IEEE Symposium on Security and Privacy, SP 2024, San Francisco, CA, USA, May 19-23, 2024 - researchr publication

researchr

You are not signed in
Sign in
Sign up

IEEE Symposium on Security and Privacy, SP 2024, San Francisco, CA, USA, May 19-23, 2024. IEEE, 2024. [doi]

Conference: sp

Abstract is missing.

On SMS Phishing Tactics and InfrastructureAleksandr Nahapetyan, Sathvik Prasad, Kevin Childs, Adam Oest, Yeganeh Ladwig, Alexandros Kapravelos, Bradley Reaves. 1-16 [doi]

Conning the Crypto Conman: End-to-End Analysis of Cryptocurrency-based Technical Support ScamsBhupendra Acharya, Muhammad Saad 0001, Antonio Emanuele Cinà, Lea Schönherr, Hoang Dai Nguyen, Adam Oest, Phani Vadrevu, Thorsten Holz. 17-35 [doi]

From Chatbots to Phishbots?: Phishing Scam Generation in Commercial Large Language ModelsSayak Saha Roy, Poojitha Thota, Krishna Vamsi Naragam, Shirin Nilizadeh. 36-54 [doi]

A Representative Study on Human Detection of Artificially Generated Media Across CountriesJoel Frank, Franziska Herbert, Jonas Ricker, Lea Schönherr, Thorsten Eisenhofer, Asja Fischer, Markus Dürmuth, Thorsten Holz. 55-73 [doi]

AVA: Inconspicuous Attribute Variation-based Adversarial Attack bypassing DeepFake DetectionXiangtao Meng, Li Wang, Shanqing Guo, Lei Ju 0001, Qingchuan Zhao. 74-90 [doi]

An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat LandscapeSifat Muhammad Abdullah, Aravind Cheruvu, Shravya Kanchi, Taejoong Chung, Peng Gao, Murtuza Jadliwala, Bimal Viswanath. 91-109 [doi]

DP-Auditorium: A Large-Scale Library for Auditing Differential PrivacyWilliam Kong, Andrés Muñoz Medina, Mónica Ribero, Umar Syed. 110-126 [doi]

Time-Aware Projections: Truly Node-Private Graph Statistics under Continual ObservationPalak Jain 0004, Adam D. Smith 0001, Connor Wagaman. 127-145 [doi]

Synq: Public Policy Analytics Over Encrypted DataZachary Espiritu, Marilyn George, Seny Kamara, Lucy Qin. 146-165 [doi]

The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the WebSoheil Khodayari, Thomas Barber, Giancarlo Pellegrino. 166-184 [doi]

Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application FirewallsQi Wang, Jianjun Chen, Zheyu Jiang, Run Guo, Ximeng Liu, Chao Zhang 0008, Haixin Duan. 185-202 [doi]

Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing DifferentialsDavid Klein 0001, Martin Johns. 203-221 [doi]

Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter AnalysisPenghui Li 0001, Wei Meng, Mingxue Zhang, Chenlin Wang, Changhua Luo. 222-238 [doi]

Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web ApplicationsEnze Wang, Jianjun Chen, Wei Xie 0007, Chuhan Wang, Yifei Gao, Zhenhua Wang, Haixin Duan, Yang Liu, Baosheng Wang. 239-257 [doi]

SINBAD: Saliency-informed detection of breakage caused by ad blockingSaiid El Hajj Chehade, Sandra Siby, Carmela Troncoso. 258-276 [doi]

C-Frame: Characterizing and measuring in-the-wild CAPTCHA attacksHoang Dai Nguyen, Karthika Subramani, Bhupendra Acharya, Roberto Perdisci, Phani Vadrevu. 277-295 [doi]

Jasmine: Scale up JavaScript Static Security Analysis with Computation-based Semantic ExplanationFeng Xiao, Zhongfu Su, Guangliang Yang 0001, Wenke Lee. 296-311 [doi]

A Tale of Two Industroyers: It was the Season of DarknessLuis E. Salazar, Sebastián R. Castro, Juan Lozano, Keerthi Koneru, Emmanuele Zambon, Bing Huang, Ross Baldick, Marina Krotofil, Alonso Rojas, Alvaro A. Cárdenas. 312-330 [doi]

AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource ManagementJennifer Sheldon, Weidong Zhu 0002, Adnan Abdullah, Sri Hrushikesh Varma Bhupathiraju, Takeshi Sugawara 0001, Kevin R. B. Butler, Md Jahidul Islam, Sara Rampazzi. 331-349 [doi]

"Watching over the shoulder of a professional": Why Hackers Make Mistakes and How They Fix ThemIrina Ford, Ananta Soneji, Faris Bugra Kokulu, Jayakrishna Vadayath, Zion Leonahenahe Basque, Gaurav Vipat, Adam Doupé, Ruoyu Wang 0001, Gail-Joon Ahn, Tiffany Bao, Yan Shoshitaishvili. 350-368 [doi]

A Picture is Worth 500 Labels: A Case Study of Demographic Disparities in Local Machine Learning Models for Instagram and TikTokJack West, Lea Thiemt, Shimaa Ahmed, Maggie Bartig, Kassem Fawaz, Suman Banerjee 0001. 369-387 [doi]

MAWSEO: Adversarial Wiki Search Poisoning for Illicit Online PromotionZilong Lin 0001, Zhengyi Li, Xiaojing Liao, Xiaofeng Wang, Xiaozhong Liu. 388-406 [doi]

Poisoning Web-Scale Training Datasets is PracticalNicholas Carlini, Matthew Jagielski, Christopher A. Choquette-Choo, Daniel Paleka, Will Pearce, Hyrum S. Anderson, Andreas Terzis, Kurt Thomas, Florian Tramèr. 407-425 [doi]

Don't Shoot the Messenger: Localization Prevention of Satellite Internet UsersDavid Koisser, Richard Mitev, Marco Chilese, Ahmad-Reza Sadeghi. 426-444 [doi]

The Dark Side of Scale: Insecurity of Direct-to-Cell Satellite Mega-ConstellationsWei Liu, Yuanjie Li, Hewu Li, Yimei Chen, Yufeng Wang, Jingyi Lan, Jianping Wu, Qian Wu, Jun Liu, Zeqi Lai. 445-464 [doi]

SoK: Collusion-resistant Multi-party Private Set Intersections in the Semi-honest ModelJelle Vos, Mauro Conti, Zekeriya Erkin. 465-483 [doi]

GAuV: A Graph-Based Automated Verification Framework for Perfect Semi-Honest Security of Multiparty Computation ProtocolsXingyu Xie, Yifei Li, Wei Zhang, Tuowei Wang, Shizhen Xu, Jun Zhu, Yifan Song. 484-502 [doi]

Don't Eject the Impostor: Fast Three-Party Computation With a Known CheaterAndreas Brüggemann, Oliver Schick, Thomas Schneider 0003, Ajith Suresh, Hossein Yalame. 503-522 [doi]

Scalable Mixed-Mode MPCRadhika Garg 0002, Kang Yang 0002, Jonathan Katz, Xiao Shaun Wang. 523-541 [doi]

Asterisk: Super-fast MPC with a FriendBanashri Karmakar, Nishat Koti, Arpita Patra, Sikhar Patranabis, Protik Paul, Divya Ravi. 542-560 [doi]

Efficient Actively Secure DPF and RAM-based 2PC with One-Bit LeakageWenhao Zhang, Xiaojie Guo 0004, Kang Yang 0002, Ruiyu Zhu, Yu Yu 0001, Xiao Wang 0012. 561-577 [doi]

MPC-in-the-Head Framework without Repetition and its Applications to the Lattice-based CryptographyWeihao Bai, Long Chen, Qianwen Gao, Zhenfeng Zhang. 578-596 [doi]

Orca: FSS-based Secure Training and Inference with GPUsNeha Jawalkar, Kanav Gupta, Arkaprava Basu, Nishanth Chandran, Divya Gupta 0001, Rahul Sharma 0001. 597-616 [doi]

Security, Privacy, and Data-sharing Trade-offs When Moving to the United States: Insights from a Qualitative StudyMindy Tran, Collins W. Munyendo, Harshini Sri Ramulu, Rachel Gonzalez Rodriguez, Luisa Ball Schnell, Cora Sula, Lucy Simko, Yasemin Acar. 617-634 [doi]

SoK: Safer Digital-Safety Research Involving At-Risk UsersRosanna Bellini, Emily Tseng, Noel Warford, Alaa Daffalla, Tara Matthews, Sunny Consolvo, Jill Palzkill Woelfer, Patrick Gage Kelley, Michelle L. Mazurek, Dana Cuomo, Nicola Dell, Thomas Ristenpart. 635-654 [doi]

Janus: Safe Biometric Deduplication for Humanitarian Aid DistributionKasra Edalatnejad, Wouter Lueks, Justinas Sukaitis, Vincent Graf Narbel, Massimo Marelli, Carmela Troncoso. 655-672 [doi]

SoK: Technical Implementation and Human Impact of Internet Privacy RegulationsEleanor Birrell, Jay Rodolitz, Angel Ding, Jenna Lee, Emily McReynolds, Jevan A. Hutson, Ada Lerner. 673-696 [doi]

Digital Security - A Question of Perspective A Large-Scale Telephone Survey with Four At-Risk User GroupsFranziska Herbert, Steffen Becker 0003, Annalina Buckmann, Marvin Kowalewski, Jonas Hielscher, Yasemin Acar, Markus Dürmuth, Yixin Zou, M. Angela Sasse. 697-716 [doi]

No Easy Way Out: the Effectiveness of Deplatforming an Extremist Forum to Suppress Hate and HarassmentAnh V. Vu, Alice Hutchings, Ross J. Anderson. 717-734 [doi]

Withdrawing is believing? Detecting Inconsistencies between Withdrawal Choices and Third-party Data Collections in Mobile AppsXiaolin Du, Zhemin Yang, Jiapeng Lin, Yinzhi Cao, Min Yang 0002. 735-751 [doi]

The Role of User-Agent Interactions on Mobile Money Practices in Kenya and TanzaniaKaren Sowon, Edith Luhanga, Lorrie Faith Cranor, Giulia Fanti, Conrad Tucker, Assane Gueye. 752-769 [doi]

You Only Prompt Once: On the Capabilities of Prompt Learning on Large Language Models to Tackle Toxic ContentXinlei He 0001, Savvas Zannettou, Yun Shen, Yang Zhang 0016. 770-787 [doi]

Moderating New Waves of Online Hate with Chain-of-Thought Reasoning in Large Language ModelsNishant Vishwamitra, Keyan Guo, Farhan Tajwar Romit, Isabelle Ondracek, Long Cheng 0005, Ziming Zhao 0001, Hongxin Hu. 788-806 [doi]

Nightshade: Prompt-Specific Poisoning Attacks on Text-to-Image Generative ModelsShawn Shan, Wenxin Ding, Josephine Passananti, Stanley Wu, Haitao Zheng 0001, Ben Y. Zhao. 807-825 [doi]

On Large Language Models' Resilience to Coercive InterrogationZhuo Zhang 0002, Guangyu Shen, Guanhong Tao 0001, Siyuan Cheng 0005, Xiangyu Zhang 0001. 826-844 [doi]

PromptCARE: Prompt Copyright Protection by Watermark Injection and VerificationHongwei Yao, Jian Lou 0001, Zhan Qin, Kui Ren 0001. 845-861 [doi]

LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and BenchmarksSaad Ullah, Mingji Han, Saurabh Pujar, Hammond Pearce, Ayse K. Coskun, Gianluca Stringhini. 862-880 [doi]

LLMIF: Augmented Large Language Model for Fuzzing IoT DevicesJincheng Wang, Le Yu, Xiapu Luo. 881-896 [doi]

SneakyPrompt: Jailbreaking Text-to-image Generative ModelsYuchen Yang 0001, Bo Hui 0002, Haolin Yuan, Neil Gong 0001, Yinzhi Cao. 897-912 [doi]

Eureka: A General Framework for Black-box Differential Privacy EstimatorsYun Lu 0001, Malik Magdon-Ismail, Yu Wei, Vassilis Zikas. 913-931 [doi]

Casual Users and Rational Choices within Differential PrivacyNarges Ashena, Oana Inel, Badrie L. Persaud, Abraham Bernstein. 932-950 [doi]

Lower Bounds for Rényi Differential Privacy in a Black-Box SettingTim Kutta, Önder Askin, Martin Dunsche. 951-971 [doi]

Bounded and Unbiased Composite Differential PrivacyKai Zhang, Yanjun Zhang, Ruoxi Sun 0001, Pei-wei Tsai, Muneeb Ul Hassan 0001, Xin Yuan 0004, Minhui Xue, Jinjun Chen. 972-990 [doi]

Cohere: Managing Differential Privacy in Large Scale SystemsNicolas Küchler, Emanuel Opel, Hidde Lycklama, Alexander Viand, Anwar Hithnawi. 991-1008 [doi]

DPI: Ensuring Strict Differential Privacy for Infinite Data StreamingShuya Feng, Meisam Mohammady, Han Wang, Xiaochen Li, Zhan Qin, Yuan Hong. 1009-1027 [doi]

Budget Recycling Differential PrivacyBo Jiang, Jian Du, Sagar Sharma, Qiang Yan. 1028-1046 [doi]

Measure-Observe-Remeasure: An Interactive Paradigm for Differentially-Private Exploratory AnalysisPriyanka Nanayakkara, Hyeok Kim, Yifan Wu, Ali Sarvghad, Narges Mahyar, Gerome Miklau, Jessica Hullman. 1047-1064 [doi]

Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software ContributorsSabrina Amft, Sandra Höltervennhoff, Rebecca Panskus, Karola Marky, Sascha Fahl. 1065-1082 [doi]

Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software SecurityAlfusainey Jallow, Michael Schilling 0001, Michael Backes 0001, Sven Bugiel. 1083-1101 [doi]

Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security VulnerabilitiesJulia Wunder, Andreas Kurtz 0004, Christian Eichenmüller, Freya Gassmann, Zinaida Benenson. 1102-1121 [doi]

TrojanPuzzle: Covertly Poisoning Code-Suggestion ModelsHojjat Aghakhani, Wei Dai 0007, Andre Manoel, Xavier Fernandes, Anant Kharkar, Christopher Kruegel, Giovanni Vigna, David Evans 0001, Ben Zorn 0001, Robert Sim. 1122-1140 [doi]

Poisoned ChatGPT Finds Work for Idle Hands: Exploring Developers' Coding Practices with Insecure Suggestions from Poisoned AI ModelsSanghak Oh, Kiho Lee, Seonhye Park, Doowon Kim, Hyoungshick Kim. 1141-1159 [doi]

Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing FactorsTaylor R. Schorlemmer, Kelechi G. Kalu, Luke Chigges, Kyung Myung Ko, Eman Abu Ishgair, Saurabh Bagchi, Santiago Torres-Arias, James C. Davis 0001. 1160-1178 [doi]

More Haste, Less Speed: Cache Related Security Threats in Continuous Integration ServicesYacong Gu, Lingyun Ying, Huajun Chai, Yingyuan Pu, Haixin Duan, Xing Gao 0001. 1179-1197 [doi]

Patchy Performance? Uncovering the Vulnerability Management Practices of IoT-Centric VendorsSandra Rivera Pérez, Michel van Eeten, Carlos Hernandez Gañán. 1198-1216 [doi]

Need for Speed: Taming Backdoor Attacks with Speed and PrecisionZhuo Ma, Yilong Yang 0004, Yang Liu 0118, Tong Yang 0003, Xinjing Liu, Teng Li, Zhan Qin. 1217-1235 [doi]

Multi-Instance Adversarial Attack on GNN-Based Malicious Domain DetectionMahmoud Nazzal, Issa Khalil, Abdallah Khreishah, NhatHai Phan, Yao Ma 0001. 1236-1254 [doi]

Dropout AttacksAndrew Yuan, Alina Oprea, Cheng Tan. 1255-1269 [doi]

BounceAttack: A Query-Efficient Decision-based Adversarial Attack by Bouncing into the WildJie Wan, Jianhao Fu, Lijin Wang, Ziqi Yang. 1270-1286 [doi]

Loki: Large-scale Data Reconstruction Attack against Federated Learning through Model ManipulationJoshua C. Zhao, Atul Sharma, Ahmed Roushdy Elkordy, Yahya H. Ezzeldin, Salman Avestimehr, Saurabh Bagchi. 1287-1305 [doi]

Test-Time Poisoning Attacks Against Test-Time Adaptation ModelsTianshuo Cong, Xinlei He 0001, Yun Shen, Yang Zhang 0016. 1306-1324 [doi]

Attacking Byzantine Robust Aggregation in High DimensionsSarthak Choudhary, Aashish Kolluri, Prateek Saxena. 1325-1344 [doi]

CaFA: Cost-aware, Feasible Attacks With Database Constraints Against Neural Tabular ClassifiersMatan Ben-Tov, Daniel Deutch, Nave Frost, Mahmood Sharif. 1345-1364 [doi]

Universal Neural-Cracking-Machines: Self-Configurable Password Models from Auxiliary DataDario Pasquini, Giuseppe Ateniese, Carmela Troncoso. 1365-1384 [doi]

PassREfinder: Credential Stuffing Risk Prediction by Representing Password Reuse between Websites on a GraphJaehan Kim, Minkyoo Song, MinJae Seo, Youngjin Jin, Seungwon Shin. 1385-1404 [doi]

Breach Extraction Attacks: Exposing and Addressing the Leakage in Second Generation Compromised Credential Checking ServicesDario Pasquini, Danilo Francati, Giuseppe Ateniese, Evgenios M. Kornaropoulos. 1405-1423 [doi]

A Security Analysis of Honey VaultsFei Duan, Ding Wang 0002, Chunfu Jia. 1424-1442 [doi]

Combing for Credentials: Active Pattern Extraction from Smart ReplyBargav Jayaraman, Esha Ghosh, Melissa Chase, Sambuddha Roy, Wei Dai 0007, David Evans 0001. 1443-1461 [doi]

ARMOR: A Formally Verified Implementation of X.509 Certificate Chain ValidationJoyanta Debnath, Christa Jenkins, Yuteng Sun, Sze Yiu Chau, Omar Chowdhury. 1462-1480 [doi]

DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz TestingMax Ammann, Lucca Hirschi, Steve Kremer. 1481-1499 [doi]

To Auth or Not To Auth? A Comparative Analysis of the Pre- and Post-Login Security LandscapeJannis Rautenstrauch, Metodi Mitkov, Thomas Helbrecht, Lorenz Hetterich, Ben Stock. 1500-1516 [doi]

Targeted and Troublesome: Tracking and Advertising on Children's WebsitesZahra Moti, Asuman Senol, Hamid Bostani, Frederik J. Zuiderveen Borgesius, Veelasha Moonsamy, Arunesh Mathur, Gunes Acar. 1517-1535 [doi]

Children, Parents, and Misinformation on Social MediaFilipo Sharevski, Jennifer Vander Loop. 1536-1553 [doi]

Understanding Parents' Perceptions and Practices Toward Children's Security and Privacy in Virtual RealityJiaxun Cao, Abhinaya S. B., Anupam Das 0001, Pardis Emami Naeini. 1554-1572 [doi]

The Times They Are A-Changin': Characterizing Post-Publication Changes to Online NewsChris Tsoukaladelis, Brian Kondracki, Niranjan Balasubramanian, Nick Nikiforakis. 1573-1589 [doi]

The Inventory is Dark and Full of Misinformation: Understanding Ad Inventory Pooling in the Ad-Tech Supply ChainYash Vekaria, Rishab Nithyanand, Zubair Shafiq. 1590-1608 [doi]

Specious Sites: Tracking the Spread and Sway of Spurious News Stories at ScaleHans W. A. Hanley, Deepak Kumar 0006, Zakir Durumeric. 1609-1627 [doi]

ALIF: Low-Cost Adversarial Audio Attacks on Black-Box Speech Platforms using Linguistic FeaturesPeng Cheng 0007, Yuwei Wang, Peng Huang, Zhongjie Ba, Xiaodong Lin 0001, Feng Lin 0004, Li Lu 0008, Kui Ren 0001. 1628-1645 [doi]

FlowMur: A Stealthy and Practical Audio Backdoor Attack with Limited KnowledgeJiahe Lan, Jie Wang, Baochen Yan, Zheng Yan 0002, Elisa Bertino. 1646-1664 [doi]

Understanding and Benchmarking the Commonality of Adversarial ExamplesRuiwen He, Yushi Cheng, Junning Ze, Xiaoyu Ji 0001, Wenyuan Xu 0001. 1665-1683 [doi]

Scores Tell Everything about Bob: Non-adaptive Face Reconstruction on Face Recognition SystemsSunpill Kim, Yong Kiam Tan, Bora Jeong, Soumik Mondal, Khin Mi Mi Aung, Jae Hong Seo. 1684-1702 [doi]

OdScan: Backdoor Scanning for Object Detection ModelsSiyuan Cheng 0005, Guangyu Shen, Guanhong Tao 0001, Kaiyuan Zhang 0002, Zhuo Zhang 0002, Shengwei An, Xiangzhe Xu, Yingqi Li, ShiQing Ma, Xiangyu Zhang 0001. 1703-1721 [doi]

Transferable Multimodal Attack on Vision-Language Pre-training ModelsHaodi Wang, Kai Dong, Zhilei Zhu, Haotong Qin, Aishan Liu, Xiaolin Fang, Jiakai Wang, Xianglong Liu 0001. 1722-1740 [doi]

Certifying Zero-Knowledge Circuits with Refinement TypesJunrui Liu, Ian Kretz, Hanzhi Liu, Bryan Tan, Jonathan Wang, Yi Sun, Luke Pearson, Anders Miltner, Isil Dillig, Yu Feng 0001. 1741-1759 [doi]

Ligetron: Lightweight Scalable End-to-End Zero-Knowledge Proofs Post-Quantum ZK-SNARKs on a BrowserRuihan Wang, Carmit Hazay, Muthuramakrishnan Venkitasubramaniam. 1760-1776 [doi]

Pianist: Scalable zkRollups via Fully Distributed Zero-Knowledge ProofsTianyi Liu, Tiancheng Xie, Jiaheng Zhang, Dawn Song, Yupeng Zhang 0001. 1777-1793 [doi]

Scalable Verification of Zero-Knowledge ProtocolsMiguel Isabel, Clara Rodríguez-Núñez, Albert Rubio. 1794-1812 [doi]

Efficient Zero-Knowledge Arguments For Paillier CryptosystemBorui Gong, Wang Fat Lau, Man Ho Au, Rupeng Yang, Haiyang Xue, Lichun Li. 1813-1831 [doi]

SwiftRange: A Short and Efficient Zero-Knowledge Range Argument For Confidential Transactions and MoreNan Wang, Sid Chi-Kin Chau, Dongxi Liu. 1832-1848 [doi]

Titan : Efficient Multi-target Directed Greybox FuzzingHeqing Huang 0002, Peisen Yao, Hung-Chun Chiu, Yiyuan Guo, Charles Zhang 0001. 1849-1864 [doi]

Benzene: A Practical Root Cause Analysis System with an Under-Constrained State MutationYounggi Park, Hwiwon Lee, Jinho Jung, Hyungjoon Koo, Huy Kang Kim. 1865-1883 [doi]

Predecessor-aware Directed Greybox FuzzingYujian Zhang, Yaokun Liu, Jinyu Xu, Yanhao Wang. 1884-1900 [doi]

AFGen: Whole-Function Fuzzing for Applications and LibrariesYuwei Liu, Yanhao Wang, Xiangkun Jia, Zheng Zhang, Purui Su. 1901-1919 [doi]

Labrador: Response Guided Directed Fuzzing for Black-box IoT DevicesHangtian Liu, Shuitao Gan, Chao Zhang, Zicong Gao, Hongqi Zhang, Xiangzhi Wang, Guangming Gao. 1920-1938 [doi]

Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient DelayYuanliang Chen, Fuchen Ma, Yuanhang Zhou, Ming Gu, Qing Liao, Yu Jiang 0001. 1939-1955 [doi]

Everything is Good for Something: Counterexample-Guided Directed Fuzzing via Likely Invariant InferenceHeqing Huang 0002, Anshunkang Zhou, Mathias Payer, Charles Zhang 0001. 1956-1973 [doi]

SoK: Prudent Evaluation Practices for FuzzingMoritz Schloegel, Nils Bars, Nico Schiller, Lukas Bernhard, Tobias Scharnowski, Addison Crump, Arash Ale Ebrahim, Nicolai Bissantz, Marius Muench, Thorsten Holz. 1974-1993 [doi]

MM-BD: Post-Training Detection of Backdoor Attacks with Arbitrary Backdoor Pattern Types Using a Maximum Margin StatisticHang Wang, Zhen Xiang, David J. Miller 0001, George Kesidis. 1994-2012 [doi]

BadVFL: Backdoor Attacks in Vertical Federated LearningMohammad Naseri, Yufei Han, Emiliano De Cristofaro. 2013-2028 [doi]

Distribution Preserving Backdoor Attack in Self-supervised LearningGuanhong Tao 0001, Zhenting Wang, Shiwei Feng 0002, Guangyu Shen, ShiQing Ma, Xiangyu Zhang 0001. 2029-2047 [doi]

Robust Backdoor Detection for Deep Learning via Topological Evolution DynamicsXiaoxing Mo, Yechao Zhang, Leo Yu Zhang, Wei Luo 0001, Nan Sun, Shengshan Hu, Shang Gao 0003, Yang Xiang 0001. 2048-2066 [doi]

DeepVenom: Persistent DNN Backdoors Exploiting Transient Weight Perturbations in MemoriesKunbei Cai, Md Hafizul Islam Chowdhuryy, Zhenkai Zhang, Fan Yao. 2067-2085 [doi]

Baffle: Hiding Backdoors in Offline Reinforcement Learning DatasetsChen Gong 0005, Zhou Yang 0003, Yunpeng Bai, Junda He, Jieke Shi, Kecen Li, Arunesh Sinha, Bowen Xu, Xinwen Hou, David Lo 0001, Tianhao Wang 0001. 2086-2104 [doi]

Exploring the Orthogonality and Linearity of Backdoor AttacksKaiyuan Zhang 0002, Siyuan Cheng 0005, Guangyu Shen, Guanhong Tao 0001, Shengwei An, Anuran Makur, ShiQing Ma, Xiangyu Zhang 0001. 2105-2123 [doi]

BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity LiftingHuming Qiu, Junjie Sun, Mi Zhang 0001, Xudong Pan, Min Yang 0002. 2124-2141 [doi]

Formal Model-Driven Analysis of Resilience of GossipSub to Attacks from Misbehaving PeersAnkit Kumar, Max von Hippel, Panagiotis Manolios, Cristina Nita-Rotaru. 2142-2160 [doi]

Larger-scale Nakamoto-style Blockchains Don't Necessarily Offer Better SecurityJannik Albrecht, Sébastien Andreina, Frederik Armknecht, Ghassan Karame, Giorgia Azzurra Marson, Julian Willingmann. 2161-2179 [doi]

Nurgle: Exacerbating Resource Consumption in Blockchain State Storage via MPT ManipulationZheyuan He, Zihao Li 0001, Ao Qiao, Xiapu Luo, Xiaosong Zhang 0001, Ting Chen 0002, Shuwei Song, Dijun Liu, Weina Niu. 2180-2197 [doi]

Nyx: Detecting Exploitable Front-Running Vulnerabilities in Smart ContractsWuqi Zhang, Zhuo Zhang 0002, Qingkai Shi, Lu Liu, Lili Wei, Yepang Liu 0001, Xiangyu Zhang 0001, Shing-Chi Cheung. 2198-2216 [doi]

SmartInv: Multimodal Learning for Smart Contract Invariant InferenceSally Junsong Wang, Kexin Pei, Junfeng Yang. 2217-2235 [doi]

Pulling Off The Mask: Forensic Analysis of the Deceptive Creator Wallets Behind Smart Contract FraudMingxuan Yao, Runze Zhang, Haichuan Xu, Shih-Huan Chou, Varun Chowdhary Paturi, Amit Kumar Sikder, Brendan Saltaformaggio. 2236-2254 [doi]

Towards Smart Contract Fuzzing on GPUsWeimin Chen, Xiapu Luo, Haipeng Cai, Haoyu Wang 0001. 2255-2272 [doi]

Large-Scale Study of Vulnerability Scanners for Ethereum Smart ContractsChristoph Sendner, Lukas Petzi, Jasper Stang, Alexandra Dmitrienko. 2273-2290 [doi]

Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic NetworkTakayuki Sasaki, Takaya Noma, Yudai Morii, Toshiya Shimura, Michel van Eeten, Katsunari Yoshioka, Tsutomu Matsumoto. 2291-2309 [doi]

SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT DevicesQinying Wang, Boyu Chang, Shouling Ji, Yuan Tian 0001, Xuhong Zhang 0002, Binbin Zhao, Gaoning Pan, Chenyang Lyu, Mathias Payer, Wenhai Wang, Raheem Beyah. 2310-2387 [doi]

A Systematic Study of Physical Sensor Attack HardnessHyungsub Kim, Rwitam Bandyopadhyay, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Yongdae Kim, Dongyan Xu. 2328-2347 [doi]

Revisiting Automotive Attack Surfaces: a Practitioners' PerspectivePengfei Jing, Zhiqiang Cai, Yingjie Cao, Le Yu 0002, Yuefeng Du 0006, Wenkai Zhang, Chenxiong Qian, Xiapu Luo, Sen Nie, Shi Wu. 2348-2365 [doi]

From Virtual Touch to Tesla Command: Unlocking Unauthenticated Control Chains From Smart Glasses for Vehicle TakeoverXingli Zhang, Yazhou Tu, Yan Long, Liqun Shan, Mohamed A Elsaadani, Kevin Fu, Zhiqiang Lin, Xiali Hei 0001. 2366-2384 [doi]

MQTTactic: Security Analysis and Verification for Logic Flaws in MQTT ImplementationsBin Yuan, Zhanxiang Song, Yan Jia, Zhenyu Lu, Deqing Zou, Hai Jin 0001, Luyi Xing. 2385-2403 [doi]

Wear's my Data? Understanding the Cross-Device Runtime Permission Model in WearablesDoguhan Yeke, Muhammad Ibrahim, Güliz Seray Tuncay, Habiba Farrukh, Abdullah Imran, Antonio Bianchi, Z. Berkay Celik. 2404-2421 [doi]

Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device's Power LED Captured by Standard Video CamerasBen Nassi, Etay Iluz, Or Hai Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, Yuval Elovici. 2422-2440 [doi]

SoK: Explainable Machine Learning in Adversarial EnvironmentsMaximilian Noppel, Christian Wressnegger. 2441-2459 [doi]

GrOVe: Ownership Verification of Graph Neural Networks using EmbeddingsAsim Waheed, Vasisht Duddu, N. Asokan. 2460-2477 [doi]

Revisiting Black-box Ownership Verification for Graph Neural NetworksRuikai Zhou, Kang Yang, Xiuling Wang, Wendy Hui Wang, Jun Xu 0024. 2478-2496 [doi]

CORELOCKER: Neuron-level Usage ControlZihan Wang, Zhongkui Ma, Xinguo Feng, Ruoxi Sun 0001, Hu Wang, Minhui Xue, Guangdong Bai. 2497-2514 [doi]

MEA-Defender: A Robust Watermark against Model Extraction AttackPeizhuo Lv, Hualong Ma, Kai Chen 0012, Jiachen Zhou, Shengzhi Zhang, Ruigang Liang, Shenchen Zhu, Pan Li, Yingjun Zhang. 2515-2533 [doi]

Securing Graph Neural Networks in MLaaS: A Comprehensive Realization of Query-based Integrity VerificationBang Wu, Xingliang Yuan, Shuo Wang, Qi Li 0002, Minhui Xue, Shirui Pan. 2534-2552 [doi]

Sophon: Non-Fine-Tunable Learning to Restrain Task Transferability For Pre-trained ModelsJiangyi Deng, Shengyuan Pang, Yanjiao Chen, Liangming Xia, Yijie Bai, Haiqin Weng, Wenyuan Xu 0001. 2553-2571 [doi]

FLShield: A Validation Based Federated Learning Framework to Defend Against Poisoning AttacksEhsanul Kabir, Zeyu Song, Md. Rafi Ur Rashid, Shagufta Mehnaz. 2572-2590 [doi]

Secure Messaging with Strong Compromise Resilience, Temporal Privacy, and Immediate DecryptionCas Cremers, Mang Zhao. 2591-2609 [doi]

Private Hierarchical Governance for Encrypted MessagingArmin Namavari, Barry Wang, Sanketh Menda, Ben Nassi, Nirvan Tyagi, James Grimmelmann, Amy X. Zhang, Thomas Ristenpart. 2610-2629 [doi]

Enforcing End-to-end Security for Remote Conference ApplicationsYuelin Liu, Huangxun Chen, Zhice Yang. 2630-2647 [doi]

Injection Attacks Against End-to-End Encrypted ApplicationsAndrés Fábrega, Carolina Ortega Pérez, Armin Namavari, Ben Nassi, Rachit Agarwal 0001, Thomas Ristenpart. 2648-2665 [doi]

Device-Oriented Group Messaging: A Formal Cryptographic Analysis of Matrix' CoreMartin R. Albrecht, Benjamin Dowling, Daniel Jones. 2666-1685 [doi]

Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security ElementsCas Cremers, Eyal Ronen, Mang Zhao. 2686-2704 [doi]

Holepunch: Fast, Secure File Deletion with Crash ConsistencyZachary Ratliff, Wittmann Goh, Abe Wieland, James Mickens, Ryan Williams. 2705-2721 [doi]

INVISILINE: Invisible Plausibly-Deniable StorageSandeep Kiran Pinjala, Bogdan Carbunar, Anrin Chakraborti, Radu Sion. 2722-2739 [doi]

Guessing on Dominant Paths: Understanding the Limitation of Wireless Authentication Using Channel State InformationZhe Qu, Rui Duan, Xiao Han, Shangqing Zhao, Yao Liu 0007, Zhuo Lu. 2740-2758 [doi]

MetaFly: Wireless Backhaul Interception via Aerial Wavefront ManipulationZhambyl Shaikhanov, Sherif Badran, Hichem Guerboukha, Josep Miquel Jornet, Daniel M. Mittleman, Edward W. Knightly. 2759-2774 [doi]

NFCEraser: A Security Threat of NFC Message Modification Caused by Quartz Crystal OscillatorJianshuo Liu, Hong Li 0004, Mengjie Sun, Haining Wang 0001, Hui-Wen, Zhi Li, Limin Sun 0001. 2775-2793 [doi]

Secure Ranging with IEEE 802.15.4z HRP UWBXiliang Luo, Cem Kalkanli, Hao Zhou, Pengcheng Zhan, Moche Cohen. 2794-2811 [doi]

MIMOCrypt: Multi-User Privacy-Preserving Wi-Fi Sensing via MIMO EncryptionJun Luo 0001, Hangcheng Cao, Hongbo Jiang 0001, Yanbing Yang, Zhe Chen 0015. 2812-2830 [doi]

Surveilling the Masses with Wi-Fi-Based Positioning SystemsErik C. Rye, Dave Levin. 2831-2846 [doi]

SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald BluetoothJianliang Wu, Ruoyu Wu, Dongyan Xu, Dave Jing Tian, Antonio Bianchi. 2847-228066 [doi]

Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile DevicesHadi Givehchian, Nishant Bhaskar, Alexander Redding, Han Zhao, Aaron Schulman, Dinesh Bharadia. 2867-2885 [doi]

It's Simplex! Disaggregating Measures to Improve Certified RobustnessAndrew C. Cullen, Paul Montague, Shijie Liu, Sarah M. Erfani, Benjamin I. P. Rubinstein. 2886-2900 [doi]

Sabre: Cutting through Adversarial Noise with Adaptive Spectral Filtering and Input ReconstructionAlec F. Diallo, Paul Patras. 2901-2919 [doi]

Text-CRS: A Generalized Certified Robustness Framework against Textual Adversarial AttacksXinyu Zhang 0016, Hanbin Hong, Yuan Hong, Peng Huang, Binghui Wang, Zhongjie Ba, Kui Ren 0001. 2920-2938 [doi]

FCert: Certifiably Robust Few-Shot Classification in the Era of Foundation ModelsYanting Wang, Wei Zou, Jinyuan Jia 0001. 2939-2957 [doi]

Node-aware Bi-smoothing: Certified Robustness against Graph Injection AttacksYuni Lai, Yulin Zhu, Bailin Pan, Kai Zhou 0001. 2958-2976 [doi]

LACMUS: Latent Concept Masking for General Robustness Enhancement of DNNsShuo Wang 0012, Hongsheng Hu, Jiamin Chang, Benjamin Zi Hao Zhao, Minhui Xue. 2977-2995 [doi]

SoK: Unintended Interactions among Machine Learning Defenses and RisksVasisht Duddu, Sebastian Szyller, N. Asokan. 2996-3014 [doi]

Securely Fine-tuning Pre-trained Encoders Against Adversarial ExamplesZiqi Zhou, Minghui Li, Wei Liu 0004, Shengshan Hu, Yechao Zhang, Wei Wan, Lulu Xue, Leo Yu Zhang, Dezhong Yao 0002, Hai Jin 0001. 3015-3033 [doi]

hinTS: Threshold Signatures with Silent SetupSanjam Garg, Abhishek Jain 0002, Pratyay Mukherjee, Rohit Sinha 0001, Mingyuan Wang 0001, Yinuo Zhang. 3034-3052 [doi]

Threshold ECDSA in Three RoundsJack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat. 3053-3071 [doi]

Private Analytics via Streaming, Sketching, and Silently Verifiable ProofsMayank Rathee, Yuwen Zhang, Henry Corrigan-Gibbs, Raluca Ada Popa. 3072-3090 [doi]

Hyena: Balancing Packing, Reuse, and Rotations for Encrypted InferenceSarabjeet Singh, Shreyas Singh, Sumanth Gudaparthi, Xiong Fan, Rajeev Balasubramonian. 3091-3108 [doi]

Make Revocation Cheaper: Hardware-Based Revocable Attribute-Based EncryptionXiaoguo Li, Guomin Yang, Tao Xiang 0001, Shengmin Xu, Bowen Zhao 0001, HweeHwa Pang, Robert H. Deng. 3109-3127 [doi]

SoK: Efficient Design and Implementation of Polynomial Hash Functions over Prime FieldsJean Paul Degabriele, Jan Gilcher, Jérôme Govinden, Kenneth G. Paterson. 3128-3146 [doi]

Springproofs: Efficient Inner Product Arguments for Vectors of Arbitrary LengthJianning Zhang, Ming Su, Xiaoguang Liu, Gang Wang. 3147-3164 [doi]

CryptoVampire: Automated Reasoning for the Complete Symbolic Attacker Cryptographic ModelSimon Jeanteur, Laura Kovács, Matteo Maffei, Michael Rawson 0001. 3165-3183 [doi]

Nebula: A Privacy-First Platform for Data BackhaulJean Luc-Watson, Tess Despres, Alvin Tan, Shishir G. Patil, Prabal Dutta, Raluca Ada Popa. 3184-3202 [doi]

Pudding: Private User Discovery in Anonymity NetworksCeren Kocaogullar, Daniel Hugenroth, Martin Kleppmann, Alastair R. Beresford. 3203-3220 [doi]

Attacking and Improving the Tor Directory ProtocolZhongtang Luo, Adithya Bhat, Kartik Nayak, Aniket Kate. 3221-3237 [doi]

Real-Time Website Fingerprinting Defense via Traffic Cluster AnonymizationMeng Shen 0001, Kexin Ji, Jinhe Wu, Qi Li 0002, Xiangdong Kong, Ke Xu 0002, Liehuang Zhu. 3238-3256 [doi]

Learn What You Want to Unlearn: Unlearning Inversion Attacks against Machine UnlearningHongsheng Hu, Shuo Wang 0012, Tian Dong, Minhui Xue. 3257-3275 [doi]

Few-shot UnlearningYoungsik Yoon, Jinhwan Nam, Hyojeong Yun, Jaeho Lee, Dongwoo Kim, Jungseul Ok. 3276-3292 [doi]

DeepShuffle: A Lightweight Defense Framework against Adversarial Fault Injection Attacks on Deep Neural Networks in Multi-Tenant Cloud-FPGAYukui Luo, Adnan Siraj Rakin, Deliang Fan, Xiaolin Xu. 3293-3310 [doi]

DeepTheft: Stealing DNN Model Architectures through Power Side ChannelYansong Gao 0001, Huming Qiu, Zhi Zhang 0001, Binghui Wang, Hua Ma, Alsharif Abuadbba, Minhui Xue, Anmin Fu, Surya Nepal. 3311-3326 [doi]

No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device MLZiqi Zhang, Chen Gong, Yifeng Cai, Yuanyuan Yuan, Bingyan Liu, Ding Li 0001, Yao Guo 0001, Xiangqun Chen. 3327-3345 [doi]

One for All and All for One: GNN-based Control-Flow Attestation for Embedded DevicesMarco Chilese, Richard Mitev, Meni Orenbach, Robert Thorburn, Ahmad Atamli, Ahmad-Reza Sadeghi. 3346-3364 [doi]

Why Does Little Robustness Help? A Further Step Towards Understanding Adversarial TransferabilityYechao Zhang, Shengshan Hu, Leo Yu Zhang, Junyu Shi, Minghui Li, Xiaogeng Liu, Wei Wan, Hai Jin 0001. 3365-3384 [doi]

Backdooring Multimodal LearningXingshuo Han, Yutong Wu 0009, Qingjie Zhang, Yuan Zhou 0005, Yuan Xu, Han Qiu 0001, Guowen Xu, Tianwei Zhang 0004. 3385-3403 [doi]

Understanding the Privacy Practices of Political Campaigns: A Perspective from the 2020 US Election WebsitesKaushal Kafle, Prianka Mandal, Kapil Singh, Benjamin Andow, Adwait Nadkarni. 3404-3422 [doi]

Thwarting Last-Minute Voter CoercionRosario Giustolisi, Maryam Sheikhi-Garjan, Carsten Schürmann 0001. 3423-3439 [doi]

Can we cast a ballot as intended and be receipt free?Henri Devillez, Olivier Pereira, Thomas Peters, Quentin Yang. 3440-3457 [doi]

Investigating Voter Perceptions of Printed Physical Audit Trails for Online VotingKarola Marky, Nina Gerber, Henry John Krumb, Mohamed Khamis, Max Mühlhäuser. 3458-3477 [doi]

E-Vote Your Conscience: Perceptions of Coercion and Vote Buying, and the Usability of Fake Credentials in Online VotingLouis-Henri Merino, Alaleh Azhir, Haoqian Zhang, Simone Colombo 0002, Bernhard Tellenbach, Vero Estrada-Galiñanes, Bryan Ford. 3478-3496 [doi]

NetShuffle: Circumventing Censorship with Shuffle Proxies at the EdgePatrick Tser Jern Kon, Aniket Gattani, Dhiraj Saharia, Tianyu Cao, Diogo Barradas, Ang Chen, Micah Sherr, Benjamin E. Ujcich. 3497-3514 [doi]

R-CAID: Embedding Root Cause Analysis within Provenance-based Intrusion DetectionAkul Goyal, Gang Wang 0011, Adam Bates 0001. 3515-3532 [doi]

Kairos: Practical Intrusion Detection and Investigation using Whole-system ProvenanceZijun Cheng, Qiujian Lv, Jinyuan Liang, Yan Wang 0081, Degang Sun, Thomas Pasquier, Xueyuan Han. 3533-3551 [doi]

Flash: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation LearningMati Ur Rehman, Hadi Ahmadi, Wajih Ul Hassan. 3552-3570 [doi]

*R. Sekar, Hanke Kimm, Rohit Aich. 3571-3589 [doi]

Understanding and Bridging the Gap Between Unsupervised Network Representation Learning and Security AnalyticsJiacen Xu, Xiaokui Shu, Zhou Li 0001. 3590-3608 [doi]

DrSec: Flexible Distributed Representations for Efficient Endpoint SecurityMahmood Sharif, Pubali Datta, Andy Riddle, Kim Westfall, Adam Bates 0001, Vijay Ganti, Matthew Lentz, David Ott. 3609-3624 [doi]

Do You Play It by the Books? A Study on Incident Response Playbooks and Influencing FactorsDaniel Schlette, Philip Empl, Marco Caselli, Thomas Schreck, Günther Pernul. 3625-3643 [doi]

Jbeil: Temporal Graph-Based Inductive Learning to Infer Lateral Movement in Evolving Enterprise NetworksJoseph Khoury, Dorde Klisura, Hadi Zanddizari, Gonzalo De La Torre Parra, Peyman Najafirad, Elias Bou-Harb. 3644-3660 [doi]

Efficient and Generic Microarchitectural Hash-Function RecoveryLukas Gerlach 0001, Simon Schwarz, Nicolas Faroß, Michael Schwarz 0001. 3661-3678 [doi]

BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus InterconnectCristiano Rodrigues, Daniel Oliveira, Sandro Pinto. 3679-3696 [doi]

Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious ProgramsHans Winderix, Marton Bognar, Job Noorman, Lesly-Ann Daniel, Frank Piessens. 3697-3715 [doi]

GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data CompressionYingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy R. Vasquez, David Kohlbrenner, Hovav Shacham, Christopher W. Fletcher. 3716-3734 [doi]

ConjunCT: Learning Inductive Invariants to Prove Unbounded Instruction Safety Against Microarchitectural Timing AttacksSushant Dinesh, Madhusudan Parthasarathy, Christopher W. Fletcher. 3735-3753 [doi]

Prune+PlumTree - Finding Eviction Sets at ScaleTom Kessous, Niv Gilboa. 3754-3772 [doi]

Leaky Address Masking: Exploiting Unmasked Spectre Gadgets with Noncanonical Address TranslationMathé Hertogh, Sander Wiebing, Cristiano Giuffrida. 3773-3788 [doi]

Rethinking IC Layout Vulnerability: Simulation-Based Hardware Trojan Threat Assessment with High FidelityXinming Wei, Jiaxi Zhang 0001, Guojie Luo. 3789-3804 [doi]

Routing Attacks on Cryptocurrency Mining PoolsMuoi Tran, Theo von Arx, Laurent Vanbever. 3805-3821 [doi]

Sweep-UC: Swapping Coins PrivatelyLucjan Hanzlik, Julian Loss, Sri Aravinda Krishnan Thyagarajan, Benedikt Wagner. 3822-3839 [doi]

SoK: Security and Privacy of Blockchain InteroperabilityAndré Augusto, Rafael Belchior, Miguel Correia 0001, André Vasconcelos, Luyao Zhang, Thomas Hardjono. 3840-3865 [doi]

Non-Atomic Arbitrage in Decentralized FinanceLioba Heimbach, Vabuk Pahari, Eric Schertenleib. 3866-3884 [doi]

Optimal Flexible Consensus and its Application to EthereumJoachim Neu, Srivatsan Sridhar, Lei Yang 0031, David Tse. 3885-3903 [doi]

PriDe CT: Towards Public Consensus, Private Transactions, and Forward Secrecy in Decentralized PaymentsYue Guo, Harish Karthikeyan, Antigoni Polychroniadou, Chaddy Huussin. 3904-3922 [doi]

POMABuster: Detecting Price Oracle Manipulation Attacks in Decentralized FinanceRui Xi, Zehua Wang, Karthik Pattabiraman. 3923-3942 [doi]

Specular: Towards Secure, Trust-minimized Optimistic Blockchain ExecutionZhe Ye, Ujval Misra, Jiajun Cheng, Wenyang Zhou, Dawn Song. 3943-3960 [doi]

Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload ConstructionBofei Chen, Lei Zhang, Xinyou Huang, Yinzhi Cao, Keke Lian, Yuan Zhang, Min Yang 0002. 3961-3978 [doi]

"False negative - that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security TestingAmit Seal Ami, Kevin Moran, Denys Poshyvanyk, Adwait Nadkarni. 3979-3997 [doi]

AirTaint: Making Dynamic Taint Analysis Faster and EasierQian Sang, Yanhao Wang, Yuwei Liu, Xiangkun Jia, Tiffany Bao, Purui Su. 3998-4014 [doi]

Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious ConsequencesZhengyu Liu, Kecheng An, Yinzhi Cao. 4015-4033 [doi]

APP-Miner: Detecting API Misuses via Automatically Mining API Path PatternsJiasheng Jiang, JingZheng Wu, Xiang Ling 0001, Tianyue Luo, Sheng Qu, Yanjun Wu. 4034-4052 [doi]

ERASan: Efficient Rust Address SanitizerJiun Min, Dongyeon Yu, Seongyun Jeong, Dokyung Song, Yuseok Jeon. 4053-4068 [doi]

"Len or index or count, anything but v1": Predicting Variable Names in Decompilation Output with Transfer LearningKuntal Kumar Pal, Ati Priya Bajaj, Pratyay Banerjee, Audrey Dutcher, Mutsumi Nakamura, Zion Leonahenahe Basque, Himanshu Gupta, Saurabh Arjun Sawant, Ujjwala Anantheswaran, Yan Shoshitaishvili, Adam Doupé, Chitta Baral, Ruoyu Wang 0001. 4069-4087 [doi]

SrcMarker: Dual-Channel Source Code Watermarking via Scalable Code TransformationsBorui Yang, Wei Li, Liyao Xiang, Bo Li. 4088-4106 [doi]

UnTrustZone: Systematic Accelerated Aging to Expose On-chip SecretsJubayer Mahmod, Matthew Hicks. 4107-4124 [doi]

On (the Lack of) Code Confidentiality in Trusted Execution EnvironmentsIvan Puddu, Moritz Schneider 0001, Daniele Lain, Stefano Boschetto, Srdjan Capkun. 4125-4142 [doi]

SoK: SGX.Fail: How Stuff Gets eXposedStephan van Schaik, Alexander Seto, Thomas Yurek, Adam Batori, Bader AlBassam, Daniel Genkin, Andrew Miller 0001, Eyal Ronen, Yuval Yarom, Christina Garman. 4143-4162 [doi]

Pandora: Principled Symbolic Validation of Intel SGX Enclave RuntimesFritz Alder, Lesly-Ann Daniel, David F. Oswald, Frank Piessens, Jo Van Bulck. 4163-4181 [doi]

Obelix: Mitigating Side-Channels Through Dynamic ObfuscationJan Wichelmann, Anja Rabich, Anna Pätschke, Thomas Eisenbarth 0001. 4182-4199 [doi]

Serberus: Protecting Cryptographic Code from Spectres at Compile-TimeNicholas Mosier, Hamed Nemati, John C. Mitchell, Caroline Trippel. 4200-4219 [doi]

WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNPBenedict Schlüter, Supraja Sridhara, Andrin Bertschi, Shweta Shinde. 4220-4238 [doi]

Sticky Tags: Efficient and Deterministic Spatial Memory Error Mitigation using Persistent Memory TagsFloris Gorter, Taddeus Kroes, Herbert Bos, Cristiano Giuffrida. 4239-4257 [doi]

Bulkor: Enabling Bulk Loading for Path ORAMXiang Li, Yunqian Luo, Mingyu Gao 0001. 4258-4276 [doi]

Distributed & Scalable Oblivious Sorting and ShufflingNicholas Ngai, Ioannis Demertzis, Javad Ghareh Chamani, Dimitrios Papadopoulos 0001. 4277-4295 [doi]

Piano: Extremely Simple, Single-Server PIR with Sublinear Server ComputationMingxun Zhou, Andrew Park, Wenting Zheng, Elaine Shi. 4296-4314 [doi]

PIRANA: Faster Multi-query PIR via Constant-weight CodesJian Liu, Jingyu Li, Di Wu, Kui Ren 0001. 4315-4330 [doi]

Communication-efficient, Fault Tolerant PIR over Erasure Coded StorageAndrew Park, Trevor Leong, Francisco Maturana, Wenting Zheng, K. V. Rashmi. 4331-4347 [doi]

More is Merrier: Relax the Non-Collusion Assumption in Multi-Server PIRTiantian Gong, Ryan Henry, Alexandros Psomas 0001, Aniket Kate. 4348-4366 [doi]

Group Oblivious Message RetrievalZeyu Liu, Eran Tromer, Yunhao Wang. 4367-4385 [doi]

PolySphinx: Extending the Sphinx Mix Format With Better Multicast SupportDaniel Schadt, Christoph Coijanovic, Christiane Weis, Thorsten Strufe. 4386-4404 [doi]

Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy ResearchFlorian Hantke, Sebastian Roth, Rafael Mrowczynski, Christine Utz, Ben Stock. 4405-4423 [doi]

Cerberus: Enabling Efficient and Effective In-Network Monitoring on Programmable SwitchesHuancheng Zhou, Guofei Gu. 4424-4439 [doi]

Pryde: A Modular Generalizable Workflow for Uncovering Evasion Attacks Against Stateful Firewall DeploymentsSoo-Jin Moon, Milind Srivastava, Yves Bieri, Ruben Martins, Vyas Sekar. 4440-4458 [doi]

TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed PacketsXiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li. 4459-4477 [doi]

DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-ResponsesXiang Li, Dashuai Wu, Haixin Duan, Qi Li 0002. 4478-4496 [doi]

TCP Spoofing: Reliable Payload Transmission Past the Spoofed TCP HandshakeYepeng Pan, Christian Rossow. 4497-4515 [doi]

Practical Attacks Against DNS Reputation SystemsTillson Galloway, Kleanthis Karakolios, Zane Ma, Roberto Perdisci, Angelos Keromytis, Manos Antonakakis. 4516-4534 [doi]

Leveraging Prefix Structure to Detect Volumetric DDoS Attack Signatures with Programmable SwitchesChris Misa, Ramakrishnan Durairajan, Arpit Gupta, Reza Rejaie, Walter Willinger. 4535-4553 [doi]

Automated Synthesis of Effect Graph Policies for Microservice-Aware Stateful System Call SpecializationWilliam Blair, Frederico Araujo, Teryl Taylor, Jiyong Jang. 4554-4572 [doi]

SoK: A Comprehensive Analysis and Evaluation of Docker Container Attack and Defense MechanismsMd. Sadun Haq, Thien Duc Nguyen, Ali Saman Tosun, Franziska Vollmer, Turgay Korkmaz, Ahmad-Reza Sadeghi. 4573-4590 [doi]

Tabbed Out: Subverting the Android Custom Tab Security ModelPhilipp Beer, Marco Squarcina, Lorenzo Veronese, Martina Lindorfer. 4591-4609 [doi]

P4Control: Line-Rate Cross-Host Attack Prevention via In-Network Information Flow Control Enabled by Programmable Switches and eBPFOsama Bajaber, Bo Ji, Peng Gao. 4610-4628 [doi]

To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux' Wireless Stacks through VirtIO DevicesSönke Huster, Matthias Hollick, Jiska Classen. 4629-4645 [doi]

Saturn: Host-Gadget Synergistic USB Driver FuzzingYiru Xu, Hao Sun, Jianzhong Liu, Yuheng Shen, Yu Jiang 0001. 4646-4660 [doi]

SyzGen++: Dependency Inference for Augmenting Kernel Driver FuzzingWeiteng Chen, Yu Hao 0006, Zheng Zhang, Xiaochen Zou, Dhilung Kirat, Shachee Mishra, Douglas Lee Schales, Jiyong Jang, Zhiyun Qian. 4661-4677 [doi]

Side-Channel-Assisted Reverse-Engineering of Encrypted DNN Hardware Accelerator IP and Attack Surface ExplorationCheng Gongye, Yukui Luo, Xiaolin Xu, Yunsi Fei. 4678-4695 [doi]

SoK: Privacy-Preserving Data SynthesisYuzheng Hu, Fan Wu 0011, Qinbin Li, Yunhui Long, Gonzalo Munilla Garrido, Chang Ge 0002, Bolin Ding, David A. Forsyth, Bo Li 0026, Dawn Song. 4696-4713 [doi]

Preserving Node-level Privacy in Graph Neural NetworksZihang Xiang, Tianhao Wang 0001, Di Wang 0015. 4714-4732 [doi]

From Principle to Practice: Vertical Data Minimization for Machine LearningRobin Staab, Nikola Jovanovic 0001, Mislav Balunovic, Martin T. Vechev. 4733-4752 [doi]

BOLT: Privacy-Preserving, Accurate and Efficient Inference for TransformersQi Pang, Jinhao Zhu, Helen Möllering, Wenting Zheng, Thomas Schneider 0003. 4753-4771 [doi]

SHERPA: Explainable Robust Algorithms for Privacy-Preserved Federated Learning in Future Networks to Defend Against Data Poisoning AttacksChamara Sandeepa, Bartlomiej Siniarski, Shen Wang 0006, Madhusanka Liyanage. 4772-4790 [doi]

Please Tell Me More: Privacy Impact of Explainability through the Lens of Membership Inference AttackHan Liu, Yuhao Wu, Zhiyuan Yu, Ning Zhang 0017. 4791-4809 [doi]

From Individual Computation to Allied Optimization: Remodeling Privacy-Preserving Neural Inference with Function Input TuningQiao Zhang 0002, Tao Xiang 0001, Chunsheng Xin, Hongyi Wu. 4810-4827 [doi]

Protecting Label Distribution in Cross-Silo Federated LearningYangfan Jiang, Xinjian Luo, Yuncheng Wu, Xiaokui Xiao, Beng Chin Ooi. 4828-4847 [doi]

runs on WebDSL