USENIX Security 2022 Aug. 10, 2022 to Aug. 12, 2022, Boston, MA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Under the Hood of DANE Mismanagement in SMTP Hyeonmin Lee The DNS-based Authentication of Named Entities (DANE) is an Internet security protocol that enables a ... Measurement I: Network
Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change Requests Yi Tang With the recent report of erroneous content in 3GPP specifications leading to real-world vulnerabilities, attention ... Measurement I: Network
Exploring the Unchartered Space of Container Registry Typosquatting Guannan Liu With the increasing popularity of containerized applications, container registries have hosted millions of repositories that ... Measurement I: Network
Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots Brian Kondracki , Johnny Nikiforakis Since its creation, Certificate Transparency (CT) has served as a vital component of the secure ... Measurement I: Network
Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability Kyle Zeng The dynamic of the Linux kernel heap layout significantly impacts the reliability of kernel heap ... Kernel Security
In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authentication Sungbae Yoo , Jinbum Park , Seolheui Kim This paper presents an in-kernel, hardware-based control-flow integrity (CFI) protection, called PAL, that utilizes ARM's ... Kernel Security
Midas: Systematic Kernel TOCTTOU Protection Atri Bhattacharyya Double-fetch bugs are a plague across all major operating system kernels. They occur when data ... Kernel Security
LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution Jian Liu Linux kernel employs reference counters, which record the number of references to a shared kernel ... Kernel Security
Mining Node.js Vulnerabilities via Object Dependence Graph and Query Song Kang Node.js is a popular non-browser JavaScript platform that provides useful but sometimes also vulnerable packages. ... Web Security I: Vulnerabilities
Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces Jonathan Fuller , Ranjita Pai Kasturi , Yiting Sun , Omar Chabklo , Andres Rodriguez , Jeman Saltaformaggio Modern websites owe most of their aesthetics and functionalities to Content Management Systems (CMS) plugins, ... Web Security I: Vulnerabilities
Web Cache Deception Escalates! Seyed Ali Mirheidari Web Cache Deception (WCD) tricks a web cache into erroneously storing sensitive content, thereby making ... Web Security I: Vulnerabilities
FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities Sunnyeo Kim A PHP object injection (POI) vulnerability is a security-critical bug that allows the remote code ... Web Security I: Vulnerabilities
TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries Marcel Nieting Although the newest versions of TLS are considered secure, flawed implementations may undermine the promised ... Crypto I: Attacking Implementations
Open to a fault: On the passive compromise of TLS keys via transient errors George Arnold Sullivan It is well known in the cryptographic literature that the most common digital signature schemes ... Crypto I: Attacking Implementations
Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design Alon Shakevsky , Eyal Wool ARM-based Android smartphones rely on the TrustZone hardware support for a Trusted Execution Environment (TEE) ... Crypto I: Attacking Implementations
Breaking Bridgefy, again: Adopting libsignal is not enough Martin R. Albrecht Bridgefy is a messaging application that uses Bluetooth-based mesh networking. Its developers and others have ... Crypto I: Attacking Implementations
"I feel invaded, annoyed, anxious and I may protect myself": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country Kovila Mehrnezhad Online tracking is a primary concern for Internet users, yet previous research has not found ... User Studies I: At-Risk Users
"Like Lesbians Walking the Perimeter": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice Christine Harris Given stigma and threats surrounding being gay or transgender, LGBTQ+ folks often seek support and ... User Studies I: At-Risk Users
"They Look at Vulnerability and Use That to Abuse You'': Participatory Threat Modelling with Migrant Domestic Workers Julia Cho The needs of marginalised groups like migrant domestic workers (MDWs) are often ignored in digital ... User Studies I: At-Risk Users
Networks of Care: Tech Abuse Advocates' Digital Security Practices Julia Slupska As technology becomes an enabler of relationship abuse and coercive control, advocates who support survivors ... User Studies I: At-Risk Users
How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes Nikolaos Alexopoulos , Manuel Brack , Jan Philipp Wagner , Tim Mühlhäuser How long do vulnerabilities live in the repositories of large, evolving projects? Although the question ... Software Vulnerabilities
Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits Octavian Suciu Assessing the exploitability of software vulnerabilities at the time of disclosure is difficult and error-prone, ... Software Vulnerabilities
OS-Aware Vulnerability Prioritization via Differential Severity Analysis Qiushi Wu The Linux kernel is quickly evolving and extensively customized. This results in thousands of versions ... Software Vulnerabilities
Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs Jayakrishna Vadayath In spite of their effectiveness in the context of vulnerability discovery, current state-of-the-art binary program ... Software Vulnerabilities
Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope Raphael Hiesgen Large-scale Internet scans are a common method to identify victims of a specific attack. Stateless ... Network Security I: Scanning & Censorship
Many Roads Lead To Rome: How Packet Headers Influence DNS Censorship Measurement Abhishek Pearce Internet censorship is widespread, impacting citizens of hundreds of countries around the world. Recent work ... Network Security I: Scanning & Censorship
GET /out: Automated Discovery of Application-Layer Censorship Evasion Strategies Kevin Bock , Michael Harrity , Frederick Levin The censorship arms race has recently gone through a transformation, thanks to recent efforts showing ... Network Security I: Scanning & Censorship
OpenVPN is Open to VPN Fingerprinting Diwen Xue , Reethika Jain VPN adoption has seen steady growth over the past decade due to increased public awareness ... Network Security I: Scanning & Censorship
Pool Inference Attacks on Local Differential Privacy: Quantifying the Privacy Guarantees of Apple's Count Mean Sketch in Practice Andrea Gadotti Behavioral data generated by users’ devices, ranging from emoji use to pages visited, are collected ... Differential Privacy
Poisoning Attacks to Local Differential Privacy Protocols for Key-Value Data Jinyuan Gong , Xiaoyu Cao , Yongji Wu Local Differential Privacy (LDP) protocols enable an untrusted server to perform privacy-preserving, federated data analytics. ... Differential Privacy
Communication-Efficient Triangle Counting under Local Differential Privacy Jacob Imola Triangle counting in networks under LDP (Local Differential Privacy) is a fundamental task for analyzing ... Differential Privacy
Twilight: A Differentially Private Payment Channel Network Maya Dotan , Saar Tochner , Aviv Gilad Payment channel networks (PCNs) provide a faster and cheaper alternative to transactions recorded on the ... Differential Privacy
Watching the watchers: bias and vulnerability in remote proctoring software Ben Burgess Educators are rapidly switching to remote proctoring and examination software for their testing needs, both ... Measurement II: Auditing & Best Practices
The Antrim County 2020 Election Incident: An Independent Forensic Investigation J. Alex Halderman In November 2020, Antrim County, Michigan published unofficial election results that misstated totals in the ... Measurement II: Auditing & Best Practices
An Audit of Facebook's Political Ad Policy Enforcement Victor Le Pochat Major technology companies strive to protect the integrity of political advertising on their platforms by ... Measurement II: Auditing & Best Practices
Building an Open, Robust, and Stable Voting-Based Domain Top List Qinge Xie Domain top lists serve as critical resources for the Internet measurement, security, and privacy research ... Measurement II: Auditing & Best Practices
AMD Prefetch Attacks through Power and Time Moritz Gruss Modern operating systems fundamentally rely on the strict isolation of user applications from the kernel. ... Side Channels I: Hardware
Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring Yi Han , Matthew Aref Physical side-channel monitoring leverages the physical phenomena produced by a microcontroller (e.g. power consumption or ... Side Channels I: Hardware
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86 Yingchen Wang Power side-channel attacks exploit data-dependent variations in a CPU's power consumption to leak secrets. In ... Side Channels I: Hardware
Binoculars: Contention-Based Side-Channel Attacks Exploiting the Page Walker Zirui Neil Zhao Microarchitectural side channels are a pressing security threat. These channels are created when programs modulate ... Side Channels I: Hardware
The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions Konstantinos Solomos , Panagiotis Karami Browser extension fingerprinting has garnered considerable attention recently due to the twofold privacy loss that ... Web Security II: Fingerprinting
Unleash the Simulacrum: Shifting Browser Realities for Robust Extension-Fingerprinting Prevention Soroush Karami Online tracking has garnered significant attention due to the privacy risk it poses to users. ... Web Security II: Fingerprinting
Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World Giovanni Cherubin Website fingerprinting (WF) attacks on Tor allow an adversary who can observe the traffic patterns ... Web Security II: Fingerprinting
QCSD: A QUIC Client-Side Website-Fingerprinting Defence Framework Jean-pierre Dolfi Website fingerprinting attacks, which analyse the metadata of encrypted network communication to identify visited websites, ... Web Security II: Fingerprinting
Secure Poisson Regression Mahimna Kelkar We introduce the first construction for secure two-party computation of Poisson regression, which enables two ... Crypto II: Performance Improvements
Cheetah: Lean and Fast Secure Two-Party Deep Neural Network Inference Wen-jie Lu , Zhicong Huang , Cheng Ding Secure two-party neural network inference (2PC-NN) can offer privacy protection for both the client and ... Crypto II: Performance Improvements
Piranha: A GPU Platform for Secure Computation Jean-luc Watson , Sameer Popa Secure multi-party computation (MPC) is an essential tool for privacy-preserving machine learning (ML). However, secure ... Crypto II: Performance Improvements
OpenSSLNTRU: Faster post-quantum TLS key exchange Daniel J. Bernstein Google's CECPQ1 experiment in 2016 integrated a post-quantum key-exchange algorithm, newhope1024, into TLS 1.2. The ... Crypto II: Performance Improvements
How Are Your Zombie Accounts? Understanding Users' Practices and Expectations on Mobile App Account Deletion Yan Jia , Yijing Liu , Qingyin Liu Account deletion is an important way for users to exercise their right to delete. However, ... User Studies II: Sharing
"How Do You Not Lose Friends?": Synthesizing a Design Space of Social Controls for Securing Shared Digital Resources Via Participatory Design Jams Eyitemi Moju-igbene , Hanan Abdi , Alan Das Digital resources (streaming services, banking accounts, collaborative documents, etc.) are commonly shared among small, social ... User Studies II: Sharing
Caring about Sharing: User Perceptions of Multiparty Data Sharing Bailey Kacsmar , Kyle Tilbury , Miti Kerschbaum Data sharing between companies is typically regarded as one-size-fits-all in practice and in research. For ... User Studies II: Sharing
Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones Yue Huang , Masoud Mehrabi Koushki , Julia Beznosov The incumbent all-or-nothing model of access control on smartphones has been known to dissatisfy users, ... User Studies II: Sharing
Jenny: Securing Syscalls for PKU-based Memory Isolation Systems Samuel Weiser , David Schrammel , Richard Mangard Effective syscall filtering is a key component for withstanding the numerous exploitation techniques and privilege ... Hardware Security I: Attacks & Defenses
Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks Marius Muench , Herbert Giuffrida , Pietro Frigo , Enrico Barberis Branch Target Injection (BTI or Spectre v2) is one of the most dangerous transient execution ... Hardware Security I: Attacks & Defenses
TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering Andrei Tatar Translation Lookaside Buffers, or TLBs, play a vital role in recent microarchitectural attacks. However, unlike ... Hardware Security I: Attacks & Defenses
FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing Sunwoo Kim Universal cross-site scripting (UXSS) is a browser vulnerability, making a vulnerable browser execute an attacker's ... Fuzzing I: Networks
BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing Matheus E. Garbelini , Vaibhav Chattopadhyay In this paper we propose, design and evaluate a systematic directed fuzzing framework to automatically ... Fuzzing I: Networks
AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities Johannes Krupp Amplification DDoS attacks remain a prevalent and serious threat to the Internet, with recent attacks ... Fuzzing I: Networks
FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies Bahruz Jabiyev , Steven Sprecher , Anthony Innocenti HTTP/2 adoption is rapidly climbing. However, in practice, Internet communications still rarely happen over end-to-end ... Fuzzing I: Networks
Your Microphone Array Retains Your Identity: A Robust Voice Liveness Detection System for Smart Speakers Yan Li Though playing an essential role in smart home systems, smart speakers are vulnerable to voice ... Smart Homes I
Lumos: Identifying and Localizing Diverse Hidden IoT Devices in an Unfamiliar Environment Rahul Anand Sharma , Elahe Soltanaghaei , Anthony Sekar Hidden IoT devices are increasingly being used to snoop on users in hotel rooms or ... Smart Homes I
SkillDetective: Automated Policy-Violation Detection of Voice Assistant Applications in the Wild Jeffrey Young , Song Cheng Today's voice personal assistant (VPA) services have been largely expanded by allowing third-party developers to ... Smart Homes I
"OK, Siri" or "Hey, Google": Evaluating Voiceprint Distinctiveness via Content-based PROLE Score Ruiwen He , Xiaoyu Li A voiceprint is the distinctive pattern of human voices that is spectrographically produced and has ... Smart Homes I
Helping hands: Measuring the impact of a large threat intelligence sharing community Xander Bouwman We tracked the largest volunteer security information sharing community known to date: the COVID-19 Cyber ... Measurement III
A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned Yun Vervier We study the temporal dynamics of potentially harmful apps (PHAs) on Android by leveraging 8.8M ... Measurement III
A Large-scale and Longitudinal Measurement Study of DKIM Deployment Chuhan Wang , Kaiwen Guo DomainKeys Identified Mail (DKIM) is an email authentication protocol to protect the integrity of email ... Measurement III
A Large-scale Investigation into Geodifferences in Mobile Apps Renuka Kumar , Apurva Virkud , Ram Sundara Raman , Atul Ensafi Recent studies on the web ecosystem have been raising alarms on the increasing geodifferences in ... Measurement III
Morphuzz: Bending (Input) Space to Fuzz Virtual Devices Alexander Bulekov The security of the entire cloud ecosystem crucially depends on the isolation guarantees that hypervisors ... Fuzzing II: Low-Level
Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing Tobias Scharnowski , Nils Schloegel As embedded devices are becoming more pervasive in our everyday lives, they turn into an ... Fuzzing II: Low-Level
MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference Gwangmu Lee , Cheolwoo Myung A hypervisor is system software, managing and running virtual machines. Since the hypervisor is placed ... Fuzzing II: Low-Level
Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds Zekun Shen , Ritik Dolan-gavitt Peripheral hardware in modern computers is typically assumed to be secure and not malicious, and ... Fuzzing II: Low-Level
LTrack: Stealthy Tracking of Mobile Phones in LTE Patrick Leu , Martin Kotuliak , Simon Erni , Marc Čapkun We introduce LTrack, a new tracking attack on LTE that allows an attacker to stealthily ... Wireless Security
Watching the Watchers: Practical Video Identification Attack in LTE Networks Dongkwan Kim , Sangwook Bae , Jiho Lee , Mincheol Son , Cheoljun Park , Sooel Kim A video identification attack is a tangible privacy threat that can reveal videos that victims ... Wireless Security
DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices Sangwook Bae , Jiho Lee , Eunkyu Lee , Cheoljun Park , Beomseok Oh , Insu Kim An implementation flaw in LTE control plane protocols at end-user devices directly leads to severe ... Wireless Security
Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB Ranging Patrick Camurati We present the first over-the-air attack on IEEE 802.15.4z High-Rate Pulse Repetition Frequency (HRP) Ultra-Wide ... Wireless Security
SIMC: ML Inference Secure Against Malicious Clients at Semi-Honest Cost Nishanth Chandran , Divya Obbattu Secure inference allows a model owner (or, the server) and the input owner (or, the ... ML I: Federated Learning
Efficient Differentially Private Secure Aggregation for Federated Learning via Hardness of Learning with Errors Timothy Stevens , Christian Vincent Federated machine learning leverages edge computing to develop models from network user data, but privacy ... ML I: Federated Learning
Label Inference Attacks Against Vertical Federated Learning Chong Fu As the initial variant of federated learning (FL), horizontal federated learning (HFL) applies to the ... ML I: Federated Learning
FLAME: Taming Backdoors in Federated Learning Thien Rieger Federated Learning (FL) is a collaborative machine learning approach allowing participants to jointly train a ... ML I: Federated Learning
Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture Xinyu Tang , Saeed Song Membership inference attacks are a key measure to evaluate privacy leakage in machine learning (ML) ... Deanonymization
Synthetic Data – Anonymisation Groundhog Day Theresa Stadler Synthetic data has been advertised as a silver-bullet solution to privacy-preserving data publishing that addresses ... Deanonymization
Attacks on Deidentification's Defenses Aloni Cohen Quasi-identifier-based deidentification techniques (QI-deidentification) are widely used in practice, including k-anonymity, l-diversity, and t-closeness. We ... Deanonymization
Birds of a Feather Flock Together: How Set Bias Helps to Deanonymize You via Revealed Intersection Sizes Xiaojie Guo , Ye Han , Zheli Liu , Ding Jia Secure two-party protocols that compute intersection-related statistics have attracted much attention from the industry. These ... Deanonymization
Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses Mojtaba Zaheri , Yossi Curtmola Targeted deanonymization attacks let a malicious website discover whether a website visitor bears a certain ... Deanonymization
FReD: Identifying File Re-Delegation in Android System Services Sigmund Iii , Seaver Enck The security of the Android platform benefits greatly from a privileged middleware that provides indirect ... Mobile Security
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch Kai Wang Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and ... Mobile Security
SARA: Secure Android Remote Authorization Abdullah Imran , Habiba Farrukh , Muhammad Ibrahim , Z. Bianchi Modern smartphones are equipped with Trusted Execution Environments (TEEs), offering security features resilient even against ... Mobile Security
FOAP: Fine-Grained Open-World Android App Fingerprinting Hao Zhou , Jianfeng Li , Shuohan Luo Despite the widespread adoption of encrypted communication for mobile apps, adversaries can still identify apps ... Mobile Security
Identity Confusion in WebView-based Mobile App-in-app Ecosystems Lei Zhang , Zhibo Liu Mobile applications (apps) often delegate their own functions to other parties, which makes them become ... Mobile Security
Automated Detection of Automated Traffic Cormac Herley We describe a method to separate abuse from legitimate traffic when we have categorical features ... Web Security III: Bots & Authentication
Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach Ruofan Liu , Yun Lin , Xianglin Ng Explainable phishing detection approaches are usually based on references, i.e., they compare a suspicious webpage ... Web Security III: Bots & Authentication
Phish in Sheep's Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting Xu Lin , Panagiotis Ilia , Saumya Polakis As users navigate the web they face a multitude of threats; among them, attacks that ... Web Security III: Bots & Authentication
DeepPhish: Understanding User Trust Towards Artificially Generated Profiles in Online Social Networks Jaron Mink , Licheng Barbosa Fabricated media from deep learning models, or Web Security III: Bots & Authentication
Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand Matteo Cardaioli , Stefano Cecconello , Mauro Milani Automated Teller Machines (ATMs) represent the most used system for withdrawing cash. The European Central ... Web Security III: Bots & Authentication
Estimating Incidental Collection in Foreign Intelligence Surveillance: Large-Scale Multiparty Private Set Intersection with Union and Sum Anunay Mayer Section 702 of the Foreign Intelligence Surveillance Act authorizes U.S. intelligence agencies to intercept communications ... Crypto III: Private Matching & Lookups
Constant-weight PIR: Single-round Keyword PIR via Constant-weight Equality Operators Rasoul Kerschbaum Equality operators are an essential building block in tasks over secure computation such as private ... Crypto III: Private Matching & Lookups
Incremental Offline/Online PIR Yiping Zhong Recent private information retrieval (PIR) schemes preprocess the database with a query-independent offline phase in ... Crypto III: Private Matching & Lookups
GPU-accelerated PIR with Client-Independent Preprocessing for Large-Scale Applications Daniel Heymann Multi-Server Private Information Retrieval (PIR) is a cryptographic protocol that allows a client to securely ... Crypto III: Private Matching & Lookups
Increasing Adversarial Uncertainty to Scale Private Similarity Testing Yiqing Namavari Social media and other platforms rely on automated detection of abusive content to help combat ... Crypto III: Private Matching & Lookups
Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web Avinash Sudhodanan The ubiquity of user accounts in websites and online services makes account hijacking a serious ... Passwords
Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission Asuman Senol Web users enter their email addresses into online forms for a variety of reasons, including ... Passwords
Might I Get Pwned: A Second Generation Compromised Credential Checking Service Bijeeta Pal Credential stuffing attacks use stolen passwords to log into victim accounts. To defend against these ... Passwords
Why Users (Don't) Use Password Managers at a Large Educational Institution Peter Mayer We quantitatively investigated the current state of Password Manager (PM) usage and general password habits ... Passwords
Gossamer: Securely Measuring Password-based Logins Marina Sanusi Bohuk Passwords remain the primary way to authenticate users online. Yet little is known about the ... Passwords
DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems Ce Zhou , Qiben Shi Depth estimation-based obstacle avoidance has been widely adopted by autonomous systems (drones and vehicles) for ... Smart Vehicles
Security Analysis of Camera-LiDAR Fusion Against Black-Box Attacks on Autonomous Vehicles R. Liu To enable safe and reliable decision-making, autonomous vehicles (AVs) feed sensor data to perception algorithms ... Smart Vehicles
SAID: State-aware Defense Against Injection Attacks on In-vehicle Network Lei Xue Modern vehicles are equipped with many ECUs (Electronic Control Unit) that are connected to the ... Smart Vehicles
Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols Xiapu Luo , Lei Zhao , Le Yu , Yangyang Liu , Pengfei Jing In-vehicle protocols are very important to the security assessment and protection of modern vehicles since ... Smart Vehicles
Rolling Colors: Adversarial Laser Exploits against Traffic Light Recognition Chen Yan Traffic light recognition is essential for fully autonomous driving in urban areas. In this paper, ... Smart Vehicles
Provably-Safe Multilingual Software Sandboxing using WebAssembly Jay Bosamiya , Wen Parno Many applications, from the Web to smart contracts, need to safely execute untrusted code. We ... Web Security IV: Defenses
Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches Yuan Zhang , Youkun Shi , Tianhan Mao Web vulnerabilities, especially injection-related ones, are popular among web application frameworks (such as Word-Press and ... Web Security IV: Defenses
Experimental Security Analysis of the App Model in Business Collaboration Platforms Rahul Chatterjee , Yue Gao , Yunang Chen , Nick Ceccio , Kassem Fernandes Business Collaboration Platforms like Microsoft Teams and Slack enable teamwork by supporting text chatting and ... Web Security IV: Defenses
SWAPP: A New Programmable Playground for Web Application Security Phakpoom Chinprutthiwong , Jianwei Gu Client-side web attacks are one of the major battlefields for cybercriminals today. To mitigate such ... Web Security IV: Defenses
The Security Lottery: Measuring Client-Side Web Security Inconsistencies Sebastian Roth To mitigate a myriad of Web attacks, modern browsers support client-side security policies shipped through ... Web Security IV: Defenses
PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image Classifier Chong Xiang , Saeed Mittal The adversarial patch attack against image classification models aims to inject adversarially crafted pixels within ... ML II
Transferring Adversarial Robustness Through Robust Representation Matching Pratik Vaishnavi With the widespread use of machine learning, concerns over its security and reliability have become ... ML II
How Machine Learning Is Solving the Binary Function Similarity Problem Mariano Graziano , Andrea Marcelli , Xabier Fratantonio The ability to accurately compute the similarity between two pieces of binary code plays an ... ML II
Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks Shawn Wenger , Huiying Li Deep learning systems are known to be vulnerable to adversarial examples. In particular, query-based black-box ... ML II
DnD: A Cross-Architecture Deep Neural Network Decompiler Ruoyu Wu The usage of Deep Neural Networks (DNNs) has steadily increased in recent years. Especially when ... ML II
Measurement by Proxy: On the Accuracy of Online Marketplace Measurements Alejandro Cuevas A number of recent studies have investigated online anonymous ("dark web") marketplaces. Almost all leverage ... Measurement IV
Behind the Tube: Exploitative Monetization of Content on YouTube Andrew Chu The YouTube video sharing platform is a prominent online presence that delivers various genres of ... Measurement IV
When Sally Met Trackers: Web Tracking From the Users' Perspective Savino Dambra Web tracking has evolved to become a norm on the Internet. As a matter of ... Measurement IV
How to Peel a Million: Validating and Expanding Bitcoin Clusters George Yousaf One of the defining features of Bitcoin and the thousands of cryptocurrencies that have been ... Measurement IV
RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices Yi Zou Nowadays real-time embedded devices are becoming one main target of cyber attacks. A huge number ... Hardware Security II: Embedded
GAROTA: Generalized Active Root-Of-Trust Architecture (for Tiny Embedded Devices) Esmerald Aliaj Embedded (aka smart or IoT) devices are increasingly popular and becoming ubiquitous. Unsurprisingly, they are ... Hardware Security II: Embedded
ReZone: Disarming TrustZone with TEE Privilege Reduction David Martins In TrustZone-assisted TEEs, the trusted OS has unrestricted access to both secure and normal world ... Hardware Security II: Embedded
Holistic Control-Flow Protection on Real-Time Embedded Systems with Kage Yufei Du This paper presents Hardware Security II: Embedded
Orca: Blocklisting in Sender-Anonymous Messaging Nirvan Len Sender-anonymous end-to-end encrypted messaging allows sending messages to a recipient without revealing the sender's identity ... Client-Side Security
Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning Shubham Jain , Ana-maria Montjoye End-to-end encryption (E2EE) by messaging platforms enable people to securely and privately communicate with one ... Client-Side Security
Hecate: Abuse Reporting in Secure Messengers with Sealed Sender Rawane Issa , Nicolas Varia End-to-end encryption provides strong privacy protections to billions of people, but it also complicates efforts ... Client-Side Security
End-to-Same-End Encryption: Modularly Augmenting an App with an Efficient, Portable, and Blind Cloud Storage Long Chen The cloud has become pervasive, and we ask: how can we protect cloud data against ... Client-Side Security
Omnes pro uno: Practical Multi-Writer Encrypted Database Jiafan Chow Multi-writer encrypted databases allow a reader to search over data contributed by multiple writers securely. ... Crypto IV: Databases & Logging
Faster Yet Safer: Logging System Via Fixed-Key Blockcipher Viet tung Hoang , Cong Yuan System logs are crucial for forensic analysis, but to be useful, they need to be ... Crypto IV: Databases & Logging
IHOP: Improved Statistical Query Recovery against Searchable Symmetric Encryption through Quadratic Optimization Simon Kerschbaum Effective query recovery attacks against Searchable Symmetric Encryption (SSE) schemes typically rely on auxiliary ground-truth ... Crypto IV: Databases & Logging
Dynamic Searchable Encryption with Optimal Search in the Presence of Deletions Javad Papadopoulos We focus on the problem of Dynamic Searchable Encryption (DSE) with efficient (optimal/quasi-optimal) search in ... Crypto IV: Databases & Logging
ALASTOR: Reconstructing the Provenance of Serverless Intrusions Pubali Datta Serverless computing has freed developers from the burden of managing their own platform and infrastructure, ... Software Forensics
Back-Propagating System Dependency Impact for Attack Investigation Pengcheng Fang Causality analysis on system auditing data has emerged as an important solution for attack investigation. ... Software Forensics
Ground Truth for Binary Disassembly is Not Easy Chengbin Zhang Modern disassembly tools often rely on empirical evaluations to validate their performance and discover their ... Software Forensics
FreeWill: Automatically Diagnosing Use-after-free Bugs via Reference Miscounting Detection on Binaries Liang He Memory-safety issues in operating systems and popular applications are still top security threats. As one ... Software Forensics
PolyCruise: A Cross-Language Dynamic Information Flow Analysis Wen Li Despite the fact that most real-world software systems today are written in multiple programming languages, ... Information Flow
SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis Ju Chen Concolic execution is a powerful program analysis technique for systematically exploring execution paths. Compared to ... Information Flow
CellIFT: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in RTL Flavien Solt Dynamic Information Flow Tracking (dynamic IFT) is a well-known technique with many security applications such ... Information Flow
FlowMatrix: GPU-Assisted Information-Flow Analysis through Matrix-Based Representation Kaihang Ji , Jun Zeng , Yuancheng Liang Dynamic Information Flow Tracking (DIFT) forms the foundation of a wide range of security and ... Information Flow
Bedrock: Programmable Network Support for Secure RDMA Systems Ziyang Yang , Jiarong Xing , Kuo-feng Hsu , Yiming Qiu , Hongyi Chen Remote direct memory access (RDMA) has gained popularity in cloud datacenters. In RDMA, clients bypass ... Network Security II: Infrastructure
Creating a Secure Underlay for the Internet Henry Birge-lee Adversaries can exploit inter-domain routing vulnerabilities to intercept communication and compromise the security of critical ... Network Security II: Infrastructure
Off-Path Network Traffic Manipulation via Revitalized ICMP Redirect Attacks Xuewei Feng ICMP redirect is a mechanism that allows an end host to dynamically update its routing ... Network Security II: Infrastructure
VerLoc: Verifiable Localization in Decentralized Systems Katharina Kohls We tackle the challenge of reliably determining the geolocation of nodes in decentralized networks, considering ... Network Security II: Infrastructure
Towards More Robust Keyword Spotting for Voice Assistants Shimaa Ahmed Voice assistants rely on keyword spotting (KWS) to process vocal commands issued by humans: commands ... ML III
Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era Changjiang Li Facial Liveness Verification (FLV) is widely used for identity authentication in many security-sensitive domains and ... ML III
Who Are You (I Really Wanna Know)? Detecting Audio DeepFakes Through Vocal Tract Reconstruction Logan Blue , Hadi Abdullah , Luis Vargas , Kevin Warren , Cassidy Gibson , Jessica O'dell , Kevin Traynor Generative machine learning models have made convincing voice synthesis a reality. While such tools can ... ML III
DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly Sheng Yu Disassembly is the cornerstone of many binary analysis tasks. Traditional disassembly approaches (e.g., linear and ... ML III
RE-Mind: a First Look Inside the Mind of a Reverse Engineer Alessandro Aonzo When a human activity requires a lot of expertise and very specialized cognitive skills that ... Security Practitioners & Behaviors
Characterizing the Security of Github CI Workflows Igibek Nahapetyan Continuous integration and deployment (CI/CD) has revolutionized software development and maintenance. Commercial CI/CD platforms provide ... Security Practitioners & Behaviors
Decomperson: How Humans Decompile and What We Can Learn From It Christopher Vigna , Kevin Burk , Fabio Pagani Human analysts must reverse engineer binary programs as a prerequisite for a number of security ... Security Practitioners & Behaviors
99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms Bushra A. Alahmadi , Louise Martinovic In this work, we focus on the prevalence of False Positive (FP) alarms produced by ... Security Practitioners & Behaviors
HyperDegrade: From GHz to MHz Effective CPU Frequencies Alejandro Brumley Performance degradation techniques are an important complement to side-channel attacks. In this work, we propose ... Side Channels II
Pacer: Comprehensive Network Side-Channel Mitigation in the Cloud Aastha Mehta Network side channels (NSCs) leak secrets through packet timing and packet sizes. They are of ... Side Channels II
Composable Cachelets: Protecting Enclaves from Cache Side-Channel Attacks Daniel Townley The security of isolated execution architectures such as Intel SGX has been significantly threatened by ... Side Channels II
Don't Mesh Around: Side-Channel Attacks and Mitigations on Mesh Interconnects Miles Dai This paper studies microarchitectural side-channel attacks and mitigations on the on-chip mesh interconnect used in ... Side Channels II
WebGraph: Capturing Advertising and Tracking Information Flows for Robust Blocking Sandra Siby Users rely on ad and tracker blocking tools to protect their privacy. Unfortunately, existing ad ... Web Security V: Tracking
Automating Cookie Consent and GDPR Violation Detection Dino Bollinger , Karel Kubicek , Carlos Basin The European Union's General Data Protection Regulation (GDPR) requires websites to inform users about personal ... Web Security V: Tracking
Khaleesi: Breaker of Advertising and Tracking Request Chains Umar Iqbal Request chains are being used by advertisers and trackers for information sharing and circumventing recently ... Web Security V: Tracking
Practical Data Access Minimization in Trigger-Action Platforms Yunang Alhanahnah Trigger-Action Platforms (TAPs) connect disparate online services and enable users to create automation rules in ... Web Security V: Tracking
Shuffle-based Private Set Union: Faster and More Secure Yanxue Sun Private Set Union (PSU) allows two players, the sender and the receiver, to compute the ... Crypto V: Provers & Shuffling
Polynomial Commitment with a One-to-Many Prover and Applications Jiaheng Xie Verifiable Secret Sharing (VSS) is a foundational cryptographic primitive that serves as an essential building ... Crypto V: Provers & Shuffling
ppSAT: Towards Two-Party Private SAT Solving Ning Luo , Samuel Judson , Timos Piskac We design and implement a privacy-preserving Boolean satisfiability (ppSAT) solver, which allows mutually distrustful parties ... Crypto V: Provers & Shuffling
Hyperproofs: Aggregating and Maintaining Proofs in Vector Commitments Shravan Srinivasan We present Hyperproofs, the first vector commitment (VC) scheme that is efficiently maintainable and aggregatable. ... Crypto V: Provers & Shuffling
COMRace: Detecting Data Race Vulnerabilities in COM Objects Fangming Guo The Microsoft Component Object Model (COM) is the foundation for many key Microsoft technologies and ... Security Analysis
MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components Seunghoon Woo , Hyunji Hong , Eunjin Lee Vulnerabilities inherited from third-party open-source software (OSS) components can compromise the entire software security. However, ... Security Analysis
Loki: Hardening Code Obfuscation Against Automated Attacks Moritz Contag , Tim Blazytko , Moritz Schloegel , Cornelius Basler Software obfuscation is a crucial technology to protect intellectual property and manage digital rights within ... Security Analysis
Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures Christian Mainka , Simon Rohlmann , Vladislav Schwenk OpenDocument is one of the major standards for interoperable office documents. Supported by office suites ... Security Analysis
Playing Without Paying: Detecting Vulnerable Payment Verification in Native Binaries of Unity Mobile Games Chaoshun Lin Modern mobile games often contain in-app purchasing (IAP) for players to purchase digital items such ... Security Analysis
Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX Lukas Giner , Andreas Canella Load Value Injection (LVI) uses Meltdown-type data flows in Spectre-like confused-deputy attacks. LVI has been ... SGX I & Side Channels III
A Hardware-Software Co-design for Efficient Intra-Enclave Isolation Jinyu Gu , Bojun Zhu , Mingyu Li , Wentai Li , Yubin Chen The monolithic programming model has been favored for high compatibility and easing the programming for ... SGX I & Side Channels III
SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing Tobias Cloosters Intel's Software Guard Extensions (SGX) provide a nonintrospectable trusted execution environment (TEE) to protect security-critical ... SGX I & Side Channels III
SecSMT: Securing SMT Processors against Contention-Based Covert Channels Mohammadkazem Taram This paper presents the first comprehensive analysis of contention-based security vulnerabilities in a high-performance simultaneous ... SGX I & Side Channels III
Rendering Contention Channel Made Practical in Web Browsers Shujiang Yu Browser rendering utilizes hardware resources shared within and across browsers to display web contents, thus ... SGX I & Side Channels III
SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel Weiteng Chen , Xiaochen Zou , Guoren Li , Hang Qian Fuzzing has become one of the most effective bug finding approach for software. In recent ... Fuzzing III
TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities Rahul Kande , Addison Persyn The increasing complexity of modern processors poses many challenges to existing hardware verification tools and ... Fuzzing III
Fuzzing Hardware Like Software Timothy Shin Hardware flaws are permanent and potent: hardware cannot be patched once fabricated, and any flaws ... Fuzzing III
Stateful Greybox Fuzzing Jinsheng Ba Many protocol implementations are reactive systems, where the protocol process is in continuous interaction with ... Fuzzing III
StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing Bodong Zhao , Zheming Li , Shisong Qin , Zheyu Yuan Coverage-guided fuzzing has achieved great success in finding software vulnerabilities. Existing coverage-guided fuzzers generally favor ... Fuzzing III
How to Abuse and Fix Authenticated Encryption Without Key Commitment Ange Duong Authenticated encryption (AE) is used in a wide variety of applications, potentially in settings for ... Crypto VI
Private Signaling Varun Scafuro We introduce the problem of private signaling. In this problem, a sender posts a message ... Crypto VI
Batched Differentially Private Information Retrieval Kinan Dak Albab Private Information Retrieval (PIR) allows several clients to query a database held by one or ... Crypto VI
Practical Privacy-Preserving Authentication for SSH Lawrence Roy , Stanislav Lyakhov , Yeongjin Rosulek Public-key authentication in SSH reveals more information about the participants' keys than is necessary. (1) ... Crypto VI
One-off Disclosure Control by Heterogeneous Generalization Olga Gkountouna How can we orchestrate an one-off sharing of informative data about individuals, while bounding the ... Crypto VI
Understanding and Improving Usability of Data Dashboards for Simplified Privacy Control of Voice Assistant Data Vandit Mondal Today, intelligent voice assistant (VA) software like Amazon's Alexa, Google's Voice Assistant (GVA) and Apple's ... User Studies III: Privacy
Security and Privacy Perceptions of Third-Party Application Access for Google Accounts David G. Balash , Xiaoyuan Grant Online services like Google provide a variety of application programming interfaces (APIs). These online APIs ... User Studies III: Privacy
Empirical Understanding of Deletion Privacy: Experiences, Expectations, and Measures Mohsen Minaei In recent years, social platforms are heavily used by individuals to share their thoughts and ... User Studies III: Privacy
Security at the End of the Tunnel: The Anatomy of VPN Mental Models Among Experts and Non-Experts in a Corporate Context Veroniek Binkhorst With the worldwide COVID-19 pandemic in 2020 and 2021 necessitating working from home, corporate Virtual ... User Studies III: Privacy
How and Why People Use Virtual Private Networks Agnieszka Dutkowska-żuk Virtual Private Networks (VPNs) are often used to protect online users' privacy, but many VPNs ... User Studies III: Privacy
CamShield: Securing Smart Cameras through Physical Replication and Isolation Zhiwei Wang , Yihui Yan Smart home devices, such as security cameras, are equipped with visual sensors, either for monitoring ... Smart Homes II
SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier Lukas Petzi , Ala Dmitrienko Remote Attestation (RA) is a basic security mechanism that detects malicious presence on various types ... Smart Homes II
An Experimental Study of GPS Spoofing and Takeover Attacks on UAVs Harshad Sathaye Today, there is limited knowledge about the behavior of UAVs under GPS spoofing attacks in ... Smart Homes II
Smart Home Privacy Policies Demystified: A Study of Availability, Content, and Coverage Sunil Kafle Smart home devices transmit highly sensitive usage information to servers owned by vendors or third-parties ... Smart Homes II
MaDIoT 2.0: Modern High-Wattage IoT Botnet Attacks and Defenses Tohid Shekari The widespread availability of vulnerable IoT devices has resulted in IoT botnets. A particularly concerning ... Smart Homes II
AutoDA: Automated Decision-based Iterative Adversarial Attacks Qi-an Fu Adversarial attacks can fool deep learning models by imposing imperceptible perturbations onto natural examples, which ... ML IV: Attacks
Poison Forensics: Traceback of Data Poisoning Attacks in Neural Networks Arjun Nitin Bhagoji , Haitao Zhao , Shawn Shan In adversarial machine learning, new defenses against attacks on deep learning systems are routinely broken ... ML IV: Attacks
Teacher Model Fingerprinting Attacks Against Transfer Learning Yufei Chen Transfer learning has become a common solution to address training data scarcity in practice. It ... ML IV: Attacks
Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation Xudong Pan , Mi Zhang , Beina Sheng , Jiaming Yang The vulnerability of deep neural networks (DNN) to ML IV: Attacks
PoisonedEncoder: Poisoning the Unlabeled Pre-training Data in Contrastive Learning Jinyuan Gong , Hongbin Liu Contrastive learning pre-trains an image encoder using a large amount of unlabeled data such that ... ML IV: Attacks
Double Trouble: Combined Heterogeneous Attacks on Non-Inclusive Cache Hierarchies Antoon Purnal , Furkan Verbauwhede As the performance of general-purpose processors faces diminishing improvements, computing systems are increasingly equipped with ... Fuzzing OS and Cloud Security
QuORAM: A Quorum-Replicated Fault Tolerant ORAM Datastore Sujaya Maiyya , Seif Ibrahim , Caitlin Scarberry , Divyakant Abbadi Privacy and security challenges due to the outsourcing of data storage and processing to third-party ... Fuzzing OS and Cloud Security
Post-Quantum Cryptography with Contemporary Co-Processors: Beyond Kronecker, Schönhage-Strassen & Nussbaumer Joppe w. Bos , Joost Vredendaal There are currently over 30 billion IoT (Internet of Things) devices installed worldwide. To secure ... Fuzzing OS and Cloud Security
FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing Zenong Patterson Fuzz testing is an active area of research with proposed improvements published at a rapid ... Fuzzing OS and Cloud Security
Tightly Seal Your Sensitive Pointers with PACTight Mohannad Ismail ARM is becoming more popular in desktops and data centers, opening a new realm in ... Fuzzing OS and Cloud Security
Total Eclipse of the Heart – Disrupting the InterPlanetary File System Bernd Prünster Peer-to-peer networks are an attractive alternative to classical client-server architectures in several fields of application ... Privacy User Behaviors and Attacks
PrivGuard: Privacy Regulation Compliance Made Easier Lun Wang Continuous compliance with privacy regulations, such as GDPR and CCPA, has become a costly burden ... Privacy User Behaviors and Attacks
Stick It to The Man: Correcting for Non-Cooperative Behavior of Subjects in Experiments on Social Networks Kaleigh Clary A large body of research in network and social sciences studies the effects of interventions ... Privacy User Behaviors and Attacks
OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR Rahmadi Trimananda , Hieu Le , Hao Ho Virtual reality (VR) is an emerging technology that enables new applications but also introduces privacy ... Privacy User Behaviors and Attacks
Half-Double: Hammering From the Next Row Over Andreas Kogler Rowhammer is a vulnerability in modern DRAM where repeated accesses to one row (the aggressor) ... Hardware Security III
RETBLEED: Arbitrary Speculative Code Execution with Return Instructions Johannes Razavi Modern operating systems rely on software defenses against hardware attacks. These defenses are, however, as ... Hardware Security III
PISTIS: Trusted Computing Architecture for Low-end Embedded Systems Michele Grisafi Recently, several hardware-assisted security architectures have been proposed to mitigate the ever-growing cyber-attacks on Internet-connected ... Hardware Security III
Rapid Prototyping for Microarchitectural Attacks Catherine Easdon In recent years, microarchitectural attacks have been demonstrated to be a powerful attack class. However, ... Hardware Security III
ProFactory: Improving IoT Security via Formalized Protocol Customization Fei Wang , Jianliang Nan As IoT applications gain widespread adoption, it becomes important to design and implement IoT protocols ... OS Security & Formalisms
ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture Pietro Borrello CPU vulnerabilities undermine the security guarantees provided by software- and hardware-security improvements. While the discovery ... OS Security & Formalisms
SAPIC+: protocol verifiers of the world, unite! Vincent Cheval Symbolic security protocol verifiers have reached a high degree of automation and maturity. Today, experts ... OS Security & Formalisms
On the Security Risks of AutoML Ren Xi Neural architecture search (NAS) represents an emerging machine learning (ML) paradigm that automatically searches for ... ML V: Principles & Best Practices
Dos and Don'ts of Machine Learning in Computer Security Daniel Arp With the growing processing power of computing systems and the increasing availability of massive datasets, ... ML V: Principles & Best Practices
Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis Xudong Pan , Mi Zhang , Jiaming Yang , Yifan Yan Among existing privacy attacks on the gradient of neural networks, data reconstruction attack, which reverse ... ML V: Principles & Best Practices
On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning Anvith Thudi , Hengrui Jia , Ilia Papernot Machine unlearning, i.e. having a model forget about some of its training data, has become ... ML V: Principles & Best Practices
"The Same PIN, Just Longer": On the (In)Security of Upgrading PINs from 4 to 6 Digits Collins W. Munyendo With the goal of improving security, companies like Apple have moved from requiring 4-digit PINs ... User Studies IV: Policies & Best Practices
Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples Harjot Kaur Studying developers is an important aspect of usable security and privacy research. In particular, studying ... User Studies IV: Policies & Best Practices
Investigating State-of-the-Art Practices for Fostering Subjective Trust in Online Voting through Interviews Karola Marky Ensuring voters' subjective trust is key to adopting any voting system. Consequently, researchers, experts, and ... User Studies IV: Policies & Best Practices
Electronic Monitoring Smartphone Apps: An Analysis of Risks from Technical, Human-Centered, and Legal Perspectives Kentrell Owens Electronic monitoring is the use of technology to track individuals accused or convicted of a ... User Studies IV: Policies & Best Practices
MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties Guoxing Chen Remote attestation mechanism enables an enclave to attest its identity (which is usually represented by ... SGX II
Elasticlave: An Efficient Memory Model for Enclaves Jason Zhijingcheng Yu Trusted execution environments (TEEs) isolate user-space applications into secure enclaves without trusting the OS. Existing ... SGX II
SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX Yuan Chen , Jiaqi Li , Guorui Zhou Since its debut, SGX has been used to secure various types of applications. However, existing ... SGX II
Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks Andreas Gruss Modern CPUs adapt clock frequencies and voltage levels to workloads to reduce energy consumption and ... SGX II
Counting in Regexes Considered Harmful: Exposing ReDoS Vulnerability of Nonbacktracking Matchers Lenka Turoňová , Lukáš Holík , Ivan Lengál In this paper, we study the performance characteristics of nonbacktracking regex matchers and their vulnerability ... Network Security III: DDoS
RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix Yeting Li The Regular expression Denial of Service (ReDoS) is a class of denial of service attacks ... Network Security III: DDoS
Anycast Agility: Network Playbooks to Fight DDoS A Rizvi IP anycast is used for services such as DNS and Content Delivery Networks (CDN) to ... Network Security III: DDoS
Regulator: Dynamic Analysis to Detect ReDoS Christopher Vigna , Fabio Pagani , Robert Mclaughlin , Noah Spahn Regular expressions (regexps) are a convenient way for programmers to express complex string searching logic. ... Network Security III: DDoS
Aardvark: An Asynchronous Authenticated Dictionary with Applications to Account-based Cryptocurrencies Derek Leung We design Aardvark, a novel authenticated dictionary with short proofs of correctness for lookups and ... Zero Knowledge
Zero-Knowledge Middleboxes Paul Grubbs , Ye Zhang , Arasu Arun , Joseph Walfish This paper initiates research on zero-knowledge middleboxes (ZKMBs). A ZKMB is a network middlebox that ... Zero Knowledge
Efficient Representation of Numerical Optimization Problems for SNARKs Sebastian Angel This paper introduces Otti, a general-purpose compiler for (zk)SNARKs that provides support for numerical optimization ... Zero Knowledge
Experimenting with Collaborative zk-SNARKs: Zero-Knowledge Proofs for Distributed Secrets Alex Boneh A zk-SNARK is a powerful cryptographic primitive that provides a succinct and efficiently checkable argument ... Zero Knowledge
Detecting Logical Bugs of DBMS with Coverage-based Guidance Yu Liang Database management systems (DBMSs) are critical components of modern data-intensive applications. Developers have adopted many ... Software Security
Augmenting Decompiler Output with Learned Variable Names and Types Qibin Lacomis A common tool used by security professionals for reverse-engineering binaries found in the wild is ... Software Security
Debloating Address Sanitizer Yuchen Zhang Address Sanitizer (ASan) is a powerful memory error detector. It can detect various errors ranging ... Software Security
Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths Shunfan Zhou , Zhemin Qiao Symbolic execution and fuzz testing are effective approaches for program analysis, thanks to their evolving ... Software Security
Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side Channel Henrique Xiao Neural network applications have become popular in both enterprise and personal settings. Network solutions are ... Side Channels IV
Lamphone: Passive Sound Recovery from a Desk Lamp's Light Bulb Vibrations Ben Nassi , Yaron Swisa In this paper, we introduce "Lamphone," an optical side-channel attack used to recover sound from ... Side Channels IV
Automated Side Channel Analysis of Media Software with Manifold Learning Qi Wang , Yuanyuan Yuan The prosperous development of cloud computing and machine learning as a service has led to ... Side Channels IV
Lend Me Your Ear: Passive Remote Physical Side Channels on PCs Daniel Genkin We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel ... Side Channels IV
Stalloris: RPKI Downgrade Attack Tomas Jeitner We demonstrate the first downgrade attacks against RPKI. The key design property in RPKI that ... Network Security IV
XDRI Attacks - and - How to Enhance Resilience of Residential Routers Philipp Jeitner We explore the security of residential routers and find a range of critical vulnerabilities. Our ... Network Security IV
V'CER: Efficient Certificate Validation in Constrained Networks David Jauernig We address the challenging problem of efficient trust establishment in Network Security IV
Themis: Accelerating the Detection of Route Origin Hijacking by Distinguishing Legitimate and Illegitimate MOAS Lancheng Qin Route hijacking is one of the most severe security problems in today's Internet, and route ... Network Security IV
ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models Ahmed Salem , Yugeng Liu , Rui Wen , Xinlei He , Zhikun Backes Inference attacks against Machine Learning (ML) models allow adversaries to learn sensitive information about training ... ML VI: Inference
Inference Attacks Against Graph Neural Networks Zhikun Zhang , Min Backes Graph is an important data representation ubiquitously existing in the real world. However, analyzing the ... ML VI: Inference
Membership Inference Attacks and Defenses in Neural Network Pruning Xiaoyong Zhang Neural network pruning has been an essential technique to reduce the computation and memory requirements ... ML VI: Inference
Are Your Sensitive Attributes Private? Novel Model Inversion Attribute Inference Attacks on Classification Models Shagufta Mehnaz Increasing use of machine learning (ML) technologies in privacy-sensitive domains such as medical diagnoses, lifestyle ... ML VI: Inference