USENIX Security Symposium A*

248 papers

YearTitle / Authors
2021"It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn.
Leona Lassak, Annika Hildebrandt, Maximilian Golla, Blase Ur
2021"It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices Online.
Allison McDonald, Catherine Barwulor, Michelle L. Mazurek, Florian Schaub, Elissa M. Redmiles
2021"It's the Company, the Government, You and I": User Perceptions of Responsibility for Smart Home Privacy and Security.
Julie M. Haney, Yasemin Acar, Susanne Furman
2021"Now I'm a bit angry: " Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them.
Peter Mayer, Yixin Zou, Florian Schaub, Adam J. Aviv
2021"Shhh...be quiet!" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome.
Igor Bilogrevic, Balazs Engedy, Judson L. Porter III, Nina Taft, Kamila Hasanbega, Andrew Paseltiner, Hwi Kyoung Lee, Edward Jung, Meggyn Watkins, P. J. McLachlan, Jason James
2021"Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaigns.
Sunny Consolvo, Patrick Gage Kelley, Tara Matthews, Kurt Thomas, Lee Dunn, Elie Bursztein
2021'Passwords Keep Me Safe' - Understanding What Children Think about Passwords.
Mary Theofanos, Yee-Yin Choong, Olivia Murphy
202130th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021
Michael D. Bailey, Rachel Greenstadt
2021A Highly Accurate Query-Recovery Attack against Searchable Encryption using Non-Indexed Documents.
Marc Damie, Florian Hahn, Andreas Peter
2021A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions.
Weicheng Cao, Chunqiu Xia, Sai Teja Peddinti, David Lie, Nina Taft, Lisa M. Austin
2021A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises.
Nicolas Huaman, Bennet von Skarczinski, Christian Stransky, Dominik Wermke, Yasemin Acar, Arne Dreißigacker, Sascha Fahl
2021A Side Journey To Titan.
Thomas Roche, Victor Lomné, Camille Mutschler, Laurent Imbert
2021A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks.
Nitya Lakshmanan, Nishant Budhdev, Min Suk Kang, Mun Choon Chan, Jun Han
2021A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on Android.
Jie Huang, Michael Backes, Sven Bugiel
2021ABY2.0: Improved Mixed-Protocol Secure Two-Party Computation.
Arpita Patra, Thomas Schneider, Ajith Suresh, Hossein Yalame
2021ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication.
Marcus Brinkmann, Christian Dresen, Robert Merget, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Jörg Schwenk, Sebastian Schinzel
2021APICraft: Fuzz Driver Generation for Closed-source SDK Libraries.
Cen Zhang, Xingwei Lin, Yuekang Li, Yinxing Xue, Jundong Xie, Hongxu Chen, Xinlei Ying, Jiashui Wang, Yang Liu
2021ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems.
Carter Yagemann, Matthew Pruett, Simon P. Chung, Kennon Bittick, Brendan Saltaformaggio, Wenke Lee
2021ATLAS: A Sequence-based Learning Approach for Attack Investigation.
Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Z. Berkay Celik, Xiangyu Zhang, Dongyan Xu
2021Abusing Hidden Properties to Attack the Node.js Ecosystem.
Feng Xiao, Jianwei Huang, Yichang Xiong, Guangliang Yang, Hong Hu, Guofei Gu, Wenke Lee
2021Accurately Measuring Global Risk of Amplification Attacks using AmpMap.
Soo-Jin Moon, Yucheng Yin, Rahul Anand Sharma, Yifei Yuan, Jonathan M. Spring, Vyas Sekar
2021Acoustics to the Rescue: Physical Key Inference Attack Revisited.
Soundarya Ramesh, Rui Xiao, Anindya Maiti, Jong Taek Lee, Harini Ramprasad, Ananda Kumar, Murtuza Jadliwala, Jun Han
2021AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party Ads.
Hyunjoo Lee, Jiyeon Lee, Daejun Kim, Suman Jana, Insik Shin, Sooel Son
2021Adapting Security Warnings to Counter Online Disinformation.
Ben Kaiser, Jerry Wei, Eli Lucherini, Kevin Lee, J. Nathan Matias, Jonathan R. Mayer
2021Adversarial Policy Training against Deep Reinforcement Learning.
Xian Wu, Wenbo Guo, Hua Wei, Xinyu Xing
2021An Analysis of Speculative Type Confusion Vulnerabilities in the Wild.
Ofek Kirzner, Adam Morrison
2021An Investigation of the Android Kernel Patch Ecosystem.
Zheng Zhang, Hang Zhang, Zhiyun Qian, Billy Lau
2021Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing.
Yousra Aafer, Wei You, Yi Sun, Yu Shi, Xiangyu Zhang, Heng Yin
2021Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity.
Florian M. Farke, David G. Balash, Maximilian Golla, Markus Dürmuth, Adam J. Aviv
2021Assessing Browser-level Defense against IDN-based Phishing.
Hang Hu, Steve T. K. Jan, Yang Wang, Gang Wang
2021Automated Discovery of Denial-of-Service Vulnerabilities in Connected Vehicle Protocols.
Shengtuo Hu, Qi Alfred Chen, Jiachen Sun, Yiheng Feng, Z. Morley Mao, Henry X. Liu
2021Automatic Extraction of Secrets from the Transistor Jungle using Laser-Assisted Side-Channel Attacks.
Thilo Krachenfels, Tuba Kiyan, Shahin Tajik, Jean-Pierre Seifert
2021Automatic Firmware Emulation through Invalidity-guided Knowledge Inference.
Wei Zhou, Le Guan, Peng Liu, Yuqing Zhang
2021Automatic Policy Generation for Inter-Service Access Control of Microservices.
Xing Li, Yan Chen, Zhiqiang Lin, Xiao Wang, Jim Hao Chen
2021Balboa: Bobbing and Weaving around Network Censorship.
Marc B. Rosen, James Parker, Alex J. Malozemoff
2021Blind Backdoors in Deep Learning Models.
Eugene Bagdasaryan, Vitaly Shmatikov
2021Blind In/On-Path Attacks and Applications to VPNs.
William J. Tolley, Beau Kujath, Mohammad Taha Khan, Narseo Vallina-Rodriguez, Jedidiah R. Crandall
2021Blinder: Partition-Oblivious Hierarchical Scheduling.
Man-Ki Yoon, Mengqi Liu, Hao Chen, Jung-Eun Kim, Zhong Shao
2021Blitz: Secure Multi-Hop Payments Without Two-Phase Commits.
Lukas Aumayr, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei
2021Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing.
Stefan Nagy, Anh Nguyen-Tuong, Jason D. Hiser, Jack W. Davidson, Matthew Hicks
2021CACTI: Captcha Avoidance via Client-side TEE Integration.
Yoshimichi Nakatsuka, Ercan Ozturk, Andrew Paverd, Gene Tsudik
2021CADE: Detecting and Explaining Concept Drift Samples for Security Applications.
Limin Yang, Wenbo Guo, Qingying Hao, Arridhana Ciptadi, Ali Ahmadzadeh, Xinyu Xing, Gang Wang
2021CANARY - a reactive defense mechanism for Controller Area Networks based on Active RelaYs.
Bogdan Groza, Lucian Popa, Pal-Stefan Murvay, Yuval Elovici, Asaf Shabtai
2021CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel.
Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, Yueqiang Cheng
2021CLARION: Sound and Clear Provenance Tracking for Microservice Deployments.
Xutong Chen, Hassaan Irshad, Yan Chen, Ashish Gehani, Vinod Yegneswaran
2021CSProp: Ciphertext and Signature Propagation Low-Overhead Public-Key Cryptosystem for IoT Environments.
Fatemah Alharbi, Arwa Alrawais, Abdulrahman Bin Rabiah, Silas Richelson, Nael B. Abu-Ghazaleh
2021CURE: A Security Architecture with CUstomizable and Resilient Enclaves.
Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, Emmanuel Stapf
2021Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web.
Marco Squarcina, Mauro Tempesta, Lorenzo Veronese, Stefano Calzavara, Matteo Maffei
2021Can Systems Explain Permissions Better? Understanding Users' Misperceptions under Smartphone Runtime Permission Model.
Bingyu Shen, Lili Wei, Chengcheng Xiang, Yudong Wu, Mingyao Shen, Yuanyuan Zhou, Xinxin Jin
2021Capture: Centralized Library Management for Heterogeneous IoT Devices.
Han Zhang, Abhijith Anilkumar, Matt Fredrikson, Yuvraj Agarwal
2021Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions.
David A. Basin, Ralf Sasse, Jorge Toro-Pozo
2021Catching Phishers By Their Bait: Investigating the Dutch Phishing Landscape through Phishing Kit Detection.
Hugo L. J. Bijmans, Tim M. Booij, Anneke Schwedersky, Aria Nedgabat, Rolf van Wegberg
2021Causal Analysis for Software-Defined Networking Attacks.
Benjamin E. Ujcich, Samuel Jero, Richard Skowyra, Adam Bates, William H. Sanders, Hamed Okhravi
2021Cerebro: A Platform for Multi-Party Cryptographic Collaborative Learning.
Wenting Zheng, Ryan Deng, Weikeng Chen, Raluca Ada Popa, Aurojit Panda, Ion Stoica
2021Charger-Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage.
Patrick Cronin, Xing Gao, Chengmo Yang, Haining Wang
2021Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs.
Barbara Gigerl, Vedad Hadzic, Robert Primas, Stefan Mangard, Roderick Bloem
2021Collective Information Security in Large-Scale Urban Protests: the Case of Hong Kong.
Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, Lenka Mareková
2021Communication-Computation Trade-offs in PIR.
Asra Ali, Tancrède Lepoint, Sarvar Patel, Mariana Raykova, Phillipp Schoppmann, Karn Seth, Kevin Yeo
2021Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs.
Ravindu De Silva, Mohamed Nabeel, Charith Elvitigala, Issa Khalil, Ting Yu, Chamath Keppitiyagama
2021Constraint-guided Directed Greybox Fuzzing.
Gwangmu Lee, Woochul Shim, Byoungyoung Lee
2021Cost-Aware Robust Tree Ensembles for Security Applications.
Yizheng Chen, Shiqi Wang, Weifan Jiang, Asaf Cidon, Suman Jana
2021Cross-VM and Cross-Processor Covert Channels Exploiting Processor Idle Power Management.
Paizhuo Chen, Lei Li, Zhice Yang
2021DEFInit: An Analysis of Exposed Android Init Routines.
Yuede Ji, Mohamed Elsabagh, Ryan Johnson, Angelos Stavrou
2021DICE*: A Formally Verified Implementation of DICE Measured Boot.
Zhe Tao, Aseem Rastogi, Naman Gupta, Kapil Vaswani, Aditya V. Thakur
2021DOLMA: Securing Speculation with the Principle of Transient Non-Observability.
Kevin Loughlin, Ian Neal, Jiacheng Ma, Elisa Tsai, Ofir Weisse, Satish Narayanasamy, Baris Kasikci
2021DRMI: A Dataset Reduction Technology based on Mutual Information for Black-box Attacks.
Yingzhe He, Guozhu Meng, Kai Chen, Xingbo Hu, Jinwen He
2021Data Poisoning Attacks to Local Differential Privacy Protocols.
Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong
2021Database Reconstruction from Noisy Volumes: A Cache Side-Channel Attack on SQLite.
Aria Shahverdi, Mahammad Shirinov, Dana Dachman-Soled
2021Deep Entity Classification: Abusive Account Detection for Online Social Networks.
Teng Xu, Gerard Goossen, Huseyin Kerem Cevahir, Sara Khodeir, Yingyezhe Jin, Frank Li, Shawn Shan, Sagar Patel, David Freeman, Paul Pearce
2021Deep-Dup: An Adversarial Weight Duplication Attack Framework to Crush Deep Neural Network in Multi-Tenant FPGA.
Adnan Siraj Rakin, Yukui Luo, Xiaolin Xu, Deliang Fan
2021DeepReflect: Discovering Malicious Functionality through Binary Reconstruction.
Evan Downing, Yisroel Mirsky, Kyuhong Park, Wenke Lee
2021Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations.
Milad Nasr, Alireza Bahramali, Amir Houmansadr
2021Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection.
Di Tang, Xiaofeng Wang, Haixu Tang, Kehuan Zhang
2021Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking.
Xin Tan, Yuan Zhang, Xiyu Yang, Kangjie Lu, Min Yang
2021Dirty Road Can Attack: Security of Deep Learning based Automated Lane Centering under Physical-World Attack.
Takami Sato, Junjie Shen, Ningfei Wang, Yunhan Jia, Xue Lin, Qi Alfred Chen
2021Disrupting Continuity of Apple's Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi.
Milan Stute, Alexander Heinrich, Jannik Lorenz, Matthias Hollick
2021Does logic locking work with EDA tools?
Zhaokun Han, Muhammad Yasin, Jeyavijayan (JV) Rajendran
2021Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications.
Mingkui Wei
2021Dompteur: Taming Audio Adversarial Examples.
Thorsten Eisenhofer, Lea Schönherr, Joel Frank, Lars Speckemeier, Dorothea Kolossa, Thorsten Holz
2021Double-Cross Attacks: Subverting Active Learning Systems.
Jose Rodrigo Sanchez Vicarte, Gang Wang, Christopher W. Fletcher
2021Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns.
Maximilian Golla, Grant Ho, Marika Lohmus, Monica Pulluri, Elissa M. Redmiles
2021Dynamic proofs of retrievability with low server storage.
Gaspard Anthoine, Jean-Guillaume Dumas, Mélanie de Jonghe, Aude Maignan, Clément Pernet, Michael Hanling, Daniel S. Roche
2021ELISE: A Storage Efficient Logging System Powered by Redundancy Reduction and Representation Learning.
Hailun Ding, Shenao Yan, Juan Zhai, Shiqing Ma
2021EOSAFE: Security Analysis of EOSIO Smart Contracts.
Ningyu He, Ruiyi Zhang, Haoyu Wang, Lei Wu, Xiapu Luo, Yao Guo, Ting Yu, Xuxian Jiang
2021EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts.
Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi
2021Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication.
Cheng Guo, Brianne Campbell, Apu Kapadia, Michael K. Reiter, Kelly Caine
2021Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support.
Max Maass, Alina Stöver, Henning Pridöhl, Sebastian Bretthauer, Dominik Herrmann, Matthias Hollick, Indra Spiecker
2021Entangled Watermarks as a Defense against Model Extraction.
Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
2021Evaluating In-Workflow Messages for Improving Mental Models of End-to-End Encryption.
Omer Akgul, Wei Bai, Shruti Das, Michelle L. Mazurek
2021Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications.
Liya Su, Xinyue Shen, Xiangyu Du, Xiaojing Liao, Xiaofeng Wang, Luyi Xing, Baoxu Liu
2021Examining the Efficacy of Decoy-based and Psychological Cyber Deception.
Kimberly Ferguson-Walter, Maxine Major, Chelsea K. Johnson, Daniel H. Muhleman
2021ExpRace: Exploiting Kernel Races through Raising Interrupts.
Yoochan Lee, Changwoo Min, Byoungyoung Lee
2021Experiences Deploying Multi-Vantage-Point Domain Validation at Let's Encrypt.
Henry Birge-Lee, Liang Wang, Daniel McCarney, Roland Shoemaker, Jennifer Rexford, Prateek Mittal
2021Explanation Beats Context: The Effect of Timing & Rationales on Users' Runtime Permission Decisions.
Yusra Elbitar, Michael Schilling, Trung Tin Nguyen, Michael Backes, Sven Bugiel
2021Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers.
Giorgio Severi, Jim Meyer, Scott E. Coull, Alina Oprea
2021Exposing New Vulnerabilities of Error Handling Mechanism in CAN.
Khaled Serag, Rohit Bhatia, Vireshwar Kumar, Z. Berkay Celik, Dongyan Xu
2021Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy.
Saba Eskandarian, Henry Corrigan-Gibbs, Matei Zaharia, Dan Boneh
2021Extracting Training Data from Large Language Models.
Nicholas Carlini, Florian Tramèr, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam Roberts, Tom B. Brown, Dawn Song, Úlfar Erlingsson, Alina Oprea, Colin Raffel
2021Fantastic Four: Honest-Majority Four-Party Secure Computation With Malicious Security.
Anders P. K. Dalskov, Daniel Escudero, Marcel Keller
2021Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code.
Mansour Ahmadi, Reza Mirzazade Farkhani, Ryan Williams, Long Lu
2021Fine Grained Dataflow Tracking with Proximal Gradients.
Gabriel Ryan, Abhishek Shah, Dongdong She, Koustubha Bhat, Suman Jana
2021Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets.
Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, Nick Nikiforakis
2021FlowDist: Multi-Staged Refinement-Based Dynamic Information Flow Analysis for Distributed Software Systems.
Xiaoqin Fu, Haipeng Cai
2021Forecasting Malware Capabilities From Cyber Attack Memory Images.
Omar Alrawi, Moses Ike, Matthew Pruett, Ranjita Pai Kasturi, Srimanta Barua, Taleb Hirani, Brennan Hill, Brendan Saltaformaggio
2021Formally Verified Memory Protection for a Commodity Multiprocessor Hypervisor.
Shih-Wei Li, Xupeng Li, Ronghui Gu, Jason Nieh, John Zhuang Hui
2021Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation.
Mathy Vanhoef
2021Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend.
Ivan Puddu, Moritz Schneider, Miro Haller, Srdjan Capkun
2021Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain.
Christof Ferreira Torres, Ramiro Camino, Radu State
2021Fuzzy Labeled Private Set Intersection with Applications to Private Real-Time Biometric Search.
Erkam Uzun, Simon P. Chung, Vladimir Kolesnikov, Alexandra Boldyreva, Wenke Lee
2021GForce: GPU-Friendly Oblivious and Rapid Neural Network Inference.
Lucien K. L. Ng, Sherman S. M. Chow
2021Graph Backdoor.
Zhaohan Xi, Ren Pang, Shouling Ji, Ting Wang
2021HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes.
Chenglong Fu, Qiang Zeng, Xiaojiang Du
2021Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service.
Zhibo Sun, Adam Oest, Penghui Zhang, Carlos E. Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
2021Helping Users Automatically Find and Manage Sensitive, Expendable Files in Cloud Storage.
Mohammad Taha Khan, Christopher Tran, Shubham Singh, Dimitri Vasilkov, Chris Kanich, Blase Ur, Elena Zheleva
2021Hermes Attack: Steal DNN Models with Lossless Inference Accuracy.
Yuankun Zhu, Yueqiang Cheng, Husheng Zhou, Yantao Lu
2021Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption.
Simon Oya, Florian Kerschbaum
2021Hopper: Modeling and Detecting Lateral Movement.
Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David A. Wagner
2021How Great is the Great Firewall? Measuring China's DNS Censorship.
Nguyen Phong Hoang, Arian Akhavan Niaki, Jakub Dalek, Jeffrey Knockel, Pellaeon Lin, Bill Marczak, Masashi Crete-Nishihata, Phillipa Gill, Michalis Polychronakis
2021How to Make Private Distributed Cardinality Estimation Practical, and Get Differential Privacy for Free.
Changhui Hu, Jin Li, Zheli Liu, Xiaojie Guo, Yu Wei, Xuan Guang, Grigorios Loukides, Changyu Dong
2021I Always Feel Like Somebody's Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless Sensors.
Akash Deep Singh, Luis Garcia, Joseph Noor, Mani B. Srivastava
2021ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications.
Dimitrios Tychalas, Hadjer Benkraouda, Michail Maniatakos
2021Identifying Harmful Media in End-to-End Encrypted Communication: Efficient Private Membership Computation.
Anunay Kulshrestha, Jonathan R. Mayer
2021Incrementally Updateable Honey Password Vaults.
Haibo Cheng, Wenting Li, Ping Wang, Chao-Hsien Chu, Kaitai Liang
2021Inexpensive Brainwave Authentication: New Techniques and Insights on User Acceptance.
Patricia Arias Cabarcos, Thilo Habrich, Karen Becker, Christian Becker, Thorsten Strufe
2021Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS.
Philipp Jeitner, Haya Schulmann
2021Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols.
Enis Ulqinaku, Hala Assal, AbdelRahman Abdou, Sonia Chiasson, Srdjan Capkun
2021JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals.
Soheil Khodayari, Giancarlo Pellegrino
2021Jaqen: A High-Performance Switch-Native Approach for Detecting and Mitigating Volumetric DDoS Attacks with Programmable Switches.
Zaoxing Liu, Hun Namkung, Georgios Nikolaidis, Jeongkeun Lee, Changhoon Kim, Xin Jin, Vladimir Braverman, Minlan Yu, Vyas Sekar
2021Jetset: Targeted Firmware Rehosting for Embedded Systems.
Evan Johnson, Maxwell Bland, Yifei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, Kirill Levchenko
2021Kalεido: Real-Time Privacy Control for Eye-Tracking Systems.
Jingjie Li, Amrita Roy Chowdhury, Kassem Fawaz, Younghyun Kim
2021KeyForge: Non-Attributable Email from Forward-Forgeable Signatures.
Michael A. Specter, Sunoo Park, Matthew Green
2021LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks.
Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi
2021LZR: Identifying Unexpected Internet Services.
Liz Izhikevich, Renata Teixeira, Zakir Durumeric
2021Leakage of Dataset Properties in Multi-Party Machine Learning.
Wanrong Zhang, Shruti Tople, Olga Ohrimenko
2021Locally Differentially Private Analysis of Graph Statistics.
Jacob Imola, Takao Murakami, Kamalika Chaudhuri
2021Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical.
Riccardo Paccagnella, Licheng Luo, Christopher W. Fletcher
2021M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles.
Arslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, Dave (Jing) Tian
2021MAZE: Towards Automated Heap Feng Shui.
Yan Wang, Chao Zhang, Zixuan Zhao, Bolun Zhang, Xiaorui Gong, Wei Zou
2021MBA-Blast: Unveiling and Simplifying Mixed Boolean-Arithmetic Obfuscation.
Binbin Liu, Junfu Shen, Jiang Ming, Qilong Zheng, Jing Li, Dongpeng Xu
2021MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design.
Gururaj Saileshwar, Moinuddin K. Qureshi
2021MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols.
Qinying Wang, Shouling Ji, Yuan Tian, Xuhong Zhang, Binbin Zhao, Yuhong Kan, Zhaowei Lin, Changting Lin, Shuiguang Deng, Alex X. Liu, Raheem Beyah
2021Messy States of Wiring: Vulnerabilities in Emerging Personal Payment Systems.
Jiadong Lou, Xu Yuan, Ning Zhang
2021Mind Your Weight(s): A Large-scale Study on Insufficient Machine Learning Model Protection in Mobile Apps.
Zhichuang Sun, Ruimin Sun, Long Lu, Alan Mislove
2021Minerva- An Efficient Risk-Limiting Ballot Polling Audit.
Filip Zagórski, Grant McClearn, Sarah Morin, Neal McBurnett, Poorvi L. Vora
2021Muse: Secure Inference Resilient to Malicious Clients.
Ryan Lehmkuhl, Pratyush Mishra, Akshayaram Srinivasan, Raluca Ada Popa
2021Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine Learning.
Chenkai Weng, Kang Yang, Xiang Xie, Jonathan Katz, Xiao Wang
2021Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types.
Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, Thorsten Holz
2021Obfuscation-Resilient Executable Payload Extraction From Packed Malware.
Binlin Cheng, Jiang Ming, Erika A. Leal, Haotian Zhang, Jianming Fu, Guojun Peng, Jean-Yves Marion
2021ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State.
Jeongseok Son, Griffin Prechter, Rishabh Poddar, Raluca Ada Popa, Koushik Sen
2021On the Design and Misuse of Microcoded (Embedded) Processors - A Cautionary Note.
Nils Albartus, Clemens Nasenberg, Florian Stolz, Marc Fyrbiak, Christof Paar, Russell Tessier
2021On the Routing-Aware Peering against Network-Eclipse Attacks in Bitcoin.
Muoi Tran, Akshaye Shenoi, Min Suk Kang
2021On the Usability of Authenticity Checks for Hardware Security Tokens.
Katharina Pfeffer, Alexandra Mai, Adrian Dabrowski, Matthias Gusenbauer, Philipp Schindler, Edgar R. Weippl, Michael Franz, Katharina Krombholz
2021Once is Never Enough: Foundations for Sound Statistical Inference in Tor Network Experimentation.
Rob Jansen, Justin Tracey, Ian Goldberg
2021Osiris: Automated Discovery of Microarchitectural Side Channels.
Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, Christian Rossow
2021PACStack: an Authenticated Call Stack.
Hans Liljestrand, Thomas Nyman, Lachlan J. Gunn, Jan-Erik Ekberg, N. Asokan
2021PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications.
Taegyu Kim, Vireshwar Kumar, Junghwan Rhee, Jizhou Chen, Kyungtae Kim, Chung Hwan Kim, Dongyan Xu, Dave (Jing) Tian
2021PEARL: Plausibly Deniable Flash Translation Layer using WOM coding.
Chen Chen, Anrin Chakraborti, Radu Sion
2021PTAuth: Temporal Memory Safety via Robust Points-to Authentication.
Reza Mirzazade Farkhani, Mansour Ahmadi, Long Lu
2021Partitioning Oracle Attacks.
Julia Len, Paul Grubbs, Thomas Ristenpart
2021PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking.
Chong Xiang, Arjun Nitin Bhagoji, Vikash Sehwag, Prateek Mittal
2021PhishPrint: Evading Phishing Detection Crawlers by Prior Profiling.
Bhupendra Acharya, Phani Vadrevu
2021Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages.
Yun Lin, Ruofan Liu, Dinil Mon Divakaran, Jun Yang Ng, Qing Zhou Chan, Yiwen Lu, Yuxuan Si, Fan Zhang, Jin Song Dong
2021Poisoning the Unlabeled Dataset of Semi-Supervised Learning.
Nicholas Carlini
2021PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems.
Yu Tsung Lee, William Enck, Haining Chen, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Daimeng Wang, Giuseppe Petracca, Trent Jaeger
2021Poseidon: A New Hash Function for Zero-Knowledge Proof Systems.
Lorenzo Grassi, Dmitry Khovratovich, Christian Rechberger, Arnab Roy, Markus Schofnegger
2021Precise and Scalable Detection of Use-after-Compacting-Garbage-Collection Bugs.
HyungSeok Han, Andrew Wesie, Brian Pak
2021Pretty Good Phone Privacy.
Paul Schmitt, Barath Raghavan
2021Preventing Use-After-Free Attacks with Fast Forward Allocation.
Brian Wickman, Hong Hu, Insu Yun, DaeHee Jang, Jungwon Lim, Sanidhya Kashyap, Taesoo Kim
2021PriSEC: A Privacy Settings Enforcement Controller.
Rishabh Khandelwal, Thomas Linden, Hamza Harkous, Kassem Fawaz
2021Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses.
Anatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren, Yuval Yarom
2021PrivSyn: Differentially Private Data Synthesis.
Zhikun Zhang, Tianhao Wang, Ninghui Li, Jean Honorio, Michael Backes, Shibo He, Jiming Chen, Yang Zhang
2021Privacy and Integrity Preserving Computations with CRISP.
Sylvain Chatel, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, Jean-Pierre Hubaux
2021Privacy-Preserving and Standard-Compatible AKA Protocol for 5G.
Yuchen Wang, Zhenfeng Zhang, Yongquan Xie
2021Private Blocklist Lookups with Checklist.
Dmitry Kogan, Henry Corrigan-Gibbs
2021PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop.
Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, Christian Weinert
2021Protecting Cryptography Against Compelled Self-Incrimination.
Sarah Scheffler, Mayank Varia
2021Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E).
Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, Jörg Schwenk
2021Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks.
Hany Ragab, Enrico Barberis, Herbert Bos, Cristiano Giuffrida
2021ReDMArk: Bypassing RDMA Security Mechanisms.
Benjamin Rothenberger, Konstantin Taranov, Adrian Perrig, Torsten Hoefler
2021ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection.
Yeting Li, Zixuan Chen, Jialun Cao, Zhiwu Xu, Qiancheng Peng, Haiming Chen, Liyuan Chen, Shing-Chi Cheung
2021Reducing Bias in Modeling Real-world Password Strength via Deep Learning and Dynamic Dictionaries.
Dario Pasquini, Marco Cianfriglia, Giuseppe Ateniese, Massimo Bernaschi
2021Reducing HSM Reliance in Payments through Proxy Re-Encryption.
Sivanarayana Gaddam, Atul Luykx, Rohit Sinha, Gaven J. Watson
2021Reducing Test Cases with Attention Mechanism of Neural Networks.
Xing Zhang, Jiongyi Chen, Chao Feng, Ruilin Li, Yunfei Su, Bin Zhang, Jing Lei, Chaojing Tang
2021Research on the Security of Visual Reasoning CAPTCHA.
Yipeng Gao, Haichang Gao, Sainan Luo, Yang Zi, Shudong Zhang, Wenjie Mao, Ping Wang, Yulong Shen, Jeff Yan
2021Ripple: A Programmable, Decentralized Link-Flooding Defense Against Adaptive Adversaries.
Jiarong Xing, Wenqing Wu, Ang Chen
2021Risky Business? Investigating the Security Practices of Vendors on an Online Anonymous Market using Ground-Truth Data.
Jochem van de Laarschot, Rolf van Wegberg
2021Rollercoaster: An Efficient Group-Multicast Scheme for Mix Networks.
Daniel Hugenroth, Martin Kleppmann, Alastair R. Beresford
2021SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly Compression.
Peng Fei, Zhou Li, Zhiying Wang, Xiao Yu, Ding Li, Kangkook Jee
2021SEApp: Bringing Mandatory Access Control to Android Apps.
Matthew Rossi, Dario Facchinetti, Enrico Bacis, Marco Rosa, Stefano Paraboschi
2021SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening.
Muhammad Abubakar, Adil Ahmad, Pedro Fonseca, Dongyan Xu
2021SIGL: Securing Software Installations Through Deep Graph Learning.
Xueyuan Han, Xiao Yu, Thomas F. J.-M. Pasquier, Ding Li, Junghwan Rhee, James W. Mickens, Margo I. Seltzer, Haifeng Chen
2021SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial Perturbations.
Giulio Lovisotto, Henry Turner, Ivo Sluganovic, Martin Strohmeier, Ivan Martinovic
2021SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript.
Finn de Ridder, Pietro Frigo, Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, Kaveh Razavi
2021SWIFT: Super-fast and Robust Privacy-Preserving Machine Learning.
Nishat Koti, Mahak Pancholi, Arpita Patra, Ajith Suresh
2021SandTrap: Securing JavaScript-driven Trigger-Action Platforms.
Mohammad M. Ahmadpanah, Daniel Hedin, Musard Balliu, Lars Eric Olsson, Andrei Sabelfeld
2021Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists.
Alexander Bulekov, Rasoul Jahanshahi, Manuel Egele
2021Scalable Detection of Promotional Website Defacements in Black Hat SEO Campaigns.
Ronghai Yang, Xianbo Wang, Cheng Chi, Dawei Wang, Jiawei He, Siming Pang, Wing Cheong Lau
2021Searching Encrypted Data with Size-Locked Indexes.
Min Xu, Armin Namavari, David Cash, Thomas Ristenpart
2021Security Analysis of the Democracy Live Online Voting System.
Michael A. Specter, J. Alex Halderman
2021Security Obstacles and Motivations for Small Businesses from a CISO's Perspective.
Flynn Wolf, Adam J. Aviv, Ravi Kuber
2021SelectiveTaint: Efficient Data Flow Tracking With Static Binary Rewriting.
Sanchuan Chen, Zhiqiang Lin, Yinqian Zhang
2021Senate: A Maliciously-Secure MPC Platform for Collaborative Analytics.
Rishabh Poddar, Sukrit Kalra, Avishay Yanai, Ryan Deng, Raluca Ada Popa, Joseph M. Hellerstein
2021Share First, Ask Later (or Never?) Studying Violations of GDPR's Explicit Consent in Android Apps.
Trung Tin Nguyen, Michael Backes, Ninja Marnau, Ben Stock
2021Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems.
Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, Zhi Xue
2021SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted Traffic via Siamese Heterogeneous Graph Attention Network.
Tianyu Cui, Gaopeng Gou, Gang Xiong, Zhen Li, Mingxin Cui, Chang Liu
2021SmarTest: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution.
Sunbeom So, Seongjoon Hong, Hakjoo Oh
2021Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited.
Daniel Perez, Benjamin Livshits
2021SocialHEISTing: Understanding Stolen Facebook Accounts.
Jeremiah Onaolapo, Nektarios Leontiadis, Despoina Magka, Gianluca Stringhini
2021Stars Can Tell: A Robust Method to Defend against GPS Spoofing Attacks using Off-the-shelf Chipset.
Shinan Liu, Xiang Cheng, Hanchao Yang, Yuanchao Shu, Xiaoran Weng, Ping Guo, Kexiong Curtis Zeng, Gang Wang, Yaling Yang
2021Static Detection of Unsafe DMA Accesses in Device Drivers.
Jia-Ju Bai, Tuo Li, Kangjie Lu, Shi-Min Hu
2021Stealing Links from Graph Neural Networks.
Xinlei He, Jinyuan Jia, Michael Backes, Neil Zhenqiang Gong, Yang Zhang
2021Strategies and Perceived Risks of Sending Sensitive Documents.
Noel Warford, Collins W. Munyendo, Ashna Mediratta, Adam J. Aviv, Michelle L. Mazurek
2021Susan Landau, Tufts University.
Susan Landau
2021Swiped: Analyzing Ground-truth Data of a Marketplace for Stolen Debit and Credit Cards.
Maxwell Aliapoulios, Cameron Ballard, Rasika Bhalerao, Tobias Lauinger, Damon McCoy
2021Swivel: Hardening WebAssembly against Spectre.
Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean M. Tullsen, Deian Stefan
2021Systematic Evaluation of Privacy Risks of Machine Learning Models.
Liwei Song, Prateek Mittal
2021SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning.
Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, Nael B. Abu-Ghazaleh
2021T-Miner: A Generative Approach to Defend Against Trojan Attacks on DNN-based Text Classification.
Ahmadreza Azizi, Ibrahim Asadullah Tahmid, Asim Waheed, Neal Mangaokar, Jiameng Pu, Mobin Javed, Chandan K. Reddy, Bimal Viswanath
2021The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle.
Omar Alrawi, Charles Lever, Kevin Valakuzhy, Ryan Court, Kevin Z. Snow, Fabian Monrose, Manos Antonakakis
2021The Complexities of Healing in Secure Group Messaging: Why Cross-Group Effects Matter.
Cas Cremers, Britta Hale, Konrad Kohbrok
2021The Hijackers Guide To The Galaxy: Off-Path Taking Over Internet Resources.
Tianxiang Dai, Philipp Jeitner, Haya Schulmann, Michael Waidner
2021The Role of Computer Security Customer Support in Helping Survivors of Intimate Partner Violence.
Yixin Zou, Allison McDonald, Julia Narakornpichit, Nicola Dell, Thomas Ristenpart, Kevin A. Roundy, Florian Schaub, Acar Tamersoy
2021The Use of Likely Invariants as Feedback for Fuzzers.
Andrea Fioraldi, Daniele Cono D'Elia, Davide Balzarotti
2021Token-Level Fuzzing.
Christopher Salls, Chani Jindal, Jake Corina, Christopher Kruegel, Giovanni Vigna
2021Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations.
Pengfei Jing, Qiyi Tang, Yuefeng Du, Lei Xue, Xiapu Luo, Ting Wang, Sen Nie, Shi Wu
2021Towards Formal Verification of State Continuity for Enclave Programs.
Mohit Kumar Jangid, Guoxing Chen, Yinqian Zhang, Zhiqiang Lin
2021U Can't Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild.
Marius Musch, Martin Johns
2021UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers.
Yuwei Li, Shouling Ji, Yuan Chen, Sizhuang Liang, Wei-Han Lee, Yueyao Chen, Chenyang Lyu, Chunming Wu, Raheem Beyah, Peng Cheng, Kangjie Lu, Ting Wang
2021Understanding Malicious Cross-library Data Harvesting on Android.
Jice Wang, Yue Xiao, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, Jinwei Dong, Nicolás Serrano, Haoran Lu, Xiaofeng Wang, Yuqing Zhang
2021Understanding and Detecting Disordered Error Handling with Precise Function Pairing.
Qiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, Kangjie Lu
2021Undo Workarounds for Kernel Bugs.
Seyed Mohammadjavad Seyed Talebi, Zhihao Yao, Ardalan Amiri Sani, Zhiyun Qian, Daniel Austin
2021Using Amnesia to Detect Credential Database Breaches.
Ke Coby Wang, Michael K. Reiter
2021V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities.
Seunghoon Woo, Dongwook Lee, Sunghan Park, Heejo Lee, Sven Dietrich
2021VScape: Assessing and Escaping Virtual Call Protections.
Kaixiang Chen, Chao Zhang, Tingting Yin, Xingman Chen, Lei Zhao
2021Virtual Secure Platform: A Five-Stage Pipeline Processor over TFHE.
Kotaro Matsuoka, Ryotaro Banno, Naoki Matsumoto, Takashi Sato, Song Bian
2021VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface.
Zitai Chen, Georgios Vasilakis, Kit Murdock, Edward Dean, David F. Oswald, Flavio D. Garcia
2021WaveGuard: Understanding and Mitigating Audio Adversarial Examples.
Shehzeen Hussain, Paarth Neekhara, Shlomo Dubnov, Julian J. McAuley, Farinaz Koushanfar
2021Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks.
Kaiwen Shen, Chuhan Wang, Minglei Guo, Xiaofeng Zheng, Chaoyi Lu, Baojun Liu, Yuxuan Zhao, Shuang Hao, Haixin Duan, Qingfeng Pan, Min Yang
2021Weaponizing Middleboxes for TCP Reflected Amplification.
Kevin Bock, Abdulrahman Alaraj, Yair Fax, Kyle Hurley, Eric Wustrow, Dave Levin
2021What's in a Name? Exploring CA Certificate Control.
Zane Ma, Joshua Mason, Manos Antonakakis, Zakir Durumeric, Michael D. Bailey
2021When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World.
Erin Avllazagaj, Ziyun Zhu, Leyla Bilge, Davide Balzarotti, Tudor Dumitras
2021Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code.
Carlo Meijer, Veelasha Moonsamy, Jos Wetzels
2021Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications.
Marten Oltrogge, Nicolas Huaman, Sabrina Amft, Yasemin Acar, Michael Backes, Sascha Fahl
2021Why Older Adults (Don't) Use Password Managers.
Hirak Ray, Flynn Wolf, Ravi Kuber, Adam J. Aviv
2021Why TLS is better without STARTTLS: A Security Analysis of STARTTLS in the Email Context.
Damian Poddebniak, Fabian Ising, Hanno Böck, Sebastian Schinzel
2021YARIX: Scalable YARA-based Malware Intelligence.
Michael Brengel, Christian Rossow
2021You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion.
Roei Schuster, Congzheng Song, Eran Tromer, Vitaly Shmatikov
2021mID: Tracing Screen Photos via Moiré Patterns.
Yushi Cheng, Xiaoyu Ji, Lixu Wang, Qi Pang, Yi-Chao Chen, Wenyuan Xu