The accepted papers are:

Domain Validation ++ for MitM-Resilient PKI
Authors: Markus Brand, Tianxiang Dai, Amit Klein, Haya Shulman, Michael Waidner
In: ACM SIGSAG Conference on Computer and Communications Security (ACM CCS), Toronto, Canada, Oktober 2018
Abstract
The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a very weak offpath attacker can subvert the trustworthiness of popular commercially used CAs. We propose countermeasures to mitigate our attacks.

Path MTU Discovery Considered Harmful
Authors: Matthias Göhring, Haya Shulman, Michael Waidner
In: 38th IEEE International Conference on Distributed Computing Systems (IEEE ICDCS, Wien, Österreich, Juli 2018
Abstract
Path MTU Discovery (PMTUD) allows to optimize the performance in the Internet by identifying the maximal packet size that can be transmitted through a network. In this work we explore the benefits versus drawbacks of PMTUD in the Internet from the clients and servers perspective. First, we examine the fraction of clients that use PMTUD. To that end we analyse ICMP PTB messages in CAIDA Internet Traces and show that the fraction of networks using PMTUD is negligible and that this number is further decreasing over the period of 2008 – 2016. Second, we evaluate the fraction of popular web servers that support the PMTUD mechanism and show that a large number of the servers block "ICMP packet too big'' messages. On the other hand, we show easy and efficient – even though well-known – degradation of service attacks that exploit the availability of PMTUD. Since the benefit of PMTUD is questionable, and in contrast it exposes to degradation of service attacks, we advocate to stop using it. As with any new change in the Internet, the implications of our recommendation should be carefully evaluated and gradually implemented. In the meanwhile, we provide recommendations for mitigations against the degradation of service attacks.

Practical Experience: Methodologies for Measuring Route Origin Validation
Authors: Tomas Hlavacek, Amir Herzberg, Haya Shulman, Michael Waidner
In: IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE DSN), Luxembourg, Juni 2018
Abstract
Performing Route Origin Validation (ROV) to filter BGP announcements, which contradict Route Origin Authorizations (ROAs) is critical for protection against BGP prefix hijacks. Recent works quantified ROV enforcing Autonomous Systems (ASes) using control-plane experiments. In this work we show that control-plane experiments do not provide accurate information about ROV-enforcing ASes. We devise data-plane approaches for evaluating ROV in the Internet and perform both control and data-plane experiments using different data acquisition sources. We perform simulations with the ROV-enforcing ASes that we identified, and find that their impact on the Internet security against prefix hijacks is negligible. As a countermeasure we provide recommendations how to cope with the main factor hindering wide adoption of ROV.

Further informationen on the flagship project "Secure Internet Infrastructures"