default search action
31st USENIX Security Symposium 2022
- Kevin R. B. Butler, Kurt Thomas:
31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022. USENIX Association 2022, ISBN 978-1-939133-31-1
Measurement I: Network
- Hyeonmin Lee, Md. Ishtiaq Ashiq, Moritz Müller, Roland van Rijswijk-Deij, Ted Taekyoung Kwon, Taejoong Chung:
Under the Hood of DANE Mismanagement in SMTP. 1-16 - Yi Chen, Di Tang, Yepeng Yao, Mingming Zha, XiaoFeng Wang, Xiaozhong Liu, Haixu Tang, Dongfang Zhao:
Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change Requests. 17-34 - Guannan Liu, Xing Gao, Haining Wang, Kun Sun:
Exploring the Unchartered Space of Container Registry Typosquatting. 35-51 - Brian Kondracki, Johnny So, Nick Nikiforakis:
Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots. 53-70
Kernel Security
- Kyle Zeng, Yueqi Chen, Haehyun Cho, Xinyu Xing, Adam Doupé, Yan Shoshitaishvili, Tiffany Bao:
Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability. 71-88 - Sungbae Yoo, Jinbum Park, Seolheui Kim, Yeji Kim, Taesoo Kim:
In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authentication. 89-106 - Atri Bhattacharyya, Uros Tesic, Mathias Payer:
Midas: Systematic Kernel TOCTTOU Protection. 107-124 - Jian Liu, Lin Yi, Weiteng Chen, Chengyu Song, Zhiyun Qian, Qiuping Yi:
LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution. 125-142
Web Security I: Vulnerabilities
- Song Li, Mingqing Kang, Jianwei Hou, Yinzhi Cao:
Mining Node.js Vulnerabilities via Object Dependence Graph and Query. 143-160 - Ranjita Pai Kasturi, Jonathan Fuller, Yiting Sun, Omar Chabklo, Andres Rodriguez, Jeman Park, Brendan Saltaformaggio:
Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces. 161-178 - Seyed Ali Mirheidari, Matteo Golinelli, Kaan Onarlioglu, Engin Kirda, Bruno Crispo:
Web Cache Deception Escalates! 179-196 - Sunnyeo Park, Daejun Kim, Suman Jana, Sooel Son:
FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities. 197-214
Crypto I: Attacking Implementations
- Marcel Maehren, Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky, Jörg Schwenk:
TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries. 215-232 - George Arnold Sullivan, Jackson Sippe, Nadia Heninger, Eric Wustrow:
Open to a fault: On the passive compromise of TLS keys via transient errors. 233-250 - Alon Shakevsky, Eyal Ronen, Avishai Wool:
Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design. 251-268 - Martin R. Albrecht, Raphael Eikenberg, Kenneth G. Paterson:
Breaking Bridgefy, again: Adopting libsignal is not enough. 269-286
User Studies I: At-Risk Users
- Kovila P. L. Coopamootoo, Maryam Mehrnezhad, Ehsan Toreini:
"I feel invaded, annoyed, anxious and I may protect myself": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country. 287-304 - Christine Geeng, Mike Harris, Elissa M. Redmiles, Franziska Roesner:
"Like Lesbians Walking the Perimeter": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice. 305-322 - Julia Slupska, Selina Y. Cho, Marissa Begonia, Ruba Abu-Salma, Nayanatara Prakash, Mallika Balakrishnan:
"They Look at Vulnerability and Use That to Abuse You": Participatory Threat Modelling with Migrant Domestic Workers. 323-340 - Julia Slupska, Angelika Strohmayer:
Networks of Care: Tech Abuse Advocates' Digital Security Practices. 341-358
Software Vulnerabilities
- Nikolaos Alexopoulos, Manuel Brack, Jan Philipp Wagner, Tim Grube, Max Mühlhäuser:
How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes. 359-376 - Octavian Suciu, Connor Nelson, Zhuoer Lyu, Tiffany Bao, Tudor Dumitras:
Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits. 377-394 - Qiushi Wu, Yue Xiao, Xiaojing Liao, Kangjie Lu:
OS-Aware Vulnerability Prioritization via Differential Severity Analysis. 395-412 - Jayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang, Christophe Hauser, Yan Shoshitaishvili:
Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs. 413-430
Network Security I: Scanning & Censorship
- Raphael Hiesgen, Marcin Nawrocki, Alistair King, Alberto Dainotti, Thomas C. Schmidt, Matthias Wählisch:
Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope. 431-448 - Abhishek Bhaskar, Paul Pearce:
Many Roads Lead To Rome: How Packet Headers Influence DNS Censorship Measurement. 449-464 - Michael Harrity, Kevin Bock, Frederick Sell, Dave Levin:
GET /out: Automated Discovery of Application-Layer Censorship Evasion Strategies. 465-483 - Diwen Xue, Reethika Ramesh, Arham Jain, Michalis Kallitsis, J. Alex Halderman, Jedidiah R. Crandall, Roya Ensafi:
OpenVPN is Open to VPN Fingerprinting. 483-500
Differential Privacy
- Andrea Gadotti, Florimond Houssiau, Meenatchi Sundaram Muthu Selva Annamalai, Yves-Alexandre de Montjoye:
Pool Inference Attacks on Local Differential Privacy: Quantifying the Privacy Guarantees of Apple's Count Mean Sketch in Practice. 501-518 - Yongji Wu, Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong:
Poisoning Attacks to Local Differential Privacy Protocols for Key-Value Data. 519-536 - Jacob Imola, Takao Murakami, Kamalika Chaudhuri:
Communication-Efficient Triangle Counting under Local Differential Privacy. 537-554 - Maya Dotan, Saar Tochner, Aviv Zohar, Yossi Gilad:
Twilight: A Differentially Private Payment Channel Network. 555-570
Measurement II: Auditing & Best Practices
- Ben Burgess, Avi Ginsberg, Edward W. Felten, Shaanan Cohney:
Watching the watchers: bias and vulnerability in remote proctoring software. 571-588 - J. Alex Halderman:
The Antrim County 2020 Election Incident: An Independent Forensic Investigation. 589-605 - Victor Le Pochat, Laura Edelson, Tom van Goethem, Wouter Joosen, Damon McCoy, Tobias Lauinger:
An Audit of Facebook's Political Ad Policy Enforcement. 607-624 - Qinge Xie, Shujun Tang, Xiaofeng Zheng, Qingran Lin, Baojun Liu, Haixin Duan, Frank Li:
Building an Open, Robust, and Stable Voting-Based Domain Top List. 625-642
Side Channels I: Hardware
- Moritz Lipp, Daniel Gruss, Michael Schwarz:
AMD Prefetch Attacks through Power and Time. 643-660 - Yi Han, Matthew Chan, Zahra Aref, Nils Ole Tippenhauer, Saman A. Zonouz:
Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring. 661-678 - Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W. Fletcher, David Kohlbrenner:
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86. 679-697 - Zirui Neil Zhao, Adam Morrison, Christopher W. Fletcher, Josep Torrellas:
Binoculars: Contention-Based Side-Channel Attacks Exploiting the Page Walker. 699-716
Web Security II: Fingerprinting
- Konstantinos Solomos, Panagiotis Ilia, Soroush Karami, Nick Nikiforakis, Jason Polakis:
The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions. 717-733 - Soroush Karami, Faezeh Kalantari, Mehrnoosh Zaeifi, Xavier J. Maso, Erik Trickel, Panagiotis Ilia, Yan Shoshitaishvili, Adam Doupé, Jason Polakis:
Unleash the Simulacrum: Shifting Browser Realities for Robust Extension-Fingerprinting Prevention. 735-752 - Giovanni Cherubin, Rob Jansen, Carmela Troncoso:
Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World. 753-770 - Jean-Pierre Smith, Luca Dolfi, Prateek Mittal, Adrian Perrig:
QCSD: A QUIC Client-Side Website-Fingerprinting Defence Framework. 771-789
Crypto II: Performance Improvements
- Mahimna Kelkar, Phi Hung Le, Mariana Raykova, Karn Seth:
Secure Poisson Regression. 791-808 - Zhicong Huang, Wen-jie Lu, Cheng Hong, Jiansheng Ding:
Cheetah: Lean and Fast Secure Two-Party Deep Neural Network Inference. 809-826 - Jean-Luc Watson, Sameer Wagh, Raluca Ada Popa:
Piranha: A GPU Platform for Secure Computation. 827-844 - Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, Nicola Tuveri:
OpenSSLNTRU: Faster post-quantum TLS key exchange. 845-862
User Studies II: Sharing
- Yijing Liu, Yan Jia, Qingyin Tan, Zheli Liu, Luyi Xing:
How Are Your Zombie Accounts? Understanding Users' Practices and Expectations on Mobile App Account Deletion. 863-880 - Eyitemi Moju-Igbene, Hanan Abdi, Alan Lu, Sauvik Das:
"How Do You Not Lose Friends?": Synthesizing a Design Space of Social Controls for Securing Shared Digital Resources Via Participatory Design Jams. 881-898 - Bailey Kacsmar, Kyle Tilbury, Miti Mazmudar, Florian Kerschbaum:
Caring about Sharing: User Perceptions of Multiparty Data Sharing. 899-916 - Masoud Mehrabi Koushki, Yue Huang, Julia Rubin, Konstantin Beznosov:
Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones. 917-935
Hardware Security I: Attacks & Defenses
- David Schrammel, Samuel Weiser, Richard Sadek, Stefan Mangard:
Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. 936-952 - Gökçen Yilmaz Dayanikli, Sourav Sinha, Devaprakash Muniraj, Ryan M. Gerdes, Mazen Farhood, Mani Mina:
Physical-Layer Attacks Against Pulse Width Modulation-Controlled Actuators. 953-970 - Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, Cristiano Giuffrida:
Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks. 971-988 - Andrei Tatar, Daniël Trujillo, Cristiano Giuffrida, Herbert Bos:
TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering. 989-1007
Fuzzing I: Networks
- Sunwoo Kim, Young Min Kim, Jaewon Hur, Suhwan Song, Gwangmu Lee, Byoungyoung Lee:
FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing. 1008-1023 - Matheus E. Garbelini, Vaibhav Bedi, Sudipta Chattopadhyay, Sumei Sun, Ernest Kurniawan:
BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing. 1025-1042 - Johannes Krupp, Ilya Grishchenko, Christian Rossow:
AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities. 1043-1060 - Bahruz Jabiyev, Steven Sprecher, Anthony Gavazzi, Tommaso Innocenti, Kaan Onarlioglu, Engin Kirda:
FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies. 1061-1075
Smart Homes I
- Yan Meng, Jiachun Li, Matthew Pillari, Arjun Deopujari, Liam Brennan, Hafsah Shamsie, Haojin Zhu, Yuan Tian:
Your Microphone Array Retains Your Identity: A Robust Voice Liveness Detection System for Smart Speakers. 1077-1094 - Rahul Anand Sharma, Elahe Soltanaghaei, Anthony Rowe, Vyas Sekar:
Lumos: Identifying and Localizing Diverse Hidden IoT Devices in an Unfamiliar Environment. 1095-1112 - Jeffrey Young, Song Liao, Long Cheng, Hongxin Hu, Huixing Deng:
SkillDetective: Automated Policy-Violation Detection of Voice Assistant Applications in the Wild. 1113-1130 - Ruiwen He, Xiaoyu Ji, Xinfeng Li, Yushi Cheng, Wenyuan Xu:
"OK, Siri" or "Hey, Google": Evaluating Voiceprint Distinctiveness via Content-based PROLE Score. 1131-1148
Measurement III
- Xander Bouwman, Victor Le Pochat, Pawel Foremski, Tom van Goethem, Carlos Hernandez Gañán, Giovane C. M. Moura, Samaneh Tajalizadehkhoob, Wouter Joosen, Michel van Eeten:
Helping hands: Measuring the impact of a large threat intelligence sharing community. 1149-1165 - Yun Shen, Pierre-Antoine Vervier, Gianluca Stringhini:
A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned. 1167-1184 - Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan:
A Large-scale and Longitudinal Measurement Study of DKIM Deployment. 1185-1201 - Renuka Kumar, Apurva Virkud, Ram Sundara Raman, Atul Prakash, Roya Ensafi:
A Large-scale Investigation into Geodifferences in Mobile Apps. 1203-1220
Fuzzing II: Low-Level
- Alexander Bulekov, Bandan Das, Stefan Hajnoczi, Manuel Egele:
Morphuzz: Bending (Input) Space to Fuzz Virtual Devices. 1221-1238 - Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, Ali Abbasi:
Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing. 1239-1256 - Cheolwoo Myung, Gwangmu Lee, Byoungyoung Lee:
MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference. 1257-1274 - Zekun Shen, Ritik Roongta, Brendan Dolan-Gavitt:
Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds. 1275-1290
Wireless Security
- Martin Kotuliak, Simon Erni, Patrick Leu, Marc Röschlin, Srdjan Capkun:
LTrack: Stealthy Tracking of Mobile Phones in LTE. 1291-1306 - Sangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, Yongdae Kim:
Watching the Watchers: Practical Video Identification Attack in LTE Networks. 1307-1324 - CheolJun Park, Sangwook Bae, Beomseok Oh, Jiho Lee, Eunkyu Lee, Insu Yun, Yongdae Kim:
DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices. 1325-1342 - Patrick Leu, Giovanni Camurati, Alexander Heinrich, Marc Roeschlin, Claudio Anliker, Matthias Hollick, Srdjan Capkun, Jiska Classen:
Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB Ranging. 1343-1359
ML I: Federated Learning
- Nishanth Chandran, Divya Gupta, Sai Lakshmi Bhavana Obbattu, Akash Shah:
SIMC: ML Inference Secure Against Malicious Clients at Semi-Honest Cost. 1361-1378 - Timothy Stevens, Christian Skalka, Christelle Vincent, John H. Ring, Samuel Clark, Joseph P. Near:
Efficient Differentially Private Secure Aggregation for Federated Learning via Hardness of Learning with Errors. 1379-1395 - Chong Fu, Xuhong Zhang, Shouling Ji, Jinyin Chen, Jingzheng Wu, Shanqing Guo, Jun Zhou, Alex X. Liu, Ting Wang:
Label Inference Attacks Against Vertical Federated Learning. 1397-1414 - Thien Duc Nguyen, Phillip Rieger, Huili Chen, Hossein Yalame, Helen Möllering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Shaza Zeitouni, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider:
FLAME: Taming Backdoors in Federated Learning. 1415-1432
Deanonymization
- Xinyu Tang, Saeed Mahloujifar, Liwei Song, Virat Shejwalkar, Milad Nasr, Amir Houmansadr, Prateek Mittal:
Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture. 1433-1450 - Theresa Stadler, Bristena Oprisanu, Carmela Troncoso:
Synthetic Data - Anonymisation Groundhog Day. 1451-1468 - Aloni Cohen:
Attacks on Deidentification's Defenses. 1469-1486 - Xiaojie Guo, Ye Han, Zheli Liu, Ding Wang, Yan Jia, Jin Li:
Birds of a Feather Flock Together: How Set Bias Helps to Deanonymize You via Revealed Intersection Sizes. 1487-1504 - Mojtaba Zaheri, Yossi Oren, Reza Curtmola:
Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses. 1505-1523
Mobile Security
- Sigmund Albert Gorski III, Seaver Thorn, William Enck, Haining Chen:
FReD: Identifying File Re-Delegation in Android System Services. 1525-1542 - Kai Wang, Richard Mitev, Chen Yan, Xiaoyu Ji, Ahmad-Reza Sadeghi, Wenyuan Xu:
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch. 1543-1559 - Abdullah Imran, Habiba Farrukh, Muhammad Ibrahim, Z. Berkay Celik, Antonio Bianchi:
SARA: Secure Android Remote Authorization. 1561-1578 - Jianfeng Li, Hao Zhou, Shuohan Wu, Xiapu Luo, Ting Wang, Xian Zhan, Xiaobo Ma:
FOAP: Fine-Grained Open-World Android App Fingerprinting. 1579-1596 - Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, Min Yang:
Identity Confusion in WebView-based Mobile App-in-app Ecosystems. 1597-1613
Web Security III: Bots & Authentication
- Cormac Herley:
Automated Detection of Automated Traffic. 1615-1632 - Ruofan Liu, Yun Lin, Xianglin Yang, Siang Hwee Ng, Dinil Mon Divakaran, Jin Song Dong:
Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach. 1633-1650 - Xu Lin, Panagiotis Ilia, Saumya Solanki, Jason Polakis:
Phish in Sheep's Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting. 1651-1668 - Jaron Mink, Licheng Luo, Natã M. Barbosa, Olivia Figueira, Yang Wang, Gang Wang:
DeepPhish: Understanding User Trust Towards Artificially Generated Profiles in Online Social Networks. 1669-1686 - Matteo Cardaioli, Stefano Cecconello, Mauro Conti, Simone Milani, Stjepan Picek, Eugen Saraci:
Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand. 1687-1704
Crypto III: Private Matching & Lookups
- Anunay Kulshrestha, Jonathan R. Mayer:
Estimating Incidental Collection in Foreign Intelligence Surveillance: Large-Scale Multiparty Private Set Intersection with Union and Sum. 1705-1722 - Rasoul Akhavan Mahdavi, Florian Kerschbaum:
Constant-weight PIR: Single-round Keyword PIR via Constant-weight Equality Operators. 1723-1740 - Yiping Ma, Ke Zhong, Tal Rabin, Sebastian Angel:
Incremental Offline/Online PIR. 1741-1758 - Daniel Günther, Maurice Heymann, Benny Pinkas, Thomas Schneider:
GPU-accelerated PIR with Client-Independent Preprocessing for Large-Scale Applications. 1759-1776 - Yiqing Hua, Armin Namavari, Kaishuo Cheng, Mor Naaman, Thomas Ristenpart:
Increasing Adversarial Uncertainty to Scale Private Similarity Testing. 1777-1794
Passwords
- Avinash Sudhodanan, Andrew Paverd:
Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web. 1795-1812 - Asuman Senol, Gunes Acar, Mathias Humbert, Frederik J. Zuiderveen Borgesius:
Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission. 1813-1830 - Bijeeta Pal, Mazharul Islam, Marina Sanusi Bohuk, Nick Sullivan, Luke Valenta, Tara Whalen, Christopher A. Wood, Thomas Ristenpart, Rahul Chatterjee:
Might I Get Pwned: A Second Generation Compromised Credential Checking Service. 1831-1848 - Peter Mayer, Collins W. Munyendo, Michelle L. Mazurek, Adam J. Aviv:
Why Users (Don't) Use Password Managers at a Large Educational Institution. 1849-1866 - Marina Sanusi Bohuk, Mazharul Islam, Suleman Ahmad, Michael M. Swift, Thomas Ristenpart, Rahul Chatterjee:
Gossamer: Securely Measuring Password-based Logins. 1867-1884
Smart Vehicles
- Ce Zhou, Qiben Yan, Yan Shi, Lichao Sun:
DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems. 1885-1902 - R. Spencer Hallyburton, Yupei Liu, Yulong Cao, Z. Morley Mao, Miroslav Pajic:
Security Analysis of Camera-LiDAR Fusion Against Black-Box Attacks on Autonomous Vehicles. 1903-1920 - Lei Xue, Yangyang Liu, Tianqi Li, Kaifa Zhao, Jianfeng Li, Le Yu, Xiapu Luo, Yajin Zhou, Guofei Gu:
SAID: State-aware Defense Against Injection Attacks on In-vehicle Network. 1921-1938 - Le Yu, Yangyang Liu, Pengfei Jing, Xiapu Luo, Lei Xue, Kaifa Zhao, Yajin Zhou, Ting Wang, Guofei Gu, Sen Nie, Shi Wu:
Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols. 1939-1956 - Chen Yan, Zhijian Xu, Zhanyuan Yin, Xiaoyu Ji, Wenyuan Xu:
Rolling Colors: Adversarial Laser Exploits against Traffic Light Recognition. 1957-1974
Web Security IV: Defenses
- Jay Bosamiya, Wen Shih Lim, Bryan Parno:
Provably-Safe Multilingual Software Sandboxing using WebAssembly. 1975-1992 - Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Yinzhi Cao, Ziwen Wang, Yudi Zhao, Zongan Huang, Min Yang:
Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches. 1993-2010 - Yunang Chen, Yue Gao, Nick Ceccio, Rahul Chatterjee, Kassem Fawaz, Earlence Fernandes:
Experimental Security Analysis of the App Model in Business Collaboration Platforms. 2011-2028 - Phakpoom Chinprutthiwong, Jianwei Huang, Guofei Gu:
SWAPP: A New Programmable Playground for Web Application Security. 2029-2046 - Sebastian Roth, Stefano Calzavara, Moritz Wilhelm, Alvise Rabitti, Ben Stock:
The Security Lottery: Measuring Client-Side Web Security Inconsistencies. 2047-2064
ML II
- Chong Xiang, Saeed Mahloujifar, Prateek Mittal:
PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image Classifier. 2065-2082 - Andrea Marcelli, Mariano Graziano, Xabier Ugarte-Pedrero, Yanick Fratantonio, Mohamad Mansouri, Davide Balzarotti:
How Machine Learning Is Solving the Binary Function Similarity Problem. 2099-2116 - Huiying Li, Shawn Shan, Emily Wenger, Jiayun Zhang, Haitao Zheng, Ben Y. Zhao:
Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks. 2117-2134 - Ruoyu Wu, Taegyu Kim, Dave (Jing) Tian, Antonio Bianchi, Dongyan Xu:
DnD: A Cross-Architecture Deep Neural Network Decompiler. 2135-2152
Measurement IV
- Alejandro Cuevas, Fieke Miedema, Kyle Soska, Nicolas Christin, Rolf van Wegberg:
Measurement by Proxy: On the Accuracy of Online Marketplace Measurements. 2153-2170 - Andrew Chu, Arjun Arunasalam, Muslum Ozgur Ozmen, Z. Berkay Celik:
Behind the Tube: Exploitative Monetization of Content on YouTube. 2171-2188 - Savino Dambra, Iskander Sánchez-Rola, Leyla Bilge, Davide Balzarotti:
When Sally Met Trackers: Web Tracking From the Users' Perspective. 2189-2206 - George Kappos, Haaroon Yousaf, Rainer Stütz, Sofia Rollet, Bernhard Haslhofer, Sarah Meiklejohn:
How to Peel a Million: Validating and Expanding Bitcoin Clusters. 2207-2223
Hardware Security II: Embedded
- Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, Qi Li:
RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. 2225-2242 - Esmerald Aliaj, Ivan De Oliveira Nunes, Gene Tsudik:
GAROTA: Generalized Active Root-Of-Trust Architecture (for Tiny Embedded Devices). 2243-2260 - David Cerdeira, José Martins, Nuno Santos, Sandro Pinto:
ReZone: Disarming TrustZone with TEE Privilege Reduction. 2261-2279 - Yufei Du, Zhuojia Shen, Komail Dharsee, Jie Zhou, Robert J. Walls, John Criswell:
Holistic Control-Flow Protection on Real-Time Embedded Systems with Kage. 2281-2298
Client-Side Security
- Nirvan Tyagi, Julia Len, Ian Miers, Thomas Ristenpart:
Orca: Blocklisting in Sender-Anonymous Messaging. 2299-2316 - Shubham Jain, Ana-Maria Cretu, Yves-Alexandre de Montjoye:
Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning. 2317-2334 - Rawane Issa, Nicolas Alhaddad, Mayank Varia:
Hecate: Abuse Reporting in Secure Messengers with Sealed Sender. 2335-2352 - Long Chen, Ya-Nan Li, Qiang Tang, Moti Yung:
End-to-Same-End Encryption: Modularly Augmenting an App with an Efficient, Portable, and Blind Cloud Storage. 2353-2370
Crypto IV: Databases & Logging
- Jiafan Wang, Sherman S. M. Chow:
Omnes pro uno: Practical Multi-Writer Encrypted Database. 2371-2388 - Viet Tung Hoang, Cong Wu, Xin Yuan:
Faster Yet Safer: Logging System Via Fixed-Key Blockcipher. 2389-2406 - Simon Oya, Florian Kerschbaum:
IHOP: Improved Statistical Query Recovery against Searchable Symmetric Encryption through Quadratic Optimization. 2407-2424 - Javad Ghareh Chamani, Dimitrios Papadopoulos, Mohammadamin Karbasforushan, Ioannis Demertzis:
Dynamic Searchable Encryption with Optimal Search in the Presence of Deletions. 2425-2442
Software Forensics
- Pubali Datta, Isaac Polinsky, Muhammad Adil Inam, Adam Bates, William Enck:
ALASTOR: Reconstructing the Provenance of Serverless Intrusions. 2443-2460 - Pengcheng Fang, Peng Gao, Changlin Liu, Erman Ayday, Kangkook Jee, Ting Wang, Yanfang (Fanny) Ye, Zhuotao Liu, Xusheng Xiao:
Back-Propagating System Dependency Impact for Attack Investigation. 2461-2478 - Chengbin Pang, Tiantai Zhang, Ruotong Yu, Bing Mao, Jun Xu:
Ground Truth for Binary Disassembly is Not Easy. 2479-2495 - Liang He, Hong Hu, Purui Su, Yan Cai, Zhenkai Liang:
FreeWill: Automatically Diagnosing Use-after-free Bugs via Reference Miscounting Detection on Binaries. 2497-2512
Information Flow
- Wen Li, Jiang Ming, Xiapu Luo, Haipeng Cai:
PolyCruise: A Cross-Language Dynamic Information Flow Analysis. 2513-2530 - Ju Chen, Wookhyun Han, Mingjun Yin, Haochen Zeng, Chengyu Song, Byoungyoung Lee, Heng Yin, Insik Shin:
SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis. 2531-2548 - Flavien Solt, Ben Gras, Kaveh Razavi:
CellIFT: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in RTL. 2549-2566 - Kaihang Ji, Jun Zeng, Yuancheng Jiang, Zhenkai Liang, Zheng Leong Chua, Prateek Saxena, Abhik Roychoudhury:
FlowMatrix: GPU-Assisted Information-Flow Analysis through Matrix-Based Representation. 2567-2584
Network Security II: Infrastructure
- Jiarong Xing, Kuo-Feng Hsu, Yiming Qiu, Ziyang Yang, Hongyi Liu, Ang Chen:
Bedrock: Programmable Network Support for Secure RDMA Systems. 2585-2600 - Henry Birge-Lee, Joel Wanner, Grace H. Cimaszewski, Jonghoon Kwon, Liang Wang, François Wirz, Prateek Mittal, Adrian Perrig, Yixin Sun:
Creating a Secure Underlay for the Internet. 2601-2618 - Xuewei Feng, Qi Li, Kun Sun, Zhiyun Qian, Gang Zhao, Xiaohui Kuang, Chuanpu Fu, Ke Xu:
Off-Path Network Traffic Manipulation via Revitalized ICMP Redirect Attacks. 2619-2636 - Katharina Kohls, Claudia Díaz:
VerLoc: Verifiable Localization in Decentralized Systems. 2637-2654
ML III
- Shimaa Ahmed, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz:
Towards More Robust Keyword Spotting for Voice Assistants. 2655-2672 - Changjiang Li, Li Wang, Shouling Ji, Xuhong Zhang, Zhaohan Xi, Shanqing Guo, Ting Wang:
Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era. 2673-2690 - Logan Blue, Kevin Warren, Hadi Abdullah, Cassidy Gibson, Luis Vargas, Jessica O'Dell, Kevin R. B. Butler, Patrick Traynor:
Who Are You (I Really Wanna Know)? Detecting Audio DeepFakes Through Vocal Tract Reconstruction. 2691-2708 - Sheng Yu, Yu Qu, Xunchao Hu, Heng Yin:
DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly. 2709-2725
Security Practitioners & Behaviors
- Alessandro Mantovani, Simone Aonzo, Yanick Fratantonio, Davide Balzarotti:
RE-Mind: a First Look Inside the Mind of a Reverse Engineer. 2727-2745 - Igibek Koishybayev, Aleksandr Nahapetyan, Raima Zachariah, Siddharth Muralee, Bradley Reaves, Alexandros Kapravelos, Aravind Machiry:
Characterizing the Security of Github CI Workflows. 2747-2763 - Kevin Burk, Fabio Pagani, Christopher Kruegel, Giovanni Vigna:
Decomperson: How Humans Decompile and What We Can Learn From It. 2765-2782 - Bushra A. AlAhmadi, Louise Axon, Ivan Martinovic:
99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms. 2783-2800
Side Channels II
- Alejandro Cabrera Aldaya, Billy Bob Brumley:
HyperDegrade: From GHz to MHz Effective CPU Frequencies. 2801-2818 - Aastha Mehta, Mohamed Alzayat, Roberta De Viti, Björn B. Brandenburg, Peter Druschel, Deepak Garg:
Pacer: Comprehensive Network Side-Channel Mitigation in the Cloud. 2819-2838 - Daniel Townley, Kerem Arikan, Yu David Liu, Dmitry Ponomarev, Oguz Ergin:
Composable Cachelets: Protecting Enclaves from Cache Side-Channel Attacks. 2839-2856 - Miles Dai, Riccardo Paccagnella, Miguel Gomez-Garcia, John D. McCalpin, Mengjia Yan:
Don't Mesh Around: Side-Channel Attacks and Mitigations on Mesh Interconnects. 2857-2874
Web Security V: Tracking
- Sandra Siby, Umar Iqbal, Steven Englehardt, Zubair Shafiq, Carmela Troncoso:
WebGraph: Capturing Advertising and Tracking Information Flows for Robust Blocking. 2875-2892 - Dino Bollinger, Karel Kubicek, Carlos Cotrini, David A. Basin:
Automating Cookie Consent and GDPR Violation Detection. 2893-2910 - Umar Iqbal, Charlie Wolfe, Charles Nguyen, Steven Englehardt, Zubair Shafiq:
Khaleesi: Breaker of Advertising and Tracking Request Chains. 2911-2928 - Yunang Chen, Mohannad Alhanahnah, Andrei Sabelfeld, Rahul Chatterjee, Earlence Fernandes:
Practical Data Access Minimization in Trigger-Action Platforms. 2929-2945
Crypto V: Provers & Shuffling
- Yanxue Jia, Shifeng Sun, Hong-Sheng Zhou, Jiajun Du, Dawu Gu:
Shuffle-based Private Set Union: Faster and More Secure. 2947-2964 - Jiaheng Zhang, Tiancheng Xie, Thang Hoang, Elaine Shi, Yupeng Zhang:
Polynomial Commitment with a One-to-Many Prover and Applications. 2965-2982 - Ning Luo, Samuel Judson, Timos Antonopoulos, Ruzica Piskac, Xiao Wang:
ppSAT: Towards Two-Party Private SAT Solving. 2983-3000 - Shravan Srinivasan, Alexander Chepurnoy, Charalampos Papamanthou, Alin Tomescu, Yupeng Zhang:
Hyperproofs: Aggregating and Maintaining Proofs in Vector Commitments. 3001-3018
Security Analysis
- Fangming Gu, Qingli Guo, Lian Li, Zhiniang Peng, Wei Lin, Xiaobo Yang, Xiaorui Gong:
COMRace: Detecting Data Race Vulnerabilities in COM Objects. 3019-3036 - Seunghoon Woo, Hyunji Hong, Eunjin Choi, Heejo Lee:
MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components. 3037-3053 - Moritz Schloegel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten Holz, Ali Abbasi:
Loki: Hardening Code Obfuscation Against Automated Attacks. 3055-3073 - Simon Rohlmann, Christian Mainka, Vladislav Mladenov, Jörg Schwenk:
Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures. 3075-3092 - Chaoshun Zuo, Zhiqiang Lin:
Playing Without Paying: Detecting Vulnerable Payment Verification in Native Binaries of Unity Mobile Games. 3093-3110
SGX I & Side Channels III
- Lukas Giner, Andreas Kogler, Claudio Canella, Michael Schwarz, Daniel Gruss:
Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX. 3111-3127 - Jinyu Gu, Bojun Zhu, Mingyu Li, Wentai Li, Yubin Xia, Haibo Chen:
A Hardware-Software Co-design for Efficient Intra-Enclave Isolation. 3129-3145 - Tobias Cloosters, Johannes Willbold, Thorsten Holz, Lucas Davi:
SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing. 3147-3164 - Mohammadkazem Taram, Xida Ren, Ashish Venkat, Dean M. Tullsen:
SecSMT: Securing SMT Processors against Contention-Based Covert Channels. 3165-3182 - Shujiang Wu, Jianjia Yu, Min Yang, Yinzhi Cao:
Rendering Contention Channel Made Practical in Web Browsers. 3183-3199
Fuzzing III
- Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, Zhiyun Qian:
SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel. 3201-3217 - Rahul Kande, Addison Crump, Garrett Persyn, Patrick Jauernig, Ahmad-Reza Sadeghi, Aakash Tyagi, Jeyavijayan Rajendran:
TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities. 3219-3236 - Timothy Trippel, Kang G. Shin, Alex Chernyakhovsky, Garret Kelly, Dominic Rizzo, Matthew Hicks:
Fuzzing Hardware Like Software. 3237-3254 - Jinsheng Ba, Marcel Böhme, Zahra Mirzamomen, Abhik Roychoudhury:
Stateful Greybox Fuzzing. 3255-3272 - Bodong Zhao, Zheming Li, Shisong Qin, Zheyu Ma, Ming Yuan, Wenyu Zhu, Zhihong Tian, Chao Zhang:
StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing. 3273-3289
Crypto VI
- Ange Albertini, Thai Duong, Shay Gueron, Stefan Kölbl, Atul Luykx, Sophie Schmieg:
How to Abuse and Fix Authenticated Encryption Without Key Commitment. 3291-3308 - Varun Madathil, Alessandra Scafuro, István András Seres, Omer Shlomovits, Denis Varlakov:
Private Signaling. 3309-3326 - Kinan Dak Albab, Rawane Issa, Mayank Varia, Kalman Graffi:
Batched Differentially Private Information Retrieval. 3327-3344 - Lawrence Roy, Stanislav Lyakhov, Yeongjin Jang, Mike Rosulek:
Practical Privacy-Preserving Authentication for SSH. 3345-3362 - Olga Gkountouna, Katerina Doka, Mingqiang Xue, Jianneng Cao, Panagiotis Karras:
One-off Disclosure Control by Heterogeneous Generalization. 3363-3377
User Studies III: Privacy
- Vandit Sharma, Mainack Mondal:
Understanding and Improving Usability of Data Dashboards for Simplified Privacy Control of Voice Assistant Data. 3379-3395 - David G. Balash, Xiaoyuan Wu, Miles Grant, Irwin Reyes, Adam J. Aviv:
Security and Privacy Perceptions of Third-Party Application Access for Google Accounts. 3397-3414 - Mohsen Minaei, Mainack Mondal, Aniket Kate:
Empirical Understanding of Deletion Privacy: Experiences, Expectations, and Measures. 3415-3432 - Veroniek Binkhorst, Tobias Fiebig, Katharina Krombholz, Wolter Pieters, Katsiaryna Labunets:
Security at the End of the Tunnel: The Anatomy of VPN Mental Models Among Experts and Non-Experts in a Corporate Context. 3433-3450 - Agnieszka Dutkowska-Zuk, Austin Hounsel, Amy Morrill, Andre Xiong, Marshini Chetty, Nick Feamster:
How and Why People Use Virtual Private Networks. 3451-3465
Smart Homes II
- Zhiwei Wang, Yihui Yan, Yueli Yan, Huangxun Chen, Zhice Yang:
CamShield: Securing Smart Cameras through Physical Replication and Isolation. 3467-3484 - Lukas Petzi, Ala Eddine Ben Yahya, Alexandra Dmitrienko, Gene Tsudik, Thomas Prantl, Samuel Kounev:
SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier. 3485-3501 - Harshad Sathaye, Martin Strohmeier, Vincent Lenders, Aanjhan Ranganathan:
An Experimental Study of GPS Spoofing and Takeover Attacks on UAVs. 3503-3520 - Sunil Manandhar, Kaushal Kafle, Benjamin Andow, Kapil Singh, Adwait Nadkarni:
Smart Home Privacy Policies Demystified: A Study of Availability, Content, and Coverage. 3521-3538 - Tohid Shekari, Alvaro A. Cárdenas, Raheem Beyah:
MaDIoT 2.0: Modern High-Wattage IoT Botnet Attacks and Defenses. 3539-3556
ML IV: Attacks
- Qi-An Fu, Yinpeng Dong, Hang Su, Jun Zhu, Chao Zhang:
AutoDA: Automated Decision-based Iterative Adversarial Attacks. 3557-3574 - Shawn Shan, Arjun Nitin Bhagoji, Haitao Zheng, Ben Y. Zhao:
Poison Forensics: Traceback of Data Poisoning Attacks in Neural Networks. 3575-3592 - Yufei Chen, Chao Shen, Cong Wang, Yang Zhang:
Teacher Model Fingerprinting Attacks Against Transfer Learning. 3593-3610 - Xudong Pan, Mi Zhang, Beina Sheng, Jiaming Zhu, Min Yang:
Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation. 3611-3628 - Hongbin Liu, Jinyuan Jia, Neil Zhenqiang Gong:
PoisonedEncoder: Poisoning the Unlabeled Pre-training Data in Contrastive Learning. 3629-3645
Fuzzing, OS, and Cloud Security
- Antoon Purnal, Furkan Turan, Ingrid Verbauwhede:
Double Trouble: Combined Heterogeneous Attacks on Non-Inclusive Cache Hierarchies. 3647-3664 - Sujaya Maiyya, Seif Ibrahim, Caitlin Scarberry, Divyakant Agrawal, Amr El Abbadi, Huijia Lin, Stefano Tessaro, Victor Zakhary:
QuORAM: A Quorum-Replicated Fault Tolerant ORAM Datastore. 3665-3682 - Joppe W. Bos, Joost Renes, Christine van Vredendaal:
Post-Quantum Cryptography with Contemporary Co-Processors: Beyond Kronecker, Schönhage-Strassen & Nussbaumer. 3683-3697 - Zenong Zhang, Zach Patterson, Michael Hicks, Shiyi Wei:
FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing. 3699-3715 - Mohannad Ismail, Andrew Quach, Christopher Jelesnianski, Yeongjin Jang, Changwoo Min:
Tightly Seal Your Sensitive Pointers with PACTight. 3717-3734
Privacy, User Behaviors, and Attacks
- Bernd Prünster, Alexander Marsalek, Thomas Zefferer:
Total Eclipse of the Heart - Disrupting the InterPlanetary File System. 3735-3752 - Lun Wang, Usmann Khan, Joseph P. Near, Qi Pang, Jithendaraa Subramanian, Neel Somani, Peng Gao, Andrew Low, Dawn Song:
PrivGuard: Privacy Regulation Compliance Made Easier. 3753-3770 - Kaleigh Clary, Emma Tosch, Jeremiah Onaolapo, David D. Jensen:
Stick It to The Man: Correcting for Non-Cooperative Behavior of Subjects in Experiments on Social Networks. 3771-3788 - Rahmadi Trimananda, Hieu Le, Hao Cui, Janice Tran Ho, Anastasia Shuba, Athina Markopoulou:
OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR. 3789-3806
Hardware Security III
- Andreas Kogler, Jonas Juffinger, Salman Qazi, Yoongu Kim, Moritz Lipp, Nicolas Boichat, Eric Shiu, Mattias Nissler, Daniel Gruss:
Half-Double: Hammering From the Next Row Over. 3807-3824 - Johannes Wikner, Kaveh Razavi:
RETBLEED: Arbitrary Speculative Code Execution with Return Instructions. 3825-3842 - Michele Grisafi, Mahmoud Ammar, Marco Roveri, Bruno Crispo:
PISTIS: Trusted Computing Architecture for Low-end Embedded Systems. 3843-3860 - Catherine Easdon, Michael Schwarz, Martin Schwarzl, Daniel Gruss:
Rapid Prototyping for Microarchitectural Attacks. 3861-3877
OS Security & Formalisms
- Fei Wang, Jianliang Wu, Yuhong Nan, Yousra Aafer, Xiangyu Zhang, Dongyan Xu, Mathias Payer:
ProFactory: Improving IoT Security via Formalized Protocol Customization. 3879-3896 - Yuvraj Patel, Chenhao Ye, Akshat Sinha, Abigail Matthews, Andrea C. Arpaci-Dusseau, Michael M. Swift:
Using Trātṛ to tame Adversarial Synchronization. 3897-3916 - Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz:
ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture. 3917-3934 - Vincent Cheval, Charlie Jacomme, Steve Kremer, Robert Künnemann:
SAPIC+: protocol verifiers of the world, unite! 3935-3952
ML V: Principles & Best Practices
- Ren Pang, Zhaohan Xi, Shouling Ji, Xiapu Luo, Ting Wang:
On the Security Risks of AutoML. 3953-3970 - Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, Konrad Rieck:
Dos and Don'ts of Machine Learning in Computer Security. 3971-3988 - Xudong Pan, Mi Zhang, Yifan Yan, Jiaming Zhu, Zhemin Yang:
Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis. 3989-4006 - Anvith Thudi, Hengrui Jia, Ilia Shumailov, Nicolas Papernot:
On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning. 4007-4022
User Studies IV: Policies & Best Practices
- Collins W. Munyendo, Philipp Markert, Alexandra Nisenoff, Miles Grant, Elena Korkes, Blase Ur, Adam J. Aviv:
"The Same PIN, Just Longer": On the (In)Security of Upgrading PINs from 4 to 6 Digits. 4023-4040 - Harjot Kaur, Sabrina Amft, Daniel Votipka, Yasemin Acar, Sascha Fahl:
Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples. 4041-4058 - Karola Marky, Paul Gerber, Sebastian Günther, Mohamed Khamis, Maximilian Fries, Max Mühlhäuser:
Investigating State-of-the-Art Practices for Fostering Subjective Trust in Online Voting through Interviews. 4059-4076 - Kentrell Owens, Anita Alem, Franziska Roesner, Tadayoshi Kohno:
Electronic Monitoring Smartphone Apps: An Analysis of Risks from Technical, Human-Centered, and Legal Perspectives. 4077-4094
SGX II
- Guoxing Chen, Yinqian Zhang:
MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties. 4095-4110 - Jason Zhijingcheng Yu, Shweta Shinde, Trevor E. Carlson, Prateek Saxena:
Elasticlave: An Efficient Memory Model for Enclaves. 4111-4128 - Yuan Chen, Jiaqi Li, Guorui Xu, Yajin Zhou, Zhi Wang, Cong Wang, Kui Ren:
SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX. 4129-4146 - Andreas Kogler, Daniel Gruss, Michael Schwarz:
Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks. 4147-4164
Network Security III: DDoS
- Lenka Turonová, Lukás Holík, Ivan Homoliak, Ondrej Lengál, Margus Veanes, Tomás Vojnar:
Counting in Regexes Considered Harmful: Exposing ReDoS Vulnerability of Nonbacktracking Matchers. 4165-4182 - Yeting Li, Yecheng Sun, Zhiwu Xu, Jialun Cao, Yuekang Li, Rongchen Li, Haiming Chen, Shing-Chi Cheung, Yang Liu, Yang Xiao:
RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix. 4183-4200 - A. S. M. Rizvi, Leandro M. Bertholdo, João M. Ceron, John S. Heidemann:
Anycast Agility: Network Playbooks to Fight DDoS. 4201-4218 - Robert McLaughlin, Fabio Pagani, Noah Spahn, Christopher Kruegel, Giovanni Vigna:
Regulator: Dynamic Analysis to Detect ReDoS. 4219-4235
Zero Knowledge
- Derek Leung, Yossi Gilad, Sergey Gorbunov, Leonid Reyzin, Nickolai Zeldovich:
Aardvark: An Asynchronous Authenticated Dictionary with Applications to Account-based Cryptocurrencies. 4237-4254 - Paul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, Michael Walfish:
Zero-Knowledge Middleboxes. 4255-4272 - Sebastian Angel, Andrew J. Blumberg, Eleftherios Ioannidis, Jess Woods:
Efficient Representation of Numerical Optimization Problems for SNARKs. 4273-4290 - Alex Ozdemir, Dan Boneh:
Experimenting with Collaborative zk-SNARKs: Zero-Knowledge Proofs for Distributed Secrets. 4291-4308
Software Security
- Yu Liang, Song Liu, Hong Hu:
Detecting Logical Bugs of DBMS with Coverage-based Guidance. 4309-4326 - Qibin Chen, Jeremy Lacomis, Edward J. Schwartz, Claire Le Goues, Graham Neubig, Bogdan Vasilescu:
Augmenting Decompiler Output with Learned Variable Names and Types. 4327-4343 - Yuchen Zhang, Chengbin Pang, Georgios Portokalidis, Nikos Triandopoulos, Jun Xu:
Debloating Address Sanitizer. 4345-4363 - Shunfan Zhou, Zhemin Yang, Dan Qiao, Peng Liu, Min Yang, Zhe Wang, Chenggang Wu:
Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths. 4365-4382
Side Channels IV
- Henrique Teles Maia, Chang Xiao, Dingzeyu Li, Eitan Grinspun, Changxi Zheng:
Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side Channel. 4383-4400 - Ben Nassi, Yaron Pirutin, Raz Swisa, Adi Shamir, Yuval Elovici, Boris Zadov:
Lamphone: Passive Sound Recovery from a Desk Lamp's Light Bulb Vibrations. 4401-4417 - Yuanyuan Yuan, Qi Pang, Shuai Wang:
Automated Side Channel Analysis of Media Software with Manifold Learning. 4419-4436 - Daniel Genkin, Noam Nissan, Roei Schuster, Eran Tromer:
Lend Me Your Ear: Passive Remote Physical Side Channels on PCs. 4437-4454
Network Security IV
- Tomas Hlavacek, Philipp Jeitner, Donika Mirdita, Haya Schulmann, Michael Waidner:
Stalloris: RPKI Downgrade Attack. 4455-4471 - Philipp Jeitner, Haya Schulmann, Lucas Teichmann, Michael Waidner:
XDRI Attacks - and - How to Enhance Resilience of Residential Routers. 4473-4490 - David Koisser, Patrick Jauernig, Gene Tsudik, Ahmad-Reza Sadeghi:
V'CER: Efficient Certificate Validation in Constrained Networks. 4491-4508 - Lancheng Qin, Dan Li, Ruifeng Li, Kang Wang:
Themis: Accelerating the Detection of Route Origin Hijacking by Distinguishing Legitimate and Illegitimate MOAS. 4509-4524
ML VI: Inference
- Yugeng Liu, Rui Wen, Xinlei He, Ahmed Salem, Zhikun Zhang, Michael Backes, Emiliano De Cristofaro, Mario Fritz, Yang Zhang:
ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models. 4525-4542 - Zhikun Zhang, Min Chen, Michael Backes, Yun Shen, Yang Zhang:
Inference Attacks Against Graph Neural Networks. 4543-4560 - Xiaoyong Yuan, Lan Zhang:
Membership Inference Attacks and Defenses in Neural Network Pruning. 4561-4578 - Shagufta Mehnaz, Sayanton V. Dibbo, Ehsanul Kabir, Ninghui Li, Elisa Bertino:
Are Your Sensitive Attributes Private? Novel Model Inversion Attribute Inference Attacks on Classification Models. 4579-4596
manage site settings
To protect your privacy, all features that rely on external API calls from your browser are turned off by default. You need to opt-in for them to become active. All settings here will be stored as cookies with your web browser. For more information see our F.A.Q.