29thUSENIXSecuritySymposium 2020 Aug. 12, 2020 to Aug. 14, 2020, Berkeley, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
A Formal Analysis of IEEE 802.11's WPA2: Countering the Kracks Caused by Cracking the Counters Cas Cremers , Benjamin Kiesl , And Niklas Medinger The IEEE 802.11 WPA2 protocol is widely used across the globe to protect network connections. ...
Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets Jan Classen , Secure Lab , Tu Gringoli , Dept. Engineering , University Hollick , Tu Darmstadt Wireless communication standards and implementations have a troubled history regarding security. Since most implementations and ...
Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks Jian Weng , Xinwen Fu , Yier Jin , Yue Zhang , Rajib Dey , Dhiqiang Lin To defeat security threats such as man-in-the-middle (MITM) attacks, Bluetooth Low Energy (BLE) 4.2 and ...
You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFi Bo Luo , Jun Ma , Lingjing Yu , Zhaoyu Liu With the rapid growth of mobile devices and WiFi hotspots, security risks arise. In practice, ...
Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE David Rupprecht , Christina Pöpper , Katharina Kohls , And Thorsten Holz Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term ...
A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web Elissa M. Redmiles , Sean Kross , Noel Warford , Amritha Jayanti , Aravind Koneru , Miraida Morales , Rock Mazurek End users learn defensive security behaviors from a variety of channels, including a plethora of ...
Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It Michelle l. Mazurek , James Parker , Daniel Votipka , Kelsey R. Fulton , Matthew Hou , And Michael Hicks Secure software development is a challenging task requiring consideration of many possible threats and mitigations. ...
Empirical Measurement of Systemic 2FA Usability Serge Egelman , Joshua Mason , Michael Bailey , Joshua Reynolds , Nikita Samarin , Joseph Barnes , Taylor Judd Two-Factor Authentication (2FA) hardens an organization against user account compromise, but adds an extra step ...
What Twitter Knows: Characterizing Ad Targeting Practices, User Perceptions, and Ad Explanations Through Users' Own Twitter Data Michelle l. Mazurek , Miranda Wei , Madison Stamos , Sophie Veys , Nathan Reitinger , Justin Goodman , Margot Herman , Dorota Filipczuk , Ben Weinshel Although targeted advertising has drawn significant attention from privacy researchers, many critical empirical questions remain. ...
The Impact of Ad-Blockers on Product Search and Purchase Behavior: A Lab Experiment Alessandro Acquisti , Alisa Frik , Amelia Haviland Ad-blocking applications have become increasingly popular among Internet users. Ad-blockers offer various privacy- and security-enhancing ...
Symbolic execution with SymCC: Don't interpret, compile! Sebastian Francillon A major impediment to practical symbolic execution is speed, especially when compared to near-native speed ...
Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code Dawson Engler , Deian Stefan , Fraser Brown N/A
Everything Old is New Again: Binary Security of WebAssembly Daniel Lehmann , Johannes Kinder , Michael Pradel WebAssembly is an increasingly popular compilation target designed to run code in browsers and on ...
AURORA: Statistical Crash Analysis for Automated Root Cause Explanation Ali Abbasi , Cornelius Aschermann , Tim Blazytko , Moritz Schlögel , Joel Frank , Simon Holz Given the huge success of automated software testing techniques, a large amount of crashes is ...
SmartVerif: Push the Limit of Automation Capability of Verifying Security Protocols by Dynamic Strategies Fuyou Miao , Wenchao Huang , Yan Xiong , Cheng Su , Wansen Wang , And Hengyi Ouyang Current formal approaches have been successfully used to find design flaws in many security protocols. ...
BigMAC: Fine-Grained Policy Analysis of Android Firmware Grant Hernandez , Dave (jing) Tian , Anurag Swarnim Yadav , Byron J. Williams , And Butler The Android operating system is the world's dominant mobile computing platform. To defend against malicious ...
From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security Sascha Fahl , Charles Weir , Ben Hermann Increasingly mobile device users are being hurt by security or privacy issues with the apps ...
FANS: Fuzzing Android Native System Services via Automated Interface Analysis Guang Gong , Jianwei Zhuge , Baozheng Liu , Zhang , Yishun Zeng , Haifeng Ruan Android native system services provide essential supports and fundamental functionalities for user apps. Finding vulnerabilities ...
Chaperone: Real-time Locking and Loss Prevention for Smartphones Mohammad Mannan , Urs Hengartner , Hassan Khan , Jiayi Chen Smartphone loss affects millions of users each year and causes significant monetary and data losses. ...
Towards HTTPS Everywhere on Android: We Are Not There Yet Yanick Fratantonio , Andrea Possemato Nowadays, virtually all mobile apps rely on communicating with a network backend. Given the sensitive ...
Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale Adam Doupe , Brad Wardman , Gail-joon Ahn , Kurt Thomas , Eric Nunes , Ali Zand , Adam Oest , Penghui Zhang , Jakub Burgis Despite an extensive anti-phishing ecosystem, phishing attacks continue to capitalize on gaps in detection to ...
PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists Adam Doupe , Brad Wardman , Gail-joon Ahn , Kevin Tyers , Yan Shoshitaishvili , Yeganeh Safaei , Adam Oest , Penghui Zhang Due to their ubiquity in modern web browsers, anti-phishing blacklists are a key defense against ...
Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis Bradley Reaves , Sathvik Prasad , Elijah Bouma-sims , Athishay Kiran Mylappan Unsolicited calls are one of the most prominent security issues facing individuals today. Despite wide-spread ...
See No Evil: Phishing for Permissions with False Transparency Guliz Seray Tuncay , Jingyu Gunter Android introduced runtime permissions in order to provide users with more contextual information to make ...
A different cup of TI? The added value of commercial threat intelligence Christian Doerr , Michel Van Eeten , Bram Klievink , Harm Griffioen , Xander Bouwman , Jelle Egbers Commercial threat intelligence is thought to provide unmatched coverage on attacker behavior, but it is ...
HybCache: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments Tommaso Frassetto , Ghada Dessouky , And Ahmad-reza Sadeghi Modern multi-core processors share cache resources for maximum cache utilization and performance gains. However, this ...
CopyCat: Controlled Instruction-Level Attacks on Enclaves University of California , Daniel Moghimi , Worcester Bulck , Ku Heninger , San Diego , Ca , Usa; Frank Piessens , Ku Sunar , Worcester Polytechnic Institute The adversarial model presented by trusted execution environments (TEEs) has prompted researchers to investigate unusual ...
An Off-Chip Attack on Hardware Enclaves via the Memory Bus Raluca Ada Popa , Chia-che Tsai , Dayeol Lee , Dongha Jung , Sk Hynix , Ian T. Fang This paper shows how an attacker can break the confidentiality of a hardware enclave with ...
Civet: An Efficient Java Partitioning Framework for Hardware Enclaves Raluca Ada Popa , Bhushan Jain , Chia-che Tsai , Donald E. Porter , Jeongseok Son , John Mcavey Hardware enclaves are designed to execute small pieces of sensitive code or to operate on ...
BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof Shweta Shinde , Shengyi Wang , Pinghai Yuan , Aquinas Hobor , Abhik Saxena New trusted computing primitives such as Intel SGX have shown the feasibility of running user-level ...
EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet Markus Legner , Tobias Klenze , Marc Wyss , Christoph Perrig An exciting insight of recent networking research has been that path-aware networking architectures are able ...
ShadowMove: A Stealthy Lateral Movement Strategy Jinpeng Wei , Amirreza Niakanlahiji , Md Rabbi Alam , Qingyang Wang , Bei-tseng Chu Advanced Persistence Threat (APT) attacks use various strategies and techniques to move laterally within an ...
Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices Shuang Hao , Haixin Duan , Zhiyun Qian , Xiaofeng Zheng , Baojun Liu , Chaoyi Lu , Jian Peng , Qiushi Yang , Dongjie Zhou , Keyu Man In today's DNS infrastructure, DNS forwarders are devices standing in between DNS clients and recursive ...
Programmable In-Network Security for Context-aware BYOD Policies Xiapu Luo , Ang Chen , Adam Morrison , Lei Xue , Qiao Kang , Yuxin Tang Bring Your Own Device (BYOD) has become the new norm for enterprise networks, but BYOD ...
A Longitudinal and Comprehensive Study of the DANE Ecosystem in Email Roland Van Rijswijk-deij , Taejoong Chung , Hyeonmin Lee , Aniketh Gireesh , Amrita Vishwa Vidyapeetham , Taekyoung "ted" Kwon The DNS-based Authentication of Named Entities (DANE) standard allows clients and servers to establish a ...
NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities Yehuda Afek , Anat Bremler-barr , Lior Shafir This paper exposes a new vulnerability and introduces a corresponding attack, the NoneXistent Name Server ...
Shim Shimmeny: Evaluating the Security and Privacy Contributions of Link Shimming in the Modern Web Frank h. Li Link shimming (also known as URL wrapping) is a technique widely used by websites, where ...
Cached and Confused: Web Cache Deception in the Wild Bruno Crispo , Kaan Onarlioglu , Sajjad Arshad , Seyed Ali Mirheidari , Engin Robertson Web cache deception (WCD) is an attack proposed in 2017, where an attacker tricks a ...
A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web Michael Backes , Ben Stock , Stefano Calzavara , Alvise Rabitti , Sebastian Roth Click-jacking protection on the modern Web is commonly enforced via client-side security mechanisms for framing ...
Retrofitting Fine Grain Isolation in the Firefox Renderer Tal Garfinkel , Hovav Shacham , Deian Stefan , Sorin Lerner , Nathan Froyd , Craig Disselkoen , Shravan Narayan , Eric Rahm Firefox and other major browsers rely on dozens of third-party libraries to render audio, video, ...
Zero-delay Lightweight Defenses against Website Fingerprinting Jiajun Wang Website Fingerprinting (WF) attacks threaten user privacy on anonymity networks because they can be used ...
Achieving Keyless CDNs with Conclaves Dave Levin , Christina Garman , Stephen Herwig Content Delivery Networks (CDNs) serve a large and increasing portion of today’s web content. Beyond ...
SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients Fabian Rossow Network administrators face a security-critical dilemma. While they want to tightly contain their hosts, they ...
APEX: A Verified Architecture for Proofs of Execution on Remote Devices under Full Software Compromise Gene Tsudik , Karim Eldefrawy , Ivan Nunes , Norrathep Rattanavipanon Modern society is increasingly surrounded by, and is growing accustomed to, a wide range of ...
PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation Hayawardh Vijayakumar , Michael Grace , Lee Harrison , Koushik Sen , Rohan Padhye ARM's TrustZone technology is the basis for security of billions of devices worldwide, including Android ...
PHMon: A Programmable Hardware Monitor and Its Security Use Cases Leila Delshadtehrani , Sadullah Canakci , Boyou Zhou , Schuyler Eldridge , Ajay Joshi , And Manuel Egele There has been a resurgent trend in the industry to enforce a variety of security ...
Horizontal Privilege Escalation in Trusted Applications Stephen Mclaughlin , Radu Sion , Darius Suciu Trusted Execution Environments (TEEs) use hardware-based isolation to guard sensitive data from conventional monolithic OSes. ...
TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves Michael Rodler , Tobias Cloosters , And Lucas Davi Intel's Software Guard Extensions (SGX) introduced new instructions to switch the processor to enclave mode ...
The 2020 Election: Remote Voting, Disinformation, and Audit Alex Halderman , Ben Adida , Vanessa Teague By all accounts, the 2020 election will be historic. Perhaps the most emotionally charged election ...
Stealthy Tracking of Autonomous Vehicles with Cache Side Channels Andrew C. Myers , Mulong Luo , And Suh Autonomous vehicles are becoming increasingly popular, but their reliance on computer systems to sense and ...
Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor Attack and Countermeasures Z. Morley Mao , Qi Alfred Chen , Jiachen Sun , Yulong Cao Perception plays a pivotal role in autonomous driving systems, which utilizes onboard sensors like cameras ...
SAVIOR: Securing Autonomous Vehicles with Robust Physical Invariants Alvaro A. Cárdenas , Zhiqiang Lin , Jairo Giraldo , Raul Quinonez , Luis Salazar , Santa Bauman Autonomous Vehicles (AVs), including aerial, sea, and ground vehicles, assess their environment with a variety ...
From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAY Xiangyu Zhang , Taegyu Kim , Dave (jing) Tian , Chung Hwan Kim , Altay Ozen , Fan Fei , Zhan Tu , Xinyan Deng , And Dongyan Xu With wide adoption of robotic aerial vehicles (RAVs), their accidents increasingly occur, calling for in-depth ...
Drift with Devil: Security of Multi-Sensor Fusion based Localization in High-Level Autonomous Driving under GPS Spoofing And Gwo-dong Chen , Junjie Shen , Jun Yeon Won , Zeyuan Chen For high-level Autonomous Vehicles (AV), localization is highly security and safety critical. One direct threat ...
Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT Zhiqiang Lin , Qi Alfred Chen , Haohuang Wen With the growing trend of the Internet of Things, a large number of wireless OBD-II ...
PCKV: Locally Differentially Private Correlated Key-Value Data Collection with Optimized Utility Yueqiang Cheng , Ming Li , Li Xiong , Yang Cao , Xiaolan Gu Data collection under local differential privacy (LDP) has been mostly studied for homogeneous data. Real-world ...
Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck Kapil Singh , Serge Egelman , William Enck , Benjamin Andow , Samin Yaseer Mahmud , Justin Whitaker , And Bradley Reaves None
Walking Onions: Scaling Anonymity Networks while Protecting Users Nick Mathewson , Ian Goldberg , Chelsea H. Komlo Scaling anonymity networks offers unique security challenges, as attackers can exploit differing views of the ...
Differentially-Private Control-Flow Node Coverage for Software Usage Analysis Hailong Zhang , Sufian Latif , Raef Bassily , And Atanas Rountev There are significant privacy concerns about the collection of usage data from deployed software. We ...
Visor: Privacy-Preserving Video Analytics as a Cloud Service Raluca Ada Popa , Ganesh Ananthanarayanan , Srinath Setty , Rishabh Poddar , And Stavros Volos Video-analytics-as-a-service is becoming an important offering for cloud providers. A key concern in such services ...
DELF: Safeguarding deletion correctness in Online Social Networks Paul Pearce , Ioannis Papagiannis , Katriel Cohn-gordon , Georgios Damaskinos , Divino Neto , Joshi Cordova , Benoît Reitz , Benjamin Strahs , Daniel Obenshain Deletion is a core facet of Online Social Networks (OSNs). For users, deletion is a ...
Datalog Disassembly Antonio Schulte Disassembly is fundamental to binary analysis and rewriting. We present a novel disassembly technique that ...
KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities Weiteng Chen , Xiaochen Zou , Guoren Li , And Zhiyun Qian The monolithic nature of modern OS kernels leads to a constant stream of bugs being ...
Automatic Techniques to Systematically Discover New Heap Exploitation Primitives Taesoo Kim , Insu Yun , Dhaval Kapil Exploitation techniques to abuse metadata of heap allocators have been widely studied because of their ...
The Industrial Age of Hacking W. Michael Petullo , Timothy Nosco , Jared Ziegler , Zechariah Clark , Davy Marrero , Todd Finkler , Andrew Barbarello There is a cognitive bias in the hacker community to select a piece of software ...
BScout: Direct Whole Patch Presence Test for Java Executables Xinyu Xing , Yuan Zhang , Min Yang , Zhemin Yang , Xiaohan Zhang , Jiarun Dai , Zheyue Jiang , Yingtian Zhou , Junyan Chen , Xin Tan To protect end-users and software from known vulnerabilities, it is crucial to apply security patches ...
MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures Yang Liu , Feng Li , Wenchang Shi , Wei Zou , Wei Huo , Yang Xiao , Bihuan Chen , Chendong Yu , Zhengzi Xu , Zimu Yuan , Binghong Liu Recurring vulnerabilities widely exist and remain undetected in real-world systems, which are often resulted from ...
Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation Xiaofeng Wang , Yuqing Zhang , Hai Jin , Deqing Zou , Luyi Xing , Yan Jia , Bin Yuan , Dongfang Zhao IoT clouds facilitate the communication between IoT devices and users, and authorize users’ access to ...
HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation Mathias Payer , Christopher Kruegel , Giovanni Vigna , Eric Gustafson , Saurabh Bagchi , David Fritz , Abraham A Clements , Tobias Scharnowski , Paul Grosen Given the increasing ubiquity of online embedded devices, analyzing their firmware is important to security, ...
Silhouette: Efficient Protected Shadow Stacks for Embedded Systems John Criswell , Zhuojia Shen , Jie Zhou , Yufei Du , Lele Ma , Robert J. Walls Microcontroller-based embedded systems are increasingly used for applications that can have serious and immediate consequences ...
P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling Bo Feng , Alejandro Mera , And Long Lu Dynamic testing or fuzzing of embedded firmware is severely limited by hardware-dependence and poor scalability, ...
COUNTERFOIL: Verifying Provenance of Integrated Circuits using Intrinsic Package Fingerprints and Inexpensive Cameras Xiang Li , Siva Nishok Dhanuskodi , And Daniel Holcomb Counterfeit integrated circuits are responsible for billions of dollars in losses to the semiconductor industry ...
Hall Spoofing: A Non-Invasive DoS Attack on Grid-Tied Solar Inverter Anomadarshi Faruque Grid-tied solar inverters continue to proliferate rapidly to tackle the growing environmental challenges. Nowadays, different ...
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Michael Backes , Ahmed Salem , Apratim Bhattacharya , Mario Zhang Machine learning (ML) has progressed rapidly during the past decade and the major factor that ...
Exploring Connections Between Active Learning and Model Extraction Somesh Jha , Irene Giacomelli , Varun Chandrasekaran , Kamalika Chaudhuri , Songbai Yan Machine learning is being increasingly used by individuals, research institutions, and corporations. This has resulted ...
Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries Fnu Suya , Jianfeng Chi , David Tian We study adversarial examples in a black-box setting where the adversary only has API access ...
High Accuracy and High Fidelity Extraction of Neural Networks Nicholas Carlini , Matthew Jagielski , David Berthelot , Alex Papernot In a model extraction attack, an adversary steals a copy of a remotely deployed machine ...
Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning Daniel Arp , Erwin Quiring , Martin Rieck , David Klein Machine learning has made remarkable progress in the last years, yet its success has been ...
TextShield: Robust Text Classification Based on Multimodal Embedding and Neural Machine Translation Ting Wang , Shouling Ji , Min Yang , Rong Zhang , Jinfeng Li , Tianyu Du , Quan Lu Text-based toxic content detection is an important tool for reducing harmful interactions in online social ...
Data Recovery from “Scrubbed” NAND Flash Storage: Need for Analog Sanitization Md Ray Digital sanitization of flash based non-volatile memory system is a well-researched topic. Since flash memory ...
PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems Jared M. Smith , R. Joseph Connor , Tyler Mcdaniel , And Max Schuchard Intra-process memory isolation can improve security by enforcing least-privilege at a finer granularity than traditional ...
Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis Berk Sunar , Moritz Lipp , Michael Schwarz , Daniel Moghimi In May 2019, a new class of transient execution attack based on Meltdown called microarchitectural ...
V0LTpwn: Attacking x86 Processor Integrity from Software Ahmad-reza Sadeghi , Michael Franz , Tommaso Frassetto , David Gens , Zijo Kenjar Fault-injection attacks have been proven in the past to be a reliable way of bypassing ...
DeepHammer: Depleting the Intelligence of Deep Neural Networks through Targeted Chain of Bit Flips Fan Yao , Adnan Siraj Rakin , Deliang Fan Security of machine learning is increasingly becoming a major concern due to the ubiquitous deployment ...
SpecFuzz: Bringing Spectre-type vulnerabilities to the surface Christof Fetzer , Mark Silberstein , Oleksii Oleksenko , Bohdan Trach SpecFuzz is the first tool that enables dynamic testing for speculative execution vulnerabilities (e.g., Spectre). ...
Digital Contact Tracing Moti Yung , Carmela Troncoso , Stefano Tessaro , Carly Kind , Ciro Cattuto COVID-19 pandemic, caused by the severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) resulted in many ...
Security Analysis of Unified Payments Interface and Payment Apps in India Renuka Kumar , Sreesh Kishore , Hao Prakash Since 2016, with a strong push from the Government of India, smartphone-based payment apps have ...
Cardpliance: PCI DSS Compliance of Android Applications Benjamin Andow , Samin Yaseer Mahmud , Akhil Acharya , William Reaves Smartphones and their applications have become a predominant way of computing, and it is only ...
The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections Michael A. Specter , James Koppel , And Daniel Weitzner In the 2018 midterm elections, West Virginia became the first state in the U.S. to ...
VoteAgain: A scalable coercion-resistant voting system Carmela Troncoso , Wouter Lueks , Iñigo Querejeta-azurmendi The strongest threat model for voting systems considers coercion resistance: protection against coercers that force ...
Boxer: Preventing fraud by scanning credit cards Yong Jae Lee , Steven Liu , Weisu Yin , Zainul Abi Din , Hari Venugopalan , Jaime Park , Andy Li , Samuel T. King , Haohui Mai Card-not-present credit card fraud costs businesses billions of dollars a year. In this paper, we ...
Fawkes: Protecting Privacy against Unauthorized Deep Learning Models Haitao Zheng , Shawn Shan , Huiying Li , Emily Wenger , Jiayun Zhang , And Zhao Today's proliferation of powerful facial recognition systems poses a real threat to personal privacy. As ...
Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference Klas Fredrikson N/A
Local Model Poisoning Attacks to Byzantine-Robust Federated Learning Jinyuan Gong , Minghong Fang , Xiaoyu Cao In federated learning, multiple client devices jointly learn a machine learning model: each client device ...
Justinian's GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent Shouling Ji , Min Yang , Xudong Pan , Mi Zhang , Duocai Wu , Qifan Xiao The hidden vulnerability of distributed learning systems against Byzantine attacks has been investigated by recent ...
Interpretable Deep Learning under Fire Xiapu Luo , Ting Wang , Shouling Ji , Xinyang Zhang , Ningfei Wang , Hua Shen Providing explanations for deep neural network (DNN) models is crucial for their use in security-sensitive ...
Donky: Domain Keys – Efficient In-Process Isolation for RISC-V and x86 Michael Schwarz , Samuel Weiser , David Schrammel , Stefan Steinegger , Martin Schwarzl , Stefan Gruss Efficient and secure in-process isolation is in great demand, as evidenced in the shift towards ...
(Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization Haibo Chen , Zeyu Mi , Dingji Li , Binyu Guan Today’s cloud tenants are facing severe security threats such as compromised hypervisors, which forces a ...
DECAF: Automatic, Adaptive De-bloating and Hardening of COTS Firmware Radu Sion , Jake Christensen , Ionut Mugurel Anghel , Rob Taglang , Mihai Chiroiu Once compromised, server firmware can surreptitiously and permanently take over a machine and any stack ...
McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers Daniel J. Bernstein , Tanja Lange Recent results have shown that some post-quantum cryptographic systems have encryption and decryption performance comparable ...
Temporal System Call Specialization for Attack Surface Reduction Tapti Palit , Seyedhamed Ghavamnia , Shachee Polychronakis Attack surface reduction through the removal of unnecessary application features and code is a promising ...
Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations Raphael Spreitzer , Samuel Weiser , David Schrammel , Lukas Bodner Side-channel attacks exploiting (EC)DSA nonce leakage easily lead to full key recovery. Although (EC)DSA implementations ...
Estonian Electronic Identity Card: Security Flaws in Key Management Arnis Parsovs The Estonian electronic identity card (ID card) is considered to be one of the most ...
The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs Amir Moradi , Christof Paar , Maik Ender The security of FPGAs is a crucial topic, as any vulnerability within the hardware can ...
Automating the Development of Chosen Ciphertext Attacks Gabrielle Beck , Maximilian Zinkus , And Matthew Green In this work we investigate the problem of automating the development of adaptive chosen ciphertext ...
SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust Gaëtan Peyrin The SHA-1 hash function was designed in 1995 and has been widely used during two ...
A Spectral Analysis of Noise: A Comprehensive, Automated, Formal Analysis of Diffie-Hellman Protocols Cas Cremers , David Basin , Ralf Sasse , Lucca Hirschi , Guillaume Girol , Dennis Jackson The Noise specification describes how to systematically construct a large family of Diffie-Hellman based key ...
An Observational Investigation of Reverse Engineers’ Processes Jeffrey S. Foster , Michelle l. Mazurek , Kristopher Micinski , Daniel Votipka , Seth M. Rabin Reverse engineering is a complex process essential to software-security tasks such as vulnerability discovery and ...
The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums Damon Mccoy , Rachel Greenstadt , Nora Mcdonald , Emily Tseng , Rosanna Bellini , Matan Danos , Nicola Ristenpart Abusers increasingly use spyware apps, account compromise, and social engineering to surveil their intimate partners, ...
DatashareNetwork: A Decentralized Privacy-Preserving Search Engine for Investigative Journalists Wouter Lueks , Kasra Edalatnejad , Julien Pierre Martin , Soline Ledésert , Anne L'hôte , Bruno Thomas , Laurent Troncoso Investigative journalists collect large numbers of digital documents during their investigations. These documents can greatly ...
"I am uncomfortable sharing what I can't see": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications Apu Kapadia , Tousif Ahmed , Taslima Akter , Bryan Dosono , Bryan Semaan The emergence of camera-based assistive technologies has empowered people with visual impairments (VIP) to obtain ...
I have too much respect for my elders': Understanding South African Mobile Users' Perceptions of Privacy and Current Behaviors on Facebook and WhatsApp Marshini Chetty , Jake Reichel , Fleming Peck , Mikako Inaba , Bisrat Moges , Brahmnoor Singh Chawla Facebook usage is growing in developing countries, but we know little about how to tailor ...
RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks Thomas Eisenbarth , Samira Briongos , Pedro Malagón , José M. Moya Caches have become the prime method for unintended information extraction across logical isolation boundaries. They ...
Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections Wouter Joosen , Mathy Vanhoef , Tom Van Goethem , Christina Pöpper To perform successful remote timing attacks, an adversary typically collects a series of network timing ...
Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures Christopher W. Fletcher , Mengjia Yan , Josep Torrellas Deep Neural Networks (DNNs) are fast becoming ubiquitous for their ability to attain good accuracy ...
Certified Side Channels Cesar Pereida García , Billy Bob Brumley , Alejandro Cabrera Aldaya , Sohaib Ul Hassan , Nicola Tuveri , Iaroslav Gridin We demonstrate that the format in which private keys are persisted impacts Side Channel Analysis ...
NetWarden: Mitigating Network Covert Channels while Preserving Performance Qiao Kang , Jiarong Xing , And Ang Chen Network covert channels are an advanced threat to the security of distributed systems. Existing defenses ...
TPM-FAIL: TPM meets Timing and Lattice Attacks Thomas Eisenbarth , Nadia Heninger , Berk Sunar , Daniel Moghimi Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys ...
Scaling Verifiable Computation Using Efficient Set Accumulators Dan Boneh , Riad Wahby , Alex Ozdemir , Barry Whitehat Verifiable outsourcing systems offload a large computation to a remote server, but require that the ...
Pixel: Multi-signatures for Consensus Gregory Neven , Sergey Gorbunov , Hoeteck Wee , Manu Drijvers In Proof-of-Stake (PoS) and permissioned blockchains, a committee of verifiers agrees and sign every new ...
SANNS: Scaling Up Secure Approximate k-Nearest Neighbors Search Hao Chen , Ilaria Chillotti , Oxana Poburinnaya , Yihe Dong , Ilya Razenshteyn , M. Sadegh Riazi The k-Nearest Neighbor Search (k-NNS) is the backbone of several cloud-based services such as recommender ...
MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal zk-SNARKs Dawn Song , Charalampos Papamanthou , Ahmed E. Kosba , Dimitrios Papadopoulos The last few years have witnessed increasing interest in the deployment of zero-knowledge proof systems, ...
Secure Multi-party Computation of Differentially Private Median Jonas Kerschbaum In this work, we consider distributed private learning. For this purpose, companies collect statistics about ...
That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers Sean Ruoti Password managers have the potential to help users more effectively manage their passwords and address ...
Composition Kills: A Case Study of Email Sender Authentication Vern Paxson , Jian Jiang , Jianjun Chen Component-based software design is a primary engineering approach for building modern software systems. This programming ...
Detecting Stuffing of a User’s Credentials at Her Own Accounts Ke Reiter We propose a framework by which websites can coordinate to detect credential stuffing on individual ...
Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks Ziming Zhao , Jing Chen , Ruiying Du , Kun He , Cong Wu Fingerprint authentication has gained increasing popularity on mobile devices in recent years. However, it is ...
Human Distinguishable Visual Key Fingerprints Mozhgan Topkara Visual fingerprints are used in human verification of identities to improve security against impersonation attacks. ...
FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning Kai Chen , Peiyuan Zong , Tao Lv , Dawei Wang , Zizhuang Deng , Ruigang Liang Recently, directed grey-box fuzzing (DGF) becomes popular in the field of software testing. Different from ...
FuzzGen: Automatic Fuzzer Generation Mathias Payer , Vishwath Mohan , Kyriakos K. Ispoglou , Daniel Austin Fuzzing is a testing technique to discover unknown vulnerabilities in software. When applying fuzzing to ...
ParmeSan: Sanitizer-guided Greybox Fuzzing Herbert Bos , Kaveh Razavi , Sebastian Österlund , And Cristiano Giuffrida One of the key questions when fuzzing is where to look for vulnerabilities. Coverage-guided fuzzers ...
EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit Kai Lu , Pengfei Wang , Tai Yue , Yong Tang , Enze Wang , Bo Yu , And Xu Zhou Fuzzing is one of the most effective approaches for identifying security vulnerabilities. As a state-of-the-art ...
MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs Yang Liu , Hongxu Chen , Shengjian Guo , Yinxing Xue , Yulei Sui , Cen Zhang , Yuekang Li , Haijun Wang Grey-box fuzz testing has revealed thousands of vulnerabilities in real-world software owing to its lightweight ...
On Training Robust PDF Malware Classifiers Yizheng Chen , Shiqi Wang , Dongdong Jana Although state-of-the-art PDF malware classifiers can be trained with almost perfect test accuracy (99%) and ...
Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines Gang Wang , Limin Yang , Shuofei Zhu , Jianjun Shi , Boqin Qin , Ziyi Zhang , Linhai Song VirusTotal provides malware labels from a large set of anti-malware engines, and is heavily used ...
FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware Angelos Stavrou , Ryan Johnson , Chaoshun Zuo , Mohamed Elsabagh , Qingchuan Lin Android devices ship with pre-installed privileged apps in their firmware — some of which are ...
Automatic Hot Patch Generation for Android Kernels Zhi Wang , Yulong Zhang , Yang Liu , Liangzhao Xia , Chenfu Bao , Zhengzi Xu , Longri Zheng The rapid growth of the Android ecosystem has led to the fragmentation problem where a ...
iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Applications Tielei Wang , Yuan Tian , Minhui Xue , Haojin Zhu , Zhushou Tang , Ke Tang , Sen Chen , Muhammad Ikram Smartphone applications that listen for network connections introduce significant security and privacy threats for users. ...
SEAL: Attack Mitigation for Encrypted Databases via Adjustable Leakage Charalampos Papamanthou , Dimitrios Papadopoulos , Ioannis Demertzis , Saurabh Shintre Building expressive encrypted databases that can scale to large volumes of data while enjoying formal ...
Pancake: Frequency Smoothing for Encrypted Data Stores Thomas Ristenpart , Paul Grubbs , Anurag Khandelwal , Rachit Agarwal , Marie-sarah Lacharité , Lloyd Brown , Lucy Li We present PANCAKE, the first system to protect key-value stores from access pattern leakage attacks ...
Droplet: Decentralized Authorization and Access Control for Encrypted Data Streams Sylvia Ratnasamy , Hossein Shafagh , Lukas Burkhalter , Anwar Hithnawi This paper presents Droplet, a decentralized data access control service. Droplet enables data owners to ...
Secure parallel computation on national scale volumes of data S. Dov Gordon , Samuel Ranellucci , Sahar Mazloom , Phi Hung Le We revisit the problem of performing secure computation of graph-parallel algorithms, focusing on the applications ...
Delphi: A Cryptographic Inference Service for Neural Networks Wenting Zheng , Pratyush Mishra , Akshayaram Srinivasan , Ryan Lehmkuhl , And Popa Many companies provide neural network prediction services to users for a wide range of applications. ...
Analysis of DTLS Implementations Using Protocol State Fuzzing Juraj Somorovsky , Joeri De Ruiter , Paul Fiterau-brostean , Bengt Jonsson , Robert Merget , Konstantinos Sagonas Recent years have witnessed an increasing number of protocols relying on UDP. Compared to TCP, ...
Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints Brent ByungHoon Kang , Jean-pierre Seifert , Michael Franz , Dokyung Song , Felicitas Hetzelt , Jonghwan Kim Kernel-mode drivers are challenging to analyze for vulnerabilities, yet play a critical role in maintaining ...
USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation Hui Payer The Universal Serial Bus (USB) connects external devices to a host. This interface exposes the ...
GREYONE: Data Flow Sensitive Fuzzing Chao Zhang , Zuoning Chen , Shuitao Gan , Peng Chen , Bodong Zhao , Xiaojun Qin , Dong Wu Data flow analysis (e.g., dynamic taint analysis) has proven to be useful for guiding fuzzers ...
Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection Kangjie Lu , Shi-min Hu , Jia-ju Bai , Zu-ming Jiang Error handling code is often critical but difficult to test in reality. As a result, ...
Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer Suyoung Lee , Hyungseok Han , Sang Son JavaScript (JS) engine vulnerabilities pose significant security threats affecting billions of web browsers. While fuzzing ...
Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems Takeshi Sugawara , Sara Rampazzi , Benjamin Cyr , Daniel Fu We propose a new class of signal injection attacks on microphones by physically converting light ...
SkillExplorer: Understanding the Behavior of Skills in Large Scale Kai Chen , Zhixiu Guo , Zijin Lin , Pan Li Smart speakers have been popularly used around the world recently, mainly due to the convenience ...
Devil’s Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices Xiaofeng Wang , Kai Chen , Yuxuan Chen , Yue Zhao , Shengzhi Zhang , Jiangshan Zhang Recently studies show that adversarial examples (AEs) can pose a serious threat to a “white-box” ...
Void: A fast and light voice liveness detection system Hyoungshick Kim , Jun ho Huh , Muhammad Ejaz Ahmed , Il-youp Kwak , Iljoo Kim , Taekkyung Oh Due to the open nature of voice assistants' input channels, adversaries could easily record people's ...
Preech: A System for Privacy-Preserving Speech Transcription Kassem Fawaz , Shimaa Ahmed , Amrita Roy Chowdhury , And Parmesh Ramanathan New advances in machine learning have made Automated Speech Recognition (ASR) systems practical and more ...
BlockSci: Design and applications of a blockchain analysis platform Arvind Narayanan , Harry A. Kalodner , Kevin Lee , Steven Goldfeder , Malte Möser , Martin Plattner , Alishah Chator Analysis of blockchain data is useful for both scientific research and commercial applications. We present ...
Remote Side-Channel Attacks on Anonymous Transactions Dan Boneh , Kenny Paterson , Florian Tramèr Privacy-focused crypto-currencies, such as Zcash or Monero, aim to provide strong cryptographic guarantees for transaction ...
ETHBMC: A Bounded Model Checker for Smart Contracts Joel Frank , Cornelius Holz The introduction of smart contracts has significantly advanced the state-of-the-art in cryptocurrencies. Smart contracts are ...
TXSPECTOR: Uncovering Attacks in Ethereum from Transactions Xiaokuan Zhang , Mengya Zhang , Yinqian Lin The invention of Ethereum smart contract has enabled the blockchain users to customize computing logic ...
An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum Ecosystem Yinzhi Cao , Min Zhang , Zhemin Yang , Shunfan Zhou , Jie Xiang Smart contract security has drawn much attention due to many severe incidents with huge ether ...