Accepted Papers

Aim, Wait, Shoot: How the CACHESNIPER Technique Improves Unprivileged Cache Attacks

Samira Briongos (NEC Laboratories Europe); Ida Bruhns (Universität zu Lübeck); Pedro Malagón (Universidad Politécnica de Madrid); Thomas Eisenbarth (Universität zu Lübeck); José Moya (Universidad Politécnica de Madrid)

An Investigation of Online Reverse Engineering Community Discussions in the Context of Ghidra

Daniel Votipka (Tufts University); Mary Nicole Punzalan, Seth Rabin, Yla Tausczik and Michelle Mazurek (University of Maryland)

ANDRUSPEX: Leveraging Graph Representation Learning to Predict Harmful App Installations on Mobile Devices

Yun Shen (NortonLifeLock Research Group); Gianluca Stringhini (Boston University)

AppJitsu: Investigating the Resiliency of Android Applications

Onur Zungur (Boston University); Antonio Bianchi (Purdue University); Gianluca Stringhini and Manuel Egele (Boston University)

BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks

Johannes Krupp and Christian Rossow (CISPA Helmholtz Center for Information Security)

Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability

Hojjat Aghakhani, Dongyu Meng, Yu-Xiang Wang, Christopher Kruegel and Giovanni Vigna (University of California, Santa Barbara)

Bypassing memory safety mechanisms through speculative control flow hijacks

Andrea Mambretti (Northeastern University); Alexandra Sandulescu and Alessandro Sorniotti (IBM Research - Zurich); William Robertson and Engin Kirda (Northeastern University); Anil Kurmus (IBM Research - Zurich)

Can ISPs Help Mitigate IoT Malware? A Longitudinal Study of Broadband ISP Security Efforts

Arman Noroozian and Elsa Turcios Rodriguez (TU-Delft); Elmer Lastdrager (SIDN Labs); Takahiro Kasama (NICT); Michel van Eeten and Carlos H. Ganan (TU-Delft)

Compiler-Assisted Hardening of Embedded Software Against Interrupt Latency Side-Channel Attacks

Hans Winderix, Jan Tobias Mühlberg and Frank Piessens (KU Leuven)

Compression Boosts Differentially Private Federated Learning

Raouf Kerkouche (Privatics team, Univ. Grenoble Alpes, Inria, 38000 Grenoble, France); Gergely Ács (Crysys Lab, BME-HIT Budapest); Claude Castelluccia (Privatics team, Univ. Grenoble Alpes, Inria, 38000 Grenoble, France) and Pierre Genevès (Tyrex team, Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG, 38000 Grenoble)

ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts

Christof Ferreira Torres and Antonio Ken Iannillo (University of Luxembourg); Arthur Gervais (Imperial College London); Radu State (University of Luxembourg)

Countering Concurrent Login Attacks in "Just Tap" Push-based Authentication: A Redesign and Usability Evaluations

Jay Prakash, Clarice Chua Qing Yu, Tanvi Ravindra Thombre and Andrei Bytes (Singapore University of Technology and Design); Mohammed Jubur and Nitesh Saxena (University of Alabama at Birmingham); Lucienne Blessing, Jianying Zhou and Tony Q. S Quek (Singapore University of Technology and Design)

Cryptocurrencies with Security Policies and Two-Factor Authentication

Florian Breuer (KIT); Vipul Goyal (CMU and NTT); Giulio Malavolta (MPI-SP)

D-Fence: A Flexible, Efficient, and Comprehensive Phishing Email Detection System

Jehyun Lee, Farren Tang, Pingxiao Ye, Fahim Abbasi, Phil Hay and Dinil Mon Divakaran (Trustwave)

DY*: A Modular Symbolic Verification Framework for Executable Cryptographic Protocol Code

Karthikeyan Bhargavan (INRIA); Abhishek Bichhawat (Carnegie Mellon University and IIT Gandhinagar); Quoc Huy Do, Pedram Hosseyni, Ralf Küsters, Guido Schmitz and Tim Würtele (University of Stuttgart)

Ephemeral Astroturfing Attacks: The Case of Fake Twitter Trends

Tuğrulcan Elmas, Rebekah Overdorf, Ahmed Furkan Özkalay and Karl Aberer (EPFL)

Epoque: Practical End-to-End Verifiable Post-Quantum-Secure E-Voting

Xavier Boyen (Queensland University of Technology); Thomas Haines (NTNU Trondheim); Johannes Mueller (University of Luxembourg)

Extractor: Extracting Attack Behavior from Threat Reports

Kiavash Satvat, Rigel Gjomemo and V.N. Venkatakrishnan (University of Illinois at Chicago)

Fall of Giants: How popular text-based MLaaS fall against a simple evasion attack

Luca Pajola and Mauro Conti (University of Padua)

FastSpec: Scalable Generation and Detection of Spectre Gadgets Using Neural Embeddings

M. Caner Tol (Worcester Polytechnic Institute); Berk Gulmezoglu (Iowa State University); Koray Yurtseven and Berk Sunar (Worcester Polytechnic Institute)

Fully Distributed Verifiable Random Functions and their Application to Decentralised Random Beacons

David Galindo (Fetch.ai and University of Birmingham); Jia Liu (Fetch.ai); Mihai Ordean (University of Birmingham); Jin-Mann Wong (British Antarctic Survey)

Nonce@Once: A Single-Trace EM Side Channel Attack on Several Constant-Time Elliptic Curve Implementations in Mobile Platforms

Monjur Alam, Baki Yilmaz and Frank Werner (Georgia Tech); Niels Samwel (Radboud University); Alenka Zajic (Georgia tech); Daniel Genkin (University of Michigan); Yuval Yarom (University of Adelaide and Data61); Milos Prvulovic (Georgia Tech)

Nontransitive Policies Transpiled

Mohammad M. Ahmadpanah (Chalmers University of Technology); Aslan Askarov (Aarhus University); Andrei Sabelfeld (Chalmers University of Technology)

NoVT: Eliminating C++ Virtual Calls to Mitigate Vtable Hijacking

Markus Bauer and Christian Rossow (CISPA – Helmholtz Center for Information Security)

On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models

Benjamin Zi Hao Zhao (University of New South Wales & Data61-CSIRO); Aviral Agrawal (BITS Pilani K.K.Birla Goa campus & Macquarie University & Data61-CSIRO); Catisha Coburn (Defence Science and Technology Group); Hassan Jameel Asghar (Macquarie University & Data61-CSIRO); Raghav Bhaskar (Data61-CSIRO); Mohamed Ali Kaafar (Macquarie University & Data61-CSIRO); Darren Webb and Peter Dickinson (Defence Science and Technology Group)

On the Privacy Risks of Algorithmic Fairness

Hongyan Chang and Reza Shokri (National University of Singapore)

Press @$@$ to Login: Strong Wearable Second Factor Authentication via Short Memorywise Effortless Typing Gestures

Prakash Shrestha (Equifax Inc.); Nitesh Saxena (University of Alabama at Birmingham); Diksha Shukla (University of Wyoming); Vir V. Phoha (Syracuse University)

Privacy of DNS-over-HTTPS: Requiem for a Dream?

Levente Csikor (National University of Singapore); Himanshu Singh (IIIT); Min Suk Kang (KAIST); Dinil Mon Divakaran (Trustwave)

Prognosis Negative: Evaluating Real-Time Behavioral Ransomware Detectors

Abhinav Gupta, Aditi Prakash and Nolen Scaife (University of Colorado Boulder)

Remote Non-Intrusive Malware Detection for PLCs based on Chain of Trust Rooted in Hardware

Prashant Hari Narayan Rajput, Esha Sarkar and Dimitrios Tychalas (NYU Tandon School of Engineering); Michail Maniatakos (New York University Abu Dhabi)

Secure Messaging Authentication against Active Man-in-the-Middle Attacks

Benjamin Dowling (ETH Zürich); Britta Hale (Naval Postgraduate School (NPS))

SoK: A Framework for Asset Discovery: Systematizing Advances in Network Measurements for Protecting Organizations

Mathew Vermeer (Delft University of Technology); Jonathan West (University of Tulsa); Alejandro Cuevas (Carnegie Mellon University); Shuonan Niu (University of Tulsa); Nicolas Christin (Carnegie Mellon University); Michel van Eeten, Tobias Fiebig and Carlos Gañán (Delft University of Technology); Tyler Moore (University of Tulsa)

Sok: Attacks on Industrial Control Logic and Formal Verification-Based Defenses

Ruimin Sun, Alejandro Mera, Long Lu and David Choffnes (Northeastern University)

SoK: Context Sensing for Access Control in the Adversarial Home IoT

Weijia He, Valerie Zhao, Olivia Morkved and Sabeeka Siddiqui (University of Chicago); Earlence Fernandes (University of Wisconsin-Madison); Josiah Hester (Northwestern University); Blase Ur (University of Chicago)

SoK: Cryptojacking Malware

Ege Tekiner, Abbas Acar and A. Selcuk Uluagac (Florida International University); Engin Kirda (Northeastern University); Ali Aydin Selcuk (TOBB University of Economics and Technology)

SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers

Thomas Rokicki (Univ Rennes, CNRS, IRISA); Clémentine Maurice and Pierre Laperdrix (Univ Lille, CNRS, Inria)

SoK: Secure FPGA Multi-Tenancy in the Cloud: Challenges and Opportunities

Shaza Zeitouni, Ghada Dessouky and Ahmad-Reza Sadeghi (Technische Universität Darmstadt)

Sponge Examples: Energy-Latency Attacks on Neural Networks

Ilia Shumailov, Yiren Zhao and Daniel Bates (University of Cambridge); Nicolas Papernot (University of Toronto and Vector Institute); Robert Mullins and Ross Anderson (University of Cambridge)

Trojaning Language Models for Fun and Profit

Xinyang Zhang and Zheng Zhang (Pennsylvania State University); Shouling Ji (Zhejiang University); Ting Wang (Pennsylvania State University)

We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor

Theodor Schnitzler (Ruhr-Universität Bochum); Christina Pöpper (New York University Abu Dhabi); Markus Dürmuth (Ruhr-Universität Bochum); Katharina Kohls (Radboud University)