29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020 - researchr publication

researchr

You are not signed in
Sign in
Sign up

Srdjan Capkun, Franziska Roesner, editors, 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020. USENIX Association, 2020. [doi]

Conference: uss2020

Abstract is missing.

Digital Contact TracingSrdjan Capkun. [doi]

Horizontal Privilege Escalation in Trusted ApplicationsDarius Suciu, Stephen E. McLaughlin, Laurent Simon, Radu Sion. [doi]

DELF: Safeguarding deletion correctness in Online Social NetworksKatriel Cohn-Gordon, Georgios Damaskinos, Divino Neto, Joshi Cordova, Benoît Reitz, Benjamin Strahs, Daniel Obenshain, Paul Pearce, Ioannis Papagiannis, Available Media. [doi]

The 2020 Election: Remote Voting, Disinformation, and AuditAvi Rubin. [doi]

A Formal Analysis of IEEE 802.11's WPA2: Countering the Kracks Caused by Cracking the CountersCas Cremers, Benjamin Kiesl, Niklas Medinger. 1-17 [doi]

Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation TargetsJan Ruge, Jiska Classen, Francesco Gringoli, Matthias Hollick. 19-36 [doi]

Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade AttacksYue Zhang 0025, Jian Weng 0001, Rajib Dey, Yier Jin, Zhiqiang Lin, Xinwen Fu. 37-54 [doi]

You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFiLingjing Yu, Bo Luo, Jun Ma, Zhaoyu Zhou, Qingyun Liu. 55-72 [doi]

Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTEDavid Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper. 73-88 [doi]

A Comprehensive Quality Evaluation of Security and Privacy Advice on the WebElissa M. Redmiles, Noel Warford, Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, Michelle L. Mazurek. 89-108 [doi]

Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix ItDaniel Votipka, Kelsey R. Fulton, James Parker, Matthew Hou, Michelle L. Mazurek, Michael Hicks 0001. 109-126 [doi]

Empirical Measurement of Systemic 2FA UsabilityJoshua Reynolds, Nikita Samarin, Joseph D. Barnes, Taylor Judd, Joshua Mason, Michael Bailey, Serge Egelman. 127-143 [doi]

What Twitter Knows: Characterizing Ad Targeting Practices, User Perceptions, and Ad Explanations Through Users' Own Twitter DataMiranda Wei, Madison Stamos, Sophie Veys, Nathan Reitinger, Justin Goodman, Margot Herman, Dorota Filipczuk, Ben Weinshel, Michelle L. Mazurek, Blase Ur. 145-162 [doi]

The Impact of Ad-Blockers on Product Search and Purchase Behavior: A Lab ExperimentAlisa Frik, Amelia Haviland, Alessandro Acquisti. 163-179 [doi]

Symbolic execution with SymCC: Don't interpret, compile!Sebastian Poeplau, Aurélien Francillon. 181-198 [doi]

Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) CodeFraser Brown, Deian Stefan, Dawson R. Engler. 199-216 [doi]

Everything Old is New Again: Binary Security of WebAssemblyDaniel Lehmann 0002, Johannes Kinder, Michael Pradel. 217-234 [doi]

AURORA: Statistical Crash Analysis for Automated Root Cause ExplanationTim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, Thorsten Holz. 235-252 [doi]

SmartVerif: Push the Limit of Automation Capability of Verifying Security Protocols by Dynamic StrategiesYan Xiong, Cheng Su, Wenchao Huang, Fuyou Miao, Wansen Wang, Hengyi Ouyang. 253-270 [doi]

BigMAC: Fine-Grained Policy Analysis of Android FirmwareGrant Hernandez, Dave (Jing) Tian, Anurag Swarnim Yadav, Byron J. Williams, Kevin R. B. Butler. 271-287 [doi]

From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App SecurityCharles Weir, Ben Hermann, Sascha Fahl. 289-305 [doi]

FANS: Fuzzing Android Native System Services via Automated Interface AnalysisBaozheng Liu, Chao Zhang, Guang Gong, Yishun Zeng, Haifeng Ruan, Jianwei Zhuge. 307-323 [doi]

Chaperone: Real-time Locking and Loss Prevention for SmartphonesJiayi Chen, Urs Hengartner, Hassan Khan, Mohammad Mannan. 325-342 [doi]

Towards HTTPS Everywhere on Android: We Are Not There YetAndrea Possemato, Yanick Fratantonio. 343-360 [doi]

Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at ScaleAdam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doupé, Gail-Joon Ahn. 361-377 [doi]

PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing BlacklistsAdam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, Adam Doupé. 379-396 [doi]

Who's Calling? Characterizing Robocalls through Audio and Metadata AnalysisSathvik Prasad, Elijah Bouma-Sims, Athishay Kiran Mylappan, Bradley Reaves. 397-414 [doi]

See No Evil: Phishing for Permissions with False TransparencyGüliz Seray Tuncay, Jingyu Qian, Carl A. Gunter. 415-432 [doi]

A different cup of TI? The added value of commercial threat intelligenceXander Bouwman, Harm Griffioen, Jelle Egbers, Christian Doerr, Bram Klievink, Michel van Eeten. 433-450 [doi]

HybCache: Hybrid Side-Channel-Resilient Caches for Trusted Execution EnvironmentsGhada Dessouky, Tommaso Frassetto, Ahmad-Reza Sadeghi. 451-468 [doi]

CopyCat: Controlled Instruction-Level Attacks on EnclavesDaniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, Berk Sunar. 469-486 [doi]

An Off-Chip Attack on Hardware Enclaves via the Memory BusDayeol Lee, Dongha Jung, Ian T. Fang, Chia-che Tsai, Raluca Ada Popa. 487-504 [doi]

Civet: An Efficient Java Partitioning Framework for Hardware EnclavesChia-che Tsai, Jeongseok Son, Bhushan Jain, John McAvey, Raluca Ada Popa, Donald E. Porter. 505-522 [doi]

BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety ProofShweta Shinde, Shengyi Wang, Pinghai Yuan, Aquinas Hobor, Abhik Roychoudhury, Prateek Saxena. 523-540 [doi]

EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware InternetMarkus Legner, Tobias Klenze, Marc Wyss, Christoph Sprenger 0001, Adrian Perrig. 541-558 [doi]

ShadowMove: A Stealthy Lateral Movement StrategyAmirreza Niakanlahiji, Jinpeng Wei, Md Rabbi Alam, Qingyang Wang, Bei-tseng Chu. 559-576 [doi]

Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding DevicesXiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, Zhiyun Qian. 577-593 [doi]

Programmable In-Network Security for Context-aware BYOD PoliciesQiao Kang, Lei Xue 0001, Adam Morrison 0003, Yuxin Tang, Ang Chen, Xiapu Luo. 595-612 [doi]

A Longitudinal and Comprehensive Study of the DANE Ecosystem in EmailHyeonmin Lee, Aniketh Gireesh, Roland van Rijswijk-Deij, Taekyoung Kwon 0001, Taejoong Chung. 613-630 [doi]

NXNSAttack: Recursive DNS Inefficiencies and VulnerabilitiesYehuda Afek, Anat Bremler-Barr, Lior Shafir. 631-648 [doi]

Shim Shimmeny: Evaluating the Security and Privacy Contributions of Link Shimming in the Modern WebFrank Li 0001. 649-664 [doi]

Cached and Confused: Web Cache Deception in the WildSeyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, William Robertson 0002. 665-682 [doi]

A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the WebStefano Calzavara, Sebastian Roth, Alvise Rabitti, Michael Backes 0001, Ben Stock. 683-697 [doi]

Retrofitting Fine Grain Isolation in the Firefox RendererShravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, Deian Stefan. 699-716 [doi]

Zero-delay Lightweight Defenses against Website FingerprintingJiajun Gong, Tao Wang. 717-734 [doi]

Achieving Keyless CDNs with ConclavesStephen Herwig, Christina Garman, Dave Levin. 735-751 [doi]

SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded ClientsFabian Schwarz, Christian Rossow. 753-770 [doi]

APEX: A Verified Architecture for Proofs of Execution on Remote Devices under Full Software CompromiseIvan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, Gene Tsudik. 771-788 [doi]

PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using EmulationLee Harrison, Hayawardh Vijayakumar, Rohan Padhye, Koushik Sen, Michael Grace. 789-806 [doi]

PHMon: A Programmable Hardware Monitor and Its Security Use CasesLeila Delshadtehrani, Sadullah Canakci, Boyou Zhou, Schuyler Eldridge, Ajay Joshi, Manuel Egele. 807-824 [doi]

TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX EnclavesTobias Cloosters, Michael Rodler, Lucas Davi. 841-858 [doi]

Stealthy Tracking of Autonomous Vehicles with Cache Side ChannelsMulong Luo, Andrew C. Myers, G. Edward Suh. 859-876 [doi]

Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor Attack and CountermeasuresJiachen Sun, Yulong Cao, Qi Alfred Chen, Z. Morley Mao. 877-894 [doi]

SAVIOR: Securing Autonomous Vehicles with Robust Physical InvariantsRaul Quinonez, Jairo Giraldo, Luis E. Salazar, Erick Bauman, Alvaro A. Cárdenas, Zhiqiang Lin. 895-912 [doi]

From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAYTaeGyu Kim, Chung Hwan Kim, Altay Ozen, Fan Fei, Zhan Tu, Xiangyu Zhang 0001, Xinyan Deng, Dave (Jing) Tian, Dongyan Xu. 913-930 [doi]

Drift with Devil: Security of Multi-Sensor Fusion based Localization in High-Level Autonomous Driving under GPS SpoofingJunjie Shen 0001, Jun Yeon Won, Zeyuan Chen, Qi Alfred Chen. 931-948 [doi]

Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoTHaohuang Wen, Qi Alfred Chen, Zhiqiang Lin. 949-965 [doi]

PCKV: Locally Differentially Private Correlated Key-Value Data Collection with Optimized UtilityXiaolan Gu, Ming Li 0003, Yueqiang Cheng, Li Xiong 0001, Yang Cao 0011. 967-984 [doi]

Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheckBenjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, Serge Egelman. 985-1002 [doi]

Walking Onions: Scaling Anonymity Networks while Protecting UsersChelsea Komlo, Nick Mathewson, Ian Goldberg. 1003-1020 [doi]

Differentially-Private Control-Flow Node Coverage for Software Usage AnalysisHailong Zhang 0006, Sufian Latif, Raef Bassily, Atanas Rountev. 1021-1038 [doi]

Visor: Privacy-Preserving Video Analytics as a Cloud ServiceRishabh Poddar, Ganesh Ananthanarayanan, Srinath Setty, Stavros Volos, Raluca Ada Popa. 1039-1056 [doi]

Datalog DisassemblyAntonio Flores-Montoya, Eric M. Schulte. 1075-1092 [doi]

KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write VulnerabilitiesWeiteng Chen, Xiaochen Zou, Guoren Li, Zhiyun Qian. 1093-1110 [doi]

Automatic Techniques to Systematically Discover New Heap Exploitation PrimitivesInsu Yun, Dhaval Kapil, Taesoo Kim. 1111-1128 [doi]

The Industrial Age of HackingTimothy Nosco, Jared Ziegler, Zechariah Clark, Davy Marrero, Todd Finkler, Andrew Barbarello, W. Michael Petullo. 1129-1146 [doi]

BScout: Direct Whole Patch Presence Test for Java ExecutablesJiarun Dai, Yuan Zhang 0009, Zheyue Jiang, Yingtian Zhou, Junyan Chen, Xinyu Xing, Xiaohan Zhang, Xin Tan, Min Yang 0002, Zhemin Yang. 1147-1164 [doi]

MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability SignaturesYang Xiao, Bihuan Chen 0001, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu 0003, Wei Huo, Wei Zou, Wenchang Shi. 1165-1182 [doi]

Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access DelegationYan Jia, Luyi Xing, Dongfang Zhao 0010, Xiaofeng Wang 0001, Yuqing Zhang. 1183-1200 [doi]

HALucinator: Firmware Re-hosting Through Abstraction Layer EmulationAbraham A. Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, Mathias Payer. 1201-1218 [doi]

Silhouette: Efficient Protected Shadow Stacks for Embedded SystemsJie Zhou, Yufei Du, Zhuojia Shen, Lele Ma, John Criswell, Robert J. Walls. 1219-1236 [doi]

P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface ModelingBo Feng, Alejandro Mera, Long Lu. 1237-1254 [doi]

COUNTERFOIL: Verifying Provenance of Integrated Circuits using Intrinsic Package Fingerprints and Inexpensive CamerasSiva Nishok Dhanuskodi, Xiang Li, Daniel E. Holcomb. 1255-1272 [doi]

Hall Spoofing: A Non-Invasive DoS Attack on Grid-Tied Solar InverterAnomadarshi Barua, Mohammad Abdullah Al Faruque. 1273-1290 [doi]

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online LearningAhmed Salem 0001, Apratim Bhattacharya, Michael Backes 0001, Mario Fritz, Yang Zhang 0016. 1291-1308 [doi]

Exploring Connections Between Active Learning and Model ExtractionVarun Chandrasekaran, Kamalika Chaudhuri, Irene Giacomelli, Somesh Jha, Songbai Yan. 1309-1326 [doi]

Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited QueriesFnu Suya, Jianfeng Chi, David Evans 0001, Yuan Tian 0001. 1327-1344 [doi]

High Accuracy and High Fidelity Extraction of Neural NetworksMatthew Jagielski, Nicholas Carlini, David Berthelot, Alex Kurakin, Nicolas Papernot. 1345-1362 [doi]

Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine LearningErwin Quiring, David Klein, Daniel Arp, Martin Johns, Konrad Rieck. 1363-1380 [doi]

TextShield: Robust Text Classification Based on Multimodal Embedding and Neural Machine TranslationJinfeng Li, Tianyu Du, Shouling Ji, Rong Zhang, Quan Lu, Min Yang, Ting Wang 0006. 1381-1398 [doi]

Data Recovery from "Scrubbed" NAND Flash Storage: Need for Analog SanitizationMd Mehedi Hasan, Biswajit Ray. 1399-1408 [doi]

PKU Pitfalls: Attacks on PKU-based Memory Isolation SystemsR. Joseph Connor, Tyler McDaniel, Jared M. Smith, Max Schuchard. 1409-1426 [doi]

Medusa: Microarchitectural Data Leakage via Automated Attack SynthesisDaniel Moghimi, Moritz Lipp, Berk Sunar, Michael Schwarz 0001. 1427-1444 [doi]

V0LTpwn: Attacking x86 Processor Integrity from SoftwareZijo Kenjar, Tommaso Frassetto, David Gens, Michael Franz, Ahmad-Reza Sadeghi. 1445-1461 [doi]

DeepHammer: Depleting the Intelligence of Deep Neural Networks through Targeted Chain of Bit FlipsFan Yao, Adnan Siraj Rakin, Deliang Fan. 1463-1480 [doi]

SpecFuzz: Bringing Spectre-type vulnerabilities to the surfaceOleksii Oleksenko, Bohdan Trach, Mark Silberstein, Christof Fetzer. 1481-1498 [doi]

Security Analysis of Unified Payments Interface and Payment Apps in IndiaRenuka Kumar, Sreesh Kishore, Hao Lu, Atul Prakash. 1499-1516 [doi]

Cardpliance: PCI DSS Compliance of Android ApplicationsSamin Yaseer Mahmud, Akhil Acharya, Benjamin Andow, William Enck, Bradley Reaves. 1517-1533 [doi]

The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal ElectionsMichael A. Specter, James Koppel, Daniel J. Weitzner. 1535-1553 [doi]

VoteAgain: A scalable coercion-resistant voting systemWouter Lueks, Iñigo Querejeta-Azurmendi, Carmela Troncoso. 1553-1570 [doi]

Boxer: Preventing fraud by scanning credit cardsZain ul Abi Din, Hari Venugopalan, Jaime Park, Andy Li, Weisu Yin, Haohui Mai, Yong Jae Lee, Steven Liu, Samuel T. King. 1571-1588 [doi]

Fawkes: Protecting Privacy against Unauthorized Deep Learning ModelsShawn Shan, Emily Wenger, Jiayun Zhang, Huiying Li, Haitao Zheng, Ben Y. Zhao. 1589-1604 [doi]

Local Model Poisoning Attacks to Byzantine-Robust Federated LearningMinghong Fang, Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong. 1605-1622 [doi]

Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership InferenceKlas Leino, Matt Fredrikson. 1605-1622 [doi]

Justinian's GAAvernor: Robust Distributed Learning with Gradient Aggregation AgentXudong Pan, Mi Zhang, Duocai Wu, Qifan Xiao, Shouling Ji, Zhemin Yang. 1641-1658 [doi]

Interpretable Deep Learning under FireXinyang Zhang, Ningfei Wang, Hua Shen, Shouling Ji, Xiapu Luo, Ting Wang 0006. 1659-1676 [doi]

Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz 0001, Stefan Mangard, Daniel Gruss. 1677-1694 [doi]

(Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested VirtualizationZeyu Mi, Dingji Li, Haibo Chen, Binyu Zang, Haibing Guan. 1695-1712 [doi]

DECAF: Automatic, Adaptive De-bloating and Hardening of COTS FirmwareJake Christensen, Ionut Mugurel Anghel, Rob Taglang, Mihai Chiroiu, Radu Sion. 1713-1730 [doi]

McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network ServersDaniel J. Bernstein, Tanja Lange 0001. 1731-1748 [doi]

Temporal System Call Specialization for Attack Surface ReductionSeyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, Michalis Polychronakis. 1749-1766 [doi]

Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA ImplementationsSamuel Weiser, David Schrammel, Lukas Bodner, Raphael Spreitzer. 1767-1784 [doi]

Estonian Electronic Identity Card: Security Flaws in Key ManagementArnis Parsovs. 1785-1802 [doi]

The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAsMaik Ender, Amir Moradi 0001, Christof Paar. 1803-1819 [doi]

Automating the Development of Chosen Ciphertext AttacksGabrielle Beck, Maximilian Zinkus, Matthew Green 0001. 1821-1837 [doi]

SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of TrustGaëtan Leurent, Thomas Peyrin. 1839-1856 [doi]

A Spectral Analysis of Noise: A Comprehensive, Automated, Formal Analysis of Diffie-Hellman ProtocolsGuillaume Girol, Lucca Hirschi, Ralf Sasse, Dennis Jackson, Cas Cremers, David A. Basin. 1857-1874 [doi]

An Observational Investigation of Reverse Engineers' ProcessesDaniel Votipka, Seth M. Rabin, Kristopher K. Micinski, Jeffrey S. Foster, Michelle L. Mazurek. 1875-1892 [doi]

The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity ForumsEmily Tseng, Rosanna Bellini, Nora McDonald, Matan Danos, Rachel Greenstadt, Damon McCoy, Nicola Dell, Thomas Ristenpart. 1893-1909 [doi]

DatashareNetwork: A Decentralized Privacy-Preserving Search Engine for Investigative JournalistsKasra Edalatnejad, Wouter Lueks, Julien Pierre Martin, Soline Ledésert, Anne L'Hôte, Bruno Thomas, Laurent Girod, Carmela Troncoso. 1911-1927 [doi]

"I am uncomfortable sharing what I can't see": Privacy Concerns of the Visually Impaired with Camera Based Assistive ApplicationsTaslima Akter, Bryan Dosono, Tousif Ahmed, Apu Kapadia, Bryan C. Semaan. 1929-1948 [doi]

'I have too much respect for my elders': Understanding South African Mobile Users' Perceptions of Privacy and Current Behaviors on Facebook and WhatsAppJake Reichel, Fleming Peck, Mikako Inaba, Bisrat Moges, Brahmnoor Singh Chawla, Marshini Chetty. 1949-1966 [doi]

RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache AttacksSamira Briongos, Pedro Malagón, José Manuel Moya, Thomas Eisenbarth 0001. 1967-1984 [doi]

Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote ConnectionsTom van Goethem, Christina Pöpper, Wouter Joosen, Mathy Vanhoef. 1985-2002 [doi]

Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN ArchitecturesMengjia Yan, Christopher W. Fletcher, Josep Torrellas. 2003-2020 [doi]

Certified Side ChannelsCesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, Billy Bob Brumley. 2021-2038 [doi]

NetWarden: Mitigating Network Covert Channels while Preserving PerformanceJiarong Xing, Qiao Kang, Ang Chen. 2039-2056 [doi]

TPM-FAIL: TPM meets Timing and Lattice AttacksDaniel Moghimi, Berk Sunar, Thomas Eisenbarth 0001, Nadia Heninger. 2057-2073 [doi]

Scaling Verifiable Computation Using Efficient Set AccumulatorsAlex Ozdemir, Riad S. Wahby, Barry Whitehat, Dan Boneh. 2075-2092 [doi]

Pixel: Multi-signatures for ConsensusManu Drijvers, Sergey Gorbunov 0001, Gregory Neven, Hoeteck Wee. 2093-2110 [doi]

SANNS: Scaling Up Secure Approximate k-Nearest Neighbors SearchHao Chen 0030, Ilaria Chillotti, Yihe Dong, Oxana Poburinnaya, Ilya P. Razenshteyn, M. Sadegh Riazi. 2111-2128 [doi]

MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal zk-SNARKsAhmed E. Kosba, Dimitrios Papadopoulos, Charalampos Papamanthou, Dawn Song. 2129-2146 [doi]

Secure Multi-party Computation of Differentially Private MedianJonas Böhler, Florian Kerschbaum. 2147-2164 [doi]

That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password ManagersSean Oesch, Scott Ruoti. 2165-2182 [doi]

Composition Kills: A Case Study of Email Sender AuthenticationJianjun Chen, Vern Paxson, Jian Jiang. 2183-2199 [doi]

Detecting Stuffing of a User's Credentials at Her Own AccountsKe Coby Wang, Michael K. Reiter. 2201-2218 [doi]

Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet AttacksCong Wu, Kun He 0008, Jing Chen 0003, Ziming Zhao 0001, RuiYing Du. 2219-2236 [doi]

Human Distinguishable Visual Key FingerprintsMozhgan Azimpourkivi, Umut Topkara, Bogdan Carbunar. 2237-2254 [doi]

FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep LearningPeiyuan Zong, Tao Lv, Dawei Wang, Zizhuang Deng, Ruigang Liang, Kai Chen 0012. 2255-2269 [doi]

FuzzGen: Automatic Fuzzer GenerationKyriakos K. Ispoglou, Daniel Austin, Vishwath Mohan, Mathias Payer. 2271-2287 [doi]

ParmeSan: Sanitizer-guided Greybox FuzzingSebastian Österlund, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. 2289-2306 [doi]

EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed BanditTai Yue, Pengfei Wang, Yong Tang, Enze Wang, Bo Yu, Kai Lu, Xu Zhou. 2307-2324 [doi]

MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded ProgramsHongxu Chen, Shengjian Guo, Yinxing Xue, Yulei Sui, Cen Zhang, Yuekang Li, Haijun Wang, Yang Liu. 2325-2342 [doi]

On Training Robust PDF Malware ClassifiersYizheng Chen, Shiqi Wang 0002, Dongdong She, Suman Jana. 2343-2360 [doi]

Measuring and Modeling the Label Dynamics of Online Anti-Malware EnginesShuofei Zhu, Jianjun Shi, Limin Yang, Boqin Qin, Ziyi Zhang, Linhai Song, Gang Wang 0011. 2361-2378 [doi]

FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android FirmwareMohamed Elsabagh, Ryan Johnson 0002, Angelos Stavrou, Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin. 2379-2396 [doi]

Automatic Hot Patch Generation for Android KernelsZhengzi Xu, Yulong Zhang, Longri Zheng, Liangzhao Xia, Chenfu Bao, Zhi Wang 0004, Yang Liu. 2397-2414 [doi]

iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS ApplicationsZhushou Tang, Ke Tang, Minhui Xue, Yuan Tian 0001, Sen Chen, Muhammad Ikram, Tielei Wang, Haojin Zhu. 2415-2432 [doi]

SEAL: Attack Mitigation for Encrypted Databases via Adjustable LeakageIoannis Demertzis, Dimitrios Papadopoulos, Charalampos Papamanthou, Saurabh Shintre. 2433-2450 [doi]

Pancake: Frequency Smoothing for Encrypted Data StoresPaul Grubbs, Anurag Khandelwal, Marie-Sarah Lacharité, Lloyd Brown, Lucy Li, Rachit Agarwal 0001, Thomas Ristenpart. 2451-2468 [doi]

Droplet: Decentralized Authorization and Access Control for Encrypted Data StreamsHossein Shafagh, Lukas Burkhalter, Sylvia Ratnasamy, Anwar Hithnawi. 2469-2486 [doi]

Secure parallel computation on national scale volumes of dataSahar Mazloom, Phi-Hung Le, Samuel Ranellucci, S. Dov Gordon. 2487-2504 [doi]

Delphi: A Cryptographic Inference Service for Neural NetworksPratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, Raluca Ada Popa. 2505-2522 [doi]

Analysis of DTLS Implementations Using Protocol State FuzzingPaul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, Juraj Somorovsky. 2523-2540 [doi]

Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine CheckpointsDokyung Song, Felicitas Hetzelt, Jonghwan Kim, Brent ByungHoon Kang, Jean-Pierre Seifert, Michael Franz. 2541-2557 [doi]

USBFuzz: A Framework for Fuzzing USB Drivers by Device EmulationHui Peng, Mathias Payer. 2559-2575 [doi]

GREYONE: Data Flow Sensitive FuzzingShuitao Gan, Chao Zhang 0008, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, Zuoning Chen. 2577-2594 [doi]

Fuzzing Error Handling Code using Context-Sensitive Software Fault InjectionZu-Ming Jiang, Jia-Ju Bai, Kangjie Lu, Shi-Min Hu 0001. 2595-2612 [doi]

Montage: A Neural Network Language Model-Guided JavaScript Engine FuzzerSuyoung Lee, Hyungseok Han, Sang Kil Cha, Sooel Son. 2613-2630 [doi]

Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable SystemsTakeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, Kevin Fu. 2631-2648 [doi]

SkillExplorer: Understanding the Behavior of Skills in Large ScaleZhixiu Guo, Zijin Lin, Pan Li, Kai Chen 0012. 2649-2666 [doi]

Devil's Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition DevicesYuxuan Chen, Xuejing Yuan, Jiangshan Zhang, Yue Zhao 0018, Shengzhi Zhang, Kai Chen 0012, Xiaofeng Wang 0001. 2667-2684 [doi]

Void: A fast and light voice liveness detection systemMuhammad Ejaz Ahmed, Il-Youp Kwak, Jun Ho Huh, Iljoo Kim, Taekkyung Oh, Hyoungshick Kim. 2685-2702 [doi]

Preech: A System for Privacy-Preserving Speech TranscriptionShimaa Ahmed, Amrita Roy Chowdhury 0001, Kassem Fawaz, Parmesh Ramanathan. 2703-2720 [doi]

BlockSci: Design and applications of a blockchain analysis platformHarry A. Kalodner, Malte Möser, Kevin Lee, Steven Goldfeder, Martin Plattner, Alishah Chator, Arvind Narayanan. 2721-2738 [doi]

Remote Side-Channel Attacks on Anonymous TransactionsFlorian Tramèr, Dan Boneh, Kenny Paterson. 2739-2756 [doi]

ETHBMC: A Bounded Model Checker for Smart ContractsJoel Frank, Cornelius Aschermann, Thorsten Holz. 2757-2774 [doi]

TXSPECTOR: Uncovering Attacks in Ethereum from TransactionsMengya Zhang, Xiaokuan Zhang, Yinqian Zhang, Zhiqiang Lin. 2775-2792 [doi]

An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum EcosystemShunfan Zhou, Zhemin Yang, Jie Xiang, Yinzhi Cao, Min Yang, Yuan Zhang 0009. 2793-2810 [doi]

runs on WebDSL