremiah Onaolapo, Enrico Mariconti, and Gianluca Stringhini


CSAW India finalists

Automated JPEG Forgery Detection with Correlation based Localization

Diangarti Bhalang Tariang, Aniket Roy, Rajat Subhra Chakraborty, and Ruchira Naska

Counterfeit IC Detection By Image Texture Analysis

Pallabi Ghosh and Rajat Subhra Chakraborty

Forensic engineering for resolving ownership problem of reusable IP core generated during high level synthesis

Anirban Sengupta and Deepak Kachave

Low overhead symmetrical protection of reusable IP core using robust fingerprinting and watermarking during high level synthesis

Anirban Sengupta and Dipanjan Roy

PicHunt: Social Media Image Retrieval for Improved Law Enforcement

Sonal Goel, Niharika Sachdeva, Ponnurangam Kumaraguru, A. V. Subramanyam, and Divam Guptar

A PUF-Based Secure Communication Protocol for IoT

Urbi Chatterjee, Rajat Subhra Chakraborty, and Debdeep Mukhopadhyay

Shakti-T : A RISC-V Processor with Light Weight Security Extensions

Arjun Menon, Subadra Murugan, Chester Rebeiro Neel Gala, and Kamakoti Veezhinathan

TL-HLS: Methodology for Low Cost Hardware Trojan Security Aware Scheduling With Optimal Loop Unrolling Factor During High Level Synthesis

Anirban Sengupta, Saumya Bhadauria, and Saraju P. Mohanty


CSAW MENA finalists

Android Device Hacking Tricks and Countermeasures

Khulood Alzaabi (Zayed University)

Dynamic spatial index for efficient query processing on the cloud

Ayesha M. Talha (University of Sharjah), Ibrahim Kamel (University of Sharjah) and Zaher Al Aghbari (University of Sharjah)

Efficient methods to generate cryptographically significant binary diffusion layers

Sedat Akleylek (Ondokuz Mayıs University), Vincent Rijmen (KU Leuven and iMinds), Muharrem Tolga Sakallı (Trakya University) and Emir Öztürk (Trakya University)

Internet-scale probing of CPS: Inference, characterization and orchestration analysis

Claude Fachkha (University of Dubai), Elias Bou-Harb (Florida Atlantic University), Anastasis Keliris (New York University), Nasir Memon (New York University) and Mustaque Ahamad (Georgia Institute of Technology)

New secure healthcare system using cloud of things

Ebrahim Al Alkeem (Khalifa University of Science and Technology) and Dr Chan Yeob (Khalifa University of Science and Technology)

Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

Satwik Patnaik (New York University), Mohammed Ashraf (New York University Abu Dhabi), Johann Knechtel (New York University Abu Dhabi) and Ozgur Sinanoglu (New York University Abu Dhabi)

SCOTRES: Secure Routing for IoT and CPS

George Hatzivasilis (Technical University of Crete), Ioannis Papaefsfathiou (Technical University of Crete) and Charalampos Manifavas (Rochester Institute of Technology in Dubai)

SGXCrypter: IP Protection for Portable Executables using Intel's SGX Technology

Dimitrios Tychalas (New York University) , Nektarios Georgios Tsoutsos (New York University) and Michail Maniatakos (New York University Abu Dhabi)

Single-clock-cycle, Multilayer Encryption Algorithm for Single-channel IoT Communications

Shahzad Muzaffar (Masdar Institute, Khalifa University of Science and Technology ), Owais Talaat Waheed (Masdar Institute, Khalifa University of Science and Technology), Zeyar Aung (Masdar Institute, Khalifa University of Science and Technology) and Ibrahim Elfadel (Masdar Institute, Khalifa University of Science and Technology)

Spamdoop: A privacy-preserving Big Data platform for collaborative spam detection

Abdelrahman Almahmoud (Khalifa University of Science and Technology), Ernesto Damiani (Khalifa University of Science and Technology), Hadi Otrok (Khalifa University of Science and Technology) and Yousof Al-Hammadi (Khalifa University of Science and Technology)


CSAW North America Finalists 

CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management

Download the paper here

Adrian Tang (Columbia University), Simha Sethumadhavan (Columbia University), and Salvatore Stolfo (Columbia University)

Cryptographic Function Detection in Obfuscated Binaries via Bit-precise Symbolic Loop Mapping

Download the paper here

Dongpeng Xu (Pennsylvania State University), Jiang Ming (The University of Texas at Arlington), and Dinghao Wu (Pennsylvania State University)

DIFUZE: Interface Aware Fuzzing for Kernel Drivers

Download the paper here

Jake Corina (University of California, Santa Barbara), Aravind Machiry (University of California, Santa Barbara), Christopher Salls (University of California, Santa Barbara), Yan Shoshitaishvili (Arizona State University), Shuang Hao (University of Texas at Dallas), Christopher Kruegel (University of California, Santa Barbara), and Giovanni Vigna (University of California, Santa Barbara)

DRAMMER: Deterministic Rowhammer Attacks on Mobile Platforms

Download the paper here

Victor van der Veen (Vrije Universiteit Amsterdam), Yanick Fratantonio (University of California, Santa Barbara), Martina Lindorfer (University of California, Santa Barbara), Daniel Gruss (Graz University of Technology), Clementine Maurice (Graz University of Technology), Giovanni Vigna (University of California, Santa Barbara), Herbert Bos (Vrije Universiteit Amsterdam), Kaveh Razavi (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam) 

Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security

Download the paper here

Peter Snyder (University of Illinois at Chicago), Cynthia Taylor (University of Illinois at Chicago), and Chris Kanich (University of Illinois at Chicago)

NEZHA: Efficient Domain-Independent Differential Testing

Download the paper here

Theofilos Petsios (Columbia University), Adrian Tang (Columbia University), Salvatore Stolfo (Columbia University), Angelos D. Keromytis (Columbia University), and Suman Jana (Columbia University)

NORAX: Enabling Execute-Only Memory for COTS Binaries on AArch64

Download the paper here

Yaohui Chen (Northeastern University), Dongli Zhang (Stony Brook University), Ruowen Wang (Samsung Research America), Ahmed Azab (Samsung Research America), Long Lu (Northeastern University), Hayawardh Vijayakumar (Samsung Research America), Rui Qiao (Stony Brook University), and Wenbo Shen (Samsung Research America)

PayBreak : Defense Against Cryptographic Ransomware

Download the paper here

Eugene Kolodenker (Boston University, MITRE), William Koch (Boston University), Gianluca Stringhini (University College London), and Manuel Egele (Boston University)

Practical Attacks Against Graph-based Clustering

Download the paper here

Yizheng Chen (Georgia Institute of Technology), Yacin Nadji (Georgia Institute of Technology), Athanasios Kountouras (Georgia Institute of Technology), Fabian Monrose (University of North Carolina at Chapel Hill), Roberto Perdisci (University of Georgia), Manos Antonakakis (Georgia Institute of Technology), and Nikolaos Vasiloglou (Symantec CAML Group)

Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts

Download the paper here

Najmeh Miramirkhani (Stony Brook University), Mahathi Appini (Stony Brook University), Nick Nikiforakis (Stony Brook University), and Michalis Polychronakis (Stony Brook University)

SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations

Download the paper here

Sze Yiu Chau (Purdue University), Omar Chowdhury (University of Iowa), Endadul Hoque (Florida International University), Huangyi Ge (Purdue University), Aniket Kate (Purdue University), Cristina Nita-Rotaru (Northeastern University), and Ninghui Li (Purdue University)