Abstract is missing.
- SpecROP: Speculative Exploitation of ROP ChainsAtri Bhattacharyya, Andrés Sánchez, Esmaeil Mohammadian Koruyeh, Nael B. Abu-Ghazaleh, Chengyu Song, Mathias Payer. 1-16 [doi]
- Never Trust Your Victim: Weaponizing Vulnerabilities in Security ScannersAndrea Valenza, Gabriele Costa, Alessandro Armando. 17-29 [doi]
- Camera Fingerprinting Authentication RevisitedDominik Maier, Henrik Erb, Patrick Mullan, Vincent Haupert. 31-46 [doi]
- Binary-level Directed Fuzzing for Use-After-Free VulnerabilitiesManh-Dung Nguyen, Sébastien Bardin, Richard Bonichon, Roland Groz, Matthieu Lemerre. 47-62 [doi]
- WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OSMarcos Tileria, Jorge Blasco, Guillermo Suarez-Tangil. 63-75 [doi]
- MEUZZ: Smart Seed Scheduling for Hybrid FuzzingYaohui Chen, Mansour Ahmadi, Reza Mirzazade Farkhani, Boyu Wang, Long Lu. 77-92 [doi]
- Tracing and Analyzing Web Access Paths Based on User-Side Data Collection: How Do Users Reach Malicious URLs?Takeshi Takahashi, Christopher Kruegel, Giovanni Vigna, Katsunari Yoshioka, Daisuke Inoue. 93-106 [doi]
- What's in an Exploit? An Empirical Analysis of Reflected Server XSS Exploitation TechniquesAhmet Salih Buyukkayhan, Can Gemicioglu, Tobias Lauinger, Alina Oprea, William Robertson 0002, Engin Kirda. 107-120 [doi]
- Mininode: Reducing the Attack Surface of Node.js ApplicationsIgibek Koishybayev, Alexandros Kapravelos. 121-134 [doi]
- Evaluating Changes to Fake Account Verification SystemsFedor Kozlov, Isabella Yuen, Jakub Kowalczyk, Daniel Bernhardt, David Freeman, Paul Pearce, Ivan Ivanov. 135-148 [doi]
- SourceFinder: Finding Malware Source-Code from Publicly Available Repositories in GitHubMd Omar Faruk Rokon, Risul Islam, Ahmad Darki, Evangelos E. Papalexakis, Michalis Faloutsos. 149-163 [doi]
- HyperLeech: Stealthy System Virtualization with Minimal Target Impact through DMA-Based Hypervisor InjectionRalph Palutke, Simon Ruderich, Matthias Wild, Felix C. Freiling. 165-179 [doi]
- Effective Detection of Credential Thefts from Windows Memory: Learning Access Behaviours to Local Security Authority Subsystem ServicePatrick Ah-Fat, Michael Huth, Rob Mead, Tim Burrell, Joshua Neil. 181-194 [doi]
- EnclavePDP: A General Framework to Verify Data Integrity in Cloud Using Intel SGXYun He, Yihua Xu, Xiaoqi Jia, Shengzhi Zhang, Peng Liu 0005, Shuai Chang. 195-208 [doi]
- Robust P2P Primitives Using SGX EnclavesYaoqi Jia, Shruti Tople, Tarik Moataz, Deli Gong, Prateek Saxena, Zhenkai Liang. 209-224 [doi]
- aBBRate: Automating BBR Attack Exploration Using a Model-Based ApproachAnthony Peterson, Samuel Jero, Md. Endadul Hoque, David R. Choffnes, Cristina Nita-Rotaru. 225-240 [doi]
- Cyber Threat Intelligence Modeling Based on Heterogeneous Graph Convolutional NetworkJun Zhao 0017, Qiben Yan, Xudong Liu, Bo Li 0005, Guangsheng Zuo. 241-256 [doi]
- Detecting Lateral Movement in Enterprise Computer Networks with Unsupervised Graph AIBenjamin Bowman, Craig Laprade, Yuede Ji, H. Howie Huang. 257-268 [doi]
- An Object Detection based Solver for Google's Image reCAPTCHA v2Md Imran Hossen, Yazhou Tu, Md Fazle Rabby, Md. Nazmul Islam, Hui Cao 0003, Xiali Hei. 269-284 [doi]
- Evasion Attacks against Banking Fraud Detection SystemsMichele Carminati, Luca Santini, Mario Polino, Stefano Zanero. 285-300 [doi]
- The Limitations of Federated Learning in Sybil SettingsClement Fung, Chris J. M. Yoon, Ivan Beschastnikh. 301-316 [doi]
- GhostImage: Remote Perception Attacks against Camera-based Image Classification SystemsYanmao Man, Ming Li, Ryan M. Gerdes. 317-332 [doi]
- PLC-Sleuth: Detecting and Localizing PLC Intrusions Using Control InvariantsZeyu Yang, Liang He 0002, Peng Cheng 0001, Jiming Chen 0001, David K. Y. Yau, Linkang Du. 333-348 [doi]
- Software-based Realtime Recovery from Sensor Attacks on Robotic VehiclesHongjun Choi, Sayali Kate, Yousra Aafer, Xiangyu Zhang 0001, Dongyan Xu. 349-364 [doi]
- SIEVE: Secure In-Vehicle Automatic Speech Recognition SystemsShu Wang, Jiahao Cao, Kun Sun 0001, Qi Li 0002. 365-379 [doi]
- μSBS: Static Binary Sanitization of Bare-metal Embedded Devices for Fault ObservabilityMajid Salehi, Danny Hughes 0001, Bruno Crispo. 381-395 [doi]
- BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy NetworksJianliang Wu, Yuhong Nan, Vireshwar Kumar, Mathias Payer, Dongyan Xu. 397-411 [doi]
- Dark Firmware: A Systematic Approach to Exploring Application Security Risks in the Presence of Untrusted FirmwareDuha Ibdah, Nada Lachtar, Abdulrahman Abu Elkhail, Anys Bacha, Hafiz Malik. 413-426 [doi]
- A Framework for Software Diversification with ISA HeterogeneityXiaoguang Wang 0003, SengMing Yeoh, Robert Lyerly, Pierre Olivier, Sang-Hoon Kim, Binoy Ravindran. 427-442 [doi]
- Confine: Automated System Call Policy Generation for Container Attack Surface ReductionSeyedhamed Ghavamnia, Tapti Palit, Azzedine Benameur, Michalis Polychronakis. 443-458 [doi]
- sysfilter: Automated System Call Filtering for Commodity SoftwareNicholas DeMarinis, Kent Williams-King, Di Jin, Rodrigo Fonseca, Vasileios P. Kemerlis. 459-474 [doi]