Table of Contents

• Under the Hood of DANE Mismanagement in SMTPHyeonmin Lee, Md. Ishtiaq Ashiq, Moritz Müller, Roland van Rijswijk-Deij, Ted Taekyoung Kwon, Taejoong Chung. 1-16 [doi]
• Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change RequestsYi Chen, Di Tang, Yepeng Yao, Mingming Zha, Xiaofeng Wang 0001, Xiaozhong Liu, Haixu Tang, Dongfang Zhao 0010. 17-34 [doi]
• Exploring the Unchartered Space of Container Registry TyposquattingGuannan Liu, Xing Gao 0001, Haining Wang, Kun Sun 0001. 35-51 [doi]
• Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency BotsBrian Kondracki, Johnny So, Nick Nikiforakis. 53-70 [doi]
• Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit ReliabilityKyle Zeng, Yueqi Chen, Haehyun Cho, Xinyu Xing, Adam Doupé, Yan Shoshitaishvili, Tiffany Bao. 71-88 [doi]
• In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer AuthenticationSungbae Yoo, Jinbum Park, Seolheui Kim, Yeji Kim, Taesoo Kim. 89-106 [doi]
• Midas: Systematic Kernel TOCTTOU ProtectionAtri Bhattacharyya, Uros Tesic, Mathias Payer. 107-124 [doi]
• LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic ExecutionJian Liu, Lin Yi, Weiteng Chen, Chengyu Song, Zhiyun Qian, Qiuping Yi. 125-142 [doi]
• Mining Node.js Vulnerabilities via Object Dependence Graph and QuerySong Li, Mingqing Kang, Jianwei Hou, Yinzhi Cao. 143-160 [doi]
• Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress MarketplacesRanjita Pai Kasturi, Jonathan Fuller, Yiting Sun, Omar Chabklo, Andres Rodriguez 0005, Jeman Park 0001, Brendan Saltaformaggio. 161-178 [doi]
• Web Cache Deception Escalates!Seyed Ali Mirheidari, Matteo Golinelli, Kaan Onarlioglu, Engin Kirda, Bruno Crispo. 179-196 [doi]
• FUGIO: Automatic Exploit Generation for PHP Object Injection VulnerabilitiesSunnyeo Park, Daejun Kim, Suman Jana, Sooel Son. 197-214 [doi]
• TLS-Anvil: Adapting Combinatorial Testing for TLS LibrariesMarcel Maehren, Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky, Jörg Schwenk. 215-232 [doi]
• Open to a fault: On the passive compromise of TLS keys via transient errorsGeorge Arnold Sullivan, Jackson Sippe, Nadia Heninger, Eric Wustrow. 233-250 [doi]
• Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster DesignAlon Shakevsky, Eyal Ronen, Avishai Wool. 251-268 [doi]
• Breaking Bridgefy, again: Adopting libsignal is not enoughMartin R. Albrecht, Raphael Eikenberg, Kenneth G. Paterson. 269-286 [doi]
• "I feel invaded, annoyed, anxious and I may protect myself": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and CountryKovila P. L. Coopamootoo, Maryam Mehrnezhad, Ehsan Toreini. 287-304 [doi]
• "Like Lesbians Walking the Perimeter": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy AdviceChristine Geeng, Mike Harris, Elissa M. Redmiles, Franziska Roesner. 305-322 [doi]
• "They Look at Vulnerability and Use That to Abuse You": Participatory Threat Modelling with Migrant Domestic WorkersJulia Slupska, Selina Cho, Marissa Begonia, Ruba Abu-Salma, Nayanatara Prakash, Mallika Balakrishnan. 323-340 [doi]
• Networks of Care: Tech Abuse Advocates' Digital Security PracticesJulia Slupska, Angelika Strohmayer. 341-358 [doi]
• How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability LifetimesNikolaos Alexopoulos, Manuel Brack, Jan Philipp Wagner, Tim Grube, Max Mühlhäuser. 359-376 [doi]
• Expected Exploitability: Predicting the Development of Functional Vulnerability ExploitsOctavian Suciu, Connor Nelson, Zhuoer Lyu, Tiffany Bao, Tudor Dumitras. 377-394 [doi]
• OS-Aware Vulnerability Prioritization via Differential Severity AnalysisQiushi Wu, Yue Xiao, Xiaojing Liao, Kangjie Lu. 395-412 [doi]
• Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary ProgramsJayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang 0001, Christophe Hauser, Yan Shoshitaishvili. 413-430 [doi]
• Spoki: Unveiling a New Wave of Scanners through a Reactive Network TelescopeRaphael Hiesgen, Marcin Nawrocki, Alistair King, Alberto Dainotti, Thomas C. Schmidt, Matthias Wählisch. 431-448 [doi]
• Many Roads Lead To Rome: How Packet Headers Influence DNS Censorship MeasurementAbhishek Bhaskar, Paul Pearce. 449-464 [doi]
• GET /out: Automated Discovery of Application-Layer Censorship Evasion StrategiesMichael Harrity, Kevin Bock 0001, Frederick Sell, Dave Levin. 465-483 [doi]
• OpenVPN is Open to VPN FingerprintingDiwen Xue, Reethika Ramesh, Arham Jain, Michalis Kallitsis 0001, J. Alex Halderman, Jedidiah R. Crandall, Roya Ensafi. 483-500 [doi]
• Pool Inference Attacks on Local Differential Privacy: Quantifying the Privacy Guarantees of Apple's Count Mean Sketch in PracticeAndrea Gadotti, Florimond Houssiau, Meenatchi Sundaram Muthu Selva Annamalai, Yves-Alexandre de Montjoye. 501-518 [doi]
• Poisoning Attacks to Local Differential Privacy Protocols for Key-Value DataYongji Wu, Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong. 519-536 [doi]
• Communication-Efficient Triangle Counting under Local Differential PrivacyJacob Imola, Takao Murakami, Kamalika Chaudhuri. 537-554 [doi]
• Twilight: A Differentially Private Payment Channel NetworkMaya Dotan, Saar Tochner, Aviv Zohar, Yossi Gilad. 555-570 [doi]
• Watching the watchers: bias and vulnerability in remote proctoring softwareBen Burgess, Avi Ginsberg, Edward W. Felten, Shaanan Cohney. 571-588 [doi]
• The Antrim County 2020 Election Incident: An Independent Forensic InvestigationJ. Alex Halderman. 589-605 [doi]
• An Audit of Facebook's Political Ad Policy EnforcementVictor Le Pochat, Laura Edelson, Tom van Goethem, Wouter Joosen, Damon McCoy, Tobias Lauinger. 607-624 [doi]
• Building an Open, Robust, and Stable Voting-Based Domain Top ListQinge Xie, Shujun Tang, Xiaofeng Zheng, Qingran Lin, Baojun Liu, Haixin Duan, Frank Li 0001. 625-642 [doi]
• AMD Prefetch Attacks through Power and TimeMoritz Lipp, Daniel Gruss, Michael Schwarz 0001. 643-660 [doi]
• Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow MonitoringYi Han, Matthew Chan, Zahra Aref, Nils Ole Tippenhauer, Saman A. Zonouz. 661-678 [doi]
• Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W. Fletcher, David Kohlbrenner. 679-697 [doi]
• Binoculars: Contention-Based Side-Channel Attacks Exploiting the Page WalkerZirui Neil Zhao, Adam Morrison 0001, Christopher W. Fletcher, Josep Torrellas. 699-716 [doi]
• The Dangers of Human Touch: Fingerprinting Browser Extensions through User ActionsKonstantinos Solomos, Panagiotis Ilia, Soroush Karami, Nick Nikiforakis, Jason Polakis. 717-733 [doi]
• Unleash the Simulacrum: Shifting Browser Realities for Robust Extension-Fingerprinting PreventionSoroush Karami, Faezeh Kalantari, Mehrnoosh Zaeifi, Xavier J. Maso, Erik Trickel, Panagiotis Ilia, Yan Shoshitaishvili, Adam Doupé, Jason Polakis. 735-752 [doi]
• Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real WorldGiovanni Cherubin, Rob Jansen, Carmela Troncoso. 753-770 [doi]
• QCSD: A QUIC Client-Side Website-Fingerprinting Defence FrameworkJean-Pierre Smith, Luca Dolfi, Prateek Mittal, Adrian Perrig. 771-789 [doi]
• Secure Poisson RegressionMahimna Kelkar, Phi-Hung Le, Mariana Raykova 0001, Karn Seth. 791-808 [doi]
• Cheetah: Lean and Fast Secure Two-Party Deep Neural Network InferenceZhicong Huang, Wen-Jie Lu, Cheng Hong, Jiansheng Ding. 809-826 [doi]
• Piranha: A GPU Platform for Secure ComputationJean Luc-Watson, Sameer Wagh, Raluca Ada Popa. 827-844 [doi]
• OpenSSLNTRU: Faster post-quantum TLS key exchangeDaniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, Nicola Tuveri. 845-862 [doi]
• How Are Your Zombie Accounts? Understanding Users' Practices and Expectations on Mobile App Account DeletionYijing Liu, Yan Jia, Qingyin Tan, Zheli Liu, Luyi Xing. 863-880 [doi]
• "How Do You Not Lose Friends?": Synthesizing a Design Space of Social Controls for Securing Shared Digital Resources Via Participatory Design JamsEyitemi Moju-Igbene, Hanan Abdi, Alan Lu, Sauvik Das. 881-898 [doi]
• Caring about Sharing: User Perceptions of Multiparty Data SharingBailey Kacsmar, Kyle Tilbury, Miti Mazmudar, Florian Kerschbaum. 899-916 [doi]
• Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on SmartphonesMasoud Mehrabi Koushki, Yue Huang, Julia Rubin, Konstantin Beznosov. 917-935 [doi]
• Jenny: Securing Syscalls for PKU-based Memory Isolation SystemsDavid Schrammel, Samuel Weiser, Richard Sadek, Stefan Mangard. 936-952 [doi]
• Physical-Layer Attacks Against Pulse Width Modulation-Controlled ActuatorsGökçen Yilmaz Dayanikli, Sourav Sinha, Devaprakash Muniraj, Ryan M. Gerdes, Mazen Farhood, Mani Mina. 953-970 [doi]
• Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 AttacksEnrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, Cristiano Giuffrida. 971-988 [doi]
• TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse EngineeringAndrei Tatar, Daniël Trujillo, Cristiano Giuffrida, Herbert Bos. 989-1007 [doi]
• FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin FuzzingSunwoo Kim, Young-Min Kim, Jaewon Hur, Suhwan Song, Gwangmu Lee, Byoungyoung Lee. 1008-1023 [doi]
• BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed FuzzingMatheus E. Garbelini, Vaibhav Bedi, Sudipta Chattopadhyay 0001, Sumei Sun, Ernest Kurniawan. 1025-1042 [doi]
• AmpFuzz: Fuzzing for Amplification DDoS VulnerabilitiesJohannes Krupp, Ilya Grishchenko, Christian Rossow. 1043-1060 [doi]
• FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion AnomaliesBahruz Jabiyev, Steven Sprecher, Anthony Gavazzi, Tommaso Innocenti, Kaan Onarlioglu, Engin Kirda. 1061-1075 [doi]
• Your Microphone Array Retains Your Identity: A Robust Voice Liveness Detection System for Smart SpeakersYan Meng, Jiachun Li, Matthew Pillari, Arjun Deopujari, Liam Brennan, Hafsah Shamsie, Haojin Zhu, Yuan Tian 0001. 1077-1094 [doi]
• Lumos: Identifying and Localizing Diverse Hidden IoT Devices in an Unfamiliar EnvironmentRahul Anand Sharma, Elahe Soltanaghaei, Anthony Rowe, Vyas Sekar. 1095-1112 [doi]
• SkillDetective: Automated Policy-Violation Detection of Voice Assistant Applications in the WildJeffrey Young, Song Liao, Long Cheng 0005, Hongxin Hu, Huixing Deng. 1113-1130 [doi]
• "OK, Siri" or "Hey, Google": Evaluating Voiceprint Distinctiveness via Content-based PROLE ScoreRuiwen He, Xiaoyu Ji 0001, Xinfeng Li, Yushi Cheng, Wenyuan Xu. 1131-1148 [doi]
• Helping hands: Measuring the impact of a large threat intelligence sharing communityXander Bouwman, Victor Le Pochat, Pawel Foremski, Tom van Goethem, Carlos Hernandez Gañán, Giovane C. M. Moura, Samaneh Tajalizadehkhoob, Wouter Joosen, Michel van Eeten. 1149-1165 [doi]
• A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons LearnedYun Shen, Pierre-Antoine Vervier, Gianluca Stringhini. 1167-1184 [doi]
• A Large-scale and Longitudinal Measurement Study of DKIM DeploymentChuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen 0005, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan. 1185-1201 [doi]
• A Large-scale Investigation into Geodifferences in Mobile AppsRenuka Kumar, Apurva Virkud, Ram Sundara Raman, Atul Prakash 0001, Roya Ensafi. 1203-1220 [doi]
• Morphuzz: Bending (Input) Space to Fuzz Virtual DevicesAlexander Bulekov, Bandan Das, Stefan Hajnoczi, Manuel Egele. 1221-1238 [doi]
• Fuzzware: Using Precise MMIO Modeling for Effective Firmware FuzzingTobias Scharnowski, Nils Bars, Moritz Schlögel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, Ali Abbasi 0002. 1239-1256 [doi]
• MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar InferenceCheolwoo Myung, Gwangmu Lee, Byoungyoung Lee. 1257-1274 [doi]
• Drifuzz: Harvesting Bugs in Device Drivers from Golden SeedsZekun Shen, Ritik Roongta, Brendan Dolan-Gavitt. 1275-1290 [doi]
• LTrack: Stealthy Tracking of Mobile Phones in LTEMartin Kotuliak, Simon Erni, Patrick Leu, Marc Röschlin, Srdjan Capkun. 1291-1306 [doi]
• Watching the Watchers: Practical Video Identification Attack in LTE NetworksSangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, Yongdae Kim. 1307-1324 [doi]
• DoLTEst: In-depth Downlink Negative Testing Framework for LTE DevicesCheolJun Park, Sangwook Bae, Beomseok Oh, Jiho Lee, Eunkyu Lee, Insu Yun, Yongdae Kim. 1325-1342 [doi]
• Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB RangingPatrick Leu, Giovanni Camurati, Alexander Heinrich, Marc Roeschlin, Claudio Anliker, Matthias Hollick, Srdjan Capkun, Jiska Classen. 1343-1359 [doi]
• SIMC: ML Inference Secure Against Malicious Clients at Semi-Honest CostNishanth Chandran, Divya Gupta 0001, Sai Lakshmi Bhavana Obbattu, Akash Shah. 1361-1378 [doi]
• Efficient Differentially Private Secure Aggregation for Federated Learning via Hardness of Learning with ErrorsTimothy Stevens, Christian Skalka, Christelle Vincent, John Ring, Samuel Clark, Joseph P. Near. 1379-1395 [doi]
• Label Inference Attacks Against Vertical Federated LearningChong Fu, Xuhong Zhang 0005, Shouling Ji, Jinyin Chen, JingZheng Wu, Shanqing Guo, Jun Zhou 0011, Alex X. Liu, Ting Wang 0006. 1397-1414 [doi]
• FLAME: Taming Backdoors in Federated LearningThien Duc Nguyen, Phillip Rieger, Huili Chen, Hossein Yalame, Helen Möllering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Shaza Zeitouni, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider 0003. 1415-1432 [doi]
• Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble ArchitectureXinyu Tang, Saeed Mahloujifar, Liwei Song, Virat Shejwalkar, Milad Nasr, Amir Houmansadr, Prateek Mittal. 1433-1450 [doi]
• Synthetic Data - Anonymisation Groundhog DayTheresa Stadler, Bristena Oprisanu, Carmela Troncoso. 1451-1468 [doi]
• Attacks on Deidentification's DefensesAloni Cohen. 1469-1486 [doi]
• Birds of a Feather Flock Together: How Set Bias Helps to Deanonymize You via Revealed Intersection SizesXiaojie Guo 0004, Ye Han, Zheli Liu, Ding Wang, Yan Jia, Jin Li 0002. 1487-1504 [doi]
• Targeted Deanonymization via the Cache Side Channel: Attacks and DefensesMojtaba Zaheri, Yossi Oren, Reza Curtmola. 1505-1523 [doi]
• FReD: Identifying File Re-Delegation in Android System ServicesSigmund Albert Gorski III, Seaver Thorn, William Enck, HaiNing Chen. 1525-1542 [doi]
• GhostTouch: Targeted Attacks on Touchscreens without Physical TouchKai Wang, Richard Mitev, Chen Yan, Xiaoyu Ji 0001, Ahmad-Reza Sadeghi, Wenyuan Xu. 1543-1559 [doi]
• SARA: Secure Android Remote AuthorizationAbdullah Imran, Habiba Farrukh, Muhammad Ibrahim, Z. Berkay Celik, Antonio Bianchi. 1561-1578 [doi]
• FOAP: Fine-Grained Open-World Android App FingerprintingJianfeng Li, Hao Zhou, Shuohan Wu, Xiapu Luo, Ting Wang 0006, Xian Zhan, Xiaobo Ma. 1579-1596 [doi]
• Identity Confusion in WebView-based Mobile App-in-app EcosystemsLei Zhang 0096, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang 0001, Yanjun Chen, Yuan Zhang 0009, Guangliang Yang 0001, Min Yang 0002. 1597-1613 [doi]
• Automated Detection of Automated TrafficCormac Herley. 1615-1632 [doi]
• Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based ApproachRuofan Liu, Yun Lin 0001, XiangLin Yang, Siang Hwee Ng, Dinil Mon Divakaran, Jin Song Dong. 1633-1650 [doi]
• Phish in Sheep's Clothing: Exploring the Authentication Pitfalls of Browser FingerprintingXu Lin, Panagiotis Ilia, Saumya Solanki, Jason Polakis. 1651-1668 [doi]
• DeepPhish: Understanding User Trust Towards Artificially Generated Profiles in Online Social NetworksJaron Mink, Licheng Luo, Natã M. Barbosa, Olivia Figueira, Yang Wang 0005, Gang Wang 0011. 1669-1686 [doi]
• Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered HandMatteo Cardaioli, Stefano Cecconello, Mauro Conti, Simone Milani, Stjepan Picek, Eugen Saraci. 1687-1704 [doi]
• Estimating Incidental Collection in Foreign Intelligence Surveillance: Large-Scale Multiparty Private Set Intersection with Union and SumAnunay Kulshrestha, Jonathan R. Mayer. 1705-1722 [doi]
• Constant-weight PIR: Single-round Keyword PIR via Constant-weight Equality OperatorsRasoul Akhavan Mahdavi, Florian Kerschbaum. 1723-1740 [doi]
• Incremental Offline/Online PIRYiping Ma 0001, Ke Zhong, Tal Rabin, Sebastian Angel. 1741-1758 [doi]
• GPU-accelerated PIR with Client-Independent Preprocessing for Large-Scale ApplicationsDaniel Günther 0004, Maurice Heymann, Benny Pinkas, Thomas Schneider 0003. 1759-1776 [doi]
• Increasing Adversarial Uncertainty to Scale Private Similarity TestingYiqing Hua, Armin Namavari, Kaishuo Cheng, Mor Naaman, Thomas Ristenpart. 1777-1794 [doi]
• Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the WebAvinash Sudhodanan, Andrew Paverd. 1795-1812 [doi]
• Leaky Forms: A Study of Email and Password Exfiltration Before Form SubmissionAsuman Senol, Gunes Acar, Mathias Humbert, Frederik J. Zuiderveen Borgesius. 1813-1830 [doi]
• Might I Get Pwned: A Second Generation Compromised Credential Checking ServiceBijeeta Pal, Mazharul Islam, Marina Sanusi Bohuk, Nick Sullivan, Luke Valenta, Tara Whalen, Christopher A. Wood, Thomas Ristenpart, Rahul Chatterjee 0001. 1831-1848 [doi]
• Why Users (Don't) Use Password Managers at a Large Educational InstitutionPeter Mayer, Collins W. Munyendo, Michelle L. Mazurek, Adam J. Aviv. 1849-1866 [doi]
• Gossamer: Securely Measuring Password-based LoginsMarina Sanusi Bohuk, Mazharul Islam, Suleman Ahmad, Michael M. Swift, Thomas Ristenpart, Rahul Chatterjee 0001. 1867-1884 [doi]
• DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous SystemsCe Zhou, Qiben Yan, Yan Shi, Lichao Sun. 1885-1902 [doi]
• Security Analysis of Camera-LiDAR Fusion Against Black-Box Attacks on Autonomous VehiclesR. Spencer Hallyburton, Yupei Liu, Yulong Cao, Z. Morley Mao, Miroslav Pajic. 1903-1920 [doi]
• SAID: State-aware Defense Against Injection Attacks on In-vehicle NetworkLei Xue 0001, Yangyang Liu, Tianqi Li, Kaifa Zhao, Jianfeng Li, Le Yu 0002, Xiapu Luo, Yajin Zhou, Guofei Gu. 1921-1938 [doi]
• Towards Automatically Reverse Engineering Vehicle Diagnostic ProtocolsLe Yu 0002, Yangyang Liu, Pengfei Jing, Xiapu Luo, Lei Xue 0001, Kaifa Zhao, Yajin Zhou, Ting Wang 0006, Guofei Gu, Sen Nie, Shi Wu. 1939-1956 [doi]
• Rolling Colors: Adversarial Laser Exploits against Traffic Light RecognitionChen Yan, Zhijian Xu, Zhanyuan Yin, Xiaoyu Ji 0001, Wenyuan Xu. 1957-1974 [doi]
• Provably-Safe Multilingual Software Sandboxing using WebAssemblyJay Bosamiya, Wen Shih Lim, Bryan Parno. 1975-1992 [doi]
• Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability PatchesYoukun Shi, Yuan Zhang 0009, Tianhan Luo, Xiangyu Mao, Yinzhi Cao, Ziwen Wang, Yudi Zhao, Zongan Huang, Min Yang 0002. 1993-2010 [doi]
• Experimental Security Analysis of the App Model in Business Collaboration PlatformsYunang Chen, Yue Gao 0011, Nick Ceccio, Rahul Chatterjee 0001, Kassem Fawaz, Earlence Fernandes. 2011-2028 [doi]
• SWAPP: A New Programmable Playground for Web Application SecurityPhakpoom Chinprutthiwong, Jianwei Huang, Guofei Gu. 2029-2046 [doi]
• The Security Lottery: Measuring Client-Side Web Security InconsistenciesSebastian Roth, Stefano Calzavara, Moritz Wilhelm, Alvise Rabitti, Ben Stock. 2047-2064 [doi]
• PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image ClassifierChong Xiang 0001, Saeed Mahloujifar, Prateek Mittal. 2065-2082 [doi]
• Transferring Adversarial Robustness Through Robust Representation MatchingPratik Vaishnavi, Kevin Eykholt, Amir Rahmati. 2083-2098 [doi]
• How Machine Learning Is Solving the Binary Function Similarity ProblemAndrea Marcelli, Mariano Graziano, Xabier Ugarte-Pedrero, Yanick Fratantonio, Mohamad Mansouri, Davide Balzarotti. 2099-2116 [doi]
• Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box AttacksHuiying Li, Shawn Shan, Emily Wenger, Jiayun Zhang, Haitao Zheng 0001, Ben Y. Zhao. 2117-2134 [doi]
• DnD: A Cross-Architecture Deep Neural Network DecompilerRuoyu Wu, TaeGyu Kim, Dave (Jing) Tian, Antonio Bianchi, Dongyan Xu. 2135-2152 [doi]
• Measurement by Proxy: On the Accuracy of Online Marketplace MeasurementsAlejandro Cuevas, Fieke Miedema, Kyle Soska, Nicolas Christin, Rolf van Wegberg. 2153-2170 [doi]
• Behind the Tube: Exploitative Monetization of Content on YouTubeAndrew Chu, Arjun Arunasalam, Muslum Ozgur Ozmen, Z. Berkay Celik. 2171-2188 [doi]
• When Sally Met Trackers: Web Tracking From the Users' PerspectiveSavino Dambra, Iskander Sánchez-Rola, Leyla Bilge, Davide Balzarotti. 2189-2206 [doi]
• How to Peel a Million: Validating and Expanding Bitcoin ClustersGeorge Kappos, Haaroon Yousaf, Rainer Stütz, Sofia Rollet, Bernhard Haslhofer, Sarah Meiklejohn. 2207-2223 [doi]
• RapidPatch: Firmware Hotpatching for Real-Time Embedded DevicesYi He, Zhenhua Zou, Kun Sun 0001, Zhuotao Liu, Ke Xu 0002, Qian Wang 0002, Chao Shen 0001, Zhi Wang 0004, Qi Li 0002. 2225-2242 [doi]
• GAROTA: Generalized Active Root-Of-Trust Architecture (for Tiny Embedded Devices)Esmerald Aliaj, Ivan De Oliveira Nunes, Gene Tsudik. 2243-2260 [doi]
• ReZone: Disarming TrustZone with TEE Privilege ReductionDavid Cerdeira, José Martins, Nuno Santos 0001, Sandro Pinto 0001. 2261-2279 [doi]
• Holistic Control-Flow Protection on Real-Time Embedded Systems with KageYufei Du, Zhuojia Shen, Komail Dharsee, Jie Zhou 0022, Robert J. Walls, John Criswell. 2281-2298 [doi]
• Orca: Blocklisting in Sender-Anonymous MessagingNirvan Tyagi, Julia Len, Ian Miers, Thomas Ristenpart. 2299-2316 [doi]
• Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanningShubham Jain, Ana-Maria Cretu 0002, Yves-Alexandre de Montjoye. 2317-2334 [doi]
• Hecate: Abuse Reporting in Secure Messengers with Sealed SenderRawane Issa, Nicolas Alhaddad, Mayank Varia. 2335-2352 [doi]
• End-to-Same-End Encryption: Modularly Augmenting an App with an Efficient, Portable, and Blind Cloud StorageLong Chen 0018, Ya-Nan Li 0007, Qiang Tang 0005, Moti Yung. 2353-2370 [doi]
• Omnes pro uno: Practical Multi-Writer Encrypted DatabaseJiafan Wang 0001, Sherman S. M. Chow. 2371-2388 [doi]
• Faster Yet Safer: Logging System Via Fixed-Key BlockcipherViet Tung Hoang, Cong Wu, Xin Yuan 0001. 2389-2406 [doi]
• IHOP: Improved Statistical Query Recovery against Searchable Symmetric Encryption through Quadratic OptimizationSimon Oya, Florian Kerschbaum. 2407-2424 [doi]
• Dynamic Searchable Encryption with Optimal Search in the Presence of DeletionsJavad Ghareh Chamani, Dimitrios Papadopoulos 0001, Mohammadamin Karbasforushan, Ioannis Demertzis. 2425-2442 [doi]
• ALASTOR: Reconstructing the Provenance of Serverless IntrusionsPubali Datta, Isaac Polinsky, Muhammad Adil Inam, Adam Bates 0001, William Enck. 2443-2460 [doi]
• Back-Propagating System Dependency Impact for Attack InvestigationPengcheng Fang, Peng Gao 0008, Changlin Liu, Erman Ayday, Kangkook Jee, Ting Wang 0006, Yanfang (Fanny) Ye, Zhuotao Liu, Xusheng Xiao. 2461-2478 [doi]
• Ground Truth for Binary Disassembly is Not EasyChengbin Pang, Tiantai Zhang, Ruotong Yu, Bing Mao, Jun Xu 0024. 2479-2495 [doi]
• FreeWill: Automatically Diagnosing Use-after-free Bugs via Reference Miscounting Detection on BinariesLiang He, Hong Hu 0004, Purui Su, Yan Cai 0001, Zhenkai Liang. 2497-2512 [doi]
• PolyCruise: A Cross-Language Dynamic Information Flow AnalysisWen Li, Jiang Ming 0002, Xiapu Luo, Haipeng Cai. 2513-2530 [doi]
• SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow AnalysisJu Chen, Wookhyun Han, Mingjun Yin, Haochen Zeng, Chengyu Song, Byoungyoung Lee, Heng Yin, Insik Shin. 2531-2548 [doi]
• CellIFT: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in RTLFlavien Solt, Ben Gras, Kaveh Razavi. 2549-2566 [doi]
• FlowMatrix: GPU-Assisted Information-Flow Analysis through Matrix-Based RepresentationKaihang Ji, Jun Zeng, Yuancheng Jiang, Zhenkai Liang, Zheng-Leong Chua, Prateek Saxena, Abhik Roychoudhury. 2567-2584 [doi]
• Bedrock: Programmable Network Support for Secure RDMA SystemsJiarong Xing, Kuo-Feng Hsu, Yiming Qiu, Ziyang Yang, Hongyi Liu, Ang Chen. 2585-2600 [doi]
• Creating a Secure Underlay for the InternetHenry Birge-Lee, Joel Wanner, Grace H. Cimaszewski, Jonghoon Kwon, Liang Wang 0054, François Wirz, Prateek Mittal, Adrian Perrig, Yixin Sun. 2601-2618 [doi]
• Off-Path Network Traffic Manipulation via Revitalized ICMP Redirect AttacksXuewei Feng, Qi Li 0002, Kun Sun 0001, Zhiyun Qian, Gang Zhao, Xiaohui Kuang, Chuanpu Fu, Ke Xu 0002. 2619-2636 [doi]
• VerLoc: Verifiable Localization in Decentralized SystemsKatharina Kohls, Claudia Díaz. 2637-2654 [doi]
• Towards More Robust Keyword Spotting for Voice AssistantsShimaa Ahmed, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz. 2655-2672 [doi]
• Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake EraChangjiang Li, Li Wang, Shouling Ji, Xuhong Zhang 0005, Zhaohan Xi, Shanqing Guo, Ting Wang 0006. 2673-2690 [doi]
• Who Are You (I Really Wanna Know)? Detecting Audio DeepFakes Through Vocal Tract ReconstructionLogan Blue, Kevin Warren, Hadi Abdullah, Cassidy Gibson, Luis Vargas, Jessica O'Dell, Kevin R. B. Butler, Patrick Traynor. 2691-2708 [doi]
• DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate DisassemblySheng Yu, Yu Qu, Xunchao Hu, Heng Yin. 2709-2725 [doi]
• RE-Mind: a First Look Inside the Mind of a Reverse EngineerAlessandro Mantovani, Simone Aonzo, Yanick Fratantonio, Davide Balzarotti. 2727-2745 [doi]
• Characterizing the Security of Github CI WorkflowsIgibek Koishybayev, Aleksandr Nahapetyan, Raima Zachariah, Siddharth Muralee, Bradley Reaves, Alexandros Kapravelos, Aravind Machiry. 2747-2763 [doi]
• Decomperson: How Humans Decompile and What We Can Learn From ItKevin Burk, Fabio Pagani, Christopher Kruegel, Giovanni Vigna. 2765-2782 [doi]
• 99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security AlarmsBushra A. Alahmadi, Louise Axon, Ivan Martinovic. 2783-2800 [doi]
• HyperDegrade: From GHz to MHz Effective CPU FrequenciesAlejandro Cabrera Aldaya, Billy Bob Brumley. 2801-2818 [doi]
• Pacer: Comprehensive Network Side-Channel Mitigation in the CloudAastha Mehta, Mohamed Alzayat, Roberta De Viti, Björn B. Brandenburg, Peter Druschel, Deepak Garg 0001. 2819-2838 [doi]
• Composable Cachelets: Protecting Enclaves from Cache Side-Channel AttacksDaniel Townley, Kerem Arikan, Yu David Liu, Dmitry Ponomarev 0001, Oguz Ergin. 2839-2856 [doi]
• Don't Mesh Around: Side-Channel Attacks and Mitigations on Mesh InterconnectsMiles Dai, Riccardo Paccagnella, Miguel Gomez-Garcia, John D. McCalpin, Mengjia Yan. 2857-2874 [doi]
• WebGraph: Capturing Advertising and Tracking Information Flows for Robust BlockingSandra Siby, Umar Iqbal, Steven Englehardt, Zubair Shafiq, Carmela Troncoso. 2875-2892 [doi]
• Automating Cookie Consent and GDPR Violation DetectionDino Bollinger, Karel Kubícek, Carlos Cotrini, David A. Basin. 2893-2910 [doi]
• Khaleesi: Breaker of Advertising and Tracking Request ChainsUmar Iqbal, Charlie Wolfe, Charles Nguyen, Steven Englehardt, Zubair Shafiq. 2911-2928 [doi]
• Practical Data Access Minimization in Trigger-Action PlatformsYunang Chen, Mohannad Alhanahnah, Andrei Sabelfeld, Rahul Chatterjee 0001, Earlence Fernandes. 2929-2945 [doi]
• Shuffle-based Private Set Union: Faster and More SecureYanxue Jia, Shi-Feng Sun, Hong-Sheng Zhou, Jiajun Du, Dawu Gu. 2947-2964 [doi]
• Polynomial Commitment with a One-to-Many Prover and ApplicationsJiaheng Zhang, Tiancheng Xie, Thang Hoang, Elaine Shi, Yupeng Zhang 0001. 2965-2982 [doi]
• ppSAT: Towards Two-Party Private SAT SolvingNing Luo, Samuel Judson, Timos Antonopoulos, Ruzica Piskac, Xiao Wang. 2983-3000 [doi]
• Hyperproofs: Aggregating and Maintaining Proofs in Vector CommitmentsShravan Srinivasan, Alexander Chepurnoy, Charalampos Papamanthou, Alin Tomescu, Yupeng Zhang 0001. 3001-3018 [doi]
• COMRace: Detecting Data Race Vulnerabilities in COM ObjectsFangming Gu, Qingli Guo, Lian Li, Zhiniang Peng, Wei Lin, Xiaobo Yang, Xiaorui Gong. 3019-3036 [doi]
• MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software ComponentsSeunghoon Woo, Hyunji Hong, Eunjin Choi, Heejo Lee. 3037-3053 [doi]
• Loki: Hardening Code Obfuscation Against Automated AttacksMoritz Schlögel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten Holz, Ali Abbasi 0002. 3055-3073 [doi]
• Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument SignaturesSimon Rohlmann, Christian Mainka, Vladislav Mladenov, Jörg Schwenk. 3075-3092 [doi]
• Playing Without Paying: Detecting Vulnerable Payment Verification in Native Binaries of Unity Mobile GamesChaoshun Zuo, Zhiqiang Lin. 3093-3110 [doi]
• Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGXLukas Giner, Andreas Kogler, Claudio Canella, Michael Schwarz 0001, Daniel Gruss. 3111-3127 [doi]
• A Hardware-Software Co-design for Efficient Intra-Enclave IsolationJinyu Gu 0001, Bojun Zhu, Mingyu Li, Wentai Li, Yubin Xia, Haibo Chen 0001. 3129-3145 [doi]
• SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave FuzzingTobias Cloosters, Johannes Willbold, Thorsten Holz, Lucas Davi. 3147-3164 [doi]
• SecSMT: Securing SMT Processors against Contention-Based Covert ChannelsMohammadkazem Taram, Xida Ren, Ashish Venkat, Dean M. Tullsen. 3165-3182 [doi]
• Rendering Contention Channel Made Practical in Web BrowsersShujiang Wu, Jianjia Yu, Min Yang 0002, Yinzhi Cao. 3183-3199 [doi]
• SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernelXiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, Zhiyun Qian. 3201-3217 [doi]
• TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable VulnerabilitiesRahul Kande, Addison Crump, Garrett Persyn, Patrick Jauernig, Ahmad-Reza Sadeghi, Aakash Tyagi, Jeyavijayan Rajendran. 3219-3236 [doi]
• Fuzzing Hardware Like SoftwareTimothy Trippel, Kang G. Shin, Alex Chernyakhovsky, Garret Kelly, Dominic Rizzo, Matthew Hicks. 3237-3254 [doi]
• Stateful Greybox FuzzingJinsheng Ba, Marcel Böhme, Zahra Mirzamomen, Abhik Roychoudhury. 3255-3272 [doi]
• StateFuzz: System Call-Based State-Aware Linux Driver FuzzingBodong Zhao, Zheming Li, Shisong Qin, Zheyu Ma, Ming Yuan, Wenyu Zhu, Zhihong Tian, Chao Zhang 0008. 3273-3289 [doi]
• How to Abuse and Fix Authenticated Encryption Without Key CommitmentAnge Albertini, Thai Duong, Shay Gueron, Stefan Kölbl, Atul Luykx, Sophie Schmieg. 3291-3308 [doi]
• Private SignalingVarun Madathil, Alessandra Scafuro, István András Seres, Omer Shlomovits, Denis Varlakov. 3309-3326 [doi]
• Batched Differentially Private Information RetrievalKinan Dak Albab, Rawane Issa, Mayank Varia, Kalman Graffi. 3327-3344 [doi]
• Practical Privacy-Preserving Authentication for SSHLawrence Roy, Stanislav Lyakhov, Yeongjin Jang, Mike Rosulek. 3345-3362 [doi]
• One-off Disclosure Control by Heterogeneous GeneralizationOlga Gkountouna, Katerina Doka, Mingqiang Xue, Jianneng Cao, Panagiotis Karras. 3363-3377 [doi]
• Understanding and Improving Usability of Data Dashboards for Simplified Privacy Control of Voice Assistant DataVandit Sharma, Mainack Mondal. 3379-3395 [doi]
• Security and Privacy Perceptions of Third-Party Application Access for Google AccountsDavid G. Balash, Xiaoyuan Wu, Miles Grant, Irwin Reyes, Adam J. Aviv. 3397-3414 [doi]
• Empirical Understanding of Deletion Privacy: Experiences, Expectations, and MeasuresMohsen Minaei, Mainack Mondal, Aniket Kate. 3415-3432 [doi]
• Security at the End of the Tunnel: The Anatomy of VPN Mental Models Among Experts and Non-Experts in a Corporate ContextVeroniek Binkhorst, Tobias Fiebig, Katharina Krombholz, Wolter Pieters, Katsiaryna Labunets. 3433-3450 [doi]
• How and Why People Use Virtual Private NetworksAgnieszka Dutkowska-Zuk, Austin Hounsel, Amy Morrill, Andre Xiong, Marshini Chetty, Nick Feamster. 3451-3465 [doi]
• CamShield: Securing Smart Cameras through Physical Replication and IsolationZhiwei Wang, Yihui Yan, Yueli Yan, Huangxun Chen, Zhice Yang. 3467-3484 [doi]
• SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy VerifierLukas Petzi, Ala Eddine Ben Yahya, Alexandra Dmitrienko, Gene Tsudik, Thomas Prantl, Samuel Kounev. 3485-3501 [doi]
• An Experimental Study of GPS Spoofing and Takeover Attacks on UAVsHarshad Sathaye, Martin Strohmeier, Vincent Lenders, Aanjhan Ranganathan. 3503-3520 [doi]
• Smart Home Privacy Policies Demystified: A Study of Availability, Content, and CoverageSunil Manandhar, Kaushal Kafle, Benjamin Andow, Kapil Singh, Adwait Nadkarni. 3521-3538 [doi]
• MaDIoT 2.0: Modern High-Wattage IoT Botnet Attacks and DefensesTohid Shekari, Alvaro A. Cárdenas, Raheem Beyah. 3539-3556 [doi]
• AutoDA: Automated Decision-based Iterative Adversarial AttacksQi-An Fu, Yinpeng Dong, Hang Su 0006, Jun Zhu 0001, Chao Zhang 0008. 3557-3574 [doi]
• Poison Forensics: Traceback of Data Poisoning Attacks in Neural NetworksShawn Shan, Arjun Nitin Bhagoji, Haitao Zheng 0001, Ben Y. Zhao. 3575-3592 [doi]
• Teacher Model Fingerprinting Attacks Against Transfer LearningYufei Chen 0001, Chao Shen 0001, Cong Wang 0001, Yang Zhang 0016. 3593-3610 [doi]
• Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style ManipulationXudong Pan, Mi Zhang, Beina Sheng, Jiaming Zhu, Min Yang 0002. 3611-3628 [doi]
• PoisonedEncoder: Poisoning the Unlabeled Pre-training Data in Contrastive LearningHongbin Liu 0005, Jinyuan Jia, Neil Zhenqiang Gong. 3629-3645 [doi]
• Double Trouble: Combined Heterogeneous Attacks on Non-Inclusive Cache HierarchiesAntoon Purnal, Furkan Turan, Ingrid Verbauwhede. 3647-3664 [doi]
• QuORAM: A Quorum-Replicated Fault Tolerant ORAM DatastoreSujaya Maiyya, Seif Ibrahim, Caitlin Scarberry, Divyakant Agrawal, Amr El Abbadi, Huijia Lin, Stefano Tessaro, Victor Zakhary. 3665-3682 [doi]
• Post-Quantum Cryptography with Contemporary Co-Processors: Beyond Kronecker, Schönhage-Strassen & NussbaumerJoppe W. Bos, Joost Renes, Christine van Vredendaal. 3683-3697 [doi]
• FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz TestingZenong Zhang, Zach Patterson, Michael Hicks 0001, Shiyi Wei. 3699-3715 [doi]
• Tightly Seal Your Sensitive Pointers with PACTightMohannad Ismail, Andrew Quach, Christopher Jelesnianski, Yeongjin Jang, Changwoo Min. 3717-3734 [doi]
• Total Eclipse of the Heart - Disrupting the InterPlanetary File SystemBernd Prünster, Alexander Marsalek, Thomas Zefferer. 3735-3752 [doi]
• PrivGuard: Privacy Regulation Compliance Made EasierLun Wang, Usmann Khan, Joseph P. Near, Qi Pang, Jithendaraa Subramanian, Neel Somani, Peng Gao 0008, Andrew Low, Dawn Song. 3753-3770 [doi]
• Stick It to The Man: Correcting for Non-Cooperative Behavior of Subjects in Experiments on Social NetworksKaleigh Clary, Emma Tosch, Jeremiah Onaolapo, David D. Jensen. 3771-3788 [doi]
• OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VRRahmadi Trimananda, Hieu Le, Hao Cui, Janice Tran Ho, Anastasia Shuba, Athina Markopoulou. 3789-3806 [doi]
• Half-Double: Hammering From the Next Row OverAndreas Kogler, Jonas Juffinger, Salman Qazi, Yoongu Kim, Moritz Lipp, Nicolas Boichat, Eric Shiu, Mattias Nissler, Daniel Gruss. 3807-3824 [doi]
• RETBLEED: Arbitrary Speculative Code Execution with Return InstructionsJohannes Wikner, Kaveh Razavi. 3825-3842 [doi]
• PISTIS: Trusted Computing Architecture for Low-end Embedded SystemsMichele Grisafi, Mahmoud Ammar, Marco Roveri, Bruno Crispo. 3843-3860 [doi]
• Rapid Prototyping for Microarchitectural AttacksCatherine Easdon, Michael Schwarz 0001, Martin Schwarzl, Daniel Gruss. 3861-3877 [doi]
• ProFactory: Improving IoT Security via Formalized Protocol CustomizationFei Wang 0046, Jianliang Wu, Yuhong Nan, Yousra Aafer, Xiangyu Zhang 0001, Dongyan Xu, Mathias Payer. 3879-3896 [doi]
• Using Trātṛ to tame Adversarial SynchronizationYuvraj Patel, Chenhao Ye, Akshat Sinha, Abigail Matthews, Andrea C. Arpaci-Dusseau, Michael M. Swift. 3897-3916 [doi]
• ÆPIC Leak: Architecturally Leaking Uninitialized Data from the MicroarchitecturePietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz 0001. 3917-3934 [doi]
• SAPIC+: protocol verifiers of the world, unite!Vincent Cheval, Charlie Jacomme, Steve Kremer, Robert Künnemann. 3935-3952 [doi]
• On the Security Risks of AutoMLRen Pang, Zhaohan Xi, Shouling Ji, Xiapu Luo, Ting Wang 0006. 3953-3970 [doi]
• Dos and Don'ts of Machine Learning in Computer SecurityDaniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, Konrad Rieck. 3971-3988 [doi]
• Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity AnalysisXudong Pan, Mi Zhang, Yifan Yan, Jiaming Zhu, Zhemin Yang. 3989-4006 [doi]
• On the Necessity of Auditable Algorithmic Definitions for Machine UnlearningAnvith Thudi, Hengrui Jia, Ilia Shumailov, Nicolas Papernot. 4007-4022 [doi]
• "The Same PIN, Just Longer": On the (In)Security of Upgrading PINs from 4 to 6 DigitsCollins W. Munyendo, Philipp Markert, Alexandra Nisenoff, Miles Grant, Elena Korkes, Blase Ur, Adam J. Aviv. 4023-4040 [doi]
• Where to Recruit for Security Development Studies: Comparing Six Software Developer SamplesHarjot Kaur, Sabrina Amft, Daniel Votipka, Yasemin Acar, Sascha Fahl. 4041-4058 [doi]
• Investigating State-of-the-Art Practices for Fostering Subjective Trust in Online Voting through InterviewsKarola Marky, Paul Gerber, Sebastian Günther 0001, Mohamed Khamis, Maximilian Fries, Max Mühlhäuser. 4059-4076 [doi]
• Electronic Monitoring Smartphone Apps: An Analysis of Risks from Technical, Human-Centered, and Legal PerspectivesKentrell Owens, Anita Alem, Franziska Roesner, Tadayoshi Kohno. 4077-4094 [doi]
• MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third PartiesGuoxing Chen, Yinqian Zhang. 4095-4110 [doi]
• Elasticlave: An Efficient Memory Model for EnclavesJason Zhijingcheng Yu, Shweta Shinde, Trevor E. Carlson, Prateek Saxena. 4111-4128 [doi]
• SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGXYuan Chen, Jiaqi Li, Guorui Xu, Yajin Zhou, Zhi Wang 0004, Cong Wang 0001, Kui Ren 0001. 4129-4146 [doi]
• Minefield: A Software-only Protection for SGX Enclaves against DVFS AttacksAndreas Kogler, Daniel Gruss, Michael Schwarz 0001. 4147-4164 [doi]
• Counting in Regexes Considered Harmful: Exposing ReDoS Vulnerability of Nonbacktracking MatchersLenka Turonová, Lukás Holík, Ivan Homoliak, Ondrej Lengál, Margus Veanes, Tomás Vojnar. 4165-4182 [doi]
• RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-FixYeting Li, Yecheng Sun, Zhiwu Xu 0001, Jialun Cao, Yuekang Li, Rongchen Li, Haiming Chen, Shing-Chi Cheung, Yang Liu 0003, Yang Xiao 0011. 4183-4200 [doi]
• Anycast Agility: Network Playbooks to Fight DDoSA. S. M. Rizvi, Leandro M. Bertholdo, João M. Ceron, John S. Heidemann. 4201-4218 [doi]
• Regulator: Dynamic Analysis to Detect ReDoSRobert McLaughlin, Fabio Pagani, Noah Spahn, Christopher Kruegel, Giovanni Vigna. 4219-4235 [doi]
• Aardvark: An Asynchronous Authenticated Dictionary with Applications to Account-based CryptocurrenciesDerek Leung, Yossi Gilad, Sergey Gorbunov 0001, Leonid Reyzin, Nickolai Zeldovich. 4237-4254 [doi]
• Zero-Knowledge MiddleboxesPaul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, Michael Walfish. 4255-4272 [doi]
• Efficient Representation of Numerical Optimization Problems for SNARKsSebastian Angel, Andrew J. Blumberg, Eleftherios Ioannidis, Jess Woods. 4273-4290 [doi]
• Experimenting with Collaborative zk-SNARKs: Zero-Knowledge Proofs for Distributed SecretsAlex Ozdemir, Dan Boneh. 4291-4308 [doi]
• Detecting Logical Bugs of DBMS with Coverage-based GuidanceYu Liang, Song Liu, Hong Hu 0004. 4309-4326 [doi]
• Augmenting Decompiler Output with Learned Variable Names and TypesQibin Chen, Jeremy Lacomis, Edward J. Schwartz, Claire Le Goues, Graham Neubig, Bogdan Vasilescu. 4327-4343 [doi]
• Debloating Address SanitizerYuchen Zhang, Chengbin Pang, Georgios Portokalidis, Nikos Triandopoulos, Jun Xu 0024. 4345-4363 [doi]
• Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program PathsShunfan Zhou, Zhemin Yang, Dan Qiao, Peng Liu 0005, Min Yang 0002, Zhe Wang 0017, Chenggang Wu 0002. 4365-4382 [doi]
• Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side ChannelHenrique Teles Maia, Chang Xiao, Dingzeyu Li, Eitan Grinspun, Changxi Zheng. 4383-4400 [doi]
• Lamphone: Passive Sound Recovery from a Desk Lamp's Light Bulb VibrationsBen Nassi, Yaron Pirutin, Raz Swisa, Adi Shamir, Yuval Elovici, Boris Zadov. 4401-4417 [doi]
• Automated Side Channel Analysis of Media Software with Manifold LearningYuanyuan Yuan, Qi Pang, Shuai Wang 0011. 4419-4436 [doi]
• Lend Me Your Ear: Passive Remote Physical Side Channels on PCsDaniel Genkin, Noam Nissan, Roei Schuster, Eran Tromer. 4437-4454 [doi]
• Stalloris: RPKI Downgrade AttackTomas Hlavacek, Philipp Jeitner, Donika Mirdita, Haya Shulman, Michael Waidner. 4455-4471 [doi]
• XDRI Attacks - and - How to Enhance Resilience of Residential RoutersPhilipp Jeitner, Haya Shulman, Lucas Teichmann, Michael Waidner. 4473-4490 [doi]
• V'CER: Efficient Certificate Validation in Constrained NetworksDavid Koisser, Patrick Jauernig, Gene Tsudik, Ahmad-Reza Sadeghi. 4491-4508 [doi]
• Themis: Accelerating the Detection of Route Origin Hijacking by Distinguishing Legitimate and Illegitimate MOASLancheng Qin, Dan Li, Ruifeng Li, Kang Wang. 4509-4524 [doi]
• ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning ModelsYugeng Liu, Rui Wen, Xinlei He, Ahmed Salem 0001, Zhikun Zhang 0001, Michael Backes 0001, Emiliano De Cristofaro, Mario Fritz, Yang Zhang 0016. 4525-4542 [doi]
• Inference Attacks Against Graph Neural NetworksZhikun Zhang 0001, Min Chen 0032, Michael Backes 0001, Yun Shen, Yang Zhang 0016. 4543-4560 [doi]
• Membership Inference Attacks and Defenses in Neural Network PruningXiaoyong Yuan, Lan Zhang 0005. 4561-4578 [doi]
• Are Your Sensitive Attributes Private? Novel Model Inversion Attribute Inference Attacks on Classification ModelsShagufta Mehnaz, Sayanton V. Dibbo, Ehsanul Kabir, Ninghui Li, Elisa Bertino. 4579-4596 [doi]