Paper list

• 348 Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
• 349 Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
• 350 Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations
• 351 (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization
• 352 Stealthy Tracking of Autonomous Vehicles with Cache Side Channels Autonomous Vehicle Localization
• 353 An Off-Chip Attack on Hardware Enclaves via the Memory Bus
• 354 Void: A fast and light voice liveness detection system
• 355 SmartVerif: Push the Limit of Automation Capability of Verifying Security Protocols by Dynamic Strategies
• 356 An Observational Investigation of Reverse Engineers’ Processes
• 357 Cached and Confused: Web Cache Deception in the Wild Web Cache
• 358 Security Analysis of Unified Payments Interface and Payment Apps in India
• 359 ShadowMove: A Stealthy Lateral Movement Strategy
• 360 Human Distinguishable Visual Key Fingerprints
• 361 KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
• 362 PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation
• 363 That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers
• 364 McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers
• 365 SAVIOR: Securing Autonomous Vehicles with Robust Physical Invariants Autonomous Vehicle
• 366 Local Model Poisoning Attacks to Byzantine-Robust Federated Learning
• 367 Zero-delay Lightweight Defenses against Website Fingerprinting
• 368 Devil’s Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices
• 369 HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
• 370 Estonian Electronic Identity Card: Security Flaws in Key Management
• 371 PCKV: Locally Differentially Private Correlated Key-Value Data Collection with Optimized Utility
• 372 Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT
• 373 Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning
• 374 Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck
• 375 Exploring Connections Between Active Learning and Model Extraction
• 376 Achieving Keyless CDNs with Conclaves
• 377 On Training Robust PDF Malware Classifiers
• 378 Programmable In-Network Security for Context-aware BYOD Policies
• 379 FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning
• 380 Data Recovery from “Scrubbed” NAND Flash Storage: Need for Analog Sanitization
• 381 Pixel: Multi-signatures for Consensus
• 382 Secure parallel computation on national scale volumes of data
• 383 Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries
• 384 BScout: Direct Whole Patch Presence Test for Java Executables
• 385 BigMAC: Fine-Grained Policy Analysis of Android Firmware
• 386 MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures
• 387 The Impact of Ad-Blockers on Product Search and Purchase Behavior: A Lab Experiment
• 388 Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale
• 389 Cardpliance: PCI DSS Compliance of Android Applications
• 390 Composition Kills: A Case Study of Email Sender Authentication
• 391 High Accuracy and High Fidelity Extraction of Neural Networks
• 392 'I have too much respect for my elders': Understanding South African Mobile Users' Perceptions of Privacy and Current Behaviors on Facebook and WhatsApp
• 393 SpecFuzz: Bringing Spectre-type vulnerabilities to the surface
• 394 APEX: A Verified Architecture for Proofs of Execution on Remote Devices under Full Software Compromise
• 395 The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs
• 396 From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security
• 397 Datalog Disassembly
• 398 NetWarden: Mitigating Network Covert Channels while Preserving Performance
• 399 RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks
• 400 ParmeSan: Sanitizer-guided Greybox Fuzzing
• 401 ETHBMC: A Bounded Model Checker for Smart Contracts
• 402 FuzzGen: Automatic Fuzzer Generation
• 403 SANNS: Scaling Up Secure Approximate k-Nearest Neighbors Search
• 404 Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection
• 405 FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware Android Privilege-Escalation Smartphones Android app App Automatic
• 406 EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit
• 407 PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems
• 408 Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
• 409 Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks
• 410 A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web
• 411 Automating the Development of Chosen Ciphertext Attacks
• 412 Analysis of DTLS Implementations Using Protocol State Fuzzing
• 413 Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning
• 414 Retrofitting Fine Grain Isolation in the Firefox Renderer
• 415 TextShield: Robust Text Classification Based on Multimodal Embedding and Neural Machine Translation
• 416 A Longitudinal and Comprehensive Study of the DANE Ecosystem in Email
• 417 Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE
• 418 MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal zk-SNARKs
• 419 TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves
• 420 A Spectral Analysis of Noise: A Comprehensive, Automated, Formal Analysis of Diffie-Hellman Protocols
• 421 Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines
• 422 Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis
• 423 V0LTpwn: Attacking x86 Processor Integrity from Software
• 424 SEAL: Attack Mitigation for Encrypted Databases via Adjustable Leakage
• 425 Shim Shimmeny: Evaluating the Security and Privacy Contributions of Link Shimming in the Modern Web
• 426 COUNTERFOIL: Verifying Provenance of Integrated Circuits using Intrinsic Package Fingerprints and Inexpensive Cameras
• 427 AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
• 428 FANS: Fuzzing Android Native System Services via Automated Interface Analysis
• 429 Detecting Stuffing of a User’s Credentials at Her Own Accounts
• 1753 Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor Attack and Countermeasures Autonomous Vehicle Object detection LiDAR manualSet VLP-16 Apollo CARLO MV3D-PointPillars MVF-PointPillars
• 1762 Drift with Devil: Security of Multi-Sensor Fusion based Localization in High-Level Autonomous Driving under GPS Spoofing Autonomous Vehicle Localization manualSet GPS GPS Spoofing Spoofing MSF Apollo LGSVL