Table of Contents

• Invited Tutorial: Counteracting Web Application Abuse in MalwareMingxuan Yao, Jonathan Fuller, Ranjita Pai Sridhar, Saumya Agarwal, Amit Kumar Sikder, Brendan Saltaformaggio. 1-2 [doi]
• Tutorial: Crypto-Ransomware: Analysis, Defense, and Criminal NegotiationWenjia Song, Arianna Schuler Scott. 3-4 [doi]
• Tutorial: The End of Binary Protocol Parser Vulnerabilities : Using RecordFlux and SPARK to implement formally-verified binary formats and communication protocolsAlexander Senier. 5-6 [doi]
• Characterizing Static Analysis Alerts for Terraform Manifests: An Experience ReportHanyang Hu, Yani Bu, Kristen Wong, Gaurav Sood, Karen Smiley, Akond Rahman. 7-13 [doi]
• Securing Your Crypto-API Usage Through Tool Support - A Usability StudyStefan Krüger, Michael Reif, Anna-Katharina Wickert, Sarah Nadi, Karim Ali 0001, Eric Bodden, Yasemin Acar, Mira Mezini, Sascha Fahl. 14-25 [doi]
• Grading on a Curve: How Rust can Facilitate New Contributors while Decreasing VulnerabilitiesJustin Tracey, Ian Goldberg. 26-36 [doi]
• Challenges with Passwordless FIDO2 in an Enterprise Setting: A Usability StudyMichal Kepkowski, Maciej Machulak, Ian D. Wood, Dali Kaafar. 37-48 [doi]
• Misplaced Trust: The Security Flaw in Modern Code Signing ProcessPranshu Bajpai, Raghudeep Kannavara. 49-50 [doi]
• 11 things about Securing MicroserviceYuvaraj Madheswaran. 51-53 [doi]
• Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe RustMerve Gülmez, Thomas Nyman, Christoph Baumann, Jan Tobias Mühlberg. 54-66 [doi]
• Assessing the Impact of Efficiently Protecting Ten Million Stack Objects from Memory Errors ComprehensivelyKaiming Huang, Jack Sampson, Trent Jaeger. 67-74 [doi]
• BLADE: Towards Scalable Source Code DebloatingMuaz Ali, Rumaisa Habib, Ashish Gehani, Sazzadur Rahaman, Zartash Afzal Uzmi. 75-87 [doi]
• Evaluating Container DebloatersMuhammad Hassan 0005, Talha Tahir, Muhammad Farrukh, Abdullah Naveed, Anas Naeem, Fareed Zaffar, Fahad Shaon, Ashish Gehani, Sazzadur Rahaman. 88-98 [doi]
• Model-Agnostic Federated Learning for Privacy-Preserving SystemsHussain M. J. Almohri, Layne T. Watson. 99-105 [doi]
• Fortifying IoT Devices: AI-Driven Intrusion Detection via Memory-Encoded Audio SignalsRamyapandian Vijayakanthan, Karley M. Waguespack, Irfan Ahmed 0001, Aisha I. Ali-Gombe. 106-117 [doi]
• Parser Weakness Enumeration: Definition and Preliminary AssessmentDenley Lam, Letitia W. Li, Anthony Gabrielson. 118-125 [doi]
• Curbing the Vulnerable Parser: Graded Modal Guardrails for Secure Input HandlingEric Bond, Matthew Heimerdinger. 126-132 [doi]
• An In-Depth Analysis of Android's Java Class Library: its Evolution and Security ImpactTimothée Riom, Alexandre Bartel. 133-144 [doi]
• A randomization-based, zero-trust cyberattack detection method for hierarchical systemsSinnott Murphy, Richard Macwan, Vivek Kumar Singh, Chin-Yao Chang. 145-155 [doi]
• A Lot Less Likely Than I Thought: Introducing Evidence-Based Security Risk Assessment for Healthcare SoftwareCharles Weir, Anna Dyson, Daniel Prince. 156-170 [doi]
• Triaging Android Systems Using Bayesian Attack GraphsYu Tsung Lee, Rahul George, HaiNing Chen, Kevin Chan, Trent Jaeger. 171-183 [doi]
• PRICAR: Privacy Framework for Vehicular Data Sharing with Third PartiesMert D. Pesé, Jay W. Schauer, Murali Mohan, Cassandra Joseph, Kang G. Shin, John Moore. 184-195 [doi]
• Security and Privacy Threat Analysis for SolidOmid Mirzamohammadi, Kristof Jannes, Laurens Sion, Dimitri Van Landuyt, Aysajan Abidin, Dave Singelée. 196-206 [doi]
• Bridging the Bubbles: Connecting Academia and Industry in Cybersecurity ResearchRasha Kashef 0001, Monika Freunek, Jeff Schwartzentruber, Reza Samavi, Burcu Bulgurcu, A. J. Khan, Marcus Santos. 207-213 [doi]
• Adaptive Security: Certificate and Key Rotation for Firmware IntegritySunil Joshi, Kenneth G. Crowther, Jarvis Robinson. 214-215 [doi]