32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24-28, 2025

researchr

You are not signed in
Sign in
Sign up

32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24-28, 2025. The Internet Society, 2025. [doi]

Conference: ndss2025

Abstract is missing.

DiStefano: Decentralized Infrastructure for Sharing Trusted Encrypted Facts and Nothing MoreSofía Celi, Alex Davidson, Hamed Haddadi, Gonçalo Pestana, Joe Rowell. [doi]

IsolateGPT: An Execution Isolation Architecture for LLM-Based Agentic SystemsYuhao Wu, Franziska Roesner, Tadayoshi Kohno, Ning Zhang 0017, Umar Iqbal 0002. [doi]

Attributing Open-Source Contributions is Critical but Difficult: A Systematic Analysis of GitHub Practices and Their Impact on Software Supply Chain SecurityJan-Ulrich Holtgrave, Kay Friedrich, Fabian Fischer 0009, Nicolas Huaman, Niklas Busch, Jan H. Klemmer, Marcel Fourné, Oliver Wiese, Dominik Wermke, Sascha Fahl. [doi]

BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKSYinggang Guo, ZiCheng Wang, Weiheng Bai, Qingkai Zeng 0002, Kangjie Lu. [doi]

Passive Inference Attacks on Split Learning via Adversarial RegularizationXiaochen Zhu 0003, Xinjian Luo, Yuncheng Wu, Yangfan Jiang, Xiaokui Xiao, Beng Chin Ooi. [doi]

CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNPStefan Gast, Hannes Weissteiner, Robin Leander Schröder, Daniel Gruss. [doi]

Siniel: Distributed Privacy-Preserving zkSNARKYunbo Yang, Yuejia Cheng, Kailun Wang, Xiaoguo Li, Jianfei Sun, Jiachen Shen, Xiaolei Dong, Zhenfu Cao, Guomin Yang, Robert H. Deng. [doi]

Mens Sana In Corpore Sano: Sound Firmware Corpora for Vulnerability ResearchRené Helmke, Elmar Padilla, Nils Aschenbruck. [doi]

Securing BGP ASAP: ASPA and other Post-ROV DefensesJustin Furuness, Cameron Morris, Reynaldo Morillo, Arvind Kasiliya, Bing Wang 0001, Amir Herzberg. [doi]

CCTAG: Configurable and Combinable Tagged ArchitectureZhanpeng Liu, Yi Rong, Chenyang Li, Wende Tan, Yuan Li, Xinhui Han, Songtao Yang, Chao Zhang 0008. [doi]

ScopeVerif: Analyzing the Security of Android's Scoped Storage via Differential AnalysisZeyu Lei, Güliz Seray Tuncay, Beatrice Carissa Williem, Z. Berkay Celik, Antonio Bianchi. [doi]

Be Careful of What You Embed: Demystifying OLE VulnerabilitiesYunpeng Tian, Feng Dong 0008, Haoyi Liu, Meng Xu, Zhiniang Peng, Zesen Ye, Shenghui Li, Xiapu Luo, Haoyu Wang. [doi]

Ring of Gyges: Accountable Anonymous Broadcast via Secret-Shared ShuffleWentao Dong, Peipei Jiang 0002, Huayi Duan, Cong Wang 0001, Lingchen Zhao, Qian Wang 0002. [doi]

SCAMMAGNIFIER: Piercing the Veil of Fraudulent Shopping Website CampaignsMarzieh Bitaab, Alireza Karimi, Zhuoer Lyu, Adam Oest, Dhruv Kuchhal, Muhammad Saad 0001, Gail-Joon Ahn, Ruoyu Wang 0001, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé. [doi]

ReThink: Reveal the Threat of Electromagnetic Interference on Power InvertersFengchen Yang, Zihao Dan, Kaikai Pan, Chen Yan 0001, Xiaoyu Ji 0001, Wenyuan Xu 0001. [doi]

Rediscovering Method Confusion in Proposed Security Fixes for BluetoothMaximilian Von Tschirschnitz, Ludwig Peuckert, Moritz Buhl, Jens Grossklags. [doi]

NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js VulnerabilitiesDarion Cassel, Nuno Sabino, Min-Chien Hsu, Ruben Martins, Limin Jia 0001. [doi]

BinEnhance: An Enhancement Framework Based on External Environment Semantics for Binary Code SearchYongpan Wang, Hong Li 0004, Xiaojie Zhu, Siyuan Li, Chaopeng Dong, Shouguo Yang, Kangyuan Qin. [doi]

LLMPirate: LLMs for Black-box Hardware IP PiracyVasudev Gohil, Matthew DeLorenzo, Veera Vishwa Achuta Sai Venkat Nallam, Joey See, Jeyavijayan Rajendran. [doi]

Automatic Insecurity: Exploring Email Auto-configuration in the WildShushang Wen, Yiming Zhang, Yuxiang Shen, Bingyu Li, Haixin Duan, Jingqiang Lin 0001. [doi]

Exploring User Perceptions of Security Auditing in the Web3 EcosystemMolly Zhuangtong Huang, Rui Jiang, Tanusree Sharma, Kanye Ye Wang. [doi]

ReDAN: An Empirical Study on Remote DoS Attacks against NAT NetworksXuewei Feng, Yuxiang Yang, Qi Li 0002, Xingxiang Zhan, Kun Sun 0001, Ziqiang Wang, Ao Wang, Ganqiu Du, Ke Xu 0002. [doi]

URVFL: Undetectable Data Reconstruction Attack on Vertical Federated LearningDuanyi Yao, Songze Li, Xueluan Gong, Sizai Hou, Gaoning Pan. [doi]

Non-intrusive and Unconstrained Keystroke Inference in VR Platforms via Infrared Side ChannelTao Ni 0003, Yuefeng Du 0001, Qingchuan Zhao, Cong Wang 0001. [doi]

Iris: Dynamic Privacy Preserving Search in Authenticated Chord Peer-to-Peer NetworksAngeliki Aktypi, Kasper Rasmussen. [doi]

BitShield: Defending Against Bit-Flip Attacks on DNN ExecutablesYanzuo Chen, Yuanyuan Yuan, Zhibo Liu, Sihang Hu, Tianxiang Li, Shuai Wang 0011. [doi]

"Who is Trying to Access My Account?" Exploring User Perceptions and Reactions to Risk-based Authentication NotificationsTongxin Wei, Ding Wang, Yutong Li, Yuehuan Wang. [doi]

VulShield: Protecting Vulnerable Code Before Deploying PatchesYuan Li, Chao Zhang 0008, Jinhao Zhu, Penghui Li, Chenyang Li, Songtao Yang, Wende Tan. [doi]

Balancing Privacy and Data Utilization: A Comparative Vignette Study on User Acceptance of Data Trustees in Germany and the USLeona Lassak, Hanna Püschel, Oliver D. Reithmaier, Tobias Gostomzyk, Markus Dürmuth. [doi]

The Kids Are All Right: Investigating the Susceptibility of Teens and Adults to YouTube Giveaway ScamsElijah Robert Bouma-Sims, Lily Klucinec, Mandy Lanyon, Julie Downs, Lorrie Faith Cranor. [doi]

Starshields for iOS: Navigating the Security Cosmos in Satellite CommunicationJiska Classen, Alexander Heinrich, Fabian Portner, Felix Rohrbach, Matthias Hollick. [doi]

Kronos: A Secure and Generic Sharding Blockchain Consensus with Optimized OverheadYizhong Liu, Andi Liu, Yuan Lu 0001, Zhuocheng Pan, Yinuo Li, Jianwei Liu 0001, Song Bian 0001, Mauro Conti. [doi]

I Know What You Asked: Prompt Leakage via KV-Cache Sharing in Multi-Tenant LLM ServingGuanlong Wu, Zheng Zhang, Yao Zhang, Weili Wang, Jianyu Niu, Ye Wu, Yinqian Zhang. [doi]

Enhancing Security in Third-Party Library Reuse - Comprehensive Detection of 1-day Vulnerability through Code Patch AnalysisShangzhi Xu, Jialiang Dong, Weiting Cai, Juanru Li, Arash Shaghaghi, Nan Sun, Siqi Ma. [doi]

TZ-DATASHIELD: Automated Data Protection for Embedded Systems via Data-Flow-Based CompartmentalizationZelun Kong, Minkyung Park, Le Guan, Ning Zhang 0017, Chung Hwan Kim. [doi]

PBP: Post-training Backdoor Purification for Malware ClassifiersDung Thuy Nguyen, Ngoc N. Tran, Taylor T. Johnson, Kevin Leach. [doi]

Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its EcosystemAbdullah AlHamdan, Cristian-Alexandru Staicu. [doi]

THEMIS: Regulating Textual Inversion for Personalized Concept CensorshipYutong Wu, Jie Zhang, Florian Kerschbaum, Tianwei Zhang 0004. [doi]

KernelSnitch: Side Channel-Attacks on Kernel Data StructuresLukas Maar, Jonas Juffinger, Thomas Steinbauer, Daniel Gruss, Stefan Mangard. [doi]

Ctrl+Alt+Deceive: Quantifying User Exposure to Online ScamsPlaton Kotzias, Michalis Pachilakis, Javier Aldana-Iuit, Juan Caballero, Iskander Sánchez-Rola, Leyla Bilge. [doi]

DLBox: New Model Training Framework for Protecting Training DataJaewon Hur, Juheon Yi, Cheolwoo Myung, Sangyun Kim, Youngki Lee, Byoungyoung Lee. [doi]

Density Boosts Everything: A One-stop Strategy for Improving Performance, Robustness, and Sustainability of Malware DetectorsJianwen Tian, Wei Kong, Debin Gao, Tong Wang, Taotao Gu, Kefan Qiu, Zhi Wang 0014, Xiaohui Kuang. [doi]

Hidden and Lost Control: on Security Design Risks in IoT User-Facing Matter ControllerHaoqiang Wang, Yiwei Fang, Yichen Liu, Ze Jin, Emma Delph, Xiaojiang Du, Qixu Liu, Luyi Xing. [doi]

A Large-Scale Measurement Study of the PROXY Protocol and its Security ImplicationsStijn Pletinckx, Christopher Kruegel, Giovanni Vigna. [doi]

TrajDeleter: Enabling Trajectory Forgetting in Offline Reinforcement Learning AgentsChen Gong 0005, Kecen Li, Jin Yao, Tianhao Wang 0001. [doi]

Unleashing the Power of Generative Model in Recovering Variable Names from Stripped BinaryXiangzhe Xu, Zhuo Zhang 0002, Zian Su, Ziyang Huang, Shiwei Feng 0002, Yapeng Ye, Nan Jiang 0012, Danning Xie, Siyuan Cheng 0005, Lin Tan 0001, Xiangyu Zhang 0001. [doi]

Manifoldchain: Maximizing Blockchain Throughput via Bandwidth-Clustered ShardingChunjiang Che, Songze Li, Xuechao Wang. [doi]

Repurposing Neural Networks for Efficient Cryptographic ComputationXin Jin, ShiQing Ma, Zhiqiang Lin 0001. [doi]

A Method to Facilitate Membership Inference Attacks in Deep Learning ModelsZitao Chen 0001, Karthik Pattabiraman. [doi]

MALintent: Coverage Guided Intent Fuzzing Framework for AndroidAmmar Askar, Fabian Fleischer, Christopher Kruegel, Giovanni Vigna, Taesoo Kim. [doi]

Blindfold: Confidential Memory Management by Untrusted Operating SystemCaihua Li, Seung-Seob Lee, Lin Zhong 0001. [doi]

On Borrowed Time - Preventing Static Side-Channel AnalysisRobert Dumitru 0002, Thorben Moos, Andrew Wabnitz, Yuval Yarom. [doi]

A Formal Approach to Multi-Layered Privileges for EnclavesGanxiang Yang, Chenyang Liu, Zhen Huang, Guoxing Chen, Hongfei Fu 0001, Yuanyuan Zhang, Haojin Zhu. [doi]

PQConnect: Automated Post-Quantum End-to-End TunnelsDaniel J. Bernstein, Tanja Lange 0001, Jonathan Levin 0002, Bo-Yin Yang. [doi]

Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion DetectionLingzhi Wang, Xiangmin Shen, Weijian Li, Zhenyuan Li, R. Sekar 0001, Han Liu, Yan Chen 0004. [doi]

Sheep's Clothing, Wolf's Data: Detecting Server-Induced Client Vulnerabilities in Windows Remote IPCFangming Gu, Qingli Guo, Jie Lu, Qinghe Xie, Beibei Zhao, Kangjie Lu, Hong Li, Xiaorui Gong. [doi]

RAIFLE: Reconstruction Attacks on Interaction-based Federated Learning with Adversarial Data ManipulationDzung Pham 0002, Shreyas Kulkarni, Amir Houmansadr. [doi]

Vulnerability, Where Art Thou? An Investigation of Vulnerability Management in Android Smartphone ChipsetsDaniel Klischies, Philipp Mackensen, Veelasha Moonsamy. [doi]

Defending Against Membership Inference Attacks on Iteratively Pruned Deep Neural NetworksJing Shang, Jian Wang, Kailun Wang, Jiqiang Liu, Nan Jiang, Md. Armanuzzaman, Ziming Zhao 0001. [doi]

Lend Me Your Beam: Privacy Implications of Plaintext Beamforming Feedback in WiFiRui Xiao 0002, Xiankai Chen, Yinghui He, Jun Han 0001, Jinsong Han. [doi]

Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment ReuseRunze Zhang, Mingxuan Yao, Haichuan Xu, Omar Alrawi, Jeman Park 0001, Brendan Saltaformaggio. [doi]

"Where Are We On Cyber?" - A Qualitative Study On Boards' Cybersecurity Risk Decision MakingJens Opdenbusch, Jonas Hielscher, M. Angela Sasse. [doi]

Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged ApproachChristian van Sloun, Vincent Woeste, Konrad Wolsing, Jan Pennekamp, Klaus Wehrle. [doi]

CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian SamplingKaiyuan Zhang 0002, Siyuan Cheng 0005, Guangyu Shen, Bruno Ribeiro 0001, Shengwei An, Pin-Yu Chen, Xiangyu Zhang 0001, Ninghui Li. [doi]

DUMPLING: Fine-grained Differential JavaScript Engine FuzzingLiam Wachter, Julian Gremminger, Christian Wressnegger, Mathias Payer, Flavio Toffalini. [doi]

The Discriminative Power of Cross-layer RTTs in Fingerprinting Proxy TrafficDiwen Xue, Robert Stanley, Piyush Kumar, Roya Ensafi. [doi]

Dissecting Payload-based Transaction Phishing on EthereumZhuo Chen, Yufeng Hu, Bowen He, Dong Luo, Lei Wu 0012, Yajin Zhou. [doi]

LeakLess: Selective Data Protection against Memory Leakage Attacks for Serverless PlatformsMaryam Rostamipoor, Seyedhamed Ghavamnia, Michalis Polychronakis. [doi]

RContainer: A Secure Container Architecture through Extending ARM CCA Hardware PrimitivesQihang Zhou, Wenzhuo Cao, Xiaoqi Jia, Peng Liu 0005, Shengzhi Zhang, Jiayun Chen, Shaowen Xu, Zhenyu Song. [doi]

MineShark: Cryptomining Traffic Detection at ScaleShaoke Xi, Tianyi Fu, Kai Bu, Chunling Yang, Zhihua Chang, Wenzhi Chen, Zhou Ma, Chongjie Chen, Yongsheng Shen, Kui Ren 0001. [doi]

TWINFUZZ: Differential Testing of Video Hardware Acceleration StacksMatteo Leonelli, Addison Crump, Meng Wang, Florian Bauckholt, Keno Hassler, Ali Abbasi 0002, Thorsten Holz. [doi]

PolicyPulse: Precision Semantic Role Extraction for Enhanced Privacy Policy ComprehensionAndrick Adhikari, Sanchari Das, Rinku Dewri. [doi]

Spatial-Domain Wireless Jamming with Reconfigurable Intelligent SurfacesPhilipp Mackensen, Paul Staat, Stefan Roth 0004, Aydin Sezgin, Christof Paar, Veelasha Moonsamy. [doi]

SongBsAb: A Dual Prevention Approach against Singing Voice Conversion based Illegal Song CoversGuangke Chen, Yedi Zhang, Fu Song, Ting Wang 0004, Xiaoning Du 0001, Yang Liu 0003. [doi]

Translating C To Rust: Lessons from a User StudyRuishi Li, Bo Wang, Tianyu Li, Prateek Saxena, Ashish Kundu. [doi]

The (Un)usual Suspects - Studying Reasons for Lacking Updates in WordPressMaria Hellenthal, Lena Gotsche, Rafael Mrowczynski, Sarah Kugel, Michael Schilling 0001, Ben Stock. [doi]

Safety Misalignment Against Large Language ModelsYichen Gong, Delong Ran, Xinlei He 0001, Tianshuo Cong, Anyu Wang 0001, Xiaoyun Wang 0001. [doi]

On the Realism of LiDAR Spoofing Attacks against Autonomous Driving Vehicle at High Speed and Long DistanceTakami Sato, Ryo Suzuki, Yuki Hayakawa, Kazuma Ikeda, Ozora Sako, Rokuto Nagata, Ryo Yoshida, Qi Alfred Chen, Kentaro Yoshioka. [doi]

JBomAudit: Assessing the Landscape, Compliance, and Security Implications of Java SBOMsYue Xiao 0007, Dhilung Kirat, Douglas Lee Schales, Jiyong Jang, Luyi Xing, Xiaojing Liao. [doi]

Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature AttributionShuo Shao 0002, Yiming Li 0004, Hongwei Yao, Yiling He, Zhan Qin, Kui Ren 0001. [doi]

Towards Understanding Unsafe Video GenerationYan Pang, Aiping Xiong, Yang Zhang 0016, Tianhao Wang 0001. [doi]

LightAntenna: Characterizing the Limits of Fluorescent Lamp-Induced Electromagnetic InterferenceFengchen Yang, Wenze Cui, Xinfeng Li, Chen Yan 0001, Xiaoyu Ji 0001, Wenyuan Xu 0001. [doi]

VoiceRadar: Voice Deepfake Detection using Micro-Frequency and Compositional AnalysisKavita Kumari, Maryam Abbasihafshejani, Alessandro Pegoraro, Phillip Rieger, Kamyar Arshi, Murtuza Jadliwala, Ahmad-Reza Sadeghi. [doi]

Rethinking Trust in Forge-Based Git SecurityAditya Sirish A Yelgundhalli, Patrick Zielinski, Reza Curtmola, Justin Cappos. [doi]

Duumviri: Detecting Trackers and Mixed Trackers with a Breakage DetectorHe Shuang, Lianying Zhao, David Lie. [doi]

A New PPML Paradigm for Quantized ModelsTianpei Lu, Bingsheng Zhang, Xiaoyuan Zhang, Kui Ren 0001. [doi]

Revealing the Black Box of Device Search Engine: Scanning Assets, Strategies, and Ethical ConsiderationMengying Wu, Geng Hong, Jinsong Chen, Qi Liu, Shujun Tang, Youhao Li, Baojun Liu, Haixin Duan, Min Yang 0002. [doi]

VeriBin: Adaptive Verification of Patches at the Binary LevelHongwei Wu, Jianliang Wu, Ruoyu Wu, Ayushi Sharma, Aravind Machiry, Antonio Bianchi. [doi]

Automated Expansion of Privacy Data Taxonomy for Compliant Data Breach NotificationYue Qin, Yue Xiao 0007, Xiaojing Liao. [doi]

Delay-allowed Differentially Private Data Stream ReleaseXiaochen Li, Zhan Qin, Kui Ren 0001, Chen Gong 0005, Shuya Feng, Yuan Hong 0001, Tianhao Wang 0001. [doi]

Revisiting Physical-World Adversarial Attack on Traffic Sign Recognition: A Commercial Systems PerspectiveNingfei Wang, Shaoyuan Xie, Takami Sato, Yunpeng Luo, Kaidi Xu, Qi Alfred Chen. [doi]

type++: Prohibiting Type Confusion with Inline Type InformationNicolas Badoux, Flavio Toffalini, Yuseok Jeon, Mathias Payer. [doi]

Provably Unlearnable Data ExamplesDerui Wang, Minhui Xue 0001, Bo Li 0026, Seyit Camtepe, Liming Zhu 0001. [doi]

AlphaDog: No-Box Camouflage Attacks via Alpha Channel OversightQi Xia, Qian Chen. [doi]

Mysticeti: Reaching the Latency Limits with Uncertified DAGsKushal Babel, Andrey Chursin, George Danezis, Anastasios Kichidis, Lefteris Kokoris-Kogias, Arun Koshy, Alberto Sonnino, Mingwei Tian. [doi]

SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks in Split LearningPhillip Rieger, Alessandro Pegoraro, Kavita Kumari, Tigist Abera, Jonathan Knauer, Ahmad-Reza Sadeghi. [doi]

Misdirection of Trust: Demystifying the Abuse of Dedicated URL Shortening ServiceZhibo Zhang, Lei Zhang 0096, Zhangyue Zhang, Geng Hong, Yuan Zhang 0009, Min Yang 0002. [doi]

Try to Poison My Deep Learning Data? Nowhere to Hide Your Trajectory Spectrum!Yansong Gao 0001, Huaibing Peng, Hua Ma, Zhi Zhang 0001, Shuo Wang 0012, Rayne Holland, Anmin Fu, Minhui Xue 0001, Derek Abbott. [doi]

Evaluating Machine Learning-Based IoT Device Identification Models for Security ApplicationsEman Maali, Omar Alrawi, Julie A. McCann. [doi]

A Key-Driven Framework for Identity-Preserving Face AnonymizationMiaomiao Wang, Guang Hua 0001, Sheng Li 0006, Guorui Feng. [doi]

You Can Rand but You Can't Hide: A Holistic Security Analysis of Google Fuchsia's (and gVisor's) Network StackInon Kaplan, Ron Even, Amit Klein 0001. [doi]

GAP-Diff: Protecting JPEG-Compressed Images from Diffusion-based Facial CustomizationHaotian Zhu, Shuchao Pang, Zhigang Lu, Yongbin Zhou, Minhui Xue 0001. [doi]

SIGuard: Guarding Secure Inference with Post Data PrivacyXinqian Wang, Xiaoning Liu, Shangqi Lai, Xun Yi, Xingliang Yuan. [doi]

Detecting IMSI-Catchers by Characterizing Identity Exposing Messages in Cellular TrafficTyler Tucker, Nathaniel Bennett, Martin Kotuliak, Simon Erni, Srdjan Capkun, Kevin R. B. Butler, Patrick Traynor. [doi]

RACONTEUR: A Knowledgeable, Insightful, and Portable LLM-Powered Shell Command ExplainerJiangyi Deng, Xinfeng Li, Yanjiao Chen, Yijie Bai, Haiqin Weng, Yan Liu, Tao Wei, Wenyuan Xu 0001. [doi]

Do We Really Need to Design New Byzantine-robust Aggregation Rules?Minghong Fang, Seyedsina Nabavirazavi, Zhuqing Liu, Wei Sun, Sundaraja Sitharama Iyengar, Haibo Yang 0001. [doi]

Deanonymizing Device Identities via Side-channel Attacks in Exclusive-use IoTs & MitigationChristopher Ellis, Yue Zhang 0025, Mohit Kumar Jangid, Shixuan Zhao 0002, Zhiqiang Lin 0001. [doi]

ERW-Radar: An Adaptive Detection System against Evasive Ransomware by Contextual Behavior Detection and Fine-grained Content AnalysisLingbo Zhao, Yuhui Zhang, Zhilu Wang, Fengkai Yuan, Rui Hou 0001. [doi]

Diffence: Fencing Membership Privacy With Diffusion ModelsYuefeng Peng, Ali Naseh, Amir Houmansadr. [doi]

The Guardians of Name Street: Studying the Defensive Registration Practices of the Fortune 500Boladji Vinny Adjibi, Athanasios Avgetidis, Manos Antonakakis, Michael D. Bailey, Fabian Monrose. [doi]

Was This You? Investigating the Design Considerations for Suspicious Login NotificationsSena Sahin, Burak Sahin, Frank Li 0001. [doi]

SketchFeature: High-Quality Per-Flow Feature Extractor Towards Security-Aware Data PlaneSian Kim, Seyed Mohammad Mehdi Mirnajafizadeh, Bara Kim, RhongHo Jang, DaeHun Nyang. [doi]

Do (Not) Follow the White Rabbit: Challenging the Myth of Harmless Open RedirectionSoheil Khodayari, Kai Glauber, Giancarlo Pellegrino. [doi]

Understanding Data Importance in Machine Learning Attacks: Does Valuable Data Pose Greater Harm?Rui Wen 0002, Michael Backes 0001, Yang Zhang 0016. [doi]

Oreo: Protecting ASLR Against Microarchitectural AttacksShixin Song, Joseph Zhang, Mengjia Yan 0001. [doi]

From Large to Mammoth: A Comparative Evaluation of Large Language Models in Vulnerability DetectionJie Lin, David Mohaisen. [doi]

Tweezers: A Framework for Security Event Detection via Event Attribution-centric Tweet EmbeddingJian Cui, Hanna Kim, Eugene Jang, Dayeon Yim, Kicheol Kim, Yongjae Lee, Jin-Woo Chung, Seungwon Shin 0001, Xiaojing Liao. [doi]

YuraScanner: Leveraging LLMs for Task-driven Web App ScanningAleksei Stafeev, Tim Recktenwald, Gianluca De Stefano, Soheil Khodayari, Giancarlo Pellegrino. [doi]

Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel AttackZiqiang Wang, Xuewei Feng, Qi Li 0002, Kun Sun 0001, Yuxiang Yang, Mengyuan Li, Ganqiu Du, Ke Xu 0002, Jianping Wu. [doi]

LADDER: Multi-Objective Backdoor Attack via Evolutionary AlgorithmDazhuang Liu, Yanqi Qiao, Rui Wang 0070, Kaitai Liang, Georgios Smaragdakis. [doi]

L-HAWK: A Controllable Physical Adversarial Patch Against a Long-Distance TargetTaiFeng Liu, Yang Liu, Zhuo Ma, Tong Yang 0003, Xinjing Liu, Teng Li 0003, Jianfeng Ma 0001. [doi]

Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser FingerprintingLeon Trampert, Daniel Weber 0007, Lukas Gerlach 0001, Christian Rossow, Michael Schwarz 0001. [doi]

ASGARD: Protecting On-Device Deep Neural Networks with Virtualization-Based Trusted Execution EnvironmentsMyungsuk Moon, Minhee Kim, Joonkyo Jung, Dokyung Song. [doi]

BARBIE: Robust Backdoor Detection Based on Latent SeparabilityHanlei Zhang, Yijie Bai, Yanjiao Chen, Zhongming Ma, Wenyuan Xu 0001. [doi]

Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual DevicesZheyu Ma, Qiang Liu 0034, Zheming Li, Tingting Yin, Wende Tan, Chao Zhang 0008, Mathias Payer. [doi]

PowerRadio: Manipulate Sensor Measurement via Power GND RadiationYan Jiang, Xiaoyu Ji 0001, Yancheng Jiang, Kai Wang, Chenren Xu, Wenyuan Xu 0001. [doi]

Understanding Miniapp Malware: Identification, Dissection, and CharacterizationYuqing Yang 0003, Yue Zhang 0025, Zhiqiang Lin 0001. [doi]

ProvGuard: Detecting SDN Control Policy Manipulation via Contextual Semantics of Provenance GraphsZiwen Liu, Jian Mao, Jun Zeng, Jiawei Li, Qixiao Lin, Jiahao Liu, Jianwei Zhuge, Zhenkai Liang. [doi]

CLIBE: Detecting Dynamic Backdoors in Transformer-based NLP ModelsRui Zeng, Xi Chen, Yuwen Pu, Xuhong Zhang 0002, Tianyu Du, Shouling Ji. [doi]

EvoCrawl: Exploring Web Application Code and State using Evolutionary SearchXiangyu Guo, Akshay Kawlay, Eric Liu, David Lie. [doi]

Eclipse Attacks on Monero's Peer-to-Peer NetworkRuisheng Shi, Zhiyuan Peng, Lina Lan, Yulian Ge, Peng Liu 0005, Qin Wang, Juan Wang 0006. [doi]

An Empirical Study on Fingerprint API Misuse with Lifecycle Analysis in Real-world Android AppsXin Zhang, Xiaohan Zhang, Zhichen Liu, Bo Zhao, Zhemin Yang, Min Yang 0002. [doi]

Recurrent Private Set Intersection for Unbalanced Databases with Cuckoo Hashing and Leveled FHEEduardo Chielle, Michail Maniatakos. [doi]

Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated ExecutionByeongwook Kim, Jaewon Hur, Adil Ahmad, Byoungyoung Lee. [doi]

Retrofitting XoM for Stripped Binaries without Embedded Data RelocationChenke Luo, Jiang Ming 0002, Mengfei Xie, Guojun Peng, Jianming Fu. [doi]

PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property GenerationYe Liu 0012, Yue Xue, Daoyuan Wu, Yuqiang Sun 0001, Yi Li 0008, Miaolei Shi, Yang Liu 0003. [doi]

I know what you MEME! Understanding and Detecting Harmful Memes with Multimodal Large Language ModelsYong Zhuang, Keyan Guo, Juan Wang 0006, Yiheng Jing, Xiaoyang Xu, Wenzhe Yi, Mengda Yang, Bo Zhao 0023, Hongxin Hu. [doi]

MingledPie: A Cluster Mingling Approach for Mitigating Preference Profiling in CFLCheng Zhang, Yang Xu 0013, Jianghao Tan, Jiajie An, Wenqiang Jin. [doi]

Compiled Models, Built-In Exploits: Uncovering Pervasive Bit-Flip Attack Surfaces in DNN ExecutablesYanzuo Chen, Zhibo Liu, Yuanyuan Yuan, Sihang Hu, Tianxiang Li, Shuai Wang 0011. [doi]

Secure Transformer Inference Made Non-interactiveJiawen Zhang, Xinpeng Yang, Lipeng He, Kejia Chen 0007, Wen-Jie Lu, Yinghao Wang, Xiaoyang Hou, Jian Liu 0012, Kui Ren 0001, Xiaohu Yang 0001. [doi]

Scale-MIA: A Scalable Model Inversion Attack against Secure Federated Learning via Latent Space ReconstructionShanghao Shi, Ning Wang 0022, Yang Xiao 0010, Chaoyu Zhang, Yi Shi 0001, Y. Thomas Hou 0001, Wenjing Lou. [doi]

RadSee: See Your Handwriting Through Walls Using FMCW RadarShichen Zhang, Qijun Wang, Maolin Gan, Zhichao Cao 0001, Huacheng Zeng. [doi]

Black-box Membership Inference Attacks against Fine-tuned Diffusion ModelsYan Pang, Tianhao Wang 0001. [doi]

EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via Routing AnalysisHangtian Liu, Lei Zheng, Shuitao Gan, Chao Zhang 0008, Zicong Gao, Hongqi Zhang, Yishun Zeng, Zhiyuan Jiang, Jiahai Yang. [doi]

WAVEN: WebAssembly Memory Virtualization for EnclavesWeili Wang, Honghan Ji, Peixuan He, Yao Zhang, Ye Wu, Yinqian Zhang. [doi]

Automatic Library Fuzzing through API Relation EvolvementJiayi Lin 0007, Qingyu Zhang, Junzhe Li, Chenxin Sun, Hao Zhou, Changhua Luo, Chenxiong Qian. [doi]

CASPR: Context-Aware Security Policy RecommendationLifang Xiao, Hanyu Wang, Aimin Yu, Lixin Zhao, Dan Meng. [doi]

Speak Up, I'm Listening: Extracting Speech from Zero-Permission VR SensorsDerin Cayir, Reham Mohamed Aburas, Riccardo Lazzeretti, Marco Angelini, Abbas Acar, Mauro Conti, Z. Berkay Celik, A. Selcuk Uluagac. [doi]

TME-Box: Scalable In-Process Isolation through Intel TME-MK Memory EncryptionMartin Unterguggenberger, Lukas Lamster, David Schrammel, Martin Schwarzl, Stefan Mangard. [doi]

A Multifaceted Study on the Use of TLS and Auto-detect in Email EcosystemsKa Fun Tang, Che Wei Tu, Sui Ling Angela Mak, Sze Yiu Chau. [doi]

Blackbox Fuzzing of Distributed Systems with Multi-Dimensional Inputs and Symmetry-Based Feedback PruningYong-Hao Zou, Jia-Ju Bai, Zu-Ming Jiang, Ming Zhao, Diyu Zhou. [doi]

A Systematic Evaluation of Novel and Existing Cache Side ChannelsFabian Rauscher, Carina Fiedler, Andreas Kogler, Daniel Gruss. [doi]

HADES Attack: Understanding and Evaluating Manipulation Risks of Email BlocklistsRuixuan Li 0008, Chaoyi Lu, Baojun Liu, Yunyi Zhang, Geng Hong, Haixin Duan, Yanzhong Lin, Qingfeng Pan, Min Yang 0002, Jun Shao 0001. [doi]

The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-appsYizhe Shi, Zhemin Yang, Kangwei Zhong, Guangliang Yang 0001, Yifan Yang, Xiaohan Zhang 0001, Min Yang 0002. [doi]

Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of ChinaShencha Fan, Jackson Sippe, Sakamoto San, Jade Sheffey, David Fifield, Amir Houmansadr, Elson Wedwards, Eric Wustrow. [doi]

DShield: Defending against Backdoor Attacks on Graph Neural Networks via Discrepancy LearningHao Yu, Chuan Ma 0001, Xinhang Wan, Jun Wang 0118, Tao Xiang 0001, Meng Shen, Xinwang Liu 0002. [doi]

SHAFT: Secure, Handy, Accurate and Fast Transformer InferenceAndes Y. L. Kei, Sherman S. M. Chow. [doi]

FUZZUER: Enabling Fuzzing of UEFI Interfaces on EDK-2Connor Glosner, Aravind Machiry. [doi]

Impact Tracing: Identifying the Culprit of Misinformation in Encrypted Messaging SystemsZhongming Wang, Tao Xiang 0001, Xiaoguo Li, Biwen Chen, Guomin Yang, Chuan Ma 0001, Robert H. Deng. [doi]

The Midas Touch: Triggering the Capability of LLMs for RM-API Misuse DetectionYi Yang, Jinghua Liu, Kai Chen 0012, Miaoqian Lin. [doi]

All your (data)base are belong to us: Characterizing Database Ransom(ware) AttacksKevin van Liebergen, Gibran Gómez, Srdjan Matic, Juan Caballero. [doi]

ICSQuartz: Scan Cycle-Aware and Vendor-Agnostic Fuzzing for Industrial Control SystemsCorban Villa, Constantine Doumanidis, Hithem Lamri, Prashant Hari Narayan Rajput, Michail Maniatakos. [doi]

MTZK: Testing and Exploring Bugs in Zero-Knowledge (ZK) CompilersDongwei Xiao, Zhibo Liu, Yiteng Peng, Shuai Wang 0011. [doi]

A Comprehensive Memory Safety Analysis of BootloadersJianqiang Wang, Meng Wang, Qinying Wang, Nils Langius, Li Shi, Ali Abbasi 0002, Thorsten Holz. [doi]

SKILLPoV: Towards Accessible and Effective Privacy Notice for Amazon Alexa SkillsJingwen Yan, Song Liao, Mohammed Aldeen, Luyi Xing, Danfeng Yao, Long Cheng 0005. [doi]

Power-Related Side-Channel Attacks using the Android Sensor FrameworkMathias Oberhuber, Martin Unterguggenberger, Lukas Maar, Andreas Kogler, Stefan Mangard. [doi]

Revisiting Concept Drift in Windows Malware Detection: Adaptation to Real Drifted Malware with Minimal SamplesAdrian Shuai Li, Arun Iyengar, Ashish Kundu, Elisa Bertino. [doi]

The Forking Way: When TEEs Meet ConsensusAnnika Wilde, Tim Niklas Gruel, Claudio Soriente, Ghassan Karame. [doi]

Silence False Alarms: Identifying Anti-Reentrancy Patterns on Ethereum to Refine Smart Contract Reentrancy DetectionQiYang Song, Heqing Huang 0001, Xiaoqi Jia, Yuanbo Xie, Jiahao Cao. [doi]

Careful About What App Promotion Ads Recommend! Detecting and Explaining Malware Promotion via App Promotion GraphShang Ma, Chaoran Chen, Shao Yang, Shifu Hou, Toby Jia-Jun Li, Xusheng Xiao, Tao Xie 0001, Yanfang Ye 0001. [doi]

Automated Mass Malware Factory: The Convergence of Piggybacking and Adversarial Example in Android Malicious Software GenerationHeng Li 0008, Zhiyuan Yao, Bang Wu, Cuiying Gao, Teng Xu, Wei Yuan, Xiapu Luo. [doi]

Interventional Root Cause Analysis of Failures in Multi-Sensor Fusion Perception SystemsShuguang Wang, Qian Zhou, Kui Wu, Jinghuai Deng, Dapeng Wu 0001, Wei-Bin Lee, Jianping Wang 0001. [doi]

Beyond Classification: Inferring Function Names in Stripped Binaries via Domain Adapted LLMsLinxi Jiang, Xin Jin, Zhiqiang Lin 0001. [doi]

Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP ExchangePinji Chen, Jianjun Chen 0005, Mingming Zhang, Qi Wang, Yiming Zhang 0009, Mingwei Xu, Haixin Duan. [doi]

Distributed Function Secret Sharing and ApplicationsPengzhi Xing, Hongwei Li 0001, Meng Hao, Hanxiao Chen, Jia Hu, Dongxiao Liu. [doi]

The Philosopher's Stone: Trojaning Plugins of Large Language ModelsTian Dong, Minhui Xue 0001, Guoxing Chen, Rayne Holland, Yan Meng 0001, Shaofeng Li, Zhen Liu 0008, Haojin Zhu. [doi]

LAMP: Lightweight Approaches for Latency Minimization in Mixnets with Practical Deployment ConsiderationsMahdi Rahimi 0003, Piyush Kumar Sharma, Claudia Díaz. [doi]

Secret Spilling Drive: Leaking User Behavior through SSD ContentionJonas Juffinger, Fabian Rauscher, Giuseppe La Manna, Daniel Gruss. [doi]

GadgetMeter: Quantitatively and Accurately Gauging the Exploitability of Speculative GadgetsQi Ling, Yujun Liang, Yi Ren, Baris Kasikci, Shuwen Deng. [doi]

Secure IP Address Allocation at Cloud ScaleEric Pauley, Kyle Domico, Blaine Hoak, Ryan Sheatsley, Quinn Burke 0002, Yohan Beugin, Engin Kirda, Patrick D. McDaniel. [doi]

What's Done Is Not What's Claimed: Detecting and Interpreting Inconsistencies in App BehaviorsChang Yue, Kai Chen 0012, Zhixiu Guo, Jun Dai, Xiaoyan Sun 0003, Yi Yang. [doi]

Magmaw: Modality-Agnostic Adversarial Attacks on Machine Learning-Based Wireless Communication SystemsJung-Woo Chang, Ke Sun, Nasimeh Heydaribeni, Seira Hidano, Xinyu Zhang, Farinaz Koushanfar. [doi]

Time-varying Bottleneck Links in LEO Satellite Networks: Identification, Exploits, and CountermeasuresYangtao Deng, Qian Wu, Zeqi Lai, Chenwei Gu, Hewu Li, Yuanjie Li, Jun Liu. [doi]

EMIRIS: Eavesdropping on Iris Information via Electromagnetic Side ChannelWenhao Li, Jiahao Wang, Guoming Zhang, Yanni Yang, Riccardo Spolaor, Xiuzhen Cheng 0001, Pengfei Hu 0001. [doi]

Generating API Parameter Security Rules with LLM for API Misuse DetectionJinghua Liu, Yi Yang, Kai Chen 0012, Miaoqian Lin. [doi]

Characterizing the Impact of Audio Deepfakes in the Presence of Cochlear ImplantMagdalena Pasternak, Kevin Warren, Daniel Olszewski, Susan Nittrouer, Patrick Traynor, Kevin R. B. Butler. [doi]

UI-CTX: Understanding UI Behaviors with Code Contexts for Mobile ApplicationsJiawei Li, Jiahao Liu, Jian Mao, Jun Zeng, Zhenkai Liang. [doi]

GhostShot: Manipulating the Image of CCD Cameras with Electromagnetic InterferenceYanze Ren, Qinhong Jiang, Chen Yan 0001, Xiaoyu Ji 0001, Wenyuan Xu 0001. [doi]

SCRUTINIZER: Towards Secure Forensics on Compromised TrustZoneYiming Zhang 0030, Fengwei Zhang, Xiapu Luo, Rui Hou 0001, Xuhua Ding, Zhenkai Liang, Shoumeng Yan, Tao Wei, Zhengyu He. [doi]

Heimdall: Towards Risk-Aware Network Management OutsourcingYuejie Wang, Qiutong Men, Yongting Chen, Jiajin Liu, Gengyu Chen, Ying Zhang 0022, Guyue Liu, Vyas Sekar. [doi]

PhantomLiDAR: Cross-modality Signal Injection Attacks against LiDARZizhi Jin, Qinhong Jiang, Xuancun Lu, Chen Yan 0001, Xiaoyu Ji 0001, Wenyuan Xu 0001. [doi]

The Road to Trust: Building Enclaves within Confidential VMsWenhao Wang 0001, Linke Song, Benshan Mei, Shuang Liu, Shijun Zhao, Shoumeng Yan, Xiaofeng Wang 0001, Dan Meng, Rui Hou 0001. [doi]

Uncovering the iceberg from the tip: Generating API Specifications for Bug Detection via Specification Propagation AnalysisMiaoqian Lin, Kai Chen 0012, Yi Yang, Jinghua Liu. [doi]

Alba: The Dawn of Scalable Bridges for BlockchainsGiulia Scaffino, Lukas Aumayr, Mahsa Bastankhah, Zeta Avarikioti, Matteo Maffei. [doi]

Revisiting EM-based Estimation for Locally Differentially Private ProtocolsYutong Ye 0002, Tianhao Wang 0001, Min Zhang 0043, Dengguo Feng. [doi]

Probe-Me-Not: Protecting Pre-trained Encoders from Malicious ProbingRuyi Ding, Tong Zhou 0002, Lili Su, Aidong Adam Ding, Xiaolin Xu 0001, Yunsi Fei. [doi]

Onion Franking: Abuse Reports for Mix-Based Private MessagingMatthew Gregoire, Margaret Pierce, Saba Eskandarian. [doi]

On the Robustness of LDP Protocols for Numerical Attributes under Data Poisoning AttacksXiaoguang Li, Zitao Li, Ninghui Li, Wenhai Sun. [doi]

Crosstalk-induced Side Channel Threats in Multi-Tenant NISQ ComputersNavnil Choudhury, Chaithanya Naik Mude, Sanjay Das, Preetham Chandra Tikkireddi, Swamit Tannu, Kanad Basu. [doi]

Transparency or Information Overload? Evaluating Users' Comprehension and Perceptions of the iOS App Privacy ReportXiaoyuan Wu, Lydia Hu, Eric Zeng, Hana Habib, Lujo Bauer. [doi]

QMSan: Efficiently Detecting Uninitialized Memory Errors During FuzzingMatteo Marini, Daniele Cono D'Elia, Mathias Payer, Leonardo Querzoni. [doi]

CHAOS: Exploiting Station Time Synchronization in 802.11 NetworksSirus Shahini, Robert Ricci. [doi]

Too Subtle to Notice: Investigating Executable Stack Issues in Linux SystemsHengkai Ye, Hong Hu 0004. [doi]

Reinforcement UnlearningDayong Ye, Tianqing Zhu, Congcong Zhu, Derui Wang, Kun Gao, Zewei Shi, Sheng Shen 0005, Wanlei Zhou 0001, Minhui Xue 0001. [doi]

Privacy-Preserving Data Deduplication for Enhancing Federated Learning of Language ModelsAydin Abadi, Vishnu Asutosh Dasu, Sumanta Sarkar. [doi]

The Power of Words: A Comprehensive Analysis of Rationales and Their Effects on Users' Permission DecisionsYusra Elbitar, Alexander Hart, Sven Bugiel. [doi]

Rondo: Scalable and Reconfiguration-Friendly Randomness BeaconXuanji Meng, Xiao Sui, Zhaoxin Yang, Kang Rong, Wenbo Xu 0002, Shenglong Chen, Ying Yan 0002, Sisi Duan. [doi]

BumbleBee: Secure Two-party Inference Framework for Large TransformersWen-Jie Lu, Zhicong Huang, Zhen Gu, Jingyu Li, Jian Liu 0012, Cheng Hong 0001, Kui Ren 0001, Tao Wei, Wenguang Chen. [doi]

Moneta: Ex-Vivo GPU Driver Fuzzing by Recalling In-Vivo Execution StatesJoonkyo Jung, Jisoo Jang, Yongwan Jo, Jonas Vinck, Alexios Voulimeneas, Stijn Volckaert, Dokyung Song. [doi]

Horcrux: Synthesize, Split, Shift and Stay Alive; Preventing Channel Depletion via Universal and Enhanced Multi-hop PaymentsAnqi Tian, Peifang Ni, Yingzi Gao, Jing Xu 0002. [doi]

Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux KernelHang Zhang 0012, Jangha Kim, Chuhong Yuan, Zhiyun Qian, Taesoo Kim. [doi]

External Links

Cite Key

Statistics

PDF

Researchr

32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24-28, 2025

Abstract

Table of Contents