| 2018 | 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018. William Enck, Adrienne Porter Felt |
| 2018 | A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping. Seunghun Han, Wook Shin, Jun-Hyeok Park, Hyoung-Chun Kim |
| 2018 | A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning. James C. Davis, Eric R. Williamson, Dongyoon Lee |
| 2018 | A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation. Rakshith Shetty, Bernt Schiele, Mario Fritz |
| 2018 | ACES: Automatic Compartments for Embedded Systems. Abraham A. Clements, Naif Saleh Almakhdhub, Saurabh Bagchi, Mathias Payer |
| 2018 | ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem. Dave (Jing) Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Christie Ruales, Patrick Traynor, Hayawardh Vijayakumar, Lee Harrison, Amir Rahmati, Michael Grace, Kevin R. B. Butler |
| 2018 | Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices. Xuan Feng, Qiang Li, Haining Wang, Limin Sun |
| 2018 | All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems. Kexiong Curtis Zeng, Shinan Liu, Yuanchao Shu, Dong Wang, Haoyu Li, Yanzhi Dou, Gang Wang, Yaling Yang |
| 2018 | An Empirical Analysis of Anonymity in Zcash. George Kappos, Haaroon Yousaf, Mary Maller, Sarah Meiklejohn |
| 2018 | An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications. Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang, Xiaofeng Wang, Long Lu, Hai-Xin Duan |
| 2018 | Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide? Wajih Ul Hassan, Saad Hussain, Adam Bates |
| 2018 | Arbitrum: Scalable, private smart contracts. Harry A. Kalodner, Steven Goldfeder, Xiaoqi Chen, S. Matthew Weinberg, Edward W. Felten |
| 2018 | AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning. Jinyuan Jia, Neil Zhenqiang Gong |
| 2018 | Automatic Heap Layout Manipulation for Exploitation. Sean Heelan, Tom Melham, Daniel Kroening |
| 2018 | Bamboozling Certificate Authorities with BGP. Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, Prateek Mittal |
| 2018 | Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, Sven Bugiel |
| 2018 | BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid. Saleh Soltan, Prateek Mittal, H. Vincent Poor |
| 2018 | BurnBox: Self-Revocable Encryption in a World Of Compelled Access. Nirvan Tyagi, Muhammad Haris Mughees, Thomas Ristenpart, Ian Miers |
| 2018 | Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems. Seyed Mohammadjavad Seyed Talebi, Hamid Tavakoli, Hang Zhang, Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian |
| 2018 | CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition. Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen, Shengzhi Zhang, Heqing Huang, Xiaofeng Wang, Carl A. Gunter |
| 2018 | DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries. Samuel Weiser, Andreas Zankl, Raphael Spreitzer, Katja Miller, Stefan Mangard, Georg Sigl |
| 2018 | DIZK: A Distributed Zero Knowledge Proof System. Howard Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, Ion Stoica |
| 2018 | Debloating Software through Piece-Wise Compilation and Loading. Anh Quach, Aravind Prakash, Lok-Kwong Yan |
| 2018 | DelegaTEE: Brokered Delegation Using Trusted Execution Environments. Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun |
| 2018 | Dependence-Preserving Data Compaction for Scalable Forensic Analysis. Md Nahid Hossain, Junao Wang, R. Sekar, Scott D. Stoller |
| 2018 | Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation. Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk |
| 2018 | Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk |
| 2018 | Effective Detection of Multimedia Protocol Tunneling using Machine Learning. Diogo Barradas, Nuno Santos, Luís E. T. Rodrigues |
| 2018 | Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking. Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, Wenke Lee |
| 2018 | End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks. Shuai Hao, Yubao Zhang, Haining Wang, Angelos Stavrou |
| 2018 | End-to-End Measurements of Email Spoofing Attacks. Hang Hu, Gang Wang |
| 2018 | Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts. Lorenz Breidenbach, Philip Daian, Florian Tramèr, Ari Juels |
| 2018 | Erays: Reverse Engineering Ethereum's Opaque Smart Contracts. Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, Michael D. Bailey |
| 2018 | FANCI : Feature-based Automated NXDomain Classification and Intelligence. Samuel Schüppen, Dominik Teubert, Patrick Herrmann, Ulrike Meyer |
| 2018 | FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Xiaorui Gong, Wei Zou |
| 2018 | Fast and Service-preserving Recovery from Malware Infections Using CRIU. Ashton Webster, Ryan Eckenrod, James Purtilo |
| 2018 | Fear the Reaper: Characterization and Fast Detection of Card Skimmers. Nolen Scaife, Christian Peeters, Patrick Traynor |
| 2018 | FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps. Xiang Pan, Yinzhi Cao, Xuechao Du, Boyuan He, Gan Fang, Rui Shao, Yan Chen |
| 2018 | Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, Raoul Strackx |
| 2018 | Forgetting of Passwords: Ecological Theory and Data. Xianyi Gao, Yulong Yang, Can Liu, Christos Mitropoulos, Janne Lindqvist, Antti Oulasvirta |
| 2018 | Formal Security Analysis of Neural Networks using Symbolic Intervals. Shiqi Wang, Kexin Pei, Justin Whitehouse, Junfeng Yang, Suman Jana |
| 2018 | Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies. Antoine Vastel, Pierre Laperdrix, Walter Rudametkin, Romain Rouvoy |
| 2018 | Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers. Cristian-Alexandru Staicu, Michael Pradel |
| 2018 | From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild. Chaowei Xiao, Armin Sarabi, Yang Liu, Bo Li, Mingyan Liu, Tudor Dumitras |
| 2018 | GAZELLE: A Low Latency Framework for Secure Neural Network Inference. Chiraag Juvekar, Vinod Vaikuntanathan, Anantha P. Chandrakasan |
| 2018 | Guarder: A Tunable Secure Allocator. Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, Tongping Liu |
| 2018 | HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security. Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna |
| 2018 | How Do Tor Users Interact With Onion Services? Philipp Winter, Anne Edmundson, Laura M. Roberts, Agnieszka Dutkowska-Zuk, Marshini Chetty, Nick Feamster |
| 2018 | IMIX: In-Process Memory Isolation EXtension. Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, Ahmad-Reza Sadeghi |
| 2018 | Inception: System-Wide Security Testing of Real-World Embedded Systems Software. Nassim Corteggiani, Giovanni Camurati, Aurélien Francillon |
| 2018 | Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors. Yazhou Tu, Zhiqiang Lin, Insup Lee, Xiali Hei |
| 2018 | Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think. Stephan van Schaik, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi |
| 2018 | Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer. Thanh Bui, Siddharth Prakash Rao, Markku Antikainen, Viswanathan Manihatty Bojan, Tuomas Aura |
| 2018 | Meltdown: Reading Kernel Memory from User Space. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg |
| 2018 | Modelling and Analysis of a Hierarchy of Distance Bounding Attacks. Tom Chothia, Joeri de Ruiter, Ben Smyth |
| 2018 | MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation. Shankara Pailoor, Andrew Aday, Suman Jana |
| 2018 | NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications. Abeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, V. N. Venkatakrishnan |
| 2018 | NetHide: Secure and Practical Network Topology Obfuscation. Roland Meier, Petar Tsankov, Vincent Lenders, Laurent Vanbever, Martin T. Vechev |
| 2018 | O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web. Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, Jason Polakis |
| 2018 | Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets. Weiteng Chen, Zhiyun Qian |
| 2018 | One&Done: A Single-Decryption EM-Based Attack on OpenSSL's Constant-Time Blinded RSA. Monjur Alam, Haider Adnan Khan, Moumita Dey, Nishith Sinha, Robert Locke Callan, Alenka G. Zajic, Milos Prvulovic |
| 2018 | Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets. Rolf van Wegberg, Samaneh Tajalizadehkhoob, Kyle Soska, Ugur Akyazi, Carlos Hernandez Gañán, Bram Klievink, Nicolas Christin, Michel van Eeten |
| 2018 | Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin, Karl Aberer |
| 2018 | Practical Accountability of Secret Processes. Jonathan Frankle, Sunoo Park, Daniel Shaar, Shafi Goldwasser, Daniel J. Weitzner |
| 2018 | Precise and Accurate Patch Presence Test for Binaries. Hang Zhang, Zhiyun Qian |
| 2018 | QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, Taesoo Kim |
| 2018 | Quack: Scalable Remote Measurement of Application-Layer Censorship. Benjamin VanderSloot, Allison McDonald, Will Scott, J. Alex Halderman, Roya Ensafi |
| 2018 | Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks. Wei Meng, Chenxiong Qian, Shuang Hao, Kevin Borgolte, Giovanni Vigna, Christopher Kruegel, Wenke Lee |
| 2018 | Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces. Kan Yuan, Haoran Lu, Xiaojing Liao, Xiaofeng Wang |
| 2018 | Rethinking Access Control and Authentication for the Home Internet of Things (IoT). Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur |
| 2018 | Return Of Bleichenbacher's Oracle Threat (ROBOT). Hanno Böck, Juraj Somorovsky, Craig Young |
| 2018 | SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics. Jonathan P. Chapman |
| 2018 | SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection. Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, Prateek Mittal |
| 2018 | Schrödinger's RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem. Mohammad Rezaeirad, Brown Farinholt, Hitesh Dharmdasani, Paul Pearce, Kirill Levchenko, Damon McCoy |
| 2018 | Security Namespace: Making Linux Security Frameworks Available to Containers. Yuqiong Sun, David Safford, Mimi Zohar, Dimitrios Pendarakis, Zhongshu Gu, Trent Jaeger |
| 2018 | Sensitive Information Tracking in Commodity IoT. Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick D. McDaniel, A. Selcuk Uluagac |
| 2018 | Shielding Software From Privileged Side-Channel Attacks. Xiaowan Dong, Zhuojia Shen, John Criswell, Alan L. Cox, Sandhya Dwarkadas |
| 2018 | Simple Password-Hardened Encryption Services. Russell W. F. Lai, Christoph Egger, Manuel Reinert, Sherman S. M. Chow, Matteo Maffei, Dominique Schröder |
| 2018 | Skill Squatting Attacks on Amazon Alexa. Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael D. Bailey |
| 2018 | Tackling runtime-based obfuscation in Android with TIRO. Michelle Y. Wong, David Lie |
| 2018 | The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level. Rock Stevens, Daniel Votipka, Elissa M. Redmiles, Colin Ahern, Patrick Sweeney, Michelle L. Mazurek |
| 2018 | The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI. Doowon Kim, Bum Jun Kwon, Kristián Kozák, Christopher Gates, Tudor Dumitras |
| 2018 | The Dangers of Key Reuse: Practical Attacks on IPsec IKE. Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek |
| 2018 | The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX. Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, Ahmad-Reza Sadeghi |
| 2018 | The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to Strength. Ingolf Becker, Simon Parkin, M. Angela Sasse |
| 2018 | The Second Crypto War - What's Different Now. Susan Landau |
| 2018 | The Secure Socket API: TLS as an Operating System Service. Mark O'Neill, Scott Heidbrink, Jordan Whitehead, Tanner Perdue, Luke Dickinson, Torstein Collett, Nick Bonner, Kent E. Seamons, Daniel Zappala |
| 2018 | The aftermath of a crypto-ransomware attack at a large academic institution. Leah Zhang-Kennedy, Hala Assal, Jessica N. Rocheleau, Reham Mohamed, Khadija Baig, Sonia Chiasson |
| 2018 | Towards Predicting Efficient and Anonymous Tor Circuits. Armon Barton, Matthew Wright, Jiang Ming, Mohsen Imani |
| 2018 | Towards a Secure Zero-rating Framework with Three Parties. Zhiheng Liu, Zhen Zhang, Yinzhi Cao, Zhaohan Xi, Shihao Jing, Humberto J. La Roche |
| 2018 | Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. Ben Gras, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida |
| 2018 | Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring. Yossi Adi, Carsten Baum, Moustapha Cissé, Benny Pinkas, Joseph Keshet |
| 2018 | Understanding the Reproducibility of Crowd-reported Security Vulnerabilities. Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, Gang Wang |
| 2018 | Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes. José González Cabañas, Ángel Cuevas, Rubén Cuevas |
| 2018 | Vetting Single Sign-On SDK Implementations via Symbolic Reasoning. Ronghai Yang, Wing Cheong Lau, Jiongyi Chen, Kehuan Zhang |
| 2018 | WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. Stefano Calzavara, Riccardo Focardi, Matteo Maffei, Clara Schneidewind, Marco Squarcina, Mauro Tempesta |
| 2018 | We Still Don't Have Secure Cross-Domain Requests: an Empirical Study of CORS. Jianjun Chen, Jian Jiang, Hai-Xin Duan, Tao Wan, Shuo Chen, Vern Paxson, Min Yang |
| 2018 | When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks. Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daumé III, Tudor Dumitras |
| 2018 | Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path. Baojun Liu, Chaoyi Lu, Hai-Xin Duan, Ying Liu, Zhou Li, Shuang Hao, Min Yang |
| 2018 | Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies. Gertjan Franken, Tom van Goethem, Wouter Joosen |
| 2018 | With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning. Bolun Wang, Yuanshun Yao, Bimal Viswanath, Haitao Zheng, Ben Y. Zhao |
| 2018 | teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts. Johannes Krupp, Christian Rossow |