Paper list

• 178 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
• 179 As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service
• 180 Awakening the Web’s Sleeper Agents: Misusing Service Workers for Privacy Leakage
• 181 Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework
• 182 C$^2$SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis
• 183 Deceptive Deletions for Protecting Withdrawn Posts on Social Media Platforms
• 184 DOVE: A Data-Oblivious Virtual Environment
• 185 Evading Voltage-Based Intrusion Detection on Automotive CAN CAN
• 186 Forward and Backward Private Conjunctive Searchable Symmetric Encryption
• 187 From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR
• 188 Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem
• 189 Let’s Stride Blindfolded in a Forest: Sublinear Multi-Client Decision Trees Evaluation
• 190 More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes
• 191 Obfuscated Access and Search Patterns in Searchable Encryption
• 192 Peerlock: Flexsealing BGP
• 193 POP and PUSH: Demystifying and Defending against (Mach) Port-oriented Programming
• 194 Processing Dangerous Paths – On Security and Privacy of the Portable Document Format
• 195 Reining in the Web’s Inconsistencies with Site Policy
• 196 Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers
• 197 Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel
• 198 The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud
• 199 Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
• 200 XDA: Accurate, Robust Disassembly with Transfer Learning
• 201 Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks
• 202 A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers?
• 203 A Formal Analysis of the FIDO UAF Protocol
• 204 ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation
• 205 BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols
• 206 Bitcontracts: Supporting Smart Contracts in Legacy Blockchains
• 207 CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs
• 208 CV-Inspector: Towards Automating Detection of Adblock Circumvention
• 209 Data Poisoning Attacks to Deep Learning Based Recommender Systems
• 210 Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning
• 211 Differential Training: A Generic Framework to Reduce Label Noises for Android Malware Detection
• 212 Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes
• 213 EarArray: Defending against DolphinAttack via Acoustic Attenuation
• 214 Emilia: Catching Iago in Legacy Code
• 215 FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data
• 216 Favocado: Fuzzing Binding Code of JavaScript Engines Using Semantically Correct Test Cases
• 217 FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications
• 218 FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping
• 219 From Library Portability to Para-rehosting: Natively Executing Open-source Microcontroller OSs on Commodity Hardware
• 220 GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks
• 221 HERA: Hotpatching of Embedded Real-time Applications
• 222 Hunting the Haunter — Efficient Relational Symbolic Execution for Spectre with HauntedRelSE
• 223 Improving Signal’s Sealed Sender
• 224 IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery
• 225 KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel
• 226 Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning
• 227 MINOS: A Lightweight Real-Time Cryptojacking Detection System
• 228 Mondrian: Comprehensive Inter-domain Network Zoning Architecture
• 229 NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces
• 230 OblivSketch: Oblivious Network Measurement as a Cloud Service
• 231 On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices
• 232 PFirewall: Semantics-Aware Customizable Data Flow Control for Home Automation Systems
• 233 PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles
• 234 PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification
• 235 POSEIDON: Privacy-Preserving Federated Neural Network Learning
• 236 Practical Blind Membership Inference Attack via Differential Comparisons
• 237 Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy
• 238 Preventing and Detecting State Inference Attacks on Android
• 239 PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps
• 240 ProPoS: A Probabilistic Proof-of-Stake Protocol
• 241 QPEP: An Actionable Approach to Secure and Performant Broadband From Geostationary Orbit
• 242 RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness
• 243 Refining Indirect Call Targets at the Binary Level
• 244 Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing
• 245 ROV++: Improved Deployable Defense against BGP Hijacking
• 246 SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web
• 247 Shadow Attacks: Hiding and Replacing Content in Signed PDFs
• 248 SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets
• 249 SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning
• 250 SymQEMU: Compilation-based symbolic execution for binaries
• 251 Tales of Favicons and Caches: Persistent Tracking in Modern Browsers
• 252 TASE: Reducing Latency of Symbolic Execution with Transactional Memory
• 253 The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol
• 254 To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media
• 255 Towards Understanding and Detecting Cyberbullying in Real-world Images
• 256 Trust the Crowd: Wireless Witnessing to Detect Attacks on ADS-B-Based Air-Traffic Surveillance
• 257 Understanding and Detecting International Revenue Share Fraud
• 258 Understanding the Growth and Security Considerations of ECS
• 259 Understanding Worldwide Private Information Collection on Android
• 260 WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics
• 261 Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI
• 262 WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning
• 263 Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks
• 264 Доверя́й, но проверя́й: SFI safety for native-compiled Wasm