2017 IEEE Symposium on Security and Privacy (SP)

22-26 May 2017

Filter Results

Displaying Results 1 - 25 of 72
  • [Front cover]

    Publication Year: 2017, Page(s): c1
    Request permission for commercial reuse | |PDF file iconPDF (936 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2017, Page(s): i
    Request permission for commercial reuse | |PDF file iconPDF (12 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2017, Page(s): iii
    Request permission for commercial reuse | |PDF file iconPDF (117 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2017, Page(s): iv
    Request permission for commercial reuse | |PDF file iconPDF (132 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2017, Page(s):v - x
    Request permission for commercial reuse | |PDF file iconPDF (150 KB)
    Freely Available from IEEE
  • Message from the General Chair

    Publication Year: 2017, Page(s):xi - xiv
    Request permission for commercial reuse | |PDF file iconPDF (111 KB) | HTML iconHTML
    Freely Available from IEEE
  • Message from the Program Committee Co-Chairs

    Publication Year: 2017, Page(s): xv
    Request permission for commercial reuse | |PDF file iconPDF (100 KB) | HTML iconHTML
    Freely Available from IEEE
  • Organizing Committee

    Publication Year: 2017, Page(s): xvi
    Request permission for commercial reuse | |PDF file iconPDF (79 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2017, Page(s):xvii - xviii
    Request permission for commercial reuse | |PDF file iconPDF (81 KB)
    Freely Available from IEEE
  • External Reviewers

    Publication Year: 2017, Page(s): xix
    Request permission for commercial reuse | |PDF file iconPDF (89 KB)
    Freely Available from IEEE
  • Membership Inference Attacks Against Machine Learning Models

    Publication Year: 2017, Page(s):3 - 18
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (936 KB) | HTML iconHTML

    We quantitatively investigate how machine learning models leak information about the individual data records on which they were trained. We focus on the basic membership inference attack: given a data record and black-box access to a model, determine if the record was in the model's training dataset. To perform membership inference against a target model, we make adversarial use of machine learnin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SecureML: A System for Scalable Privacy-Preserving Machine Learning

    Publication Year: 2017, Page(s):19 - 38
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (529 KB) | HTML iconHTML

    Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns. In this paper, we present new and efficient protocols for privacy preserving machine learni... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards Evaluating the Robustness of Neural Networks

    Publication Year: 2017, Page(s):39 - 57
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (1313 KB) | HTML iconHTML

    Neural networks provide state-of-the-art results for most machine learning tasks. Unfortunately, neural networks are vulnerable to adversarial examples: given an input x and any target classification t, it is possible to find a new input x' that is similar to x but classified as t. This makes it difficult to apply neural networks in security-critical areas. Defensive distillation is a recently pro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is Interaction Necessary for Distributed Private Learning?

    Publication Year: 2017, Page(s):58 - 77
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (479 KB) | HTML iconHTML

    Recent large-scale deployments of differentially private algorithms employ the local model for privacy (sometimes called PRAM or randomized response), where data are randomized on each individual's device before being sent to a server that computes approximate, aggregate statistics. The server need not be trusted for privacy, leaving data control in users' hands. For an important class of convex o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Pyramid: Enhancing Selectivity in Big Data Protection with Count Featurization

    Publication Year: 2017, Page(s):78 - 95
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (1152 KB) | HTML iconHTML

    Protecting vast quantities of data poses a daunting challenge for the growing number of organizations that collect, stockpile, and monetize it. The ability to distinguish data that is actually needed from data collected “just in case” would help these organizations to limit the latter's exposure to attack. A natural approach might be to monitor data use and retain only the working-se... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit

    Publication Year: 2017, Page(s):99 - 120
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (291 KB) | HTML iconHTML

    The past ten years has seen increasing calls to make security research more “scientific”. On the surface, most agree that this is desirable, given universal recognition of “science” as a positive force. However, we find that there is little clarity on what “scientific” means in the context of computer security research, or consensus on what a “Scien... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security

    Publication Year: 2017, Page(s):121 - 136
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (488 KB) | HTML iconHTML

    Online programming discussion platforms such as Stack Overflow serve as a rich source of information for software developers. Available information include vibrant discussions and oftentimes ready-to-use code snippets. Previous research identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that software developers copy and paste code snippe... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Obstacles to the Adoption of Secure Communication Tools

    Publication Year: 2017, Page(s):137 - 153
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (224 KB) | HTML iconHTML

    The computer security community has advocated widespread adoption of secure communication tools to counter mass surveillance. Several popular personal communication tools (e.g., WhatsApp, iMessage) have adopted end-to-end encryption, and many new tools (e.g., Signal, Telegram) have been launched with security as a key selling point. However it remains unclear if users understand what protection th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Comparing the Usability of Cryptographic APIs

    Publication Year: 2017, Page(s):154 - 171
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (1279 KB) | HTML iconHTML

    Potentially dangerous cryptography errors are well-documented in many applications. Conventional wisdom suggests that many of these errors are caused by cryptographic Application Programming Interfaces (APIs) that are too complicated, have insecure defaults, or are poorly documented. To address this problem, researchers have created several cryptographic libraries that they claim are more usable, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SoK: Cryptographically Protected Database Search

    Publication Year: 2017, Page(s):172 - 191
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (306 KB) | HTML iconHTML

    Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IoT Goes Nuclear: Creating a ZigBee Chain Reaction

    Publication Year: 2017, Page(s):195 - 212
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (1689 KB) | HTML iconHTML

    Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will rapidly spread over large areas, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popula... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SoK: Exploiting Network Printers

    Publication Year: 2017, Page(s):213 - 230
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (707 KB) | HTML iconHTML

    The idea of a paperless office has been dreamed of for more than three decades. However, nowadays printers are still one of the most essential devices for daily work and common Internet users. Instead of removing them, printers evolved from simple devices into complex network computer systems, installed directly into company networks, and carrying considerable confidential data in their print jobs... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles

    Publication Year: 2017, Page(s):231 - 250
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (1726 KB) | HTML iconHTML

    Modern vehicles are required to comply with a range of environmental regulations limiting the level of emissions for various greenhouse gases, toxins and particulate matter. To ensure compliance, regulators test vehicles in controlled settings and empirically measure their emissions at the tailpipe. However, the black box nature of this testing and the standardization of its forms have created an ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Password Reset MitM Attack

    Publication Year: 2017, Page(s):251 - 267
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (387 KB) | HTML iconHTML

    We present the password reset MitM (PRMitM) attack and show how it can be used to take over user accounts. The PRMitM attack exploits the similarity of the registration and password reset processes to launch a man in the middle (MitM) attack at the application level. The attacker initiates a password reset process with a website and forwards every challenge to the victim who either wishes to regis... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Experimental Security Analysis of an Industrial Robot Controller

    Publication Year: 2017, Page(s):268 - 286
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (843 KB) | HTML iconHTML

    Industrial robots, automated manufacturing, and efficient logistics processes are at the heart of the upcoming fourth industrial revolution. While there are seminal studies on the vulnerabilities of cyber-physical systems in the industry, as of today there has been no systematic analysis of the security of industrial robot controllers. We examine the standard architecture of an industrial robot an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.