| 2019 | "If HTTPS Were Secure, I Wouldn't Need 2FA" - End User and Administrator Mental Models of HTTPS. Katharina Krombholz, Karoline Busse, Katharina Pfeffer, Matthew Smith, Emanuel von Zezschwitz |
| 2019 | "Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response. Elissa M. Redmiles |
| 2019 | 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019 |
| 2019 | An Extensive Formal Security Analysis of the OpenID Financial-Grade API. Daniel Fett, Pedram Hosseyni, Ralf Küsters |
| 2019 | Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization. Steven H. H. Ding, Benjamin C. M. Fung, Philippe Charland |
| 2019 | Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World. Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher W. Fletcher, Roy H. Campbell, Josep Torrellas |
| 2019 | Beyond Credential Stuffing: Password Similarity Models Using Neural Networks. Bijeeta Pal, Tal Daniel, Rahul Chatterjee, Thomas Ristenpart |
| 2019 | Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon, Hyoungshick Kim, Jinwoo Shin, Yongdae Kim |
| 2019 | Blind Certificate Authorities. Liang Wang, Gilad Asharov, Rafael Pass, Thomas Ristenpart, Abhi Shelat |
| 2019 | Breaking LTE on Layer Two. David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper |
| 2019 | CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut T. Kandemir |
| 2019 | Certified Robustness to Adversarial Examples with Differential Privacy. Mathias Lécuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, Suman Jana |
| 2019 | Characterizing Pixel Tracking through the Lens of Disposable Email Services. Hang Hu, Peng Peng, Gang Wang |
| 2019 | Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning. Milad Nasr, Reza Shokri, Amir Houmansadr |
| 2019 | DEEPSEC: A Uniform Platform for Security Analysis of Deep Learning Model. Xiang Ling, Shouling Ji, Jiaxu Zou, Jiannan Wang, Chunming Wu, Bo Li, Ting Wang |
| 2019 | Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems. Nan Zhang, Xianghang Mi, Xuan Feng, Xiaofeng Wang, Yuan Tian, Feng Qian |
| 2019 | Data Recovery on Encrypted Databases with k-Nearest Neighbor Query Leakage. Evgenios M. Kornaropoulos, Charalampos Papamanthou, Roberto Tamassia |
| 2019 | Demystifying Hidden Privacy Settings in Mobile Apps. Yi Chen, Mingming Zha, Nan Zhang, Dandan Xu, Qianqian Zhao, Xuan Feng, Kan Yuan, Fnu Suya, Yuan Tian, Kai Chen, Xiaofeng Wang, Wei Zou |
| 2019 | Differentially Private Model Publishing for Deep Learning. Lei Yu, Ling Liu, Calton Pu, Mehmet Emre Gursoy, Stacey Truex |
| 2019 | Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate. Emily Stark, Ryan Sleevi, Rijad Muminovic, Devon O'Brien, Eran Messeri, Adrienne Porter Felt, Brendan McMillion, Parisa Tabriz |
| 2019 | Dominance as a New Trusted Computing Primitive for the Internet of Things. Meng Xu, Manuel Huber, Zhichuang Sun, Paul England, Marcus Peinado, Sangho Lee, Andrey Marochko, Dennis Mattoon, Rob Spiger, Stefan Thom |
| 2019 | Drones' Cryptanalysis - Smashing Cryptography with a Flicker. Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici |
| 2019 | EmPoWeb: Empowering Web Applications with Browser Extensions. Dolière Francis Somé |
| 2019 | Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks. Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos |
| 2019 | Exploiting Unintended Feature Leakage in Collaborative Learning. Luca Melis, Congzheng Song, Emiliano De Cristofaro, Vitaly Shmatikov |
| 2019 | F-BLEAU: Fast Black-Box Leakage Estimation. Giovanni Cherubin, Konstantinos Chatzikokolakis, Catuscia Palamidessi |
| 2019 | Fidelius: Protecting User Secrets from Compromised Browsers. Saba Eskandarian, Jonathan Cogan, Sawyer Birnbaum, Peh Chang Wei Brandon, Dillon Franke, Forest Fraser, Gaspar Garcia Jr., Eric Gong, Hung T. Nguyen, Taresh K. Sethi, Vishal Subbiah, Michael Backes, Giancarlo Pellegrino, Dan Boneh |
| 2019 | Formally Verified Cryptographic Web Applications in WebAssembly. Jonathan Protzenko, Benjamin Beurdouche, Denis Merigoux, Karthikeyan Bhargavan |
| 2019 | Full-Speed Fuzzing: Reducing Fuzzing Overhead through Coverage-Guided Tracing. Stefan Nagy, Matthew Hicks |
| 2019 | Fuzzing File Systems via Two-Dimensional Input Space Exploration. Wen Xu, Hyungon Moon, Sanidhya Kashyap, Po-Ning Tseng, Taesoo Kim |
| 2019 | HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows. Sadegh Momeni Milajerdi, Rigel Gjomemo, Birhanu Eshete, R. Sekar, V. N. Venkatakrishnan |
| 2019 | Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized Microphone. Andrew Kwong, Wenyuan Xu, Kevin Fu |
| 2019 | Helen: Maliciously Secure Coopetitive Learning for Linear Models. Wenting Zheng, Raluca Ada Popa, Joseph E. Gonzalez, Ion Stoica |
| 2019 | How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples. Elissa M. Redmiles, Sean Kross, Michelle L. Mazurek |
| 2019 | Iodine: Fast Dynamic Taint Tracking Using Rollback-free Optimistic Hybrid Analysis. Subarno Banerjee, David Devecsery, Peter M. Chen, Satish Narayanasamy |
| 2019 | KHyperLogLog: Estimating Reidentifiability and Joinability of Large Data at Scale. Pern Hui Chia, Damien Desfontaines, Irippuge Milinda Perera, Daniel Simmons-Marengo, Chao Li, Wei-Yen Day, Qiushi Wang, Miguel Guevara |
| 2019 | Kiss from a Rogue: Evaluating Detectability of Pay-at-the-Pump Card Skimmers. Nolen Scaife, Jasmine D. Bowers, Christian Peeters, Grant Hernandez, Imani N. Sherman, Patrick Traynor, Lisa Anthony |
| 2019 | LBM: A Security Framework for Peripherals within the Linux Kernel. Dave Jing Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Peter C. Johnson, Kevin R. B. Butler |
| 2019 | Lay Down the Common Metrics: Evaluating Proof-of-Work Consensus Protocols' Security. Ren Zhang, Bart Preneel |
| 2019 | Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks. Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, Kenneth G. Paterson |
| 2019 | Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions. Matthew Joslin, Neng Li, Shuang Hao, Minhui Xue, Haojin Zhu |
| 2019 | NEUZZ: Efficient Fuzzing with Neural Program Smoothing. Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, Suman Jana |
| 2019 | Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. Bolun Wang, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath, Haitao Zheng, Ben Y. Zhao |
| 2019 | New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning. Ivan Damgård, Daniel Escudero, Tore Kasper Frederiksen, Marcel Keller, Peter Scholl, Nikolaj Volgushev |
| 2019 | On the Feasibility of Rerouting-Based DDoS Defenses. Muoi Tran, Min Suk Kang, Hsu-Chun Hsiao, Wei-Hsuan Chiang, Shu-Po Tung, Yu-Su Wang |
| 2019 | On the Security of Two-Round Multi-Signatures. Manu Drijvers, Kasra Edalatnejad, Bryan Ford, Eike Kiltz, Julian Loss, Gregory Neven, Igors Stepanovs |
| 2019 | Ouroboros Crypsinous: Privacy-Preserving Proof-of-Stake. Thomas Kerber, Aggelos Kiayias, Markulf Kohlweiss, Vassilis Zikas |
| 2019 | Perun: Virtual Payment Hubs over Cryptocurrencies. Stefan Dziembowski, Lisa Eckey, Sebastian Faust, Daniel Malinowski |
| 2019 | PhishFarm: A Scalable Framework for Measuring the Effectiveness of Evasion Techniques against Browser Phishing Blacklists. Adam Oest, Yeganeh Safaei, Adam Doupé, Gail-Joon Ahn, Brad Wardman, Kevin Tyers |
| 2019 | Port Contention for Fun and Profit. Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García, Nicola Tuveri |
| 2019 | Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. Stefano Calzavara, Riccardo Focardi, Matús Nemec, Alvise Rabitti, Marco Squarcina |
| 2019 | PrivKV: Key-Value Data Collection with Local Differential Privacy. Qingqing Ye, Haibo Hu, Xiaofeng Meng, Huadi Zheng |
| 2019 | ProFuzzer: On-the-fly Input Type Probing for Better Zero-Day Vulnerability Discovery. Wei You, Xueqiang Wang, Shiqing Ma, Jianjun Huang, Xiangyu Zhang, Xiaofeng Wang, Bin Liang |
| 2019 | Proof-of-Stake Sidechains. Peter Gazi, Aggelos Kiayias, Dionysis Zindros |
| 2019 | RIDL: Rogue In-Flight Data Load. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida |
| 2019 | Razzer: Finding Kernel Race Bugs through Fuzzing. Dae R. Jeong, Kyungtae Kim, Basavesh Shivakumar, Byoungyoung Lee, Insik Shin |
| 2019 | Reasoning Analytically about Password-Cracking Software. Enze Liu, Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur |
| 2019 | Redactable Blockchain in the Permissionless Setting. Dominic Deuber, Bernardo Magri, Sri Aravinda Krishnan Thyagarajan |
| 2019 | Resident Evil: Understanding Residential IP Proxy as a Dark Service. Xianghang Mi, Xuan Feng, Xiaojing Liao, Baojun Liu, Xiaofeng Wang, Feng Qian, Zhou Li, Sumayah A. Alrwais, Limin Sun, Ying Liu |
| 2019 | Security of GPS/INS Based On-road Location Tracking Systems. Sashank Narain, Aanjhan Ranganathan, Guevara Noubir |
| 2019 | Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives. Carlo Meijer, Bernard van Gastel |
| 2019 | SensorID: Sensor Calibration Fingerprinting for Smartphones. Jiexin Zhang, Alastair R. Beresford, Ian Sheret |
| 2019 | Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy. Duc Cuong Nguyen, Erik Derr, Michael Backes, Sven Bugiel |
| 2019 | Simple High-Level Code for Cryptographic Arithmetic - With Proofs, Without Compromises. Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, Adam Chlipala |
| 2019 | SoK: General Purpose Compilers for Secure Multi-Party Computation. Marcella Hastings, Brett Hemenway, Daniel Noble, Steve Zdancewic |
| 2019 | SoK: Sanitizing for Security. Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz |
| 2019 | SoK: Security Evaluation of Home-Based IoT Deployments. Omar Alrawi, Chaz Lever, Manos Antonakakis, Fabian Monrose |
| 2019 | SoK: Shining Light on Shadow Stacks. Nathan Burow, Xinping Zhang, Mathias Payer |
| 2019 | SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security. Sanjeev Das, Jan Werner, Manos Antonakakis, Michalis Polychronakis, Fabian Monrose |
| 2019 | Spectre Attacks: Exploiting Speculative Execution. Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom |
| 2019 | Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion. Kan Yuan, Di Tang, Xiaojing Liao, Xiaofeng Wang, Xuan Feng, Yi Chen, Menghan Sun, Haoran Lu, Kehuan Zhang |
| 2019 | Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels. Daniel Genkin, Mihir Pattani, Roei Schuster, Eran Tromer |
| 2019 | Tap 'n Ghost: A Compilation of Novel Attack Techniques against Smartphone Touchscreens. Seita Maruyama, Satohiro Wakabayashi, Tatsuya Mori |
| 2019 | The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations. Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong, Yuval Yarom |
| 2019 | The Code That Never Ran: Modeling Attacks on Speculative Evaluation. Craig Disselkoen, Radha Jagadeesan, Alan Jeffrey, James Riely |
| 2019 | Theory and Practice of Finding Eviction Sets. Pepe Vila, Boris Köpf, José F. Morales |
| 2019 | Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat |
| 2019 | Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane. Hongil Kim, Jiho Lee, Eunkyu Lee, Yongdae Kim |
| 2019 | Towards Automated Safety Vetting of PLC Code in Real-World Plants. Mu Zhang, Chien-Ying Chen, Bin-Chou Kao, Yassine Qamsane, Yuru Shao, Yikai Lin, Elaine Shi, Sibin Mohan, Kira Barton, James R. Moyne, Z. Morley Mao |
| 2019 | Towards Practical Differentially Private Convex Optimization. Roger Iyengar, Joseph P. Near, Dawn Song, Om Thakkar, Abhradeep Thakurta, Lun Wang |
| 2019 | True2F: Backdoor-Resistant Authentication Tokens. Emma Dauterman, Henry Corrigan-Gibbs, David Mazières, Dan Boneh, Dominic Rizzo |
| 2019 | Understanding the Security of ARM Debugging Features. Zhenyu Ning, Fengwei Zhang |
| 2019 | Using Safety Properties to Generate Vulnerability Patches. Zhen Huang, David Lie, Gang Tan, Trent Jaeger |
| 2019 | Why Does Your Data Leak? Uncovering the Data Leakage in Cloud from Mobile Apps. Chaoshun Zuo, Zhiqiang Lin, Yinqian Zhang |
| 2019 | XCLAIM: Trustless, Interoperable, Cryptocurrency-Backed Assets. Alexei Zamyatin, Dominik Harz, Joshua Lind, Panayiotis Panayiotou, Arthur Gervais, William J. Knottenbelt |