| 2016 | A Method for Verifying Privacy-Type Properties: The Unbounded Case. Lucca Hirschi, David Baelde, Stéphanie Delaune |
| 2016 | A Practical Oblivious Map Data Structure with Secure Deletion and History Independence. Daniel S. Roche, Adam J. Aviv, Seung Geol Choi |
| 2016 | A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level. Victor van der Veen, Enes Göktas, Moritz Contag, Andre Pawlowski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, Cristiano Giuffrida |
| 2016 | A2: Analog Malicious Hardware. Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd M. Austin, Dennis Sylvester |
| 2016 | Algorithmic Transparency via Quantitative Input Influence: Theory and Experiments with Learning Systems. Anupam Datta, Shayak Sen, Yair Zick |
| 2016 | Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication. Cas Cremers, Marko Horvat, Sam Scott, Thyla van der Merwe |
| 2016 | Back in Black: Towards Formal, Black Box Analysis of Sanitizers and Filters. George Argyros, Ioannis Stais, Aggelos Kiayias, Angelos D. Keromytis |
| 2016 | Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints. Pierre Laperdrix, Walter Rudametkin, Benoit Baudry |
| 2016 | CaSE: Cache-Assisted Secure Execution on ARM Processors. Ning Zhang, Kun Sun, Wenjing Lou, Yiwei Thomas Hou |
| 2016 | Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures. Roberto Guanciale, Hamed Nemati, Christoph Baumann, Mads Dam |
| 2016 | Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation. Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Bryan Parno |
| 2016 | Cloak of Visibility: Detecting When Machines Browse a Different Web. Luca Invernizzi, Kurt Thomas, Alexandros Kapravelos, Oxana Comanescu, Jean-Michel Picod, Elie Bursztein |
| 2016 | Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks. Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, Zhenkai Liang |
| 2016 | Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. Erik Bosman, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida |
| 2016 | Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks. Nicolas Papernot, Patrick D. McDaniel, Xi Wu, Somesh Jha, Ananthram Swami |
| 2016 | Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains. Chaz Lever, Robert J. Walls, Yacin Nadji, David Dagon, Patrick D. McDaniel, Manos Antonakakis |
| 2016 | Downgrade Resilience in Key-Exchange Protocols. Karthikeyan Bhargavan, Christina Brzuska, Cédric Fournet, Matthew Green, Markulf Kohlweiss, Santiago Zanella-Béguelin |
| 2016 | Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS. Kai Chen, Xueqiang Wang, Yi Chen, Peng Wang, Yeonjoon Lee, Xiaofeng Wang, Bin Ma, Aohui Wang, Yingjun Zhang, Wei Zou |
| 2016 | HDFI: Hardware-Assisted Data-Flow Isolation. Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, Yunheung Paek |
| 2016 | Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Ahmed E. Kosba, Andrew Miller, Elaine Shi, Zikai Wen, Charalampos Papamanthou |
| 2016 | Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study. Khaled Yakdan, Sergej Dechand, Elmar Gerhards-Padilla, Matthew Smith |
| 2016 | High-Speed Inter-Domain Fault Localization. Cristina Basescu, Yue-Hsun Lin, Haoming Zhang, Adrian Perrig |
| 2016 | I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security. Elissa M. Redmiles, Amelia R. Malone, Michelle L. Mazurek |
| 2016 | IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016 |
| 2016 | Inferring User Routes and Locations Using Zero-Permission Mobile Sensors. Sashank Narain, Triet D. Vo-Huu, Kenneth Block, Guevara Noubir |
| 2016 | Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning. Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, Bryan Ford |
| 2016 | Key Confirmation in Key Exchange: A Formal Treatment and Implications for TLS 1.3. Marc Fischlin, Felix Günther, Benedikt Schmidt, Bogdan Warinschi |
| 2016 | LAVA: Large-Scale Automated Vulnerability Addition. Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, William K. Robertson, Frederick Ulrich, Ryan Whelan |
| 2016 | MitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era. Qi Alfred Chen, Eric Osterweil, Matthew Thomas, Zhuoqing Morley Mao |
| 2016 | Multiple Handshakes Security of TLS 1.3 Candidates. Xinyu Li, Jing Xu, Zhenfeng Zhang, Dengguo Feng, Honggang Hu |
| 2016 | No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang |
| 2016 | On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud. William C. Garrison III, Adam Shull, Steven A. Myers, Adam J. Lee |
| 2016 | PhotoProof: Cryptographic Image Authentication for Any Set of Permissible Transformations. Assa Naveh, Eran Tromer |
| 2016 | Prepose: Privacy, Security, and Reliability for Gesture-Based Programming. Lucas Silva Figueiredo, Benjamin Livshits, David Molnar, Margus Veanes |
| 2016 | Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks. Kevin Z. Snow, Roman Rogowski, Jan Werner, Hyungjoon Koo, Fabian Monrose, Michalis Polychronakis |
| 2016 | Revisiting Square-Root ORAM: Efficient Random Access in Multi-party Computation. Samee Zahur, Xiao Wang, Mariana Raykova, Adrià Gascón, Jack Doerner, David Evans, Jonathan Katz |
| 2016 | SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis. Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Krügel, Giovanni Vigna |
| 2016 | Security Analysis of Emerging Smart Home Applications. Earlence Fernandes, Jaeyeon Jung, Atul Prakash |
| 2016 | Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search. Xiaojing Liao, Kan Yuan, Xiaofeng Wang, Zhongyu Pei, Hao Yang, Jianjun Chen, Hai-Xin Duan, Kun Du, Eihal Alowaisheq, Sumayah A. Alrwais, Luyi Xing, Raheem A. Beyah |
| 2016 | Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways. Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, Kevin R. B. Butler |
| 2016 | Shreds: Fine-Grained Execution Units with Private Memory. Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu |
| 2016 | SoK: Everyone Hates Robocalls: A Survey of Techniques Against Telephone Spam. Huahong Tu, Adam Doupé, Ziming Zhao, Gail-Joon Ahn |
| 2016 | SoK: Lessons Learned from Android Security Research for Appified Software Platforms. Yasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick D. McDaniel, Matthew Smith |
| 2016 | SoK: Towards Grounding Censorship Circumvention in Empiricism. Michael Carl Tschantz, Sadia Afroz, anonymous, Vern Paxson |
| 2016 | SoK: Verifiability Notions for E-Voting Protocols. Véronique Cortier, David Galindo, Ralf Küsters, Johannes Müller, Tomasz Truderung |
| 2016 | Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf. Xiaolong Bai, Luyi Xing, Nan Zhang, Xiaofeng Wang, Xiaojing Liao, Tongxin Li, Shi-Min Hu |
| 2016 | Synthesizing Plausible Privacy-Preserving Location Traces. Vincent Bindschaedler, Reza Shokri |
| 2016 | Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response. Zhen Huang, Mariana D'Angelo, Dhaval Miyani, David Lie |
| 2016 | TaoStore: Overcoming Asynchronicity in Oblivious Data Storage. Cetin Sahin, Victor Zakhary, Amr El Abbadi, Huijia Lin, Stefano Tessaro |
| 2016 | The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information. Suphannee Sivakorn, Iasonas Polakis, Angelos D. Keromytis |
| 2016 | TriggerScope: Towards Detecting Logic Bombs in Android Applications. Yanick Fratantonio, Antonio Bianchi, William K. Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna |
| 2016 | Users Really Do Plug in USB Drives They Find. Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, Michael D. Bailey |
| 2016 | Verena: End-to-End Integrity Protection for Web Applications. Nikolaos Karapanos, Alexandros Filios, Raluca Ada Popa, Srdjan Capkun |
| 2016 | Verifiable ASICs. Riad S. Wahby, Max Howald, Siddharth Garg, Abhi Shelat, Michael Walfish |
| 2016 | You Get Where You're Looking for: The Impact of Information Sources on Code Security. Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, Christian Stransky |
| 2016 | pASSWORD tYPOS and How to Correct Them Securely. Rahul Chatterjee, Anish Athayle, Devdatta Akhawe, Ari Juels, Thomas Ristenpart |