USENIX Security 25 Cycle1共录用论文245篇。
AidFuzzer: Adaptive Interrupt-Driven Firmware Fuzzing via Run-Time State Recognition
Jianqiang Wang, CISPA Helmholtz Center for Information Security; Qinying Wang, Zhejiang University; Tobias Scharnowski, CISPA Helmholtz Center for Information Security; Li Shi, ETH Zurich; Simon Woerner and Thorsten Holz, CISPA Helmholtz Center for Information Security
DP-BREM: Differentially-Private and Byzantine-Robust Federated Learning with Client Momentum
Xiaolan Gu and Ming Li, University of Arizona; Li Xiong, Emory University
Am I Infected? Lessons from Operating a Large-Scale IoT Security Diagnostic Service
Takayuki Sasaki, Tomoya Inazawa, and Youhei Yamaguchi, Yokohama National University; Simon Parkin and Michel van Eeten, Delft University of Technology/Yokohama National University; Katsunari Yoshioka and Tsutomu Matsumoto, Yokohama National University
A Thorough Security Analysis of BLE Proximity Tracking Protocols
Xiaofeng Liu, School of Cyber Science and Technology, Shandong University; Chaoshun Zuo, Ohio State University; Qinsheng Hou, School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University; Pengcheng Ren, China Mobile Information Technology Co., Ltd.; Jianliang Wu, Simon Fraser University; Qingchuan Zhao, City University of Hong Kong; Shanqing Guo, School of Cyber Science and Technology, Shandong University & Shandong Key Laboratory of Artificial Intelligence Security
'Hey mum, I dropped my phone down the toilet': Investigating Hi Mum and Dad SMS Scams in the United Kingdom
Sharad Agarwal, University College London (UCL), Stop Scams UK; Emma Harvey, Stop Scams UK; Enrico Mariconti, University College London (UCL); Guillermo Suarez-Tangil, IMDEA Networks Institute; Marie Vasek, University College London (UCL)
Lost in Translation: Enabling Confused Deputy Attacks on EDA Software with TransFuzz
Flavien Solt and Kaveh Razavi, ETH Zurich
Universal Cross-app Attacks: Exploiting and Securing OAuth 2.0 in Integration Platforms
Kaixuan Luo and Xianbo Wang, The Chinese University of Hong Kong; Pui Ho Adonis Fung, Samsung Research America; Wing Cheong Lau, The Chinese University of Hong Kong; Julien Lecomte, Samsung Research America
NeuroScope: Reverse Engineering Deep Neural Network on Edge Devices using Dynamic Analysis
Ruoyu Wu and Muqi Zou, Purdue University; Arslan Khan and Taegyu Kim, Pennsylvania State University; Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi, Purdue University
As Advertised? Understanding the Impact of Influencer VPN Ads
Omer Akgul, University of Maryland/Carnegie Mellon University; Richard Roberts, Emma Shroyer, Dave Levin, and Michelle L. Mazurek, University of Maryland
LOHEN: Layer-wise Optimizations for Neural Network Inferences over Encrypted Data with High Performance or Accuracy
Kevin Nam, Youyeon Joo, Dongju Lee, and Seungjin Ha, Seoul National University; Hyunyoung Oh, Gachon University; Hyungon Moon, UNIST; Yunheung Paek, Seoul National University
StruQ: Defending Against Prompt Injection with Structured Queries
Sizhe Chen, Julien Piet, Chawin Sitawarin, and David Wagner, UC Berkeley
The Conspiracy Money Machine: Uncovering Telegram's Conspiracy Channels and their Profit Model
Vincenzo Imperati, Massimo La Morgia, Alessandro Mei, Alberto Maria Mongardini, and Francesco Sassi, Sapienza University of Rome
SoK: An Introspective Analysis of RPKI Security
Donika Mirdita, Technical University Darmstadt, ATHENE; Haya Schulmann, Goethe-University Frankfurt, ATHENE; Michael Waidner, Technical University Darmstadt, ATHENE
Haunted by Legacy: Discovering and Exploiting Vulnerable Tunnelling Hosts
Angelos Beitis and Mathy Vanhoef, DistriNet, KU Leuven
TimeTravel: Real-time Timing Drift Attack on System Time Using Acoustic Waves
Jianshuo Liu and Hong Li, Institute of Information Engineering, Chinese Academy of Sciences; Haining Wang, Virginia Tech; Mengjie Sun, Hui Wen, Jinfa Wang, and Limin Sun, Institute of Information Engineering, Chinese Academy of Sciences
"I'm regretting that I hit run": In-situ Assessment of Potential Malware
Brandon Lit, Edward Crowder, and Hassan Khan, University of Guelph; Daniel Vogel, University of Waterloo
Towards Understanding and Enhancing Security of Proof-of-Training for DNN Model Ownership Verification
Yijia Chang and Hanrui Jiang, The Hong Kong University of Science and Technology (Guangzhou); Chao Lin, Fujian Normal University; Xinyi Huang and Jian Weng, Jinan University
DiskSpy: Exploring a Long-Range Covert-Channel Attack via mmWave Sensing of μm-level HDD Vibrations
Weiye Xu, Zhejiang University; China Mobile Research Institute; Danli Wen, Zhejiang University; Jianwei Liu, Zhejiang University; Hangzhou City University; Zixin Lin, Zhejiang University; Yuanqing Zheng, The Hong Kong Polytechnic University; Xian Xu and Jinsong Han, Zhejiang University
Task-Oriented Training Data Privacy Protection for Cloud-based Model Training
Zhiqiang Wang, Jiahui Hou, Haifeng Sun, Jingmiao Zhang, Yunhao Yao, Haikuo Yu, and Xiang-Yang Li, University of Science and Technology of China
The Ghost Navigator: Revisiting the Hidden Vulnerability of Localization in Autonomous Driving
Junqi Zhang, University of Science and Technology of China; Shaoyin Cheng, University of Science and Technology of China and Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation; Linqing Hu, University of Science and Technology of China; Jie Zhang, CFAR and IHPC, A*STAR; Chengyu Shi, DeepBlue College; Xingshuo Han and Tianwei Zhang, Nanyang Technological University; Yueqiang Cheng, MediaTek; Weiming Zhang, University of Science and Technology of China and Anhui Province Key Laboratory of Digital Security
Patching Up: Stakeholder Experiences of Security Updates for Connected Medical Devices
Lorenz Kustosch, Carlos Gañán, Michel van Eeten, and Simon Parkin, TU Delft
Seeing Through: Analyzing and Attacking Virtual Backgrounds in Video Calls
Felix Weissberg, BIFOLD & TU Berlin; Jan Malte Hilgefort and Steve Grogorick, TU Braunschweig; Daniel Arp, TU Wien; Thorsten Eisenhofer, BIFOLD & TU Berlin; Martin Eisemann, TU Braunschweig; Konrad Rieck, BIFOLD & TU Berlin
Dorami: Privilege Separating Security Monitor on RISC-V TEEs
Mark Kuhne, ETH Zurich; Stavros Volos, Azure Research, Microsoft; Shweta Shinde, ETH Zurich
A Stakeholder-Based Framework to Highlight Tensions when Implementing Privacy Features
Julia Netter, Tim Nelson, Skyler Austen, Eva Lau, Colton Rusch, Malte Schwarzkopf, and Kathi Fisler, Brown University
BarraCUDA: Edge GPUs do Leak DNN Weights
Peter Horvath, Radboud University; Lukasz Chmielewski, Masaryk University, Radboud University; Léo Weissbart and Lejla Batina, Radboud University; Yuval Yarom, Ruhr University Bochum
PoisonedRAG: Knowledge Corruption Attacks to Retrieval-Augmented Generation of Large Language Models
Wei Zou and Runpeng Geng, Pennsylvania State University; Binghui Wang, Illinois Institute of Technology; Jinyuan Jia, Pennsylvania State University
SoK: A Security Architect's View of Printed Circuit Board Attacks
Jacob Harrison, Bloomberg L.P.; Nathan Jessurun, Terraverum; Mark Tehranipoor, University of Florida
Predictive Response Optimization: Using Reinforcement Learning to Fight Online Social Network Abuse
Garrett Wilson, Geoffrey Goh, Yan Jiang, Ajay Gupta, Jiaxuan Wang, David Freeman, and Francesco Dinuzzo, Meta Platforms, Inc.
Privacy Law Enforcement Under Centralized Governance: A Qualitative Analysis of Four Years' Special Privacy Rectification Campaigns
Tao Jing, School of Cyber Science and Engineering, Huazhong University of Science and Technology, JinYinHu Laboratory, Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security; Yao Li and Jingzhou Ye, University of Central Florida; Jie Wang, School of Cyber Science and Engineering, Huazhong University of Science and Technology, JinYinHu Laboratory, Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security; Xueqiang Wang, University of Central Florida
SpeechGuard: Recoverable and Customizable Speech Privacy Protection
Jingmiao Zhang, Suyuan Liu, Jiahui Hou, Zhiqiang Wang, Haikuo Yu, and Xiang-Yang Li, University of Science and Technology of China
Thunderdome: Timelock-Free Rationally-Secure Virtual Channels
Zeta Avarikioti, TU Wien & Common Prefix; Yuheng Wang, TU Wien; Yuyi Wang, CRRC Zhuzhou Institute & Tengen Intelligence Institute
Robustifying ML-powered Network Classifiers with PANTS
Minhao Jin and Maria Apostolaki, Princeton University
GraphAce: Secure Two-Party Graph Analysis Achieving Communication Efficiency
Jiping Yu, Tsinghua University and Ant Group; Kun Chen, Ant Group; Yunyi Chen and Xiaoyu Fan, Tsinghua University and Ant Group; Xiaowei Zhu and Cheng Hong, Ant Group; Wenguang Chen, Tsinghua University and Ant Group
Dormant: Defending against Pose-driven Human Image Animation
Jiachen Zhou and Mingsi Wang, Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China; Tianlin Li, Nanyang Technological University, Singapore; Guozhu Meng and Kai Chen, Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China
PAPILLON: Efficient and Stealthy Fuzz Testing-Powered Jailbreaks for LLMs
Xueluan Gong, Nanyang Technological University; Mingzhe Li, Yilin Zhang, and Fengyuan Ran, Wuhan University; Chen Chen, Nanyang Technological University; Yanjiao Chen, Zhejiang University; Qian Wang, Wuhan University; Kwok-Yan Lam, Nanyang Technological University
BulletCT: Towards More Scalable Ring Confidential Transactions With Transparent Setup
Nan Wang, CSIRO's Data61, Australia; Qianhui Wang, University of Cambridge; Dongxi Liu, CSIRO's Data61, Australia; Muhammed F. Esgin, Monash University; Alsharif Abuadbba, CSIRO's Data61, Australia
Further Study on Frequency Estimation under Local Differential Privacy
Huiyu Fang, Liquan Chen, and Suhui Liu, Southeast University
Fuzzing the PHP Interpreter via Dataflow Fusion
Yuancheng Jiang, Chuqi Zhang, Bonan Ruan, Jiahao Liu, Manuel Rigger, Roland H. C. Yap, and Zhenkai Liang, National University of Singapore
Distinguished Paper Award Winner
Enabling Low-Cost Secure Computing on Untrusted In-Memory Architectures
Sahar Ghoflsaz Ghinani, Jingyao Zhang, and Elaheh Sadredini, University of California, Riverside
Distributional Private Information Retrieval
Ryan Lehmkuhl, Alexandra Henzinger, and Henry Corrigan-Gibbs, MIT
A limited technical background is sufficient for attack-defense tree acceptability
Nathan Daniel Schiele and Olga Gadyatskaya, Leiden University
Finding Metadata Inconsistencies in Distributed File Systems via Cross-Node Operation Modeling
Fuchen Ma, Yuanliang Chen, Yuanhang Zhou, and Zhen Yan, Tsinghua University; Hao Sun, ETH Zurich; Yu Jiang, Tsinghua University
Lemon: Network-Wide DDoS Detection with Routing-Oblivious Per-Flow Measurement
Wenhao Wu, Zhenyu Li, and Xilai Liu, Institute of Computing Technology, Chinese Academy of Sciences; University of Chinese Academy of Sciences; Zhaohua Wang and Heng Pan, Computer Network Information Center, Chinese Academy of Sciences; Guangxing Zhang, Institute of Computing Technology, Chinese Academy of Sciences; Gaogang Xie, Computer Network Information Center, Chinese Academy of Sciences; University of Chinese Academy of Sciences
ORTHRUS: Achieving High Quality of Attribution in Provenance-based Intrusion Detection Systems
Baoxiang Jiang, Xi'an Jiaotong University; Tristan Bilot, Université Paris-Saclay, LISITE– Isep, and Iriguard; Nour El Madhoun, LISITE – Isep; Khaldoun Al Agha, Université Paris-Saclay; Anis Zouaoui, Iriguard; Shahrear Iqbal, National Research Council Canada; Xueyuan Han, Wake Forest University; Thomas Pasquier, University of British Columbia
Serverless Functions Made Confidential and Efficient with Split Containers
Jiacheng Shi, Jinyu Gu, Yubin Xia, and Haibo Chen, Shanghai Jiao Tong University
BlueGuard: Accelerated Host and Guest Introspection Using DPUs
Meni Orenbach, Rami Ailabouni, and Nael Masalha, NVIDIA; Thanh Nguyen, unaffiliated; Ahmad Saleh, Frank Block, Fritz Alder, Ofir Arkin, and Ahmad Atamli, NVIDIA
Harness: Transparent and Lightweight Protection of Vehicle Control on Untrusted Android Automotive Operating System
Haochen Gong, Siyu Hong, Shenyi Yang, Rui Chang, Wenbo Shen, Ziqi Yuan, Chenyang Yu, and Yajin Zhou, Zhejiang University
"I'm trying to learn…and I'm shooting myself in the foot": Beginners' Struggles When Solving Binary Exploitation Exercises
James Mattei, Christopher Pellegrini, and Matthew Soto, Tufts University; Marina Sanusi Bohuk, MetaCTF; Daniel Votipka, Tufts University
Not so Refreshing: Attacking GPUs using RFM Rowhammer Mitigation
Ravan Nazaraliyev and Yicheng Zhang, University of California, Riverside; Sankha Baran Dutta, Brookhaven National Laboratory; Andres Marquez and Kevin Barker, Pacific Northwest National Laboratory; Nael Abu-Ghazaleh, University of California, Riverside
Arbitrary-Threshold Fully Homomorphic Encryption with Lower Complexity
Yijia Chang, The Hong Kong University of Science and Technology; Songze Li, Southeast University
The Silent Danger in HTTP: Identifying HTTP Desync Vulnerabilities with Gray-box Testing
Keran Mu, Tsinghua University; Jianjun Chen, Jianwei Zhuge, Qi Li, and Haixin Duan, Tsinghua University; Zhongguancun Laboratory; Nick Feamster, University of Chicago
Web Execution Bundles: Reproducible, Accurate, and Archivable Web Measurements
Florian Hantke, CISPA Helmholtz Center for Information Security; Peter Snyder, Brave Software; Hamed Haddadi, Imperial College London & Brave Software; Ben Stock, CISPA Helmholtz Center for Information Security
RangeSanitizer: Detecting Memory Errors with Efficient Range Checks
Floris Gorter and Cristiano Giuffrida, Vrije Universiteit Amsterdam
Efficient Ranking, Order Statistics, and Sorting under CKKS
Federico Mazzone, University of Twente; Maarten Everts, University of Twente and Linksight; Florian Hahn, University of Twente; Andreas Peter, Carl von Ossietzky Universität Oldenburg
Principled and Automated Approach for Investigating AR/VR Attacks
Muhammad Shoaib, Alex Suh, and Wajih Ul Hassan, University of Virginia
SoK: Come Together – Unifying Security, Information Theory, and Cognition for a Mixed Reality Deception Attack Ontology & Analysis Framework
Ali Teymourian and Andrew M. Webb, Division of Computer Science & Engineering, Louisiana State University; Taha Gharaibeh, Division of Computer Science & Engineering, Baggil(i) Truth (BiT) Lab, Center for Computation and Technology, Louisiana State University; Arushi Ghildiyal, Division of Computer Science & Engineering, Louisiana State University; Ibrahim Baggili, Division of Computer Science & Engineering, Baggil(i) Truth (BiT) Lab, Center for Computation and Technology, Louisiana State University
PICACHV: Formally Verified Data Use Policy Enforcement for Secure Data Analytics
Haobin Hiroki Chen and Hongbo Chen, Indiana University Bloomington; Mingshen Sun, Independent Researcher; Chenghong Wang, Indiana University Bloomington; XiaoFeng Wang, Nanyang Technological University
I Can Tell Your Secrets: Inferring Privacy Attributes from Mini-app Interaction History in Super-apps
Yifeng Cai, Peking University; Ziqi Zhang, University of Illinois Urbana-Champaign; Mengyu Yao and Junlin Liu, Peking University; Xiaoke Zhao, Xinyi Fu, Ruoyu Li, and Zhe Li, Ant Group; Xiangqun Chen, Yao Guo, and Ding Li, Peking University
ALERT: Machine Learning-Enhanced Risk Estimation for Databases Supporting Encrypted Queries
Longxiang Wang, City University of Hong Kong; Lei Xu, Nanjing University of Science and Technology and City University of Hong Kong; Yufei Chen, City University of Hong Kong; Ying Zou, Nanjing University of Science and Technology; Cong Wang, City University of Hong Kong
Security Implications of Malicious G-Codes in 3D Printing
Jost Rossel, Paderborn University; Vladislav Mladenov, Ruhr University Bochum; Nico Wördenweber and Juraj Somorovsky, Paderborn University
Detecting Compromise of Passkey Storage on the Cloud
Mazharul Islam, University of Wisconsin—Madison; Sunpreet S. Arora, Visa Research; Rahul Chatterjee, University of Wisconsin—Madison; Ke Coby Wang, Visa Research
Secure Caches for Compartmentalized Software
Kerem Arıkan, Huaxin Tang, Williams Zhang Cen, and Yu David Liu, Binghamton University; Nael Abu-Ghazaleh, University of California, Riverside; Dmitry Ponomarev, Binghamton University
An Industry Interview Study of Software Signing for Supply Chain Security
Kelechi G. Kalu, Tanmay Singla, Chinenye Okafor, Santiago Torres-Arias, and James C. Davis, Purdue University
SparSamp: Efficient Provably Secure Steganography Based on Sparse Sampling
Yaofei Wang, Hefei University of Technology; Gang Pei, Hefei University Of Technology; Kejiang Chen and Jinyang Ding, University of Science and Technology of China; Chao Pan, Weilong Pang, and Donghui Hu, Hefei University of Technology; Weiming Zhang, University of Science and Technology of China
TLBlur: Compiler-Assisted Automated Hardening against Controlled Channels on Off-the-Shelf Intel SGX Platforms
Daan Vanoverloop, DistriNet, KU Leuven; Andrés Sánchez, EPFL, Amazon; Flavio Toffalini, EPFL, RUB; Frank Piessens, DistriNet, KU Leuven; Mathias Payer, EPFL; Jo Van Bulck, DistriNet, KU Leuven
Characterizing and Detecting Propaganda-Spreading Accounts on Telegram
Klim Kireev, EPFL, MPI-SP Max Plank Institute for Security and Privacy; Yevhen Mykhno, unaffiliated; Carmela Troncoso, EPFL, MPI-SP Max Plank Institute for Security and Privacy; Rebekah Overdorf, Ruhr University Bochum (RUB), Research Center Trustworthy Data Science and Security in University Alliance Ruhr, University of Lausanne
Distinguished Paper Award Winner
Nothing is Unreachable: Automated Synthesis of Robust Code-Reuse Gadget Chains for Arbitrary Exploitation Primitives
Nicolas Bailluet, Univ Rennes, Inria, CNRS, IRISA; Emmanuel Fleury, Univ Bordeaux, CNRS, LaBRI; Isabelle Puaut and Erven Rohou, Univ Rennes, Inria, CNRS, IRISA
Distinguished Artifact Award Winner
HyTrack: Resurrectable and Persistent Tracking Across Android Apps and the Web
Malte Wessels, Simon Koch, Jan Drescher, Louis Bettels, David Klein, and Martin Johns, TU Braunschweig
BLens: Contrastive Captioning of Binary Functions using Ensemble Embedding
Tristan Benoit, Ludwig-Maximilians-Universität München and Bundeswehr University Munich; Yunru Wang, Moritz Dannehl, and Johannes Kinder, Ludwig-Maximilians-Universität München and Munich Center for Machine Learning
Fighting Fire with Fire: Continuous Attack for Adversarial Android Malware Detection
Yinyuan Zhang, School of Computer Science, Peking University; Key Laboratory of High Confidence Software Technologys (Peking University), Ministry of Education; Cuiying Gao, Huazhong University of Science and Technology; JD.com; Yueming Wu, Nanyang Technological University; Shihan Dou, Fudan University; Cong Wu, Nanyang Technological University; Ying Zhang, Key Laboratory of High Confidence Software Technologys (Peking University), Ministry of Education; National Engineering Research Center of Software Engineering, Peking University; Wei Yuan, Huazhong University of Science and Technology; Yang Liu, Nanyang Technological University
PoiSAFL: Scalable Poisoning Attack Framework to Byzantine-resilient Semi-asynchronous Federated Learning
Xiaoyi Pang, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security; Chenxu Zhao, The State Key Laboratory of Blockchain and Data Security and School of Cyber Science and Technology, Zhejiang University; Zhibo Wang, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security; Jiahui Hu, The State Key Laboratory of Blockchain and Data Security and School of Cyber Science and Technology, Zhejiang University; Yinggui Wang, Lei Wang, and Tao Wei, Ant Group; Kui Ren and Chun Chen, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security
Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea
Taisic Yun, Theori Inc., KAIST; Suhwan Jeong, KAIST; Yonghwa Lee, Theori Inc.; Seungjoo Kim, Korea University; Hyoungshick Kim, Sungkyunkwan University; Insu Yun and Yongdae Kim, KAIST
"Threat modeling is very formal, it's very technical, and also very hard to do correctly": Investigating Threat Modeling Practices in Open-Source Software Projects
Harjot Kaur, CISPA Helmholtz Center for Information Security; Carson Powers and Ronald E. Thompson III, Tufts University; Sascha Fahl, CISPA Helmholtz Center for Information Security; Daniel Votipka, Tufts University
JBShield: Defending Large Language Models from Jailbreak Attacks through Activated Concept Analysis and Manipulation
Shenyi Zhang and Yuchen Zhai, Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University; Keyan Guo and Hongxin Hu, University at Buffalo; Shengnan Guo, Zheng Fang, and Lingchen Zhao, Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University; Chao Shen, Xi'an Jiaotong University; Cong Wang, City University of Hong Kong; Qian Wang, Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University
Onions Got Puzzled: On the Challenges of Mitigating Denial-of-Service Problems in Tor Onion Services
Jinseo Lee, Hobin Kim, and Min Suk Kang, KAIST
When Good Kernel Defenses Go Bad: Reliable and Stable Kernel Exploits via Defense-Amplified TLB Side-Channel Leaks
Lukas Maar, Lukas Giner, Daniel Gruss, and Stefan Mangard, Graz University of Technology
OneTouch: Effortless 2FA Scheme to Secure Fingerprint Authentication with Wearable OTP Token
Yihui Yan and Zhice Yang, ShanghaiTech University
Phantom Trails: Practical Pre-Silicon Discovery of Transient Data Leaks
Alvise de Faveri Tron, Raphael Isemann, Hany Ragab, Cristiano Giuffrida, Klaus von Gleissenthall, and Herbert Bos, Vrije Universiteit Amsterdam
THEMIS: Towards Practical Intellectual Property Protection for Post-Deployment On-Device Deep Learning Models
Yujin Huang, The University of Melbourne; Zhi Zhang, The University of Western Australia; Qingchuan Zhao, City University of Hong Kong; Xingliang Yuan, The University of Melbourne; Chunyang Chen, Technical University of Munich
PATCHAGENT: A Practical Program Repair Agent Mimicking Human Expertise
Zheng Yu, Ziyi Guo, Yuhang Wu, and Jiahao Yu, Northwestern University; Meng Xu, University of Waterloo; Dongliang Mu, Independent Researcher; Yan Chen and Xinyu Xing, Northwestern University
Beyond Statistical Estimation: Differentially Private Individual Computation via Shuffling
Shaowei Wang and Changyu Dong, Guangzhou University; Xiangfu Song, National University of Singapore; Jin Li, Guangzhou University and Guangdong Key Laboratory of Blockchain Security (Guangzhou University); Zhili Zhou, Guangzhou University; Di Wang, King Abdullah University of Science and Technology (KAUST); Han Wu, University of Southampton
AudioMarkNet: Audio Watermarking for Deepfake Speech Detection
Wei Zong, Yang-Wai Chow, Willy Susilo, and Joonsang Baek, University of Wollongong; Seyit Camtepe, CSIRO Data61
Revisiting Training-Inference Trigger Intensity in Backdoor Attacks
Chenhao Lin, Chenyang Zhao, Shiwei Wang, Longtian Wang, Chao Shen, and Zhengyu Zhao, Xi'an Jiaotong University
Atkscopes: Multiresolution Adversarial Perturbation as a Unified Attack on Perceptual Hashing and Beyond
Yushu Zhang, Yuanyuan Sun, and Shuren Qi, Nanjing University of Aeronautics and Astronautics; Zhongyun Hua, Harbin Institute of Technology, Shenzhen; Wenying Wen and Yuming Fang, Jiangxi University of Finance and Economics
Improved Secure Two-party Computation from a Geometric Perspective
Hao Guo, School of Science and Engineering, The Chinese University of Hong Kong, Shenzhen; Liqiang Peng, Alibaba Group; Haiyang Xue, Singapore Management University; Li Peng and Weiran Liu, Alibaba Group; Zhe Liu, Zhejiang Lab; Lei Hu, Institute of Information Engineering, Chinese Academy of Sciences
SafeSpeech: Robust and Universal Voice Protection Against Malicious Speech Synthesis
Zhisheng Zhang, Beijing University of Posts and Telecommunications; Derui Wang, CSIRO's Data61; Qianyi Yang, Pengyang Huang, and Junhan Pu, Beijing University of Posts and Telecommunications; Yuxin Cao, National University of Singapore; Kai Ye, The University of Hong Kong; Jie Hao and Yixian Yang, Beijing University of Posts and Telecommunications
Stack Overflow Meets Replication: Security Research Amid Evolving Code Snippets
Alfusainey Jallow, CISPA Helmholtz Center for Information Security and Saarland University; Sven Bugiel, CISPA Helmholtz Center for Information Security
The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks
Xinhui Shao and Zhen Ling, Southeast University; Yue Zhang, Drexel University; Huaiyu Yan and Yumeng Wei, Southeast University; Lan Luo and Zixia Liu, Anhui University of Technology; Junzhou Luo, Southeast University; Xinwen Fu, University of Massachusetts Lowell
Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection
Matej Bölcskei, Flavien Solt, Katharina Ceesay-Seitz, and Kaveh Razavi, ETH Zurich
Distinguished Artifact Award Winner
Deanonymizing Ethereum Validators: The P2P Network Has a Privacy Issue
Lioba Heimbach and Yann Vonlanthen, ETH Zurich; Juan Villacis, University of Bern; Lucianna Kiffer, IMDEA Networks; Roger Wattenhofer, ETH Zurich
High Stakes, Low Certainty: Evaluating the Efficacy of High-Level Indicators of Compromise in Ransomware Attribution
Max van der Horst, Delft University of Technology; Ricky Kho, Sogeti; Olga Gadyatskaya, Leiden University; Michel Mollema, Northwave Cybersecurity; Michel Van Eeten and Yury Zhauniarovich, Delft University of Technology
Oblivious Digital Tokens
Mihael Liskij, ETH Zurich; Xuhua Ding, Singapore Management University; Gene Tsudik, UC Irvine; David Basin, ETH Zurich
V-ORAM: A Versatile and Adaptive ORAM Framework with Service Transformation for Dynamic Workloads
Bo Zhang and Helei Cui, Northwestern Polytechnical University; Xingliang Yuan, The University of Melbourne; Zhiwen Yu, Northwestern Polytechnical University and Harbin Engineering University; Bin Guo, Northwestern Polytechnical University
"That's my perspective from 30 years of doing this": An Interview Study on Practices, Experiences, and Challenges of Updating Cryptographic Code
Alexander Krause, Harjot Kaur, Jan H. Klemmer, Oliver Wiese, and Sascha Fahl, CISPA Helmholtz Center for Information Security
Double-Edged Shield: On the Fingerprintability of Customized Ad Blockers
Saiid El Hajj Chehade, EPFL; Ben Stock, CISPA Helmholtz Center for Information Security; Carmela Troncoso, EPFL and Max-Planck Institute for Security and Privacy (MPI-SP)
Provably Robust Multi-bit Watermarking for AI-generated Text
Wenjie Qu, Wengrui Zheng, Tianyang Tao, Dong Yin, Yanze Jiang, and Zhihua Tian, National University of Singapore; Wei Zou and Jinyuan Jia, Pennsylvania State University; Jiaheng Zhang, National University of Singapore
Evaluating LLM-based Personal Information Extraction and Countermeasures
Yupei Liu, The Pennsylvania State University; Yuqi Jia, Duke University; Jinyuan Jia, The Pennsylvania State University; Neil Zhenqiang Gong, Duke University
Websites' Global Privacy Control Compliance at Scale and over Time
Katherine Hausladen, Oliver Wang, and Sophie Eng, Wesleyan University; Jocelyn Wang, Princeton University; Francisca Wijaya, Matthew May, and Sebastian Zimmeck, Wesleyan University
LLMmap: Fingerprinting for Large Language Models
Dario Pasquini, RSAC Labs; Evgenios M. Kornaropoulos and Giuseppe Ateniese, George Mason University
Expert Insights into Advanced Persistent Threats: Analysis, Attribution, and Challenges
Aakanksha Saha, Technische Universität Wien; James Mattei, Tufts University; Jorge Blasco, Universidad Politécnica de Madrid; Lorenzo Cavallaro, University College London; Daniel Votipka, Tufts University; Martina Lindorfer, Technische Universität Wien
Evaluating the Effectiveness and Robustness of Visual Similarity-based Phishing Detection Models
Fujiao Ji and Kiho Lee, University of Tennessee, Knoxville; Hyungjoon Koo, Sungkyunkwan University; Wenhao You and Euijin Choo, University of Alberta; Hyoungshick Kim, Sungkyunkwan University; Doowon Kim, University of Tennessee, Knoxville
Flexway O-Sort: Enclave-Friendly and Optimal Oblivious Sorting
Tianyao Gu, Carnegie Mellon University and Oblivious Labs Inc.; Yilei Wang, Alibaba Cloud; Afonso Tinoco, Carnegie Mellon University and Oblivious Labs Inc.; Bingnan Chen and Ke Yi, HKUST; Elaine Shi, Carnegie Mellon University and Oblivious Labs Inc.
Tracking the Takes and Trajectories of English-Language News Narratives across Trustworthy and Worrisome Websites
Hans W. A. Hanley, Emily Okabe, and Zakir Durumeric, Stanford University
AKMA+: Security and Privacy-Enhanced and Standard-Compatible AKMA for 5G Communication
Yang Yang and Guomin Yang, Singapore Management University; Yingjiu Li, University of Oregon; Minming Huang, Singapore Management University; Zilin Shen and Imtiaz Karim, Purdue University; Ralf Sasse and David Basin, ETH Zurich; Elisa Bertino, Purdue University; Jian Weng, Jinan University; Hwee Hwa PANG and Robert H. Deng, Singapore Management University
SoK: On Gradient Leakage in Federated Learning
Jiacheng Du and Jiahui Hu, The State Key Laboratory of Blockchain and Data Security, Zhejiang University, P. R. China; Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security, P. R. China; and College of Computer Science and Electronic Engineering, Hunan University, P. R. China; Zhibo Wang, The State Key Laboratory of Blockchain and Data Security, Zhejiang University, P. R. China; Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security, P. R. China; Peng Sun, College of Computer Science and Electronic Engineering, Hunan University, P. R. China; Neil Gong, Department of Electrical and Computer Engineering, Duke University, USA; Kui Ren and Chun Chen, The State Key Laboratory of Blockchain and Data Security, Zhejiang University, P. R. China; Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security, P. R. China
AGNNCert: Defending Graph Neural Networks against Arbitrary Perturbations with Deterministic Certification
Jiate Li and Binghui Wang, Illinois Institute of Technology
Dumbo-MPC: Efficient Fully Asynchronous MPC with Optimal Resilience
Yuan Su, Xi'an Jiaotong University; Yuan Lu, Institute of Software Chinese Academy of Sciences; Jiliang Li, Xi'an Jiaotong University; Yuyi Wang, CRRC Zhuzhou Institute; Chengyi Dong, Xi'an Jiaotong University; Qiang Tang, The University of Sydney
zkGPT: An Efficient Non-interactive Zero-knowledge Proof Framework for LLM Inference
Wenjie Qu, National University of Singapore; Yijun Sun, Hong Kong University of Science and Technology; Xuanming Liu, Tao Lu, and Yanpei Guo, National University of Singapore; Kai Chen, Hong Kong University of Science and Technology; Jiaheng Zhang, National University of Singapore
CAMP in the Odyssey: Provably Robust Reinforcement Learning with Certified Radius Maximization
Derui Wang, Kristen Moore, Diksha Goel, and Minjune Kim, CSIRO's Data61 and Cyber Security Cooperative Research Centre; Gang Li, Yang Li, and Robin Doss, Deakin University; Minhui Xue, CSIRO's Data61 and Cyber Security Cooperative Research Centre; Bo Li, University of Chicago; Seyit Camtepe, CSIRO's Data61 and Cyber Security Cooperative Research Centre; Liming Zhu, CSIRO's Data61
Gotta Detect 'Em All: Fake Base Station and Multi-Step Attack Detection in Cellular Networks
Kazi Samin Mubasshir, Imtiaz Karim, and Elisa Bertino, Purdue University
Achilles: A Formal Framework of Leaking Secrets from Signature Schemes via Rowhammer
Junkai Liang, Peking University; Zhi Zhang, The University of Western Australia; Xin Zhang and Qingni Shen, Peking University; Yansong Gao, The University of Western Australia; Xingliang Yuan, The University of Melbourne; Haiyang Xue and Pengfei Wu, Singapore Management University; Zhonghai Wu, Peking University
Who Pays Whom? Anonymous EMV-Compliant Contactless Payments
Charles Olivier-Anclin, Universite de Clermont Auvergne, LIMOS; INSA CVL, LIFO, Université d'Orléans, Inria; and be ys Pay; Ioana Boureanu, Liqun Chen, and C. J. P. Newton, Surrey Centre for Cyber Security, University of Surrey; Tom Chothia, Anna Clee, and Andreas Kokkinis, University of Birmingham; Pascal Lafourcade, Universite de Clermont Auvergne, LIMOS
Bundled Authenticated Key Exchange: A Concrete Treatment of Signal's Handshake Protocol and Post-Quantum Security
Keitaro Hashimoto, National Institute of Advanced Industrial Science and Technology (AIST); Shuichi Katsumata, National Institute of Advanced Industrial Science and Technology (AIST) and PQShield; Thom Wiggers, PQShield
SelfDefend: LLMs Can Defend Themselves against Jailbreaking in a Practical Manner
Xunguang Wang, Daoyuan Wu, Zhenlan Ji, Zongjie Li, Pingchuan Ma, and Shuai Wang, The Hong Kong University of Science and Technology; Yingjiu Li, University of Oregon; Yang Liu, Nanyang Technological University; Ning Liu, City University of Hong Kong; Juergen Rahmel, HSBC
Auspex: Unveiling Inconsistency Bugs of Transaction Fee Mechanism in Blockchain
Zheyuan He, University of Electronic Science and Technology of China; Zihao Li, The Hong Kong Polytechnic University; Jiahao Luo, University of Electronic Science and Technology of China; Feng Luo, The Hong Kong Polytechnic University; Junhan Duan, Carnegie Mellon University; Jingwei Li and Shuwei Song, University of Electronic Science and Technology of China; Xiapu Luo, The Hong Kong Polytechnic University; Ting Chen and Xiaosong Zhang, University of Electronic Science and Technology of China
Pretender: Universal Active Defense against Diffusion Finetuning Attacks
Zekun Sun and Zijian Liu, Shanghai Jiao Tong University; Shouling Ji, Zhejiang University; Chenhao Lin, Xi'an Jiaotong University; Na Ruan, Shanghai Jiao Tong University
Exploring How to Authenticate Application Messages in MLS: More Efficient, Post-Quantum, and Anonymous Blocklistable
Keitaro Hashimoto, National Institute of Advanced Industrial Science and Technology (AIST); Shuichi Katsumata, National Institute of Advanced Industrial Science and Technology (AIST) and PQShield; Guillermo Pascual-Perez, Institute of Science and Technology Austria (ISTA)
Suda: An Efficient and Secure Unbalanced Data Alignment Framework for Vertical Privacy-Preserving Machine Learning
Lushan Song, Fudan University and ByteDance; Qizhi Zhang and Yu Lin, ByteDance; Haoyu Niu, Fudan University; Daode Zhang, ByteDance; Zheng Qu and Weili Han, Fudan University; Jue Hong, Quanwei Cai, and Ye Wu, ByteDance
GeCos Replacing Experts: Generalizable and Comprehensible Industrial Intrusion Detection
Konrad Wolsing, Eric Wagner, and Luisa Lux, Fraunhofer FKIE and RWTH Aachen University; Klaus Wehrle, RWTH Aachen University; Martin Henze, RWTH Aachen University and Fraunhofer FKIE
Waltzz: WebAssembly Runtime Fuzzing with Stack-Invariant Transformation
Lingming Zhang, Zhejiang University; Binbin Zhao, Zhejiang University, Georgia Institute of Technology, and Engineering Research Center of Blockchain Application, Supervision And Management (Southeast University), Ministry of Education; Jiacheng Xu and Peiyu Liu, Zhejiang University; Qinge Xie, Georgia Institute of Technology; Yuan Tian, UCLA; Jianhai Chen and Shouling Ji, Zhejiang University
Attacker Control and Bug Prioritization
Guilhem Lacombe and Sébastien Bardin, Université Paris-Saclay, CEA, List, France
On the Proactive Generation of Unsafe Images From Text-To-Image Models Using Benign Prompts
Yixin Wu, CISPA Helmholtz Center for Information Security; Ning Yu, Netflix Eyeline Studios; Michael Backes, CISPA Helmholtz Center for Information Security; Yun Shen, Netapp; Yang Zhang, CISPA Helmholtz Center for Information Security
H2O2RAM: A High-Performance Hierarchical Doubly Oblivious RAM
Leqian Zheng, City University of Hong Kong; Zheng Zhang, ByteDance Inc.; Wentao Dong, City University of Hong Kong; Yao Zhang and Ye Wu, ByteDance Inc.; Cong Wang, City University of Hong Kong
A Formal Analysis of Apple's iMessage PQ3 Protocol
Felix Linker, Ralf Sasse, and David Basin, ETH Zurich
MBFuzzer: A Multi-Party Protocol Fuzzer for MQTT Brokers
Xiangpu Song, Shandong University; Jianliang Wu, Simon Fraser University; Yingpei Zeng, Hangzhou Dianzi University; Hao Pan, Shandong University; Chaoshun Zuo, Ohio State University; Qingchuan Zhao, City University of Hong Kong; Shanqing Guo, Shandong University and Shandong Key Laboratory of Artificial Intelligence Security
MAESTRO: Multi-Party AES Using Lookup Tables
Hiraku Morita, Aarhus University and University of Copenhagen; Erik Pohle, COSIC, KU Leuven; Kunihiko Sadakane, The University of Tokyo; Peter Scholl, Aarhus University; Kazunari Tozawa, The University of Tokyo; Daniel Tschudi, Concordium and Eastern Switzerland University of Applied Sciences (OST)
X.509DoS: Exploiting and Detecting Denial-of-Service Vulnerabilities in Cryptographic Libraries using Crafted X.509 Certificates
Bing Shi, Wenchao Li, Yuchen Wang, and Xiaolong Bai, Alibaba Group; Luyi Xing, Indiana University Bloomington
Synthetic Artifact Auditing: Tracing LLM-Generated Synthetic Data Usage in Downstream Applications
Yixin Wu and Ziqing Yang, CISPA Helmholtz Center for Information Security; Yun Shen, Netapp; Michael Backes and Yang Zhang, CISPA Helmholtz Center for Information Security
Email Spoofing with SMTP Smuggling: How the Shared Email Infrastructures Magnify this Vulnerability
Chuhan Wang, Southeast University and Tsinghua University; Chenkai Wang, University of Illinois Urbana-Champaign; Songyi Yang, Tsinghua University; Sophia Liu, University of Illinois Urbana-Champaign; Jianjun Chen, Tsinghua University and Zhongguancun Laboratory; Haixin Duan, Tsinghua University and Quan Cheng Laboratory; Gang Wang, University of Illinois Urbana-Champaign
How Researchers De-Identify Data in Practice
Wentao Guo, University of Maryland; Paige Pepitone, NORC at the University of Chicago; Adam J. Aviv, The George Washington University; Michelle L. Mazurek, University of Maryland
Lost in the Mists of Time: Expirations in DNS Footprints of Mobile Apps
Johnny So, Stony Brook University; Iskander Sanchez-Rola, Norton Research Group; Nick Nikiforakis, Stony Brook University
CoVault: Secure, Scalable Analytics of Personal Data
Roberta De Viti and Isaac Sheff, Max Planck Institute for Software Systems (MPI-SWS), Saarland Informatics Campus; Noemi Glaeser, Max Planck Institute for Security and Privacy (MPI-SP) and University of Maryland; Baltasar Dinis, Instituto Superior Técnico (ULisboa), INESC-ID; Rodrigo Rodrigues, Instituto Superior Técnico (ULisboa) / INESC-ID; Bobby Bhattacharjee, University of Maryland; Anwar Hithnawi, ETH Zürich; Deepak Garg and Peter Druschel, Max Planck Institute for Software Systems (MPI-SWS), Saarland Informatics Campus
VoiceWukong: Benchmarking Deepfake Voice Detection
Ziwei Yan, Yanjie Zhao, and Haoyu Wang, Huazhong University of Science and Technology
Secure Information Embedding in Forensic 3D Fingerprinting
Canran Wang, Jinwen Wang, Mi Zhou, Vinh Pham, Senyue Hao, Chao Zhou, Ning Zhang, and Netanel Raviv, Washington University in St. Louis
ImpROV: Measurement and Practical Mitigation of Collateral Damage in RPKI Route Origin Validation
Weitong Li, Yuze Li, and Taejoong Chung, Virginia Tech
Persistent Backdoor Attacks in Continual Learning
Zhen Guo, Abhinav Kumar, and Reza Tourani, Saint Louis University
Encrypted Access Logging for Online Accounts: Device Attributions without Device Tracking
Carolina Ortega Pérez and Alaa Daffalla, Cornell University; Thomas Ristenpart, Cornell Tech
Sound of Interference: Electromagnetic Eavesdropping Attack on Digital Microphones Using Pulse Density Modulation
Arifu Onishi, The University of Electro-Communications; S. Hrushikesh Bhupathiraju, Rishikesh Bhatt, and Sara Rampazzi, University of Florida; Takeshi Sugawara, The University of Electro-Communications
SoK: Towards Effective Automated Vulnerability Repair
Ying Li, University of California, Los Angeles; Faysal Hossain Shezan, University of Texas at Arlington; Bomin Wei, University of California, Los Angeles; Gang Wang, University of Illinois Urbana-Champaign; Yuan Tian, University of California, Los Angeles
Analyzing the AI Nudification Application Ecosystem
Cassidy Gibson and Daniel Olszewski, University of Florida; Natalie Grace Brigham, University of Washington; Anna Crowder, Kevin R. B. Butler, and Patrick Traynor, University of Florida; Elissa M. Redmiles, Georgetown University; Tadayoshi Kohno, University of Washington
From Purity to Peril: Backdooring Merged Models From "Harmless" Benign Components
Lijin Wang, The Hong Kong University of Science and Technology (Guangzhou); Jingjing Wang, Zhejiang University; Tianshuo Cong, Tsinghua University; Xinlei He, The Hong Kong University of Science and Technology (Guangzhou); Zhan Qin, Zhejiang University; Xinyi Huang, Jinan University
Qelect: Lattice-based Single Secret Leader Election Made Practical
Yunhao Wang and Fan Zhang, Yale University
Assuring Certified Database Utility in Privacy-Preserving Database Fingerprinting
Mingyang Song and Zhongyun Hua, Harbin Institute of Technology, Shenzhen; Yifeng Zheng, The Hong Kong Polytechnic University; Tao Xiang, Chongqing University; Guoai Xu, Harbin Institute of Technology, Shenzhen; Xingliang Yuan, The University of Melbourne
Privacy Audit as Bits Transmission: (Im)possibilities for Audit by One Run
Zihang Xiang, KAUST; Tianhao Wang, University of Virginia; Di Wang, KAUST
A Framework for Abusability Analysis: The Case of Passkeys in Interpersonal Threat Models
Alaa Daffalla and Arkaprabha Bhattacharya, Cornell University; Jacob Wilder, Independent Researcher; Rahul Chatterjee, University of Wisconsin—Madison; Nicola Dell, Cornell Tech; Rosanna Bellini, New York University; Thomas Ristenpart, Cornell Tech
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs
Joseph Spracklen, Raveen Wijewickrama, and A H M Nazmus Sakib, University of Texas at San Antonio; Anindya Maiti, University of Oklahoma; Bimal Viswanath, Virginia Tech; Murtuza Jadliwala, University of Texas at San Antonio
Distinguished Paper Award Winner
Whispering Under the Eaves: Protecting User Privacy Against Commercial and LLM-powered Automatic Speech Recognition Systems
Weifei Jin, Beijing University of Posts and Telecommunications;Yuxin Cao,National University of Singapore;Junjie Su,Beijing University of Posts and Telecommunications;Derui Wang,CSIRO's Data61;Yedi Zhang,National University of Singapore;Minhui Xue,CSIRO's Data61;Jie Hao,Beijing University of Posts and Telecommunications;Jin Song Dong,National University of Singapore;Yixian Yang, Beijing University of Posts and Telecommunications
Exposing the Guardrails: Reverse-Engineering and Jailbreaking Safety Filters in DALL·E Text-to-Image Pipelines
Corban Villa, New York University Abu Dhabi; Shujaat Mirza, New York University; Christina Pöpper, New York University Abu Dhabi
Distinguished Artifact Award Winner
Shechi: A Secure Distributed Computation Compiler Based on Multiparty Homomorphic Encryption
Haris Smajlović, University of Victoria; David Froelicher, MIT; Ariya Shajii, Exaloop Inc.; Bonnie Berger, MIT; Hyunghoon Cho, Yale University; Ibrahim Numanagić, University of Victoria
Following Devils' Footprint: Towards Real-time Detection of Price Manipulation Attacks
Bosi Zhang, Huazhong University of Science and Technology; Ningyu He, The Hong Kong Polytechnic University; Xiaohui Hu, Kai Ma, and Haoyu Wang, Huazhong University of Science and Technology
GNSS-WASP: GNSS Wide Area SPoofing
Christopher Tibaldo, Harshad Sathaye, Giovanni Camurati, and Srdjan Capkun, ETH Zurich, Switzerland
A Comprehensive Formal Security Analysis of OPC UA
Vincent Diemunsch, ANSSI and Université de Lorraine, CNRS, Inria, LORIA, France; Lucca Hirschi and Steve Kremer, Université de Lorraine, CNRS, Inria, LORIA, France
Data-Free Model-Related Attacks: Unleashing the Potential of Generative AI
Dayong Ye, University of Technology Sydney; Tianqing Zhu, City University of Macau; Shang Wang and Bo Liu, University of Technology Sydney; Leo Yu Zhang, Griffith University; Wanlei Zhou, City University of Macau; Yang Zhang, CISPA Helmholtz Center for Information Security
Data Duplication: A Novel Multi-Purpose Attack Paradigm in Machine Unlearning
Dayong Ye, University of Technology Sydney; Tianqing Zhu, City University of Macau; Jiayang Li, Kun Gao, and Bo Liu, University of Technology Sydney; Leo Yu Zhang, Griffith University; Wanlei Zhou, City University of Macau; Yang Zhang, CISPA Helmholtz Center for Information Security
Robust, Efficient, and Widely Available Greybox Fuzzing for COTS Binaries with System Call Pattern Feedback
Jifan Xiao, Key Laboratory of High Confidence Software Technologies, Peking University; Peng Jiang, Southeast University; Zixi Zhao, Ruizhe Huang, Junlin Liu, and Ding Li, Key Laboratory of High Confidence Software Technologies, Peking University
Digital Security Perceptions and Practices Around the World: A WEIRD versus Non-WEIRD Comparison
Franziska Herbert, Ruhr University Bochum; Collins W. Munyendo, The George Washington University and Max Planck Institute for Security and Privacy; Jonas Hielscher, Ruhr University Bochum; Steffen Becker, Ruhr University Bochum and Max Planck Institute for Security and Privacy; Yixin Zou, Max Planck Institute for Security and Privacy
Engorgio: An Arbitrary-Precision Unbounded-Size Hybrid Encrypted Database via Quantized Fully Homomorphic Encryption
Song Bian, Haowen Pan, Jiaqi Hu, Zhou Zhang, and Yunhao Fu, Beihang University; Jiafeng Hua, Huawei Technology; Yi Chen and Bo Zhang, Beijing Academy of Blockchain and Edge Computing; Yier Jin, University of Science and Technology of China; Jin Dong, Beijing Academy of Blockchain and Edge Computing; Zhenyu Guan, Beihang University
Invisible but Detected: Physical Adversarial Shadow Attack and Defense on LiDAR Object Detection
Ryunosuke Kobayashi, Waseda University; Kazuki Nomoto, Waseda University and Deloitte Tohmatsu Cyber LLC; Yuna Tanaka and Go Tsuruoka, Waseda University; Tatsuya Mori, Waseda University and NICT and RIKEN AIP
Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack
Mark Russinovich, Microsoft Azure; Ahmed Salem and Ronen Eldan, Microsoft
Efficient Multi-Party Private Set Union Without Non-Collusion Assumptions
Minglang Dong, School of Cyber Science and Technology, Shandong University; Quan Cheng Laboratory; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University; Cong Zhang, Institute for Advanced Study, BNRist, Tsinghua University; Yujie Bai and Yu Chen, School of Cyber Science and Technology, Shandong University; Quan Cheng Laboratory; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University
More is Less: Extra Features in Contactless Payments Break Security
George Pavlides, Surrey Centre for Cyber Security, University of Surrey; Anna Clee, University of Birmingham; Ioana Boureanu, Surrey Centre for Cyber Security, University of Surrey; Tom Chothia, University of Birmingham
DeepFold: Efficient Multilinear Polynomial Commitment from Reed-Solomon Code and Its Application to Zero-knowledge Proofs
Yanpei Guo, Xuanming Liu, Kexi Huang, Wenjie Qu, Tianyang Tao, and Jiaheng Zhang, National University of Singapore
Cyber-Physical Deception Through Coordinated IoT Honeypots
Chongqi Guan and Guohong Cao, The Pennsylvania State University
Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers
Keke Lian, Lei Zhang, and Haoran Zhao, Fudan University; Yinzhi Cao, Johns Hopkins University; Yongheng Liu, Fute Sun, Yuan Zhang, and Min Yang, Fudan University
Await() a Second: Evading Control Flow Integrity by Hijacking C++ Coroutines
Marcos Bajo and Christian Rossow, CISPA Helmholtz Center for Information Security
Posthammer: Pervasive Browser-based Rowhammer Attacks with Postponed Refresh Commands
Finn de Ridder, Patrick Jattke, and Kaveh Razavi, ETH Zurich
A Framework for Designing Provably Secure Steganography
Guorui Liao, Jinshuai Yang, Weizhi Shao, and Yongfeng Huang, Tsinghua University
The DOMino Effect: Detecting and Exploiting DOM Clobbering Gadgets via Concolic Execution with Symbolic DOM
Zhengyu Liu, Theo Lee, Jianjia Yu, Zifeng Kang, and Yinzhi Cao, Johns Hopkins University
Enhanced Label-Only Membership Inference Attacks with Fewer Queries
Hao Li, Institute of Software, Chinese Academy of Sciences; Zheng Li, Shandong University; Siyuan Wu, Yutong Ye, Min Zhang, and Dengguo Feng, Institute of Software, Chinese Academy of Sciences; Yang Zhang, CISPA Helmholtz Center for Information Security
Efficient 2PC for Constant Round Secure Equality Testing and Comparison
Tianpei Lu, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; Xin Kang, Xidian University; Bingsheng Zhang, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; and Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security; Zhuo Ma, Xidian University; Xiaoyuan Zhang, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; Yang Liu, Xidian University; Kui Ren and Chun Chen, The State Key Laboratory of Blockchain and Data Security, Zhejiang University
Current Affairs: A Security Measurement Study of CCS EV Charging Deployments
Marcell Szakály, Sebastian Köhler, and Ivan Martinovic, University of Oxford
Assessing the Aftermath: the Effects of a Global Takedown against DDoS-for-hire Services
Anh V. Vu, University of Cambridge; Ben Collier, University of Edinburgh; Daniel R. Thomas, University of Strathclyde; John Kristoff, University of Illinois Chicago; Richard Clayton and Alice Hutchings, University of Cambridge
When LLMs Go Online: The Emerging Threat of Web-Enabled LLMs
Hanna Kim, Minkyoo Song, Seung Ho Na, Seungwon Shin, and Kimin Lee, Korea Advanced Institute of Science and Technology (KAIST)
HateBench: Benchmarking Hate Speech Detectors on LLM-Generated Content and Hate Campaigns
Xinyue Shen, Yixin Wu, Yiting Qu, and Michael Backes, CISPA Helmholtz Center for Information Security; Savvas Zannettou, Delft University of Technology; Yang Zhang, CISPA Helmholtz Center for Information Security
ChoiceJacking: Compromising Mobile Devices through Malicious Chargers like a Decade ago
Florian Draschbacher, Graz University of Technology and A-SIT Austria; Lukas Maar, Mathias Oberhuber, and Stefan Mangard, Graz University of Technology
DFS: Delegation-friendly zkSNARK and Private Delegation of Provers
Yuncong Hu, Shanghai Jiao Tong University; Pratyush Mishra, University of Pennsylvania; Xiao Wang, Northwestern University; Jie Xie, Shanghai Jiao Tong University; Kang Yang, State Key Laboratory of Cryptology; Yu Yu, Shanghai Jiao Tong University and Shanghai Qi Zhi Institute; Yuwen Zhang, University of California, Berkeley
Branch Privilege Injection: Compromising Spectre v2 Hardware Mitigations by Exploiting Branch Predictor Race Conditions
Sandro Rüegge, Johannes Wikner, and Kaveh Razavi, ETH Zurich
Distinguished Paper Award Winner
Security and Privacy Advice for UPI Users in India
Deepthi Mungara and Harshini Sri Ramulu, Paderborn University; Yasemin Acar, Paderborn University and The George Washington University
Disparate Privacy Vulnerability: Targeted Attribute Inference Attacks and Defenses
Ehsanul Kabir, Lucas Craig, and Shagufta Mehnaz, Pennsylvania State University
SoK: Understanding zk-SNARKs: The Gap Between Research and Practice
Junkai Liang and Daqi Hu, Peking University; Pengfei Wu, Singapore Management University; Yunbo Yang, East China Normal University; Qingni Shen and Zhonghai Wu, Peking University
When Translators Refuse to Translate: A Novel Attack to Speech Translation Systems
Haolin Wu, Wuhan University and Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, China; Chang Liu, University of Science and Technology of China; Jing Chen, Ruiying Du, Kun He, and Yu Zhang, Wuhan University and Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, China; Cong Wu and Tianwei Zhang, Nanyang Technological University; Qing Guo and Jie Zhang, CFAR and IHPC, A*STAR, Singapore
Watch the Watchers! On the Security Risks of Robustness-Enhancing Diffusion Models
Changjiang Li, Stony Brook University; Ren Pang, Bochuan Cao, Jinghui Chen, and Fenglong Ma, The Pennsylvania State University; Shouling Ji, Zhejiang University; Ting Wang, Stony Brook University
Synthesis of Code-Reuse Attacks from p-code Programs
Mark DenHoed and Tom Melham, University of Oxford
GLaDoS: Location-aware Denial-of-Service of Cellular Networks
Simon Erni and Martin Kotuliak, ETH Zurich; Richard Baker and Ivan Martinovic, University of Oxford; Srdjan Capkun, ETH Zurich
TYPEPULSE: Detecting Type Confusion Bugs in Rust Programs
Hung-Mao Chen and Xu He, George Mason University; Shu Wang, George Mason University and Palo Alto Networks, Inc.; Xiaokuan Zhang and Kun Sun, George Mason University
Software Availability Protection in Cyber-Physical Systems
Ao Li, Jinwen Wang, and Ning Zhang, Washington University in St. Louis
DISPATCH: Unraveling Security Patches from Entangled Code Changes
Shiyu Sun and Yunlong Xing, George Mason University; Xinda Wang, University of Texas at Dallas; Shu Wang, Palo Alto Networks, Inc.; Qi Li, Tsinghua University; Kun Sun, George Mason University
CertPHash: Towards Certified Perceptual Hashing via Robust Training
Yuchen Yang and Qichang Liu, The Johns Hopkins University; Christopher Brix, RWTH Aachen University; Huan Zhang, University of Illinois at Urbana–Champaign; Yinzhi Cao, The Johns Hopkins University
Membership Inference Attacks Against Vision-Language Models
Yuke Hu, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; Zheng Li, Shandong University; Zhihao Liu, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; Yang Zhang, CISPA Helmholtz Center for Information Security; Zhan Qin, Kui Ren, and Chun Chen, The State Key Laboratory of Blockchain and Data Security, Zhejiang University
Machine Against the RAG: Jamming Retrieval-Augmented Generation with Blocker Documents
Avital Shafran, The Hebrew University; Roei Schuster, Wild Moose; Vitaly Shmatikov, Cornell Tech
Bots can Snoop: Uncovering and Mitigating Privacy Risks of Bots in Group Chats
Kai-Hsiang Chou, Yi-Min Lin, Yi-An Wang, and Jonathan Weiping Li, National Taiwan University; Tiffany Hyun-Jin Kim, HRL Laboratories; Hsu-Chun Hsiao, National Taiwan University and Academia Sinica
Learning from Functionality Outputs: Private Join and Compute in the Real World
Francesca Falzon, ETH Zürich; Tianxin Tang, Eindhoven University of Technology
BEAT-MEV: Epochless Approach to Batched Threshold Encryption for MEV Prevention
Jan Bormet, Sebastian Faust, Hussien Othman, and Ziyan Qu, Technische Universität Darmstadt
Catch-22: Uncovering Compromised Hosts using SSH Public Keys
Cristian Munteanu, Max Planck Institute for Informatics; Georgios Smaragdakis, Delft University of Technology; Anja Feldmann and Tobias Fiebig, Max Planck Institute for Informatics
Distinguished Paper Award Winner
EvilEDR: Repurposing EDR as an Offensive Tool
Kotaiba Alachkar, Delft University of Technology; Dirk Gaastra, Independent Researcher; Eduardo Barbaro, Michel van Eeten, and Yury Zhauniarovich, Delft University of Technology
Trust but Verify: An Assessment of Vulnerability Tagging Services
Szu-Chun Huang, Harm Griffioen, Max van der Horst, Georgios Smaragdakis, Michel van Eeten, and Yury Zhauniarovich, Delft University of Technology
From Meme to Threat: On the Hateful Meme Understanding and Induced Hateful Content Generation in Open-Source Vision Language Models
Yihan Ma, Xinyue Shen, and Yiting Qu, CISPA Helmholtz Center for Information Security; Ning Yu, Netflix Eyeline Studios; Michael Backes, CISPA Helmholtz Center for Information Security; Savvas Zannettou, Delft University of Technology; Yang Zhang, CISPA Helmholtz Center for Information Security
Characterizing the MrDeepFakes Sexual Deepfake Marketplace
Catherine Han and Anne Li, Stanford University; Deepak Kumar, University of California, San Diego; Zakir Durumeric, Stanford University
From Alarms to Real Bugs: Multi-target Multi-step Directed Greybox Fuzzing for Static Analysis Result Verification
Andrew Bao, University of Minnesota, Twin Cities; Wenjia Zhao, Xi'an Jiaotong University; Yanhao Wang, Independent Researcher; Yueqiang Cheng, MediaTek; Stephen McCamant and Pen-Chung Yew, University of Minnesota, Twin Cities
Chimera: Creating Digitally Signed Fake Photos by Fooling Image Recapture and Deepfake Detectors
Seongbin Park, Alexander Vilesov, Jinghuai Zhang, Hossein Khalili, Yuan Tian, Achuta Kadambi, and Nader Sehatbakhsh, University of California, Los Angeles
Generated Data with Fake Privacy: Hidden Dangers of Fine-tuning Large Language Models on Generated Data
Atilla Akkus and Masoud Poorghaffar Aghdam, Bilkent University; Mingjie Li, Junjie Chu, Michael Backes, and Yang Zhang, CISPA Helmholtz Center for Information Security; Sinem Sav, Bilkent University
TORCHLIGHT: Shedding LIGHT on Real-World Attacks on Cloudless IoT Devices Concealed within the Tor Network
Yumingzhi Pan and Zhen Ling, Southeast University; Yue Zhang, Drexel University; Hongze Wang, Guangchi Liu, and Junzhou Luo, Southeast University; Xinwen Fu, University of Massachusetts Lowell
Easy As Child's Play: An Empirical Study on Age Verification of Adult-Oriented Android Apps
Yifan Yao, Shawn McCollum, Zhibo Sun, and Yue Zhang, Drexel University
Distributed Private Aggregation in Graph Neural Networks
Huanhuan Jia, Yuanbo Zhao, Kai Dong, Zhen Ling, Ming Yang, and Junzhou Luo, Southeast University; Xinwen Fu, University of Massachusetts Lowell
zk-promises: Anonymous Moderation, Reputation, and Blocking from Anonymous Credentials with Callbacks
Maurice Shih, Michael Rosenberg, and Hari Kailad, University Of Maryland; Ian Miers, University of Maryland
FLOP: Breaking the Apple M3 CPU via False Load Output Predictions
Jason Kim, Jalen Chuang, and Daniel Genkin, Georgia Tech; Yuval Yarom, Ruhr University Bochum
Towards Label-Only Membership Inference Attack against Pre-trained Large Language Models
Yu He, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; Boheng Li, College of Computing and Data Science, Nanyang Technological University; Liu Liu and Zhongjie Ba, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; Wei Dong, College of Computing and Data Science, Nanyang Technological University; Yiming Li, The State Key Laboratory of Blockchain and Data Security, Zhejiang University; and College of Computing and Data Science, Nanyang Technological University; Zhan Qin, Kui Ren, and Chun Chen, The State Key Laboratory of Blockchain and Data Security, Zhejiang University
Voluntary Investment, Mandatory Minimums, or Cyber Insurance: What Minimizes Losses?
Adam Hastings and Simha Sethumadhavan, Columbia University
Phantom: Privacy-Preserving Deep Neural Network Model Obfuscation in Heterogeneous TEE and GPU System
Juyang Bai, Johns Hopkins University; Md Hafizul Islam Chowdhuryy, University of Central Florida; Jingtao Li, Sony AI; Fan Yao, University of Central Florida; Chaitali Chakrabarti and Deliang Fan, Arizona State University
HawkEye: Statically and Accurately Profiling the Communication Cost of Models in Multi-party Learning
Wenqiang Ruan, Xin Lin, Ruisheng Zhou, and Guopeng Lin, Fudan University; Shui Yu, University of Technology Sydney; Weili Han, Fudan University
Misty Registry: An Empirical Study of Flawed Domain Registry Operation
Mingming Zhang, Zhongguancun Laboratory; Yunyi Zhang, National University of Defense Technology and Tsinghua University; Baojun Liu and Haixin Duan, Tsinghua University and Zhongguancun Laboratory; Min Zhang, Fan Shi, and Chengxi Xu, National University of Defense Technology
ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains
Peng Deng, Lei Zhang, Yuchuan Meng, Zhemin Yang, Yuan Zhang, and Min Yang, Fudan University
APPATCH: Automated Adaptive Prompting Large Language Models for Real-World Software Vulnerability Patching
Yu Nong, University at Buffalo; Haoran Yang, Washington State University; Long Cheng, Clemson University; Hongxin Hu and Haipeng Cai, University at Buffalo
Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink
Yining Wang, Mi Zhang, Junjie Sun, Chenyue Wang, and Min Yang, Fudan University; Hui Xue, Jialing Tao, Ranjie Duan, and Jiexi Liu, Alibaba Group
AUDIO WATERMARK: Dynamic and Harmless Watermark for Black-box Voice Dataset Copyright Protection
Hanqing Guo, University of Hawaii at Mānoa; Junfeng Guo, University of Maryland; Bocheng Chen and Yuanda Wang, Michigan State University; Xun Chen, Samsung Research America; Heng Huang, University of Maryland; Qiben Yan and Li Xiao, Michigan State University
Available Attestation: Towards a Reorg-Resilient Solution for Ethereum Proof-of-Stake
Mingfei Zhang, Shandong University; Rujia Li, Tsinghua University; Xueqian Lu, Independent Reseacher; Sisi Duan, Tsinghua University
Voting-Bloc Entropy: A New Metric for DAO Decentralization
Andres Fabrega, Cornell University; Amy Zhao, IC3; Jay Yu, Stanford University; James Austgen, Cornell Tech; Sarah Allen, IC3 and Flashbots; Kushal Babel, Cornell Tech and IC3; Mahimna Kelkar, Cornell Tech; Ari Juels, Cornell Tech and IC3
Practical Mempool Privacy via One-time Setup Batched Threshold Encryption
Arka Rai Choudhuri, Nexus; Sanjam Garg and Guru Vamsi Policharla, University of California, Berkeley; Mingyuan Wang, NYU Shanghai
OBLIVIATOR: OBLIVIous Parallel Joins and other OperATORs in Shared Memory Environments
Apostolos Mavrogiannakis, University of California, Santa Cruz; Xian Wang, The Hong Kong University of Science and Technology; Ioannis Demertzis, University of California, Santa Cruz; Dimitrios Papadopoulos, The Hong Kong University of Science and Technology; Minos Garofalakis, ATHENA Research Center and Technical University of Crete
Practical Keyword Private Information Retrieval from Key-to-Index Mappings
Meng Hao, School of Computing & Information Systems, Singapore Management University; Weiran Liu and Liqiang Peng, Alibaba Group; Cong Zhang, Institute for Advanced Study, BNRist, Tsinghua University; Pengfei Wu, School of Computing & Information Systems, Singapore Management University; Lei Zhang, Alibaba Group; Hongwei Li, Peng Cheng Laboratory; Robert H. Deng, School of Computing & Information Systems, Singapore Management University
DarkGram: A Large-Scale Analysis of Cybercriminal Activity Channels on Telegram
Sayak Saha Roy and Elham Pourabbas Vafa, The University of Texas at Arlington; Kobra Khanmohamaddi, Sheridan College; Shirin Nilizadeh, The University of Texas at Arlington
Recover from Excessive Faults in Partially-Synchronous BFT SMR
Tiantian Gong and Gustavo Franco Camilo, Purdue University; Kartik Nayak, Duke University; Andrew Lewis-Pye, London School of Economics; Aniket Kate, Purdue University and Supra Research
Sound and Efficient Generation of Data-Oriented Exploits via Programming Language Synthesis
Yuxi Ling, National Univeristy of Singapore; Gokul Rajiv, National University of Singapore; Kiran Gopinathan, University of Illinois Urbana-Champaign; Ilya Sergey, National University of Singapore
Shadowed Realities: An Investigation of UI Attacks in WebXR
Chandrika Mukherjee, Purdue University; Reham Mohamed, American University of Sharjah; Arjun Arunasalam, Purdue University; Habiba Farrukh, University of California, Irvine; Z. Berkay Celik, Purdue University
Fast Enhanced Private Set Union in the Balanced and Unbalanced Scenarios
Binbin Tu and Yujie Bai, School of Cyber Science and Technology, Shandong University; Quan Cheng Laboratory; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University; Cong Zhang, Institute for Advanced Study, BNRist, Tsinghua University; Yang Cao and Yu Chen, School of Cyber Science and Technology, Shandong University; Quan Cheng Laboratory; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University
Systematic Evaluation of Randomized Cache Designs against Cache Occupancy
Anirban Chakraborty, Max Planck Institute for Security and Privacy; Nimish Mishra, Indian Institute of Technology Kharagpur; Sayandeep Saha, Indian Institute of Technology Bombay; Sarani Bhattacharya and Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur
Tracking You from a Thousand Miles Away! Turning a Bluetooth Device into an Apple AirTag Without Root Privileges
Junming Chen, Xiaoyue Ma, Lannan Luo, and Qiang Zeng, George Mason University
Distinguished Artifact Award Winner
NOKEScam: Understanding and Rectifying Non-Sense Keywords Spear Scam in Search Engines
Mingxuan Liu, Zhongguancun Laboratory;Yunyi Zhang,Tsinghua University and National University of Defense Technology;Lijie Wu,Tsinghua University;Baojun Liu,Tsinghua University and Zhongguancun Laboratory;Geng Hong,Fudan University;Yiming Zhang,Tsinghua University;Hui Jiang,Tsinghua University and Baidu Inc;Jia Zhang and Haixin Duan,Tsinghua University and Quancheng Laboratory;Min Zhang,National University of Defense Technology;Wei Guan,Baidu Inc;Fan Shi,National University of Defense Technology;Min Yang, Fudan University
Endangered Privacy: Large-Scale Monitoring of Video Streaming Services
Martin Björklund and Romaric Duvignau, Chalmers University of Technology and University of Gothenburg
TockOwl: Asynchronous Consensus with Fault and Network Adaptability
Minghang Li and Qianhong Wu, Beihang University; Zhipeng Wang, Imperial College London; Bo Qin, Renmin University of China; Bohang Wei, Hang Ruan, Shihong Xiong, and Zhenyang Ding, Beihang University
Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators
Kunpeng Zhang, Zongjie Li, Daoyuan Wu, and Shuai Wang, The Hong Kong University of Science and Technology; Xin Xia, Zhejiang University
CoreCrisis: Threat-Guided and Context-Aware Iterative Learning and Fuzzing of 5G Core Networks
Yilu Dong, Tianchang Yang, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Ali Ranjbar, Kai Tu, Tianwei Wu, Md Sultan Mahmud, and Syed Rafiul Hussain, The Pennsylvania State University
FIXX: FInding eXploits from eXamples
Neil P Thimmaiah, Yashashvi J Dave, Rigel Gjomemo, and V.N. Venkatakrishnan, University of Illinois Chicago
Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation
Xinyou Huang, Lei Zhang, Yongheng Liu, and Peng Deng, Fudan University; Yinzhi Cao, Johns Hopkins University; Yuan Zhang and Min Yang, Fudan University
Surviving in Dark Forest: Towards Evading the Attacks from Front-Running Bots in Application Layer
Zuchao Ma, Muhui Jiang, Feng Luo, and Xiapu Luo, The Hong Kong Polytechnic University; Yajin Zhou, Zhejiang University
GenHuzz: An Efficient Generative Hardware Fuzzer
Lichao Wu, Mohamadreza Rostami, and Huimin Li, Technical University of Darmstadt; Jeyavijayan Rajendran, Texas A&M University; Ahmad-Reza Sadeghi, Technical University of Darmstadt
Demystifying the (In)Security of QR Code-based Login in Real-world Deployments
Xin Zhang, Xiaohan Zhang, and Bo Zhao, Fudan University; Yuhong Nan, Sun Yat-sen University; Zhichen Liu, Jianzhou Chen, Huijun Zhou, and Min Yang, Fudan University
Inspection Tasks: Helping Users Detect Phishing Links in Emails
Daniele Lain, Yoshimichi Nakatsuka, and Kari Kostiainen, ETH Zurich; Gene Tsudik, University of California, Irvine; Srdjan Capkun, ETH Zurich
System Register Hijacking: Compromising Kernel Integrity By Turning System Registers Against the System
Jennifer Miller, Manas Ghandat, Kyle Zeng, Hongkai Chen, Abdelouahab (Habs) Benchikh, Tiffany Bao, Ruoyu Wang, Adam Doupé, and Yan Shoshitaishvili, Arizona State University
A Mixed-Methods Study of Open-Source Software Maintainers On Vulnerability Management and Platform Security Features
Jessy Ayala, Yu-Jye Tung, and Joshua Garcia, University of California, Irvine
LightShed: Defeating Perturbation-based Image Copyright Protections
Hanna Foerster, University of Cambridge; Sasha Behrouzi and Phillip Rieger, Technical University of Darmstadt; Murtuza Jadliwala, University of Texas at San Antonio; Ahmad-Reza Sadeghi, Technical University of Darmstadt
Private Set Intersection and other Set Operations in the Third Party Setting
Foo Yee Yeo and Jason H. M. Ying, Seagate Technology
Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection
Zihan Lin, Yuan Zhang, Jiarun Dai, Xinyou Huang, Bocheng Xiang, Guangliang Yang, Letian Yuan, Lei Zhang, Fengyu Liu, Tian Chen, and Min Yang, Fudan University
DeBackdoor: A Deductive Framework for Detecting Backdoor Attacks on Deep Models with Limited Data
Dorde Popovic and Amin Sadeghi, Qatar Computing Research Institute, Hamad Bin Khalifa University; Ting Yu, Mohamed bin Zayed University of Artificial Intelligence; Sanjay Chawla and Issa Khalil, Qatar Computing Research Institute, Hamad Bin Khalifa University
Preventing Artificially Inflated SMS Attacks through Large-Scale Traffic Inspection
Jun Ho Huh, Hyejin Shin, Sunwoo Ahn, and Hayoon Yi, Samsung Research; Joonho Cho, Taewoo Kim, Minchae Lim, and Nuel Choi, Samsung Electronics
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...