2021年网络安全领域四大顶会的论文录用均已揭晓,InForSec特整理相关信息分享给网络安全学术社区。
Usenix Security Symposium (USENIX Security), 是世界网络和系统安全领域四大顶级学术会议之一, 开始于上世纪90年代初,发表论文难度极高, 过去五年的平均录用率为17%。
USENIX Security为CCF推荐A类会议,H-5指数80,近年来它的论文录用量也呈现出明显的增长趋势,2020年共录取157篇,2021年共录取了246篇。
其中,来自中国高校、科研院所和企业界共28篇,有华人学者参与的共有78篇。 (注:数据为人工统计,如有疏漏,还请指正。)
以下为 USENIX Security 2021年录取论文列表:
| 论文标题 | 作者信息 | 第一作者单位 | 一作单位所在国家 |
| Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication | Cheng Guo and Brianne Campbell, Clemson University; Apu Kapadia, Indiana University; Michael K. Reiter, Duke University; Kelly Caine, Clemson University | Clemson University | 美国 |
| ‘Passwords Keep Me Safe’ – Understanding What Children Think about Passwords | Mary Theofanos and Yee-Yin Choong, National Institute of Standards and Technology; Olivia Murphy, University of Maryland, College Park | National Institute of Standards and Technology | 美国 |
| On the Usability of Authenticity Checks for Hardware Security Tokens | Katharina Pfeffer and Alexandra
Mai, SBA Research; Adrian Dabrowski, University of California, Irvine;
Matthias Gusenbauer, Tokyo Institute of Technology & SBA Research; Philipp Schindler, SBA Research; Edgar Weippl, University of Vienna; Michael Franz, University of California, Irvine; Katharina Krombholz, CISPA Helmholtz Center for Information Security | SBA Research | 奥地利 |
| Inexpensive Brainwave Authentication: New Techniques and Insights on User Acceptance | Patricia Arias-Cabarcos,
KASTEL/KIT; Thilo Habrich, Karen Becker, and Christian Becker, University of
Mannheim; Thorsten Strufe, KASTEL/KIT | KASTEL/KIT | 美国 |
| Why Older Adults (Don’t) Use Password Managers | Hirak Ray, Flynn Wolf, and Ravi Kuber, University of Maryland, Baltimore County; Adam J. Aviv, The George Washington University | University of Maryland, Baltimore County | 美国 |
| It’s Stored, Hopefully, on an Encrypted Server”: Mitigating Users’ Misconceptions About FIDO2 Biometric WebAuthn | Leona Lassak, Ruhr University Bochum; Annika Hildebrandt, University of Chicago; Maximilian Golla, Max Planck Institute for Security and Privacy; Blase Ur, University of Chicago | Ruhr University Bochum | 德国 |
| Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns | Maximilian Golla, Max Planck
Institute for Security and Privacy; Grant Ho, University of California San
Diego; Marika Lohmus, Cleo AI; Monica Pulluri, Facebook; Elissa M. Redmiles, Max Planck Institute for Software Systems | Max Planck Institute for Security and Privacy | 德国 |
| Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption | Simon Oya and Florian Kerschbaum, University of Waterloo | University of Waterloo | 加拿大 |
| A Highly Accurate Query-Recovery Attack against Searchable Encryption using Non-Indexed Documents | Marc Damie, University of
Technology of Compiègne, France; Florian Hahn and Andreas Peter, University
of Twente, The Netherlands | University of Technology of Compiègne, France | 法国 |
| Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation | Mathy Vanhoef, New York University Abu Dhabi | New York University Abu Dhabi | 阿联酋 |
| Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions | David Basin, Ralf Sasse, and Jorge Toro-Pozo, Department of Computer Science, ETH Zurich | Department of Computer Science, ETH Zurich | 瑞士 |
| Partitioning Oracle Attacks | Julia Len, Paul Grubbs, and Thomas Ristenpart, Cornell Tech | Cornell Tech | 美国 |
| Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E) | Robert Merget and Marcus
Brinkmann, Ruhr University Bochum; Nimrod Aviram, School of Computer
Science, Tel Aviv University; Juraj Somorovsky, Paderborn University; Johannes Mittmann, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Jörg Schwenk, Ruhr University Bochum | Ruhr University Bochum | 德国 |
| A Side Journey To Titan | Thomas Roche and Victor Lomné, NinjaLab, Montpellier, France; Camille Mutschler, NinjaLab, Montpellier, France and LIRMM, Univ. Montpellier, CNRS, Montpellier, France; Laurent Imbert, LIRMM, Univ. Montpellier, CNRS, Montpellier,France | NinjaLab, Montpellier, France | 法国 |
| PASan: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications | Taegyu Kim, Purdue University;
Vireshwar Kumar, Indian Institute of Technology, Delhi; Junghwan Rhee,
University of Central Oklahoma; Jizhou Chen and Kyungtae Kim, Purdue University; Chung Hwan Kim, University of Texas at Dallas; Dongyan Xu and Dave (Jing) Tian, Purdue University | Purdue University | 美国 |
| On the Design and Misuse of Microcoded (Embedded) Processors — A Cautionary Note | Nils Albartus and Clemens
Nasenberg, Ruhr University Bochum, Germany; Max Planck Institute for Security
and Privacy, Germany; Florian Stolz, Ruhr University Bochum, Germany; Marc Fyrbiak, Max Planck Institute for Security and Privacy, Germany; Christof Paar, Ruhr University Bochum, Germany; Max Planck Institute for Security and Privacy, Germany; Russell Tessier, University of Massachusetts, Amherst, USA | Ruhr University Bochum | 德国 |
| M2Mon: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles | Arslan Khan and Hyungsub Kim,
Purdue University; Byoungyoung Lee, Seoul National University (SNU); Dongyan
Xu, Antonio Bianchi, and Dave (Jing) Tian, Purdue University | Purdue University | 美国 |
| Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems | Libo Chen, School of Electronic
Information and Electrical Engineering, Shanghai Jiao Tong University;
Yanhao Wang, QI-ANXIN Technology Research Institute; Quanpu Cai and Yunfan Zhan, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University; Hong Hu, Pennsylvania State University; Jiaqi Linghu, QI-ANXIN Technology Research Institute; Qinsheng Hou, QI-ANXIN Technology Research Institute; Shandong University; Chao Zhang and Haixin Duan, BNRist & Institute for Network Science and Cyberspace, Tsinghua University; Tsinghua University-QI-ANXIN Group JCNS; Zhi Xue, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University | School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University | 中国 |
| Jetset: Targeted Firmware Rehosting for Embedded Systems | Evan Johnson, University of
California, San Diego; Maxwell Bland, YiFei Zhu, and Joshua Mason, University
of Illinois at Urbana–Champaign; Stephen Checkoway, Oberlin College; Stefan Savage, University of California, San Diego; Kirill Levchenko, University of Illinois at Urbana–Champaign | University of California, San Diego | 美国 |
| LightBlue: Automatic Profile-Aware Debloating of Bluetooth Stacks | Jianliang Wu and Ruoyu Wu,
Purdue University; Daniele Antonioli and Mathias Payer, EPFL; Nils Ole
Tippenhauer, CISPA Helmholtz Center for Information Security; Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi, Purdue University | Purdue University | 美国 |
| PACStack: an Authenticated Call Stack | Hans Liljestrand, University of
Waterloo; Thomas Nyman and Lachlan J. Gunn, Aalto University; Jan-Erik
Ekberg, Huawei Technologies and Aalto University; N. Asokan, University of Waterloo and Aalto University | University of Waterloo | 加拿大 |
| “It’s stressful having all these phones”: Investigating Sex Workers’ Safety Goals, Risks, and Practices Online | Allison McDonald, University of
Michigan; Catherine Barwulor, Clemson University; Michelle L. Mazurek,
University of Maryland; Florian Schaub, University of Michigan; Elissa M. Redmiles, Max Planck Institute for Software Systems | University of Michigan | 美国 |
| “Now I’m a bit angry:” Individuals’ Awareness, Perception, and Responses to Data Breaches that Affected Them | Peter Mayer, Karlsruhe Institute
of Technology; Yixin Zou and Florian Schaub, University of Michigan; Adam J.
Aviv, The George Washington University | Karlsruhe Institute of Technology | 德国 |
| “It’s the Company, the Government, You and I”: User Perceptions
of Responsibility for Smart Home Privacy and Security | Julie Haney, National Institute
of Standards and Technology; Yasemin Acar, National Institute of Standards
and Technology and Leibniz University Hannover; Susanne Furman, National Institute of Standards and Technology | National Institute of Standards and Technology | 美国 |
| The Role of Computer Security Customer Support in Helping Survivors of Intimate Partner Violence | Yixin Zou and Allison McDonald,
University of Michigan; Julia Narakornpichit, Nicola Dell, and Thomas
Ristenpart, Cornell Tech; Kevin Roundy, Norton Research Group; Florian Schaub, University of Michigan; Acar Tamersoy, Norton Research Group | University of Michigan | 美国 |
| Evaluating In-Workflow Messages for Improving Mental Models of End-to-End Encryption | Omer Akgul, Wei Bai, Shruti Das, and Michelle L. Mazurek, University of Maryland | University of Maryland | 美国 |
| PriSEC: A Privacy Settings Enforcement Controller | Rishabh Khandelwal and Thomas
Linden, University of Wisconsin–Madison; Hamza Harkous, Google Inc.;
Kassem Fawaz, University of Wisconsin–Madison | University of Wisconsin–Madison | 美国 |
| Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google’s My Activity | Florian M. Farke, Ruhr
University Bochum; David G. Balash, The George Washington University;
Maximilian Golla, Max Planck Institute for Security and Privacy; Markus Dürmuth, Ruhr University Bochum; Adam J. Aviv, The George Washington University | Ruhr University Bochum | 德国 |
| Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine Learning | Chenkai Weng, Northwestern
University; Kang Yang, State Key Laboratory of Cryptology; Xiang Xie,
Shanghai Key Laboratory of Privacy-Preserving Computation and MatrixElements Technologies; Jonathan Katz, University of Maryland; Xiao Wang, Northwestern University | Northwestern University | 美国 |
| Poseidon: A New Hash Function for Zero-Knowledge Proof Systems | Lorenzo Grassi, Radboud
University Nijmegen; Dmitry Khovratovich, Ethereum Foundation and Dusk
Network; Christian Rechberger, IAIK, Graz University of Technology; Arnab Roy, University of Klagenfurt; Markus Schofnegger, IAIK, Graz University of Technology | Radboud University Nijmegen | 荷兰 |
| Dynamic proofs of retrievability with low server storage | Gaspard Anthoine, Jean-Guillaume
Dumas, Mélanie de Jonghe, Aude Maignan, and Clément Pernet, Université
Grenoble Alpes; Michael Hanling and Daniel S. Roche, United States Naval Academy | Université Grenoble Alpes | 法国 |
| Where’s Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code | Carlo Meijer, Radboud University; Veelasha Moonsamy, Ruhr University Bochum; Jos Wetzels, Midnight Blue Labs | Radboud University | 荷兰 |
| Towards Formal Verification of State Continuity for Enclave Programs | Mohit Kumar Jangid, The Ohio
State University; Guoxing Chen, Shanghai Jiao Tong University; Yinqian
Zhang, Southern University of Science and Technology; Zhiqiang Lin, The Ohio State University | The Ohio State University | 美国 |
| Protecting Cryptography Against Compelled Self-Incrimination | Sarah Scheffler and Mayank Varia, Boston University | Boston University | 美国 |
| CSProp: Ciphertext and Signature Propagation Low-Overhead Public-Key Cryptosystem for IoT Environments | Fatemah Alharbi, Taibah
University, Yanbu; Arwa Alrawais, Prince Sattam Bin Abdulaziz University;
Abdulrahman Bin Rabiah, University of California, Riverside, and King Saud University; Silas Richelson and Nael Abu-Ghazaleh, University of California, Riverside | Taibah University, Yanbu | 沙特阿拉伯 |
| Automatic Extraction of Secrets from the Transistor Jungle using Laser-Assisted Side-Channel Attacks . | Thilo Krachenfels and Tuba
Kiyan, Technische Universität Berlin; Shahin Tajik, Worcester Polytechnic
Institute; Jean-Pierre Seifert, Technische Universität Berlin; Fraunhofer SIT | Technische Universität Berlin | 德国 |
| Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical | Riccardo Paccagnella, Licheng Luo, and Christopher W. Fletcher, University of Illinois at Urbana-Champaign | University of Illinois at Urbana-Champaign | 美国 |
| Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend | Ivan Puddu, Moritz Schneider, Miro Haller, and Srdjan Čapkun, ETH Zurich | ETH Zurich | 瑞士 |
| Charger-Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage . | Patrick Cronin, Xing Gao, and Chengmo Yang, University of Delaware; Haining Wang, Virginia Tech | University of Delaware | 美国 |
| VoltPillager: Hardware-based fault injection attacks against
Intel SGX Enclaves using the SVID voltage scaling interface | Zitai Chen, Georgios Vasilakis, Kit Murdock, Edward Dean, David Oswald,
and Flavio D. Garcia, School of Computer Science, University of Birmingham, UK | School of Computer Science, University of Birmingham, UK | 英国 |
| CipherLeaks: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel | Mengyuan Li, The Ohio State
University; Yinqian Zhang, Southern University of Science and Technology;
Huibo Wang and Kang Li, Baidu Security; Yueqiang Cheng, NIO Security Research | The Ohio State University | 美国 |
| Cross-VM and Cross-Processor Covert Channels Exploiting Processor Idle Power Management | Paizhuo Chen, Lei Li, and Zhice Yang, ShanghaiTech University | ShanghaiTech University | 中国 |
| Can Systems Explain Permissions Better? Understanding Users’ Misperceptions under Smartphone Runtime Permission Model | Bingyu Shen, University of California, San Diego; Lili Wei, The Hong Kong
University of Science and Technology; Chengcheng Xiang, Yudong Wu, Mingyao Shen, and Yuanyuan Zhou, University of California, San Diego; Xinxin Jin, Whova, Inc. | University of California, San Diego | 美国 |
| “Shhh. be quiet!” Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome | Igor Bilogrevic, Balazs Engedy,
Judson L. Porter III, Nina Taft, Kamila Hasanbega, Andrew Paseltiner, Hwi
Kyoung Lee, Edward Jung, Meggyn Watkins, PJ McLachlan, and Jason James, Google | 美国 | |
| Explanation Beats Context: The Effect of Timing & Rationales on Users’ Runtime Permission Decisions | Yusra Elbitar, CISPA Helmholtz
Center for Information Security, Saarland University; Michael Schilling,
CISPA Helmholtz Center for Information Security; Trung Tin Nguyen, CISPA Helmholtz Center for Information Security, Saarland University; Michael Backes and Sven Bugiel, CISPA Helmholtz Center for Information Security | CISPA Helmholtz Center for Information Security, Saarland University | 德国 |
| A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions | Weicheng Cao and Chunqiu Xia, University of Toronto; Sai Teja Peddinti, Google; David Lie,
University of Toronto; Nina Taft, Google; Lisa M. Austin, University of Toronto | University of Toronto | 加拿大 |
| Reducing Bias in Modeling Real-world Password Strength via Deep Learning and Dynamic Dictionaries | Dario Pasquini, Sapienza
University of Rome, Institute of Applied Computing CNR; Marco Cianfriglia,
Institute of Applied Computing CNR; Giuseppe Ateniese, Stevens Institute of Technology; Massimo Bernaschi, Institute of Applied Computing CNR | Sapienza University of Rome, Institute of Applied Computing CNR | 意大利 |
| Using Amnesia to Detect Credential Database Breaches | Ke Coby Wang, University of North Carolina at Chapel Hill; Michael K. Reiter, Duke University | University of North Carolina at Chapel Hill | 美国 |
| Incrementally Updateable Honey Password Vaults | Haibo Cheng, Wenting Li, and
Ping Wang, Peking University; Chao-Hsien Chu, Pennsylvania State University;
Kaitai Liang, Delft University of Technology | Peking University | 中国 |
| Private Blocklist Lookups with Checklist | Dmitry Kogan, Stanford University; Henry Corrigan-Gibbs, MIT CSAIL | Stanford University | 美国 |
| Identifying Harmful Media in End-to-End Encrypted Communication:
Efficient Private Membership Computation | Anunay Kulshrestha and Jonathan Mayer, Princeton University | Princeton University | 美国 |
| Fuzzy Labeled Private Set Intersection with Applications to Private Real-Time Biometric Search | Erkam Uzun, Simon P. Chung, Vladimir Kolesnikov, Alexandra Boldyreva, and Wenke Lee, Georgia Institute of Technology | Georgia Institute of Technology | 美国 |
| PrivSyn: Differentially Private Data Synthesis | Zhikun Zhang, Zhejiang
University and CISPA Helmholtz Center for Information Security; Tianhao Wang,
Ninghui Li, and Jean Honorio, Purdue University; Michael Backes, CISPA Helmholtz Center for Information Security; Shibo He and Jiming Chen, Zhejiang University and Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies; Yang Zhang, CISPA Helmholtz Center for Information Security | Zhejiang University and CISPA Helmholtz Center for Information Security | 中国 |
| Data Poisoning Attacks to Local Differential Privacy Protocols | Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong, Duke University | Duke University | 美国 |
| How to Make Private Distributed Cardinality Estimation Practical, and Get Differential Privacy for Free | Changhui Hu, Newcastle University; Jin Li, Guangzhou University; Zheli
Liu, Xiaojie Guo, Yu Wei, and Xuan Guang, Nankai University; Grigorios Loukides, King’s College London; Changyu Dong, Newcastle University | Newcastle University | 英国 |
| Locally Differentially Private Analysis of Graph Statistics | Jacob Imola, UC San Diego; Takao Murakami, AIST; Kamalika Chaudhuri, UC San Diego | UC San Diego | 美国 |
| SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript | Finn de Ridder, ETH Zurich and
VU Amsterdam; Pietro Frigo, Emanuele Vannacci, Herbert Bos, and Cristiano
Giuffrida, VU Amsterdam; Kaveh Razavi, ETH Zurich | ETH Zurich and VU Amsterdam | 瑞士&荷兰 |
| Database Reconstruction from Noisy Volumes: A Cache Side-Channel Attack on SQLite | Aria Shahverdi, University of
Maryland; Mahammad Shirinov, Bilkent University; Dana Dachman-Soled,
University of Maryland | University of Maryland | 美国 |
| PTAuth: Temporal Memory Safety via Robust Points-to Authentication | Reza Mirzazade Farkhani, Mansour Ahmadi, and Long Lu, Northeastern University | Northeastern University | 美国 |
| Does logic locking work with EDA tools? | Zhaokun Han, Muhammad Yasin, and Jeyavijayan (JV) Rajendran, Texas A&M University | Texas A&M University | 美国 |
| Cure: A Security Architecture with CUstomizable and Resilient Enclaves | Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf, Technische Universität Darmstadt | Technische Universität Darmstadt | 德国 |
| DICE*: A Formally Verified Implementation of DICE Measured Boot | Zhe Tao, University of California, Davis; Aseem Rastogi, Naman Gupta,
and Kapil Vaswani, Microsoft Research; Aditya V. Thakur, University of California, Davis | University of California, Davis | 美国 |
| PEARL: Plausibly Deniable Flash Translation Layer using WOM coding | Chen Chen, Anrin Chakraborti, and Radu Sion, Stony Brook
University Usable Security and Privacy: Institutional Perspectives | Stony Brook University Usable Security and Privacy: Institutional Perspectives | 美国 |
| Examining the Efficacy of Decoy-based and Psychological Cyber Deception | Kimberly J. Ferguson-Walter,
Laboratory for Advanced Cybersecurity Research; Maxine M. Major, Naval
Information Warfare Center, Pacific; Chelsea K. Johnson, Arizona State University; Daniel H. Muhleman, Naval Information Warfare Center, Pacific | Laboratory for Advanced Cybersecurity Research | 美国 |
| Helping Users Automatically Find and Manage Sensitive, Expendable Files in Cloud Storage | Mohammad Taha Khan, University
of Illinois at Chicago / Washington & Lee University; Christopher Tran
and Shubham Singh, University of Illinois at Chicago; Dimitri Vasilkov, University of Chicago; Chris Kanich, University of Illinois at Chicago; Blase Ur, University of Chicago; Elena Zheleva, University of Illinois at Chicago | University of Illinois at Chicago / Washington & Lee University | 美国 |
| Adapting Security Warnings to Counter Online Disinformation | Ben Kaiser, Jerry Wei, Eli
Lucherini, and Kevin Lee, Princeton University; J. Nathan Matias, Cornell
University; Jonathan Mayer, Princeton University | Princeton University | 美国 |
| “Why wouldn’t someone think of democracy as a target?”: Security
practices & challenges of people involved with U.S. political campaigns | Sunny Consolvo, Patrick Gage Kelley, Tara Matthews, Kurt Thomas, Lee Dunn, and Elie Bursztein, Google | 美国 | |
| Security Obstacles and Motivations for Small Businesses from a CISO’s Perspective | Flynn Wolf, University of
Maryland, Baltimore County; Adam J. Aviv, The George Washington University;
Ravi Kuber, University of Maryland, Baltimore County | University of Maryland | 美国 |
| Strategies and Perceived Risks of Sending Sensitive Documents | Noel Warford, University of
Maryland; Collins W. Munyendo, The George Washington University; Ashna
Mediratta, University of Maryland; Adam J. Aviv, The George Washington University; Michelle L. Mazurek, University of Maryland | University of Maryland | 美国 |
| A Large-Scale Interview Study on Information Security in and
Attacks against Small and Medium-sized Enterprises | Nicolas Huaman, Leibniz
University Hannover; CISPA Helmholtz Center for Information Security; Bennet
von Skarczinski, PwC Germany; Christian Stransky and Dominik Wermke, Leibniz University Hannover; Yasemin Acar, Leibniz University Hannover; Max Planck Institute for Security and Privacy; Arne Dreißigacker, Criminological Research Institute of Lower Saxony; Sascha Fahl, Leibniz University Hannover; CISPA Helmholtz Center for Information Security | Leibniz University Hannover | 德国 |
| On the Routing-Aware Peering against Network-Eclipse Attacks in Bitcoin | Muoi Tran and Akshaye Shenoi, National University of Singapore; Min Suk Kang, KAIST | National University of Singapore | 新加坡 |
EOSafe: Security Analysis of EOSIO Smart Contracts | Ningyu He, Key Lab on HCST
(MOE), Peking University; Ruiyi Zhang, PeckShield, Inc.; Haoyu Wang, Beijing
University of Posts and Telecommunications; Lei Wu, Zhejiang University; Xiapu Luo, The Hong Kong Polytechnic University; Yao Guo, Key Lab on HCST (MOE), Peking University; Ting Yu, Qatar Computing Research Institute; Xuxian Jiang, PeckShield, Inc. | Peking University | 中国 |
| EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts | Michael Rodler, University of
Duisburg-Essen; Wenting Li and Ghassan O. Karame, NEC Laboratories
Europe; Lucas Davi, University of Duisburg-Essen | University of Duisburg-Essen | 德国 |
| Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications | Liya Su, Indiana University Bloomington; Institute of Information
Engineering, Chinese Academy of Sciences; University of Chinese Academy of Sciences; Xinyue Shen, Indiana University Bloomington and Alibaba Group; Xiangyu Du, Indiana University Bloomington; Institute of Information Engineering, Chinese Academy of Sciences; University of Chinese Academy of Sciences; Xiaojing Liao, XiaoFeng Wang, and Luyi Xing, Indiana University Bloomington; Baoxu Liu, Institute of Information Engineering, Chinese Academy of Sciences; University of Chinese Academy of Sciences | Indiana University Bloomington | 印度 |
| Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited | Daniel Perez and Benjamin Livshits, Imperial College London | Imperial College London | 英国 |
| Frontrunner Jones and the Raiders of the Dark Forest: An
Empirical Study of Frontrunning on the Ethereum Blockchain | Christof Ferreira Torres, SnT,
University of Luxembourg; Ramiro Camino, Luxembourg Institute of Science
and Technology; Radu State, SnT, University of Luxembourg | University of Luxembourg | 卢森堡 |
| SmarTest: Effectively Hunting Vulnerable Transaction Sequences
in Smart Contracts through Language Model-Guided Symbolic Execution | Sunbeom So, Seongjoon Hong, and Hakjoo Oh, Korea University | Korea University | 韩国 |
| MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design | Gururaj Saileshwar and Moinuddin Qureshi, Georgia Institute of Technology | Georgia Institute of Technology | 美国 |
| Dolma: Securing Speculation with the Principle of Transient Non-Observability | Kevin Loughlin, Ian Neal,
Jiacheng Ma, Elisa Tsai, Ofir Weisse, Satish Narayanasamy, and Baris Kasikci,
University of Michigan | University of Michigan | 美国 |
| Osiris: Automated Discovery of Microarchitectural Side Channels | Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, and Christian Rossow, CISPA Helmholtz Center for Information Security | CISPA Helmholtz Center for Information Security | 德国 |
| Swivel: Hardening WebAssembly against Spectre | Shravan Narayan and Craig
Disselkoen, UC San Diego; Daniel Moghimi, Worcester Polytechnic Institute and
UC San Diego; Sunjay Cauligi, Evan Johnson, and Zhao Gang, UC San Diego; Anjo Vahldiek-Oberwagner, Intel Labs; Ravi Sahita, Intel; Hovav Shacham, UT Austin; Dean Tullsen and Deian Stefan, UC San Diego | UC San Diego | 美国 |
| Rage Against the Machine Clear: A Systematic Analysis of Machine
Clears and Their Implications for Transient Execution Attacks | Hany Ragab, Enrico Barberis, Herbert Bos, and Cristiano Giuffrida, Vrije Universiteit Amsterdam | Vrije Universiteit Amsterdam | 荷兰 |
| Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs | Barbara Gigerl, Vedad Hadzic,
and Robert Primas, Graz University of Technology; Stefan Mangard, Graz
University of Technology, Lamarr Security Research; Roderick Bloem, Graz University of Technology | Graz University of Technology | 奥地利 |
| Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers | Giorgio Severi, Northeastern
University; Jim Meyer, Xailient Inc.; Scott Coull, FireEye Inc.; Alina Oprea,
Northeastern University | Northeastern University | 美国 |
| Blind Backdoors in Deep Learning Models | Eugene Bagdasaryan and Vitaly Shmatikov, Cornell Tech | Cornell Tech | 美国 |
| Graph Backdoor | Zhaohan Xi and Ren Pang,
Pennsylvania State University; Shouling Ji, Zhejiang University; Ting Wang,
Pennsylvania State University | Pennsylvania State University | 美国 |
| Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection | Di Tang, Chinese University of
Hong Kong; XiaoFeng Wang and Haixu Tang, Indiana University; Kehuan
Zhang, Chinese University of Hong Kong | Chinese University of Hong Kong | 中国 |
| You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion | Roei Schuster, Tel-Aviv
University, Cornell Tech; Congzheng Song, Cornell University; Eran Tromer,
Tel Aviv University; Vitaly Shmatikov, Cornell Tech | Tel-Aviv University, Cornell Tech | 美国 |
| Poisoning the Unlabeled Dataset of Semi-Supervised Learning | Nicholas Carlini, Google | 美国 | |
| Double-Cross Attacks: Subverting Active Learning Systems | Jose Rodrigo Sanchez Vicarte, Gang Wang, and Christopher W. Fletcher, University of Illinois at Urbana-Champaign | University of Illinois at Urbana-Champaign | 美国 |
| Fine Grained Dataflow Tracking with Proximal Gradients | Gabriel Ryan, Abhishek Shah, and
Dongdong She, Columbia University; Koustubha Bhat, Vrije Universiteit
Amsterdam; Suman Jana, Columbia University | Columbia University | 美国 |
| Static Detection of Unsafe DMA Accesses in Device Drivers | Jia-Ju Bai and Tuo Li, Tsinghua University; Kangjie Lu, University of Minnesota; Shi-Min Hu, Tsinghua University | Tsinghua University | 中国 |
| Maze: Towards Automated Heap Feng Shui | Yan Wang, {CAS-KLONAT,
BKLONSPT}, Institute of Information Engineering, Chinese Academy of Sciences;
WeiRan Lab, Huawei Technologies; Chao Zhang, BNRist & Institute for Network Science and Cyberspace, Tsinghua University; Tsinghua University-QI-ANXIN Group JCNS; Zixuan Zhao, Bolun Zhang, Xiaorui Gong, and Wei Zou, {CAS-KLONAT, BKLONSPT,} Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences | Institute of Information Engineering, Chinese Academy of Sciences | 中国 |
| SelectiveTaint: Efficient Data Flow Tracking With Static Binary Rewriting | Sanchuan Chen, Zhiqiang Lin, and Yinqian Zhang, The Ohio State University | The Ohio State University | 美国 |
| Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing | Stefan Nagy, Virginia Tech; Anh
Nguyen-Tuong, Jason D. Hiser, and Jack W. Davidson, University of
Virginia; Matthew Hicks, Virginia Tech | Virginia Tech | 美国 |
| MBA-Blast: Unveiling and Simplifying Mixed Boolean-Arithmetic Obfuscation | Binbin Liu, University of
Science and Technology of China & University of New Hampshire; Junfu
Shen, University of New Hampshire; Jiang Ming, University of Texas at Arlington; Qilong Zheng and Jing Li, University of Science and Technology of China; Dongpeng Xu, University of New Hampshire | University of Science and Technology of China & University of New Hampshire | 中国 |
| VScape: Assessing and Escaping Virtual Call Protections | Kaixiang Chen, Institute for
Network Science and Cyberspace, Tsinghua University; Chao Zhang, Institute
for Network Science and Cyberspace, Tsinghua University/Beijing National Research Center for Information Science and Technology/ Tsinghua University-QI-ANXIN Group JCNS; Tingting Yin and Xingman Chen, Institute for Network Science and Cyberspace, Tsinghua University; Lei Zhao, School of Cyber Science and Engineering, Wuhan University | Institute for Network Science and Cyberspace, Tsinghua University | 中国 |
| Pretty Good Phone Privacy | Paul Schmitt, Princeton University; Barath Raghavan, University of Southern California | Princeton University | 美国 |
| KeyForge: Non-Attributable Email from Forward-Forgeable Signatures | Michael A. Specter, MIT; Sunoo Park, MIT & Harvard; Matthew Green, Johns Hopkins University | MIT | 美国 |
| Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy | Saba Eskandarian, Stanford
University; Henry Corrigan-Gibbs, MIT CSAIL; Matei Zaharia and Dan
Boneh, Stanford University | Stanford University | 美国 |
| Kalεido: Real-Time Privacy Control for Eye-Tracking Systems | Jingjie Li, Amrita Roy Chowdhury, Kassem Fawaz, and Younghyun Kim, University of Wisconsin–Madison | University of Wisconsin–Madison | 美国 |
| Communication–Computation Trade-offs in PIR | Asra Ali, Google; Tancrède Lepoint; Sarvar Patel, Mariana Raykova, Phillipp Schoppmann, Karn Seth, and Kevin Yeo,Google | 美国 | |
| I Always Feel Like Somebody’s Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless Sensors | Akash Deep Singh, University of
California, Los Angeles; Luis Garcia, University of California, Los Angeles,
and USC ISI; Joseph Noor and Mani Srivastava, University of California, Los Angeles | University of California, Los Angeles | 美国 |
| The Complexities of Healing in Secure Group Messaging: Why Cross-Group Effects Matter | Cas Cremers, CISPA Helmholtz
Center for Information Security; Britta Hale, Naval Postgraduate School
(NPS); Konrad Kohbrok, Aalto University | CISPA Helmholtz Center for Information Security | 德国 |
| SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial Perturbations | Giulio Lovisotto, Henry Turner,
and Ivo Sluganovic, University of Oxford; Martin Strohmeier, armasuisse; Ivan
Martinovic, University of Oxford | University of Oxford | 英国 |
| Adversarial Policy Training against Deep Reinforcement Learning | Xian Wu, Wenbo Guo, Hua Wei, and Xinyu Xing, The Pennsylvania State University | The Pennsylvania State University | 美国 |
| DrMi: A Dataset Reduction Technology based on Mutual Information for Black-box Attacks | Yingzhe He, Guozhu Meng, Kai
Chen, Xingbo Hu, and Jinwen He, SKLOIS, Institute of Information
Engineering, Chinese Academy of Sciences/School of Cyber Security, University of Chinese Academy of Sciences | Institute of Information
Engineering, Chinese Academy of Sciences/School of Cyber Security, University of Chinese Academy of Sciences | 中国 |
| Deep-Dup: An Adversarial Weight Duplication Attack Framework to
Crush Deep Neural Network in Multi-Tenant FPGA | Adnan Siraj Rakin, Arizona State
University; Yukui Luo and Xiaolin Xu, Northeastern University; Deliang
Fan, Arizona State University | Arizona State University | 美国 |
| Entangled Watermarks as a Defense against Model Extraction | Hengrui Jia and Christopher A. Choquette-Choo, University of Toronto and
Vector Institute; Varun Chandrasekaran, University of Wisconsin-Madison; Nicolas Papernot, University of Toronto and Vector Institute | University of Toronto and Vector Institute | 加拿大 |
| Mind Your Weight(s): A Large-scale Study on Insufficient Machine Learning Model Protection in Mobile Apps | Zhichuang Sun, Ruimin Sun, Long Lu, and Alan Mislove, Northeastern University | Northeastern University | 美国 |
| Hermes Attack: Steal DNN Models with Lossless Inference Accuracy | Yuankun Zhu, The University of Texas at Dallas; Yueqiang Cheng, Baidu
Security; Husheng Zhou, VMware; Yantao Lu, Syracuse University | The University of Texas at Dallas | 美国 |
| ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems | Carter Yagemann, Georgia
Institute of Technology; Matthew Pruett, Georgia Tech Research Institute;
Simon P. Chung, Georgia Institute of Technology; Kennon Bittick, Georgia Tech Research Institute; Brendan Saltaformaggio and Wenke Lee, Georgia Institute of Technology | Georgia Institute of Technology | 美国 |
| Automatic Firmware Emulation through Invalidity-guided Knowledge Inference | Wei Zhou, National Computer
Network Intrusion Protection Center, University of Chinese Academy of
Sciences; Le Guan, Department of Computer Science, University of Georgia; Peng Liu, College of Information Sciences and Technology, The Pennsylvania State University; Yuqing Zhang, National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences; School of Cyber Engineering, Xidian University; School of Computer Science and Cyberspace Security, Hainan University | National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences | 中国 |
| Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code | Mansour Ahmadi, Reza Mirzazade Farkhani, Ryan Williams, and Long Lu, Northeastern University | Northeastern University | 美国 |
| Understanding and Detecting Disordered Error Handling with Precise Function Pairing | Qiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, and Kangjie Lu, University of Minnesota | University of Minnesota | 美国 |
| Precise and Scalable Detection of Use-after-Compacting-Garbage-Collection Bugs | HyungSeok Han, Andrew Wesie, and Brian Pak, Theori Inc. | Theori Inc. | 美国 |
| Reducing Test Cases with Attention Mechanism of Neural Networks | Xing Zhang, Jiongyi Chen, Chao
Feng, Ruilin Li, Yunfei Su, Bin Zhang, Jing Lei, and Chaojing Tang, National
University of Defense Technology | National University of Defense Technology | 中国 |
| FlowDist: Multi-Staged Refinement-Based Dynamic Information Flow
Analysis for Distributed Software Systems | Xiaoqin Fu and Haipeng Cai, Washington State University, Pullman, WA | Washington State University, Pullman,
WA Secure Multiparty Computation | 美国 |
| Privacy and Integrity Preserving Computations with CRISP | Sylvain Chatel, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, and Jean-Pierre Hubaux, EPFL | EPFL | 瑞士 |
| Senate: A Maliciously-Secure MPC Platform for Collaborative Analytics | Rishabh Poddar and Sukrit Kalra,
UC Berkeley; Avishay Yanai, VMware Research; Ryan Deng, Raluca Ada Popa,
and Joseph M. Hellerstein, UC Berkeley | UC Berkeley | 美国 |
| GForce: GPU-Friendly Oblivious and Rapid Neural Network Inference | Lucien K. L. Ng and Sherman S. M. Chow, The Chinese University of Hong Kong, Hong Kong | The Chinese University of Hong Kong | 中国 |
| ABY2.0: Improved Mixed-Protocol Secure Two-Party Computation | Arpita Patra, Indian Institute
of Science; Thomas Schneider, TU Darmstadt; Ajith Suresh, Indian Institute of
Science; Hossein Yalame, TU Darmstadt | Indian Institute of Science | 印度 |
| Fantastic Four: Honest-Majority Four-Party Secure Computation With Malicious Security | Anders Dalskov, Aarhus University & Partisia; Daniel Escudero, Aarhus University; Marcel Keller, CSIRO’s Data61 | Aarhus University & Partisia | 丹麦 |
| Muse: Secure Inference Resilient to Malicious Clients | Ryan Lehmkuhl and Pratyush
Mishra, UC Berkeley; Akshayaram Srinivasan, Tata Institute of Fundamental
Research; Raluca Ada Popa, UC Berkeley | UC Berkeley | 美国 |
| ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State | Jeongseok Son, Griffin Prechter, Rishabh Poddar, Raluca Ada Popa, and Koushik Sen, University of California, Berkeley | University of California | 美国 |
| PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking | Chong Xiang, Princeton University; Arjun Nitin Bhagoji, University of
Chicago; Vikash Sehwag and Prateek Mittal, Princeton University | Princeton University | 美国 |
| T-Miner: A Generative Approach to Defend Against Trojan Attacks on DNN-based Text Classification | Ahmadreza Azizi and Ibrahim
Asadullah Tahmid, Virginia Tech; Asim Waheed, LUMS Pakistan; Neal
Mangaokar, University of Michigan; Jiameng Pu, Virginia Tech; Mobin Javed, LUMS Pakistan; Chandan K. Reddy and Bimal Viswanath, Virginia Tech | Virginia Tech | 美国 |
| WaveGuard: Understanding and Mitigating Audio Adversarial Examples | Shehzeen Hussain, Paarth
Neekhara, Shlomo Dubnov, Julian McAuley, and Farinaz Koushanfar, University
of California, San Diego | University of California, San Diego | 美国 |
| Cost-Aware Robust Tree Ensembles for Security Applications | Yizheng Chen, Shiqi Wang, Weifan Jiang, Asaf Cidon, and Suman Jana, Columbia University | Yizheng Chen, Shiqi Wang, Weifan Jiang, Asaf Cidon, and Suman Jana, Columbia University | 美国 |
| Dompteur: Taming Audio Adversarial Examples | Thorsten Eisenhofer, Lea
Schönherr, and Joel Frank, Ruhr University Bochum; Lars Speckemeier,
University College London; Dorothea Kolossa and Thorsten Holz, Ruhr University Bochum | Ruhr University Bochum | 德国 |
| CADE: Detecting and Explaining Concept Drift Samples for Security Applications | Limin Yang, University of Illinois at Urbana-Champaign; Wenbo Guo, The
Pennsylvania State University; Qingying Hao, University of Illinois at Urbana-Champaign; Arridhana Ciptadi and Ali Ahmadzadeh, Blue Hexagon; Xinyu Xing, The Pennsylvania State University; Gang Wang, University of Illinois at Urbana-Champaign | University of Illinois at Urbana-Champaign | 美国 |
| Sigl: Securing Software Installations Through Deep Graph Learning | Xueyuan Han, Harvard University; Xiao Yu, NEC Laboratories America; Thomas
Pasquier, University of Bristol; Ding Li, Peking University; Junghwan Rhee, NEC Laboratories America; James Mickens, Harvard University; Margo Seltzer, University of British Columbia; Haifeng Chen, NEC Laboratories America | Harvard University | 美国 |
| ExpRace: Exploiting Kernel Races through Raising Interrupts | Yoochan Lee, Seoul National University; Changwoo Min, Virginia Tech; Byoungyoung Lee, Seoul National University | Seoul National University | 韩国 |
| Undo Workarounds for Kernel Bugs | Seyed Mohammadjavad Seyed
Talebi, Zhihao Yao, and Ardalan Amiri Sani, UC Irvine; Zhiyun Qian, UC
Riverside; Daniel Austin, Atlassian | UC Irvine | 美国 |
| An Analysis of Speculative Type Confusion Vulnerabilities in the Wild | Ofek Kirzner and Adam Morrison, Tel Aviv University | Tel Aviv University | 以色列 |
| Blinder: Partition-Oblivious Hierarchical Scheduling | Man-Ki Yoon, Mengqi Liu, Hao Chen, Jung-Eun Kim, and Zhong Shao, Yale University | Yale University | 美国 |
| Shard: Fine-Grained Kernel Specialization with Context-Aware Hardening | Muhammad Abubakar, Adil Ahmad, Pedro Fonseca, and Dongyan Xu, Purdue University | Purdue University | 美国 |
| Preventing Use-After-Free Attacks with Fast Forward Allocation | Brian Wickman, GTRI; Hong Hu,
PennState; Insu Yun, Daehee Jang, and JungWon Lim, GeorgiaTech; Sanidhya
Kashyap, EPFL; Taesoo Kim, GeorgiaTech | GTRI | 美国 |
| Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking | Xin Tan, Yuan Zhang, and Xiyu Yang, Fudan University; Kangjie Lu, University of Minnesota; Min Yang, Fudan University | Fudan University | 中国 |
| Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support | Max Maass and Alina Stöver, TU
Darmstadt; Henning Pridöhl, Universität Bamberg; Sebastian Bretthauer,
GoetheUniversität Frankfurt; Dominik Herrmann, Universität Bamberg; Matthias
Hollick, TU Darmstadt; Indra Spiecker, Goethe-Universität Frankfurt | TU Darmstadt | 德国 |
| Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets | Pierre Laperdrix, Univ. Lille,
CNRS, Inria; Oleksii Starov, Palo Alto Networks; Quan Chen and Alexandros
Kapravelos, North Carolina State University; Nick Nikiforakis, Stony Brook University | CNRS, Inria | 印度 |
| JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals | Soheil Khodayari and Giancarlo Pellegrino, CISPA Helmholtz Center for Information Security | CISPA Helmholtz Center for Information Security | 德国 |
| AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party Ads | Hyunjoo Lee, Jiyeon Lee, and
Daejun Kim, Korea Advanced Institute of Science and Technology; Suman
Jana, Columbia University; Insik Shin and Sooel Son, Korea Advanced Institute of Science and Technology | Korea Advanced Institute of Science and Technology | 韩国 |
| CACTI: Captcha Avoidance via Client-side TEE Integration | Yoshimichi Nakatsuka and Ercan
Ozturk, University of California, Irvine; Andrew Paverd, Microsoft
Research; Gene Tsudik, University of California, Irvine | University of California, Irvine | 美国 |
| PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems | Yu-Tsung Lee, Penn State
University; William Enck, North Carolina State University; Haining Chen,
Google; Hayawardh Vijayakumar, Samsung Research; Ninghui Li, Purdue University; Zhiyun Qian and Daimeng Wang, UC Riverside; Giuseppe Petracca, Lyft; Trent Jaeger, Penn State University | Penn State University | 美国 |
| Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types | Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, and Thorsten Holz, Ruhr-Universität Bochum | Ruhr-Universität Bochum | 德国 |
| Systematic Evaluation of Privacy Risks of Machine Learning Models | Liwei Song and Prateek Mittal, Princeton University | Princeton University | 美国 |
| Extracting Training Data from Large Language Models | Nicholas Carlini, Google;
Florian Tramèr, Stanford University; Eric Wallace, UC Berkeley; Matthew
Jagielski, Northeastern University; Ariel Herbert-Voss, OpenAI and Harvard University; Katherine Lee and Adam Roberts, Google; Tom Brown, OpenAI; Dawn Song, UC Berkeley; Úlfar Erlingsson, Apple; Alina Oprea, Northeastern University; Colin Raffel, Google | 美国 | |
| SWIFT: Super-fast and Robust Privacy-Preserving Machine Learning | Nishat Koti, Mahak Pancholi, Arpita Patra, and Ajith Suresh, Indian Institute of Science, Bangalore | Indian Institute of Science, Bangalore | 印度 |
| Stealing Links from Graph Neural Networks | Xinlei He, CISPA Helmholtz Center for Information Security; Jinyuan Jia,
Duke University; Michael Backes, CISPA Helmholtz Center for Information Security; Neil Zhenqiang Gong, Duke University; Yang Zhang, CISPA Helmholtz Center for Information Security | CISPA Helmholtz Center for Information Security | 德国 |
| Leakage of Dataset Properties in Multi-Party Machine Learning | Wanrong
Zhang, Georgia Institute of Technology; Shruti
Tople, Microsoft Research; Olga Ohrimenko, The University of Melbourne | Georgia Institute of Technology | 美国 |
| Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations | Milad Nasr, Alireza Bahramali, and Amir Houmansadr, University of Massachusetts Amherst | University of Massachusetts Amherst | 美国 |
| Cerebro: A Platform for Multi-Party Cryptographic Collaborative Learning | Wenting
Zheng, UC Berkeley/CMU; Ryan Deng, Weikeng Chen,
and Raluca Ada Popa, UC Berkeley; Aurojit Panda, New York University; Ion Stoica, UC Berkeley | UC Berkeley/CMU | 美国 |
| SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning | Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V.
Krishnamurthy, and Nael Abu-Ghazaleh, University of California, Riverside | University of California, Riverside | 美国 |
| Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing | Yousra Aafer, University of
Waterloo; Wei You, Renmin University of China; Yi Sun, Yu Shi, and Xiangyu
Zhang, Purdue University; Heng Yin, UC Riverside | University of Waterloo | 加拿大 |
| UniFuzz: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers | Yuwei Li, Zhejiang University;
Shouling Ji, Zhejiang University/Zhejiang University NGICS Platform; Yuan
Chen, Zhejiang University; Sizhuang Liang, Georgia Institute of Technology; Wei-Han Lee, IBM Research; Yueyao Chen and Chenyang Lyu, Zhejiang University; Chunming Wu, Zhejiang University/Zhejiang Lab, Hangzhou, China; Raheem Beyah, Georgia Institute of Technology; Peng Cheng, Zhejiang University NGICS Platform/Zhejiang University; Kangjie Lu, University of Minnesota; Ting Wang, Pennsylvania State University | Zhejiang University | 中国 |
| Token-Level Fuzzing | Christopher Salls, UC Santa Barbara; Chani Jindal, Microsoft; Jake Corina, Seaside Security; Christopher Kruegel and Giovanni Vigna, UC Santa Barbara | UC Santa Barbara | 美国 |
| APICraft: Fuzz Driver Generation for Closed-source SDK Libraries | Cen Zhang, Nanyang Technological University; Xingwei Lin, Ant Group;
Yuekang Li, Nanyang Technological University; Yinxing Xue, University of Science and Technology of China; Jundong Xie, Ant Group; Hongxu Chen, Nanyang Technological University; Xinlei Ying and Jiashui Wang, Ant Group; Yang Liu, Nanyang Technological University | Nanyang Technological University | 新加坡 |
| The Use of Likely Invariants as Feedback for Fuzzers | Andrea Fioraldi, EURECOM; Daniele Cono D’Elia, Sapienza University of Rome; Davide Balzarotti, EURECOM | EURECOM | 法国 |
| ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications | Dimitrios Tychalas, NYU Tandon
School of Engineering; Hadjer Benkraouda and Michail Maniatakos, New York
University Abu Dhabi | NYU Tandon School of Engineering | 美国 |
| Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses | Anatoly Shusterman, Ben-Gurion
University of the Negev; Ayush Agarwal, University of Michigan; Sioli
O’Connell, University of Adelaide; Daniel Genkin, University of Michigan; Yossi Oren, Ben-Gurion University of the Negev; Yuval Yarom, University of Adelaide and Data61 | Ben-Gurion University of the Negev | 以色列 |
| Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists | Alexander Bulekov, Rasoul Jahanshahi, and Manuel Egele, Boston University | Boston University | 美国 |
| SandTrap: Securing JavaScript-driven Trigger-Action Platforms | Mohammad M. Ahmadpanah, Chalmers
University of Technology; Daniel Hedin, Chalmers University of
Technology and Mälardalen University; Musard Balliu, KTH Royal Institute of Technology; Lars Eric Olsson and Andrei Sabelfeld, Chalmers University of Technology | Chalmers University of Technology | 瑞典 |
| Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web | Marco Squarcina, Mauro Tempesta, and Lorenzo Veronese, TU Wien; Stefano Calzavara, Università Ca’ Foscari Venezia & OWASP; Matteo Maffei, TU Wien | TU Wien | 奥地利 |
| U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild | Marius Musch and Martin Johns, TU Braunschweig | TU Braunschweig | 德国 |
| Abusing Hidden Properties to Attack the Node.js Ecosystem | Feng Xiao, Georgia Tech; Jianwei Huang, Texas A&M University;
Yichang Xiong, Independent Researcher; Guangliang Yang, Georgia Tech; Hong Hu, Penn State University; Guofei Gu, Texas A&M University; Wenke Lee, Georgia Tech | Georgia Tech | 美国 |
| mID: Tracing Screen Photos via Moiré Patterns | Yushi Cheng, Xiaoyu Ji, Lixu
Wang, and Qi Pang, Zhejiang University; Yi-Chao Chen, Shanghai Jiao Tong
University; Wenyuan Xu, Zhejiang University | Zhejiang University | 中国 |
| SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly Compression | Peng Fei, Zhou Li, and Zhiying Wang, University of California, Irvine;
Xiao Yu, NEC Laboratories America, Inc.; Ding Li, Peking University; Kangkook Jee, University of Texas at Dallas | University of California, Irvine | 美国 |
| ATLAS: A Sequence-based Learning Approach for Attack Investigation | Abdulellah Alsaheel and Yuhong
Nan, Purdue University; Shiqing Ma, Rutgers University; Le Yu, Gregory
Walkup, Z. Berkay Celik, Xiangyu Zhang, and Dongyan Xu, Purdue University | Purdue University | 美国 |
| Elise: A Storage Efficient Logging System Powered by Redundancy Reduction and Representation Learning | Hailun Ding, Shenao Yan, Juan Zhai, and Shiqing Ma, Rutgers University | Rutgers University | 美国 |
| V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities | Seunghoon Woo, Dongwook Lee, Sunghan Park, and Heejo Lee, Korea University; Sven Dietrich, City University of New York | Korea University | 韩国 |
| Minerva– An Efficient Risk-Limiting Ballot Polling Audit | Filip Zagórski, Wroclaw University of Science and Technology; Grant McClearn and Sarah Morin, The George Washington University; Neal McBurnett; Poorvi L. Vora, The George Washington University | Wroclaw University of Science and Technology | 波兰 |
| Security Analysis of the Democracy Live Online Voting System | Michael Specter, MIT; J. Alex Halderman, University of Michigan | MIT | 美国 |
| Hopper: Modeling and Detecting Lateral Movement | Grant Ho, UC San Diego, UC
Berkeley, and Dropbox; Mayank Dhiman, Dropbox; Devdatta Akhawe, Figma,
Inc.; Vern Paxson, UC Berkeley and International Computer Science Institute; Stefan Savage and Geoffrey M. Voelker, UC San Diego; David Wagner, UC Berkeley | UC San Diego, UC Berkeley, and Dropbox | 美国 |
| LZR: Identifying Unexpected Internet Services | Liz Izhikevich, Stanford University; Renata Teixeira, Inria; Zakir Durumeric, Stanford University | Stanford University | 美国 |
| Blind In/On-Path Attacks and Applications to VPNs | William J. Tolley and Beau
Kujath, Breakpointing Bad/Arizona State University; Mohammad Taha Khan,
Washington and Lee University; Narseo Vallina-Rodriguez, IMDEA Networks Institute/ICSI; Jedidiah R. Crandall, Breakpointing Bad/ Arizona State University | Breakpointing Bad/Arizona State University | 美国 |
| The Hijackers Guide To The Galaxy: Off-Path Taking Over Internet Resources | Tianxiang
Dai, Fraunhofer Institute for Secure Information
Technology SIT; Philipp Jeitner, Fraunhofer Institute for Secure Information Technology SIT, Technical University of Darmstadt; Haya Shulman, Fraunhofer Institute for Secure Information Technology SIT; Michael Waidner, Fraunhofer Institute for Secure Information Technology SIT, Technical University of Darmstadt | Fraunhofer Institute for Secure Information Technology SIT | 德国 |
| Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS | Philipp Jeitner, TU Darmstadt; Haya Shulman, Fraunhofer SIT | Fraunhofer SIT | 德国 |
| Causal Analysis for Software-Defined Networking Attacks | Benjamin E. Ujcich, Georgetown
University; Samuel Jero and Richard Skowyra, MIT Lincoln Laboratory; Adam
Bates, University of Illinois at Urbana-Champaign; William H. Sanders, Carnegie Mellon University; Hamed Okhravi, MIT Lincoln Laboratory | Georgetown University | 美国 |
| Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks | Kaiwen Shen, Chuhan Wang, and
Minglei Guo, Tsinghua University; Xiaofeng Zheng, Tsinghua University and Qi
An Xin Technology Research Institute; Chaoyi Lu and Baojun Liu, Tsinghua University; Yuxuan Zhao, North China Institute of Computing Technology; Shuang Hao, University of Texas at Dallas; Haixin Duan, Tsinghua University; Qi An Xin Technology Research Institute; Qingfeng Pan, Coremail Technology Co. Ltd; Min Yang, Fudan University | Tsinghua University | 中国 |
| Automated Discovery of Denial-of-Service Vulnerabilities in Connected Vehicle Protocols | Shengtuo Hu, University of
Michigan; Qi Alfred Chen, UC Irvine; Jiachen Sun, Yiheng Feng, Z. Morley Mao,
and Henry X. Liu, University of Michigan | University of Michigan | 美国 |
| Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations | Pengfei Jing, The Hong Kong
Polytechnic University and Keen Security Lab, Tencent; Qiyi Tang and Yuefeng
Du, Keen Security Lab, Tencent; Lei Xue and Xiapu Luo, The Hong Kong Polytechnic University; Ting Wang, Pennsylvania State University; Sen Nie and Shi Wu, Keen Security Lab, Tencent | The Hong Kong Polytechnic University and Keen Security Lab, Tencent | 中国 |
| Acoustics to the Rescue: Physical Key Inference Attack Revisited | Soundarya Ramesh and Rui Xiao,
National University of Singapore; Anindya Maiti, University of Oklahoma; Jong
Taek Lee, Harini Ramprasad, and Ananda Kumar, National University of Singapore; Murtuza Jadliwala, University of Texas at San Antonio; Jun Han, National University of Singapore | National University of Singapore | 新加坡 |
| Messy States of Wiring: Vulnerabilities in Emerging Personal Payment Systems | Jiadong Lou and Xu Yuan, University of Louisiana at Lafayette; Ning Zhang, Washington University in St. Louis | University of Louisiana at Lafayette | 美国 |
| Research on the Security of Visual Reasoning CAPTCHA | Yipeng Gao, Haichang Gao, Sainan
Luo, Yang Zi, Shudong Zhang, Wenjie Mao, Ping Wang, and Yulong Shen, Xidian University; Jeff Yan, Linköping University | Xidian University | 中国 |
| Dirty Road Can Attack: Security of Deep Learning based Automated
Lane Centering under Physical-World Attack | Takami Sato, Junjie Shen, and
Ningfei Wang, University of California, Irvine; Yunhan Jia, ByteDance; Xue
Lin, Northeastern University; Qi Alfred Chen, University of California, Irvine | University of California, Irvine | 美国 |
| Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications | Mingkui Wei, George Mason University | George Mason University | 美国 |
| Weaponizing Middleboxes for TCP Reflected Amplification | Kevin Bock, University of
Maryland; Abdulrahman Alaraj, University of Colorado Boulder; Yair Fax and
Kyle Hurley, University of Maryland; Eric Wustrow, University of Colorado Boulder; Dave Levin, University of Maryland | University of Maryland | 美国 |
| Collective Information Security in Large-Scale Urban Protests: the Case of Hong Kong | Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Mareková, Royal Holloway, University of London | University of London | 英国 |
| How Great is the Great Firewall? Measuring China’s DNS Censorship | Nguyen Phong Hoang, Stony Brook
University and Citizen Lab, University of Toronto; Arian Akhavan Niaki,
University of Massachusetts, Amherst; Jakub Dalek, Jeffrey Knockel, and Pellaeon Lin, Citizen Lab, University of Toronto; Bill Marczak, Citizen Lab, University of Toronto, and University of California, Berkeley; Masashi Crete-Nishihata, Citizen Lab, University of Toronto; Phillipa Gill, University of Massachusetts, Amherst; Michalis Polychronakis, Stony Brook University | University of Toronto | 加拿大 |
| Balboa: Bobbing and Weaving around Network Censorship | Marc B. Rosen, James Parker, and Alex J. Malozemoff, Galois, Inc. | Galois, Inc. | 美国 |
| Once is Never Enough: Foundations for Sound Statistical Inference in Tor Network Experimentation | Rob Jansen, U.S. Naval Research Laboratory; Justin Tracey and Ian Goldberg, University of Waterloo | U.S. Naval Research Laboratory | 美国 |
| Rollercoaster: An Efficient Group-Multicast Scheme for Mix Networks | Daniel Hugenroth, Martin Kleppmann, and Alastair R. Beresford, University of Cambridge | University of Cambridge | 英国 |
| Obfuscation-Resilient Executable Payload Extraction From Packed Malware | Binlin Cheng, Hubei Normal
University & Wuhan University; Jiang Ming, Erika A Leal, and Haotian
Zhang, The University of Texas at Arlington; Jianming Fu and Guojun Peng, Wuhan University; Jean-Yves Marion, Université de Lorraine, CNRS, LORIA | Hubei Normal University & Wuhan University | 中国 |
| DeepReflect: Discovering Malicious Functionality through Binary Reconstruction | Evan Downing, Georgia Institute
of Technology; Yisroel Mirsky, Georgia Institute of Technology &
Ben-Gurion University; Kyuhong Park and Wenke Lee, Georgia Institute of Technology | Georgia Institute of Technology | 美国 |
| When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World | Erin Avllazagaj, University of
Maryland, College Park; Ziyun Zhu, Facebook; Leyla Bilge, NortonLifeLock
Research Group; Davide Balzarotti, EURECOM; Tudor Dumitras, University of Maryland, College Park | University of Maryland, College Park | 美国 |
| The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle | Omar Alrawi, Charles Lever, and
Kevin Valakuzhy, Georgia Institute of Technology; Ryan Court and Kevin
Snow, Zero Point Dynamics; Fabian Monrose, University of North Carolina at Chapel Hill; Manos Antonakakis, Georgia Institute of Technology | Georgia Institute of Technology | 美国 |
| Forecasting Malware Capabilities From Cyber Attack Memory Images | Omar Alrawi, Moses Ike, Matthew
Pruett, Ranjita Pai Kasturi, Srimanta Barua, Taleb Hirani, Brennan Hill,
and Brendan Saltaformaggio, Georgia Institute of Technology | Georgia Institute of Technology | 美国 |
| YarIx: Scalable YARA-based Malware Intelligence | Michael Brengel and Christian Rossow, CISPA Helmholtz Center for Information Security | CISPA Helmholtz Center for Information Security | 德国 |
| Constraint-guided Directed Greybox Fuzzing | Gwangmu Lee, Seoul National University; Woochul Shim, Samsung Research; Byoungyoung Lee, Seoul National University | Seoul National University | 韩国 |
| PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop | Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, and Christian Weinert, TU Darmstadt | TU Darmstadt | 德国 |
| Privacy-Preserving and Standard-Compatible AKA Protocol for 5G | Yuchen Wang, TCA of State Key
Laboratory of Computer Science, Institute of Software, Chinese Academy of
Sciences & Alibaba Group; Zhenfeng Zhang, TCA of State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences; Yongquan Xie, Commercial Cryptography Testing Center of State Cryptography Administration | TCA of State Key Laboratory of
Computer Science, Institute of Software, Chinese Academy of Sciences & Alibaba Group | 中国 |
| SEApp: Bringing Mandatory Access Control to Android Apps | Matthew Rossi, Dario
Facchinetti, and Enrico Bacis, Università degli Studi di Bergamo; Marco Rosa,
SAP Security Research; Stefano Paraboschi, Università degli Studi di Bergamo | Università degli Studi di Bergamo | 意大利 |
| A11y and Privacy don’t have to be mutually exclusive: Constraining Accessibility Service Misuse on Android | Jie Huang, Michael Backes, and Sven Bugiel, CISPA Helmholtz Center for Information Security | CISPA Helmholtz Center for Information Security | 德国 |
| An Investigation of the Android Kernel Patch Ecosystem | Zheng Zhang, UC RIverside; Hang Zhang and Zhiyun Qian, UC Riverside; Billy Lau, Google Inc. | UC RIverside | 美国 |
| Share First, Ask Later (or Never?) Studying Violations of GDPR’s Explicit Consent in Android Apps | Trung Tin Nguyen, CISPA
Helmholtz Center for Information Security; Saarbrücken Graduate School of
Computer Science, Saarland University; Michael Backes, Ninja Marnau, and Ben Stock, CISPA Helmholtz Center for Information Security | CISPA Helmholtz Center for Information Security | 德国 |
| DEFInit: An Analysis of Exposed Android Init Routines | Yuede Ji, University of North Texas; Mohamed Elsabagh, Ryan Johnson, and Angelos Stavrou, Kryptowire | University of North Texas | 美国 |
| Scalable Detection of Promotional Website Defacements in Black Hat SEO Campaigns | Ronghai Yang, Sangfor
Technologies Inc.; Xianbo Wang, The Chinese University of Hong Kong; Cheng
Chi, Dawei Wang, Jiawei He, and Siming Pang, Sangfor Technologies Inc.; Wing Cheong Lau, The Chinese University of Hong Kong | Sangfor Technologies Inc | 中国 |
| Compromised or Attacker-Owned: A Large Scale Classification and
Study of Hosting Domains of Malicious URLs | Ravindu De Silva, SCoRe Lab and
Qatar Computing Research Institute; Mohamed Nabeel, Qatar Computing
Research Institute; Charith Elvitigala, SCoRe Lab; Issa Khalil and Ting Yu, Qatar Computing Research Institute; Chamath Keppitiyagama, University of Colombo School of Computing | SCoRe Lab and Qatar Computing Research Institute | 卡塔尔 |
| Assessing Browser-level Defense against IDN-based Phishing | Hang Hu, Virginia Tech; Steve T.K. Jan, University of Illinois at
Urbana-Champaign/Virginia Tech; Yang Wang and Gang Wang, University of Illinois at Urbana-Champaign | Virginia Tech | 美国 |
| Catching Phishers By Their Bait: Investigating the Dutch Phishing Landscape through Phishing Kit Detection | Hugo Bijmans, Tim Booij, and
Anneke Schwedersky, Netherlands Organisation for Applied Scientific Research
(TNO); Aria Nedgabat, Eindhoven University of Technology; Rolf van Wegberg, Delft University of Technology | Eindhoven University of Technology | 荷兰 |
| PhishPrint: Evading Phishing Detection Crawlers by Prior Profiling | Bhupendra Acharya and Phani Vadrevu, UNO Cyber Center, University of New Orleans | UNO Cyber Center, University of New Orleans | 美国 |
| Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages | Yun Lin and
Ruofan Liu, National University of Singapore;
Dinil Mon Divakaran, Trustwave; Jun Yang Ng and Qing Zhou Chan, National University of Singapore; Yiwen Lu, Yuxuan Si, and Fan Zhang, Zhejiang University; Jin Song Dong, National University of Singapore | National University of Singapore | 新加坡 |
| Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols | Enis Ulqinaku, ETH Zürich; Hala
Assal, AbdelRahman Abdou, and Sonia Chiasson, Carleton University; Srdjan
Capkun, ETH Zürich | Carleton University | 加拿大 |
| Jaqen: A High-Performance Switch-Native Approach for Detecting and Mitigating Volumetric DDoS Attacks with Programmable Switches | Zaoxing Liu, Boston University; Hun Namkung, Carnegie Mellon University;
Georgios Nikolaidis, Jeongkeun Lee, and Changhoon Kim, Intel, Barefoot Switch Division; Xin Jin, Peking University; Vladimir Braverman, Johns Hopkins University; Minlan Yu, Harvard University; Vyas Sekar, Carnegie Mellon University | Boston University | 美国 |
| ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection | Yeting Li and Zixuan Chen,
SKLCS, ISCAS, UCAS; Jialun Cao, HKUST; Zhiwu Xu, Shenzhen University;
Qiancheng Peng, SKLCS, ISCAS, UCAS; Haiming Chen, SKLCS, ISCAS; Liyuan Chen, Tencent; Shing-Chi Cheung, HKUST | SKLCS, ISCAS, UCAS | 中国 |
| Ripple: A Programmable, Decentralized Link-Flooding Defense Against Adaptive Adversaries | Jiarong Xing, Wenqing Wu, and Ang Chen, Rice University | Rice University | 美国 |
| Accurately Measuring Global Risk of Amplification Attacks using AmpMap | Soo-Jin Moon, Yucheng Yin, and
Rahul Anand Sharma, Carnegie Mellon University; Yifei Yuan, Alibaba
Group; Jonathan M. Spring, CERT/CC, SEI, Carnegie Mellon University; Vyas Sekar, Carnegie Mellon University | Carnegie Mellon University | 美国 |
| A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks | Nitya Lakshmanan and Nishant
Budhdev, National University of Singapore; Min Suk Kang, KAIST; Mun Choon
Chan and Jun Han, National University of Singapore | National University of Singapore | 新加坡 |
| Disrupting Continuity of Apple’s Wireless Ecosystem Security:
New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi | Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick, Technical University of Darmstadt | Technical University of Darmstadt | 德国 |
| Stars Can Tell: A Robust Method to Defend against GPS Spoofing Attacks using Off-the-shelf Chipset | Shinan Liu, University of Chicago; Xiang Cheng and Hanchao Yang, Virginia
Tech; Yuanchao Shu, Microsoft Research; Xiaoran Weng, University of Electronic Science and Technology of China; Ping Guo, City University of Hong Kong; Kexiong (Curtis) Zeng, Facebook; Gang Wang, University of Illinois at Urbana-Champaign; Yaling Yang, Virginia Tech | University of Chicago | 美国 |
| Formally Verified Memory Protection for a Commodity Multiprocessor Hypervisor | Shih-Wei Li, Xupeng Li, Ronghui Gu, Jason Nieh, and John Zhuang Hui, Columbia University | Columbia University | 美国 |
| Automatic Policy Generation for Inter-Service Access Control of Microservices | Xing Li, Zhejiang University;
Yan Chen, Northwestern University; Zhiqiang Lin, The Ohio State University;
Xiao Wang and Jim Hao Chen, Northwestern University | Zhejiang University | 中国 |
| CLARION: Sound and Clear Provenance Tracking for Microservice Deployments | Xutong Chen, Northwestern University; Hassaan Irshad, SRI International;
Yan Chen, Northwestern University; Ashish Gehani and Vinod Yegneswaran, SRI International | Northwestern University | 美国 |
| Virtual Secure Platform: A Five-Stage Pipeline Processor over TFHE | Kotaro Matsuoka, Ryotaro Banno, Naoki Matsumoto, Takashi Sato, and Song Bian, Kyoto University | Kyoto University | 日本 |
| Searching Encrypted Data with Size-Locked Indexes | Min Xu, University of Chicago; Armin Namavari, Cornell University;
David Cash, University of Chicago; Thomas Ristenpart, Cornell Tech | University of Chicago | 美国 |
| Blitz: Secure Multi-Hop Payments Without Two-Phase Commits | Lukas Aumayr, TU Wien; Pedro
Moreno-Sanchez, IMDEA Software Institute; Aniket Kate, Purdue
University; Matteo Maffei, TU Wien | TU Wien | 奥地利 |
| Reducing HSM Reliance in Payments through Proxy Re-Encryption | Sivanarayana Gaddam, Visa; Atul
Luykx, Security Engineering Research, Google; Rohit Sinha, Swirlds Inc.;
Gaven Watson, Visa Research | Visa | 美国 |
| Risky Business? Investigating the Security Practices of Vendors
on an Online Anonymous Market using Ground-Truth Data | Jochem van de Laarschot and Rolf van Wegberg, Delft University of Technology | Delft University of Technology | 荷兰 |
| Deep Entity Classification: Abusive Account Detection for Online Social Networks | Teng Xu, Gerard Goossen, Huseyin Kerem Cevahir, Sara Khodeir, and
Yingyezhe Jin, Facebook, Inc; Frank Li, Facebook, Inc, and Georgia Institute of Technology; Shawn Shan, Facebook, Inc, and University of Chicago; Sagar Patel and David Freeman, Facebook, Inc; Paul Pearce, Facebook, Inc, and Georgia Institute of Technology | Facebook, Inc | 美国 |
| SocialHEISTing: Understanding Stolen Facebook Accounts | Jeremiah Onaolapo, University of
Vermont; Nektarios Leontiadis and Despoina Magka, Facebook; Gianluca
Stringhini, Boston University | University of Vermont | 美国 |
| Understanding Malicious Cross-library Data Harvesting on Android | Jice Wang, National Computer
Network Intrusion Protection Center, University of Chinese Academy of
Sciences; Indiana University Bloomington; Yue Xiao and Xueqiang Wang, Indiana University Bloomington; Yuhong Nan, Purdue University; Luyi Xing and Xiaojing Liao, Indiana University Bloomington; JinWei Dong, School of Cyber Engineering, Xidian University; Nicolas Serrano, Indiana University, Bloomington; Haoran Lu and XiaoFeng Wang, Indiana University Bloomington; Yuqing Zhang, National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences; School of Cyber Engineering, Xidian University; School of Computer Science and Cyberspace Security, Hainan University | National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences | 中国 |
| Swiped: Analyzing Ground-truth Data of a Marketplace for Stolen Debit and Credit Cards | Maxwell Aliapoulios, Cameron Ballard, Rasika Bhalerao, Tobias Lauinger, and Damon McCoy, New York University | New York University | 美国 |
| Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service | Zhibo Sun, Adam Oest, and Penghui Zhang, Arizona State University;
Carlos Rubio-Medrano, Texas A&M University – Corpus Christi; Tiffany Bao and Ruoyu Wang, Arizona State University; Ziming Zhao, Rochester Institute of Technology; Yan Shoshitaishvili and Adam Doupé, Arizona State University; Gail-Joon Ahn, Arizona State University and Samsung Research | Texas A&M University – Corpus Christi | 德国 |
| Capture: Centralized Library Management for Heterogeneous IoT Devices | Han Zhang, Abhijith Anilkumar, Matt Fredrikson, and Yuvraj Agarwal, Carnegie Mellon University | Carnegie Mellon University | 美国 |
| MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols | Qinying Wang, Zhejiang
University; Shouling Ji, Zhejiang University; Binjiang Institute of Zhejiang
University; Yuan Tian, University of Virginia; Xuhong Zhang, Zhejiang University; Binjiang Institute of Zhejiang University; Binbin Zhao, Georgia Institute of Technology; Yuhong Kan and Zhaowei Lin, Zhejiang University; Changting Lin and Shuiguang Deng, Zhejiang University; Binjiang Institute of Zhejiang University; Alex X. Liu, Ant Group; Raheem Beyah, Georgia Institute of Technology | Zhejiang University | 中国 |
| HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes | Chenglong Fu, Temple University; Qiang Zeng, University of South Carolina; Xiaojiang Du, Temple University | Temple University | 美国 |
| Exposing New Vulnerabilities of Error Handling Mechanism in CAN | Khaled Serag and Rohit Bhatia,
Purdue University; Vireshwar Kumar, Indian Institute of Technology Delhi; Z.
Berkay Celik and Dongyan Xu, Purdue University | Purdue University | 美国 |
| CANARY – a reactive defense mechanism for Controller Area Networks based on Active RelaYs | Bogdan Groza, Lucian Popa, and Pal-Stefan Murvay, Universitatea Politehnica Timisoara; Yuval Elovici and Asaf Shabtai,Ben-Gurion University of the Negev | Universitatea Politehnica Timisoara(蒂米什瓦拉理工学院) | 罗马尼亚 |
| ReDMArk: Bypassing RDMA Security Mechanisms | Benjamin Rothenberger, Konstantin Taranov, Adrian Perrig, and Torsten Hoefler, ETH Zurich | ETH Zurich | 瑞士 |
| ALPACA: Application Layer Protocol Confusion – Analyzing and Mitigating Cracks in TLS Authentication | Marcus Brinkmann, Ruhr
University Bochum; Christian Dresen, Münster University of Applied Sciences;
Robert Merget, Ruhr University Bochum; Damian Poddebniak, Münster University of Applied Sciences; Jens Müller, Ruhr University Bochum; Juraj Somorovsky, Paderborn University; Jörg Schwenk, Ruhr University Bochum; Sebastian Schinzel, Münster University of Applied Sciences | Ruhr University Bochum | 德国 |
| Experiences Deploying Multi-Vantage-Point Domain Validation at Let’s Encrypt | Henry Birge-Lee and Liang Wang,
Princeton University; Daniel McCarney, Square Inc.; Roland Shoemaker,
unaffiliated; Jennifer Rexford and Prateek Mittal, Princeton University | Princeton University | 美国 |
| SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted
Traffic via Siamese Heterogeneous Graph Attention Network | Tianyu Cui, Gaopeng Gou, Gang
Xiong, Zhen Li, Mingxin Cui, and Chang Liu, Institute of Information
Engineering, Chinese Academy of Sciences, and School of Cyber Security, University of Chinese Academy of Sciences | Institute of Information
Engineering, Chinese Academy of Sciences, and School of Cyber Security, University of Chinese Academy of Sciences | 中国 |
| Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications | Marten Oltrogge, CISPA Helmholtz
Center for Information Security; Nicolas Huaman, Sabrina Amft, and Yasemin
Acar, Leibniz University Hannover; Michael Backes, CISPA Helmholtz Center for Information Security; Sascha Fahl, Leibniz University Hannover | CISPA Helmholtz Center for Information Security | 德国 |
| Why TLS is better without STARTTLS: A Security Analysis of STARTTLS in the Email Context | Damian Poddebniak and Fabian
Ising, Münster University of Applied Sciences; Hanno Böck, Independent
Researcher; Sebastian Schinzel, Münster University of Applied Sciences | Münster University of Applied Sciences | 德国 |
| What’s in a Name? Exploring CA Certificate Control | Zane Ma and Joshua Mason,
University of Illinois at Urbana-Champaign; Manos Antonakakis, Georgia
Institute of Technology; Zakir Durumeric, Stanford University; Michael Bailey, University of Illinois at Urbana-Champaign | University of Illinois at Urbana-Champaign | 美国 |
