FedRecover: Recovering from Poisoning Attacks in Federated Learning using Historical Information
Xiaoyu Cao (Duke University), Jinyuan Jia (Duke University), Zaixi Zhang (University of Science and Technology of China), Neil Zhenqiang Gong (Duke University)
It’s (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
Soheil Khodayari (CISPA Helmholtz Center for Information Security Germany), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security Germany)
Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential Privacy
Wenqiang Ruan (Fudan University China), Mingxin Xu (Fudan University China), Wenjing Fnag (Ant Group China), Li Wang (Ant Group China), Lei Wang (Ant Group China), Weili Han (Fudan University China)
D-DAE: Defense-Penetrating Model Extraction Attacks
Yanjiao Chen (Zhejiang University), Rui Guan (Wuhan University), Xueluan Gong (Wuhan University), Jianshuo Dong (Wuhan University), Meng Xue (Wuhan University)
Examining Zero-Shot Vulnerability Repair with Large Language Models
Hammond Pearce (New York University), Benjamin Tan (University of Calgary), Baleegh Ahmad (New York University), Ramesh Karri (New York University), Brendan Dolan-Gavitt (New York University)
Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities
Erik Trickel (Arizona State University), Fabio Pagani (UC Santa Barbra), Chang Zhu (Arizona State University), Lukas Dresel (UC Santa Barbra), Giovanni Vigna (UC Santa Barbara), Christopher Kruegel (UC Santa Barbara), Ruoyu Wang (Arizona State University), Tiffany Bao (Arizona State University), Yan Shoshitaishvili (Arizona State University), Adam Doupe (Arizona State University)
WeRLman: To Tackle Whale (Transactions), Go Deep (RL)
Roi Bar-Zur (Technion IC3), Ameer Abu-Hanna (Technion), Ittay Eyal (Technion IC3), Aviv Tamar (Technion)
Vulnerability Discovery for All: Experiences of Marginalization in Vulnerability Discovery
Kelsey R. Fulton (University of Maryland), Samantha Katcher (Tufts University), Kevin Song (University of Chicago), Marshini Chetty (University of Chicago), Michelle L. Mazurek (University of Maryland), Daniel Votipka (Tufts University), Chloé Messdaghi (Impactive Consulting)
SQUIP: Exploiting the Scheduler Queue Contention Side Channel
Stefan Gast (Lamarr Security Research Graz University of Technology), Jonas Juffinger (Lamarr Security Research Graz University of Technology), Martin Schwarzl (Graz University of Technology), Gururaj Saileshwar (Georgia Institute of Technology), Andreas Kogler (Graz University of Technology), Simone Franza (Graz University of Technology), Markus Köstl (Graz University of Technology), Daniel Gruss (Lamarr Security Research Graz University of Technology)
SoK: Taxonomy of Attacks on Open-Source Software Supply Chains
Piergiorgio Ladisa (SAP Security Research Université de Rennes 1), Henrik Plate (SAP Security Research), Matias Martinez (Université Polytechnique Hauts-de-France), Olivier Barais (Université de Rennes 1 Inria IRISA)
SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions
Muhammad Adil Inam (University of Illinois at Urbana-Champaign), Yinfang Chen (University of Illinois at Urbana-Champaign), Akul Goyal (University of Illinois at Urbana-Champaign), Jason Liu (University of Illinois at Urbana-Champaign), Jaron Mink (University of Illinois at Urbana-Champaign), Noor Michael (University of Illinois at Urbana-Champaign), Sneha Gaur (University of Illinois at Urbana-Champaign), Adam Bates (University of Illinois at Urbana-Champaign), Wajih Ul Hassan (University of Virginia)
No One Drinks From the Firehose: How Organizations Filter and Prioritize Vulnerability Information
Stephanie de Smale (National Cyber Security Centre The Netherlands & Delft University of Technology The Netherlands), Rik van Dijk (National Cyber Security Centre The Netherlands), Xander Bouwman (Delft University of Technology The Netherlands), Jeroen van der Ham (National Cyber Security Centre The Netherlands & University of Twente The Netherlands), Michel van Eeten (Delft University of Technology The Netherlands)
Rethinking Searchable Symmetric Encryption
Zichen Gui (ETH Zurich Switzerland), Kenneth G. Paterson (ETH Zurich Switzerland), Sikhar Patranabis (IBM Research India)
SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses
Nate Mathews (Rochester Institute of Technology), James K Holland (University of Minnesota), Se Eun Oh (Ewha Womans University), Mohammad Saidur Rahman (Rochester Institute of Technology), Nicholas Hopper (University of Minnesota), Matthew Wright (Rochester Institute of Technology)
SoK: Certified Robustness for Deep Neural Networks
Linyi Li (University of Illinois Urbana-Champaign USA), Tao Xie (Key Laboratory of High Confidence Software Technologies MoE (Peking University) China), Bo Li (University of Illinois Urbana-Champaign USA)
GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics
Shu Wang (George Mason University USA), Xinda Wang (George Mason University USA), Kun Sun (George Mason University USA), Sushil Jajodia (George Mason University USA), Haining Wang (Virginia Tech USA), Qi Li (Tsinghua University China)
AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities
Zheyue Jiang (Fudan University), Yuan Zhang (Fudan University), Jun Xu (University of Utah), Xinqian Sun (Fudan University), Zhuang Liu (Fudan University), Min Yang (Fudan University)
Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects
Xuewei Feng (Tsinghua University China), Qi Li (Tsinghua University and Zhongguancun Lab China), Kun Sun (George Mason University USA), Yuxiang Yang (Tsinghua University), Ke Xu (Tsinghua University and Zhongguancun Lab China)
Inducing Wireless Chargers to Voice Out for Inaudible Command Attacks
Donghui Dai (The Hong Kong Polytechnic University China), Zhenlin An (The Hong Kong Polytechnic University China), Lei Yang (The Hong Kong Polytechnic University China)
IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation
Erik Rye (University of Maryland), Robert Beverly (CMAND)
SCAPHY: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsical
Moses Ike (Georgia Institute of Technology USA), Kandy Phan (Sandia National Labs USA), Keaton Sadoski (Sandia National Labs USA), Romuald Valme (Sandia National Labs USA), Wenke Lee (Georgia Institute of Technology USA)
Skilled or Gullible? Gender Stereotypes Related to Computer Security and Privacy
Miranda Wei (University of Washington USA), Pardis Emami-Naeini (Duke University USA), Franziska Roesner (University of Washington USA), Tadayoshi Kohno (University of Washington USA)
PLA-LiDAR: Physical Laser Attacks against LiDAR-based 3D Object Detection in Autonomous Vehicle
Zizhi Jin (Zhejiang University), Ji Xiaoyu (Zhejiang University), Yushi Cheng (Tsinghua University), Bo Yang (Zhejiang University), Chen Yan (Zhejiang University), Wenyuan Xu (Zhejiang University)
Towards a Rigorous Statistical Analysis of Empirical Password Datasets
Jeremiah Blocki (Purdue University USA), Peiyuan Liu (Purdue University USA)
Spectre Declassified: Reading from the Right Place at the Wrong Time
Basavesh Ammanaghatta Shivakumar (Max Planck Institute for Security and Privacy Germany), Jack Barnes (The University of Adelaide Australia), Gilles Barthe (Max Planck Institute for Security and Privacy Germany; IMDEA Software Institute Spain), Sunjay Cauligi (Max Planck Institute for Security and Privacy Germany), Chitchanok Chuengsatiansup (The University of Adelaide Australia), Daniel Genkin (Georgia Institute of Technology USA), Sioli O'Connell (The University of Adelaide Australia), Peter Schwabe (Max Planck Institute for Security and Privacy Germany; Radboud University Netherlands), Rui Qi Sim (The University of Adelaide Australia), Yuval Yarom (The University of Adelaide Australia)
CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer
Jonas Juffinger (Lamarr Security Research Graz University of Technology Austria), Lukas Lamster (Graz University of Technology Austria), Andreas Kogler (Graz University of Technology Austria), Maria Eichlseder (Graz University of Technology Austria), Moritz Lipp (Amazon Web Services Austria), Daniel Gruss (Graz University of Technology Austria)
Blue's Clues: Practical Discovery of Non-Discoverable Bluetooth Devices
Tyler Tucker (University of Florida), Hunter Searle (University of Florida), Kevin Butler (University of Florida), Patrick Traynor (University of Florida)
D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling
Yapeng Ye (Purdue University USA), Zhuo Zhang (Purdue University USA), Qingkai Shi (Purdue University USA), Yousra Aafer (University of Waterloo Canada), Xiangyu Zhang (Purdue University USA)
UTOPIA: Automatic Generation of Fuzz Driver using Unit Tests
Bokdeuk Jeong (Samsung Research Republic of Korea), Joonun Jang (Samsung Research Republic of Korea), Hayoon Yi (Samsung Research Republic of Korea), Jiin Moon (Samsung Research Republic of Korea), Junsik Kim (Samsung Research Republic of Korea), Intae Jeon (Samsung Research Republic of Korea), Taesoo Kim (Samsung Research Republic of Korea; Georgia Institute of Technology USA), WooChul Shim (Samsung Research Republic of Korea), Yong Ho Hwang (Samsung Research Republic of Korea)
MEGA: Malleable Encryption Goes Awry
Matilda Backendal (ETH Zurich), Haller Miro (ETH Zurich), Kenneth G. Paterson (ETH Zurich)
DeHiREC: Detecting Hidden Voice Recorders via ADC Electromagnetic Radiation
Ruochen Zhou (Zhejiang University), Xiaoyu Ji (Zhejiang University), Chen Yan (Zhejiang University), Yi-Chao Chen (Shanghai Jiao Tong University; Microsoft Research Asia), Wenyuan Xu (Zhejiang University), Chaohao Li (Zhejiang University)
Shedding Light on Inconsistencies in Grid Cybersecurity: Disconnects and Recommendations
Brian Singer (Carnegie Mellon University), Amritanshu Pandey (Carnegie Mellon University), Shimiao Li (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University), Craig Miller (Carnegie Mellon University), Lawrence Pileggi (Carnegie Mellon University), Vyas Sekar (Carnegie Mellon University)
FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation
Nina Bindel (SandboxAQ), Cas Cremers (CISPA Helmholtz Center for Information Security), Mang Zhao (CISPA Helmholtz Center for Information Security)
Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts
Kushal Babel (Cornell Tech), Philip Daian (Cornell Tech), Mahimna Kelkar (Cornell Tech), Ari Juels (Cornell Tech)
Could you clean up the Internet with a Pit of Tar? Investigating tarpit feasibility on Internet worms
Harm Griffioen (Hasso Plattner Institute for Digital Engineering University of Potsdam), Christian Doerr (Hasso Plattner Institute for Digital Engineering University of Potsdam)
Detection of Inconsistencies in Privacy Practices of Browser Extensions
Duc Bui (University of Michigan United States of America), Brian Tang (University of Michigan United States of America), Kang G. Shin (University of Michigan United States of America)
RAB: Provable Robustness Against Backdoor Attacks
Maurice Weber (ETH Zurich Switzerland), Xiaojun Xu (University of Illinois at Urbana-Champaign USA), Bojan Karlas (ETH Zurich Switzerland), Ce Zhang (ETH Zurich Switzerland), Bo Li (University of Illinois at Urbana-Champaign USA)
SoK: Anti-Facial Recognition Technology
Emily Wenger (University of Chicago), Shawn Shan (University of Chicago), Haitao Zheng (University of Chicago), Ben Y. Zhao (University of Chicago)
Deepfake Text Detection: Limitations and Opportunities
Jiameng Pu (Virginia Tech USA), Zain Sarwar (University Of Chicago USA), Sifat Muhammad Abdullah (Virginia Tech USA), Abdullah Rehman (Virginia Tech USA), Yoonjin Kim (Virginia Tech USA), Parantapa Bhattacharya (University Of Virginia USA), Mobin Javed (LUMS Pakistan), Bimal Viswanath (Virginia Tech USA)
PCspooF: Compromising the Safety of Time-Triggered Ethernet
Andrew Loveless (University of Michigan; NASA Johnson Space Center), Linh Thi Xuan Phan (University of Pennsylvania), Ronald Dreslinski (University of Michigan), Baris Kasikci (University of Michigan)
"It's up to the Consumer to be Smart": Understanding the Security and Privacy Attitudes of Smart Home Users on Reddit
Jingjie Li (University of Wisconsin-Madison USA), Kaiwen Sun (University of Michigan USA), Brittany Skye Huff (University of Wisconsin-Madison USA), Anna Marie Bierley (University of Wisconsin-Madison USA), Younghyun Kim (University of Wisconsin-Madison USA), Florian Schaub (University of Michigan USA), Kassem Fawaz (University of Wisconsin-Madison USA)
TEEzz: Fuzzing Trusted Applications on COTS Android Devices
Marcel Busch (EPFL), Aravind Machiry (Purdue University), Chad Spensky (Allthenticate), Giovanni Vigna (University of California Santa Barbara), Christopher Kruegel (University of California Santa Barbara), Mathias Payer (EPFL)
"How technical do you get? I'm an English teacher": Teaching and Learning Cybersecurity and AI Ethics in High School
Zachary Kilhoffer (University of Illinois at Urbana-Champaign USA), Zhixuan Zhou (University of Illinois at Urbana-Champaign USA), Firmiana Wang (University of Illinois Laboratory High School USA), Fahad Tamton (University of Illinois at Urbana-Champaign USA), Yun Huang (University of Illinois at Urbana-Champaign USA), Pilyoung Kim (University of Denver USA), Tom Yeh (University of Colorado Boulder USA), Yang Wang (University of Illinois at Urbana-Champaign USA)