| Space Odyssey: An Experimental Software Security Analysis of Satellites. |
Johannes Willbold, Moritz Schloegel, Manuel Vögele, Maximilian Gerhardt, Thorsten Holz, Ali Abbasi |
PDF |
- |
- |
| Scaphy: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsical. |
Moses Ike, Kandy Phan, Keaton Sadoski, Romuald Valme, Wenke Lee |
PDF |
- |
- |
| Shedding Light on Inconsistencies in Grid Cybersecurity: Disconnects and Recommendations. |
Brian Singer, Amritanshu Pandey, Shimiao Li, Lujo Bauer, Craig Miller, Lawrence T. Pileggi, Vyas Sekar |
PDF |
- |
- |
| Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations. |
Endres Puschner, Thorben Moos, Steffen Becker, Christian Kison, Amir Moradi, Christof Paar |
PDF |
- |
- |
| SoK: Distributed Randomness Beacons. |
Kevin Choi, Aathira Manoj, Joseph Bonneau |
PDF |
- |
- |
| WeRLman: To Tackle Whale (Transactions), Go Deep (RL). |
Roi Bar Zur, Ameer Abu-Hanna, Ittay Eyal, Aviv Tamar |
PDF |
- |
- |
| Three Birds with One Stone: Efficient Partitioning Attacks on Interdependent Cryptocurrency Networks. |
Muhammad Saad, David Mohaisen |
PDF |
- |
- |
| Bitcoin-Enhanced Proof-of-Stake Security: Possibilities and Impossibilities. |
Ertem Nusret Tas, David Tse, Fangyu Gai, Sreeram Kannan, Mohammad Ali Maddah-Ali, Fisher Yu |
PDF |
- |
- |
| MEGA: Malleable Encryption Goes Awry. |
Matilda Backendal, Miro Haller, Kenneth G. Paterson |
PDF |
- |
- |
| DBREACH: Stealing from Databases Using Compression Side Channels. |
Mathew Hogan, Yan Michalevsky, Saba Eskandarian |
PDF |
- |
- |
| Weak Fiat-Shamir Attacks on Modern Proof Systems. |
Quang Dao, Jim Miller, Opal Wright, Paul Grubbs |
PDF |
- |
- |
| Attitudes towards Client-Side Scanning for CSAM, Terrorism, Drug Trafficking, Drug Use and Tax Evasion in Germany. |
Lisa Geierhaas, Fabian Otto, Maximilian Häring, Matthew Smith |
PDF |
- |
- |
| Deep perceptual hashing algorithms with hidden dual purpose: when client-side scanning does facial recognition. |
Shubham Jain, Ana-Maria Cretu, Antoine Cully, Yves-Alexandre de Montjoye |
PDF |
- |
- |
| Public Verification for Private Hash Matching. |
Sarah Scheffler, Anunay Kulshrestha, Jonathan R. Mayer |
PDF |
- |
- |
| Is Cryptographic Deniability Sufficientƒ Non-Expert Perceptions of Deniability in Secure Messaging. |
Nathan Reitinger, Nathan Malkin, Omer Akgul, Michelle L. Mazurek, Ian Miers |
PDF |
- |
- |
| On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive Learning. |
Yiting Qu, Xinlei He, Shannon Pierson, Michael Backes, Yang Zhang, Savvas Zannettou |
PDF |
- |
- |
| Lambretta: Learning to Rank for Twitter Soft Moderation. |
Pujan Paudel, Jeremy Blackburn, Emiliano De Cristofaro, Savvas Zannettou, Gianluca Stringhini |
PDF |
- |
- |
| SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning. |
Ahmed Salem, Giovanni Cherubin, David Evans, Boris Köpf, Andrew Paverd, Anshuman Suri, Shruti Tople, Santiago Zanella Béguelin |
PDF |
- |
- |
| Analyzing Leakage of Personally Identifiable Information in Language Models. |
Nils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, Santiago Zanella Béguelin |
PDF |
- |
- |
| Accuracy-Privacy Trade-off in Deep Ensemble: A Membership Inference Perspective. |
Shahbaz Rezaei, Zubair Shafiq, Xin Liu |
PDF |
- |
- |
| D-DAE: Defense-Penetrating Model Extraction Attacks. |
Yanjiao Chen, Rui Guan, Xueluan Gong, Jianshuo Dong, Meng Xue |
PDF |
- |
- |
| SNAP: Efficient Extraction of Private Properties with Poisoning. |
Harsh Chaudhari, John Abascal, Alina Oprea, Matthew Jagielski, Florian Tramèr, Jonathan R. Ullman |
PDF |
- |
- |
| On the (In)security of Peer-to-Peer Decentralized Machine Learning. |
Dario Pasquini, Mathilde Raynal, Carmela Troncoso |
PDF |
- |
- |
| Vectorized Batch Private Information Retrieval. |
Muhammad Haris Mughees, Ling Ren |
PDF |
- |
- |
| RoFL: Robustness of Secure Federated Learning. |
Hidde Lycklama, Lukas Burkhalter, Alexander Viand, Nicolas Küchler, Anwar Hithnawi |
PDF |
- |
- |
| Flamingo: Multi-Round Single-Server Secure Aggregation with Applications to Private Federated Learning. |
Yiping Ma, Jess Woods, Sebastian Angel, Antigoni Polychroniadou, Tal Rabin |
PDF |
- |
- |
| SoK: Cryptographic Neural-Network Computation. |
Lucien K. L. Ng, Sherman S. M. Chow |
PDF |
- |
- |
| FLUTE: Fast and Secure Lookup Table Evaluations. |
Andreas Brüggemann, Robin Hundt, Thomas Schneider, Ajith Suresh, Hossein Yalame |
PDF |
- |
- |
| Bicoptor: Two-round Secure Three-party Non-linear Computation without Preprocessing for Privacy-preserving Machine Learning. |
Lijing Zhou, Ziyu Wang, Hongrui Cui, Qingrui Song, Yu Yu |
PDF |
- |
- |
| Investigating the Password Policy Practices of Website Administrators. |
Sena Sahin, Suood Abdulaziz Al-Roomi, Tara Poteat, Frank Li |
PDF |
- |
- |
| "In Eighty Percent of the Cases, I Select the Password for Them": Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya. |
Collins W. Munyendo, Yasemin Acar, Adam J. Aviv |
PDF |
- |
- |
| Towards a Rigorous Statistical Analysis of Empirical Password Datasets. |
Jeremiah Blocki, Peiyuan Liu |
PDF |
- |
- |
| Confident Monte Carlo: Rigorous Analysis of Guessing Curves for Probabilistic Password Models. |
Peiyuan Liu, Jeremiah Blocki, Wenjie Bai |
PDF |
- |
- |
| Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid Distribution. |
Boya Wang, Wouter Lueks, Justinas Sukaitis, Vincent Graf Narbel, Carmela Troncoso |
PDF |
- |
- |
| Disguising Attacks with Explanation-Aware Backdoors. |
Maximilian Noppel, Lukas Peter, Christian Wressnegger |
PDF |
- |
- |
| AI-Guardian: Defeating Adversarial Attacks using Backdoors. |
Hong Zhu, Shengzhi Zhang, Kai Chen |
PDF |
- |
- |
| Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers. |
Limin Yang, Zhi Chen, Jacopo Cortellazzi, Feargus Pendlebury, Kevin Tu, Fabio Pierazzi, Lorenzo Cavallaro, Gang Wang |
PDF |
- |
- |
| BayBFed: Bayesian Backdoor Defense for Federated Learning. |
Kavita Kumari, Phillip Rieger, Hossein Fereidooni, Murtuza Jadliwala, Ahmad-Reza Sadeghi |
PDF |
- |
- |
| Redeem Myself: Purifying Backdoors in Deep Learning Models using Self Attention Distillation. |
Xueluan Gong, Yanjiao Chen, Wang Yang, Qian Wang, Yuzhe Gu, Huayang Huang, Chao Shen |
PDF |
- |
- |
| Threshold BBS+ Signatures for Distributed Anonymous Credential Issuance. |
Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat, LaKyah Tyner |
PDF |
- |
- |
| zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure. |
Michael Rosenberg, Jacob D. White, Christina Garman, Ian Miers |
PDF |
- |
- |
| Private Access Control for Function Secret Sharing. |
Sacha Servan-Schreiber, Simon Beyzerov, Eli Yablon, Hyojae Park |
PDF |
- |
- |
| MPCAuth: Multi-factor Authentication for Distributed-trust Systems. |
Sijun Tan, Weikeng Chen, Ryan Deng, Raluca Ada Popa |
PDF |
- |
- |
| Silph: A Framework for Scalable and Accurate Generation of Hybrid MPC Protocols. |
Edward Chen, Jinhao Zhu, Alex Ozdemir, Riad S. Wahby, Fraser Brown, Wenting Zheng |
PDF |
- |
- |
| SoK: Anti-Facial Recognition Technology. |
Emily Wenger, Shawn Shan, Haitao Zheng, Ben Y. Zhao |
PDF |
- |
- |
| Spoofing Real-world Face Authentication Systems through Optical Synthesis. |
Yueli Yan, Zhice Yang |
PDF |
- |
- |
| ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes. |
Shengwei An, Yuan Yao, Qiuling Xu, Shiqing Ma, Guanhong Tao, Siyuan Cheng, Kaiyuan Zhang, Yingqi Liu, Guangyu Shen, Ian Kelk, Xiangyu Zhang |
PDF |
- |
- |
| DepthFake: Spoofing 3D Face Authentication with a 2D Photo. |
Zhihao Wu, Yushi Cheng, Jiahui Yang, Xiaoyu Ji, Wenyuan Xu |
PDF |
- |
- |
| Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective. |
Xiaohan Zhang, Haoqi Ye, Ziqi Huang, Xiao Ye, Yinzhi Cao, Yuan Zhang, Min Yang |
PDF |
- |
- |
| Breaking Security-Critical Voice Authentication. |
Andre Kassis, Urs Hengartner |
PDF |
- |
- |
| SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses. |
Nate Mathews, James K. Holland, Se Eun Oh, Mohammad Saidur Rahman, Nicholas Hopper, Matthew Wright |
PDF |
- |
- |
| Fashion Faux Pas: Implicit Stylistic Fingerprints for Bypassing Browsers' Anti-Fingerprinting Defenses. |
Xu Lin, Frederico Araujo, Teryl Taylor, Jiyong Jang, Jason Polakis |
PDF |
- |
- |
| Robust Multi-tab Website Fingerprinting Attacks in the Wild. |
Xinhao Deng, Qilei Yin, Zhuotao Liu, Xiyuan Zhao, Qi Li, Mingwei Xu, Ke Xu, Jianping Wu |
PDF |
- |
- |
| Only Pay for What You Leak: Leveraging Sandboxes for a Minimally Invasive Browser Fingerprinting Defense. |
Ryan Torok, Amit Levy |
PDF |
- |
- |
| It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses. |
Soheil Khodayari, Giancarlo Pellegrino |
PDF |
- |
- |
| Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability. |
Mingqing Kang, Yichao Xu, Song Li, Rigel Gjomemo, Jianwei Hou, V. N. Venkatakrishnan, Yinzhi Cao |
PDF |
- |
- |
| Sound Verification of Security Protocols: From Design to Interoperable Implementations. |
Linard Arquint, Felix A. Wolf, Joseph Lallemand, Ralf Sasse, Christoph Sprenger, Sven N. Wiesner, David A. Basin, Peter Müller |
PDF |
- |
- |
| Typing High-Speed Cryptography against Spectre v1. |
Basavesh Ammanaghatta Shivakumar, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Swarn Priya, Peter Schwabe, Lucas Tabary-Maujean |
PDF |
- |
- |
| Less is more: refinement proofs for probabilistic proofs. |
Kunming Jiang, Devora Chait-Roth, Zachary DeStefano, Michael Walfish, Thomas Wies |
PDF |
- |
- |
| Owl: Compositional Verification of Security Protocols via an Information-Flow Type System. |
Joshua Gancher, Sydney Gibson, Pratap Singh, Samvid Dharanikota, Bryan Parno |
PDF |
- |
- |
| AUC: Accountable Universal Composability. |
Mike Graf, Ralf Küsters, Daniel Rausch |
PDF |
- |
- |
| High-Order Masking of Lattice Signatures in Quasilinear Time. |
Rafaël del Pino, Thomas Prest, Mélissa Rossi, Markku-Juhani O. Saarinen |
PDF |
- |
- |
| Practical Timing Side-Channel Attacks on Memory Compression. |
Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz, Daniel Gruss |
PDF |
- |
- |
| TEEzz: Fuzzing Trusted Applications on COTS Android Devices. |
Marcel Busch, Aravind Machiry, Chad Spensky, Giovanni Vigna, Christopher Kruegel, Mathias Payer |
PDF |
- |
- |
| Half&Half: Demystifying Intel's Directional Branch Predictors for Fast, Secure Partitioned Execution. |
Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, Deian Stefan, Dean M. Tullsen |
PDF |
- |
- |
| Half&Half: Demystifying Intel's Directional Branch Predictors for Fast, Secure Partitioned Execution. |
Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, Deian Stefan, Dean M. Tullsen |
PDF |
- |
- |
| Improving Developers' Understanding of Regex Denial of Service Tools through Anti-Patterns and Fix Strategies. |
Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant |
PDF |
- |
- |
| Practical Program Modularization with Type-Based Dependence Analysis. |
Kangjie Lu |
PDF |
- |
- |
| WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches. |
Jianhao Xu, Luca Di Bartolomeo, Flavio Toffalini, Bing Mao, Mathias Payer |
PDF |
- |
- |
| SoK: Certified Robustness for Deep Neural Networks. |
Linyi Li, Tao Xie, Bo Li |
PDF |
- |
- |
| RAB: Provable Robustness Against Backdoor Attacks. |
Maurice Weber, Xiaojun Xu, Bojan Karlas, Ce Zhang, Bo Li |
PDF |
- |
- |
| ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic Masking. |
Chong Xiang, Alexander Valtchanov, Saeed Mahloujifar, Prateek Mittal |
PDF |
- |
- |
| PublicCheck: Public Integrity Verification for Services of Run-time Deep Models. |
Shuo Wang, Sharif Abuadbba, Sidharth Agarwal, Kristen Moore, Ruoxi Sun, Minhui Xue, Surya Nepal, Seyit Camtepe, Salil S. Kanhere |
PDF |
- |
- |
| FedRecover: Recovering from Poisoning Attacks in Federated Learning using Historical Information. |
Xiaoyu Cao, Jinyuan Jia, Zaixi Zhang, Neil Zhenqiang Gong |
PDF |
- |
- |
| On The Empirical Effectiveness of Unrealistic Adversarial Hardening Against Realistic Adversarial Attacks. |
Salijona Dyrmishi, Salah Ghamizi, Thibault Simonetto, Yves Le Traon, Maxime Cordy |
PDF |
- |
- |
| Rethinking Searchable Symmetric Encryption. |
Zichen Gui, Kenneth G. Paterson, Sikhar Patranabis |
PDF |
- |
- |
| Private Collaborative Data Cleaning via Non-Equi PSI. |
Erik-Oliver Blass, Florian Kerschbaum |
PDF |
- |
- |
| Private Collaborative Data Cleaning via Non-Equi PSI. |
Erik-Oliver Blass, Florian Kerschbaum |
PDF |
- |
- |
| SPHINCS+C: Compressing SPHINCS+ With (Almost) No Cost. |
Andreas Hülsing, Mikhail A. Kudinov, Eyal Ronen, Eylon Yogev |
PDF |
- |
- |
| Threshold Signatures in the Multiverse. |
Leemon Baird, Sanjam Garg, Abhishek Jain, Pratyay Mukherjee, Rohit Sinha, Mingyuan Wang, Yinuo Zhang |
PDF |
- |
- |
| FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation. |
Nina Bindel, Cas Cremers, Mang Zhao |
PDF |
- |
- |
| Token meets Wallet: Formalizing Privacy and Revocation for FIDO2. |
Lucjan Hanzlik, Julian Loss, Benedikt Wagner |
PDF |
- |
- |
| SoK: Taxonomy of Attacks on Open-Source Software Supply Chains. |
Piergiorgio Ladisa, Henrik Plate, Matias Martinez, Olivier Barais |
PDF |
- |
- |
| It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. |
Marcel Fourné, Dominik Wermke, William Enck, Sascha Fahl, Yasemin Acar |
PDF |
- |
- |
| "Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain. |
Dominik Wermke, Jan H. Klemmer, Noah Wöhler, Juliane Schmüser, Harshini Sri Ramulu, Yasemin Acar, Sascha Fahl |
PDF |
- |
- |
| Continuous Intrusion: Characterizing the Security of Continuous Integration Services. |
Yacong Gu, Lingyun Ying, Huajun Chai, Chu Qiao, Haixin Duan, Xing Gao |
PDF |
- |
- |
| Investigating Package Related Security Threats in Software Registries. |
Yacong Gu, Lingyun Ying, Yingyuan Pu, Xiao Hu, Huajun Chai, Ruimin Wang, Xing Gao, Haixin Duan |
PDF |
- |
- |
| ShadowNet: A Secure and Efficient On-device Model Inference System for Convolutional Neural Networks. |
Zhichuang Sun, Ruimin Sun, Changming Liu, Amrita Roy Chowdhury, Long Lu, Somesh Jha |
PDF |
- |
- |
| Deepfake Text Detection: Limitations and Opportunities. |
Jiameng Pu, Zain Sarwar, Sifat Muhammad Abdullah, Abdullah Rehman, Yoonjin Kim, Parantapa Bhattacharya, Mobin Javed, Bimal Viswanath |
PDF |
- |
- |
| StyleFool: Fooling Video Classification Systems via Style Transfer. |
Yuxin Cao, Xi Xiao, Ruoxi Sun, Derui Wang, Minhui Xue, Sheng Wen |
PDF |
- |
- |
| GeeSolver: A Generic, Efficient, and Effortless Solver with Self-Supervised Learning for Breaking Text Captchas. |
Ruijie Zhao, Xianwen Deng, Yanhao Wang, Zhicong Yan, Zhengguang Han, Libo Chen, Zhi Xue, Yijun Wang |
PDF |
- |
- |
| TrojanModel: A Practical Trojan Attack against Automatic Speech Recognition Systems. |
Wei Zong, Yang-Wai Chow, Willy Susilo, Kien Do, Svetha Venkatesh |
PDF |
- |
- |
| REGA: Scalable Rowhammer Mitigation with Refresh-Generating Activations. |
Michele Marazzi, Flavien Solt, Patrick Jattke, Kubo Takashi, Kaveh Razavi |
PDF |
- |
- |
| CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer. |
Jonas Juffinger, Lukas Lamster, Andreas Kogler, Maria Eichlseder, Moritz Lipp, Daniel Gruss |
PDF |
- |
- |
| Jolt: Recovering TLS Signing Keys via Rowhammer Faults. |
Koksal Mus, Yarkin Doröz, M. Caner Tol, Kristi Rahman, Berk Sunar |
PDF |
- |
- |
| Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testing. |
Oleksii Oleksenko, Marco Guarnieri, Boris Köpf, Mark Silberstein |
PDF |
- |
- |
| Spectre Declassified: Reading from the Right Place at the Wrong Time. |
Basavesh Ammanaghatta Shivakumar, Jack Barnes, Gilles Barthe, Sunjay Cauligi, Chitchanok Chuengsatiansup, Daniel Genkin, Sioli O'Connell, Peter Schwabe, Rui Qi Sim, Yuval Yarom |
PDF |
- |
- |
| Volttack: Control IoT Devices by Manipulating Power Supply Voltage. |
Kai Wang, Shilin Xiao, Xiaoyu Ji, Chen Yan, Chaohao Li, Wenyuan Xu |
PDF |
- |
- |
| Inducing Wireless Chargers to Voice Out for Inaudible Command Attacks. |
Donghui Dai, Zhenlin An, Lei Yang |
PDF |
- |
- |
| mmSpoof: Resilient Spoofing of Automotive Millimeter-wave Radars using Reflect Array. |
Rohith Reddy Vennam, Ish Kumar Jain, Kshitiz Bansal, Joshua Orozco, Puja Shukla, Aanjhan Ranganathan, Dinesh Bharadia |
PDF |
- |
- |
| PLA-LiDAR: Physical Laser Attacks against LiDAR-based 3D Object Detection in Autonomous Vehicle. |
Zizhi Jin, Xiaoyu Ji, Yushi Cheng, Bo Yang, Chen Yan, Wenyuan Xu |
PDF |
- |
- |
| mmEcho: A mmWave-based Acoustic Eavesdropping Method. |
Pengfei Hu, Wenhao Li, Riccardo Spolaor, Xiuzhen Cheng |
PDF |
- |
- |
| Side Eye: Characterizing the Limits of POV Acoustic Eavesdropping from Smartphone Cameras with Rolling Shutters and Movable Lenses. |
Yan Long, Pirouz Naghavi, Blas Kojusner, Kevin R. B. Butler, Sara Rampazzi, Kevin Fu |
PDF |
- |
- |
| 3DFed: Adaptive and Extensible Framework for Covert Backdoor Attack in Federated Learning. |
Haoyang Li, Qingqing Ye, Haibo Hu, Jin Li, Leixia Wang, Chengfang Fang, Jie Shi |
PDF |
- |
- |
| Scalable and Privacy-Preserving Federated Principal Component Analysis. |
David Froelicher, Hyunghoon Cho, Manaswitha Edupalli, Joao Sa Sousa, Jean-Philippe Bossuat, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, Bonnie Berger, Jean-Pierre Hubaux |
PDF |
- |
- |
| Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential Privacy. |
Wenqiang Ruan, Mingxin Xu, Wenjing Fang, Li Wang, Lei Wang, Weili Han |
PDF |
- |
- |
| Spectral-DP: Differentially Private Deep Learning through Spectral Perturbation and Filtering. |
Ce Feng, Nuo Xu, Wujie Wen, Parv Venkitasubramaniam, Caiwen Ding |
PDF |
- |
- |
| ELSA: Secure Aggregation for Federated Learning with Malicious Actors. |
Mayank Rathee, Conghao Shen, Sameer Wagh, Raluca Ada Popa |
PDF |
- |
- |
| No One Drinks From the Firehose: How Organizations Filter and Prioritize Vulnerability Information. |
Stephanie de Smale, Rik van Dijk, Xander Bouwman, Jeroen van der Ham, Michel van Eeten |
PDF |
- |
- |
| Vulnerability Discovery for All: Experiences of Marginalization in Vulnerability Discovery. |
Kelsey R. Fulton, Samantha Katcher, Kevin Song, Marshini Chetty, Michelle L. Mazurek, Chloé Messdaghi, Daniel Votipka |
PDF |
- |
- |
| "We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startups. |
Dilara Keküllüoglu, Yasemin Acar |
PDF |
- |
- |
| "How technical do you get? I'm an English teacher": Teaching and Learning Cybersecurity and AI Ethics in High School. |
Zachary Kilhoffer, Zhixuan Zhou, Firmiana Wang, Fahad Tamton, Yun Huang, Pilyoung Kim, Tom Yeh, Yang Wang |
PDF |
- |
- |
| Skilled or Gullibleƒ Gender Stereotypes Related to Computer Security and Privacy. |
Miranda Wei, Pardis Emami Naeini, Franziska Roesner, Tadayoshi Kohno |
PDF |
- |
- |
| Everybody's Got ML, Tell Me What Else You Have: Practitioners' Perception of ML-Based Security Tools and Explanations. |
Jaron Mink, Hadjer Benkraouda, Limin Yang, Arridhana Ciptadi, Ali Ahmadzadeh, Daniel Votipka, Gang Wang |
PDF |
- |
- |
| Precise Detection of Kernel Data Races with Probabilistic Lockset Analysis. |
Gabriel Ryan, Abhishek Shah, Dongdong She, Suman Jana |
PDF |
- |
- |
| SegFuzz: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing. |
Dae R. Jeong, Byoungyoung Lee, Insik Shin, Youngjin Kwon |
PDF |
- |
- |
| AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities. |
Zheyue Jiang, Yuan Zhang, Jun Xu, Xinqian Sun, Zhuang Liu, Min Yang |
PDF |
- |
- |
| AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities. |
Zheyue Jiang, Yuan Zhang, Jun Xu, Xinqian Sun, Zhuang Liu, Min Yang |
PDF |
- |
- |
| When Top-down Meets Bottom-up: Detecting and Exploiting Use-After-Cleanup Bugs in Linux Kernel. |
Lin Ma, Duoming Zhou, Hanjie Wu, Yajin Zhou, Rui Chang, Hao Xiong, Lei Wu, Kui Ren |
PDF |
- |
- |
| RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing. |
Jiawei Yin, Menghao Li, Yuekang Li, Yong Yu, Boru Lin, Yanyan Zou, Yang Liu, Wei Huo, Jingling Xue |
PDF |
- |
- |
| A Theory to Instruct Differentially-Private Learning via Clipping Bias Reduction. |
Hanshen Xiao, Zihang Xiang, Di Wang, Srinivas Devadas |
PDF |
- |
- |
| Continual Observation under User-level Differential Privacy. |
Wei Dong, Qiyao Luo, Ke Yi |
PDF |
- |
- |
| Locally Differentially Private Frequency Estimation Based on Convolution Framework. |
Huiyu Fang, Liquan Chen, Yali Liu, Yuan Gao |
PDF |
- |
- |
| Telepath: A Minecraft-based Covert Communication System. |
Zhen Sun, Vitaly Shmatikov |
PDF |
- |
- |
| Discop: Provably Secure Steganography in Practice Based on "Distribution Copies". |
Jinyang Ding, Kejiang Chen, Yaofei Wang, Na Zhao, Weiming Zhang, Nenghai Yu |
PDF |
- |
- |
| SQUIP: Exploiting the Scheduler Queue Contention Side Channel. |
Stefan Gast, Jonas Juffinger, Martin Schwarzl, Gururaj Saileshwar, Andreas Kogler, Simone Franza, Markus Köstl, Daniel Gruss |
PDF |
- |
- |
| Scatter and Split Securely: Defeating Cache Contention and Occupancy Attacks. |
Lukas Giner, Stefan Steinegger, Antoon Purnal, Maria Eichlseder, Thomas Unterluggauer, Stefan Mangard, Daniel Gruss |
PDF |
- |
- |
| DevIOus: Device-Driven Side-Channel Attacks on the IOMMU. |
Taehun Kim, Hyeongjin Park, Seokmin Lee, Seunghee Shin, Junbeom Hur, Youngjoo Shin |
PDF |
- |
- |
| DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data. |
Yingchen Wang, Riccardo Paccagnella, Alan Wandke, Zhao Gang, Grant Garrett-Grossman, Christopher W. Fletcher, David Kohlbrenner, Hovav Shacham |
PDF |
- |
- |
| A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs. |
Lukas Gerlach, Daniel Weber, Ruiyi Zhang, Michael Schwarz |
PDF |
- |
- |
| Examining Zero-Shot Vulnerability Repair with Large Language Models. |
Hammond Pearce, Benjamin Tan, Baleegh Ahmad, Ramesh Karri, Brendan Dolan-Gavitt |
PDF |
- |
- |
| Examining Zero-Shot Vulnerability Repair with Large Language Models. |
Hammond Pearce, Benjamin Tan, Baleegh Ahmad, Ramesh Karri, Brendan Dolan-Gavitt |
PDF |
- |
- |
| Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive Learning. |
Wenyu Zhu, Zhiyao Feng, Zihan Zhang, Jianjun Chen, Zhijian Ou, Min Yang, Chao Zhang |
PDF |
- |
- |
| XFL: Naming Functions in Binaries with Extreme Multi-label Learning. |
James Patrick-Evans, Moritz Dannehl, Johannes Kinder |
PDF |
- |
- |
| D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling. |
Yapeng Ye, Zhuo Zhang, Qingkai Shi, Yousra Aafer, Xiangyu Zhang |
PDF |
- |
- |
| GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics. |
Shu Wang, Xinda Wang, Kun Sun, Sushil Jajodia, Haining Wang, Qi Li |
PDF |
- |
- |
| Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation. |
Xinyi Wang, Cen Zhang, Yeting Li, Zhiwu Xu, Shuailin Huang, Yi Liu, Yican Yao, Yang Xiao, Yanyan Zou, Yang Liu, Wei Huo |
PDF |
- |
- |
| SoK: Decentralized Finance (DeFi) Attacks. |
Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, Arthur Gervais |
PDF |
- |
- |
| BlindHub: Bitcoin-Compatible Privacy-Preserving Payment Channel Hubs Supporting Variable Amounts. |
Xianrui Qin, Shimin Pan, Arash Mirzaei, Zhimei Sui, Oguzhan Ersoy, Amin Sakzad, Muhammed F. Esgin, Joseph K. Liu, Jiangshan Yu, Tsz Hon Yuen |
PDF |
- |
- |
| Optimistic Fast Confirmation While Tolerating Malicious Majority in Blockchains. |
Ruomu Hou, Haifeng Yu |
PDF |
- |
- |
| Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts. |
Kushal Babel, Philip Daian, Mahimna Kelkar, Ari Juels |
PDF |
- |
- |
| Tyr: Finding Consensus Failure Bugs in Blockchain System with Behaviour Divergent Model. |
Yuanliang Chen, Fuchen Ma, Yuanhang Zhou, Yu Jiang, Ting Chen, Jia-Guang Sun |
PDF |
- |
- |
| Leaking Arbitrarily Many Secrets: Any-out-of-Many Proofs and Applications to RingCT Protocols. |
Tianyu Zheng, Shang Gao, Yubo Song, Bin Xiao |
PDF |
- |
- |
| Could you clean up the Internet with a Pit of Tar? Investigating tarpit feasibility on Internet worms. |
Harm Griffioen, Christian Doerr |
PDF |
- |
- |
| Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale. |
Marzieh Bitaab, Haehyun Cho, Adam Oest, Zhuoer Lyu, Wei Wang, Jorij Abraham, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé |
PDF |
- |
- |
| Limits of I/O Based Ransomware Detection: An Imitation Based Attack. |
Chijin Zhou, Lihua Guo, Yiwei Hou, Zhenya Ma, Quan Zhang, Mingzhe Wang, Zhe Liu, Yu Jiang |
PDF |
- |
- |
| From Grim Reality to Practical Solution: Malware Classification in Real-World Noise. |
Xian Wu, Wenbo Guo, Jia Yan, Baris Coskun, Xinyu Xing |
PDF |
- |
- |
| SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions. |
Muhammad Adil Inam, Yinfang Chen, Akul Goyal, Jason Liu, Jaron Mink, Noor Michael, Sneha Gaur, Adam Bates, Wajih Ul Hassan |
PDF |
- |
- |
| Collaborative Ad Transparency: Promises and Limitations. |
Eleni Gkiouzepi, Athanasios Andreou, Oana Goga, Patrick Loiseau |
PDF |
- |
- |
| Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities. |
Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé |
PDF |
- |
- |
| UTopia: Automatic Generation of Fuzz Driver using Unit Tests. |
Bokdeuk Jeong, Joonun Jang, Hayoon Yi, Jiin Moon, Junsik Kim, Intae Jeon, Taesoo Kim, WooChul Shim, Yong Ho Hwang |
PDF |
- |
- |
| SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration. |
Changhua Luo, Wei Meng, Penghui Li |
PDF |
- |
- |
| Finding Specification Blind Spots via Fuzz Testing. |
Ru Ji, Meng Xu |
PDF |
- |
- |
| ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing. |
Sicong Cao, Biao He, Xiaobing Sun, Yu Ouyang, Chao Zhang, Xiaoxue Wu, Ting Su, Lili Bo, Bin Li, Chuanlei Ma, Jiajia Li, Tao Wei |
PDF |
- |
- |
| The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web. |
Jannis Rautenstrauch, Giancarlo Pellegrino, Ben Stock |
PDF |
- |
- |
| WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms. |
Lorenzo Veronese, Benjamin Farinier, Pedro Bernardo, Mauro Tempesta, Marco Squarcina, Matteo Maffei |
PDF |
- |
- |
| Detection of Inconsistencies in Privacy Practices of Browser Extensions. |
Duc Bui, Brian Tang, Kang G. Shin |
PDF |
- |
- |
| TeSec: Accurate Server-side Attack Investigation for Web Applications. |
Ruihua Wang, Yihao Peng, Yilun Sun, Xuancheng Zhang, Hai Wan, Xibin Zhao |
PDF |
- |
- |
| RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks. |
Mafalda Ferreira, Tiago Brito, José Fragoso Santos, Nuno Santos |
PDF |
- |
- |
| Characterizing Everyday Misuse of Smart Home Devices. |
Phoebe Moh, Pubali Datta, Noel Warford, Adam Bates, Nathan Malkin, Michelle L. Mazurek |
PDF |
- |
- |
| "It's up to the Consumer to be Smart": Understanding the Security and Privacy Attitudes of Smart Home Users on Reddit. |
Jingjie Li, Kaiwen Sun, Brittany Skye Huff, Anna Marie Bierley, Younghyun Kim, Florian Schaub, Kassem Fawaz |
PDF |
- |
- |
| User Perceptions and Experiences with Smart Home Updates. |
Julie M. Haney, Susanne M. Furman |
PDF |
- |
- |
| Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments. |
Yaman Yu, Saidivya Ashok, Smirity Kaushik, Yang Wang, Gang Wang |
PDF |
- |
- |
| When and Why Do People Want Ad Targeting Explanations? Evidence from a Four-Week, Mixed-Methods Field Study. |
Hao-Ping Hank Lee, Jacob Logas, Stephanie Yang, Zhouyu Li, Natã M. Barbosa, Yang Wang, Sauvik Das |
PDF |
- |
- |
| SecureCells: A Secure Compartmentalized Architecture. |
Atri Bhattacharyya, Florian Hofhammer, Yuanlong Li, Siddharth Gupta, Andrés Sánchez, Babak Falsafi, Mathias Payer |
PDF |
- |
- |
| WaVe: a verifiably secure WebAssembly sandboxing runtime. |
Evan Johnson, Evan Laufer, Zijie Zhao, Dan Gohman, Shravan Narayan, Stefan Savage, Deian Stefan, Fraser Brown |
PDF |
- |
- |
| μSwitch: Fast Kernel Context Isolation with Implicit Context Switches. |
Dinglan Peng, Congyu Liu, Tapti Palit, Pedro Fonseca, Anjo Vahldiek-Oberwagner, Mona Vij |
PDF |
- |
- |
| Control Flow and Pointer Integrity Enforcement in a Secure Tagged Architecture. |
Ravi Theja Gollapudi, Gokturk Yuksek, David Demicco, Matthew Cole, Gaurav Kothari, Rohit Kulkarni, Xin Zhang, Kanad Ghose, Aravind Prakash, Zerksis Umrigar |
PDF |
- |
- |
| EC: Embedded Systems Compartmentalization via Intra-Kernel Isolation. |
Arslan Khan, Dongyan Xu, Dave Jing Tian |
PDF |
- |
- |
| Low-Cost Privilege Separation with Compile Time Compartmentalization for Embedded Systems. |
Arslan Khan, Dongyan Xu, Dave Jing Tian |
PDF |
- |
- |
| One Key to Rule Them All: Secure Group Pairing for Heterogeneous IoT Devices. |
Habiba Farrukh, Muslum Ozgur Ozmen, Faik Kerem Örs, Z. Berkay Celik |
PDF |
- |
- |
| Optimistic Access Control for the Smart Home. |
Nathan Malkin, Alan F. Luo, Julio Poveda, Michelle L. Mazurek |
PDF |
- |
- |
| Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards. |
Anna Maria Mandalari, Hamed Haddadi, Daniel J. Dubois, David R. Choffnes |
PDF |
- |
- |
| LazyTAP: On-Demand Data Minimization for Trigger-Action Applications. |
Mohammad M. Ahmadpanah, Daniel Hedin, Andrei Sabelfeld |
PDF |
- |
- |
| Blue's Clues: Practical Discovery of Non-Discoverable Bluetooth Devices. |
Tyler Tucker, Hunter Searle, Kevin R. B. Butler, Patrick Traynor |
PDF |
- |
- |
| DeHiREC: Detecting Hidden Voice Recorders via ADC Electromagnetic Radiation. |
Ruochen Zhou, Xiaoyu Ji, Chen Yan, Yi-Chao Chen, Wenyuan Xu, Chaohao Li |
PDF |
- |
- |
| IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation. |
Erik C. Rye, Robert Beverly |
PDF |
- |
- |
| From 5G Sniffing to Harvesting Leakages of Privacy-Preserving Messengers. |
Norbert Ludant, Pieter Robyns, Guevara Noubir |
PDF |
- |
- |
| Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects. |
Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, Ke Xu |
PDF |
- |
- |
| Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable Switches. |
Huancheng Zhou, Sungmin Hong, Yangyang Liu, Xiapu Luo, Weichao Li, Guofei Gu |
PDF |
- |
- |
| PCSPOOF: Compromising the Safety of Time-Triggered Ethernet. |
Andrew D. Loveless, Linh Thi Xuan Phan, Ronald G. Dreslinski, Baris Kasikci |
PDF |
- |
- |
| BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations. |
Imtiaz Karim, Abdullah Al Ishtiaq, Syed Rafiul Hussain, Elisa Bertino |
PDF |
- |
- |
| ViDeZZo: Dependency-aware Virtual Device Fuzzing. |
Qiang Liu, Flavio Toffalini, Yajin Zhou, Mathias Payer |
PDF |
- |
- |
| DevFuzz: Automatic Device Model-Guided Device Driver Fuzzing. |
Yilun Wu, Tong Zhang, Changhee Jung, Dongyoon Lee |
PDF |
- |
- |
| SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers. |
Yu Hao, Guoren Li, Xiaochen Zou, Weiteng Chen, Shitong Zhu, Zhiyun Qian, Ardalan Amiri Sani |
PDF |
- |
- |
| QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries. |
HyungSeok Han, JeongOh Kyea, Yonghwi Jin, Jinoh Kang, Brian Pak, Insu Yun |
PDF |
- |
- |
| Pyfet: Forensically Equivalent Transformation for Python Binary Decompilation. |
Ali Ahad, Chijung Jung, Ammar Askar, Doowon Kim, Taesoo Kim, Yonghwi Kwon |
PDF |
- |
- |
| Adaptive Risk-Limiting Comparison Audits. |
Benjamin Fuller, Abigail Harrison, Alexander Russell |
PDF |
- |
- |
| Blue Is the New Black (Market): Privacy Leaks and Re-Victimization from Police-Auctioned Cellphones. |
Richard Roberts, Julio Poveda, Raley Roberts, Dave Levin |
PDF |
- |
- |
| No Privacy in the Electronics Repair Industry. |
Jason Ceci, Jonah Stegman, Hassan Khan |
PDF |
- |
- |
| How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices. |
Peiyu Liu, Shouling Ji, Lirong Fu, Kangjie Lu, Xuhong Zhang, Jingchang Qin, Wenhai Wang, Wenzhi Chen |
PDF |
- |
- |
| Privacy Leakage via Unrestricted Motion-Position Sensors in the Age of Virtual Reality: A Study of Snooping Typed Input on Virtual Keyboards. |
Yi Wu, Cong Shi, Tianfang Zhang, Payton Walker, Jian Liu, Nitesh Saxena, Yingying Chen |
PDF |
- |
- |
| Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels. |
Tao Ni, Xiaokuan Zhang, Chaoshun Zuo, Jianfeng Li, Zhenyu Yan, Wubing Wang, Weitao Xu, Xiapu Luo, Qingchuan Zhao |
PDF |
- |
- |
| MagBackdoor: Beware of Your Loudspeaker as A Backdoor For Magnetic Injection Attacks. |
Tiantian Liu, Feng Lin, Zhangsen Wang, Chao Wang, Zhongjie Ba, Li Lu, Wenyao Xu, Kui Ren |
PDF |
- |
- |
| Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing. |
Yan Long, Chen Yan, Shilin Xiao, Shivan Prasad, Wenyuan Xu, Kevin Fu |
PDF |
- |
- |
| Low-effort VR Headset User Authentication Using Head-reverberated Sounds with Replay Resistance. |
Ruxin Wang, Long Huang, Chen Wang |
PDF |
- |
- |