Table of Contents

• Evaluating Susceptibility of VPN Implementations to DoS Attacks Using Adversarial TestingFabio Streun, Joel Wanner, Adrian Perrig. [doi]
• SpiralSpy: Exploring a Stealthy and Practical Covert Channel to Attack Air-gapped Computing Devices via mmWave SensingZhengxiong Li, Baicheng Chen, Xingyu Chen, Huining Li, Chenhan Xu, Feng Lin 0004, Chris Xiaoxuan Lu, Kui Ren 0001, Wenyao Xu. [doi]
• V-Range: Enabling Secure Ranging in 5G Wireless NetworksMridula Singh, Marc Roeschlin, Aanjhan Ranganathan, Srdjan Capkun. [doi]
• HARPO: Learning to Subvert Online Behavioral AdvertisingJiang Zhang, Konstantinos Psounis, Muhammad Haroon, Zubair Shafiq. [doi]
• EqualNet: A Secure and Practical Defense for Long-term Network Topology ObfuscationJinwoo Kim, Eduard Marin, Mauro Conti, Seungwon Shin. [doi]
• FANDEMIC: Firmware Attack Construction and Deployment on Power Management Integrated Circuit and Impacts on IoT ApplicationsRyan Tsang, Doreen Joseph, Qiushi Wu, Soheil Salehi, Nadir Carreon, Prasant Mohapatra, Houman Homayoun. [doi]
• Titanium: A Metadata-Hiding File-Sharing System with Malicious SecurityWeikeng Chen, Thang Hoang, Jorge Guajardo, Attila A. Yavuz. [doi]
• EMS: History-Driven Mutation for Coverage-based FuzzingChenyang Lyu, Shouling Ji, Xuhong Zhang 0005, Hong Liang, Binbin Zhao, Kangjie Lu, Raheem Beyah. [doi]
• Fighting Fake News in Encrypted Messaging with the Fuzzy Anonymous Complaint Tally System (FACTS)Linsheng Liu, Daniel S. Roche, Austin Theriault, Arkady Yerukhimovich. [doi]
• Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web ApplicationsFeras Al Kassar, Giulia Clerici, Luca Compagna, Davide Balzarotti, Fabian Yamaguchi. [doi]
• Remote Memory-Deduplication AttacksMartin Schwarzl, Erik Kraft, Moritz Lipp, Daniel Gruss. [doi]
• Speeding Dumbo: Pushing Asynchronous BFT Closer to PracticeBingyong Guo, Yuan Lu 0001, Zhenliang Lu, Qiang Tang 0005, Jing Xu 0002, Zhenfeng Zhang. [doi]
• COOPER: Testing the Binding Code of Scripting Languages with Cooperative MutationPeng Xu, Yanhao Wang, Hong Hu 0004, Purui Su. [doi]
• F-PKI: Enabling Innovation and Trust Flexibility in the HTTPS Public-Key InfrastructureLaurent Chuat, Cyrill Krähenbühl, Prateek Mittal, Adrian Perrig. [doi]
• Context-Sensitive and Directional Concurrency Fuzzing for Data-Race DetectionZu-Ming Jiang, Jia-Ju Bai, Kangjie Lu, Shi-Min Hu 0001. [doi]
• Packet-Level Open-World App Fingerprinting on Wireless TrafficJianfeng Li, Shuohan Wu, Hao Zhou, Xiapu Luo, Ting Wang 0006, Yangyang Liu, Xiaobo Ma. [doi]
• The Truth Shall Set Thee Free: Enabling Practical Forensic Capabilities in Smart EnvironmentsLeonardo Babun, Amit Kumar Sikder, Abbas Acar, A. Selcuk Uluagac. [doi]
• Shaduf: Non-Cycle Payment Channel RebalancingZhonghui Ge, Yi Zhang, Yu Long 0001, Dawu Gu. [doi]
• Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat SystemsMingming Zha, Jice Wang, Yuhong Nan, Xiaofeng Wang 0006, Yuqing Zhang 0001, Zelin Yang. [doi]
• ScriptChecker: To Tame Third-party Script Execution With Task CapabilitiesWu Luo, Xuhua Ding, Pengfei Wu, Xiaolei Zhang, Qingni Shen, Zhonghai Wu. [doi]
• Interpretable Federated Transformer Log Learning for Cloud Threat ForensicsGonzalo De La Torre Parra, Luis Selvera, Joseph Khoury, Hector Irizarry, Elias Bou-Harb, Paul Rad. [doi]
• Multi-Certificate Attacks against Proof-of-Elapsed-Time and Their CountermeasuresHuibo Wang, Guoxing Chen, Yinqian Zhang, Zhiqiang Lin. [doi]
• Building Embedded Systems Like It's 1996Ruotong Yu, Francesca Del Nin, Yuchen Zhang, Shan Huang, Pallavi Kaliyar, Sarah Zakto, Mauro Conti, Georgios Portokalidis, Jun Xu 0024. [doi]
• What You See is Not What the Network Infers: Detecting Adversarial Examples Based on Semantic ContradictionYijun Yang, Ruiyuan Gao 0001, Yu Li 0007, Qiuxia Lai, Qiang Xu 0001. [doi]
• Binary Search in Secure ComputationMarina Blanton, Chen Yuan 0002. [doi]
• Clarion: Anonymous Communication from Multiparty Shuffling ProtocolsSaba Eskandarian, Dan Boneh. [doi]
• PHYjacking: Physical Input Hijacking for Zero-Permission Authorization Attacks on AndroidXianbo Wang, Shangcheng Shi, Yikang Chen, Wing Cheong Lau. [doi]
• Uncovering Cross-Context Inconsistent Access Control Enforcement in AndroidHao Zhou, Haoyu Wang 0001, Xiapu Luo, Ting Chen 0002, Yajin Zhou, Ting Wang 0006. [doi]
• PoF: Proof-of-Following for Vehicle PlatoonsZiqi Xu, Jingcheng Li, Yanjun Pan, Loukas Lazos, Ming Li, Nirnimesh Ghose. [doi]
• Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux KernelBrian Johannesmeyer, Jakob Koschel, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. [doi]
• Tetrad: Actively Secure 4PC for Secure Training and InferenceNishat Koti, Arpita Patra, Rahul Rachuri, Ajith Suresh. [doi]
• VPNInspector: Systematic Investigation of the VPN EcosystemReethika Ramesh, Leonid Evdokimov, Diwen Xue, Roya Ensafi. [doi]
• HeadStart: Efficiently Verifiable and Low-Latency Participatory Randomness Generation at ScaleHsun Lee, Yuming Hsu, Jing-Jie Wang, Hao-Cheng Yang, Yu-Heng Chen, Yih-Chun Hu, Hsu-Chun Hsiao. [doi]
• RamBoAttack: A Robust and Query Efficient Deep Neural Network Decision ExploitViet Quoc Vo, Ehsan Abbasnejad, Damith C. Ranasinghe. [doi]
• Euler: Detecting Network Lateral Movement via Scalable Temporal Graph Link PredictionIsaiah J. King, H. Howie Huang. [doi]
• MIRROR: Model Inversion for Deep LearningNetwork with High FidelityGuanhong Tao, Qiuling Xu, Yingqi Liu, Guangyu Shen, Shengwei An, Jingwei Xu 0001, Xiangyu Zhang 0001, Yuan Yao 0001. [doi]
• Forensic Analysis of Configuration-based AttacksMuhammad Adil Inam, Wajih Ul Hassan, Ali Ahad, Adam Bates 0001, Rashid Tahir, Tianyin Xu, Fareed Zaffar. [doi]
• On Utility and Privacy in Synthetic Genomic DataBristena Oprisanu, Georgi Ganev, Emiliano De Cristofaro. [doi]
• DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model InspectionPhillip Rieger, Thien Duc Nguyen, Markus Miettinen, Ahmad-Reza Sadeghi. [doi]
• Preventing Kernel Hacks with HAKCsDerrick Paul McKee, Yianni Giannaris, Carolina Ortega, Howard E. Shrobe, Mathias Payer, Hamed Okhravi, Nathan Burow. [doi]
• GhostTalk: Interactive Attack on Smartphone Voice System Through Power LineYuanda Wang, Hanqing Guo, Qiben Yan. [doi]
• Chosen-Instruction Attack Against Commercial Code Virtualization ObfuscatorsShijia Li, Chunfu Jia, Pengda Qiu, Qiyuan Chen, Jiang Ming 0002, Debin Gao. [doi]
• ProvTalk: Towards Interpretable Multi-level Provenance Analysis in Networking Functions Virtualization (NFV)Azadeh Tabiban, Heyang Zhao, Yosr Jarraya, Makan Pourzandi, Mengyuan Zhang 0001, Lingyu Wang 0001. [doi]
• RVPLAYER: Robotic Vehicle Forensics by Replay with What-if ReasoningHongjun Choi, Zhiyuan Cheng 0010, Xiangyu Zhang 0001. [doi]
• Transparency Dictionaries with Succinct Proofs of Correct OperationIoanna Tzialla, Abhiram Kothapalli, Bryan Parno, Srinath Setty. [doi]
• Progressive Scrutiny: Incremental Detection of UBI bugs in the Linux KernelYizhuo Zhai, Yu Hao 0006, Zheng Zhang, Weiteng Chen, Guoren Li, Zhiyun Qian, Chengyu Song, Manu Sridharan, Srikanth V. Krishnamurthy, Trent Jaeger, Paul L. Yu. [doi]
• Hiding My Real Self! Protecting Intellectual Property in Additive Manufacturing Systems Against Optical Side-Channel AttacksSizhuang Liang, Saman A. Zonouz, Raheem Beyah. [doi]
• PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCPXuewei Feng, Qi Li 0002, Kun Sun 0001, Ke Xu 0002, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, Zhiyun Qian. [doi]
• The Taming of the Stack: Isolating Stack Data from Memory ErrorsKaiming Huang, Yongzhe Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger. [doi]
• FirmWire: Transparent Dynamic Analysis for Cellular Baseband FirmwareGrant Hernandez, Marius Muench, Dominik Maier, Alyssa Milburn, Shinjo Park, Tobias Scharnowski, Tyler Tucker, Patrick Traynor, Kevin R. B. Butler. [doi]
• SemperFi: Anti-spoofing GPS Receiver for UAVsHarshad Sathaye, Gerald LaMountain, Pau Closas, Aanjhan Ranganathan. [doi]
• NC-Max: Breaking the Security-Performance Tradeoff in Nakamoto ConsensusRen Zhang 0003, Dingwei Zhang, Quake Wang, Shichen Wu, Jan Xie, Bart Preneel. [doi]
• Let's Authenticate: Automated Certificates for User AuthenticationJames Conners, Corey Devenport, Stephen Derbidge, Natalie Farnsworth, Kyler Gates, Stephen Lambert, Christopher McClain, Parker Nichols, Daniel Zappala. [doi]
• Demystifying Local Business Search Poisoning for Illicit Drug PromotionPeng Wang 0088, Zilong Lin, Xiaojing Liao, Xiaofeng Wang 0001. [doi]
• Property Inference Attacks Against GANsJunhao Zhou, Yufei Chen 0001, Chao Shen 0001, Yang Zhang 0016. [doi]
• Repttack: Exploiting Cloud Schedulers to Guide Co-Location AttacksChongzhou Fang, Han Wang, Najmeh Nazari, Behnam Omidi, Avesta Sasan, Khaled N. Khasawneh, Setareh Rafatirad, Houman Homayoun. [doi]
• Local and Central Differential Privacy for Robustness and Privacy in Federated LearningMohammad Naseri, Jamie Hayes, Emiliano De Cristofaro. [doi]
• An In-depth Analysis of Duplicated Linux Kernel Bug ReportsDongliang Mu, Yuhang Wu, Yueqi Chen, Zhenpeng Lin, Chensheng Yu, Xinyu Xing, Gang Wang 0011. [doi]
• Above and Beyond: Organizational Efforts to Complement U.S. Digital Security Compliance MandatesRock Stevens, Faris Bugra Kokulu, Adam Doupé, Michelle L. Mazurek. [doi]
• FedCRI: Federated Mobile Cyber-Risk IntelligenceHossein Fereidooni, Alexandra Dmitrienko, Phillip Rieger, Markus Miettinen, Ahmad-Reza Sadeghi, Felix Madlener. [doi]
• SynthCT: Towards Portable Constant-Time CodeSushant Dinesh, Grant Garrett-Grossman, Christopher W. Fletcher. [doi]
• The Droid is in the Details: Environment-aware Evasion of Android SandboxesBrian Kondracki, Babak Amin Azad, Najmeh Miramirkhani, Nick Nikiforakis. [doi]
• Subverting Stateful Firewalls with Protocol StatesAmit Klein 0001. [doi]
• FakeGuard: Exploring Haptic Response to Mitigate the Vulnerability in Commercial Fingerprint Anti-SpoofingAditya Singh Rathore, Yijie Shen, Chenhan Xu, Jacob Snyderman, Jinsong Han, Fan Zhang 0010, Zhengxiong Li, Feng Lin 0004, Wenyao Xu, Kui Ren 0001. [doi]
• Fooling the Eyes of Autonomous Vehicles: Robust Physical Adversarial Examples Against Traffic Sign Recognition SystemsWei Jia, Zhaojun Lu, Haichun Zhang, Zhenglin Liu, Jie Wang 0058, Gang Qu 0001. [doi]
• LogicMEM: Automatic Profile Generation for Binary-Only Memory Forensics via Logic InferenceZhenxiao Qi, Yu Qu, Heng Yin 0001. [doi]
• Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world WebsitesZifeng Kang, Song Li 0006, Yinzhi Cao. [doi]
• Privacy in Urban Sensing with Instrumented Fleets, Using Air Pollution Monitoring As A UsecaseIsmi Abidi, Ishan Nangia, Paarijaat Aditya, Rijurekha Sen. [doi]
• ATTEQ-NN: Attention-based QoE-aware Evasive Backdoor AttacksXueluan Gong, Yanjiao Chen, Jianshuo Dong, Qian Wang 0002. [doi]
• Too Afraid to Drive: Systematic Discovery of Semantic DoS Vulnerability in Autonomous Driving Planning under Physical-World AttacksZiwen Wan, Junjie Shen 0001, Jalen Chuang, Xin Xia, Joshua Garcia, Jiaqi Ma, Qi Alfred Chen. [doi]
• Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the EmulatorsWenjia Zhao, Kangjie Lu, Qiushi Wu, Yong Qi. [doi]
• DRAWN APART: A Device Identification Technique based on Remote GPU FingerprintingTomer Laor, Naif Mehanna, Antonin Durey, Vitaly Dyadyuk, Pierre Laperdrix, Clémentine Maurice, Yossi Oren, Romain Rouvoy, Walter Rudametkin, Yuval Yarom. [doi]
• CFInsight: A Comprehensive Metric for CFI PoliciesTommaso Frassetto, Patrick Jauernig, David Koisser, Ahmad-Reza Sadeghi. [doi]
• ditto: WAN Traffic Obfuscation at Line RateRoland Meier, Vincent Lenders, Laurent Vanbever. [doi]
• A Lightweight IoT Cryptojacking Detection Mechanism in Heterogeneous Smart Home NetworksEge Tekiner, Abbas Acar, A. Selcuk Uluagac. [doi]
• ROV-MI: Large-Scale, Accurate and Efficient Measurement of ROV DeploymentWenqi Chen, Zhiliang Wang, Dongqi Han, Chenxin Duan, Xia Yin, Jiahai Yang 0001, Xingang Shi. [doi]
• Get a Model! Model Hijacking Attack Against Machine Learning ModelsAhmed Salem 0001, Michael Backes 0001, Yang Zhang 0016. [doi]
• hbACSS: How to Robustly Share Many SecretsThomas Yurek, Licheng Luo, Jaiden Fairoze, Aniket Kate, Andrew K. Miller. [doi]
• Hybrid Trust Multi-party Computation with Trusted Execution EnvironmentPengfei Wu, Jianting Ning, Jiamin Shen, Hongbing Wang, Ee-Chien Chang. [doi]
• MobFuzz: Adaptive Multi-objective Optimization in Gray-box FuzzingGen Zhang, Pengfei Wang, Tai Yue, Xiangdong Kong, Shan Huang, Xu Zhou, Kai Lu. [doi]
• Cross-Language AttacksSamuel Mergendahl, Nathan Burow, Hamed Okhravi. [doi]
• D-Box: DMA-enabled Compartmentalization for Embedded ApplicationsAlejandro Mera, Yi-Hui Chen, Ruimin Sun, Engin Kirda, Long Lu. [doi]
• Chunked-Cache: On-Demand and Scalable Cache Isolation for Security ArchitecturesGhada Dessouky, Emmanuel Stapf, Pouya Mahmoody, Alexander Gruler, Ahmad-Reza Sadeghi. [doi]