USENIX Security是信息安全领域四大顶级学术会议之一,始于上世纪90年代初。USENIX Security会议每年涵盖的安全领域也非常多,包含:二进制安全、固件安全、取证分析、Web安全、隐私保护、恶意分析等。2021年总共录用248篇,小编将一些跟自己相关的论文标记出来供大家查阅,所有录用论文标题如下:
Track 1 Usability: Authentication
Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication
Cheng Guo and Brianne Campbell, Clemson University; Apu Kapadia, Indiana University; Michael K. Reiter, Duke University; Kelly Caine, Clemson University
'Passwords Keep Me Safe' – Understanding What Children Think about Passwords
Mary Theofanos and Yee-Yin Choong, National Institute of Standards and Technology; Olivia Murphy, University of Maryland, College Park
On the Usability of Authenticity Checks for Hardware Security Tokens
Katharina Pfeffer and Alexandra Mai, SBA Research; Adrian Dabrowski, University of California, Irvine; Matthias Gusenbauer, Tokyo Institute of Technology & SBA Research; Philipp Schindler, SBA Research; Edgar Weippl, University of Vienna; Michael Franz, University of California, Irvine; Katharina Krombholz, CISPA Helmholtz Center for Information Security
Inexpensive Brainwave Authentication: New Techniques and Insights on User Acceptance
Patricia Arias-Cabarcos, KASTEL/KIT; Thilo Habrich, Karen Becker, and Christian Becker, University of Mannheim; Thorsten Strufe, KASTEL/KIT
Why Older Adults (Don't) Use Password Managers
Hirak Ray, Flynn Wolf, and Ravi Kuber, University of Maryland, Baltimore County; Adam J. Aviv, The George Washington University
"It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn
Leona Lassak, Ruhr University Bochum; Annika Hildebrandt, University of Chicago; Maximilian Golla, Max Planck Institute for Security and Privacy; Blase Ur, University of Chicago
Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns
Maximilian Golla, Max Planck Institute for Security and Privacy; Grant Ho, University of California San Diego; Marika Lohmus, Cleo AI; Monica Pulluri, Facebook; Elissa M. Redmiles, Max Planck Institute for Software Systems
Track 2 Cryptography: Attacks
Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption
Simon Oya and Florian Kerschbaum, University of Waterloo
A Highly Accurate Query-Recovery Attack against Searchable Encryption using Non-Indexed Documents
Marc Damie, University of Technology of Compiègne, France; Florian Hahn and Andreas Peter, University of Twente, The Netherlands
Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation
Mathy Vanhoef, New York University Abu Dhabi
Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions
David Basin, Ralf Sasse, and Jorge Toro-Pozo, Department of Computer Science, ETH Zurich
Partitioning Oracle Attacks
Julia Len, Paul Grubbs, and Thomas Ristenpart, Cornell Tech
Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)
Robert Merget and Marcus Brinkmann, Ruhr University Bochum; Nimrod Aviram, School of Computer Science, Tel Aviv University; Juraj Somorovsky, Paderborn University; Johannes Mittmann, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Jörg Schwenk, Ruhr University Bochum
A Side Journey To Titan
Thomas Roche and Victor Lomné, NinjaLab, Montpellier, France; Camille Mutschler, NinjaLab, Montpellier, France and LIRMM, Univ. Montpellier, CNRS, Montpellier, France; Laurent Imbert, LIRMM, Univ. Montpellier, CNRS, Montpellier, France
Track 3 Embedded Security & SW Sec
PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications
Taegyu Kim, Purdue University; Vireshwar Kumar, Indian Institute of Technology, Delhi; Junghwan Rhee, University of Central Oklahoma; Jizhou Chen and Kyungtae Kim, Purdue University; Chung Hwan Kim, University of Texas at Dallas; Dongyan Xu and Dave (Jing) Tian, Purdue University
On the Design and Misuse of Microcoded (Embedded) Processors — A Cautionary Note
Nils Albartus and Clemens Nasenberg, Ruhr University Bochum, Germany; Max Planck Institute for Security and Privacy, Germany; Florian Stolz, Ruhr University Bochum, Germany; Marc Fyrbiak and Christof Paar, Max Planck Institute for Security and Privacy, Germany; Russell Tessier, University of Massachusetts, Amherst, USA
M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles
Arslan Khan and Hyungsub Kim, Purdue University; Byoungyoung Lee, Seoul National University (SNU); Dongyan Xu, Antonio Bianchi, and Dave (Jing) Tian, Purdue University
Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems
Libo Chen, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University; Yanhao Wang, QI-ANXIN Technology Research Institute; Quanpu Cai and Yunfan Zhan, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University; Hong Hu, Pennsylvania State University; Jiaqi Linghu, QI-ANXIN Technology Research Institute; Qinsheng Hou, QI-ANXIN Technology Research Institute; Shandong University; Chao Zhang and Haixin Duan, BNRist & Institute for Network Science and Cyberspace, Tsinghua University; Tsinghua University-QI-ANXIN Group JCNS; Zhi Xue, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University
Jetset: Targeted Firmware Rehosting for Embedded Systems
Evan Johnson, University of California, San Diego; Maxwell Bland, YiFei Zhu, and Joshua Mason, University of Illinois at Urbana–Champaign; Stephen Checkoway, Oberlin College; Stefan Savage, University of California, San Diego; Kirill Levchenko, University of Illinois at Urbana–Champaign
LIGHTBLUE : Automatic Profile-Aware Debloating of Bluetooth Stacks
Jianliang Wu and Ruoyu Wu, Purdue University; Daniele Antonioli and Mathias Payer, EPFL; Nils Ole Tippenhauer, CISPA Helmholtz Center for Information Security; Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi, Purdue University
PACStack: an Authenticated Call Stack
Hans Liljestrand, University of Waterloo; Thomas Nyman and Lachlan J. Gunn, Aalto University; Jan-Erik Ekberg, Huawei Technologies and Aalto University; N. Asokan, University of Waterloo and Aalto University
Track 1 Usable Security and Privacy: User Perspectives
"It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices Online
Allison McDonald, University of Michigan; Catherine Barwulor, Clemson University; Michelle L. Mazurek, University of Maryland; Florian Schaub, University of Michigan; Elissa M. Redmiles, Max Planck Institute for Software Systems
"Now I'm a bit angry:" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them
Peter Mayer, Karlsruhe Institute of Technology; Yixin Zou and Florian Schaub, University of Michigan; Adam J. Aviv, The George Washington University
"It's the Company, the Government, You and I": User Perceptions of Responsibility for Smart Home Privacy and Security
Julie Haney, National Institute of Standards and Technology; Yasemin Acar, National Institute of Standards and Technology and Leibniz University Hannover; Susanne Furman, National Institute of Standards and Technology
The Role of Computer Security Customer Support in Helping Survivors of Intimate Partner Violence
Yixin Zou and Allison McDonald, University of Michigan; Julia Narakornpichit, Nicola Dell, and Thomas Ristenpart, Cornell Tech; Kevin Roundy, Norton Research Group; Florian Schaub, University of Michigan; Acar Tamersoy, Norton Research Group
Evaluating In-Workflow Messages for Improving Mental Models of End-to-End Encryption
Omer Akgul, Wei Bai, Shruti Das, and Michelle L. Mazurek, University of Maryland
PriSEC: A Privacy Settings Enforcement Controller
Rishabh Khandelwal and Thomas Linden, University of Wisconsin–Madison; Hamza Harkous, Google Inc.; Kassem Fawaz, University of Wisconsin–Madison
Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google’s My Activity
Florian M. Farke, Ruhr University Bochum; David G. Balash, The George Washington University; Maximilian Golla, Max Planck Institute for Security and Privacy; Markus Dürmuth, Ruhr University Bochum; Adam J. Aviv, The George Washington University
Track 2 Cryptographic Proof Systems, Analysis, and Applications
Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine Learning
Chenkai Weng, Northwestern University; Kang Yang, State Key Laboratory of Cryptology; Xiang Xie, Shanghai Key Laboratory of Privacy-Preserving Computing; Jonathan Katz, University of Maryland; Xiao Wang, Northwestern University
Poseidon: A New Hash Function for Zero-Knowledge Proof Systems
Lorenzo Grassi, Radboud University Nijmegen; Dmitry Khovratovich, Ethereum Foundation and Dusk Network; Christian Rechberger, IAIK, Graz University of Technology; Arnab Roy, University of Klagenfurt; Markus Schofnegger, IAIK, Graz University of Technology
Dynamic proofs of retrievability with low server storage
Gaspard Anthoine and Jean-Guillaume Dumas, Université Grenoble Alpes; Michael Hanling, United States Naval Academy; Mélanie de Jonghe, Aude Maignan, and Clément Pernet, Université Grenoble Alpes; Daniel S. Roche, United States Naval Academy
Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code
Carlo Meijer, Radboud University; Veelasha Moonsamy, Ruhr University Bochum; Jos Wetzels, Midnight Blue Labs
Towards Formal Verification of State Continuity for Enclave Programs
Mohit Kumar Jangid, Ohio State University; Guoxing Chen, Shanghai Jiao Tong University; Yinqian Zhang, Southern University of Science and Technology; Zhiqiang Lin, Ohio State University
Protecting Cryptography Against Compelled Self-Incrimination
Sarah Scheffler and Mayank Varia, Boston University
CSProp: Ciphertext and Signature Propagation Low-Overhead Public-Key Cryptosystem for IoT Environments
Fatemah Alharbi, Taibah University, Yanbu; Arwa Alrawais, Prince Sattam Bin Abdulaziz University; Abdulrahman Bin Rabiah, University of California, Riverside & King Saud University; Silas Richelson and Nael Abu-Ghazaleh, University of California, Riverside
Track 3 Hardware Side Channel Attacks
Automatic Extraction of Secrets from the Transistor Jungle using Laser-Assisted Side-Channel Attacks
Thilo Krachenfels and Tuba Kiyan, Technische Universität Berlin; Shahin Tajik, Worcester Polytechnic Institute; Jean-Pierre Seifert, Technische Universität Berlin; Fraunhofer SIT
Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
Riccardo Paccagnella, Licheng Luo, and Christopher W. Fletcher, University of Illinois at Urbana-Champaign
Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend
Ivan Puddu, Moritz Schneider, Miro Haller, and Srdjan Capkun, ETH Zurich
Charger-Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage
Patrick Cronin, Xing Gao, and Chengmo Yang, University of Delaware; Haining Wang, Virginia Tech
VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
Zitai Chen, Georgios Vasilakis, Kit Murdock, Edward Dean, David Oswald, and Flavio D. Garcia, School of Computer Science, University of Birmingham, UK
CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel
Mengyuan Li, The Ohio State University; Yinqian Zhang, Southern University of Science and Technology; Huibo Wang and Kang Li, Baidu Security; Yueqiang Cheng, NIO Security Research
Cross-VM and Cross-Processor Covert Channels Exploiting Processor Idle Power Management
Paizhuo Chen, Lei Li, and Zhice Yang, ShanghaiTech University
Track 1 Permissions and Passwords
Can Systems Explain Permissions Better? Understanding Users' Misperceptions under Smartphone Runtime Permission Model
Bingyu Shen, University of California, San Diego; Lili Wei, The Hong Kong University of Science and Technology; Chengcheng Xiang, Yudong Wu, Mingyao Shen, and Yuanyuan Zhou, University of California, San Diego; Xinxin Jin, Whova, Inc.
"Shhh...be quiet!" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome
Igor Bilogrevic, Balazs Engedy, Judson L. Porter III, Nina Taft, Kamila Hasanbega, Andrew Paseltiner, Hwi Kyoung Lee, Edward Jung, Meggyn Watkins, PJ McLachlan, and Jason James, Google
Explanation Beats Context: The Effect of Timing & Rationales on Users’ Runtime Permission Decisions
Yusra Elbitar, CISPA Helmholtz Center for Information Security, Saarland University; Michael Schilling, CISPA Helmholtz Center for Information Security; Trung Tin Nguyen, CISPA Helmholtz Center for Information Security, Saarland University; Michael Backes and Sven Bugiel, CISPA Helmholtz Center for Information Security
A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions
Weicheng Cao and Chunqiu Xia, University of Toronto; Sai Teja Peddinti, Google; David Lie, University of Toronto; Nina Taft, Google; Lisa M. Austin, University of Toronto
Reducing Bias in Modeling Real-world Password Strength via Deep Learning and Dynamic Dictionaries
Dario Pasquini, Sapienza University of Rome, Institute of Applied Computing CNR; Marco Cianfriglia, Institute of Applied Computing CNR; Giuseppe Ateniese, Stevens Institute of Technology; Massimo Bernaschi, Institute of Applied Computing CNR
Using Amnesia to Detect Credential Database Breaches
Ke Coby Wang, University of North Carolina at Chapel Hill; Michael K. Reiter, Duke University
Incrementally Updateable Honey Password Vaults
Haibo Cheng, Wenting Li, and Ping Wang, Peking University; Chao-Hsien Chu, Pennsylvania State University; Kaitai Liang, Delft University of Technology
Track 2 Private Computation and Differential Privacy
Private Blocklist Lookups with Checklist
Dmitry Kogan, Stanford University; Henry Corrigan-Gibbs, MIT CSAIL
Identifying Harmful Media in End-to-End Encrypted Communication: Efficient Private Membership Computation
Anunay Kulshrestha and Jonathan Mayer, Princeton University
Fuzzy Labeled Private Set Intersection with Applications to Private Real-Time Biometric Search
Erkam Uzun, Simon P. Chung, Vladimir Kolesnikov, Alexandra Boldyreva, and Wenke Lee, Georgia Institute of Technology
PrivSyn: Differentially Private Data Synthesis
Zhikun Zhang, Zhejiang University and CISPA Helmholtz Center for Information Security; Tianhao Wang, Ninghui Li, and Jean Honorio, Purdue University; Michael Backes, CISPA Helmholtz Center for Information Security; Shibo He and Jiming Chen, Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies; Yang Zhang, CISPA Helmholtz Center for Information Security
Data Poisoning Attacks to Local Differential Privacy Protocols
Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong, Duke University
How to Make Private Distributed Cardinality Estimation Practical, and Get Differential Privacy for Free
Changhui Hu, Newcastle University; Jin Li, Guangzhou University; Zheli Liu, Xiaojie Guo, Yu Wei, and Xuan Guang, Nankai University; Grigorios Loukides, King's College London; Changyu Dong, Newcastle University
Locally Differentially Private Analysis of Graph Statistics
Jacob Imola, UC San Diego; Takao Murakami, AIST; Kamalika Chaudhuri, UC San Diego
Track 3 Hardware Security
SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript
Finn de Ridder, ETH Zurich and VU Amsterdam; Pietro Frigo, Emanuele Vannacci, Herbert Bos, and Cristiano Giuffrida, VU Amsterdam; Kaveh Razavi, ETH Zurich
Database Reconstruction from Noisy Volumes: A Cache Side-Channel Attack on SQLite
Aria Shahverdi, University of Maryland, College Park; Mahammad Shirinov, Bilkent University; Dana Dachman-Soled, University of Maryland, College Park
PTAuth: Temporal Memory Safety via Robust Points-to Authentication
Reza Mirzazade Farkhani, Mansour Ahmadi, and Long Lu, Northeastern University
Does logic locking work with EDA tools?
Zhaokun Han, Muhammad Yasin, and Jeyavijayan (JV) Rajendran, Texas A&M University
CURE: A Security Architecture with CUstomizable and Resilient Enclaves
Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf, Technische Universität Darmstadt
DICE: A Formally Verified Implementation of DICE Measured Boot
Zhe Tao, University of California, Davis; Aseem Rastogi, Naman Gupta, and Kapil Vaswani, Microsoft Research; Aditya V. Thakur, University of California, Davis
PEARL: Plausibly Deniable Flash Translation Layer using WOM coding
Chen Chen, Anrin Chakraborti, and Radu Sion, Stony Brook University
Track 1 Usable Security and Privacy: Institutional Perspectives
Examining the Efficacy of Decoy-based and Psychological Cyber Deception
Kimberly J. Ferguson-Walter, Laboratory for Advanced Cybersecurity Research; Maxine M. Major, Naval Information Warfare Center, Pacific; Chelsea K. Johnson, Arizona State University; Daniel H. Muhleman, Naval Information Warfare Center, Pacific
Helping Users Automatically Find and Manage Sensitive, Expendable Files in Cloud Storage
Mohammad Taha Khan, University of Illinois at Chicago / Washington & Lee University; Christopher Tran and Shubham Singh, University of Illinois at Chicago; Dimitri Vasilkov, University of Chicago; Chris Kanich, University of Illinois at Chicago; Blase Ur, University of Chicago; Elena Zheleva, University of Illinois at Chicago
Adapting Security Warnings to Counter Online Disinformation
Ben Kaiser, Jerry Wei, Elena Lucherini, and Kevin Lee, Princeton University; J. Nathan Matias, Cornell University; Jonathan Mayer, Princeton University
"Why wouldn’t someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaigns
Sunny Consolvo, Patrick Gage Kelley, Tara Matthews, Kurt Thomas, Lee Dunn, and Elie Bursztein, Google
Security Obstacles and Motivations for Small Businesses from a CISO’s Perspective
Flynn Wolf, University of Maryland, Baltimore County; Adam J. Aviv, The George Washington University; Ravi Kuber, University of Maryland, Baltimore County
Strategies and Perceived Risks of Sending Sensitive Documents
Noel Warford, University of Maryland; Collins W. Munyendo, The George Washington University; Ashna Mediratta, University of Maryland; Adam J. Aviv, The George Washington University; Michelle L. Mazurek, University of Maryland
A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises
Nicolas Huaman, CISPA Helmholtz Center for Information Security; Leibniz University Hannover; Bennet von Skarczinski, PwC Germany; Christian Stransky and Dominik Wermke, Leibniz University Hannover; Yasemin Acar, Max Planck Institute for Security and Privacy; Leibniz University Hannover; Arne Dreißigacker, Criminological Research Institute of Lower Saxony; Sascha Fahl, CISPA Helmholtz Center for Information Security; Leibniz University Hannover
Track 2 Cryptocurrencies and Smart Contracts
On the Routing-Aware Peering against Network-Eclipse Attacks in Bitcoin
Muoi Tran and Akshaye Shenoi, National University of Singapore; Min Suk Kang, KAIST
EOSAFE: Security Analysis of EOSIO Smart Contracts
Ningyu He, Key Lab on HCST (MOE), Peking University; Ruiyi Zhang, PeckShield, Inc.; Haoyu Wang, Beijing University of Posts and Telecommunications; Lei Wu, Zhejiang University; Xiapu Luo, The Hong Kong Polytechnic University; Yao Guo, Key Lab on HCST (MOE), Peking University; Ting Yu, Qatar Computing Research Institute; Xuxian Jiang, PeckShield, Inc.
EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts
Michael Rodler, University of Duisburg-Essen; Wenting Li and Ghassan O. Karame, NEC Laboratories Europe; Lucas Davi, University of Duisburg-Essen
Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications
Liya Su, Indiana University Bloomington and Institute of Information Engineering, University of Chinese Academy of Sciences; Xinyue Shen, Indiana University Bloomington and Alibaba Group; Xiangyu Du, Indiana University Bloomington and Institute of Information Engineering, University of Chinese Academy of Sciences; Xiaojing Liao, XiaoFeng Wang, and Luyi Xing, Indiana University Bloomington; Baoxu Liu, Institute of Information Engineering, University of Chinese Academy of Sciences
Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited
Daniel Perez and Ben Livshits, Imperial College London
Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain
Christof Ferreira Torres, University of Luxembourg; Ramiro Camino, Luxembourg Institute of Science and Technology; Radu State, University of Luxembourg
SmarTest: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution
Sunbeom So, Seongjoon Hong, and Hakjoo Oh, Korea University
Track 3 Hardware Side Channel Defenses
MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design
Gururaj Saileshwar and Moinuddin Qureshi, Georgia Institute of Technology
DOLMA: Securing Speculation with the Principle of Transient Non-Observability
Kevin Loughlin, Ian Neal, Jiacheng Ma, Elisa Tsai, Ofir Weisse, Satish Narayanasamy, and Baris Kasikci, University of Michigan
Osiris: Automated Discovery of Microarchitectural Side Channels
Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, and Christian Rossow, CISPA Helmholtz Center for Information Security
Swivel: Hardening WebAssembly against Spectre
Shravan Narayan and Craig Disselkoen, UC San Diego; Daniel Moghimi, Worcester Polytechnic Institute and UC San Diego; Sunjay Cauligi, Evan Johnson, and Zhao Gang, UC San Diego; Anjo Vahldiek-Oberwagner, Intel Labs; Ravi Sahita, Intel; Hovav Shacham, UT Austin; Dean Tullsen and Deian Stefan, UC San Diego
Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks
Hany Ragab, Enrico Barberis, Herbert Bos, and Cristiano Giuffrida, Vrije Universiteit Amsterdam
Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs
Barbara Gigerl, Vedad Hadzic, and Robert Primas, Graz University of Technology; Stefan Mangard, Graz University of Technology, Lamarr Security Research; Roderick Bloem, Graz University of Technology
Track 1 Machine Learning: Backdoor and Poisoning
Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers
Giorgio Severi, Northeastern University; Jim Meyer, Xailient Inc.; Scott Coull, FireEye Inc.; Alina Oprea, Northeastern University
Blind Backdoors in Deep Learning Models
Eugene Bagdasaryan and Vitaly Shmatikov, Cornell Tech
Graph Backdoor
Zhaohan Xi and Ren Pang, Pennsylvania State University; Shouling Ji, Zhejiang University; Ting Wang, Pennsylvania State University
Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection
Di Tang, Chinese University of Hong Kong; XiaoFeng Wang and Haixu Tang, Indiana University; Kehuan Zhang, Chinese University of Hong Kong
You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion
Roei Schuster, Tel-Aviv University, Cornell Tech; Congzheng Song, Cornell University; Eran Tromer, Tel Aviv University; Vitaly Shmatikov, Cornell Tech
Poisoning the Unlabeled Dataset of Semi-Supervised Learning
Nicholas Carlini, Google
Double-Cross Attacks: Subverting Active Learning Systems
Jose Rodrigo Sanchez Vicarte, Gang Wang, and Christopher W. Fletcher, University of Illinois at Urbana-Champaign
Track 2 Program Analysis
Fine Grained Dataflow Tracking with Proximal Gradients
Gabriel Ryan, Abhishek Shah, and Dongdong She, Columbia University; Koustubha Bhat, Vrije Universiteit Amsterdam; Suman Jana, Columbia University
Static Detection of Unsafe DMA Accesses in Device Drivers
Jia-Ju Bai and Tuo Li, Tsinghua University; Kangjie Lu, University of Minnesota; Shi-Min Hu, Tsinghua University
MAZE: Towards Automated Heap Feng Shui
Yan Wang, {CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, Chinese Academy of Sciences; WeiRan Lab, Huawei Technologies; Chao Zhang, BNRist & Institute for Network Science and Cyberspace, Tsinghua University; Tsinghua University-QI-ANXIN Group JCNS; Zixuan Zhao, Bolun Zhang, Xiaorui Gong, and Wei Zou, {CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences
SelectiveTaint: Efficient Data Flow Tracking With Static Binary Rewriting
Sanchuan Chen, Zhiqiang Lin, and Yinqian Zhang, The Ohio State University
Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing
Stefan Nagy, Virginia Tech; Anh Nguyen-Tuong, Jason D. Hiser, and Jack W. Davidson, University of Virginia; Matthew Hicks, Virginia Tech
MBA-Blast: Unveiling and Simplifying Mixed Boolean-Arithmetic Obfuscation
Binbin Liu, University of Science and Technology of China & University of New Hampshire; Junfu Shen, University of New Hampshire; Jiang Ming, University of Texas at Arlington; Qilong Zheng and Jing Li, University of Science and Technology of China; Dongpeng Xu, University of New Hampshire
VScape: Assessing and Escaping Virtual Call Protections
Kaixiang Chen, Institute for Network Science and Cyberspace, Tsinghua University; Chao Zhang, Institute for Network Science and Cyberspace, Tsinghua University/Beijing National Research Center for Information Science and Technology/Tsinghua University-QI-ANXIN Group JCNS; Tingting Yin and Xingman Chen, Institute for Network Science and Cyberspace, Tsinghua University; Lei Zhao, School of Cyber Science and Engineering, Wuhan University
Track 3 Privacy Enhancing Technologies
Pretty Good Phone Privacy
Paul Schmitt, Princeton University; Barath Raghavan, USC
KeyForge: Non-Attributable Email from Forward-Forgeable Signatures
Michael A. Specter, MIT; Sunoo Park, MIT & Harvard; Matthew Green, Johns Hopkins University
Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy
Saba Eskandarian, Stanford University; Henry Corrigan-Gibbs, MIT CSAIL; Matei Zaharia and Dan Boneh, Stanford University
Kalεido: Real-Time Privacy Control for Eye-Tracking Systems
Jingjie Li, Amrita Roy Chowdhury, Kassem Fawaz, and Younghyun Kim, University of Wisconsin–Madison
Communication–Computation Trade-offs in PIR
Asra Ali, Google; Tancrède Lepoint, unaffiliated; Sarvar Patel, Mariana Raykova, Phillipp Schoppmann, Karn Seth, and Kevin Yeo, Google
I Always Feel Like Somebody's Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless Sensors
Akash Deep Singh, University of California, Los Angeles; Luis Garcia, University of California, Los Angeles, and USC ISI; Joseph Noor and Mani Srivastava, University of California, Los Angeles
The Complexities of Healing in Secure Group Messaging: Why Cross-Group Effects Matter
Cas Cremers, CISPA Helmholtz Center for Information Security; Britta Hale, Naval Postgraduate School (NPS); Konrad Kohbrok, Aalto University
Track 1 Machine Learning: Adversarial Examples and Model Extraction
SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial Perturbations
Giulio Lovisotto, Henry Turner, and Ivo Sluganovic, University of Oxford; Martin Strohmeier, armasuisse; Ivan Martinovic, University of Oxford
Adversarial Policy Training against Deep Reinforcement Learning
Xian Wu, Wenbo Guo, Hua Wei, and Xinyu Xing, The Pennsylvania State University
DRMI: A Dataset Reduction Technology based on Mutual Information for Black-box Attacks
Yingzhe He, Guozhu Meng, Kai Chen, Xingbo Hu, and Jinwen He, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences/School of Cyber Security, University of Chinese Academy of Sciences
Deep-Dup: An Adversarial Weight Duplication Attack Framework to Crush Deep Neural Network in Multi-Tenant FPGA
Adnan Siraj Rakin, Arizona State University; Yukui Luo and Xiaolin Xu, Northeastern University; Deliang Fan, Arizona State University
Entangled Watermarks as a Defense against Model Extraction
Hengrui Jia and Christopher A. Choquette-Choo, University of Toronto and Vector Institute; Varun Chandrasekaran, University of Wisconsin-Madison; Nicolas Papernot, University of Toronto and Vector Institute
Mind Your Weight(s): A Large-scale Study on Insufficient Machine Learning Model Protection in Mobile Apps
Zhichuang Sun, Ruimin Sun, Long Lu, and Alan Mislove, Northeastern University
Hermes Attack: Steal DNN Models with Lossless Inference Accuracy
Yuankun Zhu, The University of Texas at Dallas; Yueqiang Cheng, Baidu Security; Husheng Zhou, VMware; Yantao Lu, Syracuse University
Track 2 Automated Security Analysis of Source Code and Binaries
ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems
Carter Yagemann, Georgia Institute of Technology; Matthew Pruett, Georgia Tech Research Institute; Simon P. Chung, Georgia Institute of Technology; Kennon Bittick, Georgia Tech Research Institute; Brendan Saltaformaggio and Wenke Lee, Georgia Institute of Technology
Automatic Firmware Emulation through Invalidity-guided Knowledge Inference
Wei Zhou, National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences; Le Guan, Department of Computer Science, University of Georgia; Peng Liu, College of Information Sciences and Technology, The Pennsylvania State University; Yuqing Zhang, National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences; School of Cyber Engineering, Xidian University; School of Computer Science and Cyberspace Security, Hainan University
Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code
Mansour Ahmadi, Reza Mirzazade Farkhani, Ryan Williams, and Long Lu, Northeastern University
Understanding and Detecting Disordered Error Handling with Precise Function Pairing
Qiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, and Kangjie Lu, University of Minnesota
Precise and Scalable Detection of Use-after-Compacting-Garbage-Collection Bugs
HyungSeok Han, Andrew Wesie, and Brian Pak, Theori Inc.
Reducing Test Cases with Attention Mechanism of Neural Networks
Xing Zhang, Jiongyi Chen, Chao Feng, Ruilin Li, Yunfei Su, Bin Zhang, Jing Lei, and Chaojing Tang, National University of Defense Technology
FlowDist: Multi-Staged Refinement-Based Dynamic Information Flow Analysis for Distributed Software Systems
Xiaoqin Fu and Haipeng Cai, Washington State University, Pullman, WA
Track 3 Secure Multiparty Computation
Privacy and Integrity Preserving Computations with CRISP
Sylvain Chatel, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, and Jean-Pierre Hubaux, EPFL
Senate: A Maliciously-Secure MPC Platform for Collaborative Analytics
Rishabh Poddar and Sukrit Kalra, UC Berkeley; Avishay Yanai, VMware Research; Ryan Deng, Raluca Ada Popa, and Joseph M. Hellerstein, UC Berkeley
GForce: GPU-Friendly Oblivious and Rapid Neural Network Inference
Lucien K. L. Ng and Sherman S. M. Chow, The Chinese University of Hong Kong, Hong Kong
ABY2.0: Improved Mixed-Protocol Secure Two-Party Computation
Arpita Patra, Indian Institute of Science; Thomas Schneider, TU Darmstadt; Ajith Suresh, Indian Institute of Science; Hossein Yalame, TU Darmstadt
Fantastic Four: Honest-Majority Four-Party Secure Computation With Malicious Security
Anders Dalskov, Aarhus University & Partisia; Daniel Escudero, Aarhus University; Marcel Keller, CSIRO's Data61
Muse: Secure Inference Resilient to Malicious Clients
Ryan Lehmkuhl and Pratyush Mishra, UC Berkeley; Akshayaram Srinivasan, Tata Institute of Fundamental Research; Raluca Ada Popa, UC Berkeley
ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State
Jeongseok Son, Griffin Prechter, Rishabh Poddar, Raluca Ada Popa, and Koushik Sen, University of California, Berkeley
Track 1 Adversarial Machine Learning: Defenses
PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking
Chong Xiang, Princeton University; Arjun Nitin Bhagoji, University of Chicago; Vikash Sehwag and Prateek Mittal, Princeton University
T-Miner: A Generative Approach to Defend Against Trojan Attacks on DNN-based Text Classification
Ahmadreza Azizi and Ibrahim Asadullah Tahmid, Virginia Tech; Asim Waheed, LUMS Pakistan; Neal Mangaokar, University of Michigan; Jiameng Pu, Virginia Tech; Mobin Javed, LUMS Pakistan; Chandan K. Reddy and Bimal Viswanath, Virginia Tech
WaveGuard: Understanding and Mitigating Audio Adversarial Examples
Shehzeen Hussain, Paarth Neekhara, Shlomo Dubnov, Julian McAuley, and Farinaz Koushanfar, University of California, San Diego
Cost-Aware Robust Tree Ensembles for Security Applications
Yizheng Chen, Shiqi Wang, Weifan Jiang, Asaf Cidon, and Suman Jana, Columbia University
Dompteur: Taming Audio Adversarial Examples
Thorsten Eisenhofer, Lea Schönherr, and Joel Frank, Ruhr University Bochum; Lars Speckemeier, University College London; Dorothea Kolossa and Thorsten Holz, Ruhr University Bochum
CADE: Detecting and Explaining Concept Drift Samples for Security Applications
Limin Yang, University of Illinois at Urbana-Champaign; Wenbo Guo, The Pennsylvania State University; Qingying Hao, University of Illinois at Urbana-Champaign; Arridhana Ciptadi and Ali Ahmadzadeh, Blue Hexagon; Xinyu Xing, The Pennsylvania State University; Gang Wang, University of Illinois at Urbana-Champaign
SIGL: Securing Software Installations Through Deep Graph Learning
Xueyuan Han, Harvard University; Xiao Yu, NEC Laboratories America; Thomas Pasquier, University of Bristol; Ding Li, Peking University; Junghwan Rhee, NEC Laboratories America; James Mickens, Harvard University; Margo Seltzer, University of British Columbia; Haifeng Chen, NEC Laboratories America
Track 2 Operating Systems Security
ExpRace: Exploiting Kernel Races through Raising Interrupts
Yoochan Lee, Seoul National University; Changwoo Min, Virginia Tech; Byoungyoung Lee, Seoul National University
Undo Workarounds for Kernel Bugs
Seyed Mohammadjavad Seyed Talebi, Zhihao Yao, and Ardalan Amiri Sani, UC Irvine; Zhiyun Qian, UC Riverside; Daniel Austin, Atlassian
An Analysis of Speculative Type Confusion Vulnerabilities in the Wild
Ofek Kirzner and Adam Morrison, Tel Aviv University
Blinder: Partition-Oblivious Hierarchical Scheduling
Man-Ki Yoon, Mengqi Liu, Hao Chen, Jung-Eun Kim, and Zhong Shao, Yale University
SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening
Muhammad Abubakar, Adil Ahmad, Pedro Fonseca, and Dongyan Xu, Purdue University
Preventing Use-After-Free Attacks with Fast Forward Allocation
Brian Wickman, GTRI; Hong Hu, PennState; Insu Yun, Daehee Jang, and JungWon Lim, GeorgiaTech; Sanidhya Kashyap, EPFL; Taesoo Kim, GeorgiaTech
Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking
Xin Tan, Yuan Zhang, and Xiyu Yang, Fudan University; Kangjie Lu, University of Minnesota; Min Yang, Fudan University
Track 3 Web Security 1; Software Security
Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support
Max Maass and Alina Stöver, TU Darmstadt; Henning Pridöhl, Universität Bamberg; Sebastian Bretthauer, Goethe-Universität Frankfurt; Dominik Herrmann, Universität Bamberg; Matthias Hollick, TU Darmstadt; Indra Spiecker, Goethe-Universität Frankfurt
Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets
Pierre Laperdrix, Univ. Lille, CNRS, Inria; Oleksii Starov, Palo Alto Networks; Quan Chen and Alexandros Kapravelos, North Carolina State University; Nick Nikiforakis, Stony Brook University
JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals
Soheil Khodayari and Giancarlo Pellegrino, CISPA Helmholtz Center for Information Security
AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party Ads
Hyunjoo Lee, Jiyeon Lee, and Daejun Kim, Korea Advanced Institute of Science and Technology; Suman Jana, Columbia University; Insik Shin and Sooel Son, Korea Advanced Institute of Science and Technology
CACTI: Captcha Avoidance via Client-side TEE Integration
Yoshimichi Nakatsuka and Ercan Ozturk, University of California, Irvine; Andrew Paverd, Microsoft Research; Gene Tsudik, University of California, Irvine
PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems
Yu-Tsung Lee, Penn State University; William Enck, North Carolina State University; Haining Chen, Google; Hayawardh Vijayakumar, Samsung Research; Ninghui Li, Purdue University; Zhiyun Qian and Daimeng Wang, UC Riverside; Giuseppe Petracca, Lyft; Trent Jaeger, Penn State University
Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, and Thorsten Holz, Ruhr-Universität Bochum
Track 1 Machine Learning: Privacy Issues
Systematic Evaluation of Privacy Risks of Machine Learning Models
Liwei Song and Prateek Mittal, Princeton University
Extracting Training Data from Large Language Models
Nicholas Carlini, Google; Florian Tramèr, Stanford University; Eric Wallace, UC Berkeley; Matthew Jagielski, Northeastern University; Ariel Herbert-Voss, OpenAI; Katherine Lee and Adam Roberts, Google; Tom Brown, OpenAI; Dawn Song, UC Berkeley; Ulfar Erlingsson, Apple; Alina Oprea, Northeastern University; Colin Raffel, Google
SWIFT: Super-fast and Robust Privacy-Preserving Machine Learning
Nishat Koti, Mahak Pancholi, Arpita Patra, and Ajith Suresh, Indian Institute of Science, Bangalore
Stealing Links from Graph Neural Networks
Xinlei He, CISPA Helmholtz Center for Information Security; Jinyuan Jia, Duke University; Michael Backes, CISPA Helmholtz Center for Information Security; Neil Zhenqiang Gong, Duke University; Yang Zhang, CISPA Helmholtz Center for Information Security
Leakage of Dataset Properties in Multi-Party Machine Learning
Wanrong Zhang, Georgia Institute of Technology; Shruti Tople, Microsoft Research; Olga Ohrimenko, The University of Melbourne
Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations
Milad Nasr, Alireza Bahramali, and Amir Houmansadr, University of Massachusetts Amherst
Cerebro: A Platform for Multi-Party Cryptographic Collaborative Learning
Wenting Zheng, UC Berkeley/CMU; Ryan Deng, Weikeng Chen, and Raluca Ada Popa, UC Berkeley; Aurojit Panda, New York University; Ion Stoica, UC Berkeley
Track 2 Fuzzing
SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
Daimeng Wang, Zheng Zhang, Hang Zhang, and Zhiyun Qian, University of California Riverside; Srikanth V.Krishnamurthy and Nael Abu-Ghazaleh, University of California, Riverside
Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing
Yousra Aafer, University of Waterloo; Wei You, Renmin University of China; Yi Sun, Yu Shi, and Xiangyu Zhang, Purdue University; Heng Yin, UC Riverside
UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers
Yuwei Li, Zhejiang University; Shouling Ji, Zhejiang University/Zhejiang University NGICS Platform; Yuan Chen, Zhejiang University; Sizhuang Liang, Georgia Institute of Technology; Wei-Han Lee, IBM Research; Yueyao Chen and Chenyang Lyu, Zhejiang University; Chunming Wu, Zhejiang University/Zhejiang Lab, Hangzhou, China; Raheem Beyah, Georgia Institute of Technology; Peng Cheng, Zhejiang University NGICS Platform/Zhejiang University; Kangjie Lu, University of Minnesota; Ting Wang, Pennsylvania State University
Token-Level Fuzzing
Christopher Salls, UC Santa Barbara; Chani Jindal, Microsoft; Jake Corina, Seaside Security; Christopher Kruegel and Giovanni Vigna, UC Santa Barbara
APICraft: Fuzz Driver Generation for Closed-source SDK Libraries
Cen Zhang, Nanyang Technological University; Xingwei Lin, Ant Group; Yuekang Li, Nanyang Technological University; Yinxing Xue, University of Science and Technology of China; Jundong Xie, Ant Group; Hongxu Chen, Nanyang Technological University; Xinlei Ying and Jiashui Wang, Ant Group; Yang Liu, Nanyang Technological University
The Use of Likely Invariants as Feedback for Fuzzers
Andrea Fioraldi, EURECOM; Daniele Cono D'Elia, Sapienza University of Rome; Davide Balzarotti, EURECOM
ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications
Dimitrios Tychalas, New York University; Hadjer Benkraouda and Michail Maniatakos, New York University Abu Dhabi
Track 3 Web Security 2
Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses
Anatoly Shusterman, Ben-Gurion University of the Negev; Ayush Agarwal, University of Michigan; Sioli O'Connell, University of Adelaide; Daniel Genkin, University of Michigan; Yossi Oren, Ben-Gurion University of the Negev; Yuval Yarom, University of Adelaide and Data61
Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists
Alexander Bulekov, Rasoul Jahanshahi, and Manuel Egele, Boston University
SandTrap: Securing JavaScript-driven Trigger-Action Platforms
Mohammad M. Ahmadpanah, Chalmers University of Technology; Daniel Hedin, Chalmers University of Technology, Mälardalen University; Musard Balliu, KTH Royal Institute of Technology; Lars Eric Olsson and Andrei Sabelfeld, Chalmers University of Technology
Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web
Marco Squarcina, Mauro Tempesta, and Lorenzo Veronese, TU Wien; Stefano Calzavara, Università Ca' Foscari Venezia; Matteo Maffei, TU Wien
U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild
Marius Musch and Martin Johns, TU Braunschweig
Abusing Hidden Properties to Attack the Node.js Ecosystem
Feng Xiao, Georgia Tech; Jianwei Huang, Texas A&M University; Yichang Xiong, Independent researcher; Guangliang Yang, Georgia Tech; Hong Hu, Penn State University; Guofei Gu, Texas A&M University; Wenke Lee, Georgia Tech
Track 1 Forensics and Diagnostics for Security and Voting
mID: Tracing Screen Photos via Moiré Patterns
Yushi Cheng, Xiaoyu Ji, Lixu Wang, and Qi Pang, Zhejiang University; Yi-Chao Chen, Shanghai Jiao Tong University; Wenyuan Xu, Zhejiang University
SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly Compression
Peng Fei, Zhou Li, and Zhiying Wang, University of California, Irvine; Xiao Yu, NEC Laboratories America, Inc.; Ding Li, Peking University; Kangkook Jee, University of Texas at Dallas
ATLAS: A Sequence-based Learning Approach for Attack Investigation
Abdulellah Alsaheel and Yuhong Nan, Purdue University; Shiqing Ma, Rutgers University; Le Yu, Gregory Walkup, Z. Berkay Celik, Xiangyu Zhang, and Dongyan Xu, Purdue University
ELISE: A Storage Efficient Logging System Powered by Redundancy Reduction and Representation Learning
Hailun Ding, Shenao Yan, Juan Zhai, and Shiqing Ma, Rutgers University
V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities
Seunghoon Woo, Dongwook Lee, Sunghan Park, and Heejo Lee, Korea University; Sven Dietrich, City University of New York
Minerva - An Efficient Risk-Limiting Ballot Polling Audit
Filip Zagórski, Wroclaw University of Science and Technology; Grant McClearn and Sarah Morin, The George Washington University; Neal McBurnett, unaffiliated; Poorvi L. Vora, The George Washington University
Security Analysis of the Democracy Live Online Voting System
Michael Specter, MIT; J. Alex Halderman, University of Michigan
Track 2 Internet and Network Security
Hopper: Modeling and Detecting Lateral Movement
Grant Ho, UC San Diego, UC Berkeley, and Dropbox; Mayank Dhiman, Dropbox; Devdatta Akhawe, Figma; Vern Paxson, UC Berkeley; Stefan Savage and Geoffrey M. Voelker, UC San Diego; David Wagner, UC Berkeley
LZR: Identifying Unexpected Internet Services
Liz Izhikevich, Stanford University; Renata Teixeira, Inria; Zakir Durumeric, Stanford University
Blind In/On-Path Attacks and Applications to VPNs
William J. Tolley and Beau Kujath, Breakpointing Bad/Arizona State University; Mohammad Taha Khan, Washington and Lee University; Narseo Vallina-Rodriguez, IMDEA Networks Institute/ICSI; Jedidiah R. Crandall, Breakpointing Bad/Arizona State University
The Hijackers Guide To The Galaxy: Off-Path Taking Over Internet Resources
Tianxiang Dai, Fraunhofer Institute for Secure Information Technology SIT; Philipp Jeitner, Fraunhofer Institute for Secure Information Technology SIT, Technical University of Darmstadt; Haya Shulman, Fraunhofer Institute for Secure Information Technology SIT; Michael Waidner, Fraunhofer Institute for Secure Information Technology SIT, Technical University of Darmstadt
Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS
Philipp Jeitner, TU Darmstadt; Haya Shulman, Fraunhofer SIT
Causal Analysis for Software-Defined Networking Attacks Benjamin E. Ujcich, Georgetown University; Samuel Jero and Richard Skowyra, MIT Lincoln Laboratory; Adam Bates, University of Illinois at Urbana-Champaign; William H. Sanders, Carnegie Mellon University; Hamed Okhravi, MIT Lincoln Laboratory
Track 3 Attacks
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
Kaiwen Shen, Chuhan Wang, and Minglei Guo, Tsinghua University; Xiaofeng Zheng, Tsinghua University and Qi An Xin Technology Research Institute; Chaoyi Lu and Baojun Liu, Tsinghua University; Yuxuan Zhao, North China Institute of Computing Technology; Shuang Hao, University of Texas at Dallas; Haixin Duan, Tsinghua University; Qi An Xin Technology Research Institute; Qingfeng Pan, Coremail Technology Co. Ltd; Min Yang, Fudan University
Automated Discovery of Denial-of-Service Vulnerabilities in Connected Vehicle Protocols
Shengtuo Hu, University of Michigan; Qi Alfred Chen, UC Irvine; Jiachen Sun, Yiheng Feng, Z. Morley Mao, and Henry X. Liu, University of Michigan
Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations
Pengfei Jing, The Hong Kong Polytechnic University, Tencent Security Keen Lab; Qiyi Tang and Yuefeng Du, Tencent Security Keen Lab; Lei Xue and Xiapu Luo, The Hong Kong Polytechnic University; Ting Wang, Pennsylvania State University; Sen Nie and Shi Wu, Tencent Security Keen Lab
Acoustics to the Rescue: Physical Key Inference Attack Revisited
Soundarya Ramesh and Rui Xiao, National University of Singapore; Anindya Maiti, University of Oklahoma; Jong Taek Lee, Harini Ramprasad, and Ananda Kumar, National University of Singapore; Murtuza Jadliwala, University of Texas at San Antonio; Jun Han, National University of Singapore
Messy States of Wiring: Vulnerabilities in Emerging Personal Payment Systems
Jiadong Lou and Xu Yuan, University of Louisiana at Lafayette; Ning Zhang, Washington University in St. Louis
Research on the Security of Visual Reasoning CAPTCHA
Yipeng Gao, Haichang Gao, Sainan Luo, Yang Zi, Shudong Zhang, Wenjie Mao, Ping Wang, and Yulong Shen, Xidian University; Jeff Yan, Linköping University
Dirty Road Can Attack: Security of Deep Learning based Automated Lane Centering under Physical-World Attack
Takami Sato, Junjie Shen, and Ningfei Wang, University of California, Irvine; Yunhan Jia, ByteDance; Xue Lin, Northeastern University; Qi Alfred Chen, University of California, Irvine
Track 1 Research on Surveillance and Censorship
Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications
Mingkui Wei, George Mason University
Weaponizing Middleboxes for TCP Reflected Amplification
Kevin Bock, University of Maryland; Abdulrahman Alaraj, University of Colorado Boulder; Yair Fax and Kyle Hurley, University of Maryland; Eric Wustrow, University of Colorado Boulder; Dave Levin, University of Maryland
Collective Information Security in Large-Scale Urban Protests: the Case of Hong Kong
Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Mareková, Royal Holloway, University of London
How Great is the Great Firewall? Measuring China's DNS Censorship
Nguyen Phong Hoang, Stony Brook University; Arian Akhavan Niaki, University of Massachusetts, Amherst; Jakub Dalek, Jeffrey Knockel, and Pellaeon Lin, Citizen Lab, University of Toronto; Bill Marczak, University of California, Berkeley; Masashi Crete-Nishihata, Citizen Lab, University of Toronto; Phillipa Gill, University of Massachusetts, Amherst; Michalis Polychronakis, Stony Brook University
Balboa: Bobbing and Weaving around Network Censorship
Marc B. Rosen, James Parker, and Alex J Malozemoff, Galois, Inc.
Once is Never Enough: Foundations for Sound Statistical Inference in Tor Network Experimentation
Rob Jansen, U.S. Naval Research Laboratory; Justin Tracey and Ian Goldberg, University of Waterloo
Rollercoaster: An Efficient Group-Multicast Scheme for Mix Networks
Daniel Hugenroth, Martin Kleppmann, and Alastair R. Beresford, University of Cambridge
Track 2 Malware and Program Analysis 1
Obfuscation-Resilient Executable Payload Extraction From Packed Malware
Binlin Cheng, Hubei Normal University & Wuhan University; Jiang Ming, Erika A Leal, and Haotian Zhang, The University of Texas at Arlington; Jianming Fu and Guojun Peng, Wuhan University; Jean-Yves Marion, Université de Lorraine, CNRS, LORIA
DeepReflect: Discovering Malicious Functionality through Binary Reconstruction
Evan Downing, Georgia Institute of Technology; Yisroel Mirsky, Georgia Institute of Technology & Ben-Gurion University; Kyuhong Park and Wenke Lee, Georgia Institute of Technology
When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World
Erin Avllazagaj, University of Maryland; Ziyun Zhu, Facebook; Leyla Bilge, NortonLifeLock Research Group; Davide Balzarotti, EURECOM; Tudor Dumitras, University of Maryland
The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle
Omar Alrawi, Charles Lever, and Kevin Valakuzhy, Georgia Institute of Technology; Ryan Court and Kevin Snow, Zero Point Dynamics; Fabian Monrose, University of North Carolina at Chapel Hill; Manos Antonakakis, Georgia Institute of Technology
Forecasting Malware Capabilities From Cyber Attack Memory Images
Omar Alrawi, Moses Ike, Matthew Pruett, Ranjita Pai Kasturi, Srimanta Barua, Taleb Hirani, Brennan Hill, and Brendan Saltaformaggio, Georgia Institute of Technology
YARIX: Scalable YARA-based Malware Intelligence
Michael Brengel and Christian Rossow, CISPA Helmholtz Center for Information Security
Constraint-guided Directed Greybox Fuzzing
Gwangmu Lee, Seoul National University; Woochul Shim, Samsung Research; Byoungyoung Lee, Seoul National University
Track 3 Mobile System Security and Privacy
PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop
Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, and Christian Weinert, TU Darmstadt
Privacy-Preserving and Standard-Compatible AKA Protocol for 5G
Yuchen Wang, TCA of State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences & Alibaba Group; Zhenfeng Zhang, TCA of State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences; Yongquan Xie, Commercial Cryptography Testing Center of State Cryptography Administration
SEApp: Bringing Mandatory Access Control to Android Apps
Matthew Rossi, Dario Facchinetti, and Enrico Bacis, Università degli Studi di Bergamo; Marco Rosa, SAP Security Research; Stefano Paraboschi, Università degli Studi di Bergamo
A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on Android
Jie Huang, Michael Backes, and Sven Bugiel, CISPA Helmholtz Center for Information Security
An Investigation of the Android Kernel Patch Ecosystem
Zheng Zhang, UC RIverside; Hang Zhang and Zhiyun Qian, UC Riverside; Billy Lau, Google Inc.
Share First, Ask Later (or Never?) Studying Violations of GDPR’s Explicit Consent in Android Apps
Trung Tin Nguyen, CISPA Helmholtz Center for Information Security; Saarbrücken Graduate School of Computer Science, Saarland University; Michael Backes, Ninja Marnau, and Ben Stock, CISPA Helmholtz Center for Information Security
DEFInit: An Analysis of Exposed Android Init Routines
Yuede Ji, University of North Texas; Mohamed Elsabagh, Ryan Johnson, and Angelos Stavrou, Kryptowire
Track 1 Phishing and the Malicious Web
Scalable Detection of Promotional Website Defacements in Black Hat SEO Campaigns
Ronghai Yang, Sangfor Technologies Inc.; Xianbo Wang, The Chinese University of Hong Kong; Cheng Chi, Dawei Wang, Jiawei He, and Siming Pang, Sangfor Technologies Inc.; Wing Cheong Lau, The Chinese University of Hong Kong
Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs
Ravindu De Silva, SCoRe Lab and Qatar Computing Research Institute; Mohamed Nabeel, Qatar Computing Research Institute; Charith Elvitigala, SCoRe Lab; Issa Khalil and Ting Yu, Qatar Computing Research Institute; Chamath Keppitiyagama, University of Colombo School of Computing
Assessing Browser-level Defense against IDN-based Phishing
Hang Hu, Virginia Tech; Steve T.K. Jan, University of Illinois at Urbana-Champaign/Virginia Tech; Yang Wang and Gang Wang, University of Illinois at Urbana-Champaign
Catching Phishers By Their Bait: Investigating the Dutch Phishing Landscape through Phishing Kit Detection
Hugo Bijmans, Tim Booij, and Anneke Schwedersky, TNO; Aria Nedgabat, Eindhoven University of Technology; Rolf van Wegberg, Delft University of Technology
PhishPrint: Evading Phishing Detection Crawlers by Prior Profiling
Bhupendra Acharya and Phani Vadrevu, University of New Orleans
Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages
Yun Lin and Ruofan Liu, National University of Singapore; Dinil Mon Divakaran, Trustwave; Jun Yang Ng and Qing Zhou Chan, National University of Singapore; Yiwen Lu, Yuxuan Si, and Fan Zhang, Zhejiang University; Jin Song Dong, National University of Singapore
Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols
Enis Ulqinaku, ETH Zurich; Hala Assal, AbdelRahman Abdou, and Sonia Chiasson, Carleton University; Srdjan Capkun, ETH Zurich
Track 2 DDOS; Wireless Security
Jaqen: A High-Performance Switch-Native Approach for Detecting and Mitigating Volumetric DDoS Attacks with Programmable Switches
Zaoxing Liu, Boston University; Hun Namkung, Carnegie Mellon University; Georgios Nikolaidis, Jeongkeun Lee, and Changhoon Kim, Intel, Barefoot Switch Division; Xin Jin, Peking University; Vladimir Braverman, Johns Hopkins University; Minlan Yu, Harvard University; Vyas Sekar, Carnegie Mellon University
ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
Yeting Li, Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences; Zixuan Chen, Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences; Jialun Cao, Department of Computer Science and Engineering, The Hong Kong University of Science and Technology; Zhiwu Xu, Shenzhen University, Shenzhen, China; Qiancheng Peng and Haiming Chen, Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences; Liyuan Chen, Applied Architecture Platform Department, Tencent; Shing-Chi Cheung, Department of Computer Science and Engineering, The Hong Kong University of Science and Technology
Ripple: A Programmable, Decentralized Link-Flooding Defense Against Adaptive Adversaries
Jiarong Xing, Wenqing Wu, and Ang Chen, Rice University
Accurately Measuring Global Risk of Amplification Attacks using AmpMap
Soo-Jin Moon, Yucheng Yin, and Rahul Anand Sharma, Carnegie Mellon University; Yifei Yuan, Alibaba Group; Jonathan M. Spring, CERT/CC, SEI, Carnegie Mellon University; Vyas Sekar, Carnegie Mellon University
A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks
Nitya Lakshmanan and Nishant Budhdev, National University of Singapore; Min Suk Kang, KAIST; Mun Choon Chan and Jun Han, National University of Singapore
Disrupting Continuity of Apple's Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi
Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick, Technical University of Darmstadt
Stars Can Tell: A Robust Method to Defend against GPS Spoofing Attacks using Off-the-shelf Chipset
Shinan Liu, University of Chicago; Xiang Cheng and Hanchao Yang, Virginia Tech; Yuanchao Shu, Microsoft Research; Xiaoran Weng and Ping Guo, University of Electronic Science and Technology of China; Kexiong (Curtis) Zeng, Facebook; Gang Wang, University of Illinois at Urbana-Champaign; Yaling Yang, Virginia Tech
Track 3 Cryptography and the Cloud
Formally Verified Memory Protection for a Commodity Multiprocessor Hypervisor
Shih-Wei Li, Xupeng Li, Ronghui Gu, Jason Nieh, and John Zhuang Hui, Columbia University
Automatic Policy Generation for Inter-Service Access Control of Microservices Xing Li, Zhejiang University; Yan Chen, Northwestern University; Zhiqiang Lin, Ohio State University; Xiao Wang and Jim Hao Chen, Northwestern University
CLARION: Sound and Clear Provenance Tracking for Microservice Deployments
Xutong Chen, Northwestern University; Hassaan Irshad, SRI International; Yan Chen, Northwestern University; Ashish Gehani and Vinod Yegneswaran, SRI International
Virtual Secure Platform: A Five-Stage Pipeline Processor over TFHE
Kotaro Matsuoka, Ryotaro Banno, Naoki Matsumoto, Takashi Sato, and Song Bian, Kyoto University
Searching Encrypted Data with Size-Locked Indexes
Min Xu, University of Chicago; Armin Namavari, Cornell University; David Cash, University of Chicago; Thomas Ristenpart, Cornell Tech
Blitz: Secure Multi-Hop Payments Without Two-Phase Commits
Lukas Aumayr, TU Wien; Pedro Moreno-Sanchez, IMDEA Software Institute; Aniket Kate, Purdue University; Matteo Maffei, TU Wien
Reducing HSM Reliance in Payments through Proxy Re-Encryption
Sivanarayana Gaddam, Visa; Atul Luykx, Security Engineering Research, Google; Rohit Sinha, Swirlds Inc.; Gaven Watson, Visa Research
Track 1 Measurements of Fraud, Malware, Spam, and Other Abuse
Risky Business? Investigating the Security Practices of Vendors on an Online Anonymous Market using Ground-Truth Data
Jochem van de Laarschot and Rolf van Wegberg, Delft University of Technology
Deep Entity Classification: Abusive Account Detection for Online Social Networks
Teng Xu, Gerard Goossen, Huseyin Kerem Cevahir, Sara Khodeir, and Yingyezhe Jin, Facebook, Inc; Frank Li, Facebook, Inc and Georgia Institute of Technology; Shawn Shan, Facebook, Inc and University of Chicago; Sagar Patel and David Freeman, Facebook, Inc; Paul Pearce, Facebook, Inc and Georgia Institute of Technology
SocialHEISTing: Understanding Stolen Facebook Accounts
Jeremiah Onaolapo, University of Vermont; Nektarios Leontiadis and Despoina Magka, Facebook; Gianluca Stringhini, Boston University
Understanding Malicious Cross-library Data Harvesting on Android
Jice Wang, National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences; Indiana University Bloomington; Yue Xiao and Xueqiang Wang, Indiana University Bloomington; Yuhong Nan, Purdue University; Luyi Xing and Xiaojing Liao, Indiana University Bloomington; JinWei Dong, School of Cyber Engineering, Xidian University; Nicolas Serrano, Indiana University, Bloomington; Haoran Lu and XiaoFeng Wang, Indiana University Bloomington; Yuqing Zhang, National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences; School of Cyber Engineering, Xidian University; School of Computer Science and Cyberspace Security, Hainan University
Swiped: Analyzing Ground-truth Data of a Marketplace for Stolen Debit and Credit Cards
Maxwell Aliapoulios, Cameron Ballard, Rasika Bhalerao, Tobias Lauinger, and Damon McCoy, New York University
Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service
Zhibo Sun, Adam Oest, and Penghui Zhang, Arizona State University; Carlos Rubio-Medrano, Texas A&M University - Corpus Christi; Tiffany Bao and Ruoyu Wang, Arizona State University; Ziming Zhao, Rochester Institute of Technology; Yan Shoshitaishvili and Adam Doupé, Arizona State University; Gail-Joon Ahn, Arizona State University and Samsung Research
Track 2 IoT; Specialty Networking
Capture: Centralized Library Management for Heterogeneous IoT Devices
Han Zhang, Abhijith Anilkumar, Matt Fredrikson, and Yuvraj Agarwal, Carnegie Mellon University
MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols
Qinying Wang, Zhejiang University; Shouling Ji, Zhejiang University, Binjiang Insititue of Zhejiang University; Yuan Tian, University of Virginia; Xuhong Zhang, Zhejiang University, Binjiang Insititue of Zhejiang University; Binbin Zhao, Georgia Institute of Technology; Yuhong Kan and Zhaowei Lin, Zhejiang University; Changting Lin and Shuiguang Deng, Zhejiang University, Binjiang Insititue of Zhejiang University; Alex X. Liu, Ant Group; Raheem Beyah, Georgia Institute of Technology
HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes
Chenglong Fu, Temple University; Qiang Zeng, University of South Carolina; Xiaojiang Du, Temple University
Exposing New Vulnerabilities of Error Handling Mechanism in CAN
Khaled Serag and Rohit Bhatia, Purdue University; Vireshwar Kumar, Indian Institute of Technology Delhi; Z. Berkay Celik and Dongyan Xu, Purdue University
CANARY - a reactive defense mechanism for Controller Area Networks based on Active RelaYs
Bogdan Groza, Lucian Popa, and Pal-Stefan Murvay, Universitatea Politehnica Timisoara; Yuval Elovici and Asaf Shabtai, Ben Gurion University of the Negev
ReDMArk: Bypassing RDMA Security Mechanisms
Benjamin Rothenberger, Konstantin Taranov, Adrian Perrig, and Torsten Hoefler, ETH Zurich
Track 3 TLS
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication
Marcus Brinkmann, Ruhr University Bochum; Christian Dresen, Münster University of Applied Sciences; Robert Merget, Ruhr University Bochum; Damian Poddebniak, Münster University of Applied Sciences; Jens Müller, Ruhr University Bochum; Juraj Somorovsky, Paderborn University; Jörg Schwenk, Ruhr University Bochum; Sebastian Schinzel, Münster University of Applied Sciences
Experiences Deploying Multi-Vantage-Point Domain Validation at Let's Encrypt
Henry Birge-Lee and Liang Wang, Princeton University; Daniel McCarney, Square Inc.; Roland Shoemaker, unaffiliated; Jennifer Rexford and Prateek Mittal, Princeton University
SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted Traffic via Siamese Heterogeneous Graph Attention Network
Tianyu Cui, Gaopeng Gou, Gang Xiong, Zhen Li, Mingxin Cui, and Chang Liu, Institute of Information Engineering, Chinese Academy of Sciences
Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications
Marten Oltrogge, CISPA Helmholtz Center for Information Security; Nicolas Huaman, Sabrina Amft, and Yasemin Acar, Leibniz University Hannover; Michael Backes, CISPA Helmholtz Center for Information Security; Sascha Fahl, Leibniz University Hannover
Why TLS is better without STARTTLS: A Security Analysis of STARTTLS in the Email Context
Damian Poddebniak and Fabian Ising, Münster University of Applied Sciences; Hanno Böck, Independent Researcher; Sebastian Schinzel, Münster University of Applied Sciences
What's in a Name? Exploring CA Certificate Control
Zane Ma and Joshua Mason, University of Illinois at Urbana-Champaign; Manos Antonakakis, Georgia Institute of Technology; Zakir Durumeric, Stanford University; Michael Bailey, University of Illinois at Urbana-Champaign
拓展阅读
会议主页:
https://www.usenix.org/conference/usenixsecurity21/technical-sessions有兴趣加入学术圈的请联系secdr#qq.com
如有侵权请联系:admin#unsafe.sh