44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023 - researchr publication

researchr

You are not signed in
Sign in
Sign up

44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE, 2023. [doi]

Conference: sp

Abstract is missing.

Space Odyssey: An Experimental Software Security Analysis of SatellitesJohannes Willbold, Moritz Schloegel, Manuel Vögele, Maximilian Gerhardt, Thorsten Holz, Ali Abbasi 0002. 1-19 [doi]

Scaphy: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsicalMoses Ike, Kandy Phan, Keaton Sadoski, Romuald Valme, Wenke Lee. 20-37 [doi]

Shedding Light on Inconsistencies in Grid Cybersecurity: Disconnects and RecommendationsBrian Singer, Amritanshu Pandey, Shimiao Li, Lujo Bauer, Craig Miller, Lawrence T. Pileggi, Vyas Sekar. 38-55 [doi]

Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology GenerationsEndres Puschner, Thorben Moos, Steffen Becker 0003, Christian Kison, Amir Moradi 0001, Christof Paar. 56-74 [doi]

SoK: Distributed Randomness BeaconsKevin Choi, Aathira Manoj, Joseph Bonneau. 75-92 [doi]

WeRLman: To Tackle Whale (Transactions), Go Deep (RL)Roi Bar Zur, Ameer Abu-Hanna, Ittay Eyal, Aviv Tamar. 93-110 [doi]

Three Birds with One Stone: Efficient Partitioning Attacks on Interdependent Cryptocurrency NetworksMuhammad Saad 0001, David Mohaisen. 111-125 [doi]

Bitcoin-Enhanced Proof-of-Stake Security: Possibilities and ImpossibilitiesErtem Nusret Tas, David Tse, Fangyu Gai, Sreeram Kannan, Mohammad Ali Maddah-Ali, Fisher Yu. 126-145 [doi]

MEGA: Malleable Encryption Goes AwryMatilda Backendal, Miro Haller, Kenneth G. Paterson. 146-163 [doi]

DBREACH: Stealing from Databases Using Compression Side ChannelsMathew Hogan, Yan Michalevsky, Saba Eskandarian. 182-198 [doi]

Weak Fiat-Shamir Attacks on Modern Proof SystemsQuang-Dao, Jim Miller, Opal Wright, Paul Grubbs. 199-216 [doi]

Attitudes towards Client-Side Scanning for CSAM, Terrorism, Drug Trafficking, Drug Use and Tax Evasion in GermanyLisa Geierhaas, Fabian Otto, Maximilian Häring, Matthew Smith 0001. 217-233 [doi]

Deep perceptual hashing algorithms with hidden dual purpose: when client-side scanning does facial recognitionShubham Jain, Ana-Maria Cretu 0002, Antoine Cully, Yves-Alexandre de Montjoye. 234-252 [doi]

Public Verification for Private Hash MatchingSarah Scheffler, Anunay Kulshrestha, Jonathan R. Mayer. 253-273 [doi]

Is Cryptographic Deniability Sufficientƒ Non-Expert Perceptions of Deniability in Secure MessagingNathan Reitinger, Nathan Malkin, Omer Akgul, Michelle L. Mazurek, Ian Miers. 274-292 [doi]

On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive LearningYiting Qu, Xinlei He, Shannon Pierson, Michael Backes 0001, Yang Zhang 0016, Savvas Zannettou. 293-310 [doi]

Lambretta: Learning to Rank for Twitter Soft ModerationPujan Paudel, Jeremy Blackburn, Emiliano De Cristofaro, Savvas Zannettou, Gianluca Stringhini. 311-326 [doi]

SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine LearningAhmed Salem, Giovanni Cherubin, David Evans 0001, Boris Köpf, Andrew Paverd, Anshuman Suri, Shruti Tople, Santiago Zanella Béguelin. 327-345 [doi]

Analyzing Leakage of Personally Identifiable Information in Language ModelsNils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, Santiago Zanella Béguelin. 346-363 [doi]

Accuracy-Privacy Trade-off in Deep Ensemble: A Membership Inference PerspectiveShahbaz Rezaei, Zubair Shafiq, Xin Liu. 364-381 [doi]

D-DAE: Defense-Penetrating Model Extraction AttacksYanjiao Chen, Rui Guan, Xueluan Gong, Jianshuo Dong, Meng Xue. 382-399 [doi]

SNAP: Efficient Extraction of Private Properties with PoisoningHarsh Chaudhari, John Abascal, Alina Oprea, Matthew Jagielski, Florian Tramèr, Jonathan R. Ullman. 400-417 [doi]

On the (In)security of Peer-to-Peer Decentralized Machine LearningDario Pasquini, Mathilde Raynal, Carmela Troncoso. 418-436 [doi]

Vectorized Batch Private Information RetrievalMuhammad Haris Mughees, Ling Ren 0001. 437-452 [doi]

RoFL: Robustness of Secure Federated LearningHidde Lycklama, Lukas Burkhalter, Alexander Viand, Nicolas Küchler, Anwar Hithnawi. 453-476 [doi]

Flamingo: Multi-Round Single-Server Secure Aggregation with Applications to Private Federated LearningYiping Ma 0001, Jess Woods, Sebastian Angel, Antigoni Polychroniadou, Tal Rabin. 477-496 [doi]

SoK: Cryptographic Neural-Network ComputationLucien K. L. Ng, Sherman S. M. Chow. 497-514 [doi]

FLUTE: Fast and Secure Lookup Table EvaluationsAndreas Brüggemann, Robin Hundt, Thomas Schneider 0003, Ajith Suresh, Hossein Yalame. 515-533 [doi]

Bicoptor: Two-round Secure Three-party Non-linear Computation without Preprocessing for Privacy-preserving Machine LearningLijing Zhou, Ziyu Wang, Hongrui Cui, Qingrui Song, Yu Yu 0001. 534-551 [doi]

Investigating the Password Policy Practices of Website AdministratorsSena Sahin, Suood Abdulaziz Al-Roomi, Tara Poteat, Frank Li 0001. 552-569 [doi]

"In Eighty Percent of the Cases, I Select the Password for Them": Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in KenyaCollins W. Munyendo, Yasemin Acar, Adam J. Aviv. 570-587 [doi]

Perceptions of Distributed Ledger Technology Key Management - An Interview Study with Finance ProfessionalsCarolyn Guthoff, Simon Anell, Johann Hainzinger, Adrian Dabrowski, Katharina Krombholz. 588-605 [doi]

Towards a Rigorous Statistical Analysis of Empirical Password DatasetsJeremiah Blocki, Peiyuan Liu. 606-625 [doi]

Confident Monte Carlo: Rigorous Analysis of Guessing Curves for Probabilistic Password ModelsPeiyuan Liu, Jeremiah Blocki, Wenjie Bai. 626-644 [doi]

Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid DistributionBoya Wang, Wouter Lueks, Justinas Sukaitis, Vincent Graf Narbel, Carmela Troncoso. 645-663 [doi]

Disguising Attacks with Explanation-Aware BackdoorsMaximilian Noppel, Lukas Peter, Christian Wressnegger. 664-681 [doi]

AI-Guardian: Defeating Adversarial Attacks using BackdoorsHong Zhu, Shengzhi Zhang, Kai Chen 0012. 701-718 [doi]

Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware ClassifiersLimin Yang, Zhi Chen, Jacopo Cortellazzi, Feargus Pendlebury, Kevin Tu, Fabio Pierazzi, Lorenzo Cavallaro, Gang Wang 0011. 719-736 [doi]

BayBFed: Bayesian Backdoor Defense for Federated LearningKavita Kumari, Phillip Rieger, Hossein Fereidooni, Murtuza Jadliwala, Ahmad-Reza Sadeghi. 737-754 [doi]

Redeem Myself: Purifying Backdoors in Deep Learning Models using Self Attention DistillationXueluan Gong, Yanjiao Chen, Wang Yang, Qian Wang 0002, Yuzhe Gu, Huayang Huang, Chao Shen 0001. 755-772 [doi]

Threshold BBS+ Signatures for Distributed Anonymous Credential IssuanceJack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat, LaKyah Tyner. 773-789 [doi]

zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity InfrastructureMichael Rosenberg, Jacob D. White, Christina Garman, Ian Miers. 790-808 [doi]

Private Access Control for Function Secret SharingSacha Servan-Schreiber, Simon Beyzerov, Eli Yablon, Hyojae Park. 809-828 [doi]

MPCAuth: Multi-factor Authentication for Distributed-trust SystemsSijun Tan, Weikeng Chen, Ryan Deng, Raluca Ada Popa. 829-847 [doi]

Silph: A Framework for Scalable and Accurate Generation of Hybrid MPC ProtocolsEdward Chen, Jinhao Zhu, Alex Ozdemir, Riad S. Wahby, Fraser Brown, Wenting Zheng. 848-863 [doi]

SoK: Anti-Facial Recognition TechnologyEmily Wenger, Shawn Shan, Haitao Zheng 0001, Ben Y. Zhao. 864-881 [doi]

Spoofing Real-world Face Authentication Systems through Optical SynthesisYueli Yan, Zhice Yang. 882-898 [doi]

ImU: Physical Impersonating Attack for Face Recognition System with Natural Style ChangesShengwei An, Yuan Yao 0001, Qiuling Xu, ShiQing Ma, Guanhong Tao, Siyuan Cheng 0005, Kaiyuan Zhang 0002, Yingqi Liu, Guangyu Shen, Ian Kelk, Xiangyu Zhang 0001. 899-916 [doi]

DepthFake: Spoofing 3D Face Authentication with a 2D PhotoZhihao Wu, Yushi Cheng, Jiahui Yang, Xiaoyu Ji 0001, Wenyuan Xu 0001. 917-91373 [doi]

Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System PerspectiveXiaohan Zhang, Haoqi Ye, Ziqi Huang, Xiao-ye, Yinzhi Cao, Yuan Zhang, Min Yang 0002. 934-950 [doi]

Breaking Security-Critical Voice AuthenticationAndre Kassis, Urs Hengartner. 951-968 [doi]

SoK: A Critical Evaluation of Efficient Website Fingerprinting DefensesNate Mathews, James K. Holland, Se Eun Oh, Mohammad Saidur Rahman 0002, Nicholas Hopper, Matthew Wright 0001. 969-986 [doi]

Fashion Faux Pas: Implicit Stylistic Fingerprints for Bypassing Browsers' Anti-Fingerprinting DefensesXu Lin 0003, Frederico Araujo, Teryl Taylor, Jiyong Jang, Jason Polakis. 987-1004 [doi]

Robust Multi-tab Website Fingerprinting Attacks in the WildXinhao Deng, Qilei Yin, Zhuotao Liu, Xiyuan Zhao, Qi Li 0002, Mingwei Xu, Ke Xu 0002, Jianping Wu. 1005-1022 [doi]

Only Pay for What You Leak: Leveraging Sandboxes for a Minimally Invasive Browser Fingerprinting DefenseRyan Torok, Amit Levy. 1023-1040 [doi]

It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and DefensesSoheil Khodayari, Giancarlo Pellegrino. 1041-1058 [doi]

Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style VulnerabilityMingqing Kang, Yichao Xu, Song Li 0006, Rigel Gjomemo, Jianwei Hou, V. N. Venkatakrishnan, Yinzhi Cao. 1059-1076 [doi]

Sound Verification of Security Protocols: From Design to Interoperable ImplementationsLinard Arquint, Felix A. Wolf, Joseph Lallemand, Ralf Sasse, Christoph Sprenger 0001, Sven N. Wiesner, David A. Basin, Peter Müller 0001. 1077-1093 [doi]

Typing High-Speed Cryptography against Spectre v1Basavesh Ammanaghatta Shivakumar, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira 0004, Swarn Priya, Peter Schwabe, Lucas Tabary-Maujean. 1094-1111 [doi]

Less is more: refinement proofs for probabilistic proofsKunming Jiang, Devora Chait-Roth, Zachary Destefano, Michael Walfish, Thomas Wies. 1112-1129 [doi]

Owl: Compositional Verification of Security Protocols via an Information-Flow Type SystemJoshua Gancher, Sydney Gibson, Pratap Singh, Samvid Dharanikota, Bryan Parno. 1130-1147 [doi]

AUC: Accountable Universal ComposabilityMike Graf 0001, Ralf Küsters, Daniel Rausch 0001. 1148-1167 [doi]

High-Order Masking of Lattice Signatures in Quasilinear TimeRafaël Del Pino, Thomas Prest, Mélissa Rossi, Markku-Juhani O. Saarinen. 1168-1185 [doi]

Practical Timing Side-Channel Attacks on Memory CompressionMartin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz 0001, Daniel Gruss. 1186-1203 [doi]

TEEzz: Fuzzing Trusted Applications on COTS Android DevicesMarcel Busch, Aravind Machiry, Chad Spensky, Giovanni Vigna, Christopher Kruegel, Mathias Payer. 1204-1219 [doi]

Half&Half: Demystifying Intel's Directional Branch Predictors for Fast, Secure Partitioned ExecutionHosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, Deian Stefan, Dean M. Tullsen. 1220-1237 [doi]

Half&Half: Demystifying Intel's Directional Branch Predictors for Fast, Secure Partitioned ExecutionHosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, Deian Stefan, Dean M. Tullsen. 1220-1237 [doi]

Improving Developers' Understanding of Regex Denial of Service Tools through Anti-Patterns and Fix StrategiesSk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis 0001, Francisco Servant. 1238-1255 [doi]

Practical Program Modularization with Type-Based Dependence AnalysisKangjie Lu. 1256-1270 [doi]

WarpAttack: Bypassing CFI through Compiler-Introduced Double-FetchesJianhao Xu, Luca Bartolomeo, Flavio Toffalini, Bing Mao, Mathias Payer. 1271-1288 [doi]

SoK: Certified Robustness for Deep Neural NetworksLinyi Li, Tao Xie 0001, Bo Li. 1289-1310 [doi]

RAB: Provable Robustness Against Backdoor AttacksMaurice Weber, Xiaojun Xu, Bojan Karlas, Ce Zhang 0001, Bo Li 0026. 1311-1328 [doi]

ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic MaskingChong Xiang 0001, Alexander Valtchanov, Saeed Mahloujifar, Prateek Mittal. 1329-1347 [doi]

PublicCheck: Public Integrity Verification for Services of Run-time Deep ModelsShuo Wang, Sharif Abuadbba, Sidharth Agarwal, Kristen Moore, Ruoxi Sun, Minhui Xue, Surya Nepal, Seyit Camtepe, Salil S. Kanhere. 1348-1365 [doi]

FedRecover: Recovering from Poisoning Attacks in Federated Learning using Historical InformationXiaoyu Cao, Jinyuan Jia, Zaixi Zhang, Neil Zhenqiang Gong. 1366-1383 [doi]

On The Empirical Effectiveness of Unrealistic Adversarial Hardening Against Realistic Adversarial AttacksSalijona Dyrmishi, Salah Ghamizi, Thibault Simonetto, Yves Le Traon, Maxime Cordy. 1384-1400 [doi]

Rethinking Searchable Symmetric EncryptionZichen Gui, Kenneth G. Paterson, Sikhar Patranabis. 1401-1418 [doi]

Private Collaborative Data Cleaning via Non-Equi PSIErik-Oliver Blass, Florian Kerschbaum. 1419-1434 [doi]

Private Collaborative Data Cleaning via Non-Equi PSIErik-Oliver Blass, Florian Kerschbaum. 1419-1434 [doi]

SPHINCS+C: Compressing SPHINCS+ With (Almost) No CostAndreas Hülsing, Mikhail A. Kudinov, Eyal Ronen, Eylon Yogev. 1435-1453 [doi]

Threshold Signatures in the MultiverseLeemon Baird, Sanjam Garg, Abhishek Jain 0002, Pratyay Mukherjee, Rohit Sinha 0001, Mingyuan Wang, Yinuo Zhang. 1454-1470 [doi]

FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum InstantiationNina Bindel, Cas Cremers, Mang Zhao. 1471-1490 [doi]

Token meets Wallet: Formalizing Privacy and Revocation for FIDO2Lucjan Hanzlik, Julian Loss, Benedikt Wagner. 1491-1508 [doi]

SoK: Taxonomy of Attacks on Open-Source Software Supply ChainsPiergiorgio Ladisa, Henrik Plate, Matias Martinez, Olivier Barais. 1509-1526 [doi]

It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain SecurityMarcel Fourné, Dominik Wermke, William Enck, Sascha Fahl, Yasemin Acar. 1527-1544 [doi]

"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply ChainDominik Wermke, Jan H. Klemmer, Noah Wöhler, Juliane Schmüser, Harshini Sri Ramulu, Yasemin Acar, Sascha Fahl. 1545-1560 [doi]

Continuous Intrusion: Characterizing the Security of Continuous Integration ServicesYacong Gu, Lingyun Ying, Huajun Chai, Chu Qiao, Haixin Duan, Xing Gao. 1561-1577 [doi]

Investigating Package Related Security Threats in Software RegistriesYacong Gu, Lingyun Ying, Yingyuan Pu, Xiao Hu, Huajun Chai, Ruimin Wang, Xing Gao, Haixin Duan. 1578-1595 [doi]

ShadowNet: A Secure and Efficient On-device Model Inference System for Convolutional Neural NetworksZhichuang Sun, Ruimin Sun, Changming Liu, Amrita Roy Chowdhury 0001, Long Lu, Somesh Jha. 1596-1612 [doi]

Deepfake Text Detection: Limitations and OpportunitiesJiameng Pu, Zain Sarwar, Sifat Muhammad Abdullah, Abdullah Rehman, Yoonjin Kim, Parantapa Bhattacharya, Mobin Javed, Bimal Viswanath. 1613-1630 [doi]

StyleFool: Fooling Video Classification Systems via Style TransferYuxin Cao, Xi Xiao, Ruoxi Sun, Derui Wang, Minhui Xue, Sheng Wen. 1631-1648 [doi]

GeeSolver: A Generic, Efficient, and Effortless Solver with Self-Supervised Learning for Breaking Text CaptchasRuijie Zhao 0001, Xianwen Deng, Yanhao Wang, Zhicong Yan, Zhengguang Han, Libo Chen, Zhi Xue, Yijun Wang. 1649-1666 [doi]

TrojanModel: A Practical Trojan Attack against Automatic Speech Recognition SystemsWei Zong, Yang-Wai Chow, Willy Susilo, Kien Do, Svetha Venkatesh. 1667-1683 [doi]

REGA: Scalable Rowhammer Mitigation with Refresh-Generating ActivationsMichele Marazzi, Flavien Solt, Patrick Jattke, Kubo Takashi, Kaveh Razavi. 1684-1701 [doi]

CSI:Rowhammer - Cryptographic Security and Integrity against RowhammerJonas Juffinger, Lukas Lamster, Andreas Kogler, Maria Eichlseder, Moritz Lipp, Daniel Gruss. 1702-1718 [doi]

Jolt: Recovering TLS Signing Keys via Rowhammer FaultsKoksal Mus, Yarkin Doröz, M. Caner Tol, Kristi Rahman, Berk Sunar. 1719-1736 [doi]

Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testingOleksii Oleksenko, Marco Guarnieri, Boris Köpf, Mark Silberstein. 1737-1752 [doi]

Spectre Declassified: Reading from the Right Place at the Wrong TimeBasavesh Ammanaghatta Shivakumar, Jack Barnes, Gilles Barthe, Sunjay Cauligi, Chitchanok Chuengsatiansup, Daniel Genkin, Sioli O'Connell, Peter Schwabe, Rui Qi Sim, Yuval Yarom. 1753-1770 [doi]

Volttack: Control IoT Devices by Manipulating Power Supply VoltageKai Wang, Shilin Xiao, Xiaoyu Ji 0001, Chen Yan 0001, Chaohao Li, Wenyuan Xu 0001. 1771-1788 [doi]

Inducing Wireless Chargers to Voice Out for Inaudible Command AttacksDonghui Dai, Zhenlin An, Lei Yang 0025. 1789-1806 [doi]

mmSpoof: Resilient Spoofing of Automotive Millimeter-wave Radars using Reflect ArrayRohith Reddy Vennam, Ish Kumar Jain, Kshitiz Bansal, Joshua Orozco, Puja Shukla, Aanjhan Ranganathan, Dinesh Bharadia. 1807-1821 [doi]

PLA-LiDAR: Physical Laser Attacks against LiDAR-based 3D Object Detection in Autonomous VehicleZizhi Jin, Xiaoyu Ji 0001, Yushi Cheng, Bo Yang, Chen Yan 0001, Wenyuan Xu 0001. 1822-1839 [doi]

mmEcho: A mmWave-based Acoustic Eavesdropping MethodPengfei Hu, Wenhao Li, Riccardo Spolaor, Xiuzhen Cheng 0001. 1840-1856 [doi]

Side Eye: Characterizing the Limits of POV Acoustic Eavesdropping from Smartphone Cameras with Rolling Shutters and Movable LensesYan Long, Pirouz Naghavi, Blas Kojusner, Kevin R. B. Butler, Sara Rampazzi, Kevin Fu. 1857-1874 [doi]

3DFed: Adaptive and Extensible Framework for Covert Backdoor Attack in Federated LearningHaoyang Li, Qingqing Ye 0001, Haibo Hu 0001, Jin Li 0002, Leixia Wang, Chengfang Fang, Jie Shi. 1893-1907 [doi]

Scalable and Privacy-Preserving Federated Principal Component AnalysisDavid Froelicher, Hyunghoon Cho, Manaswitha Edupalli, Joao Sa Sousa, Jean-Philippe Bossuat, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, Bonnie Berger, Jean-Pierre Hubaux. 1908-1925 [doi]

Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential PrivacyWenqiang Ruan, Mingxin Xu, Wenjing Fang, Li Wang, Lei Wang, Weili Han. 1926-1943 [doi]

Spectral-DP: Differentially Private Deep Learning through Spectral Perturbation and FilteringCe Feng, Nuo Xu, Wujie Wen, Parv Venkitasubramaniam, Caiwen Ding. 1944-1960 [doi]

ELSA: Secure Aggregation for Federated Learning with Malicious ActorsMayank Rathee, Conghao Shen, Sameer Wagh, Raluca Ada Popa. 1961-1979 [doi]

No One Drinks From the Firehose: How Organizations Filter and Prioritize Vulnerability InformationStephanie de Smale, Rik van Dijk, Xander Bouwman, Jeroen van der Ham, Michel van Eeten. 1980-1996 [doi]

Vulnerability Discovery for All: Experiences of Marginalization in Vulnerability DiscoveryKelsey R. Fulton, Samantha Katcher, Kevin Song, Marshini Chetty, Michelle L. Mazurek, Chloé Messdaghi, Daniel Votipka. 1997-2014 [doi]

"We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startupsDilara Keküllüoglu, Yasemin Acar. 2015-2031 [doi]

"How technical do you get? I'm an English teacher": Teaching and Learning Cybersecurity and AI Ethics in High SchoolZachary Kilhoffer, Zhixuan Zhou, Firmiana Wang, Fahad Tamton, Yun Huang 0003, Pilyoung Kim, Tom Yeh, Yang Wang 0005. 2032 [doi]

Skilled or Gullibleƒ Gender Stereotypes Related to Computer Security and PrivacyMiranda Wei, Pardis Emami Naeini, Franziska Roesner, Tadayoshi Kohno. 2050-2067 [doi]

Everybody's Got ML, Tell Me What Else You Have: Practitioners' Perception of ML-Based Security Tools and ExplanationsJaron Mink, Hadjer Benkraouda, Limin Yang, Arridhana Ciptadi, Ali Ahmadzadeh, Daniel Votipka, Gang Wang 0011. 2068-2085 [doi]

Precise Detection of Kernel Data Races with Probabilistic Lockset AnalysisGabriel Ryan, Abhishek Shah, Dongdong She, Suman Jana. 2086-2103 [doi]

SegFuzz: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through FuzzingDae R. Jeong, Byoungyoung Lee, Insik Shin, Youngjin Kwon. 2104-2121 [doi]

AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel VulnerabilitiesZheyue Jiang, Yuan Zhang, Jun Xu 0024, Xinqian Sun, Zhuang Liu, Min Yang. 2122-2137 [doi]

AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel VulnerabilitiesZheyue Jiang, Yuan Zhang, Jun Xu, Xinqian Sun, Zhuang Liu, Min Yang 0002. 2122-2137 [doi]

When Top-down Meets Bottom-up: Detecting and Exploiting Use-After-Cleanup Bugs in Linux KernelLin Ma, Duoming Zhou, Hanjie Wu, Yajin Zhou, Rui Chang, Hao Xiong, Lei Wu 0012, Kui Ren 0001. 2138-2154 [doi]

RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid FuzzingJiawei Yin, Menghao Li, Yuekang Li, Yong Yu, Boru Lin, Yanyan Zou, Yang Liu, Wei Huo, Jingling Xue. 2155-2169 [doi]

A Theory to Instruct Differentially-Private Learning via Clipping Bias ReductionHanshen Xiao, Zihang Xiang, Di Wang 0015, Srinivas Devadas. 2170-2189 [doi]

Continual Observation under User-level Differential PrivacyWei Dong 0007, Qiyao Luo, Ke Yi 0001. 2190-2207 [doi]

Locally Differentially Private Frequency Estimation Based on Convolution FrameworkHuiyu Fang, Liquan Chen, Yali Liu, Yuan Gao. 2208-2222 [doi]

Telepath: A Minecraft-based Covert Communication SystemZhen Sun, Vitaly Shmatikov. 2223-2237 [doi]

Discop: Provably Secure Steganography in Practice Based on "Distribution Copies"Jinyang Ding, Kejiang Chen, Yaofei Wang, Na Zhao, Weiming Zhang 0001, Nenghai Yu. 2238-2255 [doi]

SQUIP: Exploiting the Scheduler Queue Contention Side ChannelStefan Gast, Jonas Juffinger, Martin Schwarzl, Gururaj Saileshwar, Andreas Kogler, Simone Franza, Markus Köstl, Daniel Gruss. 2256-2272 [doi]

Scatter and Split Securely: Defeating Cache Contention and Occupancy AttacksLukas Giner, Stefan Steinegger, Antoon Purnal, Maria Eichlseder, Thomas Unterluggauer, Stefan Mangard, Daniel Gruss. 2273-2287 [doi]

DevIOus: Device-Driven Side-Channel Attacks on the IOMMUTaehun Kim, Hyeongjin Park, SeokMin Lee, Seunghee Shin, Junbeom Hur, Youngjoo Shin. 2288-2305 [doi]

DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only DataYingchen Wang, Riccardo Paccagnella, Alan Wandke, Zhao Gang, Grant Garrett-Grossman, Christopher W. Fletcher, David Kohlbrenner, Hovav Shacham. 2306-2320 [doi]

A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUsLukas Gerlach, Daniel Weber 0007, Ruiyi Zhang, Michael Schwarz 0001. 2321-2338 [doi]

Examining Zero-Shot Vulnerability Repair with Large Language ModelsHammond Pearce, Benjamin Tan 0001, Baleegh Ahmad, Ramesh Karri, Brendan Dolan-Gavitt. 2339-2356 [doi]

Examining Zero-Shot Vulnerability Repair with Large Language ModelsHammond Pearce, Benjamin Tan 0001, Baleegh Ahmad, Ramesh Karri, Brendan Dolan-Gavitt. 2339-2356 [doi]

Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive LearningWenyu Zhu, Zhiyao Feng, Zihan Zhang, Jianjun Chen, Zhijian Ou, Min Yang, Chao Zhang 0008. 2357-2374 [doi]

XFL: Naming Functions in Binaries with Extreme Multi-label LearningJames Patrick-Evans, Moritz Dannehl, Johannes Kinder. 2375-2390 [doi]

D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph ModelingYapeng Ye, Zhuo Zhang 0002, Qingkai Shi, Yousra Aafer, Xiangyu Zhang 0001. 2391-2408 [doi]

GraphSPD: Graph-Based Security Patch Detection with Enriched Code SemanticsShu Wang, Xinda Wang, Kun Sun 0001, Sushil Jajodia, Haining Wang, Qi Li 0002. 2409-2426 [doi]

Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit GenerationXinyi Wang, Cen Zhang, Yeting Li, Zhiwu Xu, Shuailin Huang, Yi Liu, Yican Yao, Yang Xiao, Yanyan Zou, Yang Liu, Wei Huo. 2427-2443 [doi]

SoK: Decentralized Finance (DeFi) AttacksLiyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, Arthur Gervais. 2444-2461 [doi]

BlindHub: Bitcoin-Compatible Privacy-Preserving Payment Channel Hubs Supporting Variable AmountsXianrui Qin, Shimin Pan, Arash Mirzaei, Zhimei Sui, Oguzhan Ersoy, Amin Sakzad, Muhammed F. Esgin, Joseph K. Liu, Jiangshan Yu, Tsz Hon Yuen. 2462-2480 [doi]

Optimistic Fast Confirmation While Tolerating Malicious Majority in BlockchainsRuomu Hou, Haifeng Yu. 2481-2498 [doi]

Clockwork Finance: Automated Analysis of Economic Security in Smart ContractsKushal Babel, Philip Daian, Mahimna Kelkar, Ari Juels. 2499-2516 [doi]

Tyr: Finding Consensus Failure Bugs in Blockchain System with Behaviour Divergent ModelYuanliang Chen, Fuchen Ma, Yuanhang Zhou, Yu Jiang 0001, Ting Chen 0002, Jia-Guang Sun 0001. 2517-2532 [doi]

Leaking Arbitrarily Many Secrets: Any-out-of-Many Proofs and Applications to RingCT ProtocolsTianyu Zheng, Shang Gao 0006, Yubo Song, Bin Xiao 0001. 2533-2550 [doi]

Could you clean up the Internet with a Pit of Tar? Investigating tarpit feasibility on Internet wormsHarm Griffioen, Christian Doerr. 2551-2565 [doi]

Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at ScaleMarzieh Bitaab, Haehyun Cho, Adam Oest, Zhuoer Lyu, Wei Wang, Jorij Abraham, Ruoyu Wang 0001, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé. 2566-2583 [doi]

Limits of I/O Based Ransomware Detection: An Imitation Based AttackChijin Zhou, Lihua Guo, Yiwei Hou, Zhenya Ma, Quan Zhang, Mingzhe Wang, Zhe Liu, Yu Jiang 0001. 2584-2601 [doi]

From Grim Reality to Practical Solution: Malware Classification in Real-World NoiseXian Wu, Wenbo Guo 0002, Jia Yan, Baris Coskun, Xinyu Xing. 2602-2619 [doi]

SoK: History is a Vast Early Warning System: Auditing the Provenance of System IntrusionsMuhammad Adil Inam, Yinfang Chen, Akul Goyal, Jason Liu, Jaron Mink, Noor Michael, Sneha Gaur, Adam Bates 0001, Wajih Ul Hassan. 2620-2638 [doi]

Collaborative Ad Transparency: Promises and LimitationsEleni Gkiouzepi, Athanasios Andreou, Oana Goga, Patrick Loiseau. 2639-2657 [doi]

Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection VulnerabilitiesErik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang 0001, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé. 2658-2675 [doi]

UTopia: Automatic Generation of Fuzz Driver using Unit TestsBokdeuk Jeong, Joonun Jang, Hayoon Yi, Jiin Moon, Junsik Kim, Intae Jeon, Taesoo Kim, Woochul Shim, Yong Ho Hwang. 2676-2692 [doi]

SelectFuzz: Efficient Directed Fuzzing with Selective Path ExplorationChanghua Luo, Wei Meng 0001, Penghui Li 0001. 2693-2707 [doi]

Finding Specification Blind Spots via Fuzz TestingRu Ji, Meng Xu. 2708-2725 [doi]

ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox FuzzingSicong Cao, Biao He, Xiaobing Sun 0001, Yu Ouyang, Chao Zhang 0008, Xiaoxue Wu, Ting Su, Lili Bo, Bin Li 0006, Chuanlei Ma, Jiajia Li, Tao Wei. 2726-2743 [doi]

The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the WebJannis Rautenstrauch, Giancarlo Pellegrino, Ben Stock. 2744-2760 [doi]

WebSpec: Towards Machine-Checked Analysis of Browser Security MechanismsLorenzo Veronese, Benjamin Farinier, Pedro Bernardo, Mauro Tempesta, Marco Squarcina, Matteo Maffei. 2761-2779 [doi]

Detection of Inconsistencies in Privacy Practices of Browser ExtensionsDuc Bui, Brian Tang, Kang G. Shin. 2780-2798 [doi]

TeSec: Accurate Server-side Attack Investigation for Web ApplicationsRuihua Wang, Yihao Peng, Yilun Sun, Xuancheng Zhang, Hai Wan, Xibin Zhao. 2799-2816 [doi]

RuleKeeper: GDPR-Aware Personal Data Compliance for Web FrameworksMafalda Ferreira, Tiago Brito, José Fragoso Santos, Nuno Santos 0001. 2817-2834 [doi]

Characterizing Everyday Misuse of Smart Home DevicesPhoebe Moh, Pubali Datta, Noel Warford, Adam Bates 0001, Nathan Malkin, Michelle L. Mazurek. 2835-2849 [doi]

"It's up to the Consumer to be Smart": Understanding the Security and Privacy Attitudes of Smart Home Users on RedditJingjie Li, Kaiwen Sun, Brittany Skye Huff, Anna Marie Bierley, Younghyun Kim, Florian Schaub, Kassem Fawaz. 2850-2866 [doi]

User Perceptions and Experiences with Smart Home UpdatesJulie M. Haney, Susanne M. Furman. 2867-2884 [doi]

Design and Evaluation of Inclusive Email Security Indicators for People with Visual ImpairmentsYaman Yu, Saidivya Ashok, Smirity Kaushik, Yang Wang 0005, Gang Wang. 2885-2902 [doi]

When and Why Do People Want Ad Targeting Explanations? Evidence from a Four-Week, Mixed-Methods Field StudyHao-Ping Hank Lee, Jacob Logas, Stephanie Yang, Zhouyu Li, Natã M. Barbosa, Yang Wang, Sauvik Das. 2903-2920 [doi]

SecureCells: A Secure Compartmentalized ArchitectureAtri Bhattacharyya, Florian Hofhammer, Yuanlong Li, Siddharth Gupta 0003, Andrés Sánchez, Babak Falsafi, Mathias Payer. 2921-2939 [doi]

WaVe: a verifiably secure WebAssembly sandboxing runtimeEvan Johnson 0001, Evan Laufer, Zijie Zhao, Dan Gohman, Shravan Narayan, Stefan Savage, Deian Stefan, Fraser Brown. 2940-2955 [doi]

μSwitch: Fast Kernel Context Isolation with Implicit Context SwitchesDinglan Peng, Congyu Liu, Tapti Palit, Pedro Fonseca 0001, Anjo Vahldiek-Oberwagner, Mona Vij. 2956-2973 [doi]

Control Flow and Pointer Integrity Enforcement in a Secure Tagged ArchitectureRavi Theja Gollapudi, Gokturk Yuksek, David Demicco, Matthew Cole, Gaurav Kothari, Rohit Kulkarni, Xin Zhang, Kanad Ghose, Aravind Prakash, Zerksis Umrigar. 2974-2989 [doi]

EC: Embedded Systems Compartmentalization via Intra-Kernel IsolationArslan Khan, Dongyan Xu, Dave Jing Tian. 2990-3007 [doi]

Low-Cost Privilege Separation with Compile Time Compartmentalization for Embedded SystemsArslan Khan, Dongyan Xu, Dave Jing Tian. 3008-3025 [doi]

One Key to Rule Them All: Secure Group Pairing for Heterogeneous IoT DevicesHabiba Farrukh, Muslum Ozgur Ozmen, Faik Kerem Örs, Z. Berkay Celik. 3026-3042 [doi]

Optimistic Access Control for the Smart HomeNathan Malkin, Alan F. Luo, Julio Poveda, Michelle L. Mazurek. 3043-3060 [doi]

Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT SafeguardsAnna Maria Mandalari, Hamed Haddadi, Daniel J. Dubois, David R. Choffnes. 3061-3078 [doi]

LazyTAP: On-Demand Data Minimization for Trigger-Action ApplicationsMohammad M. Ahmadpanah, Daniel Hedin, Andrei Sabelfeld. 3079-3097 [doi]

Blue's Clues: Practical Discovery of Non-Discoverable Bluetooth DevicesTyler Tucker, Hunter Searle, Kevin R. B. Butler, Patrick Traynor. 3098-3112 [doi]

DeHiREC: Detecting Hidden Voice Recorders via ADC Electromagnetic RadiationRuochen Zhou, Xiaoyu Ji 0001, Chen Yan 0001, Yi-Chao Chen 0001, Wenyuan Xu, Chaohao Li. 3113-3128 [doi]

IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level GeolocationErik C. Rye, Robert Beverly. 3129-3145 [doi]

From 5G Sniffing to Harvesting Leakages of Privacy-Preserving MessengersNorbert Ludant, Pieter Robyns, Guevara Noubir. 3146-3161 [doi]

Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP RedirectsXuewei Feng, Qi Li 0002, Kun Sun 0001, Yuxiang Yang, Ke Xu 0002. 3162-3177 [doi]

Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable SwitchesHuancheng Zhou, Sungmin Hong, Yangyang Liu, Xiapu Luo, Weichao Li, Guofei Gu. 3178-3192 [doi]

PCSPOOF: Compromising the Safety of Time-Triggered EthernetAndrew D. Loveless, Linh Thi Xuan Phan, Ronald G. Dreslinski, Baris Kasikci. 3193-3208 [doi]

BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE ImplementationsImtiaz Karim, Abdullah Al Ishtiaq, Syed Rafiul Hussain, Elisa Bertino. 3209-3227 [doi]

ViDeZZo: Dependency-aware Virtual Device FuzzingQiang Liu, Flavio Toffalini, Yajin Zhou, Mathias Payer. 3228-3245 [doi]

DevFuzz: Automatic Device Model-Guided Device Driver FuzzingYilun Wu, Tong Zhang, Changhee Jung, Dongyoon Lee. 3246-3261 [doi]

SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel DriversYu Hao 0006, Guoren Li, Xiaochen Zou, Weiteng Chen, Shitong Zhu, Zhiyun Qian, Ardalan Amiri Sani. 3262-3278 [doi]

QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS BinariesHyungseok Han, JeongOh Kyea, Yonghwi Jin, Jinoh Kang, Brian Pak, Insu Yun. 3279-312795 [doi]

Pyfet: Forensically Equivalent Transformation for Python Binary DecompilationAli Ahad, Chijung Jung, Ammar Askar, Doowon Kim, Taesoo Kim, Yonghwi Kwon 0001. 3296-3313 [doi]

Adaptive Risk-Limiting Comparison AuditsBenjamin Fuller 0001, Abigail Harrison, Alexander Russell. 3314-3331 [doi]

Blue Is the New Black (Market): Privacy Leaks and Re-Victimization from Police-Auctioned CellphonesRichard Roberts, Julio Poveda, Raley Roberts, Dave Levin. 3332-3336 [doi]

No Privacy in the Electronics Repair IndustryJason Ceci, Jonah Stegman, Hassan Khan. 3347-3364 [doi]

How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT DevicesPeiyu Liu 0003, Shouling Ji, Lirong Fu, Kangjie Lu, Xuhong Zhang 0002, Jingchang Qin, Wenhai Wang, Wenzhi Chen. 3365-3381 [doi]

Privacy Leakage via Unrestricted Motion-Position Sensors in the Age of Virtual Reality: A Study of Snooping Typed Input on Virtual KeyboardsYi Wu, Cong Shi 0004, Tianfang Zhang, Payton Walker, Jian Liu 0001, Nitesh Saxena, Yingying Chen 0001. 3382-3398 [doi]

Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side ChannelsTao Ni, Xiaokuan Zhang, Chaoshun Zuo, Jianfeng Li, Zhenyu Yan, Wubing Wang, Weitao Xu, Xiapu Luo, Qingchuan Zhao. 3399-3415 [doi]

MagBackdoor: Beware of Your Loudspeaker as A Backdoor For Magnetic Injection AttacksTiantian Liu 0002, Feng Lin 0004, Zhangsen Wang, Chao Wang, Zhongjie Ba, Li Lu 0008, Wenyao Xu, Kui Ren 0001. 3416-3431 [doi]

Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video ConferencingYan Long, Chen Yan 0001, Shilin Xiao, Shivan Prasad, Wenyuan Xu 0001, Kevin Fu. 3432-3449 [doi]

Low-effort VR Headset User Authentication Using Head-reverberated Sounds with Replay ResistanceRuxin Wang, Long Huang, Chen Wang 0009. 3450-3465 [doi]

runs on WebDSL