Paper list

430 Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks Email
431 Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection
432 Automated Discovery of Denial-of-Service Vulnerabilities in Connected Vehicle Protocols Vehicle
433 An Analysis of Speculative Type Confusion Vulnerabilities in the Wild Spectre
434 PACStack: an Authenticated Call Stack
435 Can Systems Explain Permissions Better? Understanding Users' Misperceptions under Smartphone Runtime Permission Model Smartphone Permission Runtime Permission Model User study Android iOS
436 EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts Ethereum Smart Contracts
437 Privacy and Integrity Preserving Computations with CRISP
438 Virtual Secure Platform: A Five-Stage Pipeline Processor over TFHE
439 Senate: A Maliciously-Secure MPC Platform for Collaborative Analytics
440 Accurately Measuring Global Risk of Amplification Attacks using AmpMap
441 Protecting Cryptography Against Compelled Self-Incrimination
442 Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support
443 Hermes Attack: Steal DNN Models with Lossless Inference Accuracy
444 Deep Entity Classification: Abusive Account Detection for Online Social Networks
445 Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications
446 PTAuth: Temporal Memory Safety via Robust Points-to Authentication
447 UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers
448 VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface SGX
449 ReDMArk: Bypassing RDMA Security Mechanisms
450 Stealing Links from Graph Neural Networks
451 Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption
452 Adapting Security Warnings to Counter Online Disinformation
453 ABY2.0: Improved Mixed-Protocol Secure Two-Party Computation
454 "It's the Company, the Government, You and I": User Perceptions of Responsibility for Smart Home Privacy and Security
455 Identifying Harmful Media in End-to-End Encrypted Communication: Efficient Private Membership Computation
456 Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation Wi-Fi
457 Why Older Adults (Don't) Use Password Managers Password Password Managers User study
458 Charger-Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage Smartphone Side-Channel
459 Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy
460 Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code
461 Assessing Browser-level Defense against IDN-based Phishing
462 An Investigation of the Android Kernel Patch Ecosystem
463 Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)
464 "Shhh...be quiet!" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome
465 Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications
466 Poseidon: A New Hash Function for Zero-Knowledge Proof Systems
467 ATLAS: A Sequence-based Learning Approach for Attack Investigation
468 CADE: Detecting and Explaining Concept Drift Samples for Security Applications
469 Adversarial Policy Training against Deep Reinforcement Learning
470 Security Analysis of the Democracy Live Online Voting System Voting System
471 PriSEC: A Privacy Settings Enforcement Controller
472 Ripple: A Programmable, Decentralized Link-Flooding Defense Against Adaptive Adversaries
473 Blinder: Partition-Oblivious Hierarchical Scheduling
474 Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
475 Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists PHP
476 Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited
477 KeyForge: Non-Attributable Email from Forward-Forgeable Signatures
478 You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion
479 PEARL: Plausibly Deniable Flash Translation Layer using WOM coding
480 SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening
481 Preventing Use-After-Free Attacks with Fast Forward Allocation User-After-Free
482 Forecasting Malware Capabilities From Cyber Attack Memory Images Malware
483 Partitioning Oracle Attacks Oracle Attacks
484 Understanding and Detecting Disordered Error Handling with Precise Function Pairing
485 HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes Smart homes
486 Kalεido: Real-Time Privacy Control for Eye-Tracking Systems Privacy Eye-tracking
487 CURE: A Security Architecture with CUstomizable and Resilient Enclaves
488 A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks Cellular Networks LTE 5G Location identification
489 Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking
490 SIGL: Securing Software Installations Through Deep Graph Learning
491 CACTI: Captcha Avoidance via Client-side TEE Integration
492 Obfuscation-Resilient Executable Payload Extraction From Packed Malware
493 Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication
494 Abusing Hidden Properties to Attack the Node.js Ecosystem
495 Formally Verified Memory Protection for a Commodity Multiprocessor Hypervisor
496 'Passwords Keep Me Safe' – Understanding What Children Think about Passwords
497 Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications
498 Automatic Policy Generation for Inter-Service Access Control of Microservices
499 ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems
500 PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems
501 PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking
502 mID: Tracing Screen Photos via Moiré Patterns
503 Scalable Detection of Promotional Website Defacements in Black Hat SEO Campaigns
504 Evaluating In-Workflow Messages for Improving Mental Models of End-to-End Encryption
505 LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks
506 PrivSyn: Differentially Private Data Synthesis
507 Disrupting Continuity of Apple's Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi
508 Muse: Secure Inference Resilient to Malicious Clients
509 I Always Feel Like Somebody's Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless Sensors
510 M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles
511 Systematic Evaluation of Privacy Risks of Machine Learning Models
512 "It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices Online
513 "Now I'm a bit angry:" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them
514 PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications
515 LZR: Identifying Unexpected Internet Services
516 Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers
517 Cerebro: A Platform for Multi-Party Cryptographic Collaborative Learning
518 A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises
519 Jetset: Targeted Firmware Rehosting for Embedded Systems
520 T-Miner: A Generative Approach to Defend Against Trojan Attacks on DNN-based Text Classification
521 On the Design and Misuse of Microcoded (Embedded) Processors — A Cautionary Note
522 Constraint-guided Directed Greybox Fuzzing
523 Automatic Extraction of Secrets from the Transistor Jungle using Laser-Assisted Side-Channel Attacks
524 Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets
525 Fine Grained Dataflow Tracking with Proximal Gradients
526 Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions
527 SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly Compression
528 Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing
529 Exposing New Vulnerabilities of Error Handling Mechanism in CAN
530 Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations
531 Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
532 Automatic Firmware Emulation through Invalidity-guided Knowledge Inference
533 Reducing HSM Reliance in Payments through Proxy Re-Encryption
534 Examining the Efficacy of Decoy-based and Psychological Cyber Deception
535 Does logic locking work with EDA tools?
536 ExpRace: Exploiting Kernel Races through Raising Interrupts
537 CANARY - a reactive defense mechanism for Controller Area Networks based on Active RelaYs
538 CLARION: Sound and Clear Provenance Tracking for Microservice Deployments
539 Blind In/On-Path Attacks and Applications to VPNs VPN
540 Jaqen: A High-Performance Switch-Native Approach for Detecting and Mitigating Volumetric DDoS Attacks with Programmable Switches
541 JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals
542 On the Usability of Authenticity Checks for Hardware Security Tokens
543 Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages
544 AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party Ads VR Ad Web WebVR
545 Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS DNS Web
546 Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code
547 SocialHEISTing: Understanding Stolen Facebook Accounts Facebook SNS
548 Static Detection of Unsafe DMA Accesses in Device Drivers
549 Causal Analysis for Software-Defined Networking Attacks SDN
550 Data Poisoning Attacks to Local Differential Privacy Protocols Differential Privacy
551 How to Make Private Distributed Cardinality Estimation Practical, and Get Differential Privacy for Free
552 SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial Perturbations Adversarial Examples Autonomous Vehicle Object detection Camera Projector
553 Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs
554 Helping Users Automatically Find and Manage Sensitive, Expendable Files in Cloud Storage
555 The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle Malware IoT
556 Inexpensive Brainwave Authentication: New Techniques and Insights on User Acceptance
557 MAZE: Towards Automated Heap Feng Shui
558 SelectiveTaint: Efficient Data Flow Tracking With Static Binary Rewriting
559 Experiences Deploying Multi-Vantage-Point Domain Validation at Let's Encrypt
560 Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs
561 Reducing Bias in Modeling Real-world Password Strength via Deep Learning and Dynamic Dictionaries
562 WaveGuard: Understanding and Mitigating Audio Adversarial Examples
563 Using Amnesia to Detect Credential Database Breaches
564 Undo Workarounds for Kernel Bugs
565 SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript JavaScript
566 ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications
567 DeepReflect: Discovering Malicious Functionality through Binary Reconstruction Malware ML Deep learning Binary reconstruction
568 What's in a Name? Exploring CA Certificate Control CA TLS PKI Web
569 ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication TLS Web
570 PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop Apple AirDrop Privacy Authentication Smartphone iOS Bluetooth BLE
571 Graph Backdoor
572 Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses Web JavaScript Web Browser
573 Swivel: Hardening WebAssembly against Spectre Spectre WemAssembly Web
574 Entangled Watermarks as a Defense against Model Extraction
575 Mind Your Weight(s): A Large-scale Study on Insufficient Machine Learning Model Protection in Mobile Apps
576 Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing
577 Cost-Aware Robust Tree Ensembles for Security Applications
578 Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations Autonomous Vehicle Adversarial Examples Lane detection Camera
579 On the Routing-Aware Peering against Network-Eclipse Attacks in Bitcoin Bitcoin Blockchain
580 MBA-Blast: Unveiling and Simplifying Mixed Boolean-Arithmetic Obfuscation
581 VScape: Assessing and Escaping Virtual Call Protections
582 MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design
583 Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems
584 ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State
585 Understanding Malicious Cross-library Data Harvesting on Android Android Smartphone Apps SDKs
586 DRMI: A Dataset Reduction Technology based on Mutual Information for Black-box Attacks ML Black-box attack DNN
587 Fantastic Four: Honest-Majority Four-Party Secure Computation With Malicious Security
588 Locally Differentially Private Analysis of Graph Statistics
589 EOSAFE: Security Analysis of EOSIO Smart Contracts Smart Contracts
590 Blitz: Secure Multi-Hop Payments Without Two-Phase Commits Payment
591 Messy States of Wiring: Vulnerabilities in Emerging Personal Payment Systems Payment
592 SWIFT: Super-fast and Robust Privacy-Preserving Machine Learning ML
593 Privacy-Preserving and Standard-Compatible AKA Protocol for 5G 5G
594 SEApp: Bringing Mandatory Access Control to Android Apps Android Smartphone Apps Android apps
595 A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on Android Android Accessibility Smartphone
596 DICE*: A Formally Verified Implementation of DICE Measured Boot
597 Research on the Security of Visual Reasoning CAPTCHA CAPTCHA
598 SmarTest: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution Smart Contracts
599 GForce: GPU-Friendly Oblivious and Rapid Neural Network Inference GPU ML Neural Network
600 Acoustics to the Rescue: Physical Key Inference Attack Revisited
601 DOLMA: Securing Speculation with the Principle of Transient Non-Observability
602 Weaponizing Middleboxes for TCP Reflected Amplification
603 Swiped: Analyzing Ground-truth Data of a Marketplace for Stolen Debit and Credit Cards Credit cards Debit cards Stolen Underground economy
604 YARIX: Scalable YARA-based Malware Intelligence Malware Intelligence
605 Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service
1750 Dirty Road Can Attack: Security of Deep Learning based Automated Lane Centering under Physical-World Attack Autonomous Vehicle Lane detection manualSet ALC Camera User study OpenPilot LGSVL Physical-World