Abstract is missing.
- Windows into the Past: Exploiting Legacy Crypto in Modern OS's Kerberos ImplementationMichal Shagam, Eyal Ronen. [doi]
- VoltSchemer: Use Voltage Noise to Manipulate Your Wireless ChargerZihao Zhan, Yirui Yang, Haoqi Shan, Hanqiu Wang, Yier Jin, Shuo Wang 0003. [doi]
- Did the Neurons Read your Book? Document-level Membership Inference for Large Language ModelsMatthieu Meeus, Shubham Jain, Marek Rei, Yves-Alexandre de Montjoye. [doi]
- Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware ServicesWil Gibbs, Arvind S. Raj, Jayakrishna Menon Vadayath, Hui Jun Tay, Justin Miller, Akshay Ajayan, Zion Leonahenahe Basque, Audrey Dutcher, Fangzhou Dong, Xavier J. Maso, Giovanni Vigna, Christopher Kruegel, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang 0001. [doi]
- Shaken, not Stirred - Automated Discovery of Subtle Attacks on Protocols using Mix-NetsJannik Dreier, Pascal Lafourcade 0001, Dhekra Mahmoud. [doi]
- Is It a Trap? A Large-scale Empirical Study And Comprehensive Assessment of Online Automated Privacy Policy Generators for Mobile AppsShidong Pan, Dawen Zhang, Mark Staples, Zhenchang Xing, Jieshan Chen, Xiwei Xu 0001, Thong Hoang. [doi]
- Towards More Practical Threat Models in Artificial Intelligence SecurityKathrin Grosse, Lukas Bieringer, Tarek R. Besold, Alexandre Alahi. [doi]
- SDFuzz: Target States Driven Directed FuzzingPenghui Li 0001, Wei Meng 0001, Chao Zhang 0008. [doi]
- A Broad Comparative Evaluation of Software Debloating ToolsMichael D. Brown, Adam Meily, Brian Fairservice, Akshay Sood, Jonathan Dorn, Eric Kilmer, Ronald Eytchison. [doi]
- "I feel physically safe but not politically safe": Understanding the Digital Threats and Safety Practices of OnlyFans CreatorsAnanta Soneji, Vaughn Hamilton, Adam Doupé, Allison McDonald, Elissa M. Redmiles. [doi]
- Can Virtual Reality Protect Users from Keystroke Inference Attacks?Zhuolin Yang, Zain Sarwar, Iris Hwang, Ronik Bhaskar, Ben Y. Zhao, Haitao Zheng 0001. [doi]
- Simulated Stress: A Case Study of the Effects of a Simulated Phishing Campaign on Employees' Perception, Stress and Self-EfficacyMarkus Schöps, Marco Gutfleisch, Eric Wolter, M. Angela Sasse. [doi]
- Invisibility Cloak: Proactive Defense Against Visual Game CheatingChenxin Sun, Kai Ye, LiangCai Su, Jiayi Zhang, Chenxiong Qian. [doi]
- Neural Network Semantic Backdoor Detection and Mitigation: A Causality-Based ApproachBing Sun, Jun Sun 0001, Wayne Koh, Jie Shi. [doi]
- Don't Waste My Efforts: Pruning Redundant Sanitizer Checks by Developer-Implemented Type ChecksYizhuo Zhai, Zhiyun Qian, Chengyu Song, Manu Sridharan, Trent Jaeger, Paul L. Yu, Srikanth V. Krishnamurthy. [doi]
- Prefetch for Fun and Profit: A Revisit of Prefetch Attacks on Apple M1Hyunwoo Choi, Suryeon Kim, Seungwon Shin. [doi]
- SSRF vs. Developers: A Study of SSRF-Defenses in PHP ApplicationsMalte Wessels, Simon Koch, Giancarlo Pellegrino, Martin Johns. [doi]
- LaKey: Efficient Lattice-Based Distributed PRFs Enable Scalable Distributed Key ManagementMatthias Geihs, Hart Montgomery. [doi]
- DARKFLEECE: Probing the Dark Side of Android Subscription AppsChang Yue, Chen Zhong, Kai Chen 0012, Zhiyu Zhang, Yeonjoon Lee. [doi]
- Adversary is on the Road: Attacks on Visual SLAM using Unnoticeable Adversarial PatchBaodong Chen, Wei Wang, Pascal Sikorski, Ting Zhu. [doi]
- Tickets or Privacy? Understand the Ecosystem of Chinese Ticket Grabbing AppsYijing Liu, Yiming Zhang 0009, Baojun Liu, Haixin Duan, Qiang Li, Mingxuan Liu, Ruixuan Li 0008, Jia Yao. [doi]
- Correction-based Defense Against Adversarial Video Attacks via Discretization-Enhanced Video Compressive SensingWei Song, Cong Cong, Haonan Zhong, Jingling Xue. [doi]
- An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong DetectionShenao Yan, Shen Wang, Yue Duan, Hanbin Hong, Kiho Lee, Doowon Kim, Yuan Hong. [doi]
- Orbital Trust and Privacy: SoK on PKI and Location Privacy Challenges in Space NetworksDavid Koisser, Richard Mitev, Nikita Yadav, Franziska Vollmer, Ahmad-Reza Sadeghi. [doi]
- Defending Against Data Reconstruction Attacks in Federated Learning: An Information Theory ApproachQi Tan, Qi Li 0002, Yi Zhao 0011, Zhuotao Liu, Xiaobing Guo, Ke Xu 0002. [doi]
- Ahoy SAILR! There is No Need to DREAM of C: A Compiler-Aware Structuring Algorithm for Binary DecompilationZion Leonahenahe Basque, Ati Priya Bajaj, Wil Gibbs, Jude O'Kain, Derron Miao, Tiffany Bao, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang 0001. [doi]
- When the User Is Inside the User Interface: An Empirical Study of UI Security Properties in Augmented RealityKaiming Cheng, Arkaprabha Bhattacharya, Michelle Lin, Jaewook Lee 0005, Aroosh Kumar, Jeffery F. Tian, Tadayoshi Kohno, Franziska Roesner. [doi]
- Exploring ChatGPT's Capabilities on Vulnerability ManagementPeiyu Liu 0003, Junming Liu, Lirong Fu, Kangjie Lu, Yifan Xia, Xuhong Zhang 0002, Wenzhi Chen, Haiqin Weng, Shouling Ji, Wenhai Wang. [doi]
- Pandawan: Quantifying Progress in Linux-based Firmware RehostingIoannis Angelakopoulos, Gianluca Stringhini, Manuel Egele. [doi]
- CO3: Concolic Co-execution for FirmwareChangming Liu, Alejandro Mera, Engin Kirda, Meng Xu, Long Lu. [doi]
- Security and Privacy Software Creators' Perspectives on Unintended ConsequencesHarshini Sri Ramulu, Helen Schmitt, Dominik Wermke, Yasemin Acar. [doi]
- EVOKE: Efficient Revocation of Verifiable Credentials in IoT NetworksCarlo Mazzocca, Abbas Acar, A. Selcuk Uluagac, Rebecca Montanari. [doi]
- Demystifying the Security Implications in IoT Device Rental ServicesYi He, Yunchao Guan, Ruoyu Lun, Shangru Song, Zhihao Guo, Jianwei Zhuge, Jianjun Chen, Qiang Wei, Zehui Wu, Miao Yu, Hetian Shi, Qi Li 0002. [doi]
- SecurityNet: Assessing Machine Learning Vulnerabilities on Public ModelsBoyang Zhang, Zheng Li 0023, Ziqing Yang 0002, Xinlei He, Michael Backes 0001, Mario Fritz, Yang Zhang 0016. [doi]
- In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free ShoppingRaja Hasnain Anwar, Syed Rafiul Hussain, Muhammad Taqi Raza. [doi]
- Enabling Contextual Soft Moderation on Social Media through Contrastive Textual DeviationPujan Paudel, Mohammad Hammas Saeed, Rebecca Auger, Chris Wells, Gianluca Stringhini. [doi]
- ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response FuzzingQifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li 0002, Zhou Li 0001. [doi]
- Mudjacking: Patching Backdoor Vulnerabilities in Foundation ModelsHongbin Liu 0005, Michael K. Reiter, Neil Zhenqiang Gong. [doi]
- Code is not Natural Language: Unlock the Power of Semantics-Oriented Graph Representation for Binary Code Similarity DetectionHaojie He, Xingwei Lin, Ziang Weng, Ruijie Zhao 0001, Shuitao Gan, Libo Chen 0001, Yuede Ji, Jiashui Wang, Zhi Xue. [doi]
- Less is More: Revisiting the Gaussian Mechanism for Differential PrivacyTianxi Ji, Pan Li 0001. [doi]
- SymBisect: Accurate Bisection for Fuzzer-Exposed VulnerabilitiesZheng Zhang, Yu Hao 0006, Weiteng Chen, Xiaochen Zou, Xingyu Li, Haonan Li, Yizhuo Zhai, Zhiyun Qian, Billy Lau. [doi]
- GhostRace: Exploiting and Mitigating Speculative Race ConditionsHany Ragab, Andrea Mambretti, Anil Kurmus, Cristiano Giuffrida. [doi]
- Formalizing Soundness Proofs of Linear PCP SNARKsBolton Bailey, Andrew Miller. [doi]
- Understanding How to Inform Blind and Low-Vision Users about Data Privacy through Privacy Question Answering AssistantsYuanyuan Feng, Abhilasha Ravichander, Yaxing Yao, Shikun Zhang, Rex Chen, Shomir Wilson, Norman Sadeh 0001. [doi]
- Gradients Look Alike: Sensitivity is Often Overestimated in DP-SGDAnvith Thudi, Hengrui Jia, Casey Meehan, Ilia Shumailov, Nicolas Papernot. [doi]
- Navigating the Privacy Compliance Maze: Understanding Risks with Privacy-Configurable Mobile SDKsYifan Zhang 0010, Zhaojie Hu, Xueqiang Wang, Yuhui Hong, Yuhong Nan, Xiaofeng Wang 0001, Jiatao Cheng, Luyi Xing. [doi]
- Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch PredictorLuyi Li, Hosein Yavarzadeh, Dean M. Tullsen. [doi]
- Learning with Semantics: Towards a Semantics-Aware Routing Anomaly Detection SystemYihao Chen, Qilei Yin, Qi Li 0002, Zhuotao Liu, Ke Xu 0002, Yi Xu, Mingwei Xu, Ziqian Liu, Jianping Wu. [doi]
- d-DSE: Distinct Dynamic Searchable Encryption Resisting Volume Leakage in Encrypted DatabasesDongli Liu, Wei Wang 0088, Peng Xu 0003, Laurence T. Yang, Bo Luo, Kaitai Liang. [doi]
- How Does a Deep Learning Model Architecture Impact Its Privacy? A Comprehensive Study of Privacy Attacks on CNNs and TransformersGuangsheng Zhang, Bo Liu 0001, Huan Tian, Tianqing Zhu, Ming Ding 0001, Wanlei Zhou 0001. [doi]
- A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted ServiceSandra Höltervennhoff, Noah Wöhler, Arne Möhle, Marten Oltrogge, Yasemin Acar, Oliver Wiese, Sascha Fahl. [doi]
- Smudged Fingerprints: Characterizing and Improving the Performance of Web Application FingerprintingBrian Kondracki, Nick Nikiforakis. [doi]
- Improving the Ability of Thermal Radiation Based Hardware Trojan DetectionTing Su 0009, Yaohua Wang, Shi Xu, Lusi Zhang, Simin Feng, Jialong Song, Yiming Liu, Yongkang Tang, Yang Zhang, Shaoqing Li, Yang Guo 0003, Hengzhu Liu. [doi]
- PURE: Payments with UWB RElay-protectionDaniele Coppola, Giovanni Camurati, Claudio Anliker, Xenia Hofmeier, Patrick Schaller, David A. Basin, Srdjan Capkun. [doi]
- Atropos: Effective Fuzzing of Web Applications for Server-Side VulnerabilitiesEmre Güler, Sergej Schumilo, Moritz Schloegel, Nils Bars, Philipp Görz, Xinyi Xu, Cemal Kaygusuz, Thorsten Holz. [doi]
- Toward Unbiased Multiple-Target Fuzzing with Path DiversityHuanyao Rong, Wei You, Xiaofeng Wang 0006, Tianhao Mao. [doi]
- InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, Cristiano Giuffrida. [doi]
- Scalable Zero-knowledge Proofs for Non-linear Functions in Machine LearningMeng Hao, Hanxiao Chen, Hongwei Li 0001, Chenkai Weng, Yuan Zhang, Haomiao Yang, Tianwei Zhang 0004. [doi]
- Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless AuthenticationLeona Lassak, Elleen Pan, Blase Ur, Maximilian Golla. [doi]
- KnowPhish: Large Language Models Meet Multimodal Knowledge Graphs for Enhancing Reference-Based Phishing DetectionYuexin Li, Chengyu Huang, Shumin Deng, Mei Lin Lock, Tri Cao, Nay Oo, Hoon Wei Lim, Bryan Hooi. [doi]
- Forget and Rewire: Enhancing the Resilience of Transformer-based Models against Bit-Flip AttacksNajmeh Nazari, Hosein Mohammadi Makrani, Chongzhou Fang, Hossein Sayadi, Setareh Rafatirad, Khaled N. Khasawneh, Houman Homayoun. [doi]
- Page-Oriented Programming: Subverting Control-Flow Integrity of Commodity Operating System Kernels with Non-Writable Code PagesSeunghun Han, Seong Joong Kim, Wook Shin, Byung Joon Kim, Jae-Cheol Ryou. [doi]
- "These results must be false": A usability evaluation of constant-time analysis toolsMarcel Fourné, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, Yasemin Acar. [doi]
- Making Them Ask and Answer: Jailbreaking Large Language Models in Few Queries via Disguise and ReconstructionTong Liu, Yingjie Zhang, Zhe Zhao, Yinpeng Dong, Guozhu Meng, Kai Chen 0012. [doi]
- A NEW HOPE: Contextual Privacy Policies for Mobile Applications and An Approach Toward Automated GenerationShidong Pan, Zhen Tao, Thong Hoang, Dawen Zhang, Tianshi Li 0001, Zhenchang Xing, Xiwei Xu 0001, Mark Staples, Thierry Rakotoarivelo, David Lo 0001. [doi]
- Near-Optimal Constrained Padding for Object Retrievals with DependenciesPranay Jain, Andrew C. Reed, Michael K. Reiter. [doi]
- MD-ML: Super Fast Privacy-Preserving Machine Learning for Malicious Security with a Dishonest MajorityBoshi Yuan, Shixuan Yang, Yongxiang Zhang, Ning Ding 0001, Dawu Gu, Shi-Feng Sun 0001. [doi]
- GFWeb: Measuring the Great Firewall's Web Censorship at ScaleNguyen Phong Hoang, Jakub Dalek, Masashi Crete-Nishihata, Nicolas Christin, Vinod Yegneswaran, Michalis Polychronakis, Nick Feamster. [doi]
- "I just hated it and I want my money back": Data-driven Understanding of Mobile VPN Service Switching Preferences in The WildRohit Raj, Mridul Newar, Mainack Mondal. [doi]
- "I Don't Know If We're Doing Good. I Don't Know If We're Doing Bad": Investigating How Practitioners Scope, Motivate, and Conduct Privacy Work When Developing AI ProductsHao-Ping (Hank) Lee, Lan Gao, Stephanie S. Yang, Jodi Forlizzi, Sauvik Das. [doi]
- That Doesn't Go There: Attacks on Shared State in Multi-User Augmented Reality ApplicationsCarter Slocum, Yicheng Zhang, Erfan Shayegani, Pedram Zaree, Nael B. Abu-Ghazaleh, Jiasi Chen. [doi]
- Landscape More Secure Than Portrait? Zooming Into the Directionality of Digital Images With Security ImplicationsBenedikt Lorch, Rainer Böhme. [doi]
- Sprints: Intermittent Blockchain PoW MiningMichael Mirkin, Lulu Zhou, Ittay Eyal, Fan Zhang 0022. [doi]
- Length Leakage in Oblivious Data Access MechanismsGrace Jia, Rachit Agarwal 0001, Anurag Khandelwal. [doi]
- Rethinking the Security Threats of Stale DNS Glue RecordsYunyi Zhang, Baojun Liu, Haixin Duan, Min Zhang, Xiang Li, Fan Shi, Chengxi Xu, Eihal Alowaisheq. [doi]
- Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number ManipulationFabian Bäumer, Marcus Brinkmann, Jörg Schwenk. [doi]
- Into the Dark: Unveiling Internal Site Search Abused for Black Hat SEOYunyi Zhang, Mingxuan Liu, Baojun Liu, Yiming Zhang, Haixin Duan, Min Zhang, Hui Jiang, Yanzhe Li, Fan Shi. [doi]
- VOGUES: Validation of Object Guise using Estimated ComponentsRaymond Muller, Yanmao Man, Ming Li 0003, Ryan M. Gerdes, Jonathan Petit, Z. Berkay Celik. [doi]
- MIST: Defending Against Membership Inference Attacks Through Membership-Invariant Subspace TrainingJiacheng Li, Ninghui Li, Bruno Ribeiro 0001. [doi]
- "I'm not convinced that they don't collect more than is necessary": User-Controlled Data Minimization Design in Search EnginesTanusree Sharma, Lin Kyi, Yang Wang 0005, Asia J. Biega. [doi]
- Cascade: CPU Fuzzing via Intricate Program GenerationFlavien Solt, Katharina Ceesay-Seitz, Kaveh Razavi. [doi]
- Key Recovery Attacks on Approximate Homomorphic Encryption with Non-Worst-Case Noise Flooding CountermeasuresQian Guo 0001, Denis Nabokov, Elias Suvanto, Thomas Johansson 0001. [doi]
- I Experienced More than 10 DeFi Scams: On DeFi Users' Perception of Security Breaches and CountermeasuresMingyi Liu, Jun Ho Huh, Hyungseok Han, Jaehyuk Lee, Jihae Ahn, Frank Li, Hyoungshick Kim, Taesoo Kim. [doi]
- Unleashing the Power of Type-Based Call Graph Construction by Using Regional Pointer InformationYuandao Cai, Yibo Jin, Charles Zhang 0001. [doi]
- CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification AttacksZiyu Lin, Zhiwei Lin, Ximeng Liu, Jianjun Chen 0005, Run Guo, Cheng Chen, Shaodong Xiao. [doi]
- Unbalanced Circuit-PSI from Oblivious Key-Value RetrievalMeng Hao, Weiran Liu, Liqiang Peng, Hongwei Li 0001, Cong Zhang, Hanxiao Chen, Tianwei Zhang 0004. [doi]
- VeriSimplePIR: Verifiability in SimplePIR at No Online Cost for Honest ServersLeo de Castro, Keewoo Lee. [doi]
- Unveiling the Hunter-Gatherers: Exploring Threat Hunting Practices and Challenges in Cyber DefensePriyanka Badva, Kopo M. Ramokapane, Eleonora Pantano, Awais Rashid. [doi]
- How WEIRD is Usable Privacy and Security Research?Ayako Akiyama Hasegawa, Daisuke Inoue, Mitsuaki Akiyama. [doi]
- Secure Account Recovery for a Privacy-Preserving Web ServiceRyan Little, Lucy Qin, Mayank Varia. [doi]
- Inference of Error Specifications and Bug Detection Using Structural SimilaritiesNiels Dossche, Bart Coppens 0001. [doi]
- Improving Indirect-Call Analysis in LLVM with Type and Data-Flow Co-AnalysisDinghao Liu, Shouling Ji, Kangjie Lu, Qinming He. [doi]
- Towards Generic Database Management System FuzzingYupeng Yang, Yongheng Chen, Rui Zhong, Jizhou Chen, Wenke Lee. [doi]
- Towards Privacy and Security in Private Clouds: A Representative Survey on the Prevalence of Private Hosting and Administrator CharacteristicsLea Gröber, Simon Lenau, Rebecca Weil, Elena Groben, Michael Schilling 0001, Katharina Krombholz. [doi]
- FakeBehalf: Imperceptible Email Spoofing Attacks against the Delegation Mechanism in Email SystemsJinrui Ma, Lutong Chen, Kaiping Xue, Bo Luo, Xuanbo Huang, Mingrui Ai, Huanjie Zhang, David S. L. Wei, Yan Zhuang. [doi]
- ElectionGuard: a Cryptographic Toolkit to Enable Verifiable ElectionsJosh Benaloh, Michael Naehrig, Olivier Pereira, Dan S. Wallach. [doi]
- HIVE: A Hardware-assisted Isolated Execution Environment for eBPF on AArch64Peihua Zhang, Chenggang Wu 0002, Xiangyu Meng, Yinqian Zhang, Mingfan Peng, Shiyang Zhang, Bing Hu, Mengyao Xie, Yuanming Lai, Yan Kang 0002, Zhe Wang 0017. [doi]
- DEEPTYPE: Refining Indirect Call Targets with Strong Multi-layer Type AnalysisTianrou Xia, Hong Hu 0004, Dinghao Wu. [doi]
- Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS HandshakesDiwen Xue, Michalis Kallitsis 0001, Amir Houmansadr, Roya Ensafi. [doi]
- Don't Listen To Me: Understanding and Exploring Jailbreak Prompts of Large Language ModelsZhiyuan Yu, Xiaogeng Liu, Shunning Liang, Zach Cameron, Chaowei Xiao, Ning Zhang. [doi]
- The Decisive Power of Indecision: Low-Variance Risk-Limiting Audits and Election Contestation via Marginal Mark RecordingBenjamin Fuller 0001, Rashmi Pai, Alexander Russell. [doi]
- Exploiting Leakage in Password Managers via Injection AttacksAndrés Fábrega, Armin Namavari, Rachit Agarwal 0001, Ben Nassi, Thomas Ristenpart. [doi]
- ZenHammer: Rowhammer Attacks on AMD Zen-based PlatformsPatrick Jattke, Max Wipfli, Flavien Solt, Michele Marazzi, Matej Bölcskei, Kaveh Razavi. [doi]
- Diffie-Hellman Picture Show: Key Exchange Stories from Commercial VoWiFi DeploymentsGabriel Karl Gegenhuber, Florian Holzbauer, Philipp É. Frenzel, Edgar R. Weippl, Adrian Dabrowski. [doi]
- MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation LearningZian Jia, Yun Xiong, Yuhong Nan, Yao Zhang 0009, Jinjing Zhao, Mi Wen. [doi]
- BUDAlloc: Defeating Use-After-Free Bugs by Decoupling Virtual Address Management from KernelJunho Ahn, Jaehyeon Lee, Kanghyuk Lee, Wooseok Gwak, Minseong Hwang, Youngjin Kwon. [doi]
- Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded SystemsJiaxu Zhao, Yuekang Li, Yanyan Zou, Zhaohui Liang, Yang Xiao 0011, Yeting Li, Bingwei Peng, Nanyu Zhong, Xinyi Wang, Wei Wang, Wei Huo. [doi]
- Shesha : Multi-head Microarchitectural Leakage Discovery in new-generation Intel ProcessorsAnirban Chakraborty 0003, Nimish Mishra, Debdeep Mukhopadhyay. [doi]
- SpecLFB: Eliminating Cache Side Channels in Speculative ExecutionsXiaoyu Cheng, Fei Tong, Hongyu Wang, Zhe Zhou, Fang Jiang, Yuxing Mao. [doi]
- Engaging Company Developers in Security Research Studies: A Comprehensive Literature Review and Quantitative SurveyRaphael Serafini, Stefan Albert Horstmann, Alena Naiakshina. [doi]
- "Did They F***ing Consent to That?": Safer Digital Intimacy via Proactive Protection Against Image-Based Sexual AbuseLucy Qin, Vaughn Hamilton, Sharon Wang, Yigit Aydinalp, Marin Scarlett, Elissa M. Redmiles. [doi]
- From the Childhood Past: Views of Young Adults on Parental Sharing of Children's PhotosTania Ghafourian, Nicholas Micallef, Sameer Patil. [doi]
- Athena: Analyzing and Quantifying Side Channels of Transport Layer ProtocolsFeiyang Yu, Quan Zhou, Syed Rafiul Hussain, Danfeng Zhang. [doi]
- Racing for TLS Certificate Validation: A Hijacker's Guide to the Android TLS GalaxySajjad Pourali, Xiufen Yu, Lianying Zhao, Mohammad Mannan, Amr M. Youssef. [doi]
- Large Language Models for Code Analysis: Do LLMs Really Do Their Job?Chongzhou Fang, Ning Miao, Shaurya Srivastav, Jialin Liu 0006, Ruoyu Zhang, Ruijie Fang, Asmita, Ryan Tsang, Najmeh Nazari, Han Wang, Houman Homayoun. [doi]
- SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data PlanesSophia Yoo, Xiaoqi Chen, Jennifer Rexford. [doi]
- Pixel+ and Pixel++: Compact and Efficient Forward-Secure Multi-Signatures for PoS Blockchain ConsensusJianghong Wei, Guohua Tian, Ding Wang, Fuchun Guo, Willy Susilo, Xiaofeng Chen 0001. [doi]
- PIXELMOD: Improving Soft Moderation of Visual Misleading Information on TwitterPujan Paudel, Chen Ling, Jeremy Blackburn, Gianluca Stringhini. [doi]
- AttackGNN: Red-Teaming GNNs in Hardware Security Using Reinforcement LearningVasudev Gohil, Satwik Patnaik, Dileep Kalathil, Jeyavijayan Rajendran. [doi]
- True Attacks, Attack Attempts, or Benign Triggers? An Empirical Measurement of Network Alerts in a Security Operations CenterLimin Yang, Zhi Chen 0028, Chenkai Wang, Zhenning Zhang, Sushruth Booma, Phuong Cao, Constantin Adam, Alexander Withers, Zbigniew Kalbarczyk, Ravishankar K. Iyer, Gang Wang 0011. [doi]
- What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual CheckYunlong Xing, Shu Wang, ShiYu Sun, Xu He, Kun Sun 0001, Qi Li 0002. [doi]
- A First Physical-World Trajectory Prediction Attack via LiDAR-induced Deceptions in Autonomous DrivingYang Lou, Yi Zhu, Qun Song 0001, Rui Tan 0001, Chunming Qiao, Wei-Bin Lee, Jianping Wang 0001. [doi]
- OblivGNN: Oblivious Inference on Transductive and Inductive Graph Neural NetworkZhibo Xu, Shangqi Lai, Xiaoning Liu 0002, Alsharif Abuadbba, Xingliang Yuan, Xun Yi. [doi]
- SWOOSH: Efficient Lattice-Based Non-Interactive Key ExchangePhillip Gajland, Bor de Kock, Miguel Quaresma, Giulio Malavolta, Peter Schwabe. [doi]
- GHunter: Universal Prototype Pollution Gadgets in JavaScript RuntimesEric Cornelissen, Mikhail Shcherbakov, Musard Balliu. [doi]
- Double Face: Leveraging User Intelligence to Characterize and Recognize AI-synthesized FacesMatthew Joslin, Xian Wang, Shuang Hao 0001. [doi]
- SOAP: A Social Authentication ProtocolFelix Linker, David A. Basin. [doi]
- GraphGuard: Private Time-Constrained Pattern Detection Over Streaming Graphs in the CloudSonglei Wang, Yifeng Zheng, Xiaohua Jia. [doi]
- Bending microarchitectural weird machines towards practicalityPing-Lun Wang, Riccardo Paccagnella, Riad S. Wahby, Fraser Brown. [doi]
- Voice App Developer Experiences with Alexa and Google Assistant: Juggling Risks, Liability, and SecurityWilliam Seymour, Noura Abdi, Kopo M. Ramokapane, Jide S. Edu, Guillermo Suarez-Tangil, Jose Such. [doi]
- Unveiling IoT Security in Reality: A Firmware-Centric JourneyNicolas Nino, Ruibo Lu, Wei Zhou 0026, Kyu Hyung Lee, Ziming Zhao 0001, Le Guan. [doi]
- Relation Mining Under Local Differential PrivacyKai Dong, Zheng Zhang, Chuang Jia, Zhen Ling, Ming Yang 0001, Junzhou Luo, Xinwen Fu. [doi]
- Closed-Form Bounds for DP-SGD against Record-level InferenceGiovanni Cherubin, Boris Köpf, Andrew Paverd, Shruti Tople, Lukas Wutschitz, Santiago Zanella Béguelin. [doi]
- Enhancing Network Attack Detection with Distributed and In-Network Data Collection SystemSeyed Mohammad Mehdi Mirnajafizadeh, Ashwin Raam Sethuram, David Mohaisen, DaeHun Nyang, RhongHo Jang. [doi]
- Instruction Backdoor Attacks Against Customized LLMsRui Zhang, Hongwei Li 0001, Rui Wen 0002, Wenbo Jiang, Yuan Zhang, Michael Backes 0001, Yun Shen, Yang Zhang 0016. [doi]
- Towards an Effective Method of ReDoS Detection for Non-backtracking EnginesWeihao Su, Hong Huang, Rongchen Li, Haiming Chen, Tingjian Ge. [doi]
- PerfOMR: Oblivious Message Retrieval with Reduced Communication and ComputationZeyu Liu 0004, Eran Tromer, Yunhao Wang. [doi]
- Max Attestation Matters: Making Honest Parties Lose Their Incentives in Ethereum PoSMingfei Zhang, Rujia Li, Sisi Duan. [doi]
- Your Firmware Has Arrived: A Study of Firmware Update VulnerabilitiesYuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun 0001, Qi Li 0002, Ning Zhang 0017. [doi]
- MFKDF: Multiple Factors Knocked Down FlatMatteo Scarlata, Matilda Backendal, Miro Haller. [doi]
- DVa: Extracting Victims and Abuse Vectors from Android Accessibility MalwareHaichuan Xu, Mingxuan Yao, Runze Zhang, Mohamed Moustafa Dawoud, Jeman Park 0001, Brendan Saltaformaggio. [doi]
- Assessing Suspicious Emails with Banner Warnings Among Blind and Low-Vision Users in Realistic SettingsFilipo Sharevski, Aziz Zeidieh. [doi]
- FFXE: Dynamic Control Flow Graph Recovery for Embedded Firmware BinariesRyan Tsang, Asmita, Doreen Joseph, Soheil Salehi, Prasant Mohapatra, Houman Homayoun. [doi]
- Mempool Privacy via Batched Threshold Encryption: Attacks and DefensesArka Rai Choudhuri, Sanjam Garg, Julien Piet, Guru-Vamsi Policharla. [doi]
- FAMOS: Robust Privacy-Preserving Authentication on Payment Apps via Federated Multi-Modal Contrastive LearningYifeng Cai, Ziqi Zhang, Jiaping Gui, Bingyan Liu, Xiaoke Zhao, Ruoyu Li, Zhe Li, Ding Li 0001. [doi]
- FaceObfuscator: Defending Deep Learning-based Privacy Attacks with Gradient Descent-resistant Features in Face RecognitionShuaifan Jin, He Wang 0005, Zhibo Wang 0001, Feng Xiao, Jiahui Hu, Yuan He, Wenwen Zhang, Zhongjie Ba, Weijie Fang, Shuhong Yuan, Kui Ren 0001. [doi]
- PatchCURE: Improving Certifiable Robustness, Model Utility, and Computation Efficiency of Adversarial Patch DefensesChong Xiang 0001, Tong Wu, Sihui Dai, Jonathan Petit, Suman Jana, Prateek Mittal. [doi]
- FraudWhistler: A Resilient, Robust and Plug-and-play Adversarial Example Detection Method for Speaker RecognitionKun Wang 0005, Xiangyu Xu, Li Lu 0008, Zhongjie Ba, Feng Lin 0004, Kui Ren 0001. [doi]
- On a Collision Course: Unveiling Wireless Attacks to the Aircraft Traffic Collision Avoidance System (TCAS)Giacomo Longo, Martin Strohmeier, Enrico Russo 0001, Alessio Merlo, Vincent Lenders. [doi]
- Rise of Inspectron: Automated Black-box Auditing of Cross-platform Electron AppsMir Masood Ali, Mohammad Ghasemisharif, Chris Kanich, Jason Polakis. [doi]
- MicGuard: A Comprehensive Detection System against Out-of-band Injection Attacks for Different Level Microphone-based DevicesTiantian Liu 0002, Feng Lin 0004, Zhongjie Ba, Li Lu 0008, Zhan Qin, Kui Ren 0001. [doi]
- Detecting Kernel Memory Bugs through Inconsistent Memory Management Intention InferencesDinghao Liu, Zhipeng Lu, Shouling Ji, Kangjie Lu, Jianhai Chen, Zhenguang Liu, Dexin Liu, Renyi Cai, Qinming He. [doi]
- Exploring Covert Third-party Identifiers through External Storage in the Android New EraZikan Dong, Tianming Liu, Jiapeng Deng, Haoyu Wang 0001, Li Li 0029, Minghui Yang, Meng Wang, Guosheng Xu 0001, Guoai Xu. [doi]
- Prompt Stealing Attacks Against Text-to-Image Generation ModelsXinyue Shen, Yiting Qu, Michael Backes 0001, Yang Zhang 0016. [doi]
- The Impact of Exposed Passwords on Honeyword EfficacyZonghao Huang, Lujo Bauer, Michael K. Reiter. [doi]
- Improving ML-based Binary Function Similarity Detection by Assessing and Deprioritizing Control Flow Graph FeaturesJialai Wang, Chao Zhang 0008, Longfei Chen, Yi Rong, Yuxiao Wu, Hao Wang, Wende Tan, Qi Li 0002, Zongpeng Li. [doi]
- Understanding Help-Seeking and Help-Giving on Social Media for Image-Based Sexual AbuseMiranda Wei, Sunny Consolvo, Patrick Gage Kelley, Tadayoshi Kohno, Tara Matthews, Sarah Meiklejohn, Franziska Roesner, Renee Shelby, Kurt Thomas, Rebecca Umbach. [doi]
- Take a Step Further: Understanding Page Spray in Linux Kernel ExploitationZiyi Guo, Dang K. Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang 0001, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé, Xinyu Xing. [doi]
- Fast RS-IOP Multivariate Polynomial Commitments and Verifiable Secret SharingZongyang Zhang, Weihan Li, Yanpei Guo, Kexin Shi, Sherman S. M. Chow, Ximeng Liu, Jin Dong. [doi]
- PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration TestingGelei Deng, Yi Liu, Víctor Mayoral Vilches, Peng Liu, Yuekang Li, Yuan Xu, Martin Pinzger 0001, Stefan Rass, Tianwei Zhang 0004, Yang Liu 0003. [doi]
- "But they have overlooked a few things in Afghanistan: " An Analysis of the Integration of Biometric Voter Verification in the 2019 Afghan Presidential ElectionsKabir Panahi, Shawn Robertson, Yasemin Acar, Alexandru G. Bardas, Tadayoshi Kohno, Lucy Simko. [doi]
- 6Sense: Internet-Wide IPv6 Scanning and its Security ApplicationsGrant Williams, Mert Erdemir, Amanda Hsu, Shraddha Bhat, Abhishek Bhaskar, Frank Li 0001, Paul Pearce. [doi]
- MUSES: Efficient Multi-User Searchable Encrypted DatabaseTung Le, Rouzbeh Behnia, Jorge Guajardo, Thang Hoang. [doi]
- Property Existence Inference against Generative ModelsLijin Wang, Jingjing Wang, Jie Wan, Lin Long, Ziqi Yang, Zhan Qin. [doi]
- Accelerating Secure Collaborative Machine Learning with Protocol-Aware RDMAZhenghang Ren, Mingxuan Fan, Zilong Wang 0007, Junxue Zhang 0001, Chaoliang Zeng, Zhicong Huang, Cheng Hong, Kai Chen 0005. [doi]
- You Can Obfuscate, but You Cannot Hide: CrossPoint Attacks against Network Topology ObfuscationXuanbo Huang, Kaiping Xue, Lutong Chen, Mingrui Ai, Huancheng Zhou, Bo Luo, Guofei Gu, Qibin Sun. [doi]
- FV8: A Forced Execution JavaScript Engine for Detecting Evasive TechniquesNikolaos Pantelaios, Alexandros Kapravelos. [doi]
- BackdoorIndicator: Leveraging OOD Data for Proactive Backdoor Detection in Federated LearningSongze Li, Yanbo Dai. [doi]
- "I chose to fight, be brave, and to deal with it": Threat Experiences and Security Practices of Pakistani Content CreatorsLea Gröber, Waleed Arshad, Shanza, Angelica Goetzen, Elissa M. Redmiles, Maryam Mustafa, Katharina Krombholz. [doi]
- Two Shuffles Make a RAM: Improved Constant Overhead Zero Knowledge RAMYibin Yang 0001, David Heath. [doi]
- DeepEclipse: How to Break White-Box DNN-Watermarking SchemesAlessandro Pegoraro, Carlotta Segna, Kavita Kumari, Ahmad-Reza Sadeghi. [doi]
- Xplain: Analyzing Invisible Correlations in Model ExplanationKavita Kumari, Alessandro Pegoraro, Hossein Fereidooni, Ahmad-Reza Sadeghi. [doi]
- Detecting and Mitigating Sampling Bias in Cybersecurity with Unlabeled DataSaravanan Thirumuruganathan, Fatih Deniz, Issa Khalil, Ting Yu 0001, Mohamed Nabeel, Mourad Ouzzani. [doi]
- Understanding the Security and Privacy Implications of Online Toxic Content on RefugeesArjun Arunasalam, Habiba Farrukh, Eliz Tekcan, Z. Berkay Celik. [doi]
- GlobalConfusion: TrustZone Trusted Application 0-Days by DesignMarcel Busch, Philipp Mao, Mathias Payer. [doi]
- Efficient Privacy Auditing in Federated LearningHongyan Chang, Brandon Edwards, Anindya S. Paul, Reza Shokri. [doi]
- SoK: The Good, The Bad, and The Unbalanced: Measuring Structural Limitations of Deepfake Media DatasetsSeth Layton, Tyler Tucker, Daniel Olszewski, Kevin Warren, Kevin R. B. Butler, Patrick Traynor. [doi]
- TYGR: Type Inference on Stripped Binaries using Graph Neural NetworksChang Zhu, Ziyang Li, Anton Xue, Ati Priya Bajaj, Wil Gibbs, Yibo Liu, Rajeev Alur, Tiffany Bao, Hanjun Dai, Adam Doupé, Mayur Naik, Yan Shoshitaishvili, Ruoyu Wang 0001, Aravind Machiry. [doi]
- MOAT: Towards Safe BPF Kernel ExtensionHongyi Lu, Shuai Wang 0011, Yechang Wu, Wanning He, Fengwei Zhang. [doi]
- Snowflake, a censorship circumvention system using temporary WebRTC proxiesCecylia Bocovich, Arlo Breault, David Fifield, Serene, Xiaokang Wang. [doi]
- You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise NetworksRafael Uetz, Marco Herzog, Louis Hackländer, Simon Schwarz, Martin Henze. [doi]
- GridSE: Towards Practical Secure Geographic Search via Prefix Symmetric Searchable EncryptionRuoyang Guo, Jiarui Li, Shucheng Yu. [doi]
- Moderating Illicit Online Image Promotion for Unsafe User Generated Content Games Using Large Vision-Language ModelsKeyan Guo, Ayush Utkarsh, Wenbo Ding, Isabelle Ondracek, Ziming Zhao 0001, Guo Freeman, Nishant Vishwamitra, Hongxin Hu. [doi]
- LaserAdv: Laser Adversarial Attacks on Speech Recognition SystemsGuoming Zhang, Xiaohui Ma, Huiting Zhang, Zhijie Xiang, Xiaoyu Ji 0001, Yanni Yang, Xiuzhen Cheng 0001, Pengfei Hu 0001. [doi]
- Intellectual Property Exposure: Subverting and Securing Intellectual Property Encapsulation in Texas Instruments MicrocontrollersMarton Bognar, Cas Magnus, Frank Piessens, Jo Van Bulck. [doi]
- Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating AppsKarel Dhondt, Victor Le Pochat, Yana Dimova, Wouter Joosen, Stijn Volckaert. [doi]
- RustSan: Retrofitting AddressSanitizer for Efficient Sanitization of RustKyuwon Cho, Jongyoon Kim, Kha Dinh Duy, Hajeong Lim, Hojoon Lee 0001. [doi]
- Abandon All Hope Ye Who Enter Here: A Dynamic, Longitudinal Investigation of Android's Data Safety SectionIoannis Arkalakis, Michalis Diamantaris, Serafeim Moustakas, Sotiris Ioannidis, Jason Polakis, Panagiotis Ilia. [doi]
- Enabling Developers, Protecting Users: Investigating Harassment and Safety in VRAbhinaya S. B., Aafaq Sabir, Anupam Das 0001. [doi]
- Holding Secrets Accountable: Auditing Privacy-Preserving Machine LearningHidde Lycklama, Alexander Viand, Nicolas Küchler, Christian Knabenhans, Anwar Hithnawi. [doi]
- zkCross: A Novel Architecture for Cross-Chain Privacy-Preserving AuditingYihao Guo, Minghui Xu 0001, Xiuzhen Cheng 0001, Dongxiao Yu, Wangjie Qiu, Gang Qu, Weibing Wang, Mingming Song. [doi]
- Zero-setup Intermediate-rate Communication Guarantees in a Global InternetMarc Wyss, Adrian Perrig. [doi]
- LR-Miner: Static Race Detection in OS Kernels by Mining Locking RulesTuo Li, Jia-Ju Bai, Gui-Dong Han, Shi-Min Hu 0001. [doi]
- 00SEVen - Re-enabling Virtual Machine Forensics: Introspecting Confidential VMs Using Privileged in-VM AgentsFabian Schwarz, Christian Rossow. [doi]
- Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug UnearthingAsmita, Yaroslav Oliinyk, Michael Scott, Ryan Tsang, Chongzhou Fang, Houman Homayoun. [doi]
- LLM-Fuzzer: Scaling Assessment of Large Language Model JailbreaksJiahao Yu 0001, Xingwei Lin, Zheng Yu, Xinyu Xing. [doi]
- Malla: Demystifying Real-world Large Language Model Integrated Malicious ServicesZilong Lin, Jian Cui, Xiaojing Liao, Xiaofeng Wang 0001. [doi]
- IoT Market Dynamics: An Analysis of Device Sales, Security and Privacy Signals, and their InteractionsSwaathi Vetrivel, Brennen Bouwmeester, Michel van Eeten, Carlos Hernandez Gañán. [doi]
- Dissecting Privacy Perspectives of Websites Around the World: "Aceptar Todo, Alle Akzeptieren, Accept All..."Aysun Ogut, Berke Turanlioglu, Doruk Can Metiner, Albert Levi, Cemal Yilmaz, Orçun Çetin, A. Selcuk Uluagac. [doi]
- On Data Fabrication in Collaborative Vehicular Perception: Attacks and CountermeasuresQingzhao Zhang, Shuowei Jin, Ruiyang Zhu, Jiachen Sun, Xumiao Zhang, Qi Alfred Chen, Z. Morley Mao. [doi]
- Pixel Thief: Exploiting SVG Filter Leakage in Firefox and ChromeSioli O'Connell, Lishay Aben Sour, Ron Magen, Daniel Genkin, Yossi Oren, Hovav Shacham, Yuval Yarom. [doi]
- "What do you want from theory alone?" Experimenting with Tight Auditing of Differentially Private Synthetic Data GenerationMeenatchi Sundaram Muthu Selva Annamalai, Georgi Ganev, Emiliano De Cristofaro. [doi]
- Verify your Labels! Trustworthy Predictions and Datasets via Confidence ScoresTorsten Krauß, Jasper Stang, Alexandra Dmitrienko. [doi]
- CellularLint: A Systematic Approach to Identify Inconsistent Behavior in Cellular Network SpecificationsMirza Masfiqur Rahman, Imtiaz Karim, Elisa Bertino. [doi]
- Logic Gone Astray: A Security Analysis Framework for the Control Plane Protocols of 5G BasebandsKai Tu, Abdullah Al Ishtiaq, Syed Md. Mukit Rashid, Yilu Dong, Weixuan Wang, Tianwei Wu, Syed Rafiul Hussain. [doi]
- Trust Me If You Can - How Usable Is Trusted Types In Practice?Sebastian Roth, Lea Gröber, Philipp Baus, Katharina Krombholz, Ben Stock. [doi]
- PrivImage: Differentially Private Synthetic Image Generation using Diffusion Models with Semantic-Aware PretrainingKecen Li, Chen Gong 0005, Zhixiang Li, YuZhong Zhao, Xinwen Hou, Tianhao Wang 0001. [doi]
- Go Go Gadget Hammer: Flipping Nested Pointers for Arbitrary Data LeakageYoussef Tobah, Andrew Kwong, Ingab Kang, Daniel Genkin, Kang G. Shin. [doi]
- From One Thousand Pages of Specification to Unveiling Hidden Bugs: Large Language Model Assisted Fuzzing of Matter IoT DevicesXiaoyue Ma, Lannan Luo, Qiang Zeng 0001. [doi]
- The Unpatchables: Why Municipalities Persist in Running Vulnerable HostsAksel Ethembabaoglu, Rolf van Wegberg, Yury Zhauniarovich, Michel van Eeten. [doi]
- Biosignal Authentication Considered Harmful TodayVeena Krish, Nicola Paoletti, Milad Kazemi, Scott A. Smolka, Amir Rahmati. [doi]
- Hermes: Unlocking Security Analysis of Cellular Network Protocols by Synthesizing Finite State Machines from Natural Language SpecificationsAbdullah Al Ishtiaq, Sarkar Snigdha Sarathi Das, Syed Md. Mukit Rashid, Ali Ranjbar, Kai Tu, Tianwei Wu, Zhezheng Song, Weixuan Wang, Mujtahid Akon, Rui Zhang 0037, Syed Rafiul Hussain. [doi]
- The Effect of Design Patterns on (Present and Future) Cookie Consent DecisionsNataliia Bielova, Laura Litvine, Anysia Nguyen, Mariam Chammat, Vincent Toubiana, Estelle Hary. [doi]
- Unveiling the Secrets without Data: Can Graph Neural Networks Be Exploited through Data-Free Model Extraction Attacks?YuanXin Zhuang, Chuan Shi, Mengmei Zhang, Jinghui Chen, Lingjuan Lyu, Pan Zhou, Lichao Sun 0001. [doi]
- Wireless Signal Injection Attacks on VSAT Satellite ModemsRobin Bisping, Johannes Willbold, Martin Strohmeier, Vincent Lenders. [doi]
- GuideEnricher: Protecting the Anonymity of Ethereum Mixing Service Users with Deep Reinforcement LearningRavindu De Silva, Wenbo Guo 0002, Nicola Ruaro, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna. [doi]
- ModelGuard: Information-Theoretic Defense Against Model Extraction AttacksMinxue Tang, Anna Dai, Louis DiValentin, Aolin Ding, Amin Hass, Neil Zhenqiang Gong, Yiran Chen 0001, Hai (Helen) Li. [doi]
- SAIN: Improving ICS Attack Detection Sensitivity via State-Aware InvariantsSyed Ghazanfar Abbas, Muslum Ozgur Ozmen, Abdulellah Alsaheel, Arslan Khan, Z. Berkay Celik, Dongyan Xu. [doi]
- "You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic StandardsNicolas Huaman, Jacques Suray, Jan H. Klemmer, Marcel Fourné, Sabrina Amft, Ivana Trummová, Yasemin Acar, Sascha Fahl. [doi]
- SHiFT: Semi-hosted Fuzz Testing for Embedded ApplicationsAlejandro Mera, Changming Liu, Ruimin Sun, Engin Kirda, Long Lu. [doi]
- When Threads Meet Interrupts: Effective Static Detection of Interrupt-Based Deadlocks in LinuxChengfeng Ye, Yuandao Cai, Charles Zhang 0001. [doi]
- EaTVul: ChatGPT-based Evasion Attack Against Software Vulnerability DetectionShigang Liu, Di Cao, Junae Kim, Tamas Abraham, Paul Montague, Seyit Camtepe, Jun Zhang 0010, Yang Xiang 0001. [doi]
- HYPERPILL: Fuzzing for Hypervisor-bugs by leveraging the Hardware Virtualization InterfaceAlexander Bulekov, Qiang Liu, Manuel Egele, Mathias Payer. [doi]
- Information Flow Control in Machine Learning through Modular Model ArchitectureTrishita Tiwari, Suchin Gururangan, Chuan Guo, Weizhe Hua, Sanjay Kariyappa, Udit Gupta, Wenjie Xiong 0001, Kiwan Maeng, Hsien-Hsin S. Lee, G. Edward Suh. [doi]
- Fledging Will Continue Until Privacy Improves: Empirical Analysis of Google's Privacy-Preserving Targeted AdvertisingGiuseppe Calderonio, Mir Masood Ali, Jason Polakis. [doi]
- ZKSMT: A VM for Proving SMT Theorems in Zero KnowledgeDaniel Luick, John C. Kolesar, Timos Antonopoulos, William R. Harris, James Parker, Ruzica Piskac, Eran Tromer, Xiao Wang 0012, Ning Luo. [doi]
- WhisperFuzz: White-Box Fuzzing for Detecting and Locating Timing Vulnerabilities in ProcessorsPallavi Borkar, Chen Chen, Mohamadreza Rostami, Nikhilesh Singh, Rahul Kande, Ahmad-Reza Sadeghi, Chester Rebeiro, Jeyavijayan Rajendran. [doi]
- SnailLoad: Exploiting Remote Network Latency Measurements without JavaScriptStefan Gast, Roland Czerny, Jonas Juffinger, Fabian Rauscher, Simone Franza, Daniel Gruss. [doi]
- POPSTAR: Lightweight Threshold Reporting with Reduced LeakageHanjun Li 0001, Sela Navot, Stefano Tessaro. [doi]
- Opportunistic Data Flow Integrity for Real-time Cyber-physical Systems Using Worst Case Execution Time ReservationYujie Wang, Ao Li 0006, Jinwen Wang, Sanjoy K. Baruah, Ning Zhang 0017. [doi]
- Deciphering Textual Authenticity: A Generalized Strategy through the Lens of Large Language Semantics for Detecting Human vs. Machine-Generated TextMazal Bethany, Brandon Wherry, Emet Bethany, Nishant Vishwamitra, Anthony Rios, Peyman Najafirad. [doi]
- ClearStamp: A Human-Visible and Robust Model-Ownership Proof based on Transposed Model TrainingTorsten Krauß, Jasper Stang, Alexandra Dmitrienko. [doi]
- ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler OptimizationZheng Yu, Ganxiang Yang, Xinyu Xing. [doi]
- Penetration Vision through Virtual Reality Headsets: Identifying 360-degree Videos from Head MovementsAnh Nguyen, Xiaokuan Zhang, Zhisheng Yan. [doi]
- AutoFHE: Automated Adaption of CNNs for Efficient Evaluation over FHEWei Ao, Vishnu Naresh Boddeti. [doi]
- I/O-Efficient Dynamic Searchable Encryption meets Forward & Backward PrivacyPriyanka Mondal, Javad Ghareh Chamani, Ioannis Demertzis, Dimitrios Papadopoulos 0001. [doi]
- AI Psychiatry: Forensic Investigation of Deep Learning Networks in Memory ImagesDavid Oygenblik, Carter Yagemann, Joseph Zhang, Arianna Mastali, Jeman Park 0001, Brendan Saltaformaggio. [doi]
- Digital Discrimination of Users in Sanctioned States: The Case of the Cuba EmbargoAnna Ablove, Shreyas Chandrashekaran, Hieu Le, Ram Sundara Raman, Reethika Ramesh, Harry Oppenheimer, Roya Ensafi. [doi]
- Notus: Dynamic Proofs of Liabilities from Zero-knowledge RSA AccumulatorsJiajun Xin, Arman Haghighi, Xiangan Tian, Dimitrios Papadopoulos 0001. [doi]
- SoK: Security of Programmable Logic ControllersEfrén López-Morales, Ulysse Planta, Carlos E. Rubio-Medrano, Ali Abbasi, Alvaro A. Cárdenas. [doi]
- Do You See How I Pose? Using Poses as an Implicit Authentication Factor for QR Code PaymentChuxiong Wu, Qiang Zeng 0001. [doi]
- Arcanum: Detecting and Evaluating the Privacy Risks of Browser Extensions on Web Pages and Web ContentQinge Xie, Manoj Vignesh Kasi Murali, Paul Pearce, Frank Li 0001. [doi]
- A Formal Analysis of SCTP: Attack Synthesis and Patch VerificationJacob Ginesin, Max von Hippel, Evan Defloor, Cristina Nita-Rotaru, Michael Tüxen. [doi]
- Batch PIR and Labeled PSI with Oblivious Ciphertext CompressionAlexander Bienstock, Sarvar Patel, Joon Young Seo, Kevin Yeo. [doi]
- Adversarial Illusions in Multi-Modal EmbeddingsTingwei Zhang, Rishi D. Jha, Eugene Bagdasaryan, Vitaly Shmatikov. [doi]
- ChainPatrol: Balancing Attack Detection and Classification with Performance Overhead for Service Function Chains Using Virtual TrailersMomen Oqaily, Hinddeep Purohit, Yosr Jarraya, Lingyu Wang 0001, Boubakr Nour, Makan Pourzandi, Mourad Debbabi. [doi]
- Stop, Don't Click Here Anymore: Boosting Website Fingerprinting By Considering Sets of SubpagesAsya Mitseva, Andriy Panchenko 0001. [doi]
- O-Ring and K-Star: Efficient Multi-party Private Set IntersectionMingli Wu, Tsz Hon Yuen, Kwan Yin Chan. [doi]
- ChainReactor: Automated Privilege Escalation Chain Discovery via AI PlanningGiulio De Pasquale, Ilya Grishchenko, Riccardo Iesari, Gabriel Pizarro, Lorenzo Cavallaro, Christopher Kruegel, Giovanni Vigna. [doi]
- DVSorder: Ballot Randomization Flaws Threaten Voter PrivacyBraden L. Crimmins, Dhanya Narayanan, Drew Springall, J. Alex Halderman. [doi]
- Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSSEric Olsson 0001, Benjamin Eriksson, Adam Doupé, Andrei Sabelfeld. [doi]
- Sync+Sync: A Covert Channel Built on fsync with StorageQisheng Jiang, Chundong Wang 0001. [doi]
- YPIR: High-Throughput Single-Server PIR with Silent PreprocessingSamir Jordan Menon, David J. Wu 0001. [doi]
- SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security MeasurementsAleksei Stafeev, Giancarlo Pellegrino. [doi]
- SymFit: Making the Common (Concrete) Case Fast for Binary-Code Concolic ExecutionZhenxiao Qi, Jie Hu, Zhaoqi Xiao, Heng Yin 0001. [doi]
- More Simplicity for Trainers, More Opportunity for Attackers: Black-Box Attacks on Speaker Recognition Systems by Inferring Feature ExtractorYunjie Ge, Pinji Chen, Qian Wang 0002, Lingchen Zhao, Ningping Mou, Peipei Jiang 0002, Cong Wang 0001, Qi Li 0002, Chao Shen 0001. [doi]
- Cost-effective Attack Forensics by Recording and Correlating File System ChangesLe Yu, Yapeng Ye, Zhuo Zhang 0002, Xiangyu Zhang 0001. [doi]
- Being Transparent is Merely the Beginning: Enforcing Purpose Limitation with Polynomial ApproximationShuofeng Liu, Zihan Wang, Minhui Xue, Long Wang, Yuanchao Zhang, Guangdong Bai. [doi]
- ACAI: Protecting Accelerator Execution with Arm Confidential Computing ArchitectureSupraja Sridhara, Andrin Bertschi, Benedict Schlüter, Mark Kuhne, Fabio Aliberti, Shweta Shinde. [doi]
- Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsSebastian Angel, Eleftherios Ioannidis, Elizabeth Margolin, Srinath T. V. Setty, Jess Woods. [doi]
- PINE: Efficient Verification of a Euclidean Norm Bound of a Secret-Shared VectorGuy N. Rothblum, Eran Omri, Junye Chen, Kunal Talwar. [doi]
- Navigating Traumatic Stress Reactions During Computer Security InterventionsLana Ramjit, Natalie Dolci, Francesca Rossi 0001, Ryan Garcia, Thomas Ristenpart, Dana Cuomo. [doi]
- FIRE: Combining Multi-Stage Filtering with Taint Analysis for Scalable Recurring Vulnerability DetectionSiyue Feng, Yueming Wu, Wenjie Xue, Sikui Pan, Deqing Zou, Yang Liu 0003, Hai Jin 0001. [doi]
- PointerGuess: Targeted Password Guessing Model Using Pointer MechanismKedong Xiu, Ding Wang 0002. [doi]
- A Flushing Attack on the DNS CacheYehuda Afek, Anat Bremler-Barr, Shoham Danino, Yuval Shavitt. [doi]
- UIHash: Detecting Similar Android UIs through Grid-Based Visual Appearance RepresentationJiawei Li, Jian Mao, Jun Zeng, Qixiao Lin, Shaowen Feng, Zhenkai Liang. [doi]
- VibSpeech: Exploring Practical Wideband Eavesdropping via Bandlimited Signal of Vibration-based Side ChannelChao Wang 0097, Feng Lin 0004, Hao Yan, Tong Wu, Wenyao Xu, Kui Ren 0001. [doi]
- DaCapo: Automatic Bootstrapping Management for Efficient Fully Homomorphic EncryptionSeonyoung Cheon, Yongwoo Lee 0001, Dongkwan Kim 0002, Ju Min Lee, Sunchul Jung, Taekyung Kim, Dongyoon Lee, Hanjun Kim 0001. [doi]
- ATTention Please! An Investigation of the App Tracking Transparency PermissionReham Mohamed 0004, Arjun Arunasalam, Habiba Farrukh, Jason Tong, Antonio Bianchi, Z. Berkay Celik. [doi]
- "What Keeps People Secure is That They Met The Security Team": Deconstructing Drivers And Goals of Organizational Security AwarenessJonas Hielscher, Simon Parkin. [doi]
- FVD-DPM: Fine-grained Vulnerability Detection via Conditional Diffusion Probabilistic ModelsMiaomiao Shao, Yuxin Ding. [doi]
- Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site ScriptingRobin Kirchner, Jonas Möller, Marius Musch, David Klein 0001, Konrad Rieck, Martin Johns. [doi]
- OPTISAN: Using Multiple Spatial Error Defenses to Optimize Stack Memory Protection within a BudgetRahul George, Mingming Chen, Kaiming Huang, Zhiyun Qian, Thomas La Porta, Trent Jaeger. [doi]
- SoK: Neural Network Extraction Through Physical Side ChannelsPéter Horváth, Dirk Lauret, Zhuoran Liu 0001, Lejla Batina. [doi]
- Spill the TeA: An Empirical Study of Trusted Application Rollback Prevention on Android SmartphonesMarcel Busch, Philipp Mao, Mathias Payer. [doi]
- Does Online Anonymous Market Vendor Reputation Matter?Alejandro Cuevas, Nicolas Christin. [doi]
- OptFuzz: Optimization Path Guided Fuzzing for JavaScript JIT CompilersJiming Wang, Yan Kang 0002, Chenggang Wu 0002, Yuhao Hu, Yue Sun, Jikai Ren, Yuanming Lai, Mengyao Xie, Charles Zhang, Tao Li 0022, Zhe Wang 0017. [doi]
- Practical Security Analysis of Zero-Knowledge Proof CircuitsHongbo Wen, Jon Stephens, Yanju Chen, Kostas Ferles, Shankara Pailoor, Kyle Charbonnet, Isil Dillig, Yu Feng 0001. [doi]
- SPF Beyond the Standard: Management and Operational Challenges in Practice and Practical RecommendationsMd. Ishtiaq Ashiq, Weitong Li, Tobias Fiebig, Taejoong Chung. [doi]
- PURL: Safe and Effective Sanitization of Link DecorationShaoor Munir, Patrick Lee, Umar Iqbal 0002, Sandra Siby, Zubair Shafiq. [doi]
- Single Pass Client-Preprocessing Private Information RetrievalArthur Lazzaretti, Charalampos Papamanthou. [doi]
- SledgeHammer: Amplifying Rowhammer via Bank-level ParallelismIngab Kang, Walter Wang, Jason Kim 0007, Stephan van Schaik, Youssef Tobah, Daniel Genkin, Andrew Kwong, Yuval Yarom. [doi]
- Bridging Barriers: A Survey of Challenges and Priorities in the Censorship Circumvention LandscapeDiwen Xue, Anna Ablove, Reethika Ramesh, Grace Kwak Danciu, Roya Ensafi. [doi]
- Remote Keylogging Attacks in Multi-user VR ApplicationsZihao Su, Kunlin Cai, Reuben Beeler, Lukas Dresel, Allan Garcia, Ilya Grishchenko, Yuan Tian 0001, Christopher Kruegel, Giovanni Vigna. [doi]
- REMARK-LLM: A Robust and Efficient Watermarking Framework for Generative Large Language ModelsRuisi Zhang, Shehzeen Samarah Hussain, Paarth Neekhara, Farinaz Koushanfar. [doi]
- Speculative Denial-of-Service Attacks In EthereumAviv Yaish, Kaihua Qin, Liyi Zhou, Aviv Zohar, Arthur Gervais. [doi]
- SoK: What don't we know? Understanding Security Vulnerabilities in SNARKsStefanos Chaliasos, Jens Ernstberger, David Theodore, David Wong, Mohammad Jahanara, Benjamin Livshits. [doi]
- "There are rabbit holes I want to go down that I'm not allowed to go down": An Investigation of Security Expert Threat Modeling Practices for Medical DevicesRonald Thompson, Madline McLaughlin, Carson Powers, Daniel Votipka. [doi]
- Automated Large-Scale Analysis of Cookie Notice ComplianceAhmed Bouhoula, Karel Kubicek 0001, Amit Zac, Carlos Cotrini, David A. Basin. [doi]
- Guardians of the Galaxy: Content Moderation in the InterPlanetary File SystemSaidu Sokoto, Leonhard Balduf, Dennis Trautwein, Yiluo Wei, Gareth Tyson, Ignacio Castro, Onur Ascigil, George Pavlou, Maciej Korczynski, Björn Scheuermann 0001, Michal Król. [doi]
- A Linear Reconstruction Approach for Attribute Inference Attacks against Synthetic DataMeenatchi Sundaram Muthu Selva Annamalai, Andrea Gadotti, Luc Rocher. [doi]
- Web Platform Threats: Automated Detection of Web Security Issues With WPTPedro Bernardo, Lorenzo Veronese, Valentino Dalla Valle, Stefano Calzavara, Marco Squarcina, Pedro Adão, Matteo Maffei. [doi]
- Lurking in the shadows: Unveiling Stealthy Backdoor Attacks against Personalized Federated LearningXiaoting Lyu, Yufei Han, Wei Wang 0012, Jingkai Liu, Yongsheng Zhu, Guangquan Xu, Jiqiang Liu, Xiangliang Zhang 0001. [doi]
- Query Recovery from Easy to Hard: Jigsaw Attack against SSEHao Nie, Wei Wang 0088, Peng Xu 0003, Xianglong Zhang, Laurence T. Yang, Kaitai Liang. [doi]
- SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch CachingVictor Duta, Mitchel Aloserij, Cristiano Giuffrida. [doi]
- DAAP: Privacy-Preserving Model Accuracy Estimation on Unlabeled Datasets Through Distribution-Aware Adversarial PerturbationGuodong Cao, Zhibo Wang 0001, Yunhe Feng, XiaoWei Dong. [doi]
- Inf2Guard: An Information-Theoretic Framework for Learning Privacy-Preserving Representations against Inference AttacksSayedeh Leila Noorbakhsh, Binghui Zhang, Yuan Hong, Binghui Wang. [doi]
- Formalizing and Benchmarking Prompt Injection Attacks and DefensesYupei Liu, Yuqi Jia, Runpeng Geng, Jinyuan Jia, Neil Zhenqiang Gong. [doi]
- Data Coverage for Guided FuzzingMingzhe Wang, Jie Liang 0006, Chijin Zhou, Zhiyong Wu, Jingzhou Fu, Zhuo Su 0005, Qing Liao 0001, Bin Gu 0006, Bodong Wu, Yu Jiang 0001. [doi]
- Transferability of White-box Perturbations: Query-Efficient Adversarial Attacks against Commercial DNN ServicesMeng Shen 0001, Changyue Li, Qi Li 0002, Hao Lu, Liehuang Zhu, Ke Xu 0002. [doi]
- CAMP: Compiler and Allocator-based Heap Memory ProtectionZhenpeng Lin, Zheng Yu, Ziyi Guo, Simone Campanoni, Peter A. Dinda, Xinyu Xing. [doi]
- OPTIKS: An Optimized Key Transparency SystemJulia Len, Melissa Chase, Esha Ghosh, Kim Laine, Radames Cruz Moreno. [doi]
- SpotProxy: Rediscovering the Cloud for Censorship CircumventionPatrick Tser Jern Kon, Sina Kamali, Jinyu Pei, Diogo Barradas, Ang Chen 0001, Micah Sherr, Moti Yung. [doi]
- Invalidate+Compare: A Timer-Free GPU Cache Attack PrimitiveZhenkai Zhang, Kunbei Cai, Yanan Guo, Fan Yao, Xing Gao 0001. [doi]
- ORANalyst: Systematic Testing Framework for Open RAN ImplementationsTianchang Yang, Syed Md. Mukit Rashid, Ali Ranjbar, Gang Tan, Syed Rafiul Hussain. [doi]
- Divide and Surrender: Exploiting Variable Division Instruction Timing in HQC Key Recovery AttacksRobin Leander Schröder, Stefan Gast, Qian Guo 0001. [doi]
- Privacy Side Channels in Machine Learning SystemsEdoardo Debenedetti, Giorgio Severi, Milad Nasr, Christopher A. Choquette-Choo, Matthew Jagielski, Eric Wallace, Nicholas Carlini, Florian Tramèr. [doi]
- Privacy-Preserving Data Aggregation with Public Verifiability Against Internal AdversariesMarco Palazzo, Florine W. Dekker, Alessandro Brighente, Mauro Conti, Zekeriya Erkin. [doi]
- Yes, One-Bit-Flip Matters! Universal DNN Model Inference Depletion with Runtime Code Fault InjectionShaofeng Li, Xinyu Wang, Minhui Xue, Haojin Zhu, Zhi Zhang, Yansong Gao, Wen Wu 0003, Xuemin (Sherman) Shen. [doi]
- RECORD: A RECeption-Only Region Determination Attack on LEO Satellite UsersEric Jedermann, Martin Strohmeier, Vincent Lenders, Jens B. Schmitt. [doi]
- ABACuS: All-Bank Activation Counters for Scalable and Low Overhead RowHammer MitigationAtaberk Olgun, Yahya Can Tugrul, Nisa Bostanci, Ismail Emir Yuksel, Haocong Luo, Steve Rhyner, Abdullah Giray Yaglikçi, Geraldo F. Oliveira, Onur Mutlu. [doi]
- Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart ContractsHan Liu, Daoyuan Wu, Yuqiang Sun 0001, Haijun Wang, Kaixuan Li, Yang Liu 0003, Yixiang Chen. [doi]
- BeeBox: Hardening BPF against Transient Execution AttacksDi Jin, Alexander J. Gaidis, Vasileios P. Kemerlis. [doi]
- Stateful Least Privilege Authorization for the CloudLeo Cao, Luoxi Meng, Deian Stefan, Earlence Fernandes. [doi]
- SoK (or SoLK?): On the Quantitative Study of Sociodemographic Factors and Computer Security BehaviorsMiranda Wei, Jaron Mink, Yael Eiger, Tadayoshi Kohno, Elissa M. Redmiles, Franziska Roesner. [doi]
- Investigating Moderation Challenges to Combating Hate and Harassment: The Case of Mod-Admin Power Dynamics and Feature Misuse on RedditMadiha Tabassum, Alana Mackey, Ashley Schuett, Ada Lerner. [doi]
- iHunter: Hunting Privacy Violations at Scale in the Software Supply Chain on iOSDexin Liu, Yue Xiao, Chaoqi Zhang, Kaitao Xie, Xiaolong Bai, Shikun Zhang, Luyi Xing. [doi]
- PhishDecloaker: Detecting CAPTCHA-cloaked Phishing Websites via Hybrid Vision-based Interactive ModelsXiwen Teoh, Yun Lin 0001, Ruofan Liu, Zhiyong Huang, Jin Song Dong. [doi]
- GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent PrefetchersBoru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella, Daniel Genkin. [doi]
- Loopy Hell(ow): Infinite Traffic Loops at the Application LayerYepeng Pan, Anna Ascheman, Christian Rossow. [doi]
- LanDscAPe: Exploring LDAP weaknesses and data leaks at Internet scaleJonas Kaspereit, Gurur Öndarö, Gustavo Luvizotto Cesar, Simon Ebbers, Fabian Ising, Christoph Saatjohann, Mattijs Jonker, Ralph Holz, Sebastian Schinzel. [doi]
- Data Subjects' Reactions to Exercising Their Right of AccessArthur Borem, Elleen Pan, Olufunmilola Obielodan, Aurelie Roubinowitz, Luca Dovichi, Michelle L. Mazurek, Blase Ur. [doi]
- Finding Traceability Attacks in the Bluetooth Low Energy Specification and Its ImplementationsJianliang Wu, Patrick Traynor, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi. [doi]
- VulSim: Leveraging Similarity of Multi-Dimensional Neighbor Embeddings for Vulnerability DetectionSamiha Shimmi, Ashiqur Rahman, Mohan Gadde, Hamed Okhravi, Mona Rahimi. [doi]
- WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern WebJoey Allen, Zheng Yang, Feng Xiao, Matthew Landen, Roberto Perdisci, Wenke Lee. [doi]
- Endokernel: A Thread Safe Monitor for Lightweight Subprocess IsolationFangfei Yang, Bumjin Im, Weijie Huang, Kelly Kaoudis, Anjo Vahldiek-Oberwagner, Chia-che Tsai, Nathan Dautenhahn. [doi]
- Critical Code Guided Directed Greybox Fuzzing for CommitsYi Xiang, Xuhong Zhang 0002, Peiyu Liu 0003, Shouling Ji, Xiao Xiao, Hong Liang, Jiacheng Xu, Wenhai Wang. [doi]
- A High Coverage Cybersecurity Scale Predictive of User BehaviorYukiko Sawaya, Sarah Lu, Takamasa Isohara, Mahmood Sharif. [doi]
- Fast and Private Inference of Deep Neural Networks by Co-designing Activation FunctionsAbdulrahman Diaa, Lucas Fenaux, Thomas Humphries, Marian Dietz, Faezeh Ebrahimianghazani, Bailey Kacsmar, Xinda Li 0001, Nils Lukas, Rasoul Akhavan Mahdavi, Simon Oya, Ehsan Amjadian, Florian Kerschbaum. [doi]
- ACE: A Model Poisoning Attack on Contribution Evaluation Methods in Federated LearningZhangchen Xu, Fengqing Jiang, Luyao Niu, Jinyuan Jia, Bo Li 0026, Radha Poovendran. [doi]
- pi-Jack: Physical-World Adversarial Attack on Monocular Depth Estimation with Perspective HijackingTianyue Zheng, Jingzhi Hu, Rui Tan, Yinqian Zhang, Ying He 0001, Jun Luo 0001. [doi]
- Exploring digital security and privacy in relative poverty in Germany through qualitative interviewsAnastassija Kostan, Sara Olschar, Lucy Simko, Yasemin Acar. [doi]
- It Doesn't Look Like Anything to Me: Using Diffusion Model to Subvert Visual Phishing DetectorsQingying Hao, Nirav Diwan, Ying Yuan, Giovanni Apruzzese, Mauro Conti, Gang Wang 0011. [doi]
- Lightweight Authentication of Web Data via Garble-Then-ProveXiang Xie, Kang Yang 0002, Xiao Wang 0012, Yu Yu 0001. [doi]
- Voodoo: Memory Tagging, Authenticated Encryption, and Error Correction through MAGICLukas Lamster, Martin Unterguggenberger, David Schrammel, Stefan Mangard. [doi]
- TAPFixer: Automatic Detection and Repair of Home Automation Vulnerabilities based on Negated-property ReasoningYinbo Yu, Yuanqi Xu, Kepu Huang, Jiajia Liu 0001. [doi]
- SLUBStick: Arbitrary Memory Writes through Practical Software Cross-Cache Attacks within the Linux KernelLukas Maar, Stefan Gast, Martin Unterguggenberger, Mathias Oberhuber, Stefan Mangard. [doi]
- Uncovering the Limits of Machine Learning for Automatic Vulnerability DetectionNiklas Risse, Marcel Böhme. [doi]
- Devil in the Room: Triggering Audio Backdoors in the Physical WorldMeng Chen, Xiangyu Xu, Li Lu 0008, Zhongjie Ba, Feng Lin 0004, Kui Ren 0001. [doi]
- Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS InfrastructureYunyi Zhang, Mingming Zhang, Baojun Liu, Zhan Liu, Jia Zhang 0004, Haixin Duan, Min Zhang, Fan Shi, Chengxi Xu. [doi]
- MultiFuzz: A Multi-Stream Fuzzer For Testing Monolithic FirmwareMichael Chesser, Surya Nepal, Damith C. Ranasinghe. [doi]
- "I really just leaned on my community for support": Barriers, Challenges and Coping Mechanisms Used by Survivors of Technology-Facilitated Abuse to Seek Social SupportNaman Gupta, Kate Walsh, Sanchari Das, Rahul Chatterjee 0001. [doi]
- Lotto: Secure Participant Selection against Adversarial Servers in Federated LearningZhifeng Jiang, Peng Ye, Shiqi He, Wei Wang 0030, Ruichuan Chen, Bo Li 0001. [doi]
- Quantifying Privacy Risks of Prompts in Visual Prompt LearningYixin Wu, Rui Wen 0002, Michael Backes 0001, Pascal Berrang, Mathias Humbert, Yun Shen, Yang Zhang 0016. [doi]
- HECKLER: Breaking Confidential VMs with Malicious InterruptsBenedict Schlüter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, Shweta Shinde. [doi]
- INSIGHT: Attacking Industry-Adopted Learning Resilient Logic Locking Techniques Using Explainable Graph Neural NetworkLakshmi Likhitha Mankali, Ozgur Sinanoglu, Satwik Patnaik. [doi]
- Rabbit-Mix: Robust Algebraic Anonymous Broadcast from Additive BasesChongwon Cho, Samuel Dittmer, Yuval Ishai, Steve Lu 0001, Rafail Ostrovsky. [doi]
- On Bridging the Gap between Control Flow Integrity and Attestation SchemesMahmoud Ammar, Ahmed Abdelraoof, Silviu Vlasceanu. [doi]
- "Belt and suspenders" or "just red tape"?: Investigating Early Artifacts and User Perceptions of IoT App Security CertificationPrianka Mandal, Amit Seal Ami, Victor Olaiya, Sayyed Hadi Razmjo, Adwait Nadkarni. [doi]
- dp-promise: Differentially Private Diffusion Probabilistic Models for Image SynthesisHaichen Wang, Shuchao Pang, Zhigang Lu 0001, Yihang Rao, Yongbin Zhou, Minhui Xue. [doi]
- SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege EscalationErin Avllazagaj, Yonghwi Kwon 0001, Tudor Dumitras. [doi]
- PEPSI: Practically Efficient Private Set Intersection in the Unbalanced SettingRasoul Akhavan Mahdavi, Nils Lukas, Faezeh Ebrahimianghazani, Thomas Humphries, Bailey Kacsmar, John A. Premkumar, Xinda Li 0001, Simon Oya, Ehsan Amjadian, Florian Kerschbaum. [doi]
- Can I Hear Your Face? Pervasive Attack on Voice Authentication Systems with a Single Face ImageNan Jiang, Bangjie Sun, Terence Sim, Jun Han 0001. [doi]
- Towards Privacy-Preserving Social-Media SDKs on AndroidHaoran Lu, Yichen Liu, Xiaojing Liao, Luyi Xing. [doi]
- Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android KernelsLukas Maar, Florian Draschbacher, Lukas Lamster, Stefan Mangard. [doi]
- On the Difficulty of Defending Contrastive Learning against Backdoor AttacksChangjiang Li, Ren Pang, Bochuan Cao, Zhaohan Xi, Jinghui Chen, Shouling Ji, Ting Wang 0006. [doi]
- Vulnerability-oriented Testing for RESTful APIsWenlong Du, Jian Li, Yanhao Wang, Libo Chen 0001, Ruijie Zhao 0001, JunMin Zhu, Zhengguang Han, Yijun Wang, Zhi Xue. [doi]
- RADIUS/UDP Considered HarmfulSharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens 0001, Adam Suhl. [doi]
- Leakage-Abuse Attacks Against Structured Encryption for SQLAlexander Hoover, Ruth Ng, Daren Khu, Yao'an Li, Joelle Lim, Derrick Ng, Jed Lim, Yiyang Song. [doi]
- Scalable Multi-Party Computation Protocols for Machine Learning in the Honest-Majority SettingFengrun Liu, Xiang Xie, Yu Yu 0001. [doi]
- Machine Learning needs Better Randomness Standards: Randomised Smoothing and PRNG-based attacksPranav Dahiya, Ilia Shumailov, Ross Anderson 0001. [doi]
- On the Criticality of Integrity Protection in 5G Fronthaul NetworksJiarong Xing, Sophia Yoo, Xenofon Foukas, Daehyeok Kim, Michael K. Reiter. [doi]
- NetShaper: A Differentially Private Network Side-Channel Mitigation SystemAmir Sabzi, Rut Vora, Swati Goswami, Margo I. Seltzer, Mathias Lécuyer, Aastha Mehta. [doi]
- DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge MappingCheng Huang 0003, Nannan Wang, Ziyan Wang, Siqi Sun, Lingzi Li, Junren Chen, Qianchong Zhao, Jiaxuan Han, Zhen Yang, Lei Shi. [doi]
- A Wolf in Sheep's Clothing: Practical Black-box Adversarial Attacks for Evading Learning-based Windows Malware Detection in the WildXiang Ling 0001, Zhiyu Wu, Bin Wang 0062, Wei Deng, JingZheng Wu, Shouling Ji, Tianyue Luo, Yanjun Wu. [doi]
- Argus: All your (PHP) Injection-sinks are belong to usRasoul Jahanshahi, Manuel Egele. [doi]
- Hijacking Attacks against Neural Network by Analyzing Training DataYunjie Ge, Qian Wang 0002, Huayang Huang, Qi Li 0002, Cong Wang 0001, Chao Shen 0001, Lingchen Zhao, Peipei Jiang 0002, Zheng Fang, Shenyi Zhang. [doi]
- Splitting the Difference on Adversarial TrainingMatan Levi, Aryeh Kontorovich. [doi]
- Formal Security Analysis of Widevine through the W3C EME StandardStéphanie Delaune, Joseph Lallemand, Gwendal Patat, Florian Roudot, Mohamed Sabt. [doi]
- Peep With A Mirror: Breaking The Integrity of Android App Sandboxing via Unprivileged Cache Side ChannelYan Lin 0003, Joshua Wong, Xiang Li, Haoyu Ma, Debin Gao. [doi]
- All Your Tokens are Belong to Us: Demystifying Address Verification Vulnerabilities in Solidity Smart ContractsTianle Sun, Ningyu He, Jiang Xiao, Yinliang Yue, Xiapu Luo, Haoyu Wang 0001. [doi]
- Rethinking the Invisible Protection against Unauthorized Image Usage in Stable DiffusionShengwei An, Lu Yan, Siyuan Cheng 0005, Guangyu Shen, Kaiyuan Zhang 0002, Qiuling Xu, Guanhong Tao 0001, Xiangyu Zhang 0001. [doi]
- Cryptographic Analysis of Delta ChatYuanming Song, Lenka Mareková, Kenneth G. Paterson. [doi]
- Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful FuzzingYibo Wang, Yuzhe Tang, Kai Li 0017, Wanning Ding, Zhihua Yang. [doi]
- SoK: All You Need to Know About On-Device ML Model Extraction - The Gap Between Research and PracticeTushar Nayan, Qiming Guo, Mohammed Alduniawi, Marcus Botacin, A. Selcuk Uluagac, Ruimin Sun. [doi]
- SIMurai: Slicing Through the Complexity of SIM Card Security ResearchTomasz Piotr Lisowski, Merlin Chlosta, Jinjin Wang, Marius Muench. [doi]
- FEASE: Fast and Expressive Asymmetric Searchable EncryptionLong Meng, Liqun Chen 0002, Yangguang Tian, Mark Manulis, Suhui Liu. [doi]
- CalcuLatency: Leveraging Cross-Layer Network Latency Measurements to Detect Proxy-Enabled AbuseReethika Ramesh, Philipp Winter, Sam Korman, Roya Ensafi. [doi]
- Formal verification of the PQXDH Post-Quantum key agreement protocol for end-to-end secure messagingKarthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer, Rolfe Schmidt. [doi]
- D-Helix: A Generic Decompiler Testing Framework Using Symbolic DifferentiationMuqi Zou, Arslan Khan, Ruoyu Wu, Han Gao, Antonio Bianchi, Dave (Jing) Tian. [doi]
- What Was Your Prompt? A Remote Keylogging Attack on AI AssistantsRoy Weiss, Daniel Ayzenshteyn, Guy Amit, Yisroel Mirsky. [doi]
- MetaSafe: Compiling for Protecting Smart Pointer Metadata to Ensure Safe Rust IntegrityMartin Kayondo, Inyoung Bang, Yeongjun Kwak, Hyungon Moon, Yunheung Paek. [doi]
- Security and Privacy Analysis of Samsung's Crowd-Sourced Bluetooth Location Tracking SystemTingfeng Yu, James Henderson, Alwen Tiu, Thomas Haines. [doi]
- SeaK: Rethinking the Design of a Secure Allocator for OS KernelZiCheng Wang, Yicheng Guang, Yueqi Chen 0001, Zhenpeng Lin, Michael V. Le, Dang K. Le, Dan Williams 0001, Xinyu Xing, Zhongshu Gu, Hani Jamjoom. [doi]
- CacheWarp: Software-based Fault Injection using Selective State ResetRuiyi Zhang, Lukas Gerlach 0001, Daniel Weber 0007, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz 0001. [doi]
- DNN-GP: Diagnosing and Mitigating Model's Faults Using Latent ConceptsShuo Wang, Hongsheng Hu, Jiamin Chang, Benjamin Zi Hao Zhao, Qi Alfred Chen, Minhui Xue. [doi]
- DPAdapter: Improving Differentially Private Deep Learning through Noise Tolerance Pre-trainingZihao Wang, Rui Zhu, Dongruo Zhou, Zhikun Zhang, John Mitchell, Haixu Tang, Xiaofeng Wang 0001. [doi]
- A Decade of Privacy-Relevant Android App Reviews: Large Scale TrendsOmer Akgul, Sai Teja Peddinti, Nina Taft, Michelle L. Mazurek, Hamza Harkous, Animesh Srivastava, Benoit Seguin. [doi]
- Co-Designing a Mobile App for Bystander Privacy Protection in Jordanian Smart Homes: A Step Towards Addressing a Complex Privacy LandscapeWael S. Albayaydh, Ivan Flechais. [doi]
- False Claims against Model Ownership ResolutionJian Liu, Rui Zhang, Sebastian Szyller, Kui Ren 0001, N. Asokan. [doi]
- EL3XIR: Fuzzing COTS Secure MonitorsChristian Lindenmeier, Mathias Payer, Marcel Busch. [doi]
- CARDSHARK: Understanding and Stablizing Linux Kernel Concurrency Bugs Against the OddsTianshuo Han, Xiaorui Gong, Jian Liu 0008. [doi]
- A Taxonomy of C Decompiler Fidelity IssuesLuke Dramko, Jeremy Lacomis, Edward J. Schwartz, Bogdan Vasilescu, Claire Le Goues. [doi]
- Election Eligibility with OpenID: Turning Authentication into Transferable Proof of EligibilityVéronique Cortier, Alexandre Debant, Anselme Goetschmann, Lucca Hirschi. [doi]
- Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding EcosystemHarry Eldridge, Gabrielle Beck, Matthew Green 0001, Nadia Heninger, Abhishek Jain 0002. [doi]
- CAMP: Compositional Amplification Attacks against DNSHuayi Duan, Marco Bearzi, Jodok Vieli, David A. Basin, Adrian Perrig, Si Liu 0003, Bernhard Tellenbach. [doi]
- With Great Power Come Great Side Channels: Statistical Timing Side-Channel Analyses with Bounded Type-1 ErrorsMartin Dunsche, Marcel Maehren, Nurullah Erinola, Robert Merget, Nicolai Bissantz, Juraj Somorovsky, Jörg Schwenk. [doi]
- Reconstructing training data from document understanding modelsJérémie Dentan, Arnaud Paran, Aymen Shabou. [doi]
- Practical Data-Only Attack GenerationBrian Johannesmeyer, Asia Slowinska, Herbert Bos, Cristiano Giuffrida. [doi]
- The Imitation Game: Exploring Brand Impersonation Attacks on Social Media PlatformsBhupendra Acharya, Dario Lazzaro, Efrén López-Morales, Adam Oest, Muhammad Saad 0001, Antonio Emanuele Cinà, Lea Schönherr, Thorsten Holz. [doi]
- ENG25519: Faster TLS 1.3 handshake using optimized X25519 and Ed25519Jipeng Zhang, Junhao Huang, Lirui Zhao, Donglong Chen, Çetin Kaya Koç. [doi]
- Racing on the Negative Force: Efficient Vulnerability Root-Cause Analysis through Reinforcement Learning on CounterexamplesDandan Xu, Di Tang, Yi Chen, Xiaofeng Wang 0001, Kai Chen 0012, Haixu Tang, Longxing Li. [doi]
- K-Waay: Fast and Deniable Post-Quantum X3DH without Ring SignaturesDaniel Collins 0001, Loïs Huguenin-Dumittan, Ngoc Khanh Nguyen, Nicolas Rolin, Serge Vaudenay. [doi]
- GPU Memory Exploitation for Fun and ProfitYanan Guo 0002, Zhenkai Zhang, Jun Yang 0002. [doi]
- A Binary-level Thread Sanitizer or Why Sanitizing on the Binary Level is HardJoschua Schilling, Andreas Wendler, Philipp Görz, Nils Bars, Moritz Schloegel, Thorsten Holz. [doi]
- How does Endpoint Detection use the MITRE ATT&CK Framework?Apurva Virkud, Muhammad Adil Inam, Andy Riddle, Jason Liu 0002, Gang Wang 0011, Adam Bates 0001. [doi]
- Scalable Private Set Union, with Stronger SecurityYanxue Jia, Shi-Feng Sun 0001, Hong-Sheng Zhou, Dawu Gu. [doi]
- Eye of Sauron: Long-Range Hidden Spy Camera Detection and Positioning with Inbuilt Memory EM RadiationQibo Zhang, Daibo Liu, Xinyu Zhang, Zhichao Cao 0001, FanZi Zeng, Hongbo Jiang 0001, Wenqiang Jin. [doi]
- UBA-Inf: Unlearning Activated Backdoor Attack with Influence-Driven CamouflageZirui Huang, Yunlong Mao, Sheng Zhong 0002. [doi]
- DMAAUTH: A Lightweight Pointer Integrity-based Secure Architecture to Defeat DMA AttacksXingkai Wang, Wenbo Shen, Yujie Bu, Jinmeng Zhou, Yajin Zhou. [doi]
- The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with ExpertsKonstantin Fischer, Ivana Trummová, Phillip Gajland, Yasemin Acar, Sascha Fahl, M. Angela Sasse. [doi]
- AE-Morpher: Improve Physical Robustness of Adversarial Objects against LiDAR-based Detectors via Object ReconstructionShenchen Zhu, Yue Zhao, Kai Chen 0012, Bo Wang, Hualong Ma, Cheng'an Wei. [doi]
- Abuse Reporting for Metadata-Hiding Communication Based on Secret SharingSaba Eskandarian. [doi]
- Tossing in the Dark: Practical Bit-Flipping on Gray-box Deep Neural Networks for Runtime Trojan InjectionZihao Wang, Di Tang, Xiaofeng Wang 0001, Wei He, Zhaoyang Geng, Wenhao Wang 0001. [doi]
- Unpacking Privacy Labels: A Measurement and Developer Perspective on Google's Data Safety SectionRishabh Khandelwal, Asmit Nayak, Paul Chung, Kassem Fawaz. [doi]
- A Friend's Eye is A Good Mirror: Synthesizing MCU Peripheral Models from Peripheral DriversChongqing Lei, Zhen Ling, Yue Zhang, Yan Yang, Junzhou Luo, Xinwen Fu. [doi]
- An Interview Study on Third-Party Cyber Threat Hunting Processes in the U.S. Department of Homeland SecurityWilliam P. Maxam III, James C. Davis 0001. [doi]
- Less Defined Knowledge and More True Alarms: Reference-based Phishing Detection without a Pre-defined Reference ListRuofan Liu, Yun Lin 0001, Xiwen Teoh, Gongshen Liu, Zhiyong Huang, Jin Song Dong. [doi]