MAY 20-23, 2024 AT THE HILTON SAN FRANCISCO UNION SQUARE, SAN FRANCISCO, CA

45th IEEE Symposium on
Security and Privacy

Accepted Papers

Accepted Papers

Proceedings are available here.

Summer Cycle

Efficient Zero-Knowledge Arguments For Paillier Cryptosystem
Borui Gong (The Hong Kong Polytechnic University), Wang Fat Lau (The Hong Kong Polytechnic University), Man Ho Au (The Hong Kong Polytechnic University), Rupeng Yang (University of Wollongong), Haiyang Xue (The Hong Kong Polytechnic University), Lichun Li (Ant Group)
Investigating Voter Perceptions of Printed Physical Audit Trails for Online Voting
Karola Marky (Ruhr-University Bochum), Nina Gerber (TU Darmstadt), Henry J Krumb (TU Darmstadt), Mohamed Khamis (University of Glasgow), Max Mühlhäuser (TU Darmstadt)
Prune+PlumTree - Finding Eviction Sets at Scale
Tom Kessous (Ben-Gurion University of the Negev), Niv Gilboa (Ben-Gurion University of the Negev)
A Systematic Study of Physical Sensor Attack Hardness
Hyungsub Kim (Purdue University), Rwitam Bandyopadhyay (Purdue University), Muslum Ozgur Ozmen (Purdue University), Z. Berkay Celik (Purdue University), Antonio Bianchi (Purdue University), Yongdae Kim (KAIST), Dongyan Xu (Purdue University)
Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient Delay
Yuanliang Chen (Tsinghua University), Fuchen Ma (Tsinghua University), Yuanhang Zhou (Tsinghua University), Ming Gu (Tsinghua University), Qing Liao (Harbin Institute of Technology), Yu Jiang (Tsinghua University)
P4Control: Line-Rate Cross-Host Attack Prevention via In-Network Information Flow Control Enabled by Programmable Switches and eBPF
Osama Bajaber (Virginia Tech), Bo Ji (Virginia Tech), Peng Gao (Virginia Tech)
Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy Research
Florian Hantke (CISPA Helmholtz Center for Information Security), Sebastian Roth (TU Wien), Rafael Mrowczynski (CISPA Helmholtz Center for Information Security), Christine Utz (CISPA Helmholtz Center for Information Security), Ben Stock (CISPA Helmholtz Center for Information Security)
Everything is Good for Something: Counterexample-Guided Directed Fuzzing via Likely Invariant Inference
Heqing Huang (The Hong Kong University of Science and Technology), Anshunkang Zhou (The Hong Kong University of Science and Technology), Mathias Payer (EPFL), Charles Zhang (The Hong Kong University of Science and Technology)
Hyena: Balancing Packing, Reuse, and Rotations for Encrypted Inference
Sarabjeet Singh (University of Utah), Shreyas Singh (University of Utah), Sumanth Gudaparthi (University of Utah), Xiong Fan (Rutgers University), Rajeev Balasubramonian (University of Utah)
DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing
Max Ammann (Independent Researcher, Trail of Bits), Lucca Hirschi (Inria Nancy), Steve Kremer (Inria Nancy)
Leaky Address Masking: Exploiting Unmasked Spectre Gadgets with Noncanonical Address Translation
Mathà© Hertogh (Vrije Universiteit Amsterdam), Sander Wiebing (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)
SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing
Weiteng Chen (Microsoft Research, Redmond), Yu Hao (UC Riverside), Zheng Zhang (UC Riverside), Xiaochen Zou (UC Riverside), Dhilung Kirat (IBM Research), Shachee Mishra (IBM Research), Douglas Schales (IBM Research), Jiyong Jang (IBM Research), Zhiyun Qian (UC Riverside)
Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
David Klein (Technische Universität Braunschweig), Martin Johns (Technische Universität Braunschweig)
The Dark Side of Scale: Insecurity of Direct-to-Cell Satellite Mega-Constellations
Wei Liu (Tsinghua University), Yuanjie Li (Tsinghua University), Hewu Li (Tsinghua University), Yimei Chen (Tsinghua University), Yufeng Wang (Tsinghua University), Jingyi Lan (Tsinghua University), Jianping Wu (Tsinghua University), Qian Wu (Tsinghua University), Jun Liu (Tsinghua University), Zeqi Lai (Tsinghua University)
The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web
Soheil Khodayari (CISPA Helmholtz Center for Information Security), Thomas Barber (SAP Security Research), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security)
Pryde: A Modular Generalizable Workflow for Uncovering Evasion Attacks Against Stateful Firewall Deployments
Soo-jin Moon (Carnegie Mellon University), Milind Srivastava (Carnegie Mellon University), Yves Bieri (Compass Security), Ruben Martins (Carnegie Mellon University), Vyas Sekar (Carnegie Mellon University)
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device's Power LED Captured By Standard Video Cameras
Ben Nassi (Cornell Tech), Etay Iluz (Ben-Gurion University of the Negev), Or Cohen (Ben-Gurion University of the Negev), Ofek Vayner (Ben-Gurion University of the Negev), Dudi Nassi (Ben-Gurion University of the Negev), Boris Zadov (Ben-Gurion University of the Negev), Yuval Elovici (Ben-Gurion University of the Negev), Ben Nassi (Cornell Tech)
BULKOR: Enabling Bulk Loading for Path ORAM
Xiang Li (Tsinghua University), Yunqian Luo (Tsinghua University), Mingyu Gao (Tsinghua University)
DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses
Xiang Li (Tsinghua University), Dashuai Wu (Tsinghua University), Haixin Duan (Tsinghua University), Qi Li (Tsinghua University)
GAuV: A Graph-Based Automated Verification Framework for Perfect Semi-Honest Security of Multiparty Computation Protocols
Xingyu Xie (Tsinghua University; RealAI), Yifei Li (Tsinghua University), Wei Zhang (Tsinghua University), Tuowei Wang (Tsinghua University), Shizhen Xu (RealAI), Jun Zhu (Tsinghua University; RealAI), Yifan Song (Tsinghua University)
Poisoning Web-Scale Training Datasets is Practical
Nicholas Carlini (Google DeepMind), Matthew Jagielski (Google DeepMind), Christopher A. Choquette-Choo (Google DeepMind), Daniel Paleka (ETH Zurich), Will Pearce (NVIDIA), Hyrum Anderson (Robust Intelligence), Andreas Terzis (Google DeepMind), Kurt Thomas (Google), Florian Tramer (ETH Zurich)
Protecting Label Distribution in Cross-Silo Federated Learning
Yangfan Jiang (National University of Singapore), Xinjian Luo (National University of Singapore), Yuncheng Wu (National University of Singapore), Xiaokui Xiao (National University of Singapore), Beng Chin Ooi (National University of Singapore)
TCP Spoofing: Reliable Payload Transmission Past the Spoofed TCP Handshake
Yepeng Pan (CISPA Helmholtz Center for Information Security), Christian Rossow (CISPA Helmholtz Center for Information Security)
Specular: Towards Secure, Trust-minimized Optimistic Blockchain Execution
Zhe Ye (UC Berkeley), Ujval Misra (UC Berkeley), Jiajun Cheng (ShanghaiTech University), Andy Zhou (Cambridge University), Dawn Song (UC Berkeley)
Breach Extraction Attacks: Exposing and Addressing the Leakage in Second Generation Compromised Credential Checking Services
Dario Pasquini (SPRING lab, EPFL), Danilo Francati (Aarhus University), Giuseppe Ateniese (George Mason University), Evgenios M. Kornaropoulos (George Mason University)
Don't Eject the Impostor: Fast Three-Party Computation With a Known Cheater
Andreas Brüggemann (Technical University of Darmstadt, Germany), Oliver Schick (Technical University of Darmstadt, Germany), Thomas Schneider (Technical University of Darmstadt, Germany), Ajith Suresh (Technology Innovation Institute, Abu Dhabi), Hossein Yalame (Technical University of Darmstadt, Germany)
MPC-in-the-Head Framework without Repetition and its Applications to the Lattice-based Cryptography
Weihao Bai (Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences), Long Chen (Institute of Software, Chinese Academy of Sciences), Qianwen Gao (Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences), Zhenfeng Zhang (Institute of Software, Chinese Academy of Sciences)
Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network
Takayuki Sasaki (Yokohama National University), Takaya Noma (Yokohama National University), Yudai Morii (Yokohama National University), Toshiya Shimura (Yokohama National University), Michel van Eeten (TU Delft/Yokohama National University), Katsunari Yoshioka (Yokohama National University), Tsutomu Matsumoto (Yokohama National University)
Optimal Flexible Consensus and its Application to Ethereum
Joachim Neu (Stanford University), Srivatsan Sridhar (Stanford University), Lei Yang (MIT), David Tse (Stanford University)
FlowMur: A Stealthy and Practical Audio Backdoor Attack with Limited Knowledge
Jiahe Lan (Xidian University), Jie Wang (Xidian University), Baochen Yan (Xidian University), Zheng Yan (Xidian University), Elisa Bertino (Purdue University)
MetaFly: Wireless Backhaul Interception via Aerial Wavefront Manipulation
Zhambyl Shaikhanov (Rice University), Sherif Badran (Northeastern University), Hichem Guerboukha (Brown University), Josep M. Jornet (Northeastern University), Daniel M. Mittleman (Brown University), Edward W. Knightly (Rice University), Hichem Guerboukha (Brown University)
Conning the Crypto Conman: End-to-End Analysis of Cryptocurrency-based Technical Support Scams
Bhupendra Acharya (CISPA), Muhammad Saad (PayPal), Antonio Emanuele Cinà (CISPA), Lea Schönherr (CISPA), Hoang Dai Nguyen (Louisiana State University), Adam Oest (Paypal, Inc.), Phani Vadrevu (Louisiana State University), Thorsten Holz (CISPA)
LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices
Hangtian Liu (State Key Laboratory of Mathematical Engineering and Advanced Computing), Shuitao Gan (Tsinghua University), Chao Zhang (Tsinghua University), Zicong Gao (State Key Laboratory of Mathematical Engineering and Advanced Computing), Hongqi Zhang (Henan Key Laboratory of Information Security), Xiangzhi Wang (University of Electronic Science and Technology of China), Guangming Gao (State Key Laboratory of Mathematical Engineering and Advanced Computing)
Moderating New Waves of Online Hate with Chain-of-Thought Reasoning in Large Language Models
Nishant Vishwamitra (University of Texas at San Antonio), Keyan Guo (University at Buffalo), Farhan Tajwar Romit (University of Texas at San Antonio), Isabelle Ondracek (University at Buffalo), Long Cheng (Clemson University), Ziming Zhao (University at Buffalo), Hongxin Hu (University at Buffalo)
NURGLE: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation
Zheyuan He (University of Electronic Science and Technology of China), Zihao Li (The Hong Kong Polytechnic University), Ao Qiao (University of Electronic Science and Technology of China), Xiapu Luo (The Hong Kong Polytechnic University), Xiaosong Zhang (University of Electronic Science and Technology of China), Ting Chen (University of Electronic Science and Technology of China), Shuwei Song (University of Electronic Science and Technology of China), Dijun Liu (Ant Group), Weina Niu (University of Electronic Science and Technology of China)
Nebula: A Privacy-First Platform for Data Backhaul
Jean-Luc Watson (UC Berkeley), Tess Despres (UC Berkeley), Alvin Tan (UC Berkeley), Shishir G. Patil (UC Berkeley), Prabal Dutta (UC Berkeley), Raluca Ada Popa (UC Berkeley)
Specious Sites: Tracking the Spread and Sway of Spurious News Stories at Scale
Hans Hanley (Stanford University), Zakir Durumeric (Stanford University), Deepak Kumar (Stanford University)
SrcMarker: Dual-Channel Source Code Watermarking via Scalable Code Transformations
Borui Yang (Shanghai Jiao Tong University), Wei Li (Shanghai Jiao Tong University), Liyao Xiang (Shanghai Jiao Tong University), Bo Li (Hong Kong University of Science and Technology)
DrSec: Flexible Distributed Representations for Efficient Endpoint Security
Mahmood Sharif (Tel Aviv University and VMware Research), Pubali Datta (University of Illinois Urbana-Champaign), Andy Riddle (University of Illinois Urbana-Champaign), Kim Westfall (University of Illinois Urbana-Champaign), Adam Bates (University of Illinois Urbana-Champaign), Vijay Ganti (Google), Matthew Lentz (Duke University and VMware Research), David Ott (VMware Research)
A Representative Study on Human Detection of Artificially Generated Media Across Countries
Joel Frank (Ruhr-Universität Bochum), Franziska Herbert (Ruhr-Universität Bochum), Jonas Ricker (Ruhr-Universität Bochum), Lea Schönherr (CISPA Helmholtz Center for Information Security), Thorsten Eisenhofer (TU Berlin), Asja Fischer (Ruhr-Universität Bochum), Markus Dürmuth (Leibniz Universität Hannover), Thorsten Holz (CISPA Helmholtz Center for Information Security)
SneakyPrompt: Jailbreaking Text-to-image Generative Models
Yuchen Yang (Johns Hopkins University), Bo Hui (Johns Hopkins University), Haolin Yuan (Johns Hopkins University), Neil Gong (Duke University), Yinzhi Cao (Johns Hopkins University)
NFCEraser: A Security Threat of NFC Message Modification Caused by Quartz Crystal Oscillator
Jianshuo Liu (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Hong Li (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Mengjie Sun (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Haining Wang (Department of Electrical and Computer Engineering, Virginia Tech, USA), Hui Wen (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Zhi Li (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Limin Sun (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China)
Transferable Multimodal Attack on Vision-Language Pre-training Models
Haodi Wang (Southeast University), Kai Dong (Southeast University), Zhilei Zhu (Data Space Research Institute of Hefei Comprehensive National Science Centre), Haotong Qin (Beihang University), Aishan Liu (Beihang University), Xiaolin Fang (Southeast University), Jiakai Wang (Zhongguancun Laboratory), Xianglong Liu (Beihang University)
Group Oblivious Message Retrieval
Zeyu Liu (Yale University), Eran Tromer (Boston University), Yunhao Wang (Columbia University)
Scalable Verification of Zero-Knowledge Protocols
Miguel Isabel (Universidad Complutense de Madrid), Clara Rodrà­guez-Nàºñez (Universidad Complutense de Madrid), Albert Rubio (Universidad Complutense de Madrid)
Nyx: Detecting Exploitable Front-Running Vulnerabilities in Smart Contracts
Wuqi Zhang (The Hong Kong University of Science and Technology), Zhuo Zhang (Purdue University), Qingkai Shi (Purdue University), Lu Liu (The Hong Kong University of Science and Technology), Lili Wei (McGill University), Yepang Liu (Southern University of Science and Technology), Xiangyu Zhang (Purdue University), Shing-Chi Cheung (The Hong Kong University of Science and Technology)
CONJUNCT: Learning Inductive Invariants to Prove Unbounded Instruction Safety Against Microarchitectural Timing Attacks
Sushant Dinesh (University of Illinois Urbana-Champaign), Madhusudan Parthasarathy (University of Illinois Urbana-Champaign), Christopher W. Fletcher (University of Illinois Urbana-Champaign)
Scalable Mixed-Mode MPC
Radhika (Northwestern University), Kang Yang (State Key Laboratory of Cryptology), Jonathan Katz (University of Maryland), Xiao Wang (Northwestern University)
SoK: SGX.Fail: How Stuff Gets eXposed
Stephan van Schaik (University of Michigan), Alex Seto (Purdue University), Thomas Yurek (UIUC), Adam Batori (University of Michigan), Bader AlBassam (Purdue University), Daniel Genkin (Georgia Institute of Technology), Andrew Miller (UIUC), Eyal Ronen (Tel Aviv University), Yuval Yarom (Ruhr University Bochum), Christina Garman (Purdue University)
SMARTINV: Multimodal Learning for Smart Contract Invariant Inference
Sally Junsong Wang (Columbia University), Kexin Pei (Columbia University), Junfeng Yang (Columbia University), Sally Junsong Wang (Columbia University)
AVA: Inconspicuous Attribute Variation-based Adversarial Attack bypassing DeepFake Detection
Xiangtao Meng (Shandong University), Li Wang (Shandong University), Shanqing Guo (Shandong University), Lei Ju (Shandong University), Qingchuan Zhao (City University of Hong Kong)
Make Revocation Cheaper: Hardware-Based Revocable Attribute-Based Encryption
Xiaoguo LI (School of Computing and Information Systems, Singapore Management University, Singapore), Guomin Yang (School of Computing and Information Systems, Singapore Management University, Singapore), Tao Xiang (College of Computer Science, Chongqing University), Shengmin Xu (College of Computer and Cyber Security, Fujian Normal University), Bowen Zhao (Guangzhou Institute of Technology, Xidian University), HweeHwa Pang (School of Computing and Information Systems, Singapore Management University, Singapore), Robert H. Deng (School of Computing and Information Systems, Singapore Management University, Singapore)
Tabbed Out: Subverting the Android Custom Tab Security Model
Philipp Beer (TU Wien), Marco Squarcina (TU Wien), Lorenzo Veronese (TU Wien), Martina Lindorfer (TU Wien)
Thwarting Last-Minute Voter Coercion
Rosario Giustolisi (IT University of Copenhagen), Maryam Sheikhi (IT University of Copenhagen), Carsten Schuermann (IT University of Copenhagen)
Threshold ECDSA in Three Rounds
Jack Doerner (Technion), Yashvanth Kondi (Aarhus University), abhi shelat (Northeastern University)
More Haste, Less Speed: Cache Related Security Threats in Continuous Integration Services
Yacong Gu (Tsinghua University; Tsinghua University-QI-ANXIN Group JCNS), Lingyun Ying (QI-ANXIN Technology Research Institute), Huajun Chai (QI-ANXIN Technology Research Institute), Yingyuan Pu (QI-ANXIN Technology Research Institute), Haixin Duan (BNRist & Institute for Network Science and Cyberspace, Tsinghua University; Tsinghua University-QI-ANXIN Group JCNS), Xing Gao (University of Delaware)
Scores Tell Everything about Bob: Non-adaptive Face Reconstruction on Face Recognition Systems
Sunpill Kim (Hanyang University and Institute for Infocomm Research (I2R), A*STAR, Singapore), Yong Kiam Tan (Institute for Infocomm Research (I2R), A*STAR, Singapore), Bora Jeong (Hanyang University and Institute for Infocomm Research (I2R), A*STAR, Singapore), Soumik Mondal (Institute for Infocomm Research (I2R), A*STAR, Singapore), Khin Mi Mi Aung (Institute for Infocomm Research (I2R), A*STAR, Singapore), Jae Hong Seo (Hanyang University)
Robust Backdoor Detection for Deep Learning via Topological Evolution Dynamics
Xiaoxing Mo (Deakin University), Yechao Zhang (Huazhong University of Science and Technology), Leo Yu Zhang (Griffith University), Wei Luo (Deakin University), Nan Sun (University of New South Wales Canberra), Shengshan Hu (Huazhong University of Science and Technology), Shang Gao (Deakin University), Yang Xiang (Swinburne University of Technology)
Securing Graph Neural Networks in MLaaS: A Comprehensive Realisation of Query-based Integrity Verification
Bang Wu (CSIRO's Data61/Monash University), Xingliang Yuan (Monash University), Shuo Wang (Shanghai Jiao Tong University), Qi Li (Tsinghua University), Minhui Xue (CSIRO's Data61), Shirui Pan (Griffith University)
SoK: Efficient Design and Implementation of Polynomial Hash Functions over Prime Fields
Jean Paul Degabriele (Technology Innovation Institute), Jan Gilcher (ETH Zurich), Jérôme Govinden (Technical University of Darmstadt), Kenneth G. Paterson (ETH Zurich)
Communication-efficient, Fault Tolerant PIR over Erasure Coded Storage
Andrew Park (Carnegie Mellon University), Trevor Leong (Carnegie Mellon University), Francisco Maturana (Carnegie Mellon University), Wenting Zheng (Carnegie Mellon University), Rashmi Vinayak (Carnegie Mellon University)
Eureka: A General Framework for Black-box Differential Privacy Estimators
Yun Lu (University of Victoria), Malik Magdon-Ismail (Rensselaer Polytechnic Institute), Yu Wei (Purdue University), Vassilis Zikas (Purdue University)
Understanding the Privacy Practices of Political Campaigns: A Perspective from the 2020 US Election Websites
Kaushal Kafle (William & Mary), Prianka Mandal (William & Mary), Kapil Singh (IBM T.J. Watson Research Center), Benjamin Andow (Google), Adwait Nadkarni (William & Mary)
Asterisk: Super-fast MPC with a Friend
Banashri Karmakar (Indian Institute of Science, Bangalore), Nishat Koti (Indian Institute of Science, Bangalore), Arpita Patra (Indian Institute of Science, Bangalore), Sikhar Patranabis (IBM Research - India), Protik Paul (Indian Institute of Science, Bangalore), Divya Ravi (Aarhus University), Sikhar Patranabis (IBM Research India)
On SMS Phishing Tactics and Infrastructure
Aleksandr Nahapetyan (North Carolina State University), Sathvik Prasad (North Carolina State University), Kevin Childs (North Carolina State University), Adam Oest (Paypal, Inc.), Yeganeh Ladwig (Paypal, Inc.), Alexandros Kapravelos (North Carolina State University), Brad Reaves (North Carolina State University)
Casual Users and Rational Choices within Differential Privacy
Narges Ashena (University of Zurich), Oana Inel (University of Zurich), Badrie L. Persaud (UBS), Abraham Bernstein (University of Zurich)
"Len or index or count, anything but v1": Predicting Variable Names in Decompilation Output with Transfer Learning
Kuntal Kumar Pal (Arizona State University), Ati Priya Bajaj (Arizona State University), Pratyay Banerjee (Arizona State University), Audrey Dutcher (Arizona State University), Mutsumi Nakamura (Arizona State University), Zion Leonahenahe Basque (Arizona State University), Himanshu Gupta (Arizona State University), Saurabh Arjun Sawant (Arizona State University), Ujjwala Anantheswaran (Arizona State University), Yan Shoshitaishvili (Arizona State University), Adam Doupe (Arizona State University), Chitta Baral (Arizona State University), Ruoyu Wang (Arizona State University)
Targeted and Troublesome: Tracking and Advertising on Children's Websites
Zahra Moti (Radboud University), Asuman Senol (KU Leuven), Hamid Bostani (Radboud University), Frederik Zuiderveen Borgesius (Radboud University), Veelasha Moonsamy (Ruhr University Bochum), Arunesh Mathur (Independent Researcher), Gunes Acar (Radboud University)
FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning
Mati Ur Rehman (University of Virginia), Hadi Ahmadi (Corvic Inc.), Wajih Ul Hassan (University of Virginia)
Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences
Zhengyu Liu (Johns Hopkins University), Kecheng An (Johns Hopkins University), Yinzhi Cao (Johns Hopkins University), Kecheng An (Johns Hopkins University)
TROJANPUZZLE: Covertly Poisoning Code-Suggestion Models
Hojjat Aghakhani (University of California, Santa Barbara), Wei Dai (Microsoft Corporation), Andre Manoel (Microsoft Corporation), Xavier Fernandes (Microsoft Corporation), Anant Kharkar (Microsoft Corporation), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara), David Evans (University of Virginia), Benjamin Zorn (Microsoft Corporation), Robert Sim (Microsoft Corporation)
Lower Bounds for Rényi Differential Privacy in a Black-Box Setting
Tim Kutta (Ruhr-University Bochum), à–nder Askin (Ruhr-University Bochum), Martin Dunsche (Ruhr-University Bochum)
Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes
Fritz Alder (DistriNet, KU Leuven), Lesly-Ann Daniel (DistriNet, KU Leuven), David Oswald (University of Birmingham), Frank Piessens (DistriNet, KU Leuven), Jo Van Bulck (DistriNet, KU Leuven), Frank Piessens (imec-DistriNet, KU Leuven)
FLShield: A Validation Based Federated Learning Framework to Defend Against Poisoning Attacks
Ehsanul Kabir (Penn State University), Zeyu Song (Penn State University), Md Rafi Ur Rashid (Penn State University), Shagufta Mehnaz (Penn State University)
PriDe CT: Towards Public Consensus, Private Transactions, and Forward Secrecy in Decentralized Payments
Yue Guo (JP Morgan AI Research), Harish Karthikeyan (JP Morgan AI Research), Antigoni Polychroniadou (JP Morgan AI Research), Chaddy Huussin (JP Morgan AI Research)
A Tale of Two Industroyers: It was the Season of Darkness
Luis Salazar (University of California, Santa Cruz), Sebastian Castro (University of California, Santa Cruz), Juan Lozano (University of California, Santa Cruz), Keerthi Koneru (University of California, Santa Cruz), Emmanuele Zambon (Eindhoven University of Technology), Bing Huang (University of Texas), Ross Baldick (University of Texas), Marina Krotofil (ISSP), Alonso Rojas (Axon Group), Alvaro Cardenas (University of California, Santa Cruz)
Understanding and Benchmarking the Commonality of Adversarial Examples
Ruiwen He (Zhejiang University), Yushi Cheng (Zhejiang University), Junning Ze (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University)
From Individual Computation to Allied Optimization: Remodeling Privacy-Preserving Neural Inference with Function Input Tuning
Qiao Zhang (Chongqing University), Tao Xiang (Chongqing University), Chunsheng Xin (Old Dominion University), Hongyi Wu (University of Arizona)
Holepunch: Fast, Secure File Deletion with Crash Consistency
Zachary Ratliff (Harvard), Wittmann Goh (Harvard), Abe Wieland (Harvard), James Mickens (Harvard), Ryan Williams (Northeastern University)
Bounded and Unbiased Composite Differential Privacy
Kai Zhang (Swinburne University of Technology), Yanjun Zhang (University of Technology Sydney and CSIRO's Data61), Ruoxi Sun (CSIRO's Data61), Pei-Wei Tsai (Swinburne University of Technology), Muneeb Ul Hassan (Deakin University), Xin Yuan (CSIRO's Data61), Minhui Xue (CSIRO's Data61), Jinjun Chen (Swinburne University of Technology)
Please Tell Me More: Privacy Impact of Explainability through the Lens of Membership Inference Attack
Han Liu (Washington University in St. Louis), Yuhao Wu (Washington University in St. Louis), Zhiyuan Yu (Washington University in St. Louis), Ning Zhang (Washington University in St. Louis)
Patchy Performance? Uncovering the Vulnerability Management Practices of IoT-Centric Vendors
Sandra Rivera Pérez (Delft University of Technology), Michel van Eeten (Delft University of Technology), Carlos H. Gañán (Delft University of Technology)
Pudding: Private User Discovery in Anonymity Networks
Ceren Kocaogullar (University of Cambridge), Daniel Hugenroth (University of Cambridge), Martin Kleppmann (TU Munich), Alastair R. Beresford (University of Cambridge), Martin Kleppmann (University of Cambridge)
More is Merrier: Relax the Non-Collusion Assumption in Multi-Server PIR
Tiantian Gong (Purdue University), Ryan Henry (University of Calgary), Alexandros Psomas (Purdue University), Aniket Kate (Purdue University / Supra Research)
MEA-Defender: A Robust Watermark against Model Extraction Attack
Peizhuo Lv (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Hualong Ma (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Jiachen Zhou (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Shengzhi Zhang (Department of Computer Science, Metropolitan College, Boston University, USA), Ruigang Liang (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Shenchen Zhu (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Pan Li (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yingjun Zhang (Institute of Software, Chinese Academy of Sciences, China), Peizhuo Lv (Institute of Information Engineering, Chinese Academy of Sciences)
Cohere: Managing Differential Privacy in Large Scale Systems
Nicolas Küchler (ETH Zurich), Emanuel Opel (ETH Zurich), Hidde Lycklama (ETH Zurich), Alexander Viand (Intel Labs), Anwar Hithnawi (ETH Zurich)
Janus: Safe Biometric Deduplication for Humanitarian Aid Distribution
Kasra EdalatNejad (EPFL), Wouter Lueks (CISPA Helmholtz Center for Information Security), Justinas Sukaitis (ICRC), Vincent Graf Narbel (ICRC), Massimo Marelli (ICRC), Carmela Troncoso (EPFL)
Break the Wall from bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls
Qi Wang (Tsinghua University), Jianjun Chen (Tsinghua University and Zhongguancun Laboratory), Zheyu Jiang (Tsinghua University), Run Guo (Tsinghua University), Ximeng Liu (Fuzhou University), Chao Zhang (Tsinghua University and Zhongguancun Laboratory), Haixin Duan (Tsinghua University and Zhongguancun Laboratory)
To Auth or Not To Auth? A Comparative Analysis of the Pre- and Post-Login Security Landscape
Jannis Rautenstrauch (CISPA Helmholtz Center for Information Security), Metodi Mitkov (CISPA Helmholtz Center for Information Security), Thomas Helbrecht (CISPA Helmholtz Center for Information Security), Lorenz Hetterich (CISPA Helmholtz Center for Information Security), Ben Stock (CISPA Helmholtz Center for Information Security)
From Principle to Practice: Vertical Data Minimization for Machine Learning
Robin Staab (ETH Zurich), Nikola Jovanovic (ETH Zurich), Mislav Balunovic (ETH Zurich), Martin Vechev (ETH Zurich)
Can we cast a ballot as intended and be receipt free?
Henri Devillez (UCLouvain), Olivier Pereira (MSR and UCLouvain), Thomas Peters (UClouvain), Quentin Yang (INRIA Nancy)
Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction
Bofei Chen (Fudan University), Lei Zhang (Fudan University), Xinyou Huang (Fudan University), Yinzhi Cao (Johns Hopkins University), Keke Lian (Fudan University), Yuan Zhang (Fudan University), Min Yang (Fudan University)
Rethinking IC Layout Vulnerability: Simulation-Based Hardware Trojan Threat Assessment with High Fidelity
Xinming Wei (Peking University), Jiaxi Zhang (Peking University), Guojie Luo (Peking University)
BOLT: Privacy-Preserving, Accurate and Efficient Inference for Transformers
Qi Pang (Carnegie Mellon University), Jinhao Zhu (University of California, Berkeley), Helen Möllering (Technical University of Darmstadt), Wenting Zheng (Carnegie Mellon University), Thomas Schneider (Technical University of Darmstadt), Qi Pang (Carnegie Mellon University)
PromptCARE: Prompt Copyright Protection by Watermark Injection and Verification
Hongwei Yao (Zhejiang University), Jian Lou (ZJU-Hangzhou Global Scientific and Technological Innovation Center), Zhan Qin (Zhejiang University), Kui Ren (Zhejiang University)
Distributed & Scalable Oblivious Sorting and Shuffling
Nicholas Ngai (University of California, Berkeley), Ioannis Demertzis (University of California, Santa Cruz), Javad Ghareh Chamani (Hong Kong University of Science and Technology), Dimitrios Papadopoulos (The Hong Kong University of Science and Technology)
ODSCAN: Backdoor Scanning for Object Detection Models
Siyuan Cheng (Purdue University), Guangyu Shen (Purdue University), Guanhong Tao (Purdue University), Kaiyuan Zhang (Purdue University), Zhuo Zhang (Purdue University), Shengwei An (Purdue University), Xiangzhe Xu (Purdue University), Yingqi Liu (Purdue University), Shiqing Ma (University of Massachusetts, Amherst), Xiangyu Zhang (Purdue University)
Poisoned ChatGPT Finds Work for Idle Hands: Exploring Developers' Coding Practices with Insecure Suggestions from Poisoned AI Models
Sanghak Oh (Sungkyunkwan University), Kiho Lee (Sungkyunkwan University), Seonhye Park (Sungkyunkwan University), Doowon Kim (University of Tennessee), Hyoungshick Kim (Sungkyunkwan University)
DPI: Ensuring Strict Differential Privacy for Infinite Data Streaming
Shuya Feng (University of Connecticut), Meisam Mohammady (Iowa State University), Han Wang (University of Kansas), Xiaochen Li (Zhejiang University), Zhan Qin (Zhejiang University), Yuan Hong (University of Connecticut)
SoK: Prudent Evaluation Practices for Fuzzing
Moritz Schloegel (CISPA Helmholtz Center for Information Security), Nils Bars (CISPA Helmholtz Center for Information Security), Nico Schiller (CISPA Helmholtz Center for Information Security), Lukas Bernhard (CISPA Helmholtz Center for Information Security), Tobias Scharnowski (CISPA Helmholtz Center for Information Security), Addison Crump (CISPA Helmholtz Center for Information Security), Arash Ale Ebrahim (CISPA Helmholtz Center for Information Security), Nicolai Bissantz (Ruhr University Bochum), Marius Muench (University of Birmingham), Thorsten Holz (CISPA Helmholtz Center for Information Security)

Winter Cycle

Secure Ranging with IEEE 802.15.4z HRP UWB
Xiliang Luo (Apple), Cem Kalkanli (Apple), Hao Zhou (Apple), Pengcheng Zhan (Apple), Moche Cohen (Apple)
Sticky Tags: Efficient and Deterministic Spatial Memory Error Mitigation using Persistent Memory Tags
Floris Gorter (Vrije Universiteit Amsterdam), Taddeus Kroes (Vrije Universiteit Amsterdam), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)
Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis
Penghui Li (Zhongguancun Laboratory), Wei Meng (The Chinese University of Hong Kong), Mingxue Zhang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Chenlin Wang (The Chinese University of Hong Kong), Changhua Luo (The Chinese University of Hong Kong), Penghui Li (Zhongguancun Laboratory)
Practical Attacks against DNS Reputation Systems
Tillson Galloway (Georgia Tech), Kleanthis Karakolios (Georgia Tech), Zane Ma (Oregon State University), Roberto Perdisci (University of Georgia), Manos Antonakakis (Georgia Tech), Angelos Keromytis (Georgia Tech)
BAFFLE: Hiding Backdoors in Offline Reinforcement Learning Datasets
Chen Gong (University of Virginia), Zhou Yang (Singapore Management University), Yunpeng Bai (Institute of Automation, Chinese Academy of Sciences), Jieke Shi (Singapore Management University), Junda He (Singapore Management University), Kecen Li (Institute of Automation, Chinese Academy of Sciences), Bowen Xu (North Carolina State University), Arunesh Sinha (Rutgers University), Xinwen Hou (Institute of Automation, Chinese Academy of Sciences), David Lo (Singapore Management University), Tianhao Wang (University of Virginia)
C-FRAME: Characterizing and measuring in-the-wild CAPTCHA attacks
Hoang Dai Nguyen (Louisiana State University), Karthika Subramani (Georgia Institute of Technology), Bhupendra Acharya (CISPA Helmholtz Center for Information Security), Roberto Perdisci (University of Georgia), Phani Vadrevu (Louisiana State University)
A Picture is Worth 500 Labels: A Case Study of Demographic Disparities in Local Machine Learning Models for Instagram and TikTok
Jack West (University of Wisconsin-Madison), Lea Thiemt (Technical Unversity of Munich), Shimaa Ahmed (University of Wisconsin-Madison), Maggie Bartig (University of Wisconsin-Madison), Kassem Fawaz (University of Wisconsin-Madison), Suman Banerjee (University of Wisconsin-Madison)
ERASAN: Efficient Rust Address Sanitizer
Jiun Min (UNIST), Dongyeon Yu (UNIST), Seongyun Jeong (UNIST), Dokyung Song (Yonsei University), Yuseok Jeon (UNIST)
Enforcing End-to-end Security for Remote Conferencing
Yuelin Liu (ShanghaiTech University), Huangxun Chen (HKUST(GZ)), Zhice Yang (ShanghaiTech University)
Understanding Parents' Perceptions and Practices Toward Children's Security and Privacy in Virtual Reality
Jiaxun Cao (Duke Kunshan University), Abhinaya S B (North Carolina State University), Anupam Das (North Carolina State University), Pardis Emami-Naeini (Duke University)
Preserving Node-level Privacy in Graph Neural Networks
Zihang Xiang (King Abdullah University of Science and Technology), Tianhao Wang (University of Virginia), Di Wang (King Abdullah University of Science and Technology)
DeepVenom: Persistent DNN Backdoors Exploiting Transient Weight Perturbations in Memories
Kunbei Cai (University of Central Florida), Md Hafizul Islam Chowdhuryy (University of Central Florida), Zhenkai Zhang (Clemson University), Fan Yao (University of Central Florida)
E-Vote Your Conscience: Perceptions of Coercion and Vote Buying, and the Usability of Fake Credentials in Online Voting
Louis-Henri Merino (EPFL), Alaleh Azhir (MIT), Haoqian Zhang (EPFL), Simone Colombo (EPFL), Bernhard Tellenbach (Armasuisse), Vero Estrada-Galiñanes (EPFL), Bryan Ford (EPFL)
SoK: Security and Privacy of Blockchain Interoperability
Andre Augusto (INESC-ID & Instituto Superior Técnico), Rafael Belchior (INESC-ID & Instituto Superior Técnico), Miguel Nuno Dias Alves Pupo Correia (INESC-ID & Instituto Superior Técnico), Andre Vasconcelos (INESC-ID & Instituto Superior Técnico), Luyao Zhang (Duke Kunshan University), Thomas Hardjono (MIT Connection Science)
Private Analytics via Streaming, Sketching, and Silently Verifiable Proofs
Mayank Rathee (UC Berkeley), Yuwen Zhang (UC Berkeley), Henry Corrigan-Gibbs (MIT), Raluca Ada Popa (UC Berkeley)
Surveilling the Masses with Wi-Fi-Based Positioning Systems
Erik Rye (University of Maryland), Dave Levin (University of Maryland)
SOPHON: Non-Fine-Tunable Learning to Restrain Task Transferability For Pre-trained Models
Jiangyi Deng (Zhejiang University), Shengyuan Pang (Zhejiang University), Yanjiao Chen (Zhejiang University), Liangming Xia (Zhejiang University), Yijie Bai (Zhejiang University), Haiqin Weng (Ant Group), Wenyuan Xu (Zhejiang University)
POMABuster: Detecting Price Oracle Manipulation Attacks in Decentralized Finance
Rui Xi (Department of Electrical and Computer Engineering, University of British Columbia), Zehua Wang (Department of Electrical and Computer Engineering, University of British Columbia), Karthik Pattabiraman (Department of Electrical and Computer Engineering, University of British Columbia)
SoK: Unintended Interactions among Machine Learning Defenses and Risks
Vasisht Duddu (University of Waterloo), Sebastian Szyller (Intel Labs), N. Asokan (University of Waterloo, Aalto University)
Time-Aware Projections: Truly Node-Private Graph Statistics under Continual Observation
Palak Jain (Boston University), Adam Smith (Boston University), Connor Wagaman (Boston University)
An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape
Sifat Muhammad Abdullah (Virginia Tech), Aravind Cheruvu (Virginia Tech), Shravya Kanchi (Virginia Tech), Taejoong Chung (Virginia Tech), Peng Gao (Virginia Tech), Murtuza Jadliwala (University of Texas at San Antonio), Bimal Viswanath (Virginia Tech)
Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software Contributors
Sabrina Amft (CISPA Helmholtz Center for Information Security), Sandra Höltervennhoff (Leibniz University Hannover), Rebecca Panskus (Ruhr University Bochum), Karola Marky (Ruhr University Bochum), Sascha Fahl (CISPA Helmholtz Center for Information Security)
Budget Recycling Differential Privacy
Bo Jiang (TikTok Inc.), Jian Du (TikTok Inc.), Sagar Sharma (TikTok Inc.), Qiang Yan (TikTok Inc.)
LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks
Saad Ullah (Boston University), Mingji Han (Boston University), Saurabh Pujar (IBM Research), Hammond Pearce (UNSW Sydney), Ayse Kivilcim Coskun (Boston University), Gianluca Stringhini (Boston University)
On (the Lack of) Code Confidentiality in Trusted Execution Environments
Ivan Puddu (ETH Zurich), Moritz Schneider (ETH Zurich), Daniele Lain (ETH Zurich), Stefano Boschetto (ETH Zurich), Srdjan Capkun (ETH Zurich)
FCert: Certifiably Robust Few-Shot Classification with Foundation Models
Yanting Wang (The Pennsylvania State University), Wei Zou (The Pennsylvania State University), Jinyuan Jia (The Pennsylvania State University)
Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing Factors
Taylor R. Schorlemmer (Purdue University), Kelechi G. Kalu (Purdue University), Luke Chigges (Purdue University), Kyung Myung Ko (Purdue University), Eman Abdul-Muhd Abu Ishgair (Purdue University), Saurabh Bagchi (Purdue University), Santiago Torres-Arias (Purdue University), James C. Davis (Purdue University)
Nightshade: Prompt-Specific Poisoning Attacks on Text-to-Image Generative Models
Shawn Shan (University of Chicago), Wenxin Ding (University of Chicago), Josephine Passananti (University of Chicago), Stanley Wu (University of Chicago), Haitao Zheng (University of Chicago), Ben Y. Zhao (University of Chicago)
Node-aware Bi-smoothing: Certified Robustness against Graph Injection Attacks
Yuni LAI (The Hong Kong Polythechnic University), Yulin ZHU (The Hong Kong Polythechnic University), Bailin PAN (The Hong Kong Polythechnic University), Kai ZHOU (The Hong Kong Polythechnic University)
SoK: Technical Implementation and Human Impact of Internet Privacy Regulations
Eleanor Birrell (Pomona College), Jay Rodolitz (Northeastern University), Angel Ding (Wellesley College), Jenna Lee (University of Washington), Emily McReynolds (Sony AI), Jevan Hutson (Hintze Law PLLC), Ada Lerner (Northeaster University)
CaFA: Cost-aware, Feasible Attacks With Database Constraints Against Neural Tabular Classifiers
Matan Ben-Tov (Tel Aviv University), Daniel Deutch (Tel Aviv University), Nave Frost (eBay), Mahmood Sharif (Tel Aviv University)
Real-Time Website Fingerprinting Defense via Traffic Cluster Anonymization
Meng Shen (School of Cyberspace Science and Technology, Beijing Institute of Technology), Kexin Ji (School of Computer Science, Beijing Institute of Technology), Jinhe Wu (School of Cyberspace Science and Technology, Beijing Institute of Technology), Qi Li (Institute for Network Sciences and Cyberspace, Tsinghua University), Xiangdong Kong (School of Cyberspace Science and Technology, Beijing Institute of Technology), Ke Xu (Department of Computer Science and Technology, Tsinghua University), Liehuang Zhu (School of Cyberspace Science and Technology, Beijing Institute of Technology)
Pulling Off The Mask: Forensic Analysis of the Deceptive Creator Wallets Behind Smart Contract Fraud
Mingxuan Yao (Georgia Institute of Technology), Runze Zhang (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Ryan Chou (Georgia Institute of Technology), Varun Chowdhary Paturi (Georgia Institute of Technology), Amit Kumar Sikder (Georgia Institute of Technology), Brendan Saltaformaggio (Georgia Tech)
Towards Smart Contract Fuzzing on GPU
Weimin Chen (The Hong Kong Polytechnic University), Xiapu Luo (The Hong Kong Polytechnic University), Haipeng Cai (Washington State University), Haoyu Wang (Huazhong University of Science and Technology)
SoK: A Comprehensive Analysis and Evaluation of Docker Container Attack and Defense Mechanisms
MD SADUN HAQ (The University Of Texas At San Antonio), THIEN DUC NGUYEN (The Technical University of Darmstadt), FRANZISKA VOLMER (The Technical University of Darmstadt), ALI SAMAN TOSUN (The University Of North Carolina At Pembroke), AHMAD REZA SADEGHI (The Technical University of Darmstadt), TURGAY KORKMAZ (The University Of Texas At San Antonio), MD SADUN HAQ (The University Of Texas At San Antonio)
Need for Speed: Taming Backdoor Attacks with Speed and Precision
Zhuo Ma (Xidian University), Yilong Yang (Xidian University), Yang Liu (Xidian University), Tong Yang (Peking University), Xinjing Liu (Xidian University), Teng Li (Xidian University), Zhan Qin (Zhejiang University)
Revisiting Black-box Ownership Verification for Graph Neural Networks
Ruikai Zhou (University of Utah), Kang Yang (University of Utah), Xiuling Wang (Stevens Insititute of Technology), Wendy Hui Wang (Stevens Insititute of Technology), Jun Xu (University of Utah)
Routing Attacks on Cryptocurrency Mining Pools
Muoi Tran (ETH Zürich), Theo von Arx (ETH Zürich), Laurent Vanbever (ETH Zürich)
Measure-Observe-Remeasure: An Interactive Paradigm for Differentially-Private Exploratory Analysis
Priyanka Nanayakkara (Northwestern University), Hyeok Kim (Northwestern University), Yifan Wu (Northwestern University), Ali Sarvghad (UMass Amherst), Narges Mahyar (UMass Amherst), Gerome Miklau (UMass Amherst), Jessica Hullman (Northwestern University)
Efficient Actively Secure DPF and RAM-based 2PC with One-Bit Leakage
Wenhao Zhang (Northwestern University), Xiaojie Guo (Nankai University, State Key Laboratory of Cryptology), Kang Yang (State Key Laboratory of Cryptology), Ruiyu Zhu (No Affiliation), Yu Yu (Shanghai Jiao Tong University, Shanghai Qi Zhi Institute), Xiao Wang (Northwestern University)
Children, Parents, and Misinformation on Social Media
Filipo Sharevski (DePaul University), Jennifer Vander Loop (DePaul University)
ARMOR: A Formally Verified Implementation of X.509 Certificate Chain Validation
Joyanta Debnath (Stony Brook University), Christa Jenkins (Stony Brook University), Yuteng SUN (The Chinese University of Hong Kong), Sze Yiu Chau (The Chinese University of Hong Kong), Omar Chowdhury (Stony Brook University)
Private Hierarchical Governance for Encrypted Messaging
Armin Namavari (Cornell Tech), Barry Wang (Cornell University), Sanketh Menda (Cornell Tech), Ben Nassi (Cornell Tech), Nirvan Tyagi (Stanford University and University of Washington), James Grimmelmann (Cornell University), Amy Zhang (University of Washington), Thomas Ristenpart (Cornell Tech)
CryptoVampire: Automated Reasoning for the Complete Symbolic Attacker Cryptographic Model
Simon Jeanteur (TU Wien), Laura Kovács (TU Wien), Matteo Maffei (TU Wien), Michael Rawson (TU Wien)
DP-Auditorium: a Large Scale Library for Auditing Differential Privacy
William Kong (Google), Andres Muñoz Medina (Google), Monica Ribero (Google), Umar Syed (Google)
SINBAD: Saliency-informed detection of breakage caused by ad blocking
Saiid El Hajj Chehade (EPFL), Sandra Siby (Imperial College London), Carmela Troncoso (EPFL)
Learn What You Want to Unlearn: Unlearning Inversion Attacks against Machine Unlearning
Hongsheng Hu (CSIRO's Data61), Shuo Wang (Shanghai Jiao Tong University), Tian Dong (Shanghai Jiao Tong University), Minhui Xue (CSIRO's Data61)
Exploring the Orthogonality and Linearity of Backdoor Attacks
Kaiyuan Zhang (Purdue University), Siyuan Cheng (Purdue University), Guangyu Shen (Purdue University), Guanhong Tao (Purdue University), Shengwei An (Purdue University), Anuran Makur (Purdue University), Shiqing Ma (UMass Amherst), Xiangyu Zhang (Purdue University)
LACMUS: Latent Concept Masking for General Robustness Enhancement of DNNs
Shuo Wang (Shanghai Jiao Tong University), Hongsheng Hu (CSIRO's Data61), Jiamin Chang (University of New South Wales), Benjamin Zi Hao Zhao (Macquarie University), Minhui Xue (CSIRO's Data61)
BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting
Huming Qiu (Fudan University), Junjie Sun (Fudan University), Mi Zhang (Fudan University), Xudong Pan (Fudan University), Min Yang (Fudan University)
From Virtual Touch to Tesla Command: Unlocking Unauthenticated Control Chains From Smart Glasses for Vehicle Takeover
Xingli Zhang (University of Louisiana at Lafayette), Yazhou Tu (University of Louisiana at Lafayette), Yan Long (University of Michigan), Liqun Shan (University of Louisiana at Lafayette), Mohamed A Elsaadani (University of Louisiana at Lafayette), Kevin Fu (Northeastern University), Zhiqiang Lin (Ohio State University), Xiali Hei (University of Louisiana at Lafayette)
"Watching over the shoulder of a professional": Why hackers make mistakes and how they fix them
Irina Ford (Arizona State University), Ananta Soneji (Arizona State University), Faris Bugra Kokulu (Arizona State University), Jayakrishna Vadayath (Arizona State University), Zion Leonahenahe Basque (Arizona State University), Gaurav Vipat (Arizona State University), Adam Doupé (Arizona State University), Ruoyu Wang (Arizona State University), Gail-Joon Ahn (Arizona State University), Tiffany Bao (Arizona State University), Yan Shoshitaishvili (Arizona State University)
Leveraging Prefix Structure to Detect Volumetric DDoS Attack Signatures with Programmable Switches
Chris Misa (University of Oregon), Ram Durairajan (University of Oregon), Arpit Gupta (UCSB), Reza Rejaie (University of Oregon), Walter Willinger (NIKSUN, Inc.)
AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource Management
Jennifer Sheldon (University of Florida), Weidong Zhu (University of Florida), Adnan Abdullah (University of Florida), Sri Hrushikesh Varma Bhupathiraju (University of Florida), Takeshi Sugawara (The University of Electro-Communications), Kevin Butler (University of Florida), Md Jahidul Islam (University of Florida), Sara Rampazzi (University of Florida)
Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web Applications
Enze Wang (National University of Defense Technology), Jianjun Chen (Tsinghua University), Wei Xie (College of Computer, National University of Defense Technology), Chuhan Wang (Tsinghua University), Yifei Gao (National University of Defense Technology), Zhenhua Wang (College of Computer, National University of Defense Technology), Haixin Duan (Tsinghua University), Baosheng Wang (National University of Defense Technology), Liu Yang (Nanyang Technological University)
SHERPA: Explainable Robust Algorithms for Privacy-preserved Federated Learning in Future Networks to Defend against Data Poisoning Attacks
Chamara Sandeepa (University College Dublin), Bartlomiej Siniarski (University College Dublin), Shen Wang (University College Dublin), Madhusanka Liyanage (University College Dublin)
Larger-scale Nakamoto-style Blockchains Don't Necessarily Offer Better Security
Jannik Albrecht (Ruhr University Bochum), Sebastien Andreina (NEC Laboratories Europe), Frederik Armknecht (University of Mannheim), Ghassan Karame (Ruhr-University Bochum), Giorgia Marson (NEC Laboratories Europe), Julian Willingmann (Ruhr-University Bochum)
Large-Scale Study of Vulnerability Scanners for Ethereum Smart Contracts
Christoph Sendner (University of Würzburg), Lukas Petzi (University of Würzburg), Jasper Stang (University of Würzburg), Alexandra Dmitrienko (University of Würzburg)
Few-shot Unlearning
Youngsik Yoon (POSTECH), Jinhwan Nam (POSTECH), Hyojeong Yun (POSTECH), Jaeho Lee (POSTECH), Dongwoo Kim (POSTECH), Jungseul Ok (POSTECH)
INTFAIL: Using Spurious #VC Interrupts to Break AMD SEV-SNP
Benedict Schlüter (ETH Zurich), Supraja Sridhara (ETH Zurich), Andrin Bertschi (ETH Zurich), Shweta Shinde (ETH Zurich)
Attacking Byzantine Robust Aggregation in High Dimensions
Sarthak Choudhary (National University of Sinagpore), Aashish Kolluri (National University of Singapore), Prateek Saxena (National University of Singapore)
On Large Language Models' Resilience to Coercive Interrogation
Zhuo Zhang (Purdue University), Guangyu Shen (Purdue University), Guanhong Tao (Purdue University), Siyuan Cheng (Purdue University), Xiangyu Zhang (Purdue University)
Obelix: Mitigating Side-Channels through Dynamic Obfuscation
Jan Wichelmann (University of Lübeck), Anja Rabich (University of Lübeck), Anna Pätschke (University of Lübeck), Thomas Eisenbarth (University of Lübeck)
Non-Atomic Arbitrage in Decentralized Finance
Lioba Heimbach (ETH Zurich), Vabuk Pahari (MPI-SWS), Eric Schertenleib (unaffiliated)
One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices
Marco Chilese (Technical University Darmstadt), Richard Mitev (Technical University Darmstadt), Meni Orenbach (NVIDIA), Robert Thorburn (University of Southampton), Ahmad Atamli (NVIDIA & University of Southampton), Ahmad-Reza Sadeghi (Technical University Darmstadt)
Securely Fine-tuning Pre-trained Encoders Against Adversarial Examples
Ziqi Zhou (Huazhong University of Science and Technology), Minghui Li (Huazhong University of Science and Technology), Wei Liu (Huazhong University of Science and Technology), Shengshan Hu (Huazhong University of Science and Technology), Yechao Zhang (Huazhong University of Science and Technology), Wei Wan (Huazhong University of Science and Technology), Lulu Xue (Huazhong University of Science and Technology), Leo Yu Zhang (Griffith University), Dezhong Yao (Huazhong University of Science and Technology), Hai Jin (Huazhong University of Science and Technology)
LLMIF: Augmented Large Language Model for Fuzzing IoT Devices
Jincheng Wang (The Hong Kong Polytechnic University), Le Yu (Nanjing University of Posts and Telecommunications), Xiapu Luo (The Hong Kong Polytechnic University), Jincheng Wang (The Hong Kong Polytechnic University)
CoreLocker: Neuron-level Usage Control
Zihan Wang (The University of Queensland), Zhongkui Ma (The University of Queensland), Xinguo Feng (The University of Queensland), Ruoxi Sun (CSIRO's Data61), Hu Wang (The University of Adelaide), Minhui Xue (CSIRO's Data61), Guangdong Bai (The University of Queensland)
A Security Analysis of Honey Vaults
Fei Duan (Nankai University), Ding Wang (Nankai University), Chunfu Jia (Nankai University), Zhenduo Hou (Nankai University)
From Chatbots to Phishbots?: Phishing Scam Generation in Commercial Large Language Models
Sayak Saha Roy (University of Texas at Arlington), Poojitha Thota (University of Texas at Arlington), Krishna Vamsi Naragam (University of Texas at Arlington), Shirin Nilizadeh (University of Texas at Arlington)

Spring Cycle

No Easy Way Out: the Effectiveness of Deplatforming an Extremist Forum to Suppress Hate and Harassment
Anh V. Vu (University of Cambridge), Alice Hutchings (University of Cambridge), Ross Anderson (University of Cambridge and Edinburgh)
GrOVe: Ownership Verification of Graph Neural Networks using Embeddings
Asim Waheed (University of Waterloo), Vasisht Duddu (University of Waterloo), N. Asokan (University of Waterloo and Aalto University)
Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security
Alfusainey Jallow (CISPA Helmholtz Center for Information Security), Michael Schilling (CISPA Helmholtz Center for Information Security), Michael Backes (CISPA Helmholtz Center for Information Security), Sven Bugiel (CISPA Helmholtz Center for Information Security)
SATURN: Host-Gadget Synergistic USB Driver Fuzzing
Yiru Xu (Tsinghua University), Hao Sun (Tsinghua University), Jianzhong Liu (Tsinghua University), Yuheng Shen (Tsinghua University), Yu Jiang (Tsinghua University)
NetShuffle: Circumventing Censorship with Shuffle Proxies at the Edge
Patrick Tser Jern Kon (Rice University), Aniket Gattani (Rice University), Dhiraj Saharia (Georgetown University), Tianyu Cao (Rice University), Diogo Barradas (University of Waterloo), Ang Chen (Rice University), Micah Sherr (Georgetown University), Benjamin E. Ujcich (Georgetown University)
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets
Xiang Li (Tsinghua University), Wei Xu (Tsinghua University), Baojun Liu (Tsinghua University), Mingming Zhang (Tsinghua University), Zhou Li (University of California, Irvine), Jia Zhang (Tsinghua University), Deliang Chang (QI-ANXIN Technology Research Institute), Xiaofeng Zheng (Tsinghua University), Chuhan Wang (Tsinghua University), Jianjun Chen (Tsinghua University), Haixin Duan (Tsinghua University), Qi Li (Tsinghua University), Deliang Chang (QI-ANXIN Technology Research Institute)
No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML
Ziqi Zhang (Peking University), Chen Gong (Peking University), Yifeng Cai (Peking University), Yuanyuan Yuan (HKUST), Bingyan Liu (BUPT), Shuai Wang (HKUST), Ding Li (Peking University), Yao Guo (Peking University), Xiangqun Chen (Peking University)
BENZENE: A Practical Root Cause Analysis System with an Under-Constrained State Mutation
Younggi Park (Korea University), Hwiwon Lee (Korea University), Jinho Jung (Ministry of National Defense), Hyungjoon Koo (Sungkyunkwan University), Huy Kang Kim (Korea University)
BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect
Cristiano Rodrigues (Universidade do Minho), Daniel Oliveira (Universidade do Minho), Sandro Pinto (Universidade do Minho)
Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs
Hans Winderix (imec-DistriNet, KU Leuven), Marton Bognar (imec-DistriNet, KU Leuven), Job Noorman (imec-DistriNet, KU Leuven), Lesly-Ann Daniel (imec-DistriNet, KU Leuven), Frank Piessens (imec-DistriNet, KU Leuven)
MQTTactic: Security Analysis and Verification for Logic Flaws in MQTT Implementations
Bin Yuan (Huazhong University of Science and Technology), Zhanxiang Song (Huazhong University of Science and Technology), Yan Jia (Nankai University), Zhenyu Lu (Huazhong University of Science and Technology), Deqing Zou (Huazhong University of Science and Technology), Hai Jin (Huazhong University of Science and Technology), Luyi Xing (Indiana University Bloomington)
To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux' Wireless Stacks through VirtIO Devices
Jan Sönke Huster (TU Darmstadt, SEEMOO), Matthias Hollick (TU Darmstadt, SEEMOO), Jiska Classen (TU Darmstadt, SEEMOO)
INVISILINE: Invisible Plausibly-Deniable Storage
Sandeep Kiran Pinjala (Stony Brook University), Bogdan Carbunar (Florida International University), Anrin Chakraborti (University of Illinois Chicago), Radu Sion (Stony Brook University), Bogdan Carbunar (FIU)
KAIROS: Practical Intrusion Detection and Investigation using Whole-system Provenance
Zijun Cheng (School of Cyber Security, University of Chinese Academy of Sciences), Qiujian Lv (Institute of Information Engineering, Chinese Academy of Sciences), Jinyuan Liang (University of British Columbia), Yan Wang (Institute of Information Engineering, Chinese Academy of Sciences), Degang Sun (Institute of Information Engineering, Chinese Academy of Sciences), Thomas Pasquier (University of British Columbia), Xueyuan Han (Wake Forest University)
SoK: Safer Digital-Safety Research Involving At-Risk Users
Rosanna Bellini (Cornell Tech, New York City, New York, United States), Emily Tseng (Cornell Tech, New York, New York, United States), Noel Warford (University of Maryland, College Park, Maryland, United States), Alaa Daffalla (Cornell University, New York, New York, United States), Tara Matthews (Google, Mountain View, California, United States), Sunny Consolvo (Google, Mountain View, California, United States), Jill Palzkill Woelfer (JumpCloud, Louisville, Colorado, United States), Patrick Gage Kelley (Google, New York, New York, United States), Michelle L. Mazurek (University of Maryland, College Park, Maryland, United States), Dana Cuomo (Women's, Gender and Sexuality Studies, Lafayette College, Easton, Pennsylvania, United States), Nicola Dell (Jacobs Institute, Cornell Tech, New York, New York, United States), Thomas Ristenpart (Cornell Tech, New York, New York, United States), Jill Palzkill Woelfer (Google, Mountain View, California, United States)
SwiftRange: A Short and Efficient Zero-Knowledge Range Argument For Confidential Transactions and More
Nan Wang (Australian National University and CSIRO's Data61), Sid Chi-Kin Chau (Australian National University and CSIRO's Data61), DongXi Liu (CSIRO's Data61), Nan Wang (Australian National University), Sid Chi-Kin Chau (Australian National University)
Do You Play It by the Books? A Study on Incident Response Playbooks and Influencing Factors
Daniel Schlette (University of Regensburg), Philip Empl (University of Regensburg), Marco Caselli (Siemens AG), Thomas Schreck (HM Munich University of Applied Sciences), Günther Pernul (University of Regensburg)
mimoCrypt: Multi-User Privacy-Preserving Wi-Fi Sensing via MIMO Encryption
Jun Luo (Nanyang Technological University), Hangcheng Cao (Hunan University), Hongbo Jiang (Hunan University), Yanbing Yang (Sichuan University), Zhe Chen (Fudan University)
Dropout Attacks
Andrew Yuan (Northeastern University), Alina Oprea (Northeastern University), Cheng Tan (Northeastern University)
Synq: Public Policy Analytics Over Encrypted Data
Zachary Espiritu (MongoDB), Marilyn George (MongoDB), Seny Kamara (MongoDB and Brown University), Lucy Qin (Brown University)
Serberus: Protecting Cryptographic Code from Spectres at Compile-Time
Nicholas Mosier (Stanford University), Hamed Nemati (CISPA Helmholtz Center for Information Security), John C. Mitchell (Stanford University), Caroline Trippel (Stanford University)
JASMINE: Scale up JavaScript Static Security Analysis with Computation-based Semantic Explanation
Feng Xiao (Georgia tech), Zhongfu Su (Wuhan University), GuangLiang Yang (Fudan University), Wenke Lee (Georgia Tech)
UnTrustZone: Systematic Accelerated Aging to Expose On-chip Secrets
Jubayer Mahmod (Virginia Tech), Matthew Hicks (Virginia Tech)
The Role of User-Agent Interactions on Mobile Money Practices in Kenya and Tanzania
Karen Sowon (Carnegie Mellon University), Edith Luhanga (Carnegie Mellon University - Africa), Lorrie Cranor (Carnegie Mellon University), Giulia Fanti (Carnegie Mellon University), Conrad Tucker (Carnegie Mellon University), Assane Gueye (Carnegie Mellon University - Africa)
Predecessor-aware Directed Greybox Fuzzing
Yujian Zhang (Southeast University), Yaokun Liu (Southeast University), Jinyu Xu (Southeast University), Yanhao Wang (NIO)
AFGen: Whole-Function Fuzzing for Applications and Libraries
Yuwei Liu (Institute of Software, Chinese Academy of Sciences), Yanhao Wang (Institute of Software, Chinese Academy of Sciences), Xiangkun Jia (Institute of Software, Chinese Academy of Sciences), Zheng Zhang (Ocean University of China), Purui Su (Institute of Software, Chinese Academy of Sciences)
You Only Prompt Once: On the Capabilities of Prompt Learning on Large Language Models to Tackle Toxic Content
Xinlei He (CISPA Helmholtz Center for Information Security), Savvas Zannettou (TU Delft), Yun Shen (NetApp), Yang Zhang (CISPA Helmholtz Center for Information Security)
PIRANA: Faster Multi-query PIR via Constant-weight Codes
Jian Liu (Zhejiang University), Jingyu Li (Zhejiang University), Di Wu (Zhejiang University), Kui Ren (Zhejiang University)
Sweep-UC: Swapping Coins Privately
Lucjan Hanzlik (CISPA), Julian Loss (CISPA), Sri AravindaKrishnan Thyagarajan (NTT Research), Benedikt Wagner (CISPA and Saarland University)
BounceAttack: A Query-Efficient Decision-based Adversarial Attack by Bouncing into the Wild
Jie Wan (Zhejiang University), Jianhao Fu (Zhejiang University), Lijin Wang (Zhejiang University), Ziqi Yang (Zhejiang University)
Universal Neural-Cracking-Machines: Self-Configurable Password Models from Auxiliary Data
Dario Pasquini (EPFL), Giuseppe Ateniese (George Mason University), Carmela Troncoso (EPFL)
DeepShuffle: A Lightweight Defense Framework against Adversarial Fault Injection Attacks on Deep Neural Networks in Multi-Tenant Cloud-FPGA
Yukui Luo (Northeastern University), Adnan Siraj Rakin (Binghamton University), Deliang Fan (Arizona State University), Xiaolin Xu (Northeastern University)
Efficient and Generic Microarchitectural Hash-Function Recovery
Lukas Gerlach (CISPA Helmholtz Center for Information Security), Simon Schwarz (Saarland University, Saarland Informatics Campus), Nicolas FaroàŸ (Saarland University, Department of Mathematics), Michael Schwarz (CISPA Helmholtz Center for Information Security)
Device-Oriented Group Messaging: A Formal Cryptographic Analysis of Matrix' Core
Daniel Jones (Information Security Group, Royal Holloway, University of London), Martin Albrecht (King's College London), Benjamin Dowling (Security of Advanced Systems Group, University of Sheffield)
Security, Privacy, and Data-sharing Trade-offs When Moving to the United States: Insights from a Qualitative Study
Mindy Tran (Paderborn University & The George Washington University), Collins W. Munyendo (The George Washington University), Harshini Sri Ramulu (Paderborn University & The George Washington University), Rachel Gonzalez Rodriguez (The George Washington University), Luisa Ball Schnell (The George Washington University), Cora Sula (The George Washington University), Lucy Simko (The George Washington University), Yasemin Acar (Paderborn University & The George Washington University)
Side-Channel-Assisted Reverse-Engineering of Encrypted DNN Hardware Accelerator IP and Attack Surface Exploration
Cheng Gongye (Northeastern University), Yukui Luo (Northeastern University), Xiaolin Xu (Northeastern University), Yunsi Fei (Northeastern University)
Understanding and Bridging the Gap Between Unsupervised Network Representation Learning and Security Analytics
Jiacen Xu (University of California, Irvine), Xiaokui Shu (IBM Research), Zhou Li (University of California, Irvine)
SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth
Jianliang Wu (Purdue University & Simon Fraser University), Ruoyu Wu (Purdue University), Dongyan Xu (Purdue University), Dave (Jing) Tian (Purdue University), Antonio Bianchi (Purdue University)
LOKI: Large-scale Data Reconstruction Attack against Federated Learning through Model Manipulation
Joshua C. Zhao (Purdue University), Atul Sharma (Purdue University), Ahmed Roushdy Elkordy (University of Southern California), Yahya H. Ezzeldin (University of Southern California), Salman Avestimehr (University of Southern California), Saurabh Bagchi (Purdue University)
DeepTheft: Stealing DNN Model Architectures through Power Side Channel
Yansong Gao (CSIRO's Data61), Huming Qiu (Fudan University), Zhi Zhang (The University of Western Australia), Binghui Wang (Illinois Institute of Technology), Hua Ma (The University of Adelaide), Alsharif Abuadbba (CSIRO's Data61), Minhui Xue (CSIRO's Data61), Anmin Fu (Nanjing University of Science and Technology), Surya Nepal (CSIRO's Data61), Huming Qiu (Nanjing University of Science and Technology)
Certifying Zero-Knowledge Circuits with Refinement Types
Junrui Liu (University of California, Santa Barbara), Ian Kretz (The University of Texas at Austin), Hanzhi Liu (University of California, Santa Barbara / Veridise Inc.), Bryan Tan (Veridise Inc.), Jonathan Wang (Axiom), Yi Sun (Axiom), Luke Pearson (Polychain Capital), Anders Miltner (Simon Fraser University), Işıl Dillig (The University of Texas at Austin / Veridise Inc.), Yu Feng (University of California, Santa Barbara / Veridise Inc.)
Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices
Hadi Givehchian (UC San Diego), Nishant Bhaskar (UC San Diego), Alexander Redding (UC San Diego), Han Zhao (UC San Diego), Aaron Schulman (UC San Diego), Dinesh Bharadia (UC San Diego)
MMBD: Post-Training Detection of Backdoor Attacks with Arbitrary Backdoor Pattern Types Using a Maximum Margin Statistic
Hang Wang (Pennsylvania State University), Zhen Xiang (University of Illinois Urbana-Champaign), David J. Miller (Pennsylvania State University), George Kesidis (Pennsylvania State University)
Withdrawing is believing? Detecting Inconsistencies Between Withdrawal Choices and Third-party Data Collections in Mobile Apps
Xiaolin Du (Fudan University), Zhemin Yang (Fudan University), Jiapeng Lin (Fudan University), Yinzhi Cao (Johns Hopkins University), Min Yang (Fudan University), Yinzhi Cao (Johns Hopkins University)
It's Simplex! Disaggregating Measures to Improve Certified Robustness
Andrew C. Cullen (University of Melbourne), Paul Montague (DST Group), Shijie Liu (University of Melbourne), Sarah M. Erfani (University of Melbourne), Benjamin I.P. Rubinstein (University of Melbourne)
Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities
Julia Wunder (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Andreas Kurtz (Heilbronn University of Applied Sciences), Christian Eichenmüller (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Freya Gassmann (Rheinland-Pfälzische Technische Universität Kaiserslautern-Landau (RPTU)), Zinaida Benenson (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU))
Digital Security — A Question of Perspective. A Large-Scale Telephone Survey with Four At-Risk User Groups
Franziska Herbert (Ruhr University Bochum), Steffen Becker (Ruhr University Bochum, Max Planck Institute for Security and Privacy), Annalina Buckmann (Ruhr University Bochum), Marvin Kowalewski (Ruhr University Bochum), Jonas Hielscher (Ruhr University Bochum), Yasemin Acar (Paderborn University), Markus Dürmuth (Leibniz University Hannover), Yixin Zou (Max Planck Institute for Security and Privacy), Angela Sasse (Ruhr University Bochum), Yasemin Acar (Paderborn University & George Washington University)
APP-Miner: Detecting API Misuses via Automatically Mining API Path Patterns
Jiasheng Jiang (Institute of Software, Chinese Academy of Sciences), Jingzheng Wu (Institute of Software, Chinese Academy of Sciences), Xiang Ling (Institute of Software, Chinese Academy of Sciences), Tianyue Luo (Institute of Software, Chinese Academy of Sciences), Sheng Qu (Institute of Software, Chinese Academy of Sciences), Yanjun Wu (Institute of Software, Chinese Academy of Sciences)
Test-Time Poisoning Attacks Against Test-Time Adaptation Models
Tianshuo Cong (Tsinghua University), Xinlei He (CISPA Helmholtz Center for Information Security), Yun Shen (NetApp), Yang Zhang (CISPA Helmholtz Center for Information Security)
Guessing on Dominant Paths: Understanding the Limitation of Wireless Authentication Using Channel State Information
Zhe Qu (Central South University), Rui Duan (University of South Florida), Xiao Han (University of South Florida), Shangqing Zhao (University of Oklahoma), Yao Liu (University of South Florida), Zhuo Lu (University of South Florida)
PassREfinder: Credential Stuffing Risk Prediction by Representing Password Reuse between Websites on a Graph
Jaehan Kim (Korea Advanced Institute of Science and Technology (KAIST)), Minkyoo Song (Korea Advanced Institute of Science and Technology (KAIST)), Minjae Seo (Korea Advanced Institute of Science and Technology (KAIST)), Youngjin Jin (Korea Advanced Institute of Science and Technology (KAIST)), Seungwon Shin (Korea Advanced Institute of Science and Technology (KAIST))
SoK: Explainable Machine Learning in Adversarial Environments
Maximilian Noppel (Karlsruhe Institute of Technology (KIT)), Christian Wressnegger (Karlsruhe Institute of Technology (KIT))
Titan : Efficient Multi-target Directed Greybox Fuzzing
Heqing Huang (The Hong Kong University of Science and Technology), Peisen Yao (Zhejiang University), CHIU Hung-Chun (The Hong Kong University of Science and Technology), Yiyuan Guo (The Hong Kong University of Science and Technology), Charles Zhang (The Hong Kong University of Science and Technology)
Secure Messaging with Strong Compromise Resilience, Temporal Privacy, and Immediate Decryption
Cas Cremers (CISPA Helmholtz Center for Information Security), Mang Zhao (CISPA Helmholtz Center for Information Security)
Automated Synthesis of Effect Graph Policies for Microservice-Aware Stateful System Call Specialization
William Blair (Boston University), Frederico Araujo (IBM Research), Teryl Taylor (IBM Research), Jiyong Jang (IBM Research)
PolySphinx: Extending the Sphinx Mix Format With Better Multicast Support
Daniel Schadt (Karlsruhe Institute of Technology), Christoph Coijanovic (Karlsruhe Institute of Technology), Christiane Weis (NEC Labs Europe), Thorsten Strufe (Karlsruhe Institute of Technology)
Revisiting Automotive Attack Surfaces: a Practitioners' Perspective
Pengfei Jing (The Hong Kong Polytechnic University), Zhiqiang Cai (Keen Security Lab, Tencent), Yingjie Cao (The Hong Kong Polytechnic University), Le Yu (The Hong Kong Polytechnic University), Yuefeng Du (Keen Security Lab, Tencent), Wenkai Zhang (Keen Security Lab, Tencent), Chenxiong Qian (University of Hong Kong), Xiapu Luo (The Hong Kong Polytechnic University), Sen Nie (Keen Security Lab, Tencent), Shi Wu (Keen Security Lab, Tencent)
BadVFL: Backdoor Attacks in Vertical Federated Learning
Mohammad Naseri (University College London), Yufei Han (Inria Rennes), Emiliano De Cristofaro (University College London)
The Times They Are A-Changin': Characterizing Post-Publication Changes to Online News
Chris Tsoukaladelis (Stony Brook University), Brian Kondracki (Stony Brook University), Niranjan Balasubramanian (Stony Brook University), Nick Nikiforakis (Stony Brook University)
"False negative - that one is going to kill you." - Understanding Industry Perspectives of Static Analysis based Security Testing
Amit Seal Ami (William & Mary), Kevin Moran (University of Central Florida), Denys Poshyvanyk (William & Mary), Adwait Nadkarni (William & Mary)
The Inventory is Dark and Full of Misinformation: Understanding Ad Inventory Pooling in the Ad-Tech Supply Chain
Yash Vekaria (University of California, Davis), Rishab Nithyanand (University of Iowa), Zubair Shafiq (University of California, Davis)
Attacking and Improving the Tor Directory Protocol
Zhongtang Luo (Purdue University), Adithya Bhat (Purdue University), Kartik Nayak (Duke University), Aniket Kate (Purdue University / Supra)
Injection Attacks Against End-to-End Encrypted Applications
Andres Fabrega (Cornell University), Carolina Ortega Perez (Cornell University), Armin Namavari (Cornell University), Ben Nassi (Cornell Tech), Rachit Agarwal (Cornell University), Thomas Ristenpart (Cornell Tech)
SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices
Qinying Wang (Zhejiang University), Boyu Chang (Zhejiang University), Shouling Ji (Zhejiang University), Yuan Tian (University of California, Los Angelos), Xuhong Zhang (Zhejiang University), Binbin Zhao (Georgia Institute of Technology), Gaoning Pan (Zhejiang University), Chenyang Lyu (Zhejiang University), Mathias Payer (EPFL), Wenhai Wang (Zhejiang University), Raheem Beyah (Georgia Institute of Technology)
Multi-Instance Adversarial Attack on GNN-Based Malicious Domain Detection
Mahmoud Nazzal (New Jersey Institute of Technology, USA), Issa Khalil (Qatar Computing Research Institute, Qatar), Abdallah Khreishah (New Jersey Institute of Technology, USA), NhatHai Phan (New Jersey Institute of Technology, USA), Yao Ma (New Jersey Institute of Technology, USA)
R-CAID: Embedding Root Cause Analysis within Provenance-based Intrusion Detection
Akul Goyal (University of Illinois Urbana Champaign), Gang Wang (University of Illinois Urbana Champaign), Adam Bates (University of Illinois Urbana Champaign)
Formal Model-Driven Analysis of Resilience of GossipSub to Attacks from Misbehaving Peers
Ankit Kumar (Northeastern University), Max von Hippel (Northeastern University), Panagiotis Manolios (Northeastern University), Cristina Nita-Rotaru (Northeastern University)
Sabre: Cutting through Adversarial Noise with Adaptive Spectral Filtering and Input Reconstruction
Alec F Diallo (The University of Edinburgh), Paul Patras (The University of Edinburgh)
hinTS: Threshold Signatures with Silent Setup
Sanjam Garg (UC Berkeley and NTT Research), Abhishek Jain (JHU and NTT Research), Pratyay Mukherjee (Supra Research), Rohit Sinha (Swirlds Labs), Mingyuan Wang (UC Berkeley), Yinuo Zhang (UC Berkeley)
PIANO: Extremely Simple, Single-Server PIR with Sublinear Server Computation
Mingxun Zhou (Carnegie Mellon University), Andrew Park (Carnegie Mellon University), Elaine Shi (Carnegie Mellon University), Wenting Zheng (Carnegie Mellon University)
Ligetron: Lightweight Scalable End-to-End Zero-Knowledge Proofs. Post-Quantum ZK-SNARKs on a Browser
Carmit Hazay (Ligero Inc.), Muthuramakrishnan Venkitasubramaniam (Ligero Inc.), Ruihan Wang (Ligero Inc.)
GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression
Yingchen Wang (The University of Texas at Austin), Riccardo Paccagnella (Carnegie Mellon University), Zhao Gang (The University of Texas at Austin), Willy R. Vasquez (The University of Texas at Austin), David Kohlbrenner (University of Washington), Hovav Shacham (The University of Texas at Austin), Christopher Fletcher (University of Illinois Urbana-Champaign), Riccardo Paccagnella (University of Illinois Urbana-Champaign)
Backdooring Multimodal Learning
Xingshuo Han (Nanyang Technological University), Yutong Wu (Nanyang Technological University), Qingjie Zhang (Shanghai Jiao Tong University), Yuan Zhou (Nanyang Technological University), Yuan Xu (Nanyang Technological University), Han Qiu (Tsinghua University), Guowen Xu (Nanyang Technological University), Tianwei Zhang (Nanyang Technological University)
MAWSEO: Adversarial Wiki Search Poisoning for Illicit Online Promotion
Zilong Lin (Indiana University Bloomington), Zhengyi Li (Indiana University Bloomington), Xiaojing Liao (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington), Xiaozhong Liu (Worcester Polytechnic Institute)
Distribution Preserving Backdoor Attack in Self-supervised Learning
Guanhong Tao (Purdue University), Zhenting Wang (Rutgers University), Shiwei Feng (Purdue University), Guangyu Shen (Purdue University), Shiqing Ma (Rutgers University), Xiangyu Zhang (Purdue University)
Cerberus: Enabling Efficient and Effective In-Network Monitoring on Programmable Switches
Huancheng Zhou (Texas A&M University), Guofei Gu (Texas A&M University)
Text-CRS: A Generalized Certified Robustness Framework against Textual Adversarial Attacks
Xinyu Zhang (Zhejiang University), Hanbin Hong (University of Connecticut), Yuan Hong (University of Connecticut), Peng Huang (Zhejiang University), Binghui Wang (Illinois Institute of Technology), Zhongjie Ba (Zhejiang University), Kui Ren (Zhejiang University)
Orca: FSS-based Secure Training and Inference with GPUs
Neha Jawalkar (Indian Institute of Science), Kanav Gupta (Microsoft Research), Arkaprava Basu (Indian Institute of Science), Nishanth Chandran (Microsoft Research), Divya Gupta (Microsoft Research), Rahul Sharma (Microsoft Research)
Combing for Credentials: Active Pattern Extraction from Smart Reply
Bargav Jayaraman (University of Virginia), Esha Ghosh (Microsoft Research, Redmond), Melissa Chase (Microsoft Research, Redmond), Sambuddha Roy (Microsoft), Wei Dai (Microsoft Research, Redmond), David Evans (University of Virginia), Huseyin A. Inan (Microsoft)
ALIF: Low-Cost Adversarial Audio Attacks on Black-Box Speech Platforms using Linguistic Features
Peng Cheng (Zhejiang University), Yuwei Wang (Zhejiang University), Peng Huang (Zhejiang University), Zhongjie Ba (Zhejiang University), Xiaodong Lin (University of Guelph), Feng Lin (Zhejiang University), Li Lu (Zhejiang University), Kui Ren (Zhejiang University)
AirTaint: Making Dynamic Taint Analysis Faster and Easier
Qian Sang (Institute of Software, Chinese Academy of Sciences), Yanhao Wang (Institute of Software, Chinese Academy of Sciences), Yuwei Liu (Institute of Software, Chinese Academy of Sciences), Xiangkun Jia (Institute of Software, Chinese Academy of Sciences), Tiffany Bao (Arizona State University), Purui Su (Institute of Software, Chinese Academy of Sciences)
Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements
Cas Cremers (CISPA Helmholtz Center for Information Security), Eyal Ronen (Tel Aviv University), Mang Zhao (CISPA Helmholtz Center for Information Security), Eyal Ronen (Tel Aviv University)
eAUDIT: A Fast, Scalable and Deployable Audit Data Collection System
R. Sekar (Stony Brook University, USA), Hanke Kimm (Stony Brook University, USA), Rohit Aich (Stony Brook University, USA)
Wear's my Data? Understanding the Cross-Device Runtime Permission Model in Wearables
Doguhan Yeke (Purdue University), Muhammad Ibrahim (Purdue University), Güliz Seray Tuncay (Google), Habiba Farrukh (Purdue University), Abdullah Imran (Purdue University), Antonio Bianchi (Purdue University), Z. Berkay Celik (Purdue University)
Don't Shoot the Messenger: Localization Prevention of Satellite Internet Users
David Koisser (Technical University Darmstadt), Richard Mitev (Technical University Darmstadt), Marco Chilese (Technical University Darmstadt), Ahmad-Reza Sadeghi (Technical University Darmstadt)
Why Does Little Robustness Help? A Further Step Towards Understanding Adversarial Transferability
Yechao Zhang (Huazhong University of Science and Technology), Shengshan Hu (Huazhong University of Science and Technology), Leo Yu Zhang (Griffith University), Junyu Shi (Huazhong University of Science and Technology), Minghui Li (Huazhong University of Science and Technology), Xiaogeng Liu (Huazhong University of Science and Technology), Wei Wan (Huazhong University of Science and Technology), Hai Jin (Huazhong University of Science and Technology)
Jbeil: Temporal Graph-Based Inductive Learning to Infer Lateral Movement in Evolving Enterprise Networks
Joseph Khoury (Louisiana State University), Đorđe Klisura (Louisiana State University), Hadi Zanddizari (The Cyber Center for Security and Analytics, The University of Texas at San Antonio, TX, USA), Gonzalo De La Torre Parra (The University of the Incarnate Word, TX, USA), Paul Rad (Open Cloud Institute, The University of Texas at San Antonio, TX, USA), Elias Bou-Harb (Louisiana State University)
Pianist: Scalable zkRollups via Fully Distributed Zero-Knowledge Proofs
Tianyi Liu (University of Illinois Urbana-Champaign), Tiancheng Xie (UC Berkeley), Jiaheng Zhang (UC Berkeley), Dawn Song (UC Berkeley), Yupeng Zhang (University of Illinois Urbana-Champaign), Tianyi Liu (Texas A&M University), Yupeng Zhang (Texas A&M University)
Springproofs: Efficient Inner Product Arguments for Vectors of Arbitrary Length
Jianning Zhang (College of Computer Science & Cyber Science, Nankai University), Ming Su (College of Computer Science & Cyber Science, Nankai University), Xiaoguang Liu (College of Computer Science & Cyber Science, Nankai University), Gang Wang (College of Computer Science & Cyber Science, Nankai University)
SoK: Collusion-resistant Multi-party Private Set Intersections in the Semi-honest Model
Jelle Vos (Delft University of Technology), Mauro Conti (University of Padua), Zekeriya Erkin (Delft University of Technology)
SoK: Privacy-Preserving Data Synthesis
Yuzheng Hu (UIUC), Fan Wu (UIUC), Qinbin Li (National University of Singapore), Yunhui Long (UIUC), Gonzalo Munilla Garrido (Technische Universität München), Chang Ge (University of Minnesota), Bolin Ding (Alibaba Group), David Forsyth (UIUC), Bo Li (UIUC), Dawn Song (UC Berkeley)