2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18-21, 2020 - researchr publication

researchr

You are not signed in
Sign in
Sign up

2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18-21, 2020. IEEE, 2020. [doi]

Conference: sp

Abstract is missing.

Spectector: Principled Detection of Speculative Information FlowsMarco Guarnieri, Boris Köpf, José F. Morales, Jan Reineke, Andrés Sánchez. 1-19 [doi]

: Practical Cache Attacks from the NetworkMichael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi. 20-38 [doi]

SpecCFI: Mitigating Spectre Attacks using CFI Informed SpeculationEsmaeil Mohammadian Koruyeh, Shirin Haji Amin Shirazi, Khaled N. Khasawneh, Chengyu Song, Nael B. Abu-Ghazaleh. 39-53 [doi]

LVI: Hijacking Transient Execution through Microarchitectural Load Value InjectionJo Van Bulck, Daniel Moghimi, Michael Schwarz 0001, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens. 54-72 [doi]

HydRand: Efficient Continuous Distributed RandomnessPhilipp Schindler, Aljosha Judmayer, Nicholas Stifter, Edgar R. Weippl. 73-89 [doi]

OHIE: Blockchain Scaling Made SimpleHaifeng Yu, Ivica Nikolic, Ruomu Hou, Prateek Saxena. 90-105 [doi]

Sync HotStuff: Simple and Practical Synchronous State Machine ReplicationIttai Abraham, Dahlia Malkhi, Kartik Nayak, Ling Ren 0001, Maofan Yin. 106-118 [doi]

Replicated state machines without replicated executionJonathan Lee, Kirill Nikitin 0001, Srinath T. V. Setty. 119-134 [doi]

ICLab: A Global, Longitudinal Internet Censorship Measurement PlatformArian Akhavan Niaki, Shinyoung Cho, Zachary Weinberg, Nguyen Phong Hoang, Abbas Razaghpanah, Nicolas Christin, Phillipa Gill. 135-151 [doi]

High Precision Open-World Website FingerprintingTao Wang. 152-167 [doi]

Breaking and (Partially) Fixing Provably Secure Onion RoutingChristiane Kuhn, Martin Beck, Thorsten Strufe. 168-185 [doi]

Are anonymity-seekers just like everybody else? An analysis of contributions to Wikipedia from TorChau Tran, Kaylea Champion, Andrea Forte, Benjamin Mako Hill, Rachel Greenstadt. 186-202 [doi]

Detection of Electromagnetic Interference Attacks on Sensor SystemsYouqian Zhang, Kasper Rasmussen. 203-216 [doi]

WaveSpy: Remote and Through-wall Screen Attack via mmWave SensingZhengxiong Li, Fenglong Ma, Aditya Singh Rathore, Zhuolin Yang, Baicheng Chen, Lu Su, Wenyao Xu. 217-232 [doi]

SoK: A Minimalist Approach to Formalizing Analog Sensor SecurityChen Yan, Hocheol Shin, Connor Bolton, Wenyuan Xu, Yongdae Kim, Kevin Fu. 233-248 [doi]

Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection PoliciesEunyong Cheon, Yonghwan Shin, Jun Ho Huh, Hyoungshick Kim, Ian Oakley. 249-267 [doi]

Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless AuthenticationSanam Ghorbani Lyastani, Michael Schilling, Michaela Neumayr, Michael Backes 0001, Sven Bugiel. 268-285 [doi]

This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINsPhilipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, Adam J. Aviv. 286-303 [doi]

The Value of Collaboration in Convex Machine Learning with Differential PrivacyNan Wu, Farhad Farokhi, David Smith, Mohamed Ali Kâafar. 304-317 [doi]

Automatically Detecting Bystanders in Photos to Reduce Privacy RisksRakibul Hasan, David J. Crandall, Mario Fritz, Apu Kapadia. 318-335 [doi]

CrypTFlow: Secure TensorFlow InferenceNishant Kumar 0001, Mayank Rathee, Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma 0001. 336-353 [doi]

SoK: Differential Privacy as a Causal PropertyMichael Carl Tschantz, Shayak Sen, Anupam Datta. 354-371 [doi]

Private resource allocators and their applicationsSebastian Angel, Sampath Kannan, Zachary B. Ratliff. 372-391 [doi]

Towards Effective Differential Privacy Communication for Users' Data Sharing Decision and ComprehensionAiping Xiong, Tianhao Wang 0001, Ninghui Li, Somesh Jha. 392-410 [doi]

A Programming Framework for Differential Privacy with Accuracy Concentration BoundsElisabet Lobo Vesga, Alejandro Russo, Marco Gaboardi. 411-428 [doi]

Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer ProductsPhilipp Morgner, Christoph Mai, Nicole Koschate-Fischer, Felix C. Freiling, Zinaida Benenson. 429-446 [doi]

Ask the Experts: What Should Be on an IoT Privacy and Security Label?Pardis Emami Naeini, Yuvraj Agarwal, Lorrie Faith Cranor, Hanan Hibshi. 447-464 [doi]

Burglars' IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT CloudsYan Jia, Luyi Xing, Yuhang Mao, Dongfang Zhao 0010, Xiaofeng Wang 0001, Shangru Zhao, Yuqing Zhang. 465-481 [doi]

Towards a Natural Perspective of Smart Homes for Practical Security and Safety AnalysesSunil Manandhar, Kevin Moran, Kaushal Kafle, Ruhao Tang, Denys Poshyvanyk, Adwait Nadkarni. 482-499 [doi]

Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance MeasurementPatrick Leu, Mridula Singh, Marc Roeschlin, Kenneth G. Paterson, Srdjan Capkun. 500-516 [doi]

Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwdMathy Vanhoef, Eyal Ronen. 517-533 [doi]

Even Black Cats Cannot Stay Hidden in the Dark: Full-band De-anonymization of Bluetooth Classic DevicesMarco Cominelli, Francesco Gringoli, Paul Patras, Margus Lind, Guevara Noubir. 534-548 [doi]

BIAS: Bluetooth Impersonation AttackSDaniele Antonioli, Nils Ole Tippenhauer, Kasper Rasmussen. 549-562 [doi]

xMP: Selective Memory Protection for Kernel and User SpaceSergej Proskurin, Marius Momeu, Seyedhamed Ghavamnia, Vasileios P. Kemerlis, Michalis Polychronakis. 563-577 [doi]

MarkUs: Drop-in use-after-free prevention for low-level languagesSam Ainsworth, Timothy M. Jones 0001. 578-591 [doi]

SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory IsolationZhe Wang, Chenggang Wu 0002, Mengyao Xie, Yinqian Zhang, Kangjie Lu, Xiaofeng Zhang, Yuanming Lai, Yan Kang, Min Yang. 592-607 [doi]

Cornucopia: Temporal Safety for CHERI HeapsNathaniel Wesley Filardo, Brett F. Gutstein, Jonathan Woodruff, Sam Ainsworth, Lucian Paul-Trifu, Brooks Davis, Hongyan Xia, Edward Tomasz Napierala, Alexander Richardson, John Baldwin, David Chisnall, Jessica Clarke, Khilan Gudka, Alexandre Joannou, A. Theodore Markettos, Alfredo Mazzinghi, Robert M. Norton, Michael Roe, Peter Sewell, Stacey D. Son, Timothy M. Jones 0001, Simon W. Moore, Peter G. Neumann, Robert N. M. Watson. 608-625 [doi]

The Many Kinds of Creepware Used for Interpersonal AttacksKevin A. Roundy, Paula Barmaimon Mendelberg, Nicola Dell, Damon McCoy, Daniel Nissani, Thomas Ristenpart, Acar Tamersoy. 626-643 [doi]

How not to prove your election outcomeThomas Haines, Sarah Jamie Lewis, Olivier Pereira, Vanessa Teague. 644-660 [doi]

A Security Analysis of the Facebook Ad LibraryLaura Edelson, Tobias Lauinger, Damon McCoy. 661-678 [doi]

Can Voters Detect Malicious Manipulation of Ballot Marking Devices?Matthew Bernhard, Allison McDonald, Henry Meng, Jensen Hwa, Nakul Bajaj, Kevin Chang, J. Alex Halderman. 679-694 [doi]

RAMBleed: Reading Bits in Memory Without Accessing ThemAndrew Kwong, Daniel Genkin, Daniel Gruss, Yuval Yarom. 695-711 [doi]

Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud ProvidersLucian Cojocar, Jeremie S. Kim, Minesh Patel, Lillian Tsai, Stefan Saroiu, Alec Wolman, Onur Mutlu. 712-728 [doi]

Leveraging EM Side-Channel Information to Detect Rowhammer AttacksZhenkai Zhang, Zihao Zhan, Daniel Balasubramanian, Bo Li, Péter Völgyesi, Xenofon D. Koutsoukos. 729-746 [doi]

TRRespass: Exploiting the Many Sides of Target Row RefreshPietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi. 747-762 [doi]

AdGraph: A Graph-Based Approach to Ad and Tracker BlockingUmar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian, Zubair Shafiq. 763-776 [doi]

Browsing Unicity: On the Limits of Anonymizing Web Tracking DataClemens Deußer, Steffen Passmann, Thorsten Strufe. 777-790 [doi]

Do Cookie Banners Respect my Choice? : Measuring Legal Compliance of Banners from IAB Europe's Transparency and Consent FrameworkCélestin Matte, Nataliia Bielova, Cristiana Santos. 791-809 [doi]

Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile BrowsersBrian Kondracki, Assel Aliyeva, Manuel Egele, Jason Polakis, Nick Nikiforakis. 810-824 [doi]

Efficient and Secure Multiparty Computation from Fixed-Key Block CiphersChun Guo, Jonathan Katz, Xiao Wang 0012, Yu Yu 0001. 825-841 [doi]

Path Oblivious Heap: Optimal and Practical Oblivious Priority QueueElaine Shi. 842-858 [doi]

Transparent Polynomial Delegation and Its Applications to Zero Knowledge ProofJiaheng Zhang, Tiancheng Xie, Yupeng Zhang 0001, Dawn Song. 859-876 [doi]

Towards Scalable Threshold CryptosystemsAlin Tomescu, Robert Chen, Yiming Zheng, Ittai Abraham, Benny Pinkas, Guy Golan-Gueta, Srinivas Devadas. 877-893 [doi]

A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer NetworkMuoi Tran, Inho Choi, Gi Jun Moon, Anh V. Vu, Min-Suk Kang. 894-909 [doi]

Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus InstabilityPhilip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, Ari Juels. 910-927 [doi]

FlyClient: Super-Light Clients for CryptocurrenciesBenedikt Bünz, Lucianna Kiffer, Loi Luu, Mahdi Zamani. 928-946 [doi]

ZEXE: Enabling Decentralized Private ComputationSean Bowe, Alessandro Chiesa, Matthew Green 0001, Ian Miers, Pratyush Mishra, Howard Wu. 947-964 [doi]

The Last Mile: High-Assurance and High-Speed Cryptographic ImplementationsJosé Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, Vincent Laporte, Tiago Oliveira 0004, Pierre-Yves Strub. 965-982 [doi]

EverCrypt: A Fast, Verified, Cross-Platform Cryptographic ProviderJonathan Protzenko, Bryan Parno, Aymeric Fromherz, Chris Hawblitzel, Marina Polubelova, Karthikeyan Bhargavan, Benjamin Beurdouche, Joonwon Choi, Antoine Delignat-Lavaud, Cédric Fournet, Natalia Kulatova, Tahina Ramananandro, Aseem Rastogi, Nikhil Swamy, Christoph M. Wintersteiger, Santiago Zanella Béguelin. 983-1002 [doi]

Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation processKyndylan Nienhuis, Alexandre Joannou, Thomas Bauereiss, Anthony C. J. Fox, Michael Roe, Brian Campbell 0001, Matthew Naylor, Robert M. Norton, Simon W. Moore, Peter G. Neumann, Ian Stark, Robert N. M. Watson, Peter Sewell. 1003-1020 [doi]

Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-LevelLesly-Ann Daniel, Sébastien Bardin, Tamara Rezk. 1021-1038 [doi]

An Analysis of Pre-installed Android SoftwareJulien Gamba, Mohammed Rashed, Abbas Razaghpanah, Juan Tapiador, Narseo Vallina-Rodriguez. 1039-1055 [doi]

Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOSLuke Deshotels, Costin Carabas, Jordan Beichler, Razvan Deaconescu, William Enck. 1056-1070 [doi]

TextExerciser: Feedback-driven Text Input Exercising for Android ApplicationsYuyu He, Lei Zhang, Zhemin Yang, Yinzhi Cao, Keke Lian, Shuai Li, Wei Yang, Zhibo Zhang, Min Yang, Yuan Zhang, Haixin Duan. 1071-1087 [doi]

Ex-vivo dynamic analysis framework for Android device driversIvan Pustogarov, Qian Wu, David Lie. 1088-1105 [doi]

Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile AppsQingchuan Zhao, Chaoshun Zuo, Brendan Dolan-Gavitt, Giancarlo Pellegrino, Zhiqiang Lin. 1106-1120 [doi]

PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planningWei You, Zhuo Zhang 0002, Yonghwi Kwon, Yousra Aafer, Fei Peng, Yu Shi, Carson Harmon, Xiangyu Zhang. 1121-1138 [doi]

Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation SemanticsMd Nahid Hossain, Sanaz Sheikhi, R. Sekar. 1139-1155 [doi]

TARDIS: Rolling Back The Clock On CMS-Targeting Cyber AttacksRanjita Pai Kasturi, Yiting Sun, Ruian Duan, Omar Alrawi, Ehsan Asdar, Victor Zhu, Yonghwi Kwon, Brendan Saltaformaggio. 1156-1171 [doi]

Tactical Provenance Analysis for Endpoint Detection and Response SystemsWajih Ul Hassan, Adam Bates 0001, Daniel Marino. 1172-1189 [doi]

Throwing Darts in the Dark? Detecting Bots with Limited Data using Neural Data AugmentationSteve T. K. Jan, Qingying Hao, Tianrui Hu, Jiameng Pu, Sonal Oswal, Gang Wang 0011, Bimal Viswanath. 1190-1206 [doi]

JIT Leaks: Inducing Timing Side Channels through Just-In-Time CompilationTegan Brennan, Nicolás Rosner, Tevfik Bultan. 1207-1222 [doi]

The State of the Uniform: Attacks on Encrypted Databases Beyond the Uniform Query DistributionEvgenios M. Kornaropoulos, Charalampos Papamanthou, Roberto Tamassia. 1223-1240 [doi]

Pseudorandom Black Swans: Cache Attacks on CTR_DRBGShaanan Cohney, Andrew Kwong, Shahar Paz, Daniel Genkin, Nadia Heninger, Eyal Ronen, Yuval Yarom. 1241-1258 [doi]

Flaw Label: Exploiting IPv6 Flow LabelJonathan Berger, Amit Klein, Benny Pinkas. 1259-1276 [doi]

HopSkipJumpAttack: A Query-Efficient Decision-Based AttackJianbo Chen, Michael I. Jordan, Martin J. Wainwright. 1277-1294 [doi]

Humpty Dumpty: Controlling Word Meanings via Corpus PoisoningRoei Schuster, Tal Schuster, Yoav Meri, Vitaly Shmatikov. 1295-1313 [doi]

Privacy Risks of General-Purpose Language ModelsXudong Pan, Mi Zhang, Shouling Ji, Min Yang. 1314-1331 [doi]

Intriguing Properties of Adversarial ML Attacks in the Problem SpaceFabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, Lorenzo Cavallaro. 1332-1349 [doi]

Influencing Photo Sharing Decisions on Social Media: A Case of Paradoxical FindingsMary Jean Amon, Rakibul Hasan, Kurt Hugenberg, Bennett I. Bertenthal, Apu Kapadia. 1350-1366 [doi]

SoK: Cyber Insurance - Technical Challenges and a System Security RoadmapSavino Dambra, Leyla Bilge, Davide Balzarotti. 1367-1383 [doi]

A Tale of Sea and Sky On the Security of Maritime VSAT CommunicationsJames Pavur, Daniel Moser, Martin Strohmeier, Vincent Lenders, Ivan Martinovic. 1384-1400 [doi]

I Know Where You Parked Last Summer : Automated Reverse Engineering and Privacy Analysis of Modern CarsDaniel Frassinelli, Sohyeon Park, Stefan Nürnberger. 1401-1415 [doi]

SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE SystemsDavid Cerdeira, Nuno Santos 0001, Pedro Fonseca, Sandro Pinto. 1416-1432 [doi]

OAT: Attesting Operation Integrity of Embedded DevicesZhichuang Sun, Bo Feng, Long Lu, Somesh Jha. 1433-1449 [doi]

Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution EnvironmentJianping Zhu, Rui Hou, Xiaofeng Wang 0001, Wenhao Wang 0001, Jiangfeng Cao, Boyan Zhao, Zhongpu Wang, Yuhui Zhang, Jiameng Ying, Lixin Zhang, Dan Meng. 1450-1465 [doi]

Plundervolt: Software-based Fault Injection Attacks against Intel SGXKit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, Frank Piessens. 1466-1482 [doi]

SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal AssumptionsLuca Wilke, Jan Wichelmann, Mathias Morbitzer, Thomas Eisenbarth 0001. 1483-1496 [doi]

RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and SanitizationSushant Dinesh, Nathan Burow, Dongyan Xu, Mathias Payer. 1497-1511 [doi]

Unexpected Data Dependency Creation and Chaining: A New Attack to SDNFeng Xiao, Jinquan Zhang, Jianwei Huang, Guofei Gu, Dinghao Wu, Peng Liu. 1512-1526 [doi]

Neutaint: Efficient Dynamic Taint Analysis with Neural NetworksDongdong She, Yizheng Chen, Abhishek Shah, Baishakhi Ray, Suman Jana. 1527-1543 [doi]

Karonte: Detecting Insecure Multi-binary Interactions in Embedded FirmwareNilo Redini, Aravind Machiry, Ruoyu Wang 0001, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. 1544-1561 [doi]

SPIDER: Enabling Fast Patch Propagation In Related Software RepositoriesAravind Machiry, Nilo Redini, Eric Camellini, Christopher Kruegel, Giovanni Vigna. 1562-1579 [doi]

SAVIOR: Towards Bug-Driven Hybrid TestingYaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, Long Lu. 1580-1596 [doi]

Ijon: Exploring Deep State Spaces via FuzzingCornelius Aschermann, Sergej Schumilo, Ali Abbasi, Thorsten Holz. 1597-1612 [doi]

Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path AbstractionHeqing Huang, Peisen Yao, Rongxin Wu, Qingkai Shi, Charles Zhang. 1613-1627 [doi]

Fuzzing JavaScript Engines with Aspect-preserving MutationSoyeon Park, Wen Xu, Insu Yun, DaeHee Jang, Taesoo Kim. 1629-1642 [doi]

Krace: Data Race Fuzzing for Kernel File SystemsMeng Xu, Sanidhya Kashyap, Hanqing Zhao, Taesoo Kim. 1643-1660 [doi]

VerX: Safety Verification of Smart ContractsAnton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, Martin T. Vechev. 1661-1677 [doi]

VERISMART: A Highly Precise Safety Verifier for Ethereum Smart ContractsSunbeom So, Myungho Lee, JiSu Park, Heejo Lee, Hakjoo Oh. 1678-1694 [doi]

Semantic Understanding of Smart Contracts: Executable Operational Semantics of SolidityJiao Jiao, Shuanglong Kan, Shang-Wei Lin 0001, David Sanán, Yang Liu 0003, Jun Sun 0001. 1695-1712 [doi]

Transys: Leveraging Common Security Properties Across Hardware DesignsRui Zhang, Cynthia Sturton. 1713-1727 [doi]

C3APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit LeakageIlias Giechaskiel, Kasper Bonne Rasmussen, Jakub Szefer. 1728-1741 [doi]

ICAS: an Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive TrojansTimothy Trippel, Kang G. Shin, Kevin B. Bush, Matthew Hicks. 1742-1759 [doi]

runs on WebDSL