[详细介绍] 信息安全领域的四大顶会（S&P，USENIX，CCS，NDSS）

前言

最近想了解一下信息安全领域的顶级会议，故在此记录。

0. 四大顶级安全学术会议

如下：

S&P
Usenix Security
CCS
NDSS

这四个都是CCF A类会议（顶会）。

参考[1]，[2]。

1. S&P 介绍

1.1 基本信息

S&P 2019 的主页： http://www.ieee-security.org/TC/SP2019/

S&P全称：IEEE Symposium on Security and Privacy ，即IEEE安全和隐私专题研讨会。

S&P介绍如下：

Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The 2019 Symposium will mark the 40th annual meeting of this flagship conference.

大意是：自1980年，在呈现计算机安全和电子隐私发展，且集合该领域研究院和从业者上，S&P就已经是最著名的论坛了。2019 的S&P标志着这个旗舰（flagship）会议的第40届年会了。

S&P 2019 会议日程：前3天是专题研讨会，第4天是安全和隐私的 workshop。

The Symposium will be held on May 20-22, 2019, and the Security and Privacy Workshops will be held on May 23, 2019. Both events will be in San Francisco, CA at the Hyatt Regency.

S&P 接收的文章： https://www.computer.org/csdl/proceedings/sp/2019/6660/00/index.html

1.2 感兴趣的文章

整个S&P会议的dblp： https://dblp1.uni-trier.de/db/conf/sp/

1.2.1 2019年

Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems
Razzer: Finding Kernel Race Bugs through Fuzzing
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks

1.2.2 2018年

dblp主页：https://dblp1.uni-trier.de/db/conf/sp/sp2018.html

2018 Surveylance: Automatically Detecting Online Survey Scams
2018 Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage
2018 Mobile Application Web API Reconnaissance： Web-to-Mobile Inconsistencies & Vulnerabilities
2018 Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels
2018 Hackers vs. Testers： A Comparison of Software Vulnerability Discovery Processes

1.2.3 2017年

2017-VUDDY：A Scalable Approach for Vulnerable Code Clone Discovery
2017- Finding and Preventing Bugs in JavaScript Bindings

2. Usenix Security介绍

2.1 基本信息

Usenix Security 19 主页：https://www.usenix.org/conference/usenixsecurity19
在这里插入图片描述

其主页包括其call for paper 页面（https://www.usenix.org/conference/usenixsecurity19/call-for-papers ）都没有介绍自己这个会议。对于Usenix Security Symposium，我对其中的Usenix的含义很好奇，经查阅，参考 [3]，对Usenix解释如下：

The USENIX Association is the Advanced Computing Systems Association. It was founded in 1975 under the name “Unix Users Group,” focusing primarily on the study and development of Unix and similar systems. In June 1977, a lawyer from AT&T Corporation informed the group that they could not use the word UNIX as it was a trademark of Western Electric (the manufacturing arm of AT&T until 1995), which led to the change of name to USENIX.[1] It has since grown into a respected organization among practitioners, developers, and researchers of computer operating systems more generally. Since its founding, it has published a technical journal entitled ;login:.[2]

It sponsors several conferences and workshops each year, most notably the USENIX Symposium on Operating Systems Design and Implementation (OSDI), the USENIX Symposium on Networked Systems Design and Implementation (NSDI), the USENIX Annual Technical Conference, the USENIX Security Symposium, the USENIX Conference on File and Storage Technologies (FAST), and with LISA (formerly SAGE), the Large Installation System Administration Conference (LISA).

USENIX became the first computing association to provide open access to their conference and workshop papers in 2008.

大意是： USENIX是当今一个先进的计算系统协会（机构）的名称。其建立与1975年，最开始叫做：Unix Users Group，后来因为被AT&T公司告知不能使用UNIX （和公司商标冲突），所以改名叫做USENIX。
这个协会逐渐演变成著名协会，现在赞助了OSDI，NSDI，USENIX Security Symposium 等等国际著名会议。对了，USENIX从2008年就对其会议和workshop进行开源了（第一家这样干的计算协会），很有魄力。

2.2 感兴趣的文章

USENIX Security 2018 论文下载地址（在会议主页里面的论文栏中）：https://www.usenix.org/conference/usenixsecurity18/technical-sessions
其dblp地址：https://dblp1.uni-trier.de/db/conf/uss/uss2018.html

往届同理。

这是我看到过资料最全的会议。论文PDF+汇报PPT+全称录音，真的一应俱全。

2017 Adaptive Android Kernel Live Patching
2017 TrustBase： An Architecture to Repair and Strengthen Certificate-based Authentication
2018 From Patching Delays to Infection Symptoms： Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild
2018 FUZE： Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities
2018 Precise and Accurate Patch Presence Test for Binaries
2018 Understanding the Reproducibility of Crowd-reported Security Vulnerabilities
2018(PPT) ATtention Spanned：Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem
2018 ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem

3. CCS 介绍

3.1 基本信息

ACM CCS 2018 主页：http://www.sigsac.org/ccs/CCS2018/
其介绍：

The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high standard research conference in its area.

CCS，全称：ACM Conference on Computer and Communications Security，即ACM 计算和通信安全会议。CCS是ACM（全称 Association for Computing Machinery ，也叫做美国计算机协会）旗下安全，审计和控制（SIGSAC）领域的旗舰（顶尖，most important）年会。

感兴趣的文章

CCS历年会议的dblp主页：https://dblp.uni-trier.de/db/conf/ccs/

2017 A Large-Scale Empirical Study of Security Patches
2017 Hindsight： Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
2017 Identity Related Threats, Vulnerabilities and Risk Mitigation in Online Social Networks： A Tutorial
2017 Keep me Updated： An Empirical Study of Third-Party Library Updatability on Android
2017 Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic
2018 Check It Again： Detecting Lacking-Recheck Bugs in OS Kernels
2018 Debin：Predicting Debug Information in Stripped Binaries

4. NDSS 介绍

4.1 基本信息

NDSS 19 主页在：https://www.ndss-symposium.org/ndss2019/

主页很简洁，会议介绍为：

The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

大意是：
NDSS，全称： The Network and Distributed System Security Symposium，即网络和分布式系统专题研讨会。其促进了网络和分布式系统安全领域的研究者和从业者的信息交流（互换，exchange）。

会议的主要目标是：鼓励并促使Internet社区去应用，部署，推进可用的安全技术的状态。

4.2 感兴趣的文章

NDSS也是开源的。
NDSS 18 论文下载就在主页：https://www.ndss-symposium.org/ndss2018/programme/

NDSS的dblp主页在： https://dblp.uni-trier.de/db/conf/ndss/

2017 Address Oblivious Code Reuse： On the Effectiveness of Leakage Resilient Diversity
2017 Safelnit：Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities
2018 Bug Fixes, Improvements, … and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions
2018 InstaGuard： Instantly Deployable Hot-patches for Vulnerable System Programs on Android.

5 其他相关会议

暂不列出了，感觉多而不精不是好事。
这里也先不花时间整理了。

因为只要看对了一篇文章，就能从其参考文献，和引用它的文章中找到很多联系，如：这个研究领域的著名学者，实验室等。

所以有时候，终日而思，不如须臾之所学，也是真的。

悟了就是悟了

6 还有一些其他感兴趣的文章

Digtool：A Virtualization-Based Framework for Detecting Kernel Vulnerabilities
360入围USENIX Security 国际信息安全顶会迎来中国安全公司 http://www.techweb.com.cn/news/2017-08-17/2574700.shtml
中国企业的历史性突破 360安全研究成果被USENIX Security收录 https://bbs.360.cn/forum.php?mod=viewthread&tid=15113554
Adaptive Android Kernel Live Patching 百度安全亮相全球顶级学术会议USENIX Security，OASES移动安全方案倍受关注 https://baijiahao.baidu.com/s?id=1576490176943712301&wfr=spider&for=pc

7 总结

夜已深，先就这样吧。

参考文献

[1] 安全学术会议 https://www.sec-wiki.com/topic/60
[2] 2015年CCF分类会议 http://www.searchconf.net/conf/ccf/
[3] USENIX https://en.wikipedia.org/wiki/USENIX

优先看的论文：
InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android
Bug Fixes, Improvements, … and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions

创作时间：2019年02月17日 22:58:58
修改时间：2019年2月18日19:02:59