Abstract is missing.
- Susan Landau, Tufts UniversitySusan Landau 0001. [doi]
- Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social AuthenticationCheng Guo, Brianne Campbell, Apu Kapadia, Michael K. Reiter, Kelly Caine. 1-18 [doi]
- 'Passwords Keep Me Safe' - Understanding What Children Think about PasswordsMary Theofanos, Yee-Yin Choong, Olivia Murphy. 19-35 [doi]
- On the Usability of Authenticity Checks for Hardware Security TokensKatharina Pfeffer, Alexandra Mai, Adrian Dabrowski, Matthias Gusenbauer, Philipp Schindler, Edgar R. Weippl, Michael Franz, Katharina Krombholz. 37-54 [doi]
- Inexpensive Brainwave Authentication: New Techniques and Insights on User AcceptancePatricia Arias Cabarcos, Thilo Habrich, Karen Becker, Christian Becker 0001, Thorsten Strufe. 55-72 [doi]
- Why Older Adults (Don't) Use Password ManagersHirak Ray, Flynn Wolf, Ravi Kuber, Adam J. Aviv. 73-90 [doi]
- "It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthnLeona Lassak, Annika Hildebrandt, Maximilian Golla, Blase Ur. 91-108 [doi]
- Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design PatternsMaximilian Golla, Grant Ho, Marika Lohmus, Monica Pulluri, Elissa M. Redmiles. 109-126 [doi]
- Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable EncryptionSimon Oya, Florian Kerschbaum. 127-142 [doi]
- A Highly Accurate Query-Recovery Attack against Searchable Encryption using Non-Indexed DocumentsMarc Damie, Florian Hahn 0004, Andreas Peter. 143-160 [doi]
- Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and FragmentationMathy Vanhoef. 161-178 [doi]
- Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa TransactionsDavid A. Basin, Ralf Sasse, Jorge Toro-Pozo. 179-194 [doi]
- Partitioning Oracle AttacksJulia Len, Paul Grubbs, Thomas Ristenpart. 195-212 [doi]
- Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, Jörg Schwenk. 213-230 [doi]
- A Side Journey To TitanThomas Roche, Victor Lomné, Camille Mutschler, Laurent Imbert. 231-248 [doi]
- PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded ApplicationsTaeGyu Kim, Vireshwar Kumar, Junghwan Rhee, Jizhou Chen, Kyungtae Kim, Chung Hwan Kim, Dongyan Xu, Dave (Jing) Tian. 249-266 [doi]
- On the Design and Misuse of Microcoded (Embedded) Processors - A Cautionary NoteNils Albartus, Clemens Nasenberg, Florian Stolz, Marc Fyrbiak, Christof Paar, Russell Tessier. 267-284 [doi]
- M2MON: Building an MMIO-based Security Reference Monitor for Unmanned VehiclesArslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, Dave (Jing) Tian. 285-302 [doi]
- Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded SystemsLibo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu 0004, Jiaqi Linghu, Qinsheng Hou, Chao Zhang 0008, Haixin Duan, Zhi Xue. 303-319 [doi]
- Jetset: Targeted Firmware Rehosting for Embedded SystemsEvan Johnson, Maxwell Bland, Yifei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, Kirill Levchenko. 321-338 [doi]
- LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth StacksJianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi. 339-356 [doi]
- PACStack: an Authenticated Call StackHans Liljestrand, Thomas Nyman, Lachlan J. Gunn, Jan-Erik Ekberg, N. Asokan. 357-374 [doi]
- "It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices OnlineAllison McDonald, Catherine Barwulor, Michelle L. Mazurek, Florian Schaub, Elissa M. Redmiles. 375-392 [doi]
- "Now I'm a bit angry: " Individuals' Awareness, Perception, and Responses to Data Breaches that Affected ThemPeter Mayer, Yixin Zou, Florian Schaub, Adam J. Aviv. 393-410 [doi]
- "It's the Company, the Government, You and I": User Perceptions of Responsibility for Smart Home Privacy and SecurityJulie M. Haney, Yasemin Acar, Susanne Furman. 411-428 [doi]
- The Role of Computer Security Customer Support in Helping Survivors of Intimate Partner ViolenceYixin Zou, Allison McDonald, Julia Narakornpichit, Nicola Dell, Thomas Ristenpart, Kevin A. Roundy, Florian Schaub, Acar Tamersoy. 429-446 [doi]
- Evaluating In-Workflow Messages for Improving Mental Models of End-to-End EncryptionOmer Akgul, Wei Bai 0004, Shruti Das, Michelle L. Mazurek. 447-464 [doi]
- PriSEC: A Privacy Settings Enforcement ControllerRishabh Khandelwal, Thomas Linden, Hamza Harkous, Kassem Fawaz. 465-482 [doi]
- Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My ActivityFlorian M. Farke, David G. Balash, Maximilian Golla, Markus Dürmuth, Adam J. Aviv. 483-500 [doi]
- Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine LearningChenkai Weng, Kang Yang 0002, Xiang Xie, Jonathan Katz, Xiao Wang 0012. 501-518 [doi]
- Poseidon: A New Hash Function for Zero-Knowledge Proof SystemsLorenzo Grassi 0001, Dmitry Khovratovich, Christian Rechberger, Arnab Roy 0005, Markus Schofnegger. 519-535 [doi]
- Dynamic proofs of retrievability with low server storageGaspard Anthoine, Jean-Guillaume Dumas, Mélanie de Jonghe, Aude Maignan, Clément Pernet, Michael Hanling, Daniel S. Roche. 537-554 [doi]
- Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary CodeCarlo Meijer, Veelasha Moonsamy, Jos Wetzels. 555-572 [doi]
- Towards Formal Verification of State Continuity for Enclave ProgramsMohit Kumar Jangid, Guoxing Chen, Yinqian Zhang, Zhiqiang Lin. 573-590 [doi]
- Protecting Cryptography Against Compelled Self-IncriminationSarah Scheffler, Mayank Varia. 591-608 [doi]
- CSProp: Ciphertext and Signature Propagation Low-Overhead Public-Key Cryptosystem for IoT EnvironmentsFatemah Alharbi, Arwa Alrawais, Abdulrahman Bin Rabiah, Silas Richelson, Nael B. Abu-Ghazaleh. 609-626 [doi]
- Automatic Extraction of Secrets from the Transistor Jungle using Laser-Assisted Side-Channel AttacksThilo Krachenfels, Tuba Kiyan, Shahin Tajik, Jean-Pierre Seifert. 627-644 [doi]
- Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are PracticalRiccardo Paccagnella, Licheng Luo, Christopher W. Fletcher. 645-662 [doi]
- Frontal Attack: Leaking Control-Flow in SGX via the CPU FrontendIvan Puddu, Moritz Schneider, Miro Haller, Srdjan Capkun. 663-680 [doi]
- Charger-Surfing: Exploiting a Power Line Side-Channel for Smartphone Information LeakagePatrick Cronin, Xing Gao 0001, Chengmo Yang, Haining Wang. 681-698 [doi]
- VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interfaceZitai Chen, Georgios Vasilakis, Kit Murdock, Edward Dean, David Oswald, Flavio D. Garcia. 699-716 [doi]
- CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side ChannelMengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, Yueqiang Cheng. 717-732 [doi]
- Cross-VM and Cross-Processor Covert Channels Exploiting Processor Idle Power ManagementPaizhuo Chen, Lei Li, Zhice Yang. 733-750 [doi]
- Can Systems Explain Permissions Better? Understanding Users' Misperceptions under Smartphone Runtime Permission ModelBingyu Shen 0002, Lili Wei, Chengcheng Xiang, Yudong Wu, Mingyao Shen, Yuanyuan Zhou 0001, Xinxin Jin. 751-768 [doi]
- "Shhh...be quiet!" Reducing the Unwanted Interruptions of Notification Permission Prompts on ChromeIgor Bilogrevic, Balazs Engedy, Judson L. Porter III, Nina Taft, Kamila Hasanbega, Andrew Paseltiner, Hwi Kyoung Lee, Edward Jung, Meggyn Watkins, P. J. McLachlan, Jason James. 769-784 [doi]
- Explanation Beats Context: The Effect of Timing & Rationales on Users' Runtime Permission DecisionsYusra Elbitar, Michael Schilling 0001, Trung Tin Nguyen, Michael Backes 0001, Sven Bugiel. 785-802 [doi]
- A Large Scale Study of User Behavior, Expectations and Engagement with Android PermissionsWeicheng Cao, Chunqiu Xia, Sai Teja Peddinti, David Lie, Nina Taft, Lisa M. Austin. 803-820 [doi]
- Reducing Bias in Modeling Real-world Password Strength via Deep Learning and Dynamic DictionariesDario Pasquini, Marco Cianfriglia, Giuseppe Ateniese, Massimo Bernaschi. 821-838 [doi]
- Using Amnesia to Detect Credential Database BreachesKe Coby Wang, Michael K. Reiter. 839-855 [doi]
- Incrementally Updateable Honey Password VaultsHaibo Cheng, Wenting Li, Ping Wang 0003, Chao-Hsien Chu, Kaitai Liang. 857-874 [doi]
- Private Blocklist Lookups with ChecklistDmitry Kogan, Henry Corrigan-Gibbs. 875-892 [doi]
- Identifying Harmful Media in End-to-End Encrypted Communication: Efficient Private Membership ComputationAnunay Kulshrestha, Jonathan R. Mayer. 893-910 [doi]
- Fuzzy Labeled Private Set Intersection with Applications to Private Real-Time Biometric SearchErkam Uzun, Simon P. Chung, Vladimir Kolesnikov, Alexandra Boldyreva, Wenke Lee. 911-928 [doi]
- PrivSyn: Differentially Private Data SynthesisZhikun Zhang 0001, Tianhao Wang 0001, Ninghui Li, Jean Honorio, Michael Backes 0001, Shibo He, Jiming Chen 0001, Yang Zhang 0016. 929-946 [doi]
- Data Poisoning Attacks to Local Differential Privacy ProtocolsXiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong. 947-964 [doi]
- How to Make Private Distributed Cardinality Estimation Practical, and Get Differential Privacy for FreeChanghui Hu, Jin Li 0002, Zheli Liu, Xiaojie Guo, Yu Wei, Xuan Guang, Grigorios Loukides, Changyu Dong. 965-982 [doi]
- Locally Differentially Private Analysis of Graph StatisticsJacob Imola, Takao Murakami, Kamalika Chaudhuri. 983-1000 [doi]
- SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScriptFinn de Ridder, Pietro Frigo, Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, Kaveh Razavi. 1001-1018 [doi]
- Database Reconstruction from Noisy Volumes: A Cache Side-Channel Attack on SQLiteAria Shahverdi, Mahammad Shirinov, Dana Dachman-Soled. 1019-1035 [doi]
- PTAuth: Temporal Memory Safety via Robust Points-to AuthenticationReza Mirzazade Farkhani, Mansour Ahmadi, Long Lu. 1037-1054 [doi]
- Does logic locking work with EDA tools?Zhaokun Han, Muhammad Yasin, Jeyavijayan (JV) Rajendran. 1055-1072 [doi]
- CURE: A Security Architecture with CUstomizable and Resilient EnclavesRaad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, Emmanuel Stapf. 1073-1090 [doi]
- DICE*: A Formally Verified Implementation of DICE Measured BootZhe Tao, Aseem Rastogi, Naman Gupta, Kapil Vaswani, Aditya V. Thakur. 1091-1107 [doi]
- PEARL: Plausibly Deniable Flash Translation Layer using WOM codingChen Chen 0057, Anrin Chakraborti, Radu Sion. 1109-1126 [doi]
- Examining the Efficacy of Decoy-based and Psychological Cyber DeceptionKimberly Ferguson-Walter, Maxine Major, Chelsea K. Johnson, Daniel H. Muhleman. 1127-1144 [doi]
- Helping Users Automatically Find and Manage Sensitive, Expendable Files in Cloud StorageMohammad Taha Khan, Christopher Tran 0001, Shubham Singh, Dimitri Vasilkov, Chris Kanich, Blase Ur, Elena Zheleva. 1145-1162 [doi]
- Adapting Security Warnings to Counter Online DisinformationBen Kaiser, Jerry Wei, Eli Lucherini, Kevin Lee, J. Nathan Matias, Jonathan R. Mayer. 1163-1180 [doi]
- "Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaignsSunny Consolvo, Patrick Gage Kelley, Tara Matthews, Kurt Thomas, Lee Dunn, Elie Bursztein. 1181-1198 [doi]
- Security Obstacles and Motivations for Small Businesses from a CISO's PerspectiveFlynn Wolf, Adam J. Aviv, Ravi Kuber. 1199-1216 [doi]
- Strategies and Perceived Risks of Sending Sensitive DocumentsNoel Warford, Collins W. Munyendo, Ashna Mediratta, Adam J. Aviv, Michelle L. Mazurek. 1217-1234 [doi]
- A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized EnterprisesNicolas Huaman, Bennet von Skarczinski, Christian Stransky, Dominik Wermke, Yasemin Acar, Arne Dreißigacker, Sascha Fahl. 1235-1252 [doi]
- On the Routing-Aware Peering against Network-Eclipse Attacks in BitcoinMuoi Tran, Akshaye Shenoi, Min-Suk Kang. 1253-1270 [doi]
- EOSAFE: Security Analysis of EOSIO Smart ContractsNingyu He, Ruiyi Zhang, Haoyu Wang 0001, Lei Wu 0012, Xiapu Luo, Yao Guo 0001, Ting Yu, Xuxian Jiang. 1271-1288 [doi]
- EVMPatch: Timely and Automated Patching of Ethereum Smart ContractsMichael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi. 1289-1306 [doi]
- Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized ApplicationsLiya Su, Xinyue Shen, Xiangyu Du, Xiaojing Liao, Xiaofeng Wang 0001, Luyi Xing, Baoxu Liu. 1307-1324 [doi]
- Smart Contract Vulnerabilities: Vulnerable Does Not Imply ExploitedDaniel Perez 0001, Benjamin Livshits. 1325-1341 [doi]
- Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum BlockchainChristof Ferreira Torres, Ramiro Camino, Radu State. 1343-1359 [doi]
- SmarTest: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic ExecutionSunbeom So, Seongjoon Hong, Hakjoo Oh. 1361-1378 [doi]
- MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative DesignGururaj Saileshwar, Moinuddin K. Qureshi. 1379-1396 [doi]
- DOLMA: Securing Speculation with the Principle of Transient Non-ObservabilityKevin Loughlin, Ian Neal, Jiacheng Ma, Elisa Tsai, Ofir Weisse, Satish Narayanasamy, Baris Kasikci. 1397-1414 [doi]
- Osiris: Automated Discovery of Microarchitectural Side ChannelsDaniel Weber, Ahmad Ibrahim 0002, Hamed Nemati, Michael Schwarz, Christian Rossow. 1415-1432 [doi]
- Swivel: Hardening WebAssembly against SpectreShravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean M. Tullsen, Deian Stefan. 1433-1450 [doi]
- Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution AttacksHany Ragab, Enrico Barberis, Herbert Bos, Cristiano Giuffrida. 1451-1468 [doi]
- Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUsBarbara Gigerl, Vedad Hadzic, Robert Primas, Stefan Mangard, Roderick Bloem. 1469-1468 [doi]
- Explanation-Guided Backdoor Poisoning Attacks Against Malware ClassifiersGiorgio Severi, Jim Meyer, Scott Coull, Alina Oprea. 1487-1504 [doi]
- Blind Backdoors in Deep Learning ModelsEugene Bagdasaryan, Vitaly Shmatikov. 1505-1521 [doi]
- Graph BackdoorZhaohan Xi, Ren Pang, Shouling Ji, Ting Wang 0006. 1523-1540 [doi]
- Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination DetectionDi Tang, Xiaofeng Wang 0001, Haixu Tang, Kehuan Zhang. 1541-1558 [doi]
- You Autocomplete Me: Poisoning Vulnerabilities in Neural Code CompletionRoei Schuster, Congzheng Song, Eran Tromer, Vitaly Shmatikov. 1559-1575 [doi]
- Poisoning the Unlabeled Dataset of Semi-Supervised LearningNicholas Carlini. 1577-1592 [doi]
- Double-Cross Attacks: Subverting Active Learning SystemsJose Rodrigo Sanchez Vicarte, Gang Wang 0011, Christopher W. Fletcher. 1593-1610 [doi]
- Fine Grained Dataflow Tracking with Proximal GradientsGabriel Ryan, Abhishek Shah, Dongdong She, Koustubha Bhat, Suman Jana. 1611-1628 [doi]
- Static Detection of Unsafe DMA Accesses in Device DriversJia-Ju Bai, Tuo Li, Kangjie Lu, Shi-Min Hu 0001. 1629-1645 [doi]
- MAZE: Towards Automated Heap Feng ShuiYan Wang, Chao Zhang 0008, Zixuan Zhao, Bolun Zhang, Xiaorui Gong, Wei Zou. 1647-1664 [doi]
- SelectiveTaint: Efficient Data Flow Tracking With Static Binary RewritingSanchuan Chen, Zhiqiang Lin, Yinqian Zhang. 1665-1682 [doi]
- Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only FuzzingStefan Nagy, Anh Nguyen-Tuong, Jason D. Hiser, Jack W. Davidson, Matthew Hicks. 1683-1700 [doi]
- MBA-Blast: Unveiling and Simplifying Mixed Boolean-Arithmetic ObfuscationBinbin Liu, Junfu Shen, Jiang Ming 0002, Qilong Zheng, Jing Li, Dongpeng Xu. 1701-1718 [doi]
- VScape: Assessing and Escaping Virtual Call ProtectionsKaixiang Chen, Chao Zhang 0008, Tingting Yin, Xingman Chen, Lei Zhao. 1719-1736 [doi]
- Pretty Good Phone PrivacyPaul Schmitt, Barath Raghavan. 1737-1754 [doi]
- KeyForge: Non-Attributable Email from Forward-Forgeable SignaturesMichael A. Specter, Sunoo Park, Matthew Green 0001. 1755-1773 [doi]
- Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic PrivacySaba Eskandarian, Henry Corrigan-Gibbs, Matei Zaharia, Dan Boneh. 1775-1792 [doi]
- Kalεido: Real-Time Privacy Control for Eye-Tracking SystemsJingjie Li, Amrita Roy Chowdhury 0001, Kassem Fawaz, Younghyun Kim. 1793-1810 [doi]
- Communication-Computation Trade-offs in PIRAsra Ali, Tancrède Lepoint, Sarvar Patel, Mariana Raykova 0001, Phillipp Schoppmann, Karn Seth, Kevin Yeo. 1811-1828 [doi]
- I Always Feel Like Somebody's Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless SensorsAkash Deep Singh, Luis Garcia, Joseph Noor, Mani B. Srivastava. 1829-1846 [doi]
- The Complexities of Healing in Secure Group Messaging: Why Cross-Group Effects MatterCas Cremers, Britta Hale, Konrad Kohbrok. 1847-1864 [doi]
- SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial PerturbationsGiulio Lovisotto, Henry Turner, Ivo Sluganovic, Martin Strohmeier, Ivan Martinovic. 1865-1882 [doi]
- Adversarial Policy Training against Deep Reinforcement LearningXian Wu, Wenbo Guo 0002, Hua Wei, Xinyu Xing. 1883-1900 [doi]
- DRMI: A Dataset Reduction Technology based on Mutual Information for Black-box AttacksYingzhe He, Guozhu Meng, Kai Chen 0012, Xingbo Hu, Jinwen He. 1901-1918 [doi]
- Deep-Dup: An Adversarial Weight Duplication Attack Framework to Crush Deep Neural Network in Multi-Tenant FPGAAdnan Siraj Rakin, Yukui Luo, Xiaolin Xu, Deliang Fan. 1919-1936 [doi]
- Entangled Watermarks as a Defense against Model ExtractionHengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot. 1937-1954 [doi]
- Mind Your Weight(s): A Large-scale Study on Insufficient Machine Learning Model Protection in Mobile AppsZhichuang Sun, Ruimin Sun, Long Lu, Alan Mislove. 1955-1972 [doi]
- Hermes Attack: Steal DNN Models with Lossless Inference AccuracyYuankun Zhu, Yueqiang Cheng, Husheng Zhou, Yantao Lu. 1973-1988 [doi]
- ARCUS: Symbolic Root Cause Analysis of Exploits in Production SystemsCarter Yagemann, Matthew Pruett, Simon P. Chung, Kennon Bittick, Brendan Saltaformaggio, Wenke Lee. 1989-2006 [doi]
- Automatic Firmware Emulation through Invalidity-guided Knowledge InferenceWei Zhou 0026, Le Guan, Peng Liu 0005, Yuqing Zhang. 2007-2024 [doi]
- Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent CodeMansour Ahmadi, Reza Mirzazade Farkhani, Ryan Williams, Long Lu. 2025-2040 [doi]
- Understanding and Detecting Disordered Error Handling with Precise Function PairingQiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, Kangjie Lu. 2041-2058 [doi]
- Precise and Scalable Detection of Use-after-Compacting-Garbage-Collection BugsHyungseok Han, Andrew Wesie, Brian Pak. 2059-2074 [doi]
- Reducing Test Cases with Attention Mechanism of Neural NetworksXing Zhang, Jiongyi Chen, Chao Feng, Ruilin Li, Yunfei Su, Bin Zhang, Jing Lei, Chaojing Tang. 2075-2092 [doi]
- FlowDist: Multi-Staged Refinement-Based Dynamic Information Flow Analysis for Distributed Software SystemsXiaoqin Fu, Haipeng Cai. 2093-2110 [doi]
- Privacy and Integrity Preserving Computations with CRISPSylvain Chatel, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, Jean-Pierre Hubaux. 2111-2128 [doi]
- Senate: A Maliciously-Secure MPC Platform for Collaborative AnalyticsRishabh Poddar, Sukrit Kalra, Avishay Yanai, Ryan Deng, Raluca Ada Popa, Joseph M. Hellerstein. 2129-2146 [doi]
- GForce: GPU-Friendly Oblivious and Rapid Neural Network InferenceLucien K. L. Ng, Sherman S. M. Chow. 2147-2164 [doi]
- ABY2.0: Improved Mixed-Protocol Secure Two-Party ComputationArpita Patra, Thomas Schneider 0003, Ajith Suresh, Hossein Yalame. 2165-2182 [doi]
- Fantastic Four: Honest-Majority Four-Party Secure Computation With Malicious SecurityAnders P. K. Dalskov, Daniel Escudero 0001, Marcel Keller. 2183-2200 [doi]
- Muse: Secure Inference Resilient to Malicious ClientsRyan Lehmkuhl, Pratyush Mishra, Akshayaram Srinivasan, Raluca Ada Popa. 2201-2218 [doi]
- ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable StateJeongseok Son, Griffin Prechter, Rishabh Poddar, Raluca Ada Popa, Koushik Sen. 2219-2236 [doi]
- PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and MaskingChong Xiang 0001, Arjun Nitin Bhagoji, Vikash Sehwag, Prateek Mittal. 2237-2254 [doi]
- T-Miner: A Generative Approach to Defend Against Trojan Attacks on DNN-based Text ClassificationAhmadreza Azizi, Ibrahim Asadullah Tahmid, Asim Waheed, Neal Mangaokar, Jiameng Pu, Mobin Javed, Chandan K. Reddy, Bimal Viswanath. 2255-2272 [doi]
- WaveGuard: Understanding and Mitigating Audio Adversarial ExamplesShehzeen Hussain, Paarth Neekhara, Shlomo Dubnov, Julian J. McAuley, Farinaz Koushanfar. 2273-2290 [doi]
- Cost-Aware Robust Tree Ensembles for Security ApplicationsYizheng Chen, Shiqi Wang 0002, Weifan Jiang, Asaf Cidon, Suman Jana. 2291-2308 [doi]
- Dompteur: Taming Audio Adversarial ExamplesThorsten Eisenhofer, Lea Schönherr, Joel Frank, Lars Speckemeier, Dorothea Kolossa, Thorsten Holz. 2309-2326 [doi]
- CADE: Detecting and Explaining Concept Drift Samples for Security ApplicationsLimin Yang, Wenbo Guo 0002, Qingying Hao, Arridhana Ciptadi, Ali Ahmadzadeh, Xinyu Xing, Gang Wang 0011. 2327-2344 [doi]
- SIGL: Securing Software Installations Through Deep Graph LearningXueyuan Han, Xiao Yu 0007, Thomas F. J.-M. Pasquier, Ding Li 0001, Junghwan Rhee, James W. Mickens, Margo I. Seltzer, Haifeng Chen. 2345-2362 [doi]
- ExpRace: Exploiting Kernel Races through Raising InterruptsYoochan Lee, Changwoo Min, Byoungyoung Lee. 2363-2380 [doi]
- Undo Workarounds for Kernel BugsSeyed Mohammadjavad Seyed Talebi, Zhihao Yao, Ardalan Amiri Sani, Zhiyun Qian, Daniel Austin. 2381-2398 [doi]
- An Analysis of Speculative Type Confusion Vulnerabilities in the WildOfek Kirzner, Adam Morrison 0001. 2399-2416 [doi]
- Blinder: Partition-Oblivious Hierarchical SchedulingMan-Ki Yoon, Mengqi Liu 0001, Hao Chen 0023, Jung-Eun Kim, Zhong Shao. 2417-2434 [doi]
- SHARD: Fine-Grained Kernel Specialization with Context-Aware HardeningMuhammad Abubakar, Adil Ahmad, Pedro Fonseca, Dongyan Xu. 2435-2452 [doi]
- Preventing Use-After-Free Attacks with Fast Forward AllocationBrian Wickman, Hong Hu 0004, Insu Yun, DaeHee Jang, Jungwon Lim, Sanidhya Kashyap, Taesoo Kim. 2453-2470 [doi]
- Detecting Kernel Refcount Bugs with Two-Dimensional Consistency CheckingXin Tan, Yuan Zhang 0009, Xiyu Yang, Kangjie Lu, Min Yang 0002. 2471-2488 [doi]
- Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and SupportMax Maass, Alina Stöver, Henning Pridöhl, Sebastian Bretthauer, Dominik Herrmann, Matthias Hollick, Indra Spiecker. 2489-2506 [doi]
- Fingerprinting in Style: Detecting Browser Extensions via Injected Style SheetsPierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, Nick Nikiforakis. 2507-2524 [doi]
- JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative TraversalsSoheil Khodayari, Giancarlo Pellegrino. 2525-2542 [doi]
- AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party AdsHyunjoo Lee, Jiyeon Lee, Daejun Kim, Suman Jana, Insik Shin, Sooel Son. 2543-2560 [doi]
- CACTI: Captcha Avoidance via Client-side TEE IntegrationYoshimichi Nakatsuka, Ercan Ozturk, Andrew Paverd, Gene Tsudik. 2561-2578 [doi]
- PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android SystemsYu Tsung Lee, William Enck, HaiNing Chen, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Daimeng Wang, Giuseppe Petracca, Trent Jaeger. 2579-2596 [doi]
- Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine TypesSergej Schumilo, Cornelius Aschermann, Ali Abbasi 0002, Simon Wörner, Thorsten Holz. 2597-2614 [doi]
- Systematic Evaluation of Privacy Risks of Machine Learning ModelsLiwei Song, Prateek Mittal. 2615-2632 [doi]
- Extracting Training Data from Large Language ModelsNicholas Carlini, Florian Tramèr, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam Roberts, Tom B. Brown, Dawn Song, Úlfar Erlingsson, Alina Oprea, Colin Raffel. 2633-2650 [doi]
- SWIFT: Super-fast and Robust Privacy-Preserving Machine LearningNishat Koti, Mahak Pancholi, Arpita Patra, Ajith Suresh. 2651-2668 [doi]
- Stealing Links from Graph Neural NetworksXinlei He, Jinyuan Jia, Michael Backes 0001, Neil Zhenqiang Gong, Yang Zhang 0016. 2669-2686 [doi]
- Leakage of Dataset Properties in Multi-Party Machine LearningWanrong Zhang 0001, Shruti Tople, Olga Ohrimenko. 2687-2704 [doi]
- Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial PerturbationsMilad Nasr, Alireza Bahramali, Amir Houmansadr. 2705-2722 [doi]
- Cerebro: A Platform for Multi-Party Cryptographic Collaborative LearningWenting Zheng, Ryan Deng, Weikeng Chen, Raluca Ada Popa, Aurojit Panda, Ion Stoica. 2723-2740 [doi]
- SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement LearningDaimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, Nael B. Abu-Ghazaleh. 2741-2758 [doi]
- Android SmartTVs Vulnerability Discovery via Log-Guided FuzzingYousra Aafer, Wei You, Yi Sun, Yu Shi, Xiangyu Zhang 0001, Heng Yin. 2759-2776 [doi]
- UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating FuzzersYuwei Li, Shouling Ji, Yuan Chen, Sizhuang Liang, Wei-Han Lee, Yueyao Chen, Chenyang Lyu, Chunming Wu, Raheem Beyah, Peng Cheng, Kangjie Lu, Ting Wang 0006. 2777-2794 [doi]
- Token-Level FuzzingChristopher Salls, Chani Jindal, Jake Corina, Christopher Kruegel, Giovanni Vigna. 2795-2809 [doi]
- APICraft: Fuzz Driver Generation for Closed-source SDK LibrariesCen Zhang, Xingwei Lin, Yuekang Li, Yinxing Xue, Jundong Xie, Hongxu Chen, Xinlei Ying, Jiashui Wang, Yang Liu 0003. 2811-2828 [doi]
- The Use of Likely Invariants as Feedback for FuzzersAndrea Fioraldi, Daniele Cono D'Elia, Davide Balzarotti. 2829-2846 [doi]
- ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control ApplicationsDimitrios Tychalas, Hadjer Benkraouda, Michail Maniatakos. 2847-2862 [doi]
- Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel DefensesAnatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren, Yuval Yarom. 2863-2880 [doi]
- Saphire: Sandboxing PHP Applications with Tailored System Call AllowlistsAlexander Bulekov, Rasoul Jahanshahi, Manuel Egele. 2881-2898 [doi]
- SandTrap: Securing JavaScript-driven Trigger-Action PlatformsMohammad M. Ahmadpanah, Daniel Hedin, Musard Balliu, Lars Eric Olsson, Andrei Sabelfeld. 2899-2916 [doi]
- Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern WebMarco Squarcina, Mauro Tempesta, Lorenzo Veronese, Stefano Calzavara, Matteo Maffei. 2917-2934 [doi]
- U Can't Debug This: Detecting JavaScript Anti-Debugging Techniques in the WildMarius Musch, Martin Johns. 2935-2950 [doi]
- Abusing Hidden Properties to Attack the Node.js EcosystemFeng Xiao, Jianwei Huang, Yichang Xiong, Guangliang Yang, Hong Hu 0004, Guofei Gu, Wenke Lee. 2951-2968 [doi]
- mID: Tracing Screen Photos via Moiré PatternsYushi Cheng, Xiaoyu Ji, Lixu Wang, Qi Pang, Yi-Chao Chen 0001, Wenyuan Xu. 2969-2986 [doi]
- SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly CompressionPeng-fei, Zhou Li, Zhiying Wang 0001, Xiao Yu 0007, Ding Li 0001, Kangkook Jee. 2987-3004 [doi]
- ATLAS: A Sequence-based Learning Approach for Attack InvestigationAbdulellah Alsaheel, Yuhong Nan, ShiQing Ma, Le Yu, Gregory Walkup, Z. Berkay Celik, Xiangyu Zhang 0001, Dongyan Xu. 3005-3022 [doi]
- ELISE: A Storage Efficient Logging System Powered by Redundancy Reduction and Representation LearningHailun Ding, Shenao Yan, Juan Zhai, ShiQing Ma. 3023-3040 [doi]
- V0Finder: Discovering the Correct Origin of Publicly Reported Software VulnerabilitiesSeunghoon Woo, Dongwook Lee, Sunghan Park, Heejo Lee, Sven Dietrich. 3041-3058 [doi]
- Minerva- An Efficient Risk-Limiting Ballot Polling AuditFilip Zagórski, Grant McClearn, Sarah Morin, Neal McBurnett, Poorvi L. Vora. 3059-3076 [doi]
- Security Analysis of the Democracy Live Online Voting SystemMichael A. Specter, J. Alex Halderman. 3077-3092 [doi]
- Hopper: Modeling and Detecting Lateral MovementGrant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David A. Wagner 0001. 3093-3110 [doi]
- LZR: Identifying Unexpected Internet ServicesLiz Izhikevich, Renata Teixeira, Zakir Durumeric. 3111-3128 [doi]
- Blind In/On-Path Attacks and Applications to VPNsWilliam J. Tolley, Beau Kujath, Mohammad Taha Khan, Narseo Vallina-Rodriguez, Jedidiah R. Crandall. 3129-3146 [doi]
- The Hijackers Guide To The Galaxy: Off-Path Taking Over Internet ResourcesTianxiang Dai, Philipp Jeitner, Haya Shulman, Michael Waidner. 3147-3164 [doi]
- Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNSPhilipp Jeitner, Haya Shulman. 3165-3182 [doi]
- Causal Analysis for Software-Defined Networking AttacksBenjamin E. Ujcich, Samuel Jero, Richard Skowyra, Adam Bates 0001, William H. Sanders, Hamed Okhravi. 3183-3200 [doi]
- Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing AttacksKaiwen Shen, Chuhan Wang, Minglei Guo, Xiaofeng Zheng, Chaoyi Lu, Baojun Liu, Yuxuan Zhao, Shuang Hao, Haixin Duan, Qingfeng Pan, Min Yang 0002. 3201-3217 [doi]
- Automated Discovery of Denial-of-Service Vulnerabilities in Connected Vehicle ProtocolsShengtuo Hu, Qi Alfred Chen, Jiachen Sun, Yiheng Feng, Z. Morley Mao, Henry X. Liu. 3219-3236 [doi]
- Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted PerturbationsPengfei Jing, Qiyi Tang 0003, Yuefeng Du, Lei Xue 0001, Xiapu Luo, Ting Wang 0006, Sen Nie, Shi Wu. 3237-3254 [doi]
- Acoustics to the Rescue: Physical Key Inference Attack RevisitedSoundarya Ramesh, Rui Xiao, Anindya Maiti, Jong Taek Lee, Harini Ramprasad, Ananda Kumar, Murtuza Jadliwala, Jun Han. 3255-3272 [doi]
- Messy States of Wiring: Vulnerabilities in Emerging Personal Payment SystemsJiadong Lou, Xu Yuan, Ning Zhang. 3273-3289 [doi]
- Research on the Security of Visual Reasoning CAPTCHAYipeng Gao, Haichang Gao, Sainan Luo, Yang Zi, Shudong Zhang, Wenjie Mao, Ping Wang, Yulong Shen, Jeff Yan. 3291-3308 [doi]
- Dirty Road Can Attack: Security of Deep Learning based Automated Lane Centering under Physical-World AttackTakami Sato, Junjie Shen 0001, Ningfei Wang, Yunhan Jia, Xue Lin, Qi Alfred Chen. 3309-3326 [doi]
- Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant CommunicationsMingkui Wei. 3327-3343 [doi]
- Weaponizing Middleboxes for TCP Reflected AmplificationKevin Bock 0001, Abdulrahman Alaraj, Yair Fax, Kyle Hurley, Eric Wustrow, Dave Levin. 3345-3361 [doi]
- Collective Information Security in Large-Scale Urban Protests: the Case of Hong KongMartin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, Lenka Mareková. 3363-3380 [doi]
- How Great is the Great Firewall? Measuring China's DNS CensorshipNguyen Phong Hoang, Arian Akhavan Niaki, Jakub Dalek, Jeffrey Knockel, Pellaeon Lin, Bill Marczak, Masashi Crete-Nishihata, Phillipa Gill, Michalis Polychronakis. 3381-3398 [doi]
- Balboa: Bobbing and Weaving around Network CensorshipMarc B. Rosen, James Parker, Alex J. Malozemoff. 3399-3413 [doi]
- Once is Never Enough: Foundations for Sound Statistical Inference in Tor Network ExperimentationRob Jansen, Justin Tracey, Ian Goldberg. 3415-3432 [doi]
- Rollercoaster: An Efficient Group-Multicast Scheme for Mix NetworksDaniel Hugenroth, Martin Kleppmann, Alastair R. Beresford. 3433-3450 [doi]
- Obfuscation-Resilient Executable Payload Extraction From Packed MalwareBinlin Cheng, Jiang Ming 0002, Erika A. Leal, Haotian Zhang, Jianming Fu, Guojun Peng, Jean-Yves Marion. 3451-3468 [doi]
- DeepReflect: Discovering Malicious Functionality through Binary ReconstructionEvan Downing, Yisroel Mirsky, Kyuhong Park, Wenke Lee. 3469-3486 [doi]
- When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real WorldErin Avllazagaj, Ziyun Zhu, Leyla Bilge, Davide Balzarotti, Tudor Dumitras. 3487-3504 [doi]
- The Circle Of Life: A Large-Scale Study of The IoT Malware LifecycleOmar Alrawi, Charles Lever, Kevin Valakuzhy, Ryan Court, Kevin Z. Snow, Fabian Monrose, Manos Antonakakis. 3505-3522 [doi]
- Forecasting Malware Capabilities From Cyber Attack Memory ImagesOmar Alrawi, Moses Ike, Matthew Pruett, Ranjita Pai Kasturi, Srimanta Barua, Taleb Hirani, Brennan Hill, Brendan Saltaformaggio. 3523-3540 [doi]
- YARIX: Scalable YARA-based Malware IntelligenceMichael Brengel, Christian Rossow. 3541-3558 [doi]
- Constraint-guided Directed Greybox FuzzingGwangmu Lee, Woochul Shim, Byoungyoung Lee. 3559-3576 [doi]
- PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDropAlexander Heinrich, Matthias Hollick, Thomas Schneider 0003, Milan Stute, Christian Weinert. 3577-3594 [doi]
- Privacy-Preserving and Standard-Compatible AKA Protocol for 5GYuchen Wang, Zhenfeng Zhang, Yongquan Xie. 3595-3612 [doi]
- SEApp: Bringing Mandatory Access Control to Android AppsMatthew Rossi, Dario Facchinetti, Enrico Bacis, Marco Rosa, Stefano Paraboschi. 3613-3630 [doi]
- A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on AndroidJie Huang 0010, Michael Backes 0001, Sven Bugiel. 3631-3648 [doi]
- An Investigation of the Android Kernel Patch EcosystemZheng Zhang, Hang Zhang, Zhiyun Qian, Billy Lau. 3649-3666 [doi]
- Share First, Ask Later (or Never?) Studying Violations of GDPR's Explicit Consent in Android AppsTrung Tin Nguyen, Michael Backes 0001, Ninja Marnau, Ben Stock. 3667-3684 [doi]
- DEFInit: An Analysis of Exposed Android Init RoutinesYuede Ji, Mohamed Elsabagh, Ryan Johnson 0002, Angelos Stavrou. 3685-3702 [doi]
- Scalable Detection of Promotional Website Defacements in Black Hat SEO CampaignsRonghai Yang, Xianbo Wang, Cheng Chi, Dawei Wang, Jiawei He, Siming Pang, Wing Cheong Lau. 3703-3720 [doi]
- Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLsRavindu De Silva, Mohamed Nabeel, Charith Elvitigala, Issa Khalil, Ting Yu, Chamath Keppitiyagama. 3721-3738 [doi]
- Assessing Browser-level Defense against IDN-based PhishingHang Hu 0002, Steve T. K. Jan, Yang Wang, Gang Wang 0011. 3739-3756 [doi]
- Catching Phishers By Their Bait: Investigating the Dutch Phishing Landscape through Phishing Kit DetectionHugo L. J. Bijmans, Tim M. Booij, Anneke Schwedersky, Aria Nedgabat, Rolf van Wegberg. 3757-3774 [doi]
- PhishPrint: Evading Phishing Detection Crawlers by Prior ProfilingBhupendra Acharya, Phani Vadrevu. 3775-3792 [doi]
- Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing WebpagesYun Lin, Ruofan Liu, Dinil Mon Divakaran, Jun Yang Ng, Qing Zhou Chan, Yiwen Lu, Yuxuan Si, Fan Zhang, Jin Song Dong. 3793-3810 [doi]
- Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO ProtocolsEnis Ulqinaku, Hala Assal, AbdelRahman Abdou, Sonia Chiasson, Srdjan Capkun. 3811-3828 [doi]
- Jaqen: A High-Performance Switch-Native Approach for Detecting and Mitigating Volumetric DDoS Attacks with Programmable SwitchesZaoxing Liu, Hun Namkung, Georgios Nikolaidis, Jeongkeun Lee, Changhoon Kim, Xin Jin 0008, Vladimir Braverman, Minlan Yu, Vyas Sekar. 3829-3846 [doi]
- ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS DetectionYeting Li, Zixuan Chen, Jialun Cao, Zhiwu Xu 0001, Qiancheng Peng, Haiming Chen, Liyuan Chen, Shing-Chi Cheung. 3847-3864 [doi]
- Ripple: A Programmable, Decentralized Link-Flooding Defense Against Adaptive AdversariesJiarong Xing, Wenqing Wu, Ang Chen. 3865-3881 [doi]
- Accurately Measuring Global Risk of Amplification Attacks using AmpMapSoo-Jin Moon, Yucheng Yin, Rahul Anand Sharma, Yifei Yuan, Jonathan M. Spring, Vyas Sekar. 3881-3898 [doi]
- A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular NetworksNitya Lakshmanan, Nishant Budhdev, Min-Suk Kang, Mun Choon Chan, Jun Han. 3899-3916 [doi]
- Disrupting Continuity of Apple's Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-FiMilan Stute, Alexander Heinrich, Jannik Lorenz, Matthias Hollick. 3917-3934 [doi]
- Stars Can Tell: A Robust Method to Defend against GPS Spoofing Attacks using Off-the-shelf ChipsetShinan Liu, Xiang Cheng, Hanchao Yang, Yuanchao Shu, Xiaoran Weng, Ping Guo, Kexiong (Curtis) Zeng, Gang Wang 0011, Yaling Yang. 3935-3952 [doi]
- Formally Verified Memory Protection for a Commodity Multiprocessor HypervisorShih-wei Li, Xupeng Li, Ronghui Gu, Jason Nieh, John Zhuang Hui. 3953-3970 [doi]
- Automatic Policy Generation for Inter-Service Access Control of MicroservicesXing Li, Yan Chen, Zhiqiang Lin, Xiao Wang, Jim Hao Chen. 3971-3988 [doi]
- CLARION: Sound and Clear Provenance Tracking for Microservice DeploymentsXutong Chen, Hassaan Irshad, Yan Chen 0004, Ashish Gehani, Vinod Yegneswaran. 3989-4006 [doi]
- Virtual Secure Platform: A Five-Stage Pipeline Processor over TFHEKotaro Matsuoka, Ryotaro Banno, Naoki Matsumoto, Takashi Sato, Song Bian 0001. 4007-4024 [doi]
- Searching Encrypted Data with Size-Locked IndexesMin Xu, Armin Namavari, David Cash, Thomas Ristenpart. 4025-4042 [doi]
- Blitz: Secure Multi-Hop Payments Without Two-Phase CommitsLukas Aumayr, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei. 4043-4060 [doi]
- Reducing HSM Reliance in Payments through Proxy Re-EncryptionSivanarayana Gaddam, Atul Luykx, Rohit Sinha 0001, Gaven J. Watson. 4061-4078 [doi]
- Risky Business? Investigating the Security Practices of Vendors on an Online Anonymous Market using Ground-Truth DataJochem van de Laarschot, Rolf van Wegberg. 4079-4095 [doi]
- Deep Entity Classification: Abusive Account Detection for Online Social NetworksTeng Xu, Gerard Goossen, Huseyin Kerem Cevahir, Sara Khodeir, Yingyezhe Jin, Frank Li 0001, Shawn Shan, Sagar Patel, David Freeman, Paul Pearce. 4097-4114 [doi]
- SocialHEISTing: Understanding Stolen Facebook AccountsJeremiah Onaolapo, Nektarios Leontiadis, Despoina Magka, Gianluca Stringhini. 4115-4132 [doi]
- Understanding Malicious Cross-library Data Harvesting on AndroidJice Wang, Yue Xiao, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, Jinwei Dong, Nicolás Serrano, Haoran Lu, Xiaofeng Wang 0001, Yuqing Zhang. 4133-4150 [doi]
- Swiped: Analyzing Ground-truth Data of a Marketplace for Stolen Debit and Credit CardsMaxwell Aliapoulios, Cameron Ballard, Rasika Bhalerao, Tobias Lauinger, Damon McCoy. 4151-4168 [doi]
- Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-ServiceZhibo Sun, Adam Oest, Penghui Zhang, Carlos E. Rubio-Medrano, Tiffany Bao, Ruoyu Wang 0001, Ziming Zhao 0001, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn. 4169-4186 [doi]
- Capture: Centralized Library Management for Heterogeneous IoT DevicesHan Zhang, Abhijith Anilkumar, Matt Fredrikson, Yuvraj Agarwal. 4187-4204 [doi]
- MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging ProtocolsQinying Wang, Shouling Ji, Yuan Tian 0001, Xuhong Zhang 0005, Binbin Zhao, Yuhong Kan, Zhaowei Lin, Changting Lin, ShuiGuang Deng, Alex X. Liu, Raheem Beyah. 4205-4222 [doi]
- HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart HomesChenglong Fu 0002, Qiang Zeng 0001, Xiaojiang Du. 4223-4240 [doi]
- Exposing New Vulnerabilities of Error Handling Mechanism in CANKhaled Serag, Rohit Bhatia, Vireshwar Kumar, Z. Berkay Celik, Dongyan Xu. 4241-4258 [doi]
- CANARY - a reactive defense mechanism for Controller Area Networks based on Active RelaYsBogdan Groza, Lucian Popa 0003, Pal-Stefan Murvay, Yuval Elovici, Asaf Shabtai. 4259-4276 [doi]
- ReDMArk: Bypassing RDMA Security MechanismsBenjamin Rothenberger, Konstantin Taranov, Adrian Perrig, Torsten Hoefler. 4277-4292 [doi]
- ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS AuthenticationMarcus Brinkmann, Christian Dresen, Robert Merget, Damian Poddebniak, Jens Müller 0007, Juraj Somorovsky, Jörg Schwenk, Sebastian Schinzel. 4293-4310 [doi]
- Experiences Deploying Multi-Vantage-Point Domain Validation at Let's EncryptHenry Birge-Lee, Liang Wang, Daniel McCarney, Roland Shoemaker, Jennifer Rexford, Prateek Mittal. 4311-4327 [doi]
- SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted Traffic via Siamese Heterogeneous Graph Attention NetworkTianyu Cui, Gaopeng Gou, Gang Xiong, Zhen Li 0011, Mingxin Cui, Chang Liu 0049. 4329-4346 [doi]
- Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android ApplicationsMarten Oltrogge, Nicolas Huaman, Sabrina Amft, Yasemin Acar, Michael Backes 0001, Sascha Fahl. 4347-4364 [doi]
- Why TLS is better without STARTTLS: A Security Analysis of STARTTLS in the Email ContextDamian Poddebniak, Fabian Ising, Hanno Böck, Sebastian Schinzel. 4365-4382 [doi]
- What's in a Name? Exploring CA Certificate ControlZane Ma, Joshua Mason, Manos Antonakakis, Zakir Durumeric, Michael Bailey. 4383-4400 [doi]