Abstract is missing.
- Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)James C. Davis, Francisco Servant, Dongyoon Lee. 1-17 [doi]
- Co-Inflow: Coarse-grained Information Flow Control for Java-like LanguagesJian Xiang, Stephen Chong. 18-35 [doi]
- When Function Signature Recovery Meets Compiler OptimizationYan Lin 0003, Debin Gao. 36-52 [doi]
- How Did That Get In My Phone? Unwanted App Distribution on Android DevicesPlaton Kotzias, Juan Caballero, Leyla Bilge. 53-69 [doi]
- Android Custom Permissions Demystified: From Privilege Escalation to Design ShortcomingsRui Li, Wenrui Diao, Zhou Li, Jianqi Du, Shanqing Guo. 70-86 [doi]
- Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and CustomizationAndrea Possemato, Simone Aonzo, Davide Balzarotti, Yanick Fratantonio. 87-102 [doi]
- Detecting AI Trojans Using Meta Neural AnalysisXiaojun Xu, Qi Wang, Huichen Li, Nikita Borisov, Carl A. Gunter, Bo Li 0026. 103-120 [doi]
- Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data HidingSahar Abdelnabi, Mario Fritz. 121-140 [doi]
- Machine UnlearningLucas Bourtoule, Varun Chandrasekaran, Christopher A. Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, Nicolas Papernot. 141-159 [doi]
- Poltergeist: Acoustic Adversarial Machine Learning against Cameras and Computer VisionXiaoyu Ji, Yushi Cheng, Yuepeng Zhang, Kai Wang, Chen Yan, Wenyuan Xu, Kevin Fu. 160-175 [doi]
- Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World AttacksYulong Cao, Ningfei Wang, Chaowei Xiao, Dawei Yang, Jin Fang, Ruigang Yang, Qi Alfred Chen, Mingyan Liu, Bo Li 0026. 176-194 [doi]
- CANNON: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive MicrocontrollersSekar Kulandaivel, Shalabh Jain, Jorge Guajardo, Vyas Sekar. 195-210 [doi]
- SoK: Quantifying Cyber RiskDaniel W. Woods, Rainer Böhme. 211-228 [doi]
- Self-Supervised Euphemism Detection and Identification for Content ModerationWanzheng Zhu, Hongyu Gong, Rohan Bansal, Zachary Weinberg, Nicolas Christin, Giulia Fanti, Suma Bhat. 229-246 [doi]
- SoK: Hate, Harassment, and the Changing Landscape of Online AbuseKurt Thomas, Devdatta Akhawe, Michael Bailey, Dan Boneh, Elie Bursztein, Sunny Consolvo, Nicola Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar 0006, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, Gianluca Stringhini. 247-267 [doi]
- Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key AgreementKaren Klein, Guillermo Pascual-Perez, Michael Walter 0001, Chethan Kamath, Margarita Capretto, Miguel Cueto, Ilia Markov, Michelle Yeo, Joël Alwen, Krzysztof Pietrzak. 268-284 [doi]
- 2: A Low-Latency Transparency Log SystemYuncong Hu, Kian Hooshmand, Harika Kalidhindi, Seung-Jin Yang, Raluca Ada Popa. 285-303 [doi]
- Post-quantum WireGuardAndreas Hülsing, Kai-Chun Ning, Peter Schwabe, Florian Weber, Philip R. Zimmermann. 304-321 [doi]
- Invisible Probe: Timing Attacks with PCIe Congestion Side-channelMingtian Tan, Junpeng Wan, Zhe Zhou 0001, Zhou Li 0001. 322-338 [doi]
- CacheOut: Leaking Data on Intel CPUs via Cache EvictionsStephan van Schaik, Marina Minkin, Andrew Kwong, Daniel Genkin, Yuval Yarom. 339-354 [doi]
- PLATYPUS: Software-based Power Side-Channel Attacks on x86Moritz Lipp, Andreas Kogler, David F. Oswald, Michael Schwarz 0001, Catherine Easdon, Claudio Canella, Daniel Gruss. 355-371 [doi]
- Defensive Technology Use by Political Activists During the Sudanese RevolutionAlaa Daffalla, Lucy Simko, Tadayoshi Kohno, Alexandru G. Bardas. 372-390 [doi]
- DP-Sniper: Black-Box Discovery of Differential Privacy Violations using ClassifiersBenjamin Bichsel, Samuel Steffen, Ilija Bogunovic, Martin T. Vechev. 391-409 [doi]
- Is Private Learning Possible with Instance Encoding?Nicholas Carlini, Samuel Deng, Sanjam Garg, Somesh Jha, Saeed Mahloujifar, Mohammad Mahmoody, Abhradeep Thakurta, Florian Tramèr. 410-427 [doi]
- High-Frequency Trading on Decentralized On-Chain ExchangesLiyi Zhou, Kaihua Qin, Christof Ferreira Torres, Duc Viet Le, Arthur Gervais. 428-445 [doi]
- Ebb-and-Flow Protocols: A Resolution of the Availability-Finality DilemmaJoachim Neu, Ertem Nusret Tas, David Tse. 446-465 [doi]
- Red Belly: A Secure, Fair and Scalable Open BlockchainTyler Crain, Christopher Natoli, Vincent Gramoli. 466-483 [doi]
- Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT DevicesNilo Redini, Andrea Continella, Dipanjan Das 0002, Giulio De Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna. 484-500 [doi]
- Data Privacy in Trigger-Action SystemsYunang Chen, Amrita Roy Chowdhury 0001, Ruizhe Wang, Andrei Sabelfeld, Rahul Chatterjee 0001, Earlence Fernandes. 501-518 [doi]
- Which Privacy and Security Attributes Most Impact Consumers' Risk Perception and Willingness to Purchase IoT Devices?Pardis Emami Naeini, Janarth Dheenadhayalan, Yuvraj Agarwal, Lorrie Faith Cranor. 519-536 [doi]
- An Interactive Prover for Protocol Verification in the Computational ModelDavid Baelde, Stéphanie Delaune, Charlie Jacomme, Adrien Koutsos, Solène Moreau. 537-554 [doi]
- SmartPulse: Automated Checking of Temporal Properties in Smart ContractsJon Stephens, Kostas Ferles, Benjamin Mariano, Shuvendu K. Lahiri, Isil Dillig. 555-571 [doi]
- An I/O Separation Model for Formal Verification of Kernel ImplementationsMiao Yu, Virgil D. Gligor, Limin Jia. 572-589 [doi]
- Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest MajorityMegan Chen, Carmit Hazay, Yuval Ishai, Yuriy Kashnikov, Daniele Micciancio, Tarik Riviere, Abhi Shelat, Muthu Venkitasubramaniam, Ruihan Wang. 590-607 [doi]
- Refresh When You Wake Up: Proactive Threshold Wallets with Offline DevicesYashvanth Kondi, Bernardo Magri, Claudio Orlandi, Omer Shlomovits. 608-625 [doi]
- Compact Certificates of Collective KnowledgeSilvio Micali, Leonid Reyzin, Georgios Vlachos, Riad S. Wahby, Nickolai Zeldovich. 626-641 [doi]
- One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic ValidationYongheng Chen, Rui Zhong, Hong Hu 0004, Hangfan Zhang, Yupeng Yang, Dinghao Wu, Wenke Lee. 642-658 [doi]
- StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic RewritingZhuo Zhang 0002, Wei You, Guanhong Tao, Yousra Aafer, Xuwei Liu, Xiangyu Zhang 0001. 659-676 [doi]
- NtFuzz: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary AnalysisJaeseung Choi 0002, Kangsu Kim, Daejin Lee, Sang Kil Cha. 677-693 [doi]
- Who is Real Bob? Adversarial Attacks on Speaker Recognition SystemsGuangke Chen, Sen Chen, Lingling Fan, Xiaoning Du, Zhe Zhao, Fu Song, Yang Liu 0003. 694-711 [doi]
- Hear "No Evil", See "Kenansville"*: Efficient and Transferable Black-Box Attacks on Speech Recognition and Voice Identification SystemsHadi Abdullah, Muhammad Sajidur Rahman, Washington Garcia, Kevin Warren, Anurag Swarnim Yadav, Tom Shrimpton, Patrick Traynor. 712-729 [doi]
- SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification SystemsHadi Abdullah, Kevin Warren, Vincent Bindschaedler, Nicolas Papernot, Patrick Traynor. 730-747 [doi]
- Cross-Domain Access Control Encryption: Arbitrary-policy, Constant-size, EfficientXiuhua Wang 0001, Sherman S. M. Chow. 748-761 [doi]
- Lightweight Techniques for Private Heavy HittersDan Boneh, Elette Boyle, Henry Corrigan-Gibbs, Niv Gilboa, Yuval Ishai. 762-776 [doi]
- SoK: Computer-Aided CryptographyManuel Barbosa, Gilles Barthe, Karthik Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao, Bryan Parno. 777-795 [doi]
- ConDySTA: Context-Aware Dynamic Supplement to Static Taint AnalysisXueling Zhang, Xiaoyin Wang, Rocky Slavin, Jianwei Niu 0001. 796-812 [doi]
- OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped BinaryZhuo Zhang 0002, Yapeng Ye, Wei You, Guanhong Tao, Wen-Chuan Lee, Yonghwi Kwon 0001, Yousra Aafer, Xiangyu Zhang 0001. 813-832 [doi]
- SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to AskChengbin Pang, Ruotong Yu, Yaohui Chen, Eric Koskinen, Georgios Portokalidis, Bing Mao, Jun Xu 0024. 833-851 [doi]
- Learning Differentially Private MechanismsSubhajit Roy, Justin Hsu, Aws Albarghouthi. 852-865 [doi]
- Adversary Instantiation: Lower Bounds for Differentially Private Machine LearningMilad Nasr, Shuang Song 0001, Abhradeep Thakurta, Nicolas Papemoti, Nicholas Carlini. 866-882 [doi]
- Manipulation Attacks in Local Differential PrivacyAlbert Cheu, Adam D. Smith, Jonathan R. Ullman. 883-900 [doi]
- Bitcoin-Compatible Virtual ChannelsLukas Aumayr, Matteo Maffei, Oguzhan Ersoy, Andreas Erwig, Sebastian Faust, Siavash Riahi 0002, Kristina Hostáková, Pedro Moreno-Sanchez. 901-918 [doi]
- On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi ProtocolsLiyi Zhou, Kaihua Qin, Antoine Cully, Benjamin Livshits, Arthur Gervais. 919-936 [doi]
- Lockable Signatures for Blockchains: Scriptless Scripts for All SignaturesSri Aravinda Krishnan Thyagarajan, Giulio Malavolta. 937-954 [doi]
- Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix ItWei Song 0002, Boya Li, Zihan Xue, Zhenzhen Li, Wenhao Wang 0001, Peng Liu. 955-969 [doi]
- Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-timeTimothy Trippel, Kang G. Shin, Kevin B. Bush, Matthew Hicks. 970-986 [doi]
- Systematic Analysis of Randomization-based Protected Cache ArchitecturesAntoon Purnal, Lukas Giner, Daniel Gruss, Ingrid Verbauwhede. 987-1002 [doi]
- SiRnn: A Math Library for Secure RNN InferenceDeevashwer Rathee, Mayank Rathee, Rahul Kranti Kiran Goli, Divya Gupta 0001, Rahul Sharma 0001, Nishanth Chandran, Aseem Rastogi. 1003-1020 [doi]
- CryptGPU: Fast Privacy-Preserving Machine Learning on the GPUSijun Tan, Brian Knott, Yuan Tian 0001, David J. Wu. 1021-1038 [doi]
- Proof-of-Learning: Definitions and PracticeHengrui Jia, Mohammad Yaghini, Christopher A. Choquette-Choo, Natalie Dullerud, Anvith Thudi, Varun Chandrasekaran, Nicolas Papernot. 1039-1056 [doi]
- PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic EncryptionWen-Jie Lu, Zhicong Huang, Cheng Hong, Yiping Ma, Hunter Qu. 1057-1073 [doi]
- Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic CircuitsChenkai Weng, Kang Yang 0002, Jonathan Katz, Xiao Wang 0012. 1074-1091 [doi]
- SoK: Fully Homomorphic Encryption CompilersAlexander Viand, Patrick Jattke, Anwar Hithnawi. 1092-1108 [doi]
- CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in PhishingPenghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang 0001, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn. 1109-1124 [doi]
- Black Widow: Blackbox Data-driven Web ScanningBenjamin Eriksson, Giancarlo Pellegrino, Andrei Sabelfeld. 1125-1142 [doi]
- Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting BehaviorsUmar Iqbal, Steven Englehardt, Zubair Shafiq. 1143-1161 [doi]
- A Security Model and Fully Verified Implementation for the IETF QUIC Record LayerAntoine Delignat-Lavaud, Cédric Fournet, Bryan Parno, Jonathan Protzenko, Tahina Ramananandro, Jay Bosamiya, Joseph Lallemand, Itsaka Rakotonirina, Yi Zhou. 1162-1178 [doi]
- Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)Amit Klein. 1179-1196 [doi]
- Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation AnalysisYi Chen, Yepeng Yao, Xiaofeng Wang 0001, Dandan Xu, Chang Yue, Xiaozhong Liu, Kai Chen 0012, Haixu Tang, Baoxu Liu. 1197-1214 [doi]
- SGUARD: Towards Fixing Vulnerable Smart Contracts AutomaticallyTai D. Nguyen, Long H. Pham, Jun Sun 0001. 1215-1229 [doi]
- MAD-HTLC: Because HTLC is Crazy-Cheap to AttackItay Tsabary, Matan Yechieli, Alex Manuskin, Ittay Eyal. 1230-1248 [doi]
- Compositional Security for Reentrant ApplicationsEthan Cecchetti, Siqiu Yao, Haobin Ni, Andrew C. Myers. 1249-1267 [doi]
- HackEd: A Pedagogical Analysis of Online Vulnerability Discovery ExercisesDaniel Votipka, Eric Zhang, Michelle L. Mazurek. 1268-1285 [doi]
- DifuzzRTL: Differential Fuzz Testing to Find CPU BugsJaewon Hur, Suhwan Song, Dongup Kwon, Eunjin Baek, Jangwoo Kim, Byoungyoung Lee. 1286-1303 [doi]
- When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super ResilientCheng Shen, Tian Liu, Jun Huang, Rui Tan. 1304-1317 [doi]
- Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based ProtocolsNorbert Ludant, Tien Dang Vo-Huu, Sashank Narain, Guevara Noubir. 1318-1331 [doi]
- Method Confusion Attack on Bluetooth PairingMaximilian Von Tschirschnitz, Ludwig Peuckert, Fabian Franzen, Jens Grossklags. 1332-1347 [doi]
- CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and AccountabilityDeepak Maram, Harjasleen Malvai, Fan Zhang 0022, Nerla Jean-Louis, Alexander Frolov, Tyler Kell, Tyrone Lobban, Christine Moy, Ari Juels, Andrew Miller 0001. 1348-1366 [doi]
- They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and WebsitesNicolas Huaman, Sabrina Amft, Marten Oltrogge, Yasemin Acar, Sascha Fahl. 1367-1381 [doi]
- Improving Password Guessing via Representation LearningDario Pasquini, Ankit Gangwal, Giuseppe Ateniese, Massimo Bernaschi, Mauro Conti. 1382-1399 [doi]
- ARBITRAR: User-Guided API Misuse DetectionZiyang Li, Aravind Machiry, Binghong Chen, Mayur Naik, Ke Wang, Le Song. 1400-1415 [doi]
- Compositional Non-Interference for Fine-Grained Concurrent ProgramsDan Frumin, Robbert Krebbers, Lars Birkedal. 1416-1433 [doi]
- SoK: Security and Privacy in the Age of Commercial DronesBen Nassi, Ron Bitton, Ryusuke Masuoka, Asaf Shabtai, Yuval Elovici. 1434-1451 [doi]
- A First Look at ZoombombingChen Ling, Utkucan Balci, Jeremy Blackburn, Gianluca Stringhini. 1452-1467 [doi]
- Revealer: Detecting and Exploiting Regular Expression Denial-of-Service VulnerabilitiesYinxi Liu, Mingxue Zhang, Wei Meng 0001. 1468-1484 [doi]
- Breaking the Specification: PDF CertificationSimon Rohlmann, Vladislav Mladenov, Christian Mainka, Jörg Schwenk. 1485-1501 [doi]
- Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse AttacksEvgenios M. Kornaropoulos, Charalampos Papamanthou, Roberto Tamassia. 1502-1519 [doi]
- A Decentralized and Encrypted National Gun RegistrySeny Kamara, Tarik Moataz, Andrew Park, Lucy Qin. 1520-1537 [doi]
- Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C ProgramsDavid Heath, Yibin Yang, David Devecsery, Vladimir Kolesnikov. 1538-1556 [doi]
- Survivalism: Systematic Analysis of Windows Malware Living-Off-The-LandFrederick Barr-Smith, Xabier Ugarte-Pedrero, Mariano Graziano, Riccardo Spolaor, Ivan Martinovic. 1557-1574 [doi]
- Runtime Recovery of Web Applications under Zero-Day ReDoS AttacksZhihao Bai, Ke Wang, Hang Zhu, Yinzhi Cao, Xin Jin 0008. 1575-1588 [doi]
- Good Bot, Bad Bot: Characterizing Automated Browsing ActivityXigao Li, Babak Amin Azad, Amir Rahmati, Nick Nikiforakis. 1589-1605 [doi]
- Trouble Over-The-Air: An Analysis of FOTA Apps in the Android EcosystemEduardo Blázquez, Sergio Pastrana, Álvaro Feal, Julien Gamba, Platon Kotzias, Narseo Vallina-Rodriguez, Juan Tapiador. 1606-1622 [doi]
- Doing good by fighting fraud: Ethical anti-fraud systems for mobile paymentsZain ul Abi Din, Hari Venugopalan, Henry Lin, Adam Wushensky, Steven Liu, Samuel T. King. 1623-1640 [doi]
- Happer: Unpacking Android Apps via a Hardware-Assisted ApproachLei Xue 0001, Hao Zhou, Xiapu Luo, Yajin Zhou, Yang Shi 0002, Guofei Gu, Fengwei Zhang, Man Ho Au. 1641-1658 [doi]
- The Provable Security of Ed25519: Theory and PracticeJacqueline Brendel, Cas Cremers, Dennis Jackson, Mang Zhao. 1659-1676 [doi]
- Epochal Signatures for Deniable Group ChatsAndreas Hülsing, Florian Weber. 1677-1695 [doi]
- BUFFing signature schemes beyond unforgeability and the case of post-quantum signaturesCas Cremers, Samed Düzlü, Rune Fiedler, Marc Fischlin, Christian Janson. 1696-1714 [doi]
- Detecting Filter List Evasion with Event-Loop-Turn Granularity JavaScript SignaturesQuan Chen, Peter Snyder, Ben Livshits, Alexandros Kapravelos. 1715-1729 [doi]
- Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading SystemsGertjan Franken, Tom van Goethem, Wouter Joosen. 1730-1747 [doi]
- Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic VotingThomas Haines, Rajeev Goré, Bhavesh Sharma. 1748-1765 [doi]
- The EMV Standard: Break, Fix, VerifyDavid A. Basin, Ralf Sasse, Jorge Toro-Pozo. 1766-1781 [doi]
- A Secure and Formally Verified Linux KVM HypervisorShih-wei Li, Xupeng Li, Ronghui Gu, Jason Nieh, John Zhuang Hui. 1782-1799 [doi]
- Many-out-of-Many Proofs and Applications to Anonymous ZetherBenjamin E. Diamond. 1800-1817 [doi]
- On the Anonymity Guarantees of Anonymous Proof-of-Stake ProtocolsMarkulf Kohlweiss, Varun Madathil, Kartik Nayak, Alessandra Scafuro. 1818-1833 [doi]
- 2L: Anonymous Atomic Locks for Scalability in Payment Channel HubsErkan Tairi, Pedro Moreno-Sanchez, Matteo Maffei. 1834-1851 [doi]
- CrossTalk: Speculative Data Leaks Across Cores Are RealHany Ragab, Alyssa Milburn, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. 1852-1867 [doi]
- Hardware-Software Contracts for Secure SpeculationMarco Guarnieri, Boris Köpf, Jan Reineke, Pepe Vila. 1868-1883 [doi]
- High-Assurance Cryptography in the Spectre EraGilles Barthe, Sunjay Cauligi, Benjamin Grégoire, Adrien Koutsos, Kevin Liao, Tiago Oliveira 0004, Swarn Priya, Tamara Rezk, Peter Schwabe. 1884-1901 [doi]
- A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel SpacesJiaqi Hong, Xuhua Ding. 1902-1918 [doi]
- DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data ProtectionTapti Palit, Jarin Firose Moon, Fabian Monrose, Michalis Polychronakis. 1919-1937 [doi]
- DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware AnalysisAlejandro Mera, Bo Feng, Long Lu, Engin Kirda. 1938-1954 [doi]
- Real-World Snapshots vs. Theory: Questioning the t-Probing Security ModelThilo Krachenfels, Fatemeh Ganji, Amir Moradi 0001, Shahin Tajik, Jean-Pierre Seifert. 1955-1971 [doi]
- CRYLOGGER: Detecting Crypto Misuses DynamicallyLuca Piccolboni, Giuseppe Di Guglielmo, Luca P. Carloni, Simha Sethumadhavan. 1972-1989 [doi]