| 2016 | 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016 |
| 2016 | A Simple Generic Attack on Text Captchas. Haichang Gao, Jeff Yan, Fang Cao, Zhengya Zhang, Lei Lei, Mengyun Tang, Ping Zhang, Xin Zhou, Xuqin Wang, Jiawei Li |
| 2016 | Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces. Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, Ryan D. Riley |
| 2016 | Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications. Avinash Sudhodanan, Alessandro Armando, Roberto Carbone, Luca Compagna |
| 2016 | Attacking the Network Time Protocol. Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, Sharon Goldberg |
| 2016 | Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services. Chaoshun Zuo, Wubing Wang, Zhiqiang Lin, Rui Wang |
| 2016 | Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers. Weilin Xu, Yanjun Qi, David Evans |
| 2016 | CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds. Yossi Gilad, Amir Herzberg, Michael Sudkovitch, Michael Goberman |
| 2016 | Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-Wire. Teryl Taylor, Kevin Z. Snow, Nathan Otterness, Fabian Monrose |
| 2016 | Centrally Banked Cryptocurrencies. George Danezis, Sarah Meiklejohn |
| 2016 | CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities. Ahmet Salih Buyukkayhan, Kaan Onarlioglu, William K. Robertson, Engin Kirda |
| 2016 | Dependence Makes You Vulnberable: Differential Privacy Under Dependent Tuples. Changchang Liu, Supriyo Chakraborty, Prateek Mittal |
| 2016 | Differentially Private Password Frequency Lists. Jeremiah Blocki, Anupam Datta, Joseph Bonneau |
| 2016 | Do You See What I See? Differential Treatment of Anonymous Users. Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Damon McCoy, Vern Paxson, Steven J. Murdoch |
| 2016 | Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy. Jakub Czyz, Matthew J. Luckie, Mark Allman, Michael D. Bailey |
| 2016 | Driller: Augmenting Fuzzing Through Selective Symbolic Execution. Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna |
| 2016 | Efficient Private Statistics with Succinct Sketches. Luca Melis, George Danezis, Emiliano De Cristofaro |
| 2016 | Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding. Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany, Thorsten Holz |
| 2016 | Enabling Practical Software-defined Networking Security Applications with OFX. John Sonchack, Jonathan M. Smith, Adam J. Aviv, Eric Keller |
| 2016 | Enforcing Kernel Security Invariants with Data Flow Integrity. Chengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, Taesoo Kim, Wenke Lee |
| 2016 | Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem. Alex Biryukov, Dmitry Khovratovich |
| 2016 | Extract Me If You Can: Abusing PDF Parsers in Malware Detectors. Curtis Carmony, Xunchao Hu, Heng Yin, Abhishek Vasisht Bhaskar, Mu Zhang |
| 2016 | FLEXDROID: Enforcing In-App Privilege Separation in Android. Jaebaek Seo, Daehyeok Kim, Donghyun Cho, Insik Shin, Taesoo Kim |
| 2016 | Forwarding-Loop Attacks in Content Delivery Networks. Jianjun Chen, Xiaofeng Zheng, Hai-Xin Duan, Jinjin Liang, Jian Jiang, Kang Li, Tao Wan, Vern Paxson |
| 2016 | Free for All! Assessing User Data Exposure to Advertising Libraries on Android. Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang, Carl A. Gunter |
| 2016 | Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy. Vitor Monte Afonso, Paulo L. de Geus, Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna, Adam Doupé, Mario Polino |
| 2016 | Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques. Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden |
| 2016 | How to Make ASLR Win the Clone Wars: Runtime Re-Randomization. Kangjie Lu, Wenke Lee, Stefan Nürnberger, Michael Backes |
| 2016 | IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware. Michelle Y. Wong, David Lie |
| 2016 | It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services. M. Zubair Rafique, Tom van Goethem, Wouter Joosen, Christophe Huygens, Nick Nikiforakis |
| 2016 | Keynote: On Subverting Trust. Matthew D. Green |
| 2016 | Killed by Proxy: Analyzing Client-end TLS Interception Software. Xavier de Carné de Carnavalet, Mohammad Mannan |
| 2016 | Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. Yuru Shao, Qi Alfred Chen, Zhuoqing Morley Mao, Jason Ott, Zhiyun Qian |
| 2016 | LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis. Chad Spensky, Hongyi Hu, Kevin Leach |
| 2016 | Leakage-Resilient Layout Randomization for Mobile Devices. Kjell Braden, Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Stephen Crane, Michael Franz, Per Larsen |
| 2016 | Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android. Xiao Zhang, Kailiang Ying, Yousra Aafer, Zhenshen Qiu, Wenliang Du |
| 2016 | LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships. Changchang Liu, Prateek Mittal |
| 2016 | Measuring and Mitigating AS-level Adversaries Against Tor. Rishab Nithyanand, Oleksii Starov, Phillipa Gill, Adva Zair, Michael Schapira |
| 2016 | OpenSGX: An Open Platform for SGX Research. Prerit Jain, Soham Jayesh Desai, Ming-Wei Shih, Taesoo Kim, Seong-min Kim, Jae-Hyuk Lee, Changho Choi, Youjung Shin, Brent ByungHoon Kang, Dongsu Han |
| 2016 | Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks. Otto Huhta, Swapnil Udar, Mika Juuti, Prakash Shrestha, Nitesh Saxena, N. Asokan |
| 2016 | Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems. Altaf Shaik, Jean-Pierre Seifert, Ravishankar Borgaonkar, N. Asokan, Valtteri Niemi |
| 2016 | Privacy-Preserving Shortest Path Computation. David J. Wu, Joe Zimmerman, Jérémy Planul, John C. Mitchell |
| 2016 | ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting. Shiqing Ma, Xiangyu Zhang, Dongyan Xu |
| 2016 | Protecting C++ Dynamic Dispatch Through VTable Interleaving. Dimitar Bounov, Rami Gökhan Kici, Sorin Lerner |
| 2016 | SIBRA: Scalable Internet Bandwidth Reservation Architecture. Cristina Basescu, Raphael M. Reischuk, Pawel Szalachowski, Adrian Perrig, Yao Zhang, Hsu-Chun Hsiao, Ayumu Kubota, Jumpei Urakawa |
| 2016 | SKEE: A lightweight Secure Kernel-level Execution Environment for ARM. Ahmed M. Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, Peng Ning |
| 2016 | SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks. Min Suk Kang, Virgil D. Gligor, Vyas Sekar |
| 2016 | TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication. Ralph Holz, Johanna Amann, Olivier Mehani, Mohamed Ali Kâafar, Matthias Wachs |
| 2016 | The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads. Wei Meng, Ren Ding, Simon P. Chung, Steven Han, Wenke Lee |
| 2016 | Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. Daming D. Chen, Maverick Woo, David Brumley, Manuel Egele |
| 2016 | Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security. Sungmin Hong, Robert Baykov, Lei Xu, Srinath Nadimpalli, Guofei Gu |
| 2016 | Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses. Anupam Das, Nikita Borisov, Matthew Caesar |
| 2016 | Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH. Karthikeyan Bhargavan, Gaëtan Leurent |
| 2016 | VISIBLE: Video-Assisted Keystroke Inference from Tablet Backside Motion. Jingchao Sun, Xiaocong Jin, Yimin Chen, Jinxue Zhang, Yanchao Zhang, Rui Zhang |
| 2016 | VTrust: Regaining Trust on Virtual Calls. Chao Zhang, Dawn Song, Scott A. Carr, Mathias Payer, Tongxin Li, Yu Ding, Chengyu Song |
| 2016 | Website Fingerprinting at Internet Scale. Andriy Panchenko, Fabian Lanze, Jan Pennekamp, Thomas Engel, Andreas Zinnen, Martin Henze, Klaus Wehrle |
| 2016 | What Mobile Ads Know About Mobile Users. Sooel Son, Daehyeok Kim, Vitaly Shmatikov |
| 2016 | When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors. Charles Smutz, Angelos Stavrou |
| 2016 | Who Are You? A Statistical Approach to Measuring User Authenticity. David Freeman, Sakshi Jain, Markus Dürmuth, Battista Biggio, Giorgio Giacinto |
| 2016 | Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems. David Formby, Preethi Srinivasan, Andrew M. Leonard, Jonathan D. Rogers, Raheem A. Beyah |
| 2016 | You are a Game Bot!: Uncovering Game Bots in MMORPGs via Self-similarity in the Wild. Eunjo Lee, Jiyoung Woo, Hyoungshick Kim, Aziz Mohaisen, Huy Kang Kim |
| 2016 | discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code. Sebastian Eschweiler, Khaled Yakdan, Elmar Gerhards-Padilla |