Paper list

606 An Audit of Facebook's Political Ad Policy Enforcement
607 Helping hands: Measuring the impact of a large threat intelligence sharing community
608 Back-Propagating System Dependency Impact for Attack Investigation
609 SecSMT: Securing SMT Processors against Contention-Based Covert Channels
610 Increasing Adversarial Uncertainty to Scale Private Similarity Testing
611 "How Do You Not Lose Friends?": Synthesizing a Design Space of Social Controls for Securing Shared Digital Resources Via Participatory Design Jams
612 Your Microphone Array Retains Your Identity: A Robust Voice Liveness Detection System for Smart Speakers
613 Aardvark: An Asynchronous Authenticated Dictionary with Applications to Account-based Cryptocurrencies
614 OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR VR
615 Lumos: Identifying and Localizing Diverse Hidden IoT Devices in an Unfamiliar Environment
616 AMD Prefetch Attacks through Power and Time
617 ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models ML
618 Jenny: Securing Syscalls for PKU-based Memory Isolation Systems
619 DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems
620 PrivGuard: Privacy Regulation Compliance Made Easier
621 DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly
622 Understanding and Improving Usability of Data Dashboards for Simplified Privacy Control of Voice Assistant Data Voice Assistant VA Privacy User study
623 A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned Android
624 Midas: Systematic Kernel TOCTTOU Protection
625 Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX SGX LVI LVI-NULL
626 Orca: Blocklisting in Sender-Anonymous Messaging
627 Rendering Contention Channel Made Practical in Web Browsers Web Browser
628 OpenSSLNTRU: Faster post-quantum TLS key exchange Post-Quantum
629 "OK, Siri" or "Hey, Google": Evaluating Voiceprint Distinctiveness via Content-based PROLE Score
630 PISTIS: Trusted Computing Architecture for Low-end Embedded Systems
631 Stick It to The Man: Correcting for Non-Cooperative Behavior of Subjects in Experiments on Social Networks
632 Mining Node.js Vulnerabilities via Object Dependence Graph and Query
633 Security and Privacy Perceptions of Third-Party Application Access for Google Accounts Google Online service API Platform User study GAFA SSO
634 Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World Web Web browser Fingerprinting Website fingerprinting Tor In the wild WF
635 Rapid Prototyping for Microarchitectural Attacks
636 Caring about Sharing: User Perceptions of Multiparty Data Sharing
637 Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope
638 Holistic Control-Flow Protection on Real-Time Embedded Systems with Kage
639 "I feel invaded, annoyed, anxious and I may protect myself": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country
640 Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces
641 On the Security Risks of AutoML
642 Morphuzz: Bending (Input) Space to Fuzz Virtual Devices
643 Towards More Robust Keyword Spotting for Voice Assistants
644 Web Cache Deception Escalates!
645 Exploring the Unchartered Space of Container Registry Typosquatting
646 Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side Channel
647 Augmenting Decompiler Output with Learned Variable Names and Types
648 Inference Attacks Against Graph Neural Networks
649 LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution
650 Total Eclipse of the Heart – Disrupting the InterPlanetary File System
651 Post-Quantum Cryptography with Contemporary Co-Processors: Beyond Kronecker, Schönhage-Strassen & Nussbaumer Post-Quantum
652 MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties
653 Debloating Address Sanitizer
654 Synthetic Data – Anonymisation Groundhog Day
655 FReD: Identifying File Re-Delegation in Android System Services
656 WebGraph: Capturing Advertising and Tracking Information Flows for Robust Blocking
657 Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning
658 Elasticlave: An Efficient Memory Model for Enclaves
659 Practical Data Access Minimization in Trigger-Action Platforms
660 Bedrock: Programmable Network Support for Secure RDMA Systems
661 VerLoc: Verifiable Localization in Decentralized Systems
662 Lamphone: Passive Sound Recovery from a Desk Lamp's Light Bulb Vibrations
663 Automating Cookie Consent and GDPR Violation Detection
664 LTrack: Stealthy Tracking of Mobile Phones in LTE
665 How to Abuse and Fix Authenticated Encryption Without Key Commitment
666 How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes
667 When Sally Met Trackers: Web Tracking From the Users' Perspective
668 Regulator: Dynamic Analysis to Detect ReDoS
669 Incremental Offline/Online PIR
670 Dos and Don'ts of Machine Learning in Computer Security
671 Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits
672 ProFactory: Improving IoT Security via Formalized Protocol Customization
673 Empirical Understanding of Deletion Privacy: Experiences, Expectations, and Measures
674 Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring
675 FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities
676 SAID: State-aware Defense Against Injection Attacks on In-vehicle Network Vehicle
677 A Large-scale Investigation into Geodifferences in Mobile Apps
678 Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths
679 Polynomial Commitment with a One-to-Many Prover and Applications
680 SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX
681 Omnes pro uno: Practical Multi-Writer Encrypted Database
682 Secure Poisson Regression
683 Watching the Watchers: Practical Video Identification Attack in LTE Networks
684 Automated Side Channel Analysis of Media Software with Manifold Learning
685 FOAP: Fine-Grained Open-World Android App Fingerprinting
686 Behind the Tube: Exploitative Monetization of Content on YouTube
687 SkillDetective: Automated Policy-Violation Detection of Voice Assistant Applications in the Wild
688 Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand
689 SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
690 Label Inference Attacks Against Vertical Federated Learning
691 Under the Hood of DANE Mismanagement in SMTP
692 Lend Me Your Ear: Passive Remote Physical Side Channels on PCs
693 99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms
694 Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
695 SIMC: ML Inference Secure Against Malicious Clients at Semi-Honest Cost
696 HyperDegrade: From GHz to MHz Effective CPU Frequencies
697 DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices
698 GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
699 RE-Mind: a First Look Inside the Mind of a Reverse Engineer
700 RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices
701 Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols Vehicle
702 Rolling Colors: Adversarial Laser Exploits against Traffic Light Recognition Autonomous Vehicle Traffic light detection LGSVL Apollo Physical-World
703 Security at the End of the Tunnel: The Anatomy of VPN Mental Models Among Experts and Non-Experts in a Corporate Context
704 GAROTA: Generalized Active Root-Of-Trust Architecture (for Tiny Embedded Devices)
705 A Large-scale and Longitudinal Measurement Study of DKIM Deployment
706 Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones
707 Cheetah: Lean and Fast Secure Two-Party Deep Neural Network Inference
708 Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach
709 Electronic Monitoring Smartphone Apps: An Analysis of Risks from Technical, Human-Centered, and Legal Perspectives
710 ppSAT: Towards Two-Party Private SAT Solving
711 "Like Lesbians Walking the Perimeter": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice
712 CamShield: Securing Smart Cameras through Physical Replication and Isolation
713 PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image Classifier
714 Phish in Sheep's Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting
715 FreeWill: Automatically Diagnosing Use-after-free Bugs via Reference Miscounting Detection on Binaries
716 ReZone: Disarming TrustZone with TEE Privilege Reduction
717 Double Trouble: Combined Heterogeneous Attacks on Non-Inclusive Cache Hierarchies
718 The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions
719 MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference
720 Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis
721 SARA: Secure Android Remote Authorization
722 Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
723 Counting in Regexes Considered Harmful: Exposing ReDoS Vulnerability of Nonbacktracking Matchers
724 SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier
725 Poisoning Attacks to Local Differential Privacy Protocols for Key-Value Data
726 Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs
727 Breaking Bridgefy, again: Adopting libsignal is not enough
728 "The Same PIN, Just Longer": On the (In)Security of Upgrading PINs from 4 to 6 Digits
729 Networks of Care: Tech Abuse Advocates' Digital Security Practices
730 Khaleesi: Breaker of Advertising and Tracking Request Chains
731 DeepPhish: Understanding User Trust Towards Artificially Generated Profiles in Online Social Networks
732 TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering
733 Playing Without Paying: Detecting Vulnerable Payment Verification in Native Binaries of Unity Mobile Games
734 Building an Open, Robust, and Stable Voting-Based Domain Top List
735 Many Roads Lead To Rome: How Packet Headers Influence DNS Censorship Measurement
736 Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks
737 Attacks on Deidentification's Defenses
738 In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authentication
739 Unleash the Simulacrum: Shifting Browser Realities for Robust Extension-Fingerprinting Prevention
740 Anycast Agility: Network Playbooks to Fight DDoS
741 PolyCruise: A Cross-Language Dynamic Information Flow Analysis
742 Communication-Efficient Triangle Counting under Local Differential Privacy
743 Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change Requests
744 Hyperproofs: Aggregating and Maintaining Proofs in Vector Commitments
745 Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission
746 Using Trātṛ to tame Adversarial Synchronization
747 Security Analysis of Camera-LiDAR Fusion Against Black-Box Attacks on Autonomous Vehicles Autonomous Vehicle MSF Camera LiDAR LGSVL Apollo
748 Automated Detection of Automated Traffic
749 Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB Ranging
750 Transferring Adversarial Robustness Through Robust Representation Matching
751 Constant-weight PIR: Single-round Keyword PIR via Constant-weight Equality Operators
752 Provably-Safe Multilingual Software Sandboxing using WebAssembly
753 ALASTOR: Reconstructing the Provenance of Serverless Intrusions
754 Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era
755 On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning
756 Might I Get Pwned: A Second Generation Compromised Credential Checking Service
757 Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture
758 OS-Aware Vulnerability Prioritization via Differential Severity Analysis
759 Efficient Representation of Numerical Optimization Problems for SNARKs
760 Experimenting with Collaborative zk-SNARKs: Zero-Knowledge Proofs for Distributed Secrets
761 Membership Inference Attacks and Defenses in Neural Network Pruning
762 Efficient Differentially Private Secure Aggregation for Federated Learning via Hardness of Learning with Errors
763 OpenVPN is Open to VPN Fingerprinting VPN
764 Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches
765 MaDIoT 2.0: Modern High-Wattage IoT Botnet Attacks and Defenses
766 Physical-Layer Attacks Against Pulse Width Modulation-Controlled Actuators
767 Who Are You (I Really Wanna Know)? Detecting Audio DeepFakes Through Vocal Tract Reconstruction
768 Shuffle-based Private Set Union: Faster and More Secure
769 Pacer: Comprehensive Network Side-Channel Mitigation in the Cloud
770 Zero-Knowledge Middleboxes
771 TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities
772 Private Signaling
773 Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks
774 Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability
775 Are Your Sensitive Attributes Private? Novel Model Inversion Attribute Inference Attacks on Classification Models
776 Stalloris: RPKI Downgrade Attack
777 V'CER: Efficient Certificate Validation in Constrained Networks
778 Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
779 Identity Confusion in WebView-based Mobile App-in-app Ecosystems
780 How Machine Learning Is Solving the Binary Function Similarity Problem
781 FLAME: Taming Backdoors in Federated Learning