Stop the war!Остановите войну!
for scientists:
default search action
Google
Google Scholar
Semantic Scholar
Internet Archive Scholar
CiteSeerX
ORCID33rd USENIX Security Symposium 2024: Philadelphia, PA, USA
- Davide Balzarotti, Wenyuan Xu:
33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association 2024
User Studies I: Social Media Platforms
- Ananta Soneji, Vaughn Hamilton, Adam Doupé, Allison McDonald, Elissa M. Redmiles:
"I feel physically safe but not politically safe": Understanding the Digital Threats and Safety Practices of OnlyFans Creators. - Lea Gröber, Waleed Arshad, Shanza, Angelica Goetzen, Elissa M. Redmiles, Maryam Mustafa, Katharina Krombholz:
"I chose to fight, be brave, and to deal with it": Threat Experiences and Security Practices of Pakistani Content Creators. - Madiha Tabassum, Alana Mackey, Ashley Schuett, Ada Lerner:
Investigating Moderation Challenges to Combating Hate and Harassment: The Case of Mod-Admin Power Dynamics and Feature Misuse on Reddit. - Lucy Qin, Vaughn Hamilton, Sharon Wang, Yigit Aydinalp, Marin Scarlett, Elissa M. Redmiles:
"Did They F***ing Consent to That?": Safer Digital Intimacy via Proactive Protection Against Image-Based Sexual Abuse.
Hardware Security I: Attacks and Defense
- Vasudev Gohil, Satwik Patnaik, Dileep Kalathil, Jeyavijayan Rajendran:
AttackGNN: Red-Teaming GNNs in Hardware Security Using Reinforcement Learning. - Lakshmi Likhitha Mankali, Ozgur Sinanoglu, Satwik Patnaik:
INSIGHT: Attacking Industry-Adopted Learning Resilient Logic Locking Techniques Using Explainable Graph Neural Network. - Qibo Zhang, Daibo Liu, Xinyu Zhang, Zhichao Cao, Fanzi Zeng, Hongbo Jiang, Wenqiang Jin:
Eye of Sauron: Long-Range Hidden Spy Camera Detection and Positioning with Inbuilt Memory EM Radiation. - Ting Su, Yaohua Wang, Shi Xu, Lusi Zhang, Simin Feng, Jialong Song, Yiming Liu, Yongkang Tang, Yang Zhang, Shaoqing Li, Yang Guo, Hengzhu Liu:
Improving the Ability of Thermal Radiation Based Hardware Trojan Detection.
System Security I: OS
- Fangfei Yang, Bumjin Im, Weijie Huang, Kelly Kaoudis, Anjo Vahldiek-Oberwagner, Chia-Che Tsai, Nathan Dautenhahn:
Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation. - Peihua Zhang, Chenggang Wu, Xiangyu Meng, Yinqian Zhang, Mingfan Peng, Shiyang Zhang, Bing Hu, Mengyao Xie, Yuanming Lai, Yan Kang, Zhe Wang:
HIVE: A Hardware-assisted Isolated Execution Environment for eBPF on AArch64. - Junho Ahn, Jaehyeon Lee, Kanghyuk Lee, Wooseok Gwak, Minseong Hwang, Youngjin Kwon:
BUDAlloc: Defeating Use-After-Free Bugs by Decoupling Virtual Address Management from Kernel. - Seunghun Han, Seong-Joong Kim, Wook Shin, Byung Joon Kim, Jae-Cheol Ryou:
Page-Oriented Programming: Subverting Control-Flow Integrity of Commodity Operating System Kernels with Non-Writable Code Pages.
Network Security I: DDoS
- Sophia Yoo, Xiaoqi Chen, Jennifer Rexford:
SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes. - Yepeng Pan, Anna Ascheman, Christian Rossow:
Loopy Hell(ow): Infinite Traffic Loops at the Application Layer. - Marc Wyss, Adrian Perrig:
Zero-setup Intermediate-rate Communication Guarantees in a Global Internet. - Weihao Su, Hong Huang, Rongchen Li, Haiming Chen, Tingjian Ge:
Towards an Effective Method of ReDoS Detection for Non-backtracking Engines.
ML I: Federated Learning
- Yifeng Cai, Ziqi Zhang, Jiaping Gui, Bingyan Liu, Xiaoke Zhao, Ruoyu Li, Zhe Li, Ding Li:
FAMOS: Robust Privacy-Preserving Authentication on Payment Apps via Federated Multi-Modal Contrastive Learning. - Hongyan Chang, Brandon Edwards, Anindya S. Paul, Reza Shokri:
Efficient Privacy Auditing in Federated Learning. - Qi Tan, Qi Li, Yi Zhao, Zhuotao Liu, Xiaobing Guo, Ke Xu:
Defending Against Data Reconstruction Attacks in Federated Learning: An Information Theory Approach. - Zhifeng Jiang, Peng Ye, Shiqi He, Wei Wang, Ruichuan Chen, Bo Li:
Lotto: Secure Participant Selection against Adversarial Servers in Federated Learning.
Security Analysis I: Source Code and Binary
- Zion Leonahenahe Basque, Ati Priya Bajaj, Wil Gibbs, Jude O'Kain, Derron Miao, Tiffany Bao, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang:
Ahoy SAILR! There is No Need to DREAM of C: A Compiler-Aware Structuring Algorithm for Binary Decompilation. - Luke Dramko, Jeremy Lacomis, Edward J. Schwartz, Bogdan Vasilescu, Claire Le Goues:
A Taxonomy of C Decompiler Fidelity Issues. - Muqi Zou, Arslan Khan, Ruoyu Wu, Han Gao, Antonio Bianchi, Dave (Jing) Tian:
D-Helix: A Generic Decompiler Testing Framework Using Symbolic Differentiation. - Zhenxiao Qi, Jie Hu, Zhaoqi Xiao, Heng Yin:
SymFit: Making the Common (Concrete) Case Fast for Binary-Code Concolic Execution.
Crypto I: Secret Key Exchange
- Daniel Collins, Loïs Huguenin-Dumittan, Ngoc Khanh Nguyen, Nicolas Rolin, Serge Vaudenay:
K-Waay: Fast and Deniable Post-Quantum X3DH without Ring Signatures. - Gabriel Karl Gegenhuber, Florian Holzbauer, Philipp É. Frenzel, Edgar R. Weippl, Adrian Dabrowski:
Diffie-Hellman Picture Show: Key Exchange Stories from Commercial VoWiFi Deployments. - Karthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer, Rolfe Schmidt:
Formal verification of the PQXDH Post-Quantum key agreement protocol for end-to-end secure messaging. - Phillip Gajland, Bor de Kock, Miguel Quaresma, Giulio Malavolta, Peter Schwabe:
SWOOSH: Efficient Lattice-Based Non-Interactive Key Exchange.
Social Issues I: Phishing and Password
- Xiwen Teoh, Yun Lin, Ruofan Liu, Zhiyong Huang, Jin Song Dong:
PhishDecloaker: Detecting CAPTCHA-cloaked Phishing Websites via Hybrid Vision-based Interactive Models. - Ruofan Liu, Yun Lin, Xiwen Teoh, Gongshen Liu, Zhiyong Huang, Jin Song Dong:
Less Defined Knowledge and More True Alarms: Reference-based Phishing Detection without a Pre-defined Reference List. - Raja Hasnain Anwar, Syed Rafiul Hussain, Muhammad Taqi Raza:
In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping. - Zonghao Huang, Lujo Bauer, Michael K. Reiter:
The Impact of Exposed Passwords on Honeyword Efficacy.
Side Channel I: Transient Execution
- Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, Cristiano Giuffrida:
InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2. - Anirban Chakraborty, Nimish Mishra, Debdeep Mukhopadhyay:
Shesha : Multi-head Microarchitectural Leakage Discovery in new-generation Intel Processors. - Di Jin, Alexander J. Gaidis, Vasileios P. Kemerlis:
BeeBox: Hardening BPF against Transient Execution Attacks. - Xiaoyu Cheng, Fei Tong, Hongyu Wang, Zhe Zhou, Fang Jiang, Yuxing Mao:
SpecLFB: Eliminating Cache Side Channels in Speculative Executions.
Mobile Security I
- Haoran Lu, Yichen Liu, Xiaojing Liao, Luyi Xing:
Towards Privacy-Preserving Social-Media SDKs on Android. - Jiawei Li, Jian Mao, Jun Zeng, Qixiao Lin, Shaowen Feng, Zhenkai Liang:
UIHash: Detecting Similar Android UIs through Grid-Based Visual Appearance Representation. - Sajjad Pourali, Xiufen Yu, Lianying Zhao, Mohammad Mannan, Amr M. Youssef:
Racing for TLS Certificate Validation: A Hijacker's Guide to the Android TLS Galaxy. - Haichuan Xu, Mingxuan Yao, Runze Zhang, Mohamed Moustafa Dawoud, Jeman Park, Brendan Saltaformaggio:
DVa: Extracting Victims and Abuse Vectors from Android Accessibility Malware.
Web Security I
- Aleksei Stafeev, Giancarlo Pellegrino:
SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements. - Wenlong Du, Jian Li, Yanhao Wang, Libo Chen, Ruijie Zhao, Junmin Zhu, Zhengguang Han, Yijun Wang, Zhi Xue:
Vulnerability-oriented Testing for RESTful APIs. - Pedro Bernardo, Lorenzo Veronese, Valentino Dalla Valle, Stefano Calzavara, Marco Squarcina, Pedro Adão, Matteo Maffei:
Web Platform Threats: Automated Detection of Web Security Issues With WPT. - Mir Masood Ali, Mohammad Ghasemisharif, Chris Kanich, Jason Polakis:
Rise of Inspectron: Automated Black-box Auditing of Cross-platform Electron Apps.
LLM for Security
- Yuexin Li, Chengyu Huang, Shumin Deng, Mei Lin Lock, Tri Cao, Nay Oo, Hoon Wei Lim, Bryan Hooi:
KnowPhish: Large Language Models Meet Multimodal Knowledge Graphs for Enhancing Reference-Based Phishing Detection. - Peiyu Liu, Junming Liu, Lirong Fu, Kangjie Lu, Yifan Xia, Xuhong Zhang, Wenzhi Chen, Haiqin Weng, Shouling Ji, Wenhai Wang:
Exploring ChatGPT's Capabilities on Vulnerability Management. - Chongzhou Fang, Ning Miao, Shaurya Srivastav, Jialin Liu, Ruoyu Zhang, Ruijie Fang, Asmita, Ryan Tsang, Najmeh Nazari, Han Wang, Houman Homayoun:
Large Language Models for Code Analysis: Do LLMs Really Do Their Job? - Gelei Deng, Yi Liu, Víctor Mayoral Vilches, Peng Liu, Yuekang Li, Yuan Xu, Martin Pinzger, Stefan Rass, Tianwei Zhang, Yang Liu:
PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing.
Fuzzing I: Software
- Jiming Wang, Yan Kang, Chenggang Wu, Yuhao Hu, Yue Sun, Jikai Ren, Yuanming Lai, Mengyao Xie, Charles Zhang, Tao Li, Zhe Wang:
OptFuzz: Optimization Path Guided Fuzzing for JavaScript JIT Compilers. - Asmita, Yaroslav Oliinyk, Michael Scott, Ryan Tsang, Chongzhou Fang, Houman Homayoun:
Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing. - Yupeng Yang, Yongheng Chen, Rui Zhong, Jizhou Chen, Wenke Lee:
Towards Generic Database Management System Fuzzing. - Alexander Bulekov, Qiang Liu, Manuel Egele, Mathias Payer:
HYPERPILL: Fuzzing for Hypervisor-bugs by leveraging the Hardware Virtualization Interface.
Differential Privacy I
- Tianxi Ji, Pan Li:
Less is More: Revisiting the Gaussian Mechanism for Differential Privacy. - Kai Dong, Zheng Zhang, Chuang Jia, Zhen Ling, Ming Yang, Junzhou Luo, Xinwen Fu:
Relation Mining Under Local Differential Privacy. - Anvith Thudi, Hengrui Jia, Casey Meehan, Ilia Shumailov, Nicolas Papernot:
Gradients Look Alike: Sensitivity is Often Overestimated in DP-SGD. - Zihao Wang, Rui Zhu, Dongruo Zhou, Zhikun Zhang, John Mitchell, Haixu Tang, XiaoFeng Wang:
DPAdapter: Improving Differentially Private Deep Learning through Noise Tolerance Pre-training.
Deepfake and Synthesis
- Matthew Joslin, Xian Wang, Shuang Hao:
Double Face: Leveraging User Intelligence to Characterize and Recognize AI-synthesized Faces. - Seth Layton, Tyler Tucker, Daniel Olszewski, Kevin Warren, Kevin R. B. Butler, Patrick Traynor:
SoK: The Good, The Bad, and The Unbalanced: Measuring Structural Limitations of Deepfake Media Datasets. - Nan Jiang, Bangjie Sun, Terence Sim, Jun Han:
Can I Hear Your Face? Pervasive Attack on Voice Authentication Systems with a Single Face Image. - Haichen Wang, Shuchao Pang, Zhigang Lu, Yihang Rao, Yongbin Zhou, Minhui Xue:
dp-promise: Differentially Private Diffusion Probabilistic Models for Image Synthesis.
Hardware Security II: Architecture and Microarchitecture
- Xingkai Wang, Wenbo Shen, Yujie Bu, Jinmeng Zhou, Yajin Zhou:
DMAAUTH: A Lightweight Pointer Integrity-based Secure Architecture to Defeat DMA Attacks. - Ping-Lun Wang, Riccardo Paccagnella, Riad S. Wahby, Fraser Brown:
Bending microarchitectural weird machines towards practicality. - Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella, Daniel Genkin:
GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers. - Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz:
CacheWarp: Software-based Fault Injection using Selective State Reset.
System Security II: OS Kernel
- Hongyi Lu, Shuai Wang, Yechang Wu, Wanning He, Fengwei Zhang:
MOAT: Towards Safe BPF Kernel Extension. - Zicheng Wang, Yicheng Guang, Yueqi Chen, Zhenpeng Lin, Michael V. Le, Dang K. Le, Dan Williams, Xinyu Xing, Zhongshu Gu, Hani Jamjoom:
SeaK: Rethinking the Design of a Secure Allocator for OS Kernel. - Ziyi Guo, Dang K. Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé, Xinyu Xing:
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation. - Victor Duta, Mitchel Aloserij, Cristiano Giuffrida:
SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch Caching.
Network Security II: Attacks
- Jonas Kaspereit, Gurur Öndarö, Gustavo Luvizotto Cesar, Simon Ebbers, Fabian Ising, Christoph Saatjohann, Mattijs Jonker, Ralph Holz, Sebastian Schinzel:
LanDscAPe: Exploring LDAP weaknesses and data leaks at Internet scale. - Jinrui Ma, Lutong Chen, Kaiping Xue, Bo Luo, Xuanbo Huang, Mingrui Ai, Huanjie Zhang, David S. L. Wei, Yan Zhuang:
FakeBehalf: Imperceptible Email Spoofing Attacks against the Delegation Mechanism in Email Systems. - Yunyi Zhang, Baojun Liu, Haixin Duan, Min Zhang, Xiang Li, Fan Shi, Chengxi Xu, Eihal Alowaisheq:
Rethinking the Security Threats of Stale DNS Glue Records. - Carlo Mazzocca, Abbas Acar, A. Selcuk Uluagac, Rebecca Montanari:
EVOKE: Efficient Revocation of Verifiable Credentials in IoT Networks.
ML II: Fault Injection and Robustness
- Shuo Wang, Hongsheng Hu, Jiamin Chang, Benjamin Zi Hao Zhao, Qi Alfred Chen, Minhui Xue:
DNN-GP: Diagnosing and Mitigating Model's Faults Using Latent Concepts. - Shaofeng Li, Xinyu Wang, Minhui Xue, Haojin Zhu, Zhi Zhang, Yansong Gao, Wen Wu, Xuemin (Sherman) Shen:
Yes, One-Bit-Flip Matters! Universal DNN Model Inference Depletion with Runtime Code Fault Injection. - Zihao Wang, Di Tang, XiaoFeng Wang, Wei He, Zhaoyang Geng, Wenhao Wang:
Tossing in the Dark: Practical Bit-Flipping on Gray-box Deep Neural Networks for Runtime Trojan Injection. - Najmeh Nazari, Hosein Mohammadi Makrani, Chongzhou Fang, Hossein Sayadi, Setareh Rafatirad, Khaled N. Khasawneh, Houman Homayoun:
Forget and Rewire: Enhancing the Resilience of Transformer-based Models against Bit-Flip Attacks.
Security Analysis II: Program Analysis
- Yunlong Xing, Shu Wang, Shiyu Sun, Xu He, Kun Sun, Qi Li:
What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual Check. - Yuandao Cai, Yibo Jin, Charles Zhang:
Unleashing the Power of Type-Based Call Graph Construction by Using Regional Pointer Information. - Brian Johannesmeyer, Asia Slowinska, Herbert Bos, Cristiano Giuffrida:
Practical Data-Only Attack Generation. - Yizhuo Zhai, Zhiyun Qian, Chengyu Song, Manu Sridharan, Trent Jaeger, Paul L. Yu, Srikanth V. Krishnamurthy:
Don't Waste My Efforts: Pruning Redundant Sanitizer Checks by Developer-Implemented Type Checks.
Zero-Knowledge Proof I
- Yibin Yang, David Heath:
Two Shuffles Make a RAM: Improved Constant Overhead Zero Knowledge RAM. - Jiajun Xin, Arman Haghighi, Xiangan Tian, Dimitrios Papadopoulos:
Notus: Dynamic Proofs of Liabilities from Zero-knowledge RSA Accumulators. - Hongbo Wen, Jon Stephens, Yanju Chen, Kostas Ferles, Shankara Pailoor, Kyle Charbonnet, Isil Dillig, Yu Feng:
Practical Security Analysis of Zero-Knowledge Proof Circuits. - Bolton Bailey, Andrew Miller:
Formalizing Soundness Proofs of Linear PCP SNARKs.
Measurement I: Fraud and Malware and Spam
- Saidu Sokoto, Leonhard Balduf, Dennis Trautwein, Yiluo Wei, Gareth Tyson, Ignacio Castro, Onur Ascigil, George Pavlou, Maciej Korczynski, Björn Scheuermann, Michal Król:
Guardians of the Galaxy: Content Moderation in the InterPlanetary File System. - Limin Yang, Zhi Chen, Chenkai Wang, Zhenning Zhang, Sushruth Booma, Phuong Cao, Constantin Adam, Alexander Withers, Zbigniew Kalbarczyk, Ravishankar K. Iyer, Gang Wang:
True Attacks, Attack Attempts, or Benign Triggers? An Empirical Measurement of Network Alerts in a Security Operations Center. - Chang Yue, Chen Zhong, Kai Chen, Zhiyu Zhang, Yeonjoon Lee:
DARKFLEECE: Probing the Dark Side of Android Subscription Apps. - Yunyi Zhang, Mingxuan Liu, Baojun Liu, Yiming Zhang, Haixin Duan, Min Zhang, Hui Jiang, Yanzhe Li, Fan Shi:
Into the Dark: Unveiling Internal Site Search Abused for Black Hat SEO.
Side Channel II: RowHammer
- Ataberk Olgun, Yahya Can Tugrul, Nisa Bostanci, Ismail Emir Yuksel, Haocong Luo, Steve Rhyner, Abdullah Giray Yaglikçi, Geraldo F. Oliveira, Onur Mutlu:
ABACuS: All-Bank Activation Counters for Scalable and Low Overhead RowHammer Mitigation. - Ingab Kang, Walter Wang, Jason Kim, Stephan van Schaik, Youssef Tobah, Daniel Genkin, Andrew Kwong, Yuval Yarom:
SledgeHammer: Amplifying Rowhammer via Bank-level Parallelism. - Patrick Jattke, Max Wipfli, Flavien Solt, Michele Marazzi, Matej Bölcskei, Kaveh Razavi:
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms. - Youssef Tobah, Andrew Kwong, Ingab Kang, Daniel Genkin, Kang G. Shin:
Go Go Gadget Hammer: Flipping Nested Pointers for Arbitrary Data Leakage.
Forensics
- Fabian Schwarz, Christian Rossow:
00SEVen - Re-enabling Virtual Machine Forensics: Introspecting Confidential VMs Using Privileged in-VM Agents. - Joey Allen, Zheng Yang, Feng Xiao, Matthew Landen, Roberto Perdisci, Wenke Lee:
WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web. - David Oygenblik, Carter Yagemann, Joseph Zhang, Arianna Mastali, Jeman Park, Brendan Saltaformaggio:
AI Psychiatry: Forensic Investigation of Deep Learning Networks in Memory Images. - Le Yu, Yapeng Ye, Zhuo Zhang, Xiangyu Zhang:
Cost-effective Attack Forensics by Recording and Correlating File System Changes.
ML for Security
- Ahmed Bouhoula, Karel Kubicek, Amit Zac, Carlos Cotrini, David A. Basin:
Automated Large-Scale Analysis of Cookie Notice Compliance. - Saravanan Thirumuruganathan, Fatih Deniz, Issa Khalil, Ting Yu, Mohamed Nabeel, Mourad Ouzzani:
Detecting and Mitigating Sampling Bias in Cybersecurity with Unlabeled Data. - Haojie He, Xingwei Lin, Ziang Weng, Ruijie Zhao, Shuitao Gan, Libo Chen, Yuede Ji, Jiashui Wang, Zhi Xue:
Code is not Natural Language: Unlock the Power of Semantics-Oriented Graph Representation for Binary Code Similarity Detection. - Samiha Shimmi, Ashiqur Rahman, Mohan Gadde, Hamed Okhravi, Mona Rahimi:
VulSim: Leveraging Similarity of Multi-Dimensional Neighbor Embeddings for Vulnerability Detection.
LLM I: Attack and Defense
- Shenao Yan, Shen Wang, Yue Duan, Hanbin Hong, Kiho Lee, Doowon Kim, Yuan Hong:
An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection. - Ruisi Zhang, Shehzeen Samarah Hussain, Paarth Neekhara, Farinaz Koushanfar:
REMARK-LLM: A Robust and Efficient Watermarking Framework for Generative Large Language Models. - Yupei Liu, Yuqi Jia, Runpeng Geng, Jinyuan Jia, Neil Zhenqiang Gong:
Formalizing and Benchmarking Prompt Injection Attacks and Defenses. - Rui Zhang, Hongwei Li, Rui Wen, Wenbo Jiang, Yuan Zhang, Michael Backes, Yun Shen, Yang Zhang:
Instruction Backdoor Attacks Against Customized LLMs.
Software Vulnerability Detection
- Siyue Feng, Yueming Wu, Wenjie Xue, Sikui Pan, Deqing Zou, Yang Liu, Hai Jin:
FIRE: Combining Multi-Stage Filtering with Taint Analysis for Scalable Recurring Vulnerability Detection. - Niels Dossche, Bart Coppens:
Inference of Error Specifications and Bug Detection Using Structural Similarities. - Joschua Schilling, Andreas Wendler, Philipp Görz, Nils Bars, Moritz Schloegel, Thorsten Holz:
A Binary-level Thread Sanitizer or Why Sanitizing on the Binary Level is Hard. - Tianchang Yang, Syed Md. Mukit Rashid, Ali Ranjbar, Gang Tan, Syed Rafiul Hussain:
ORANalyst: Systematic Testing Framework for Open RAN Implementations.
Cryptographic Protocols I: Multi-Party Computation
- Fengrun Liu, Xiang Xie, Yu Yu:
Scalable Multi-Party Computation Protocols for Machine Learning in the Honest-Majority Setting. - Xiang Xie, Kang Yang, Xiao Wang, Yu Yu:
Lightweight Authentication of Web Data via Garble-Then-Prove. - Hidde Lycklama, Alexander Viand, Nicolas Küchler, Christian Knabenhans, Anwar Hithnawi:
Holding Secrets Accountable: Auditing Privacy-Preserving Machine Learning. - Ryan Little, Lucy Qin, Mayank Varia:
Secure Account Recovery for a Privacy-Preserving Web Service.
User Studies II: At-Risk Users
- Lana Ramjit, Natalie Dolci, Francesca Rossi, Ryan Garcia, Thomas Ristenpart, Dana Cuomo:
Navigating Traumatic Stress Reactions During Computer Security Interventions. - Anastassija Kostan, Sara Olschar, Lucy Simko, Yasemin Acar:
Exploring digital security and privacy in relative poverty in Germany through qualitative interviews. - Kabir Panahi, Shawn Robertson, Yasemin Acar, Alexandru G. Bardas, Tadayoshi Kohno, Lucy Simko:
"But they have overlooked a few things in Afghanistan: " An Analysis of the Integration of Biometric Voter Verification in the 2019 Afghan Presidential Elections. - Yuanyuan Feng, Abhilasha Ravichander, Yaxing Yao, Shikun Zhang, Rex Chen, Shomir Wilson, Norman Sadeh:
Understanding How to Inform Blind and Low-Vision Users about Data Privacy through Privacy Question Answering Assistants. - Filipo Sharevski, Aziz Zeidieh:
Assessing Suspicious Emails with Banner Warnings Among Blind and Low-Vision Users in Realistic Settings.
Side Channel III
- Zhenkai Zhang, Kunbei Cai, Yanan Guo, Fan Yao, Xing Gao:
Invalidate+Compare: A Timer-Free GPU Cache Attack Primitive. - Yan Lin, Joshua Wong, Xiang Li, Haoyu Ma, Debin Gao:
Peep With A Mirror: Breaking The Integrity of Android App Sandboxing via Unprivileged Cache Side Channel. - Luyi Li, Hosein Yavarzadeh, Dean M. Tullsen:
Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor. - Hyunwoo Choi, Suryeon Kim, Seungwon Shin:
Prefetch for Fun and Profit: A Revisit of Prefetch Attacks on Apple M1. - Marton Bognar, Cas Magnus, Frank Piessens, Jo Van Bulck:
Intellectual Property Exposure: Subverting and Securing Intellectual Property Encapsulation in Texas Instruments Microcontrollers.
ML III: Secure ML
- Wei Ao, Vishnu Naresh Boddeti:
AutoFHE: Automated Adaption of CNNs for Efficient Evaluation over FHE. - Abdulrahman Diaa, Lucas Fenaux, Thomas Humphries, Marian Dietz, Faezeh Ebrahimianghazani, Bailey Kacsmar, Xinda Li, Nils Lukas, Rasoul Akhavan Mahdavi, Simon Oya, Ehsan Amjadian, Florian Kerschbaum:
Fast and Private Inference of Deep Neural Networks by Co-designing Activation Functions. - Zhibo Xu, Shangqi Lai, Xiaoning Liu, Alsharif Abuadbba, Xingliang Yuan, Xun Yi:
OblivGNN: Oblivious Inference on Transductive and Inductive Graph Neural Network. - Boshi Yuan, Shixuan Yang, Yongxiang Zhang, Ning Ding, Dawu Gu, Shi-Feng Sun:
MD-ML: Super Fast Privacy-Preserving Machine Learning for Malicious Security with a Dishonest Majority. - Zhenghang Ren, Mingxuan Fan, Zilong Wang, Junxue Zhang, Chaoliang Zeng, Zhicong Huang, Cheng Hong, Kai Chen:
Accelerating Secure Collaborative Machine Learning with Protocol-Aware RDMA.
Measurement II: Network
- Reethika Ramesh, Philipp Winter, Sam Korman, Roya Ensafi:
CalcuLatency: Leveraging Cross-Layer Network Latency Measurements to Detect Proxy-Enabled Abuse. - Grant Williams, Mert Erdemir, Amanda Hsu, Shraddha Bhat, Abhishek Bhaskar, Frank Li, Paul Pearce:
6Sense: Internet-Wide IPv6 Scanning and its Security Applications. - Yehuda Afek, Anat Bremler-Barr, Shoham Danino, Yuval Shavitt:
A Flushing Attack on the DNS Cache. - Stefan Gast, Roland Czerny, Jonas Juffinger, Fabian Rauscher, Simone Franza, Daniel Gruss:
SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript. - William P. Maxam III, James C. Davis:
An Interview Study on Third-Party Cyber Threat Hunting Processes in the U.S. Department of Homeland Security.
ML IV: Privacy Inference I
- Meenatchi Sundaram Muthu Selva Annamalai, Andrea Gadotti, Luc Rocher:
A Linear Reconstruction Approach for Attribute Inference Attacks against Synthetic Data. - Matthieu Meeus, Shubham Jain, Marek Rei, Yves-Alexandre de Montjoye:
Did the Neurons Read your Book? Document-level Membership Inference for Large Language Models. - Jiacheng Li, Ninghui Li, Bruno Ribeiro:
MIST: Defending Against Membership Inference Attacks Through Membership-Invariant Subspace Training. - Sayedeh Leila Noorbakhsh, Binghui Zhang, Yuan Hong, Binghui Wang:
Inf2Guard: An Information-Theoretic Framework for Learning Privacy-Preserving Representations against Inference Attacks. - Lijin Wang, Jingjing Wang, Jie Wan, Lin Long, Ziqi Yang, Zhan Qin:
Property Existence Inference against Generative Models.
Fuzzing II: Method
- Penghui Li, Wei Meng, Chao Zhang:
SDFuzz: Target States Driven Directed Fuzzing. - Yi Xiang, Xuhong Zhang, Peiyu Liu, Shouling Ji, Xiao Xiao, Hong Liang, Jiacheng Xu, Wenhai Wang:
Critical Code Guided Directed Greybox Fuzzing for Commits. - Huanyao Rong, Wei You, Xiaofeng Wang, Tianhao Mao:
Toward Unbiased Multiple-Target Fuzzing with Path Diversity. - Zheng Zhang, Yu Hao, Weiteng Chen, Xiaochen Zou, Xingyu Li, Haonan Li, Yizhuo Zhai, Zhiyun Qian, Billy Lau:
SymBisect: Accurate Bisection for Fuzzer-Exposed Vulnerabilities. - Mingzhe Wang, Jie Liang, Chijin Zhou, Zhiyong Wu, Jingzhou Fu, Zhuo Su, Qing Liao, Bin Gu, Bodong Wu, Yu Jiang:
Data Coverage for Guided Fuzzing.
Crypto II: Searchable Encryption
- Priyanka Mondal, Javad Ghareh Chamani, Ioannis Demertzis, Dimitrios Papadopoulos:
I/O-Efficient Dynamic Searchable Encryption meets Forward & Backward Privacy. - Long Meng, Liqun Chen, Yangguang Tian, Mark Manulis, Suhui Liu:
FEASE: Fast and Expressive Asymmetric Searchable Encryption. - Dongli Liu, Wei Wang, Peng Xu, Laurence T. Yang, Bo Luo, Kaitai Liang:
d-DSE: Distinct Dynamic Searchable Encryption Resisting Volume Leakage in Encrypted Databases. - Tung Le, Rouzbeh Behnia, Jorge Guajardo, Thang Hoang:
MUSES: Efficient Multi-User Searchable Encrypted Database. - Hao Nie, Wei Wang, Peng Xu, Xianglong Zhang, Laurence T. Yang, Kaitai Liang:
Query Recovery from Easy to Hard: Jigsaw Attack against SSE.
Social Issues II: Surveillance and Censorship
- Nguyen Phong Hoang, Jakub Dalek, Masashi Crete-Nishihata, Nicolas Christin, Vinod Yegneswaran, Michalis Polychronakis, Nick Feamster:
GFWeb: Measuring the Great Firewall's Web Censorship at Scale. - Cecylia Bocovich, Arlo Breault, David Fifield, Serene, Xiaokang Wang:
Snowflake, a censorship circumvention system using temporary WebRTC proxies. - Patrick Tser Jern Kon, Sina Kamali, Jinyu Pei, Diogo Barradas, Ang Chen, Micah Sherr, Moti Yung:
SpotProxy: Rediscovering the Cloud for Censorship Circumvention. - Diwen Xue, Anna Ablove, Reethika Ramesh, Grace Kwak Danciu, Roya Ensafi:
Bridging Barriers: A Survey of Challenges and Priorities in the Censorship Circumvention Landscape. - Diwen Xue, Michalis Kallitsis, Amir Houmansadr, Roya Ensafi:
Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes.
AR and VR
- Kaiming Cheng, Arkaprabha Bhattacharya, Michelle Lin, Jaewook Lee, Aroosh Kumar, Jeffery F. Tian, Tadayoshi Kohno, Franziska Roesner:
When the User Is Inside the User Interface: An Empirical Study of UI Security Properties in Augmented Reality. - Zhuolin Yang, Zain Sarwar, Iris Hwang, Ronik Bhaskar, Ben Y. Zhao, Haitao Zheng:
Can Virtual Reality Protect Users from Keystroke Inference Attacks? - Zihao Su, Kunlin Cai, Reuben Beeler, Lukas Dresel, Allan Garcia, Ilya Grishchenko, Yuan Tian, Christopher Kruegel, Giovanni Vigna:
Remote Keylogging Attacks in Multi-user VR Applications. - Carter Slocum, Yicheng Zhang, Erfan Shayegani, Pedram Zaree, Nael B. Abu-Ghazaleh, Jiasi Chen:
That Doesn't Go There: Attacks on Shared State in Multi-User Augmented Reality Applications. - Anh Nguyen, Xiaokuan Zhang, Zhisheng Yan:
Penetration Vision through Virtual Reality Headsets: Identifying 360-degree Videos from Head Movements.
User Studies III: Privacy I
- Tanusree Sharma, Lin Kyi, Yang Wang, Asia J. Biega:
"I'm not convinced that they don't collect more than is necessary": User-Controlled Data Minimization Design in Search Engines. - Nataliia Bielova, Laura Litvine, Anysia Nguyen, Mariam Chammat, Vincent Toubiana, Estelle Hary:
The Effect of Design Patterns on (Present and Future) Cookie Consent Decisions. - Rishabh Khandelwal, Asmit Nayak, Paul Chung, Kassem Fawaz
:
Unpacking Privacy Labels: A Measurement and Developer Perspective on Google's Data Safety Section. - Aysun Ogut, Berke Turanlioglu, Doruk Can Metiner, Albert Levi, Cemal Yilmaz, Orçun Çetin, A. Selcuk Uluagac:
Dissecting Privacy Perspectives of Websites Around the World: "Aceptar Todo, Alle Akzeptieren, Accept All...". - Arthur Borem, Elleen Pan, Olufunmilola Obielodan, Aurelie Roubinowitz, Luca Dovichi, Michelle L. Mazurek, Blase Ur:
Data Subjects' Reactions to Exercising Their Right of Access.
ML V: Backdoor Defense
- Bing Sun, Jun Sun, Wayne Koh, Jie Shi:
Neural Network Semantic Backdoor Detection and Mitigation: A Causality-Based Approach. - Changjiang Li, Ren Pang, Bochuan Cao, Zhaohan Xi, Jinghui Chen, Shouling Ji, Ting Wang:
On the Difficulty of Defending Contrastive Learning against Backdoor Attacks. - Hongbin Liu, Michael K. Reiter, Neil Zhenqiang Gong:
Mudjacking: Patching Backdoor Vulnerabilities in Foundation Models. - Kavita Kumari, Alessandro Pegoraro, Hossein Fereidooni, Ahmad-Reza Sadeghi:
Xplain: Analyzing Invisible Correlations in Model Explanation. - Torsten Krauß, Jasper Stang, Alexandra Dmitrienko:
Verify your Labels! Trustworthy Predictions and Datasets via Confidence Scores.
ML VI: Digital Adversarial Attacks
- Yunjie Ge, Pinji Chen, Qian Wang, Lingchen Zhao, Ningping Mou, Peipei Jiang, Cong Wang, Qi Li, Chao Shen:
More Simplicity for Trainers, More Opportunity for Attackers: Black-Box Attacks on Speaker Recognition Systems by Inferring Feature Extractor. - Meng Shen, Changyue Li, Qi Li, Hao Lu, Liehuang Zhu, Ke Xu:
Transferability of White-box Perturbations: Query-Efficient Adversarial Attacks against Commercial DNN Services. - Tingwei Zhang, Rishi D. Jha, Eugene Bagdasaryan, Vitaly Shmatikov:
Adversarial Illusions in Multi-Modal Embeddings. - Qingying Hao, Nirav Diwan, Ying Yuan, Giovanni Apruzzese, Mauro Conti, Gang Wang:
It Doesn't Look Like Anything to Me: Using Diffusion Model to Subvert Visual Phishing Detectors. - Chenxin Sun, Kai Ye, Liangcai Su, Jiayi Zhang, Chenxiong Qian:
Invisibility Cloak: Proactive Defense Against Visual Game Cheating.
Security Analysis III: Protocol
- Kai Tu, Abdullah Al Ishtiaq, Syed Md. Mukit Rashid, Yilu Dong, Weixuan Wang, Tianwei Wu, Syed Rafiul Hussain:
Logic Gone Astray: A Security Analysis Framework for the Control Plane Protocols of 5G Basebands. - Md. Ishtiaq Ashiq, Weitong Li, Tobias Fiebig, Taejoong Chung:
SPF Beyond the Standard: Management and Operational Challenges in Practice and Practical Recommendations. - Jacob Ginesin, Max von Hippel, Evan Defloor, Cristina Nita-Rotaru, Michael Tüxen:
A Formal Analysis of SCTP: Attack Synthesis and Patch Verification. - Feiyang Yu, Quan Zhou, Syed Rafiul Hussain, Danfeng Zhang:
Athena: Analyzing and Quantifying Side Channels of Transport Layer Protocols. - Jannik Dreier, Pascal Lafourcade, Dhekra Mahmoud:
Shaken, not Stirred - Automated Discovery of Subtle Attacks on Protocols using Mix-Nets.
Cryptographic Protocols II
- Chongwon Cho, Samuel Dittmer, Yuval Ishai, Steve Lu, Rafail Ostrovsky:
Rabbit-Mix: Robust Algebraic Anonymous Broadcast from Additive Bases. - Zeyu Liu, Eran Tromer, Yunhao Wang:
PerfOMR: Oblivious Message Retrieval with Reduced Communication and Computation. - Zongyang Zhang, Weihan Li, Yanpei Guo, Kexin Shi, Sherman S. M. Chow, Ximeng Liu, Jin Dong:
Fast RS-IOP Multivariate Polynomial Commitments and Verifiable Secret Sharing. - Saba Eskandarian:
Abuse Reporting for Metadata-Hiding Communication Based on Secret Sharing. - Felix Linker, David A. Basin:
SOAP: A Social Authentication Protocol.
User Studies IV: Policies and Best Practices I
- Ayako Akiyama Hasegawa, Daisuke Inoue, Mitsuaki Akiyama:
How WEIRD is Usable Privacy and Security Research? - Harshini Sri Ramulu, Helen Schmitt, Dominik Wermke, Yasemin Acar:
Security and Privacy Software Creators' Perspectives on Unintended Consequences. - Raphael Serafini, Stefan Albert Horstmann, Alena Naiakshina:
Engaging Company Developers in Security Research Studies: A Comprehensive Literature Review and Quantitative Survey. - Jonas Hielscher, Simon Parkin:
"What Keeps People Secure is That They Met The Security Team": Deconstructing Drivers And Goals of Organizational Security Awareness. - Priyanka Badva, Kopo M. Ramokapane, Eleonora Pantano, Awais Rashid:
Unveiling the Hunter-Gatherers: Exploring Threat Hunting Practices and Challenges in Cyber Defense.
Side Channel IV
- Sioli O'Connell, Lishay Aben Sour, Ron Magen, Daniel Genkin, Yossi Oren, Hovav Shacham, Yuval Yarom:
Pixel Thief: Exploiting SVG Filter Leakage in Firefox and Chrome. - Qisheng Jiang, Chundong Wang:
Sync+Sync: A Covert Channel Built on fsync with Storage. - Roy Weiss, Daniel Ayzenshteyn, Guy Amit, Yisroel Mirsky:
What Was Your Prompt? A Remote Keylogging Attack on AI Assistants. - Amir Sabzi, Rut Vora, Swati Goswami, Margo I. Seltzer, Mathias Lécuyer, Aastha Mehta:
NetShaper: A Differentially Private Network Side-Channel Mitigation System. - Péter Horváth, Dirk Lauret, Zhuoran Liu, Lejla Batina:
SoK: Neural Network Extraction Through Physical Side Channels.
Cloud Security
- Supraja Sridhara, Andrin Bertschi, Benedict Schlüter, Mark Kuhne, Fabio Aliberti, Shweta Shinde:
ACAI: Protecting Accelerator Execution with Arm Confidential Computing Architecture. - Momen Oqaily, Hinddeep Purohit, Yosr Jarraya, Lingyu Wang, Boubakr Nour, Makan Pourzandi, Mourad Debbabi:
ChainPatrol: Balancing Attack Detection and Classification with Performance Overhead for Service Function Chains Using Virtual Trailers. - Benedict Schlüter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, Shweta Shinde:
HECKLER: Breaking Confidential VMs with Malicious Interrupts. - Leo Cao, Luoxi Meng, Deian Stefan, Earlence Fernandes:
Stateful Least Privilege Authorization for the Cloud. - Songlei Wang, Yifeng Zheng, Xiaohua Jia:
GraphGuard: Private Time-Constrained Pattern Detection Over Streaming Graphs in the Cloud.
Blockchain I
- Arka Rai Choudhuri, Sanjam Garg, Julien Piet, Guru-Vamsi Policharla:
Mempool Privacy via Batched Threshold Encryption: Attacks and Defenses. - Aviv Yaish, Kaihua Qin, Liyi Zhou, Aviv Zohar, Arthur Gervais:
Speculative Denial-of-Service Attacks In Ethereum. - Ravindu De Silva, Wenbo Guo, Nicola Ruaro, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna:
GuideEnricher: Protecting the Anonymity of Ethereum Mixing Service Users with Deep Reinforcement Learning. - Tianle Sun, Ningyu He, Jiang Xiao, Yinliang Yue, Xiapu Luo, Haoyu Wang:
All Your Tokens are Belong to Us: Demystifying Address Verification Vulnerabilities in Solidity Smart Contracts. - Han Liu, Daoyuan Wu, Yuqiang Sun, Haijun Wang, Kaixuan Li, Yang Liu, Yixiang Chen:
Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts.
ML VII: Adversarial Attack Defense
- Wei Song, Cong Cong, Haonan Zhong, Jingling Xue:
Correction-based Defense Against Adversarial Video Attacks via Discretization-Enhanced Video Compressive Sensing. - Shengwei An, Lu Yan, Siyuan Cheng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, Xiangyu Zhang:
Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion. - Matan Levi, Aryeh Kontorovich:
Splitting the Difference on Adversarial Training. - Pranav Dahiya, Ilia Shumailov, Ross Anderson:
Machine Learning needs Better Randomness Standards: Randomised Smoothing and PRNG-based attacks. - Chong Xiang, Tong Wu, Sihui Dai, Jonathan Petit, Suman Jana, Prateek Mittal:
PatchCURE: Improving Certifiable Robustness, Model Utility, and Computation Efficiency of Adversarial Patch Defenses.
Language-Based Security
- Eric Cornelissen, Mikhail Shcherbakov, Musard Balliu:
GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes. - Martin Kayondo, Inyoung Bang, Yeongjun Kwak, Hyungon Moon, Yunheung Paek:
MetaSafe: Compiling for Protecting Smart Pointer Metadata to Ensure Safe Rust Integrity. - Kyuwon Cho, Jongyoon Kim, Kha Dinh Duy, Hajeong Lim, Hojoon Lee:
RustSan: Retrofitting AddressSanitizer for Efficient Sanitization of Rust. - Nikolaos Pantelaios, Alexandros Kapravelos:
FV8: A Forced Execution JavaScript Engine for Detecting Evasive Techniques. - Cheng Huang, Nannan Wang, Ziyan Wang, Siqi Sun, Lingzi Li, Junren Chen, Qianchong Zhao, Jiaxuan Han, Zhen Yang, Lei Shi:
DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping.
Zero-Knowledge Proof II
- Véronique Cortier, Alexandre Debant, Anselme Goetschmann, Lucca Hirschi:
Election Eligibility with OpenID: Turning Authentication into Transferable Proof of Eligibility. - Sebastian Angel, Eleftherios Ioannidis, Elizabeth Margolin, Srinath T. V. Setty, Jess Woods:
Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs. - Meng Hao, Hanxiao Chen, Hongwei Li, Chenkai Weng, Yuan Zhang, Haomiao Yang, Tianwei Zhang:
Scalable Zero-knowledge Proofs for Non-linear Functions in Machine Learning. - Daniel Luick, John C. Kolesar, Timos Antonopoulos, William R. Harris, James Parker, Ruzica Piskac, Eran Tromer, Xiao Wang, Ning Luo:
ZKSMT: A VM for Proving SMT Theorems in Zero Knowledge. - Stefanos Chaliasos, Jens Ernstberger, David Theodore, David Wong, Mohammad Jahanara, Benjamin Livshits:
SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs.
Measurement III: Auditing and Best Practices I
- Boyang Zhang, Zheng Li, Ziqing Yang, Xinlei He, Michael Backes, Mario Fritz, Yang Zhang:
SecurityNet: Assessing Machine Learning Vulnerabilities on Public Models. - Apurva Virkud, Muhammad Adil Inam, Andy Riddle, Jason Liu, Gang Wang, Adam Bates:
How does Endpoint Detection use the MITRE ATT&CK Framework? - Anna Ablove, Shreyas Chandrashekaran, Hieu Le, Ram Sundara Raman, Reethika Ramesh, Harry Oppenheimer, Roya Ensafi:
Digital Discrimination of Users in Sanctioned States: The Case of the Cuba Embargo. - Michael D. Brown, Adam Meily, Brian Fairservice, Akshay Sood, Jonathan Dorn, Eric Kilmer, Ronald Eytchison:
A Broad Comparative Evaluation of Software Debloating Tools.
Hardware Security III: Signals
- Guoming Zhang, Xiaohui Ma, Huiting Zhang, Zhijie Xiang, Xiaoyu Ji, Yanni Yang, Xiuzhen Cheng, Pengfei Hu:
LaserAdv: Laser Adversarial Attacks on Speech Recognition Systems. - Tiantian Liu, Feng Lin, Zhongjie Ba, Li Lu, Zhan Qin, Kui Ren:
MicGuard: A Comprehensive Detection System against Out-of-band Injection Attacks for Different Level Microphone-based Devices. - Zihao Zhan, Yirui Yang, Haoqi Shan, Hanqiu Wang, Yier Jin, Shuo Wang:
VoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger. - Chao Wang, Feng Lin, Hao Yan, Tong Wu, Wenyao Xu, Kui Ren:
VibSpeech: Exploring Practical Wideband Eavesdropping via Bandlimited Signal of Vibration-based Side Channel.
System Security III: Memory I
- Zhenpeng Lin, Zheng Yu, Ziyi Guo, Simone Campanoni, Peter A. Dinda, Xinyu Xing:
CAMP: Compiler and Allocator-based Heap Memory Protection. - Yanan Guo, Zhenkai Zhang, Jun Yang:
GPU Memory Exploitation for Fun and Profit. - Lukas Maar, Stefan Gast, Martin Unterguggenberger, Mathias Oberhuber, Stefan Mangard:
SLUBStick: Arbitrary Memory Writes through Practical Software Cross-Cache Attacks within the Linux Kernel. - Dinghao Liu, Zhipeng Lu, Shouling Ji, Kangjie Lu, Jianhai Chen, Zhenguang Liu, Dexin Liu, Renyi Cai, Qinming He:
Detecting Kernel Memory Bugs through Inconsistent Memory Management Intention Inferences.
Web Security II: Privacy
- Pranay Jain, Andrew C. Reed, Michael K. Reiter:
Near-Optimal Constrained Padding for Object Retrievals with Dependencies. - Shaoor Munir, Patrick Lee, Umar Iqbal, Sandra Siby, Zubair Shafiq:
PURL: Safe and Effective Sanitization of Link Decoration. - Giuseppe Calderonio, Mir Masood Ali, Jason Polakis:
Fledging Will Continue Until Privacy Improves: Empirical Analysis of Google's Privacy-Preserving Targeted Advertising. - Asya Mitseva, Andriy Panchenko:
Stop, Don't Click Here Anymore: Boosting Website Fingerprinting By Considering Sets of Subpages.
ML VIII: Backdoors and Federated Learning
- Xiaoting Lyu, Yufei Han, Wei Wang, Jingkai Liu, Yongsheng Zhu, Guangquan Xu, Jiqiang Liu, Xiangliang Zhang:
Lurking in the shadows: Unveiling Stealthy Backdoor Attacks against Personalized Federated Learning. - Zhangchen Xu, Fengqing Jiang, Luyao Niu, Jinyuan Jia, Bo Li, Radha Poovendran:
ACE: A Model Poisoning Attack on Contribution Evaluation Methods in Federated Learning. - Songze Li, Yanbo Dai:
BackdoorIndicator: Leveraging OOD Data for Proactive Backdoor Detection in Federated Learning. - Zirui Huang, Yunlong Mao, Sheng Zhong:
UBA-Inf: Unlearning Activated Backdoor Attack with Influence-Driven Camouflage.
Software Security + ML 1
- Dandan Xu, Di Tang, Yi Chen, XiaoFeng Wang, Kai Chen, Haixu Tang, Longxing Li:
Racing on the Negative Force: Efficient Vulnerability Root-Cause Analysis through Reinforcement Learning on Counterexamples. - Niklas Risse, Marcel Böhme:
Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection. - Jialai Wang, Chao Zhang, Longfei Chen, Yi Rong, Yuxiao Wu, Hao Wang, Wende Tan, Qi Li, Zongpeng Li:
Improving ML-based Binary Function Similarity Detection by Assessing and Deprioritizing Control Flow Graph Features. - Chang Zhu, Ziyang Li, Anton Xue, Ati Priya Bajaj, Wil Gibbs, Yibo Liu, Rajeev Alur, Tiffany Bao, Hanjun Dai, Adam Doupé, Mayur Naik, Yan Shoshitaishvili, Ruoyu Wang, Aravind Machiry:
TYGR: Type Inference on Stripped Binaries using Graph Neural Networks.
Crypto III: Password and Secret Key
- Matteo Scarlata, Matilda Backendal, Miro Haller:
MFKDF: Multiple Factors Knocked Down Flat. - Matthias Geihs, Hart Montgomery:
LaKey: Efficient Lattice-Based Distributed PRFs Enable Scalable Distributed Key Management. - Andrés Fábrega, Armin Namavari, Rachit Agarwal, Ben Nassi, Thomas Ristenpart:
Exploiting Leakage in Password Managers via Injection Attacks. - Julia Len, Melissa Chase, Esha Ghosh, Kim Laine, Radames Cruz Moreno:
OPTIKS: An Optimized Key Transparency System.
Social Issues III: Social Media Platform
- Arjun Arunasalam, Habiba Farrukh, Eliz Tekcan, Z. Berkay Celik:
Understanding the Security and Privacy Implications of Online Toxic Content on Refugees. - Miranda Wei, Sunny Consolvo, Patrick Gage Kelley, Tadayoshi Kohno, Tara Matthews, Sarah Meiklejohn, Franziska Roesner, Renee Shelby, Kurt Thomas, Rebecca Umbach:
Understanding Help-Seeking and Help-Giving on Social Media for Image-Based Sexual Abuse. - Pujan Paudel, Mohammad Hammas Saeed, Rebecca Auger, Chris Wells, Gianluca Stringhini:
Enabling Contextual Soft Moderation on Social Media through Contrastive Textual Deviation. - Bhupendra Acharya, Dario Lazzaro, Efrén López-Morales, Adam Oest, Muhammad Saad, Antonio Emanuele Cinà, Lea Schönherr, Thorsten Holz:
The Imitation Game: Exploring Brand Impersonation Attacks on Social Media Platforms.
Wireless Security I: Cellular and Bluetooth
- Abdullah Al Ishtiaq, Sarkar Snigdha Sarathi Das, Syed Md. Mukit Rashid, Ali Ranjbar, Kai Tu, Tianwei Wu, Zhezheng Song, Weixuan Wang, Mujtahid Akon, Rui Zhang, Syed Rafiul Hussain:
Hermes: Unlocking Security Analysis of Cellular Network Protocols by Synthesizing Finite State Machines from Natural Language Specifications. - Jiarong Xing, Sophia Yoo, Xenofon Foukas, Daehyeok Kim, Michael K. Reiter:
On the Criticality of Integrity Protection in 5G Fronthaul Networks. - Tomasz Piotr Lisowski, Merlin Chlosta, Jinjin Wang, Marius Muench:
SIMurai: Slicing Through the Complexity of SIM Card Security Research. - Jianliang Wu, Patrick Traynor, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi:
Finding Traceability Attacks in the Bluetooth Low Energy Specification and Its Implementations.
Mobile Security II
- Lukas Maar, Florian Draschbacher, Lukas Lamster, Stefan Mangard:
Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels. - Zikan Dong, Tianming Liu, Jiapeng Deng, Haoyu Wang, Li Li, Minghui Yang, Meng Wang, Guosheng Xu, Guoai Xu:
Exploring Covert Third-party Identifiers through External Storage in the Android New Era. - Daniele Coppola, Giovanni Camurati, Claudio Anliker, Xenia Hofmeier, Patrick Schaller, David A. Basin, Srdjan Capkun:
PURE: Payments with UWB RElay-protection. - Chuxiong Wu, Qiang Zeng:
Do You See How I Pose? Using Poses as an Implicit Authentication Factor for QR Code Payment.
Measurement IV: Web
- Markus Schöps, Marco Gutfleisch, Eric Wolter, M. Angela Sasse:
Simulated Stress: A Case Study of the Effects of a Simulated Phishing Campaign on Employees' Perception, Stress and Self-Efficacy. - Qinge Xie, Manoj Vignesh Kasi Murali, Paul Pearce, Frank Li:
Arcanum: Detecting and Evaluating the Privacy Risks of Browser Extensions on Web Pages and Web Content. - Brian Kondracki, Nick Nikiforakis:
Smudged Fingerprints: Characterizing and Improving the Performance of Web Application Fingerprinting. - Alejandro Cuevas, Nicolas Christin:
Does Online Anonymous Market Vendor Reputation Matter?
LLM II: Jailbreaking
- Jiahao Yu, Xingwei Lin, Zheng Yu, Xinyu Xing:
LLM-Fuzzer: Scaling Assessment of Large Language Model Jailbreaks. - Zhiyuan Yu, Xiaogeng Liu, Shunning Liang, Zach Cameron, Chaowei Xiao, Ning Zhang:
Don't Listen To Me: Understanding and Exploring Jailbreak Prompts of Large Language Models. - Zilong Lin, Jian Cui, Xiaojing Liao, XiaoFeng Wang:
Malla: Demystifying Real-world Large Language Model Integrated Malicious Services. - Tong Liu, Yingjie Zhang, Zhe Zhao, Yinpeng Dong, Guozhu Meng, Kai Chen:
Making Them Ask and Answer: Jailbreaking Large Language Models in Few Queries via Disguise and Reconstruction.
Fuzzing III: Network
- Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li:
ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. - Yibo Wang, Yuzhe Tang, Kai Li, Wanning Ding, Zhihua Yang:
Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful Fuzzing. - Emre Güler, Sergej Schumilo, Moritz Schloegel, Nils Bars, Philipp Görz, Xinyi Xu, Cemal Kaygusuz, Thorsten Holz:
Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities. - Xiaoyue Ma, Lannan Luo, Qiang Zeng:
From One Thousand Pages of Specification to Unveiling Hidden Bugs: Large Language Model Assisted Fuzzing of Matter IoT Devices.
Differential Privacy II
- Guodong Cao, Zhibo Wang, Yunhe Feng, Xiaowei Dong:
DAAP: Privacy-Preserving Model Accuracy Estimation on Unlabeled Datasets Through Distribution-Aware Adversarial Perturbation. - Giovanni Cherubin, Boris Köpf, Andrew Paverd, Shruti Tople, Lukas Wutschitz, Santiago Zanella Béguelin:
Closed-Form Bounds for DP-SGD against Record-level Inference. - Kecen Li, Chen Gong, Zhixiang Li, Yuzhong Zhao, Xinwen Hou, Tianhao Wang:
PrivImage: Differentially Private Synthetic Image Generation using Diffusion Models with Semantic-Aware Pretraining. - Meenatchi Sundaram Muthu Selva Annamalai, Georgi Ganev, Emiliano De Cristofaro:
"What do you want from theory alone?" Experimenting with Tight Auditing of Differentially Private Synthetic Data Generation.
User Studies V: Policies and Best Practices II
- Hao-Ping (Hank) Lee, Lan Gao, Stephanie S. Yang, Jodi Forlizzi, Sauvik Das:
"I Don't Know If We're Doing Good. I Don't Know If We're Doing Bad": Investigating How Practitioners Scope, Motivate, and Conduct Privacy Work When Developing AI Products. - Kathrin Grosse, Lukas Bieringer, Tarek R. Besold, Alexandre Alahi:
Towards More Practical Threat Models in Artificial Intelligence Security. - Ronald Thompson, Madeline McLaughlin, Carson Powers, Daniel Votipka:
"There are rabbit holes I want to go down that I'm not allowed to go down": An Investigation of Security Expert Threat Modeling Practices for Medical Devices. - Prianka Mandal, Amit Seal Ami, Victor Olaiya, Sayyed Hadi Razmjo, Adwait Nadkarni:
"Belt and suspenders" or "just red tape"?: Investigating Early Artifacts and User Perceptions of IoT App Security Certification. - Yinbo Yu, Yuanqi Xu, Kepu Huang, Jiajia Liu:
TAPFixer: Automatic Detection and Repair of Home Automation Vulnerabilities based on Negated-property Reasoning.
User Studies VI: Privacy II
- Wael S. Albayaydh, Ivan Flechais:
Co-Designing a Mobile App for Bystander Privacy Protection in Jordanian Smart Homes: A Step Towards Addressing a Complex Privacy Landscape. - Naman Gupta, Kate Walsh, Sanchari Das, Rahul Chatterjee:
"I really just leaned on my community for support": Barriers, Challenges and Coping Mechanisms Used by Survivors of Technology-Facilitated Abuse to Seek Social Support. - Tania Ghafourian, Nicholas Micallef, Sameer Patil:
From the Childhood Past: Views of Young Adults on Parental Sharing of Children's Photos. - Reham Mohamed, Arjun Arunasalam, Habiba Farrukh, Jason Tong, Antonio Bianchi, Z. Berkay Celik:
ATTention Please! An Investigation of the App Tracking Transparency Permission. - William Seymour, Noura Abdi, Kopo M. Ramokapane, Jide S. Edu, Guillermo Suarez-Tangil, Jose Such:
Voice App Developer Experiences with Alexa and Google Assistant: Juggling Risks, Liability, and Security.
Measurement V: App
- Karel Dhondt, Victor Le Pochat, Yana Dimova, Wouter Joosen, Stijn Volckaert:
Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps. - Marcel Busch, Philipp Mao, Mathias Payer:
Spill the TeA: An Empirical Study of Trusted Application Rollback Prevention on Android Smartphones. - Omer Akgul, Sai Teja Peddinti, Nina Taft, Michelle L. Mazurek, Hamza Harkous, Animesh Srivastava, Benoit Seguin:
A Decade of Privacy-Relevant Android App Reviews: Large Scale Trends. - Yijing Liu, Yiming Zhang, Baojun Liu, Haixin Duan, Qiang Li, Mingxuan Liu, Ruixuan Li, Jia Yao:
Tickets or Privacy? Understand the Ecosystem of Chinese Ticket Grabbing Apps. - Pujan Paudel, Chen Ling, Jeremy Blackburn, Gianluca Stringhini:
PIXELMOD: Improving Soft Moderation of Visual Misleading Information on Twitter.
Network Security III: Detection
- Yihao Chen, Qilei Yin, Qi Li, Zhuotao Liu, Ke Xu, Yi Xu, Mingwei Xu, Ziqian Liu, Jianping Wu:
Learning with Semantics: Towards a Semantics-Aware Routing Anomaly Detection System. - Seyed Mohammad Mehdi Mirnajafizadeh, Ashwin Raam Sethuram, David Mohaisen, DaeHun Nyang, Rhongho Jang:
Enhancing Network Attack Detection with Distributed and In-Network Data Collection System. - Rafael Uetz, Marco Herzog, Louis Hackländer, Simon Schwarz, Martin Henze:
You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks. - Zian Jia, Yun Xiong, Yuhong Nan, Yao Zhang, Jinjing Zhao, Mi Wen:
MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning. - Mirza Masfiqur Rahman, Imtiaz Karim, Elisa Bertino:
CellularLint: A Systematic Approach to Identify Inconsistent Behavior in Cellular Network Specifications.
ML IX: Model Extraction and Watermark
- Tushar Nayan, Qiming Guo, Mohammed Alduniawi, Marcus Botacin, A. Selcuk Uluagac, Ruimin Sun:
SoK: All You Need to Know About On-Device ML Model Extraction - The Gap Between Research and Practice. - Yuanxin Zhuang, Chuan Shi, Mengmei Zhang, Jinghui Chen, Lingjuan Lyu, Pan Zhou, Lichao Sun:
Unveiling the Secrets without Data: Can Graph Neural Networks Be Exploited through Data-Free Model Extraction Attacks? - Torsten Krauß, Jasper Stang, Alexandra Dmitrienko:
ClearStamp: A Human-Visible and Robust Model-Ownership Proof based on Transposed Model Training. - Alessandro Pegoraro, Carlotta Segna, Kavita Kumari, Ahmad-Reza Sadeghi:
DeepEclipse: How to Break White-Box DNN-Watermarking Schemes. - Minxue Tang, Anna Dai, Louis DiValentin, Aolin Ding, Amin Hass, Neil Zhenqiang Gong, Yiran Chen, Hai (Helen) Li:
ModelGuard: Information-Theoretic Defense Against Model Extraction Attacks.
Fuzzing IV: Hardware and Firmware
- Alejandro Mera, Changming Liu, Ruimin Sun, Engin Kirda, Long Lu:
SHiFT: Semi-hosted Fuzz Testing for Embedded Applications. - Flavien Solt, Katharina Ceesay-Seitz, Kaveh Razavi:
Cascade: CPU Fuzzing via Intricate Program Generation. - Michael Chesser, Surya Nepal, Damith C. Ranasinghe:
MultiFuzz: A Multi-Stream Fuzzer For Testing Monolithic Firmware. - Pallavi Borkar, Chen Chen, Mohamadreza Rostami, Nikhilesh Singh, Rahul Kande, Ahmad-Reza Sadeghi, Chester Rebeiro, Jeyavijayan Rajendran:
WhisperFuzz: White-Box Fuzzing for Detecting and Locating Timing Vulnerabilities in Processors. - Christian Lindenmeier, Mathias Payer, Marcel Busch:
EL3XIR: Fuzzing COTS Secure Monitors.
Crypto IV: Position and Elections
- Ruoyang Guo, Jiarui Li, Shucheng Yu:
GridSE: Towards Practical Secure Geographic Search via Prefix Symmetric Searchable Encryption. - Harry Eldridge, Gabrielle Beck, Matthew Green, Nadia Heninger, Abhishek Jain:
Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem. - Tingfeng Yu, James Henderson, Alwen Tiu, Thomas Haines:
Security and Privacy Analysis of Samsung's Crowd-Sourced Bluetooth Location Tracking System. - Benjamin Fuller, Rashmi Pai, Alexander Russell:
The Decisive Power of Indecision: Low-Variance Risk-Limiting Audits and Election Contestation via Marginal Mark Recording. - Josh Benaloh, Michael Naehrig, Olivier Pereira, Dan S. Wallach:
ElectionGuard: a Cryptographic Toolkit to Enable Verifiable Elections.
Measurement VI: Human Behavior and Security
- Yukiko Sawaya, Sarah Lu, Takamasa Isohara, Mahmood Sharif:
A High Coverage Cybersecurity Scale Predictive of User Behavior. - Veena Krish, Nicola Paoletti, Milad Kazemi, Scott A. Smolka, Amir Rahmati:
Biosignal Authentication Considered Harmful Today. - Marcel Busch, Philipp Mao, Mathias Payer:
GlobalConfusion: TrustZone Trusted Application 0-Days by Design. - Kedong Xiu, Ding Wang:
PointerGuess: Targeted Password Guessing Model Using Pointer Mechanism.
Hardware Security IV: Firmware
- Ryan Tsang, Asmita, Doreen Joseph, Soheil Salehi, Prasant Mohapatra, Houman Homayoun:
FFXE: Dynamic Control Flow Graph Recovery for Embedded Firmware Binaries. - Changming Liu, Alejandro Mera, Engin Kirda, Meng Xu, Long Lu:
CO3: Concolic Co-execution for Firmware. - Nicolas Nino, Ruibo Lu, Wei Zhou, Kyu Hyung Lee, Ziming Zhao, Le Guan:
Unveiling IoT Security in Reality: A Firmware-Centric Journey. - Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, Ning Zhang:
Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities.
Mobile Privacy
- Ioannis Arkalakis, Michalis Diamantaris, Serafeim Moustakas, Sotiris Ioannidis, Jason Polakis, Panagiotis Ilia:
Abandon All Hope Ye Who Enter Here: A Dynamic, Longitudinal Investigation of Android's Data Safety Section. - Dexin Liu, Yue Xiao, Chaoqi Zhang, Kaitao Xie, Xiaolong Bai, Shikun Zhang, Luyi Xing:
iHunter: Hunting Privacy Violations at Scale in the Software Supply Chain on iOS. - Shidong Pan, Dawen Zhang, Mark Staples, Zhenchang Xing, Jieshan Chen, Xiwei Xu, Thong Hoang:
Is It a Trap? A Large-scale Empirical Study And Comprehensive Assessment of Online Automated Privacy Policy Generators for Mobile Apps. - Shidong Pan, Zhen Tao, Thong Hoang, Dawen Zhang, Tianshi Li, Zhenchang Xing, Xiwei Xu, Mark Staples, Thierry Rakotoarivelo, David Lo:
A NEW HOPE: Contextual Privacy Policies for Mobile Applications and An Approach Toward Automated Generation.
Network Security IV: Infrastructure
- Ziyu Lin, Zhiwei Lin, Ximeng Liu, Jianjun Chen, Run Guo, Cheng Chen, Shaodong Xiao:
CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks. - Xuanbo Huang, Kaiping Xue, Lutong Chen, Mingrui Ai, Huancheng Zhou, Bo Luo, Guofei Gu, Qibin Sun:
You Can Obfuscate, but You Cannot Hide: CrossPoint Attacks against Network Topology Obfuscation. - Yunyi Zhang, Mingming Zhang, Baojun Liu, Zhan Liu, Jia Zhang, Haixin Duan, Min Zhang, Fan Shi, Chengxi Xu:
Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure. - Huayi Duan, Marco Bearzi, Jodok Vieli, David A. Basin, Adrian Perrig, Si Liu, Bernhard Tellenbach:
CAMP: Compositional Amplification Attacks against DNS.
LLM III: Abuse
- Keyan Guo, Ayush Utkarsh, Wenbo Ding, Isabelle Ondracek, Ziming Zhao, Guo Freeman, Nishant Vishwamitra, Hongxin Hu:
Moderating Illicit Online Image Promotion for Unsafe User Generated Content Games Using Large Vision-Language Models. - Mazal Bethany, Brandon Wherry, Emet Bethany, Nishant Vishwamitra, Anthony Rios, Peyman Najafirad:
Deciphering Textual Authenticity: A Generalized Strategy through the Lens of Large Language Semantics for Detecting Human vs. Machine-Generated Text. - Xinyue Shen, Yiting Qu, Michael Backes, Yang Zhang:
Prompt Stealing Attacks Against Text-to-Image Generation Models. - Yixin Wu, Rui Wen, Michael Backes, Pascal Berrang, Mathias Humbert, Yun Shen, Yang Zhang:
Quantifying Privacy Risks of Prompts in Visual Prompt Learning.
Security Analysis IV: OS
- Ioannis Angelakopoulos, Gianluca Stringhini, Manuel Egele:
Pandawan: Quantifying Progress in Linux-based Firmware Rehosting. - Tianrou Xia, Hong Hu, Dinghao Wu:
DEEPTYPE: Refining Indirect Call Targets with Strong Multi-layer Type Analysis. - Dinghao Liu, Shouling Ji, Kangjie Lu, Qinming He:
Improving Indirect-Call Analysis in LLVM with Type and Data-Flow Co-Analysis. - Giulio De Pasquale, Ilya Grishchenko, Riccardo Iesari, Gabriel Pizarro, Lorenzo Cavallaro, Christopher Kruegel, Giovanni Vigna:
ChainReactor: Automated Privilege Escalation Chain Discovery via AI Planning.
Crypto V: Private Information Retrieval
- Leo de Castro, Keewoo Lee:
VeriSimplePIR: Verifiability in SimplePIR at No Online Cost for Honest Servers. - Alexander Bienstock, Sarvar Patel, Joon Young Seo, Kevin Yeo:
Batch PIR and Labeled PSI with Oblivious Ciphertext Compression. - Arthur Lazzaretti, Charalampos Papamanthou:
Single Pass Client-Preprocessing Private Information Retrieval. - Samir Jordan Menon, David J. Wu:
YPIR: High-Throughput Single-Server PIR with Silent Preprocessing.
User Studies VII: Policies and Best Practices III
- Sebastian Roth, Lea Gröber, Philipp Baus, Katharina Krombholz, Ben Stock:
Trust Me If You Can - How Usable Is Trusted Types In Practice? - Rohit Raj, Mridul Newar, Mainack Mondal:
"I just hated it and I want my money back": Data-driven Understanding of Mobile VPN Service Switching Preferences in The Wild. - Mingyi Liu, Jun Ho Huh, HyungSeok Han, Jaehyuk Lee, Jihae Ahn, Frank Li, Hyoungshick Kim, Taesoo Kim:
I Experienced More than 10 DeFi Scams: On DeFi Users' Perception of Security Breaches and Countermeasures. - Lea Gröber, Simon Lenau, Rebecca Weil, Elena Groben, Michael Schilling, Katharina Krombholz:
Towards Privacy and Security in Private Clouds: A Representative Survey on the Prevalence of Private Hosting and Administrator Characteristics.
Wireless Security II: Sky and Space
- Robin Bisping, Johannes Willbold, Martin Strohmeier, Vincent Lenders:
Wireless Signal Injection Attacks on VSAT Satellite Modems. - David Koisser, Richard Mitev, Nikita Yadav, Franziska Vollmer, Ahmad-Reza Sadeghi:
Orbital Trust and Privacy: SoK on PKI and Location Privacy Challenges in Space Networks. - Eric Jedermann, Martin Strohmeier, Vincent Lenders, Jens B. Schmitt:
RECORD: A RECeption-Only Region Determination Attack on LEO Satellite Users. - Giacomo Longo, Martin Strohmeier, Enrico Russo, Alessio Merlo, Vincent Lenders:
On a Collision Course: Unveiling Wireless Attacks to the Aircraft Traffic Collision Avoidance System (TCAS).
System Security IV: Multithreading
- Tuo Li, Jia-Ju Bai, Gui-Dong Han, Shi-Min Hu:
LR-Miner: Static Race Detection in OS Kernels by Mining Locking Rules. - Chengfeng Ye, Yuandao Cai, Charles Zhang:
When Threads Meet Interrupts: Effective Static Detection of Interrupt-Based Deadlocks in Linux. - Hany Ragab, Andrea Mambretti, Anil Kurmus, Cristiano Giuffrida:
GhostRace: Exploiting and Mitigating Speculative Race Conditions. - Tianshuo Han, Xiaorui Gong, Jian Liu:
CARDSHARK: Understanding and Stablizing Linux Kernel Concurrency Bugs Against the Odds.
Blockchain II
- Yihao Guo, Minghui Xu, Xiuzhen Cheng, Dongxiao Yu, Wangjie Qiu, Gang Qu, Weibing Wang, Mingming Song:
zkCross: A Novel Architecture for Cross-Chain Privacy-Preserving Auditing. - Jianghong Wei, Guohua Tian, Ding Wang, Fuchun Guo, Willy Susilo, Xiaofeng Chen:
Pixel+ and Pixel++: Compact and Efficient Forward-Secure Multi-Signatures for PoS Blockchain Consensus. - Mingfei Zhang, Rujia Li, Sisi Duan:
Max Attestation Matters: Making Honest Parties Lose Their Incentives in Ethereum PoS. - Michael Mirkin, Lulu Zhou, Ittay Eyal, Fan Zhang:
Sprints: Intermittent Blockchain PoW Mining.
Autonomous and Automatic Systems
- Yang Lou, Yi Zhu, Qun Song, Rui Tan, Chunming Qiao, Wei-Bin Lee, Jianping Wang:
A First Physical-World Trajectory Prediction Attack via LiDAR-induced Deceptions in Autonomous Driving. - Qingzhao Zhang, Shuowei Jin, Ruiyang Zhu, Jiachen Sun, Xumiao Zhang, Qi Alfred Chen, Z. Morley Mao:
On Data Fabrication in Collaborative Vehicular Perception: Attacks and Countermeasures. - Raymond Muller, Yanmao Man, Ming Li, Ryan M. Gerdes, Jonathan Petit, Z. Berkay Celik:
VOGUES: Validation of Object Guise using Estimated Components. - Baodong Chen, Wei Wang, Pascal Sikorski, Ting Zhu:
Adversary is on the Road: Attacks on Visual SLAM using Unnoticeable Adversarial Patch.
Crypto VI: Security Analysis
- Yuanming Song, Lenka Mareková, Kenneth G. Paterson:
Cryptographic Analysis of Delta Chat. - Jipeng Zhang, Junhao Huang, Lirui Zhao, Donglong Chen, Çetin Kaya Koç:
ENG25519: Faster TLS 1.3 handshake using optimized X25519 and Ed25519. - Stéphanie Delaune, Joseph Lallemand, Gwendal Patat, Florian Roudot, Mohamed Sabt:
Formal Security Analysis of Widevine through the W3C EME Standard. - Grace Jia, Rachit Agarwal, Anurag Khandelwal:
Length Leakage in Oblivious Data Access Mechanisms.
Crypto VII: Private Set Operations
- Meng Hao, Weiran Liu, Liqiang Peng, Hongwei Li, Cong Zhang, Hanxiao Chen, Tianwei Zhang:
Unbalanced Circuit-PSI from Oblivious Key-Value Retrieval. - Rasoul Akhavan Mahdavi, Nils Lukas, Faezeh Ebrahimianghazani, Thomas Humphries, Bailey Kacsmar, John A. Premkumar, Xinda Li, Simon Oya, Ehsan Amjadian, Florian Kerschbaum:
PEPSI: Practically Efficient Private Set Intersection in the Unbalanced Setting. - Yanxue Jia, Shi-Feng Sun, Hong-Sheng Zhou, Dawu Gu:
Scalable Private Set Union, with Stronger Security. - Mingli Wu, Tsz Hon Yuen, Kwan Yin Chan:
O-Ring and K-Star: Efficient Multi-party Private Set Intersection.
Social Issues IV
- Shuofeng Liu, Zihan Wang, Minhui Xue, Long Wang, Yuanchao Zhang, Guangdong Bai:
Being Transparent is Merely the Beginning: Enforcing Purpose Limitation with Polynomial Approximation. - Braden L. Crimmins, Dhanya Narayanan, Drew Springall, J. Alex Halderman:
DVSorder: Ballot Randomization Flaws Threaten Voter Privacy. - Yifan Zhang, Zhaojie Hu, Xueqiang Wang, Yuhui Hong, Yuhong Nan, XiaoFeng Wang, Jiatao Cheng, Luyi Xing:
Navigating the Privacy Compliance Maze: Understanding Risks with Privacy-Configurable Mobile SDKs. - Abhinaya S. B., Aafaq Sabir, Anupam Das:
Enabling Developers, Protecting Users: Investigating Harassment and Safety in VR.
IoT and CPS
- Yi He, Yunchao Guan, Ruoyu Lun, Shangru Song, Zhihao Guo, Jianwei Zhuge, Jianjun Chen, Qiang Wei, Zehui Wu, Miao Yu, Hetian Shi, Qi Li:
Demystifying the Security Implications in IoT Device Rental Services. - Syed Ghazanfar Abbas, Muslum Ozgur Ozmen, Abdulellah Alsaheel, Arslan Khan, Z. Berkay Celik, Dongyan Xu:
SAIN: Improving ICS Attack Detection Sensitivity via State-Aware Invariants. - Yujie Wang, Ao Li, Jinwen Wang, Sanjoy K. Baruah, Ning Zhang:
Opportunistic Data Flow Integrity for Real-time Cyber-physical Systems Using Worst Case Execution Time Reservation. - Mahmoud Ammar, Ahmed Abdelraoof, Silviu Vlasceanu:
On Bridging the Gap between Control Flow Integrity and Attestation Schemes.
Crypto VIII: Side Channel
- Michal Shagam, Eyal Ronen:
Windows into the Past: Exploiting Legacy Crypto in Modern OS's Kerberos Implementation. - Robin Leander Schröder, Stefan Gast, Qian Guo:
Divide and Surrender: Exploiting Variable Division Instruction Timing in HQC Key Recovery Attacks. - Martin Dunsche, Marcel Maehren, Nurullah Erinola, Robert Merget, Nicolai Bissantz, Juraj Somorovsky, Jörg Schwenk:
With Great Power Come Great Side Channels: Statistical Timing Side-Channel Analyses with Bounded Type-1 Errors. - Marcel Fourné, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, Yasemin Acar:
"These results must be false": A usability evaluation of constant-time analysis tools.
Web Security III: XSS and PHP
- Robin Kirchner, Jonas Möller, Marius Musch, David Klein, Konrad Rieck, Martin Johns:
Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting. - Eric Olsson, Benjamin Eriksson, Adam Doupé, Andrei Sabelfeld:
Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS. - Rasoul Jahanshahi, Manuel Egele:
Argus: All your (PHP) Injection-sinks are belong to us. - Malte Wessels, Simon Koch, Giancarlo Pellegrino, Martin Johns:
SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications.
ML X: Privacy Inference II
- Guangsheng Zhang, Bo Liu, Huan Tian, Tianqing Zhu, Ming Ding, Wanlei Zhou:
How Does a Deep Learning Model Architecture Impact Its Privacy? A Comprehensive Study of Privacy Attacks on CNNs and Transformers. - Jérémie Dentan, Arnaud Paran, Aymen Shabou:
Reconstructing training data from document understanding models. - Edoardo Debenedetti, Giorgio Severi, Milad Nasr, Christopher A. Choquette-Choo, Matthew Jagielski, Eric Wallace, Nicholas Carlini, Florian Tramèr:
Privacy Side Channels in Machine Learning Systems. - Shuaifan Jin, He Wang, Zhibo Wang, Feng Xiao, Jiahui Hu, Yuan He, Wenwen Zhang, Zhongjie Ba, Weijie Fang, Shuhong Yuan, Kui Ren:
FaceObfuscator: Defending Deep Learning-based Privacy Attacks with Gradient Descent-resistant Features in Face Recognition.
Security Analysis V: ML
- Yunjie Ge, Qian Wang, Huayang Huang, Qi Li, Cong Wang, Chao Shen, Lingchen Zhao, Peipei Jiang, Zheng Fang, Shenyi Zhang:
Hijacking Attacks against Neural Network by Analyzing Training Data. - Jian Liu, Rui Zhang, Sebastian Szyller, Kui Ren, N. Asokan:
False Claims against Model Ownership Resolution. - Benedikt Lorch, Rainer Böhme:
Landscape More Secure Than Portrait? Zooming Into the Directionality of Digital Images With Security Implications. - Trishita Tiwari, Suchin Gururangan, Chuan Guo, Weizhe Hua, Sanjay Kariyappa, Udit Gupta, Wenjie Xiong, Kiwan Maeng, Hsien-Hsin S. Lee, G. Edward Suh:
Information Flow Control in Machine Learning through Modular Model Architecture.
Cryptographic Protocols III
- Hanjun Li, Sela Navot, Stefano Tessaro:
POPSTAR: Lightweight Threshold Reporting with Reduced Leakage. - Marco Palazzo, Florine W. Dekker, Alessandro Brighente, Mauro Conti, Zekeriya Erkin:
Privacy-Preserving Data Aggregation with Public Verifiability Against Internal Adversaries. - Guy N. Rothblum, Eran Omri, Junye Chen, Kunal Talwar:
PINE: Efficient Verification of a Euclidean Norm Bound of a Secret-Shared Vector. - Seonyoung Cheon, Yongwoo Lee, Dongkwan Kim, Ju Min Lee, Sunchul Jung, Taekyung Kim, Dongyoon Lee, Hanjun Kim:
DaCapo: Automatic Bootstrapping Management for Efficient Fully Homomorphic Encryption.
Measurement VII: Auditing and Best Practices II
- Miranda Wei, Jaron Mink, Yael Eiger, Tadayoshi Kohno, Elissa M. Redmiles, Franziska Roesner:
SoK (or SoLK?): On the Quantitative Study of Sociodemographic Factors and Computer Security Behaviors. - Swaathi Vetrivel, Brennen Bouwmeester, Michel van Eeten, Carlos Hernandez Gañán:
IoT Market Dynamics: An Analysis of Device Sales, Security and Privacy Signals, and their Interactions. - Aksel Ethembabaoglu, Rolf van Wegberg, Yury Zhauniarovich, Michel van Eeten:
The Unpatchables: Why Municipalities Persist in Running Vulnerable Hosts.
Hardware Security V: Embedded
- Jiaxu Zhao, Yuekang Li, Yanyan Zou, Zhaohui Liang, Yang Xiao, Yeting Li, Bingwei Peng, Nanyu Zhong, Xinyi Wang, Wei Wang, Wei Huo:
Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded Systems. - Chongqing Lei, Zhen Ling, Yue Zhang, Yan Yang, Junzhou Luo, Xinwen Fu:
A Friend's Eye is A Good Mirror: Synthesizing MCU Peripheral Models from Peripheral Drivers. - Efrén López-Morales, Ulysse Planta, Carlos E. Rubio-Medrano, Ali Abbasi, Alvaro A. Cárdenas:
SoK: Security of Programmable Logic Controllers. - Wil Gibbs, Arvind S. Raj, Jayakrishna Menon Vadayath, Hui Jun Tay, Justin Miller, Akshay Ajayan, Zion Leonahenahe Basque, Audrey Dutcher, Fangzhou Dong, Xavier J. Maso, Giovanni Vigna, Christopher Kruegel, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang:
Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services.
System Security V: Memory II
- Erin Avllazagaj, Yonghwi Kwon, Tudor Dumitras:
SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation. - Lukas Lamster, Martin Unterguggenberger, David Schrammel, Stefan Mangard:
Voodoo: Memory Tagging, Authenticated Encryption, and Error Correction through MAGIC. - Zheng Yu, Ganxiang Yang, Xinyu Xing:
ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization. - Rahul George, Mingming Chen, Kaiming Huang, Zhiyun Qian, Thomas La Porta, Trent Jaeger:
OPTISAN: Using Multiple Spatial Error Defenses to Optimize Stack Memory Protection within a Budget.
User Studies VIII: Cryptography
- Konstantin Fischer, Ivana Trummová, Phillip Gajland, Yasemin Acar, Sascha Fahl, M. Angela Sasse:
The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts. - Leona Lassak, Elleen Pan, Blase Ur, Maximilian Golla:
Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication. - Nicolas Huaman, Jacques Suray, Jan H. Klemmer, Marcel Fourné, Sabrina Amft, Ivana Trummová, Yasemin Acar, Sascha Fahl:
"You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards. - Sandra Höltervennhoff, Noah Wöhler, Arne Möhle, Marten Oltrogge, Yasemin Acar, Oliver Wiese, Sascha Fahl:
A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service.
ML XI: Physical Adversarial Attacks
- Meng Chen, Xiangyu Xu, Li Lu, Zhongjie Ba, Feng Lin, Kui Ren:
Devil in the Room: Triggering Audio Backdoors in the Physical World. - Kun Wang, Xiangyu Xu, Li Lu, Zhongjie Ba, Feng Lin, Kui Ren:
FraudWhistler: A Resilient, Robust and Plug-and-play Adversarial Example Detection Method for Speaker Recognition. - Tianyue Zheng, Jingzhi Hu, Rui Tan, Yinqian Zhang, Ying He, Jun Luo:
pi-Jack: Physical-World Adversarial Attack on Monocular Depth Estimation with Perspective Hijacking. - Shenchen Zhu, Yue Zhao, Kai Chen, Bo Wang, Hualong Ma, Cheng'an Wei:
AE-Morpher: Improve Physical Robustness of Adversarial Objects against LiDAR-based Detectors via Object Reconstruction.
Software Security + ML 2
- Shigang Liu, Di Cao, Junae Kim, Tamas Abraham, Paul Montague, Seyit Camtepe, Jun Zhang, Yang Xiang:
EaTVul: ChatGPT-based Evasion Attack Against Software Vulnerability Detection. - Miaomiao Shao, Yuxin Ding:
FVD-DPM: Fine-grained Vulnerability Detection via Conditional Diffusion Probabilistic Models. - Xiang Ling, Zhiyu Wu, Bin Wang, Wei Deng, Jingzheng Wu, Shouling Ji, Tianyue Luo, Yanjun Wu:
A Wolf in Sheep's Clothing: Practical Black-box Adversarial Attacks for Evading Learning-based Windows Malware Detection in the Wild.
Crypto IX: Attacks
- Alexander Hoover, Ruth Ng, Daren Khu, Yao'an Li, Joelle Lim, Derrick Ng, Jed Lim, Yiyang Song:
Leakage-Abuse Attacks Against Structured Encryption for SQL. - Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, Adam Suhl:
RADIUS/UDP Considered Harmful. - Qian Guo, Denis Nabokov, Elias Suvanto, Thomas Johansson:
Key Recovery Attacks on Approximate Homomorphic Encryption with Non-Worst-Case Noise Flooding Countermeasures. - Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk:
Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation.
a service of 
manage site settings
To protect your privacy, all features that rely on external API calls from your browser are turned off by default. You need to opt-in for them to become active. All settings here will be stored as cookies with your web browser. For more information see our F.A.Q.
last updated on 2024-08-25 18:59 CEST by the dblp team
all metadata released as open data under CC0 1.0 license
see also: Terms of Use | Privacy Policy | Imprint
dblp was originally created in 1993 at:
since 2018, dblp has been operated and maintained by:
the dblp computer science bibliography is funded and supported by:
