Non-evaluated artifacts

Artifacts automatically discovered by ArtiFinder that were not submitted to formal artifact evaluation. Results are not manually verified, please submit a pull request if you spot a mistake or want to validate correctly extracted links (marked with a ✓ in the dataset).

In addition to these links, we also cross-checked the URLs submitted for artifact evaluation with those extracted from the papers. When there is a mismatch, the URL reported in the paper is listed on the artifact evaluation outcome page under “Author’s link”. These can often point to project websites or actively maintained repositories instead of archived versions (or even expired temporary URLs).

ACSAC (110)

2025 (19) · 2024 (14) · 2023 (6) · 2022 (10) · 2021 (23) · 2020 (12) · 2019 (12) · 2018 (8) · 2017 (6)

CCS (1132)

2025 (211) · 2024 (200) · 2023 (145) · 2022 (123) · 2021 (100) · 2020 (57) · 2019 (64) · 2018 (53) · 2017 (46) · 2016 (33) · 2015 (26) · 2014 (19) · 2013 (14) · 2012 (7) · 2011 (4) · 2010 (4) · 2009 (2) · 2008 (5) · 2007 (6) · 2006 (4) · 2005 (2) · 2004 (2) · 2003 (1) · 2002 (2) · 2001 (2)

NDSS (486)

2025 (98) · 2024 (65) · 2023 (63) · 2022 (44) · 2021 (49) · 2020 (41) · 2019 (38) · 2018 (29) · 2017 (16) · 2016 (13) · 2015 (7) · 2014 (10) · 2013 (1) · 2012 (5) · 2011 (1) · 2010 (2) · 2009 (2) · 2006 (2)

SP (692)

2025 (137) · 2024 (155) · 2023 (95) · 2022 (80) · 2021 (62) · 2020 (41) · 2019 (28) · 2018 (14) · 2017 (24) · 2016 (9) · 2015 (11) · 2014 (9) · 2013 (7) · 2012 (8) · 2010 (2) · 2009 (1) · 2008 (3) · 2006 (2) · 2003 (2) · 2002 (1) · 2000 (1)

USENIX (841)

2025 (68) · 2024 (155) · 2023 (144) · 2022 (77) · 2021 (104) · 2020 (48) · 2019 (56) · 2018 (41) · 2017 (28) · 2016 (32) · 2015 (18) · 2014 (19) · 2013 (9) · 2012 (8) · 2011 (6) · 2010 (5) · 2009 (2) · 2008 (4) · 2007 (3) · 2005 (3) · 2004 (1) · 2003 (2) · 2002 (2) · 2001 (6)

ACSAC

2025 (19)

Paper	Artifact
AGNOMIN - Architecture Agnostic Multi-Label Function Name Prediction.	https://github.com/AICPS/AGNOMIN
WAFFLED: Exploiting Parsing Discrepancies to Bypass Web Application Firewalls.	https://github.com/sa-akhavani/waffled
R+R: Revisiting Static Feature-Based Android Malware Detection Using Machine Learning.	https://github.com/xashru/maldetect
Clouseau: A Hierarchical Multi-Agent Approach for Autonomous Attack Investigation.	https://github.com/ICL-ml4csec/Clouseau
TeTRIS: General-purpose Fuzzing for Translation Bugs in Source-to-Source Code Transpilers.	https://github.com/FuturesLab/TeTRIS
Big Broker is Tracking You! A Privacy Assessment of Large-Scale Location Trace Datasets.	https://github.com/ku-leuven-msec/BigBroker-Paper
Fooling Machine's Eyes: Unicode Modifier Letter Evasion Attack.	https://doi.org/10.5281/zenodo.17106798
ProxyPrints: From Database Breach to Spoof, A Plug-and-Play Defense for Biometric Systems.	https://github.com/PenlessPan/ProxyPrints
Fix it - If you Can! Towards Understanding the Impact of Tool Support and Domain Owners' Reactions to SSHFP Misconfigurations.	https://github.com/gehaxelt/SSHFP-Notification-Study-AE
MOEVIL: Poisoning Experts to Compromise the Safety of Mixture-of-Experts LLMs.	https://github.com/jaehanwork/MoEvil
Fuzzing Acceleration for Memory Safety Bug Discovery with Slicer.	https://github.com/PSecLab/slicer
Gravity of the Situation: Security Analysis on Rocket.Chat E2EE.	https://github.com/gravity-of-the-situation-rc/Artifacts-of-Security-Analysis-on-RocketChat-E2EE
REx86: A Local Large Language Model for Assisting in x86 Assembly Reverse Engineering.	https://github.com/dlea8/REx86
Splash: Adversarial Defense with Short Perturbation Blocks Against Adversarial Training Aided Website Fingerprinting.	https://github.com/AHA-MarcoBot/Splash-code
DROIDCCT: Cryptographic Compliance Test via Trillion-Scale Measurement.	<github.com/google/droidcct-paper-artifact>
VMIGEN: Utilizing Virtual Machine Introspection for Fuzzing Complex Closed-Source Targets.	https://github.com/MPI-SysSec/
R+R: From Claims to Crashes: A Systematic Re-evaluation of Graph-Based Network Intrusion Detection Systems.	https://github.com/wcl-sjtu/GIDSREP
PIM-ORAM: Towards Oblivious RAM Primitives in Commodity Processing-In-Memory.	https://github.com/Mysigyeong/PIM-ORAM-artifact
R+R: Anonymous Authentication and Key Agreement, Revisited.	https://github.com/pyca/cryptography/

2024 (14)

Paper	Artifact
Exploring Inherent Backdoors in Deep Learning Models.	https://github.com/Gwinhen/InherentBackdoor
Rust for Linux: Understanding the Security Impact of Rust in the Linux Kernel.	https://github.com/mars-research/rfl-artifacts
Eunomia: A Real-time Privacy Compliance Firewall for Alexa Skills.	https://github.com/Eunomia-skills
SECURE: Benchmarking Large Language Models for Cybersecurity.	https://github.com/aiforsec/SECURE
Lightweight Secure Aggregation for Personalized Federated Learning with Backdoor Resistance.	https://github.com/SimonB6/OpenFLIGHT
Hypervisor Dissociative Execution: Programming Guests for Monitoring, Management, and Security.	https://github.com/AndrewFasano/hyde
TILE: Input Structure Optimization for Neural Networks to Accelerate Secure Inference.	https://github.com/yizhouf743/TILE
Securing PUFs via a Predictive Adversarial Machine Learning System by Modeling of Attackers.	https://github.com/ecn-aau/PAS-PUF/
Leaky Autofill: An Empirical Study on the Privacy Threat of Password Managers' Autofill Functionality.	https://github.com/Leaky-Autofill/LeakyAutofill-Artifact
Ready or Not, Here I Come: Characterizing the Security of Prematurely-public Web Applications.	https://pragseclab.github.io/mako
I'll Be There for You! Perpetual Availability in the A8 MVX System.	<github.com/andrej/>
Madeline: Continuous and Low-cost Monitoring with Graph-free Representations to Combat Cyber Threats.	https://github.com/wenjia7/madeline
DEEPCAPA: Identifying Malicious Capabilities in Windows Malware.	https://github.com/ucsb-seclab/DeepCapa
Assessing the Silent Frontlines: Exploring the Impact of DDoS Hacktivism in the Russo-Ukrainian War.	https://github.com/Assessing-the-Silent-Frontlines/Exploring-the-Impact-of-DDoS-Hacktivism-in-the-Russo-Ukrainian-War

2023 (6)

Paper	Artifact
Can Large Language Models Provide Security & Privacy Advice? Measuring the Ability of LLMs to Refute Misconceptions.	https://github.com/purseclab/LLM_Security_Privacy_Advice
FS3: Few-Shot and Self-Supervised Framework for Efficient Intrusion Detection in Internet of Things Networks.	<github.com/MultifacetedIntrusionDetection/ID-FS3>
OAuth 2.0 Redirect URI Validation Falls Short, Literally.	https://github.com/innotommy/OAuthpaper-code
SealClub: Computer-aided Paper Document Authentication.	https://github.com/hdvanegasm/sealclub-artifacts
Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats.	https://ibotpeaches.github.io/Apktool/
A First Look at Toxicity Injection Attacks on Open-domain Chatbots.	https://github.com/secml-lab-vt/Chatbot-Toxicity-Injection

2022 (10)

Paper	Artifact
Boosting Neural Networks to Decompile Optimized Binaries.	https://github.com/zijiancogito/neur-dp-data.git
FAuST: Striking a Bargain between Forensic Auditing's Security and Throughput.	https://github.com/nailo2c/deeplog
Accept All Exploits: Exploring the Security Impact of Cookie Banners.	https://github.com/SAP/project-foxhound/releases/tag/v96.0.3
DRAGON: Deep Reinforcement Learning for Autonomous Grid Operation and Attack Detection.	https://github.com/mlanden/Dragon-Hyperparameters
Interaction matters: a comprehensive analysis and a dataset of hybrid IoT/OT honeypots.	https://github.com/aau-network-security/riotpot#12-Noise-Filter
One Fuzz Doesn't Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction.	https://github.com/HexHive/
Towards Practical Application-level Support for Privilege Separation.	https://gitlab.com/pitchfork-project
MADDC: Multi-Scale Anomaly Detection, Diagnosis and Correction for Discrete Event Logs.	https://github.com/040840308/MADDC/tree/master
Towards Enhanced EEG-based Authentication with Motor Imagery Brain-Computer Interface.	https://github.com/BKAUTO/EEG
NeuGuard: Lightweight Neuron-Guided Defense against Membership Inference Attacks.	https://github.com/nux219/NeuGuard

2021 (23)

Paper	Artifact
Practical Attestation for Edge Devices Running Compute Heavy Machine Learning Applications.	https://github.com/iabidi/attestation
Morphence: Moving Target Defense Against Adversarial Examples.	https://github.com/um-dsp/Morphence
Is Visualization Enough? Evaluating the Efficacy of MUD-Visualizer in Enabling Ease of Deployment for Manufacturer Usage Description (MUD).	https://github.com/iot-onboarding/mud-visualizer
Towards Practical Post-quantum Signatures for Resource-Limited Internet of Things.	https://github.com/Rbehnia/ANT.git
ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing.	https://github.com/boofish/ICS3Fuzzer
A formal analysis of IKEv2's post-quantum extension.	https://github.com/mnm-team/tamarin-ikev2
Efficient, Private and Robust Federated Learning.	https://github.com/google/exposure-notifications-android
Dicos: Discovering Insecure Code Snippets from Stack Overflow Posts by Leveraging User Discussions.	https://github.com/hyunji-hong/DICOS-public
Characterizing Improper Input Validation Vulnerabilities of Mobile Crowdsourcing Services.	https://sites.google.com/view/data-poisoning-mcs
They See Me Rollin': Inherent Vulnerability of the Rolling Shutter in CMOS Image Sensors.	https://github.com/ssloxford/they-see-me-rollin
A Look Back on a Function Identification Problem.	https://github.com/SecAI-Lab/func-identication
Can We Leverage Predictive Uncertainty to Detect Dataset Shift and Adversarial Examples in Android Malware Detection?	https://github.com/deqangss/malware-uncertainty
Global Feature Analysis and Comparative Evaluation of Freestyle In-Air-Handwriting Passcode for User Authentication.	https://github.com/duolu/fmkit
Westworld: Fuzzing-Assisted Remote Dynamic Symbolic Execution of Smart Apps on IoT Cloud Platforms.	https://github.com/lannan/Westworld
VASA: Vector AES Instructions for Security Applications.	https://encrypto.de/code/VASA
OPay: an Orientation-based Contactless Payment Solution Against Passive Attacks.	https://ibotpeaches.github.io/Apktool/
The Emperor's New Autofill Framework: A Security Analysis of Autofill on iOS and Android.	https://userlab.utk.edu/publications/oesch2021emperors
Keeping Safe Rust Safe with Galeed.	https://github.com/mit-ll/galeed
SODA: A System for Cyber Deception Orchestration and Automation.	https://github.com/sajid36/soda-orchestration-engine
What's in a Cyber Threat Intelligence sharing platform?: A mixed-methods user experience investigation of MISP.	https://doi.org/10.5281/zenodo.5531990
The Many-faced God: Attacking Face Verification System with Embedding and Image Recovery.	https://github.com/BennyTMT/DL_Privacy
ARID: Anonymous Remote IDentification of Unmanned Aerial Vehicles.	https://github.com/pietrotedeschi/arid
MineHunter: A Practical Cryptomining Traffic Detection Algorithm Based on Time Series Tracking.	https://github.com/zsz147/MineHunter

2020 (12)

Paper	Artifact
Set It and Forget It! Turnkey ECC for Instant Integration.	https://doi.org/10.5281/zenodo.4008898
Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation.	https://github.com/dongmu/
The Tangled Genealogy of IoT Malware.	https://github.com/eurecom-s3/tangled_iot/
FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis.	http://github.com/pr0v3rbs/FirmAE
Effect of Security Controls on Patching Window: A Causal Inference based Approach.	https://github.com/Microsoft/dowhy
CAPS: Smoothly Transitioning to a More Resilient Web PKI.	https://github.com/syclops/caps
ρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings.	https://github.com/TeamVault/rhoFEM
Probabilistic Naming of Functions in Stripped Binaries.	https://github.com/punstrip/punstrip
NoiseScope: Detecting Deepfake Images in a Blind Setting.	https://github.com/jmpu/NoiseScope
Workflow Integration Alleviates Identity and Access Management in Serverless Computing.	https://github.com/Ethos-lab/Valve
Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems.	http://imperio.adversarial-attacks.net
GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark.	https://github.com/liveonearthormars/SparkSQL-test

2019 (12)

Paper	Artifact
Improving intrusion detectors by crook-sourcing.	https://github.com/cyberdeception/deepdig
SIMPLE: single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks.	https://github.com/harry1993/simple-dataset
Opening Pandora's box through ATFuzzer: dynamic analysis of AT interface for Android smartphones.	https://github.com/Imtiazkarimik23/ATFuzzer
EIGER: automated IOC generation for accurate and interpretable endpoint malware detection.	https://github.com/malrev/eiger
How to prove your model belongs to you: a blind-watermark based framework to protect intellectual property of DNN.	https://github.com/zhenglisec/Blind-Watermark-for-DNN
Analyzing control flow integrity with LLVM-CFI.	https://github.com/TeamVault/LLVM-CFI.git
How to kill symbolic deobfuscation for free (or: unleashing the potential of path-oriented protections).	https://github.com/trailofbits/manticore
AppVeto: mobile application self-defense through resource access veto.	https://github.com/tousifosman/app-veto
VPS: excavating high-level C++ constructs from low-level binaries to protect dynamic dispatching.	https://github.com/RUB-SysSec/VPS
Systematic comparison of symbolic execution systems: intermediate representation and its generation.	http://www.s3.eurecom.fr/tools/symbolic_execution/
Will you trust this TLS certificate?: perceptions of people working in IT.	https://crocs.fi.muni.cz/papers/acsac2019
Whisper: a unilateral defense against VoIP traffic re-identification attacks.	https://www.whisperIntoVoIP.com

2018 (8)

Paper	Artifact
Raising the Bar: Evaluating Origin-wide Security Manifests.	http://www.cse.chalmers.se/research/group/security/originmanifest
There's a Hole in that Bucket!: A Large-scale Analysis of Misconfigured S3 Buckets.	https://github.com/necst/truster
Now You See Me: Real-time Dynamic Function Call Detection.	https://github.com/Frky/iCi
Using Loops For Malware Classification Resilient to Feature-unaware Perturbations.	http://www.github.com/ucsb-seclab/LoopMC
On The Systematic Development and Evaluation Of Password Security Awareness-Raising Materials.	https://secuso.org/passwortsicherheit
Latent Typing Biometrics in Online Collaboration Services.	https://github.com/UNOcyber/google-docs-biometrics
Mapping to Bits: Efficiently Detecting Type Confusion Errors.	https://github.com/bin2415/Bitype
A Multi-tab Website Fingerprinting Attack.	https://github.com/jhayes14/k-FP

2017 (6)

Paper	Artifact
Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information.	https://github.com/ucsb-seclab/android_device_public
SecureDroid: Enhancing Security of Machine Learning-based Detection against Adversarial Android Malware Attacks.	http://ibotpeaches.github.io/Apktool/
Orpheus: Enforcing Cyber-Physical Execution Semantics to Defend Against Data-Oriented Attacks.	https://github.com/control-flow-attestation/c-flat
Objective Metrics and Gradient Descent Algorithms for Adversarial Examples in Machine Learning.	https://github.com/tensorflow/cleverhans
HoloPair: Securing Shared Augmented Reality Using Microsoft HoloLens.	https://tinyurl.com/holopair
Ex-Ray: Detection of History-Leaking Browser Extensions.	https://github.com/mweissbacher/exray-data

CCS

2025 (211)

Paper	Artifact
Finding SSH Strict Key Exchange Violations by State Learning.	https://doi.org/10.5281/zenodo.17021719
Anonymity Unveiled: A Practical Framework for Auditing Data Use in Deep Learning Models.	https://github.com/DependableSystemsLab/MembershipTracker
Denial of Sequencing Attacks in Ethereum Layer 2 Rollups.	https://zzzihao-li.github.io/
Swallow: A Transfer-Robust Website Fingerprinting Attack via Consistent Feature Learning.	https://github.com/wujinhe0814/Swallow
Mosformer: Maliciously Secure Three-Party Inference Framework for Large Transformers.	https://github.com/XidianNSS/Mosformer
GPU Travelling: Efficient Confidential Collaborative Training with TEE-Enabled GPUs.	https://zenodo.org/records/16899384
Systematic Assessment of Tabular Data Synthesis.	https://github.com/zealscott/SynMeter
Safeguarding Graph Neural Networks against Topology Inference Attacks.	https://github.com/JeffffffFu/PGR
Pixnapping: Bringing Pixel Stealing out of the Stone Age.	https://github.com/TAC-UCB/pixnapping
Deep Dive into In-app Browsers: Uncovering Hidden Pitfalls in Certificate Validation.	https://github.com/authors7771/FAITH
DPImageBench: A Unified Benchmark for Differentially Private Image Synthesis.	https://github.com/2019ChenGong/DPImageBench
TensorShield: Safeguarding On-Device Inference by Shielding Critical DNN Tensors with TEE.	https://github.com/suntong30/TensorShield
SyzSpec: Specification Generation for Linux Kernel Fuzzing via Under-Constrained Symbolic Execution.	https://github.com/seclab-ucr/SyzSpec
GhostCache: Timer- and Counter-Free Cache Attacks Exploiting Weak Coherence on RISC-V and ARM Chips.	https://doi.org/10.5281/zenodo.15559504
ForeDroid: Scenario-Aware Analysis for Android Malware Detection and Explanation.	https://github.com/ForeDroid/ForeDroid/raw/main/Supplementary_Material_for_ForeDroid.pdf
5G-RNAKA : A Random Number-based Authentication and Key Agreement Protocol for 5G Systems.	https://github.com/TACSL/5G-RNAKA
Jazzline: Composable CryptoLine Functional Correctness Proofs for Jasmin Programs.	https://doi.org/10.62056/a3qj89n4e
Deep Learning from Imperfectly Labeled Malware Data.	https://doi.org/10.5281/zenodo.16924658
OCR-APT: Reconstructing APT Stories from Audit Logs using Subgraph Anomaly Detection and LLMs.	https://github.com/CoDS-GCS/OCR-APT
MegaBlocks: Breaking the Logarithmic I/O-Overhead Barrier for Oblivious RAM.	https://github.com/cryptobiu/MegaBlocks
Augmenting Search-based Program Synthesis with Local Inference Rules to Improve Black-box Deobfuscation.	https://zenodo.org/records/17036259
Byte by Byte: Unmasking Browser Fingerprinting at the Function Level using V8 Bytecode Transformers.	https://github.com/pooneh-nb/ByteDefender
Velox: Scalable Fair Asynchronous MPC from Lightweight Cryptography.	https://github.com/akhilsb/Velox-MPC
Formally Verified Correctness Bounds for Lattice-Based Cryptography.	https://doi.org/10.62056/ahee0iuc
Empirical Security Analysis of Software-based Fault Isolation through Controlled Fault Injection.	https://github.com/SbxBrk
Mechanizing Privacy by Design.	https://nuactiongui.github.io/
On the Security of SSH Client Signatures.	https://doi.org/10.5281/zenodo.17008443
PIIxel Leaks: Passive Identification of Personally Identifiable Information Leakage through Meta Pixel.	https://github.com/pasxalisbekos/PIIxel_Leaks
GASLITEing the Retrieval: Exploring Vulnerabilities in Dense Embedding-based Search.	https://zenodo.org/records/16928473
Formal Security and Functional Verification of Cryptographic Protocol Implementations in Rust.	https://cryspen.com/post/ml-kem-implementation/
Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks.	https://github.com/MPI-SysSec/pemu
Can IOCs Impose Cost? The Effects of Publishing Threat Intelligence on Adversary Behavior.	https://research.tudelft.nl/en/publications/can-iocs-impose-cost-the-effects-of-publishing-threat-intelligenc
Parcel Mismatch Demystified: Addressing a Decade-Old Security Challenge in Android.	https://github.com/cxxsheng/ParcelTaint
You Can't Steal Nothing: Mitigating Prompt Leakages in LLMs via System Vectors.	https://github.com/friuns2/Leaked-GPTs
A Secure Sequencer and Data Availability Committee for Rollups.	https://zenodo.org/records/16993467
Silent Threshold Traitor Tracing & Enhancing Mempool Privacy.	https://github.com/kushazsehgal/ST3
Towards a Formal Foundation for Blockchain ZK Rollups.	https://github.com/succinctlabs/op-succinct
What's Pulling the Strings? Evaluating Integrity and Attribution in AI Training and Inference through Concept Shift.	https://github.com/trust-in-ai/conceptlens
Managing Correlations in Data and Privacy Demand.	https://api.semanticscholar.org/CorpusID:43986173
FlippedRAG: Black-Box Opinion Manipulation Adversarial Attacks to Retrieval-Augmented Generation Models.	https://zenodo.org/records/17036325
JSDEOBSBENCH: Measuring and Benchmarking LLMs for JavaScript Deobfuscation.	https://jsdeobf.github.io/
Right the Ship: Assessing the Legitimacy of Invalid Routes in RPKI.	https://github.com/H-invalid/H-invalid/
SecAlign: Defending Against Prompt Injection with Preference Optimization.	https://github.com/facebookresearch/SecAlign
Post-Quantum Threshold Ring Signature Applications from VOLE-in-the-Head.	https://github.com/jachiang/PQ-Threshold-Ring-Sigs-from-VOLEitH
Here Comes the AI Worm: Preventing the Propagation of Adversarial Self-Replicating Prompts Within GenAI Ecosystems.	https://github.com/StavC/Here-Comes-the-AI-Worm
SABOT: Efficient and Strongly Anonymous Bootstrapping of Communication Channels.	https://github.com/laurahetz/sabot
NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.js.	https://github.com/KTH-LangSec/nodeshield
Trout: Two-Round Threshold ECDSA from Class Groups.	https://github.com/kayabaNerve/trout
Efficient Fuzzy PSI Based on Prefix Representation.	https://github.com/zhouxv/ourFuzzyPSI-C
An Empirical Study Measuring In-The-Wild Cryptographic Microarchitectural Side-Channel Patches.	https://github.com/Sen-
OEDIPUS: LLM-enchanced Reasoning CAPTCHA Solver.	https://doi.org/10.5281/zenodo.15339891
Multi-Party Private Set Operations from Predicative Zero-Sharing.	https://github.com/real-world-cryptography/MPSO
Security and Privacy Perceptions of Pakistani Facebook Matrimony Group Users.	https://doi.org/10.5281/zenodo.17020107
In the DOM We Trust: Exploring the Hidden Dangers of Reading from the DOM on the Web.	https://doi.org/10.5281/zenodo.16981621
Subversion-resilient Key-exchange in the Post-quantum World.	https://inria.hal.science/hal-05242187
BLACKOUT: Data-Oblivious Computation with Blinded Capabilities.	https://github.com/blindedcapabilities
DivTrackee versus DynTracker: Promoting Diversity in Anti-Facial Recognition against Dynamic FR Strategy.	https://github.com/fiora6/divtrackee
Probabilistic Skipping-Based Data Structures with Robust Efficiency Guarantees.	https://github.com/MoritzHuppert/robust-PSDS
Secure Noise Sampling for Differentially Private Collaborative Learning.	https://github.com/cleverhans-lab/Secure_Noise_Sampling_DP_CL
Training with Only 1.0 ‰ Samples: Malicious Traffic Detection via Cross-Modality Feature Fusion.	https://github.com/fuchuanpu/TFusion
Enhanced Web Application Security Through Proactive Dead Drop Resolver Remediation.	https://github.com/CyFI-Lab-Public/VADER
DCMI: A Differential Calibration Membership Inference Attack Against Retrieval-Augmented Generation.	https://github.com/Xinyu140203/RAG_MIA
PULSE: Parallel Private Set Union for Large-Scale Entities.	https://github.com/asu-crypto/Pulse
Passwords and FIDO2 Are Meant To Be Secret: A Practical Secure Authentication Channel for Web Browsers.	https://doi.org/10.5281/zenodo.16739763
ILA: Correctness via Type Checking for Fully Homomorphic Encryption.	https://github.com/anon-ila/ila
Logical Relations for Formally Verified Authenticated Data Structures.	https://github.com/jtassarotti/veri-auth
Fast Amortized Bootstrapping with Small Keys and Polynomial Noise Overhead.	https://github.com/antoniocgj/Fast-Amortized-Bootstrapping
BOLT: Bandwidth-Optimized Lightning-Fast Oblivious Map powered by Secure HBM Accelerators.	https://zenodo.org/records/16905537
DiveFuzz: Enhancing CPU Fuzzing via Diverse Instruction Construction.	https://github.com/in2sec/DiveFuzz
PoisonSpot: Precise Spotting of Clean-Label Backdoors via Fine-Grained Training Provenance Tracking.	https://doi.org/10.5281/zenodo.15660315
CHaRM: Checkpointed and Hashed Counters for Flexible and Efficient Rowhammer Mitigation.	https://comsec.ethz.ch/charm
ScannerGrouper: A Generalizable and Effective Scanning Organization Identification System Toward the Open World.	https://github.com/lemonhx25/scannergrouper
RVISmith: Fuzzing Compilers for RVV Intrinsics.	https://github.com/yibo2000/RVISmith
Combating Concept Drift with Explanatory Detection and Adaptation for Android Malware Classification.	https://github.com/E0HYL/DREAM-drift-adapt
Privacy-Preserving Runtime Verification.	https://github.com/mahykari/ppm
Quantifying Security Training in Organizations Through the Analysis of U.S. SEC 10-K Filings.	https://doi.org/10.6084/m9.figshare.28789001
Fuzzing Processing Pipelines for Zero-Knowledge Circuits.	https://github.com/Rigorous-Software-Engineering/circuzz
How to Design Secure Honey Vault Schemes.	https://bit.ly/42blHTH
AgentSentinel: An End-to-End and Real-Time Security Defense Framework for Computer-Use Agents.	https://github.com/m4p1e/agent-sentinel
Attestable Builds: Compiling Verifiable Binaries on Untrusted Systems using Trusted Execution Environments.	https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-1002.html
Practical Zero-Knowledge PIOP for Maliciously Secure Multiparty Homomorphic Encryption.	https://github.com/SNUCP/buckler
Practical TFHE Ciphertext Sanitization for Oblivious Circuit Evaluation.	https://github.com/sp301415/tfhe-go
Adversarial Observations in Weather Forecasting.	https://github.com/mlsec-group/adversarial-observations
Intent-aware Fuzzing for Android Hardened Application.	https://github.com/S2-Lab/AHA-fuzz
KZH-Fold: Accountable Voting from Sublinear Accumulation.	https://github.com/h-hafezi/kzh_fold
Can Personal Health Information Be Secured in LLM? Privacy Attack and Defense in the Medical Domain.	https://github.com/yujinKang32/Private_Med_LLM.git
PickleBall: Secure Deserialization of Pickle-based Machine Learning Models.	https://github.com/columbia/pickleball
CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel.	https://github.com/crossx-1891/CROSS-X/blob/main/exploits/cve-2022-2585/exploit.c
Demo: Stopping Production Testing: A Graphical RPKI Test-Suite.	https://github.com/Cyberbruecke/cure_web
Forward to Hell? On the Potentials of Misusing Transparent DNS Forwarders in Reflective Amplification Attacks.	https://doi.org/10.5281/zenodo.16998590
Conflicting Scores, Confusing Signals: An Empirical Study of Vulnerability Scoring Systems.	https://github.com/SoftwareDesignLab/Vulnerability-Scoring-Systems-Comparison
MileSan: Detecting Exploitable Microarchitectural Leakage via Differential Hardware-Software Taint Tracking.	https://comsec.ethz.ch/milesan
Sleeping Giants - Activating Dormant Java Deserialization Gadget Chains through Stealthy Code Changes.	https://github.com/software-engineering-and-security/SleepingGiants
mUOV: Masking the Unbalanced Oil and Vinegar Digital Signature Scheme at First- and Higher-Order.	https://github.com/KULeuven-COSIC/mUOV
On Hyperparameters and Backdoor-Resistance in Horizontal Federated Learning.	https://github.com/RUB-InfSec/federated_learning_hyperparams
Removal Attack and Defense on AI Generated Content Latent-based Watermarking.	https://github.com/dezhanglee/watermarked-images-samples
A Practical and Secure Byzantine Robust Aggregator.	https://github.com/dezhanglee/randeigen_artifacts
FLEXEMU: Towards Flexible MCU Peripheral Emulation.	https://github.com/FlexEmu/flexemu
Accountable Liveness.	https://pod.network/how-it-works
Adversarially Robust Assembly Language Model for Packed Executables Detection.	https://zenodo.org/records/14091136
Panther: Private Approximate Nearest Neighbor Search in the Single Server Setting.	https://github.com/AntCPLab/OpenPanther.git
Mitigating Data Poisoning Attacks to Local Differential Privacy.	https://github.com/Marvin-huoshan/MDPA_LDP/
Differentiation-Based Extraction of Proprietary Data from Fine-Tuned LLMs.	https://sites.google.com/view/ccs25dde
ZVDetector: State-Guided Vulnerability Detection System for Zigbee Devices.	https://github.com/ZVDetector/ZVDetector/tree/master
Looping for Good: Cyclic Proofs for Security Protocols.	https://doi.org/10.5281/zenodo.16992323
Analyzing PDFs like Binaries: Adversarially Robust PDF Malware Analysis via Intermediate Representation and Language Model.	https://zenodo.org/records/15532394
Rethinking Machine Unlearning in Image Generation Models.	https://github.com/ryliu68/IGMU
PROME FUZZ: A Knowledge-Driven Approach to Fuzzing Harness Generation with Large Language Models.	https://github.com/pvz122/PromeFuzz
PANDA: Rethinking Metric Differential Privacy Optimization at Scale with Anchor-Based Approximation.	https://github.com/paopao128/CCS-2025-PAnDA
Prototype Surgery: Tailoring Neural Prototypes via Soft Labels for Efficient Machine Unlearning.	https://github.com/SPHelixLab/PS_Unlearn
CUKEM: A Concise and Unified Hybrid Key Encapsulation Mechanism.	https://github.com/X-Wing-KEM-Team/xwing/blob/main/src/crypto_kem/mlkem/ref/kem.c#L994718
Asymmetry Vulnerability and Physical Attacks on Online Map Construction for Autonomous Driving.	http://onlinemapattack.online/
RAG-WM: An Efficient Black-Box Watermarking Approach for Retrieval-Augmented Generation of Large Language Models.	https://sites.google.com/view/lvpeizhuo/publication/
Threshold ECDSA in Two Rounds.	https://github.com/TECDSA/ecdsa_two_round
Provable Repair of Deep Neural Network Defects by Preimage Synthesis and Property Refinement.	https://github.com/nninjn/ProRepair
New Permutation Decomposition Techniques for Efficient Homomorphic Permutation.	https://github.com/lilBuffaloEric/IdealDmp
We just did not have that on the embedded system: Insights and Challenges for Securing Microcontroller Systems from the Embedded CTF Competitions.	https://ectf.mitre.org/
ControlLoc: Physical-World Hijacking Attack on Camera-based Perception in Autonomous Driving.	https://sites.google.com/view/av-ioat-sec/controlloc
Busting the Paper Ballot: Voting Meets Adversarial Machine Learning.	https://github.com/VoterCenter/Busting-the-Ballot
The OCH Authenticated Encryption Scheme.	https://github.com/initsecret/cryptography-run/
Deprivileging Low-Level GPU Drivers Efficiently with User-Space Processes and CHERI Compartments.	https://doi.org/10.5281/zenodo.16987522
Mining in Logarithmic Space with Variable Difficulty.	https://github.com/loicmiller/variable-mls
THOR: Secure Transformer Inference with Homomorphic Encryption.	https://github.com/crypto-starlab/THOR
WHISPER TEST: A Voice-Control-based Library for iOS UI Automation.	https://github.com/iOSWhisperTest/CCS-25-Online-Companion
Forking the RANDAO: Manipulating Ethereum's Distributed Randomness Beacon.	https://github.com/nagyabi/forking_randao_manipulation
Riddle Me This! Stealthy Membership Inference for Retrieval-Augmented Generation.	https://github.com/ali7naseh/RAG_MIA
Evaluating the Robustness of a Production Malware Detection System to Transferable Adversarial Attacks.	https://github.com/google/magika
It Should Be Easy but… New Users'Experiences and Challenges with Secret Management Tools.	https://doi.org/10.5281/zenodo.17018637
Peekaboo, I See Your Queries: Passive Attacks Against DSSE Via Intermittent Observations.	https://github.com/hustcpss/Peekaboo
Exploiting the Shared Storage API.	https://github.com/privacysandbox/attestation/blob/main/enrollment_report.csv
Hidden in Plain Bytes: Investigating Interpersonal Account Compromise with Data Exports.	https://doi.org/10.5281/zenodo.17058860
Revisiting Keyed-Verification Anonymous Credentials.	https://github.com/anon-aadhaar/anon-aadhaar
PipID: Light-Pupillary Response Based User Authentication for Virtual Reality.	https://pipid-vr.github.io/
On Frontrunning Risks in Batch-Order Fair Systems for Blockchains.	https://github.com/NetSP-KAIST/the-ambush-attack
Protocols to Code: Formal Verification of a Secure Next-Generation Internet Router.	https://doi.org/10.5281/zenodo.16891069
Demo: Reverse Engineering Android Apps with Code Coverage.	https://github.com/hharcolezi/ldp-toolbox
Distance-Aware OT with Application to Fuzzy PSI.	https://github.com/asu-crypto/daOT-fuzzyPSI
A System Framework to Symbolically Explore Intel TDX Module Execution.	https://github.com/KRoverSystems/TDXplorer
Differentially Private Access in Encrypted Search: Achieving Privacy at a Small Cost?	https://doi.org/10.5281/zenodo.17035133
SafeGuider: Robust and Practical Content Safety Control for Text-to-Image Models.	https://github.com/pgqihere/safeguider
Training Robust Classifiers for Classifying Encrypted Traffic under Dynamic Network Conditions.	https://github.com/XXnormal/MAML-Training-ETC
UnsafeBench: Benchmarking Image Safety Classifiers on Real-World and AI-Generated Images.	https://zenodo.org/records/8255664
Secure Parsing and Serializing with Separation Logic Applied to CBOR, CDDL, and COSE.	https://doi.org/10.5281/zenodo.17015692
Ethics in Computer Security Research: A Data-Driven Assessment of the Past, the Present, and the Possible Future.	https://doi.org/10.5281/zenodo.17034796
Exact Robustness Certification of k-Nearest Neighbors.	https://github.com/shakehd/KNN_Certifier
Head(er)s Up! Detecting Security Header Inconsistencies in Browsers.	https://zenodo.org/records/16890358
Zero-Knowledge AI Inference with High Precision.	https://github.com/vt-asaplab/ZIP
Bitcoin Under Volatile Block Rewards: How Mempool Statistics Can Influence Bitcoin Mining.	https://github.com/RoozbehSrnch/Bitcoin-Volatile-Reward
WANILLA: Sound Noninterference Analysis for WebAssembly.	https://researchdata.tuwien.ac.at/records/hc4rp-xp328
Leaky Apps: Large-scale Analysis of Secrets Distributed in Android and iOS Apps.	https://github.com/CDL-AsTra/leaky_apps
Combating Falsification of Speech Videos with Live Optical Signatures.	https://mobilex.cs.columbia.edu/verilight
Nebula: Efficient, Private and Accurate Histogram Estimation.	https://github.com/brave-experiments/
Optimistic, Signature-Free Reliable Broadcast and Its Applications.	https://github.com/qyu100/SFSailfish/tree/SFBullsharkFault
Validating Interior Gateway Routing Protocols via Equivalent Topology Synthesis.	https://todiff.github.io/
Fuzzy Extractors are Practical: Cryptographic Strength Key Derivation from the Iris.	https://github.com/whyamey/feap/
Digital Safety for Children with Intellectual Disabilities When Using Mobile Devices from Parents' and Teachers' Perspectives.	https://zenodo.org/records/17000210
Virtual Reality, Real Problems: A Longitudinal Security Analysis of VR Firmware.	https://github.com/SECSAT-LAB-GMU/VR-Firmware
What Gets Measured Gets Managed: Mitigating Supply Chain Attacks with a Link Integrity Management System.	https://github.com/link-integrity-management-system/lims
CITesting: Systematic Testing of Context Integrity Violations in LTE Core Networks.	https://github.com/SysSec-KAIST/CITesting
Securing Cryptographic Software via Typed Assembly Language.	https://github.com/MATCHA-MIT/secsep
Generalized Security-Preserving Refinement for Concurrent Systems.	https://github.com/IS2Lab/Refine_IFS
Committee Selection with Non-Proportional Weights.	https://www.comp.nus.edu.sg/~sunyuch/projects/ccs25/ccs25.html
TEMPEST-LoRa: Cross-Technology Covert Communication.	https://zenodo.org/records/15532223
Generic Anonymity Wrapper for Messaging Protocols.	https://doi.org/10.5281/zenodo.16929590
RISC OVER: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs.	https://github.com/cispa/RISCover-artifacts
EXFILSTATE: Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs.	https://github.com/cispa/ExfilState-artifacts
Error Messages to Fuzzing: Detecting XPS Parsing Vulnerabilities in Windows Printing Components.	https://github.com/PrinterRepo/PrintXPSurge
BFId: Identity Inference Attacks Utilizing Beamforming Feedback Information.	https://ps.kastel.kit.edu/bfid-dataset
Phishing Susceptibility and the (In-)Effectiveness of Common Anti-Phishing Interventions in a Large University Hospital.	https://doi.org/10.5281/zenodo.17014954
Styled to Steal: The Overlooked Attack Surface in Email Clients.	https://doi.org/10.5281/zenodo.17019769
Breaking and Fixing Content-Defined Chunking.	https://github.com/AppliedCrypto-ETHZ/secure-kcdc
Refined TFHE Leveled Homomorphic Evaluation and Its Application.	https://github.com/KAIST-CryptLab/refined-tfhe-lhe
Synthesis of Sound and Precise Leakage Contracts for Open-Source RISC-V Processors.	https://github.com/zilongwang123/LeaSyn
DISA: Accurate Learning-based Static Disassembly with Attentions.	https://github.com/peicwang/Disa
Membership Inference Attacks as Privacy Tools: Reliability, Disparity and Ensemble.	https://github.com/RPI-DSPlab/mia-disparity
SlicedPIR: Offloading Heavyweight Work with NTT.	https://zenodo.org/records/16911026
Walking The Last Mile: Studying Decompiler Output Correction in Practice.	https://github.com/syssec-utd/CCS25-WalkingTheLastMile-Supplementary
On the Feasibility of Poisoning Text-to-Image AI Models via Adversarial Mislabeling.	https://github.com/stanleykywu/
Layered, Overlapping, and Inconsistent: A Large-Scale Analysis of the Multiple Privacy Policies and Controls of U.S. Banks.	https://doi.org/10.5281/zenodo.17014519
One-Sided Bounded Noise: Theory, Optimization Algorithms and Applications.	https://github.com/Hanshen-Xiao/lib-1sided-noise
Beyond Tag Collision: Cluster-based Memory Management for Tag-based Sanitizers.	https://github.com/Yiruma96/ClusterTag-repo.git
GAPDiS: Gradient-Assisted Perturbation Design via Sequence Editing for Website Fingerprinting Defense.	https://github.com/ByskyXie/GAPDiS
Discovering and Exploiting IoT Device Hidden Attributes: A New Vulnerability in Smart Homes.	https://anonymous.4open.science/r/SmartThings-Edge-Driver-Auto-Patching-49CE/README.md
Towards Backdoor Stealthiness in Model Parameter Space.	https://github.com/xiaoyunxxy/parameter_backdoor
One Surrogate to Fool Them All: Universal, Transferable, and Targeted Adversarial Attacks with CLIP.	https://github.com/binyxu/UnivIntruder
Lock the Door But Keep the Window Open: Extracting App-Protected Accessibility Information from Browser-Rendered Websites.	https://github.com/CyFI-Lab-Public/SOMBRA
Fingerprinting Deep Packet Inspection Devices by their Ambiguities.	https://github.com/censoredplanet/CenDPI
MM4flow: A Pre-trained Multi-modal Model for Versatile Network Traffic Analysis.	https://github.com/Shangshu-LAB/MM4flow
Dangers Behind Access Control: Understanding and Exploiting Implicit Permissions in Kubernetes.	https://doi.org/10.5281/zenodo.16999749
PLRV-O: Advancing Differentially Private Deep Learning via Privacy Loss Random Variable Optimization.	https://github.com/datasec-lab/plrvo
ImportSnare: Directed Code Manual Hijacking in Retrieval-Augmented Code Generation.	https://importsnare.github.io/
AD-MPC: Asynchronous Dynamic MPC with Guaranteed Output Delivery.	https://github.com/HTseaat/AD-MPC
Securing Mixed Rust with Hardware Capabilities.	https://doi.org/10.5281/ZENODO.14625327
What Lurks Within? Concept Auditing for Shared Diffusion Models at Scale.	https://github.com/YuxinWenRick/hard-prompts-made-easy
Posterior Security: Anonymity and Message Hiding of Standard Signatures.	https://github.com/incognito-sig/incognito
A Decade-long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends.	https://zenodo.org/records/16869733
Same Script, Different Behavior: Characterizing Divergent JavaScript Execution Across Different Device Platforms.	https://github.com/fingerprintjs/
Poisoning Attacks to Local Differential Privacy for Ranking Estimation.	https://github.com/LDP-user/LDP-Ranking.git
Don't Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites.	https://satcom.sysnet.ucsd.edu
Harnessing Vital Sign Vibration Harmonics for Effortless and Inbuilt XR User Authentication.	https://sites.google.com/view/xrharmonics
Be Aware of What You Let Pass: Demystifying URL-based Authentication Bypass Vulnerability in Java Web Applications.	https://zenodo.org/records/16990216
Reviving Discarded Vulnerabilities: Exploiting Previously Unexploitable Linux Kernel Bugs Through Control Metadata Fields.	https://github.com/Roarcannotprogramming/Weak-Primitive
Demo: Exploring Utility and Attackability Trade-offs in Local Differential Privacy.	https://zenodo.org/records/10142719
Phalanx: An FHE-Friendly SNARK for Verifiable Computation on Encrypted Data.	https://doi.org/10.62056/A6KSDKP10
Rethinking Tamper-Evident Logging: A High-Performance, Co-Designed Auditing System.	https://github.com/DART-Laboratory/Nitro
Hardening Deep Neural Network Binaries against Reverse Engineering Attacks.	https://github.com/purseclab/dnnobfuse
Dynamic Vulnerability Patching for Heterogeneous Embedded Systems Using Stack Frame Reconstruction.	https://github.com/xumesang/StackPatch
QV-net: Decentralized Self-Tallying Quadratic Voting with Maximal Ballot Secrecy.	https://doi.org/10.5281/zenodo.15691120
RingSG: Optimal Secure Vertex-Centric Computation for Collaborative Graph Processing.	https://github.com/CBackyx/RingSG/tree/dev-graph
Elastic Restaking Networks: United we fall, (partially) divided we stand.	https://github.com/roibarzur/elastic-restaking-networks-code
High-Throughput Universally Composable Threshold FHE Decryption.	https://github.com/FhenixProtocol/thresholdfhe-paper

2024 (200)

Paper	Artifact
FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache.	https://github.com/secureweb/fuzzcache
PhySense: Defending Physically Realizable Attacks for Autonomous Systems via Consistency Reasoning.	https://sites.google.com/view/physense
Tight ZK CPU: Batched ZK Branching with Cost Proportional to Evaluated Instruction.	https://github.com/gconeice/tight-vole-zk-cpu
Scalable and Adaptively Secure Any-Trust Distributed Key Generation and All-hands Checkpointing.	https://github.com/mtc2000/AnyTrustDKG
Simple and Practical Amortized Sublinear Private Information Retrieval using Dummy Subsets.	https://github.com/wuwuz/Piano-PIR-new
fAmulet: Finding Finalization Failure Bugs in Polygon zkRollup.	https://zzzihao-li.github.io/
Multi-Verifier Zero-Knowledge Proofs for Any Constant Fraction of Corrupted Verifiers.	https://blog.chain.link/deco-introduction/
MGTBench: Benchmarking Machine-Generated Text Detection.	https://github.com/TrustAIRLab/MGTBench
PLeak: Prompt Leaking Attacks against Large Language Model Applications.	https://github.com/BHui97/PLeak
Efficient Scalable Multi-Party Private Set Intersection(-Variants) from Bicentric Zero-Sharing.	https://github.com/orzcy/BZS-MPSI
ArcEDB: An Arbitrary-Precision Encrypted Database via (Amortized) Modular Homomorphic Encryption.	https://github.com/zhouzhangwalker/ArcEDB
When Compiler Optimizations Meet Symbolic Execution: An Empirical Study.	https://github.com/OSUSecLab/MOOSE
Zero-Knowledge Proofs of Training for Deep Neural Networks.	https://github.com/zkPoTs/kaizen
Evaluations of Machine Learning Privacy Defenses are Misleading.	https://github.com/ethz-spylab/misleading-privacy-evals
Peeking through the window: Fingerprinting Browser Extensions through Page-Visible Execution Traces and Interactions.	https://raider-ext.github.io/raider/tests/
Unbundle-Rewrite-Rebundle: Runtime Detection and Rewriting of Privacy-Harming Code in JavaScript Bundles.	https://github.com/masood/urr
Strong Privacy-Preserving Universally Composable AKA Protocol with Seamless Handover Support for Mobile Virtual Network Operator.	https://github.com/YYangNUS/CCS_MVNO
The Privacy-Utility Trade-off in the Topics API.	https://doi.org/10.5281/ZENODO.11032230
Block Ciphers in Idealized Models: Automated Proofs and New Security Results.	https://gitlab.com/ambrona/algorom
Conditional Encryption with Applications to Secure Personalized Password Typo Correction.	https://doi.org/10.5281/zenodo.13744111
Blocking Tracking JavaScript at the Function Granularity.	https://github.com/hadiamjad/Not.js
Precio: Private Aggregate Measurement via Oblivious Shuffling.	https://GitHub.com/Microsoft/Precio
Practical Post-Quantum Signatures for Privacy.	https://github.com/Chair-for-Security-Engineering/lattice-anonymous-credentials
SurrogatePrompt: Bypassing the Safety Filter of Text-to-Image Models via Substitution.	https://github.com/Zjm1900/SurrogatePrompt
GRandLine: Adaptively Secure DKG and Randomness Beacon with (Log-)Quadratic Communication Complexity.	https://api.semanticscholar.org/CorpusID:257499606
What Did Come Out of It? Analysis and Improvements of DIDComm Messaging.	https://github.com/jesusdiazvico/didcomm-privacy-benchmarks
Foundations for Cryptographic Reductions in CCSA Logics.	https://hal.science/hal-04511718
Mithridates: Auditing and Boosting Backdoor Resistance of Machine Learning Pipelines.	https://github.com/ebagdasa/mithridates
CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel.	https://github.com/psu-security-universe/countdown
zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials.	https://github.com/doubleblind-xyz/double-blind
No Peer, no Cry: Network Application Fuzzing via Fault Injection.	https://github.com/fuzztruction/fuzztruction-net
Testing Side-channel Security of Cryptographic Implementations against Future Microarchitectures.	https://github.com/hw
Derecho: Privacy Pools with Proof-Carrying Disclosures.	https://github.com/joshbeal/derecho
RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces.	https://github.com/FICS/asnfuzzgen
New Secret Keys for Enhanced Performance in (T)FHE.	https://github.com/zama-ai/tfhe-rs/tree/artifact_ccs_2024
DarthShader: Fuzzing WebGPU Shader Translators & Compilers.	https://github.com/wgslfuzz/darthshader
The Illusion of Randomness: An Empirical Analysis of Address Space Layout Randomization Implementations.	https://zenodo.org/records/12968870
Sui Lutris: A Blockchain Combining Broadcast and Consensus.	https://github.com/asonnino/sui/tree/sui-lutris
Respire: High-Rate PIR for Databases with Small Records.	https://github.com/AMACB/respire/
μCFI: Formal Verification of Microarchitectural Control-flow Integrity.	https://comsec.ethz.ch/research/hardware-design-security/mucfi/
Call Me By My Name: Simple, Practical Private Information Retrieval for Keyword Queries.	https://github.com/brave-experiments/frodo-pir
VERITAS: Plaintext Encoders for Practical Verifiable Homomorphic Encryption.	https://github.com/ldsec/veritas
BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy.	https://github.com/RayCxggg/BlueSWAT
Manipulating OpenFlow Link Discovery Packet Forwarding for Topology Poisoning.	https://zenodo.org/doi/10.5281/zenodo.12786197
Unveiling the Vulnerability of Private Fine-Tuning in Split-Based Frameworks for Large Language Models: A Bidirectionally Enhanced Attack.	https://github.com/StupidTrees/SplitLLM
The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks.	https://github.com/opmusic/janus_pii_attack
Attacks Against the IND-CPAD Security of Exact FHE Schemes.	https://github.com/hmchoe0528/INDCPAD_HE_ThresFHE
Quarantined-TreeKEM: A Continuous Group Key Agreement for MLS, Secure in Presence of Inactive Users.	https://github.com/AbdulRahmanTaleb/Quarantined-TreeKEM
"I Had Sort of a Sense that I Was Always Being Watched…Since I Was": Examining Interpersonal Discomfort From Continuous Location-Sharing Applications.	https://github.com/FICS/CLS-Application-Discomfort
Eclipse: Preventing Speculative Memory-error Abuse with Artificial Data Dependencies.	https://gitlab.com/brown-ssl/eclipse
Keeping Up with the KEMs: Stronger Security Notions for KEMs and Automated Analysis of KEM-based Protocols.	https://github.com/FormalKEM/Symbolic_KEM_Models
Asynchronous Consensus without Trusted Setup or Public-Key Cryptography.	https://github.com/shengqi647/acs
SpecGuard: Specification Aware Recovery for Robotic Autonomous Vehicles from Physical Attacks.	https://github.com/DependableSystemsLab/specguard
Robust and Reliable Early-Stage Website Fingerprinting Attacks via Spatial-Temporal Distribution Analysis.	https://github.com/Xinhao-Deng/Website-Fingerprinting-Library
Understanding Implosion in Text-to-Image Generative Models.	https://github.com/Shawn-Shan/nightshade-release
Trident of Poseidon: A Generalized Approach for Detecting Deepfake Voices.	https://www.worlditshow.co.kr/
Scalable Equi-Join Queries over Encrypted Database.	https://github.com/CDSecLab/MJXT
Non-Transferable Anonymous Tokens by Secret Binding.	https://zenodo.org/records/11001946
Secret Sharing with Snitching.	https://doi.org/10.1007/978-3-031-38545-2_18
Uncovering Gradient Inversion Risks in Practical Language Model Training.	https://github.com/UQ-Trust-Lab/GRAB/
ThorPIR: Single Server PIR via Homomorphic Thorp Shuffles.	https://www.semanticscholar.org/paper/CacheShuffle%3A-An-Oblivious-Shuffle-Algorithm-Using-Patel-Persiano/ba94758018b03a6f6ccfddf92d311c3ded44964f
Byzantine-Secure Relying Party for Resilient RPKI.	https://github.com/Cyberbruecke/byzrp
Detecting Tunneled Flooding Traffic via Deep Semantic Analysis of Packet Length Patterns.	https://github.com/fuchuanpu/Exosphere
Benchmarking Secure Sampling Protocols for Differential Privacy.	https://github.com/yuchengxj/Secure-sampling-benchmark
Dual Polynomial Commitment Schemes and Applications to Commit-and-Prove SNARKs.	https://github.com/arithmic/Dual_PCS.git
Dora: A Simple Approach to Zero-Knowledge for RAM Programs.	https://github.com/rot256/research-dora/
Rules Refine the Riddle: Global Explanation for Deep Learning-Based Anomaly Detection in Security Applications.	https://github.com/dongtsi/GEAD
VisionGuard: Secure and Robust Visual Perception of Autonomous Vehicles in Practice.	https://sites.google.com/view/visionguard
Is Difficulty Calibration All We Need? Towards More Practical Membership Inference Attacks.	https://github.com/T0hsakar1n/Is-Difficulty-Calibration-All-We-Need-Towards-More-Practical-Membership-Inference-Attacks
The Insecurity of Masked Comparisons: SCAs on ML-KEM's FO-Transform.	https://github.com/KULeuven-COSIC/Revisiting-Masked-Comparison/
Selling Satisfaction: A Qualitative Analysis of Cybersecurity Awareness Vendors' Promises.	https://github.com/tesseract-ocr
Securing Floating-Point Arithmetic for Noise Addition.	https://gitlab.com/tumult-labs/core/-/tree/0.13.0
Certifiable Black-Box Attacks with Randomized Adversarial Examples: Breaking Defenses with Provable Confidence.	https://github.com/datasec-lab/CertifiedAttack
Spec-o-Scope: Cache Probing at Cache Speed.	https://github.com/eyalr0/Spec-o-Scope
A General Framework for Data-Use Auditing of ML Models.	https://github.com/zonghaohuang007/ML_data_auditing
Detecting Broken Object-Level Authorization Vulnerabilities in Database-Backed Applications.	https://github.com/BolaRay-d/BolaRay
SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon.	https://github.com/koreacsl/SysBumps
HomeRun: High-efficiency Oblivious Message Retrieval, Unrestricted.	https://github.com/yanxue820/HomeRun.git
RISiren: Wireless Sensing System Attacks via Metasurface.	https://github.com/HappyChenghan/RISiren
BinPRE: Enhancing Field Inference in Binary Analysis Based Protocol Reverse Engineering.	https://github.com/ecnusse/BinPRE.git
PG: Byzantine Fault-Tolerant and Privacy-Preserving Sensor Fusion with Guaranteed Output Delivery.	https://doi.org/10.6084/m9.figshare.25669026.v2
Pulsar: Secure Steganography for Diffusion Models.	https://github.com/spacelab-ccny/pulsar
Blind Multisignatures for Anonymous Tokens with Decentralized Issuance.	https://github.com/google/anonymous-tokens
Fisher Information guided Purification against Backdoor Attacks.	https://github.com/nazmul-karim170/FIP-Fisher-Backdoor-Removal
Non-interactive VSS using Class Groups and Application to DKG.	https://github.com/hsaleemsupra/cgdkg_artifact
Complete Knowledge: Preventing Encumbrance of Cryptographic Secrets.	https://github.com/CK-anon/SMACK
RSA-Based Dynamic Accumulator without Hashing into Primes.	https://doi.org/10.62056/av7tudhdj
Nakamoto Consensus under Bounded Processing Capacity.	https://github.com/avivz/finitebwlc
PeTAL: Ensuring Access Control Integrity against Data-only Attacks on Linux.	https://github.com/compsec-snu/petal
The Not-So-Silent Type: Vulnerabilities in Chinese IME Keyboards' Network Security Protocols.	https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network
Graphiti: Secure Graph Computation Made More Scalable.	https://github.com/Bhavishrg/Graphiti
Fast Two-party Threshold ECDSA with Proactive Security.	https://gite.lirmm.fr/crypto/bicycl
Gramine-TDX: A Lightweight OS Kernel for Confidential VMs.	https://github.com/dimstav23/gramine-tdx-benchmarking
Specification and Verification of Strong Timing Isolation of Hardware Enclaves.	https://github.com/mit-plv/isolation
zkPi: Proving Lean Theorems in Zero-Knowledge.	https://github.com/emlaufer/zkpi
Sublinear Distributed Product Checks on Replicated Secret-Shared Data over Z2k Without Ring Extensions.	https://github.com/AntCPLab/malicious_3pc_arithmetic
SeqMIA: Sequential-Metric Based Membership Inference Attack.	https://github.com/AIPAG/SeqMIA
CAPSID: A Private Session ID System for Small UAVs.	https://klevchen.ece.illinois.edu/capsid.pv
SafeEar: Content Privacy-Preserving Audio Deepfake Detection.	https://SafeEarWeb.github.io/Project/
BaseMirror: Automatic Reverse Engineering of Baseband Commands from Android's Radio Interface Layer.	https://github.com/OSUSecLab/BaseMirror
SafeGen: Mitigating Sexually Explicit Content Generation in Text-to-Image Models.	https://github.com/LetterLiGo/SafeGen_CCS2024
Are We Getting Well-informed? An In-depth Study of Runtime Privacy Notice Practice in Mobile Apps.	https://github.com/RenoProject2024/
PowerPeeler: A Precise and General Dynamic Deobfuscation Method for PowerShell Scripts.	https://gitee.com/snowroll/powerpeeler
Smooth Sensitivity for Geo-Privacy.	https://github.com/hkustDB/SmoothGP
Internet's Invisible Enemy: Detecting and Measuring Web Cache Poisoning in the Wild.	https://github.com/phantomnothingness/HCache
A First Look at Security and Privacy Risks in the RapidAPI Ecosystem.	https://github.com/CUSecLab/2024-CCS-RapidAPI-analysis
uMMU: Securing Data Confidentiality with Unobservable Memory Subsystem.	https://github.com/sslab-skku/uMMU
Ents: An Efficient Three-party Training Framework for Decision Trees by Communication Optimization.	https://github.com/FudanMPL/Garnet/tree/Ents
Cross-silo Federated Learning with Record-level Personalized Differential Privacy.	https://github.com/Emory-AIMS/rPDP-FL.git
On the Detectability of ChatGPT Content: Benchmarking, Methodology, and Evaluation through the Lens of Academic Writing.	https://github.com/liuzey/CheckGPT-v2
RIoTFuzzer: Companion App Assisted Remote Fuzzing for Detecting Vulnerabilities in IoT Devices.	https://github.com/kzLiu2017/RIoTFuzzer.git
Demystifying RCE Vulnerabilities in LLM-Integrated Apps.	https://sites.google.com/view/llmsmith
PreCurious: How Innocent Pre-Trained Language Models Turn into Privacy Traps.	https://github.com/Emory-AIMS/PreCurious
Neural Dehydration: Effective Erasure of Black-box Watermarks from DNNs with Limited Data.	https://github.com/LouisVann/Dehydra
Training Robust ML-based Raw-Binary Malware Detectors in Hours, not Months.	https://doi.org/10.1184/R1/26322505
Test Suites Guided Vulnerability Validation for Node.js Applications.	https://github.com/WHU-seclab/JSGo
Towards Automatic Discovery of Denial of Service Weaknesses in Blockchain Resource Models.	https://ffeng-luo.github.io/
Faster FHE-Based Single-Server Private Information Retrieval.	https://github.com/mmingluo/kspir
TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning.	https://www.kellect.org/#/kellect-4-aptdataset.4.1.2
Prompt Fuzzing for Fuzz Driver Generation.	https://github.com/PromptFuzz/PromptFuzz
The LaZer Library: Lattice-Based Zero Knowledge and Succinct Proofs for Quantum-Safe Privacy.	https://github.com/lazer-crypto/lazer
Watch Out! Simple Horizontal Class Backdoor Can Trivially Evade Defense.	https://github.com/shihe98/HCB/tree/main
Breaching Security Keys without Root: FIDO2 Deception Attacks via Overlays exploiting Limited Display Authenticators.	https://sites.google.com/view/cr-2fa-attack-demo/home
Practical Key-Extraction Attacks in Leading MPC Wallets.	https://github.com/coinbase/waas-sdk-react-native
FABESA: Fast (and Anonymous) Attribute-Based Encryption under Standard Assumption.	https://github.com/ACMCCS2024/FABESA.git
Program Environment Fuzzing.	https://github.com/GJDuck/EnvFuzz
Arke: Scalable and Byzantine Fault Tolerant Privacy-Preserving Contact Discovery.	https://github.com/asonnino/arke
Safeslab: Mitigating Use-After-Free Vulnerabilities via Memory Protection Keys.	https://github.com/tum-itsec/safeslab
SpecMon: Modular Black-Box Runtime Monitoring of Security Protocols.	http://dx.doi.org/10.5281/zenodo.12787864
Asynchronous Authentication.	https://doi.org/10.1017/S0017383510000525
Helium: Scalable MPC among Lightweight Participants and under Churn.	https://github.com/ChristianMct/helium
Characterizing and Mitigating Phishing Attacks at ccTLD Scale.	https://research.tudelft.nl/en/publications/characterizing-and-mitigating-phishing-attacks-at-cctld-scale-ext
PromSec: Prompt Optimization for Secure Generation of Functional Source Code with Large Language Models (LLMs).	https://github.com/mahmoudkanazzal/PromSec
AITIA: Efficient Secure Computation of Bivariate Causal Discovery.	https://github.com/asu-crypto/Aitia
Reckle Trees: Updatable Merkle Batch Proofs with Applications.	https://github.com/Lagrange-Labs/reckle-trees
Sparrow: Space-Efficient zkSNARK for Data-Parallel Circuits and Applications to Zero-Knowledge Decision Trees.	https://github.com/ChristodoulosPappas/Sparrow-Full-Version
S-BDT: Distributed Differentially Private Boosted Decision Trees.	https://github.com/kirschte/sbdt
Toss a Fault to BpfChecker: Revealing Implementation Flaws for eBPF runtimes with Differential Fuzzing.	https://github.com/bpfchecker/BpfCheckerSource
OctopusTaint: Advanced Data Flow Analysis for Detecting Taint-Based Vulnerabilities in IoT/IIoT Firmware.	https://github.com/WUSTL-CSPL/Firmware-Dataset
Fuzz to the Future: Uncovering Occluded Future Vulnerabilities via Robust Fuzzing.	https://github.com/sefcom/flakjack
PIC-BI: Practical and Intelligent Combinatorial Batch Identification for UAV assisted IoT Networks.	https://github.com/JK211/Batch_Identification_PIC-BI
ISABELLA: Improving Structures of Attribute-Based Encryption Leveraging Linear Algebra.	https://github.com/lincolncryptools/ISABELLA
AutoPatch: Automated Generation of Hotpatches for Real-Time Embedded Devices.	https://github.com/DependableSystemsLab/AutoPatch
ZeroFake: Zero-Shot Detection of Fake Images Generated and Edited by Text-to-Image Generation Models.	https://github.com/TrustAIRLab/ZeroFake
Rust for Embedded Systems: Current State and Open Problems.	https://zenodo.org/records/12775715
FOX: Coverage-guided Fuzzing as Online Stochastic Control.	https://github.com/FOX-Fuzz/FOX
"Do Anything Now": Characterizing and Evaluating In-The-Wild Jailbreak Prompts on Large Language Models.	https://github.com/verazuo/jailbreak_llms
LUNA: Quasi-Optimally Succinct Designated-Verifier Zero-Knowledge Arguments from Lattices.	https://github.com/yassimert/LUNA
QueryCheetah: Fast Automated Discovery of Attribute Inference Attacks Against Query-Based Systems.	https://github.com/computationalprivacy/querycheetah
zkLLM: Zero Knowledge Proofs for Large Language Models.	https://github.com/jvhs0706/zkllm-ccs2024
Samplable Anonymous Aggregation for Private Federated Data Analysis.	https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html
ERACAN: Defending Against an Emerging CAN Threat Model.	https://tinyurl.com/5n77avxu
GenderCARE: A Comprehensive Framework for Assessing and Reducing Gender Bias in Large Language Models.	https://github.com/kstanghere/GenderCARE-ccs24
Atomic and Fair Data Exchange via Blockchain.	https://github.com/PopcornPaws/fde
SECOMP: Formally Secure Compilation of Compartmentalized C Programs.	https://github.com/secure-compilation/SECOMP
Data Poisoning Attacks to Locally Differentially Private Frequent Itemset Mining Protocols.	https://github.com/CorneyHeY/Poison-Attack-LDP-Frequent-Itemset-Mining-CCS2024
Verifiably Correct Lifting of Position-Independent x86-64 Binaries to Symbolized Assembly.	https://doi.org/10.5281/zenodo.12721325
Principled Microarchitectural Isolation on Cloud CPUs.	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7025.html
Practical Non-interactive Encrypted Conjunctive Search with Leakage Suppression.	https://github.com/CDSecLab/Doris
OSmart: Whitebox Program Option Fuzzing.	https://github.com/osmart-source/osmartsource
Moderator: Moderating Text-to-Image Diffusion Models through Fine-grained Context-based Policies.	https://github.com/DataSmithLab/Moderator
SeMalloc: Semantics-Informed Memory Allocator.	https://github.com/ssg-research/semalloc
Curator Attack: When Blackbox Differential Privacy Auditing Loses Its Power.	https://github.com/ShimingWang98/Curator-Attack-When-Blackbox-DP-Auditing-Loses-Its-Power
ProphetFuzz: Fully Automated Prediction and Fuzzing of High-Risk Option Combinations with Only Documentation via Large Language Model.	https://github.com/NASP-THU/ProphetFuzz
GAZEploit: Remote Keystroke Inference Attack by Gaze Estimation from Avatar Views in VR/MR Devices.	https://sites.google.com/view/Gazeploit/
Payout Races and Congested Channels: A Formal Analysis of Security in the Lightning Network.	https://zenodo.org/records/11002329
TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDX.	https://github.com/UzL-ITS/tdxdown
Libra: Architectural Support For Principled, Secure And Efficient Balanced Execution On High-End Processors.	https://github.com/proteus-core/libra ✓
Verifiable Security Policies for Distributed Systems.	https://doi.org/10.5281/zenodo.13686927
Legilimens: Practical and Unified Content Moderation for Large Language Model Services.	https://github.com/lin000001/Legilimens
Image-Perfect Imperfections: Safety, Bias, and Authenticity in the Shadow of Text-To-Image Model Evolution.	https://github.com/TrustAIRLab/T2I_Model_Evolution
Boosting Practical Control-Flow Integrity with Complete Field Sensitivity and Origin Awareness.	https://github.com/XDU-SysSec/ECCut
Accurate and Efficient Recurring Vulnerability Detection for IoT Firmware.	https://github.com/seclab-fudan/FirmRec
ReSym: Harnessing LLMs to Recover Variable and Data Structure Symbols from Stripped Binaries.	https://github.com/lt-asset/resym/
PhyScout: Detecting Sensor Spoofing Attacks via Spatio-temporal Consistency.	https://sites.google.com/view/physcout
Fuzzing JavaScript Engines with a Graph-based IR.	https://github.com/walkcreate/FuzzFlow
Camel: Communication-Efficient and Maliciously Secure Federated Learning in the Shuffle Model of Differential Privacy.	https://github.com/Shuangqing-Xu/Camel
Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication.	https://github.com/d0scoo1/Web3AuthChecker
Distributed Backdoor Attacks on Federated Graph Learning and Certified Defenses.	https://github.com/Yuxin104/Opt-GDBA
SWIDE: A Semantic-aware Detection Engine for Successful Web Injection Attacks.	https://mobitec.ie.cuhk.edu.hk/swide
HyperTheft: Thieving Model Weights from TEE-Shielded Neural Networks via Ciphertext Side Channels.	https://github.com/Yuanyuan-Yuan/HyperTheft
VPVet: Vetting Privacy Policies of Virtual Reality Apps.	https://github.com/kalamoo/PPAudit
Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors.	https://github.com/MIME-miner/
BadMerging: Backdoor Attacks Against Model Merging.	https://github.com/jzhang538/BadMerging
Unbalanced Private Set Union with Reduced Computation and Communication.	https://github.com/alibaba-edu/mpc4j
On Understanding and Forecasting Fuzzers Performance with Static Analysis.	https://github.com/fuzzing-static-analysis/fuzzing-static-analysis
MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs.	https://github.com/kee1ongz/MiniCAT
SAFARI: Speech-Associated Facial Authentication for AR/VR Settings via Robust VIbration Signatures.
Gopher: High-Precision and Deep-Dive Detection of Cryptographic API Misuse in the Go Ecosystem.	https://github.com/yxzhang2024/gopher
S2NeRF: Privacy-preserving Training Framework for NeRF.	https://github.com/lucky9-cyou/S2-NeRF
Towards Fine-Grained Webpage Fingerprinting at Scale.	https://zenodo.org/records/13383332
Compositional Verification of Composite Byzantine Protocols.	https://doi.org/10.46298/LMCS-19(1:5)2023
Program Ingredients Abstraction and Instantiation for Synthesis-based JVM Testing.	https://github.com/JavaTailor/Jetris
TabularMark: Watermarking Tabular Datasets for Machine Learning.	https://github.com/yihzheng258/TabularMark
Untangling the Knot: Breaking Access Control in Home Wireless Mesh Networks.	https://github.com/seclab-ucr/CCS24Mesh
Conan: Distributed Proofs of Compliance for Anonymous Data Collection.	https://github.com/wuwuz/conan-open
LiftFuzz: Validating Binary Lifters through Context-aware Fuzzing with GPT.	https://github.com/zyt755/LIFTFUZZ
CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon.	https://github.com/ZJU-SEC/CrossFire
A Unified Membership Inference Method for Visual Self-supervised Encoder via Part-aware Capability.	https://github.com/JiePKU/PartCrop
CoGNN: Towards Secure and Efficient Collaborative Graph Learning.	https://github.com/InspiringGroup-Lab/CoGNN

2023 (145)

Paper	Artifact
HE3DB: An Efficient and Elastic Encrypted Database Via Arithmetic-And-Logic Fully Homomorphic Encryption.	https://github.com/zhouzhangwalker/HE3DB
The Effectiveness of Security Interventions on GitHub.	https://madnight.github.io/githut/
Asymptotically Faster Multi-Key Homomorphic Encryption from Homomorphic Gadget Decomposition.	https://github.com/SNUCP/MKHE-KKLSS
Realizing Flexible Broadcast Encryption: How to Broadcast to a Public-Key Directory.	https://github.com/RachitG54/FlexBroadcast
Blink: Link Local Differential Privacy in Graph Neural Networks via Bayesian Estimation.	https://github.com/zhxchd/blink_gnn
Formal Analysis of Access Control Mechanism of 5G Core Network.	https://github.com/SyNSec-den/5GCVerif
ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search.	https://github.com/EnesAltinisik/ProvG-Searcher
"We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments.	https://doi.org/10.25835/9v3k2sx0
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses.	https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Shufflecake: Plausible Deniability for Multiple Hidden Filesystems on Linux.	https://shufflecake.net
Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions.	https://github.com/dfaranha/lattice-verifiable-mixnet
A Generic Methodology for the Modular Verification of Security Protocol Implementations.	https://doi.org/10.5281/zenodo.8330913
FutORAMa: A Concretely Efficient Hierarchical Oblivious RAM.	https://github.com/cryptobiu/FutORAMa
Lanturn: Measuring Economic Security of Smart Contracts Through Adaptive Learning.	https://github.com/lanturn-defi/lanturn
Realistic Website Fingerprinting By Augmenting Network Traces.	https://github.com/SPIN-UMass/Realistic-Website-Fingerprinting-By-Augmenting-Network-Traces
Modular Sumcheck Proofs with Applications to Machine Learning and Image Processing.	https://github.com/imdea-software/MSCProof
HELiKs: HE Linear Algebra Kernels for Secure Inference.	https://github.com/shashankballa/HELiKs
Unforgeability in Stochastic Gradient Descent.	https://github.com/teobaluta/unforgeability-SGD
Scalable Multiparty Garbling.	https://github.com/adishegde/scalable_garbling
FPT: A Fixed-Point Accelerator for Torus Fully Homomorphic Encryption.	https://github.com/KULeuven-COSIC/fpt-demo
In Search of netUnicorn: A Data-Collection Platform to Develop Generalizable ML Models for Network Security Problems.	https://netunicorn.cs.ucsb.edu
ASMesh: Anonymous and Secure Messaging in Mesh Networks Using Stronger, Anonymous Double Ratchet.	https://github.com/meshmessaging/ASMesh
Interactive Proofs For Differentially Private Counting.	https://github.com/abiswas3/Verifiable-Differential-Privacy
Ramen: Souper Fast Three-Party Computation for RAM Programs.	https://github.com/AarhusCrypto/Ramen
CheckMate: Automated Game-Theoretic Security Reasoning.	https://github.com/apre-group/checkmate
Improved Distributed RSA Key Generation Using the Miller-Rabin Test.	https://github.com/jot2re/rsa
Provably Unlinkable Smart Card-based Payments.	https://github.com/utxprotocol/proverif
Verifiable Learning for Robust Tree Ensembles.	https://github.com/LorenzoCazzaro/Verifiable-Learning-Robust-Tree-Ensembles
Hopper: Interpretative Fuzzing for Libraries.	https://sqlite.org/forum/forumpost/7ace1408b
Declassiflow: A Static Analysis for Modeling Non-Speculative Knowledge to Relax Speculative Execution Security Measures.	https://github.com/FPSG-UIUC/declassiflow
Using Range-Revocable Pseudonyms to Provide Backward Unlinkability in the Edge.	https://github.com/claudio-correia/RRP-EDGAR
ParBFT: Faster Asynchronous BFT Consensus with a Parallel Optimistic Path.	https://github.com/danielxiangzl/Ditto
Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance.	https://github.com/eurecom-s3/DecodingMLSecretsOfWindowsMalwareClassification
Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold.	https://github.com/sourav1547/wts
NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic.	https://github.com/fdu-sec/NestFuzz/
Boosting the Performance of High-Assurance Cryptography: Parallel Execution and Optimizing Memory Access in Formally-Verified Line-Point Zero-Knowledge.	https://github.com/SRI-CSL/high-assurance-crypto/tree/main/high-assurance-zk/lpzk
Improving Security Tasks Using Compiler Provenance Information Recovered At the Binary-Level.	https://github.com/zeropointdynamics/passtell
DP-Forward: Fine-tuning and Inference on Language Models with Differential Privacy in Forward Pass.	https://github.com/xiangyue9607/DP-Forward
FIN: Practical Signature-Free Asynchronous Common Subset in Constant Time.	https://github.com/xygdys/Consensus
Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures.	https://github.com/sslab-skku/capacity
Black Ostrich: Web Application Scanning with String Solvers.	https://www.cse.chalmers.se/research/group/security/black-ostrich/
Short Privacy-Preserving Proofs of Liabilities.	https://github.com/yacovm/PoL
Combined Private Circuits - Combined Security Refurbished.	https://github.com/Chair-for-Security-Engineering/VERICA
Stateful Defenses for Machine Learning Models Are Not Yet Secure Against Black-box Attacks.	https://github.com/nmangaokar/ccs_23_oars_stateful_attacks
Chipmunk: Better Synchronized Multi-Signatures from Lattices.	https://github.com/GottfriedHerold/Chipmunk
Point Cloud Analysis for ML-Based Malicious Traffic Detection: Reducing Majorities of False Positive Alarms.	https://github.com/fuchuanpu/pVoxel
SysXCHG: Refining Privilege with Adaptive System Call Filters.	https://gitlab.com/brown-ssl/sysxchg
Experimenting with Zero-Knowledge Proofs of Training.	https://github.com/guruvamsi-policharla/zkpot
A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries.	https://github.com/ageimer/sok-detection/
Read Between the Lines: Detecting Tracking JavaScript with Bytecode Classification.	https://github.com/byte-learn/byte-learn.git
Efficient Registration-Based Encryption.	https://github.com/ahmadrezarahimi/efficientRBE
Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage.	https://github.com/cybersec-code/watchyourback
Concurrent Composition for Interactive Differential Privacy with Adaptive Privacy-Loss Parameters.	https://github.com/concurrent-composition/concurrent-composition
You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements.	https://github.com/cispa/internet-archive-study
FINER: Enhancing State-of-the-art Classifiers with Feature Attribution to Facilitate Security Analysis.	https://github.com/E0HYL/FINER-explain
Good-looking but Lacking Faithfulness: Understanding Local Explanation Methods through Trend-based Testing.	https://github.com/JenniferHo97/XAI-TREND-TEST
Large Language Models for Code: Security Hardening and Adversarial Testing.	https://github.com/eth-sri/sven
Efficient Query-Based Attack against ML-Based Android Malware Detection under Zero Knowledge Setting.	https://github.com/gnipping/AdvDroidZero-Access-Instructions
Understanding and Detecting Abused Image Hosting Modules as Malicious Services.	https://github.com/AIMIE-Group/AIMIE
Hacksaw: Hardware-Centric Kernel Debloating via Device Inventory and Dependency Analysis.	https://github.com/microsoft/Hacksaw
Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping.	https://github.com/Nest-Fi/WiKI-Eve
Formalizing, Verifying and Applying ISA Security Guarantees as Universal Contracts.	https://github.com/katamaran-project/katamaran/releases/tag/ccs23
Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence.	https://github.com/sprout-uci/PAISA
Evading Watermark based Detection of AI-Generated Content.	https://github.com/zhengyuan-jiang/WEvade
Transformer-based Model for Multi-tab Website Fingerprinting Attack.	https://github.com/jzx-bupt/TMWF
Prediction Privacy in Distributed Multi-Exit Neural Networks: Vulnerabilities and Solutions.	https://github.com/tejaskannan/privacy-dnn-early-exit
FlexiRand: Output Private (Distributed) VRFs and Application to Blockchains.	https://github.com/easwarvivek/FlexiRand.git
Themis: Fast, Strong Order-Fairness in Byzantine Consensus.	<github.com/dailinsubjam/Themis-code>
AIM: Symmetric Primitive for Shorter Signatures with Stronger Security.	https://aimer-signature.org
General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications.	https://github.com/ias-tubs/gdpr_tainting
MESAS: Poisoning Defense for Federated Learning Resilient against Adaptive Attackers.	http://www.private-ai.org
A Thorough Evaluation of RAMBAM.	https://github.com/ChairImpSec/RAMBAM
Simplifying Mixed Boolean-Arithmetic Obfuscation by Program Synthesis and Term Rewriting.	https://github.com/astean1001/ProMBA
AdCPG: Classifying JavaScript Code Property Graphs with Explanations for Ad and Tracker Blocking.	https://github.com/WSP-LAB/AdCPG
Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM Applications.	https://github.com/PKU-ASAL/PKUWA
COMBINE: COMpilation and Backend-INdependent vEctorization for Multi-Party Computation.	https://github.com/mil
PackGenome: Automatically Generating Robust YARA Rules for Accurate Malware Packer Detection.	https://github.com/packgenome
Lost along the Way: Understanding and Mitigating Path-Misresolution Threats to Container Isolation.	https://sites.google.com/view/container-isolation/
Demystifying DeFi MEV Activities in Flashbots Bundle.	https://zzzihao-li.github.io/
martFL: Enabling Utility-Driven Data Marketplace with a Robust and Verifiable Federated Learning Architecture.	https://github.com/liqi16/martFL
How Hard is Takeover in DPoS Blockchains? Understanding the Security of Coin-based Voting Governance.	https://tronprotocol.github.io/documentation-en/mechanism-algorithm/sr/
PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing.	https://figshare.com/s/d5b8d5a7111abe4eafb1
Concentrated Geo-Privacy.	https://github.com/hkustDB/ConcentratedGeoPrivacy
SkillScanner: Detecting Policy-Violating Voice Applications Through Static Analysis at the Development Phase.	https://github.com/CUSecLab/SkillScanner
TypeSqueezer: When Static Recovery of Function Signatures for Binary Executables Meets Dynamic Analysis.	https://github.com/XDU-SysSec/TypeSqueezer
ADEM: An Authentic Digital EMblem.	https://github.com/adem-wg/adem-proofs
DSFuzz: Detecting Deep State Bugs with Dependent State Exploration.	https://google.github.io/fuzzbench/reference/benchmarks/
FITS: Matching Camera Fingerprints Subject to Software Noise Pollution.	https://fits-matching.github.io/
Efficient Multiparty Probabilistic Threshold Private Set Intersection.	https://github.com/Frankhtu/pTPSI.git
Group and Attack: Auditing Differential Privacy.	https://github.com/eth-sri/Delta-Siege
Phoenix: Detect and Locate Resilience Issues in Blockchain via Context-Sensitive Chaos.	https://anonymous.4open.science/r/Phoenix-20FE/1183
Travelling the Hypervisor and SSD: A Tag-Based Approach Against Crypto Ransomware with Fine-Grained Data Recovery.	https://github.com/XDU-SysSec/RansomTag
Level Up: Private Non-Interactive Decision Tree Evaluation using Levelled Homomorphic Encryption.	https://github.com/RasoulAM/private-decision-tree-evaluation
Your Battery Is a Blast! Safeguarding Against Counterfeit Batteries with Authentication.	https://github.com/Mhackiori/DCAuth
Compact Frequency Estimators in Adversarial Environments.	https://github.com/smarky7CD/cfe-in-adv-envs
Tainted Secure Multi-Execution to Restrict Attacker Influence.	https://github.com/CompIFC/tainted-sme.git
Greybox Fuzzing of Distributed Systems.	https://github.com/dsfuzz/mallory
Speranza: Usable, Privacy-friendly Software Signing.	https://github.com/znewman01/speranza
A Good Fishman Knows All the Angles: A Critical Evaluation of Google's Phishing Page Classifier.	https://github.com/GoodPhishman/A-Good-Fishman-Knows-All-the-Angles
CookieGraph: Understanding and Detecting First-Party Tracking Cookies.	https://github.com/cookiegraph/CookieGraph
Stealing the Decoding Algorithms of Language Models.	https://github.com/SPIN-UMass/Stealing-the-Decoding-Algorithms-of-Language-Models
CryptoBap: A Binary Analysis Platform for Cryptographic Protocols.	https://github.com/FMSecure/CryptoBAP
Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel.	https://em-fingerprints.github.io
"Get in Researchers; We're Measuring Reproducibility": A Reproducibility Study of Machine Learning Papers in Tier 1 Security Conferences.	https://github.com/reproducibility-sec/reproducibility
Do Users Write More Insecure Code with AI Assistants?	https://github.com/NeilAPerry/Do-Users-Write-More-Insecure-Code-with-AI-Assistants
ACABELLA: Automated (Crypt)analysis of Attribute-Based Encryption Leveraging Linear Algebra.	https://github.com/abecryptools/ACABELLA
KRover: A Symbolic Execution Engine for Dynamic Kernel Analysis.	https://github.com/KRoverSystems/KRover
Vulnerability Intelligence Alignment via Masked Graph Attention Networks.	https://sites.google.com/view/vulnerablity-ailignment/home
Unsafe Diffusion: On the Generation of Unsafe Images and Hateful Memes From Text-To-Image Models.	https://github.com/YitingQu/unsafe-diffusion
Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications.	https://github.com/zenoj/BundlerStudy
MDTD: A Multi-Domain Trojan Detector for Deep Neural Networks.	https://github.com/rajabia/MDTD
SysPart: Automated Temporal System Call Filtering for Binaries.	https://github.com/vidyalakshmir/SysPartArtifact.git
Waks-On/Waks-Off: Fast Oblivious Offline/Online Shuffling and Sorting with Waksman Networks.	https://crysp.uwaterloo.ca/software/obliv/
FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers.	https://github.com/scy-phy/FetchBench
IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis.	https://github.com/SecPriv/iotflow
DE-FAKE: Detection and Attribution of Fake Images Generated by Text-to-Image Generation Models.	https://github.com/zeyangsha/De-Fake
TrustBoost: Boosting Trust among Interoperable Blockchains.	https://github.com/trustboost/cosmos-nameservice/commit/c59df344400dc915fd5907627e4fdf12a80eb325?diff=split
Lifting Network Protocol Implementation to Precise Format Specification with Security Applications.	https://github.com/qingkaishi/netlifter
Watch This Space: Securing Satellite Communication through Resilient Transmitter Fingerprinting.	https://zenodo.org/record/8298532
SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems.	https://github.com/CactiLab/Sherloc-Cortex-M-CFVD
Security Verification of Low-Trust Architectures.	https://github.com/qinhant/SE_verification_CCS
SyzDirect: Directed Greybox Fuzzing for Linux Kernel.	https://github.com/seclab-fudan/SyzDirect
Interchain Timestamping for Mesh Security.	https://github.com/SebastianElvis/
Fast Unbalanced Private Set Union from Fully Homomorphic Encryption.	https://github.com/real-world-cryprography/APSU
Riggs: Decentralized Sealed-Bid Auctions.	https://github.com/nirvantyagi/riggs
Comparse: Provably Secure Formats for Cryptographic Protocols.	https://github.com/Inria-Prosecco/comparse-artifact
The Locality of Memory Checking.	https://github.com/wangnick2017/DupTree
HODOR: Shrinking Attack Surface on Node.js via System Call Limitation.	https://github.com/NodeHodor/Hodor
Specification and Verification of Side-channel Security for Open-source Processors via Leakage Contracts.	https://github.com/zilongwang123/LeaVe
Fine-Grained Data-Centric Content Protection Policy for Web Applications.	https://github.com/cuhk-seclab/DOMinator
Secure and Timely GPU Execution in Cyber-physical Systems.	https://github.com/WUSTL-CSPL/AvaGPU
SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution.	https://github.com/PKU-ASAL/WASEM
DPMLBench: Holistic Evaluation of Differentially Private Machine Learning.	https://github.com/DmsKinson/DPMLBench
PolicyChecker: Analyzing the GDPR Completeness of Mobile Apps' Privacy Policies.	https://github.com/AndyXiang945/PolicyChecker
MicPro: Microphone-based Voice Privacy Protection.	https://github.com/USSLab/MicPro
Geometry of Sensitivity: Twice Sampling and Hybrid Clipping in Differential Privacy with Optimal Gaussian Noise and Application to Deep Learning.	https://github.com/Hanshen-Xiao/Twice_Sampling_and_Hybrid_Clipping
Exploration of Power Side-Channel Vulnerabilities in Quantum Computer Controllers.	https://github.com/openquantumhardware/qick
Leakage-Abuse Attacks Against Forward and Backward Private Searchable Symmetric Encryption.	https://github.com/FB-Attack/FB-Attack
Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications.	https://github.com/XDU-SysSec/ExcessivePermissionAttack
CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation.	https://github.com/CoCoAbstractInterpretation/CoCo.git
SpecVerilog: Adapting Information Flow Control for Secure Speculation.	https://github.com/dz333/secverilog
RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections.	https://github.com/sefcom/RetSpill
Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information.	https://github.com/ruoxi-jia-group/Narcissus-backdoor-attack
TunneLs for Bootlegging: Fully Reverse-Engineering GPU TLBs for Challenging Isolation Guarantees of NVIDIA MIG.	https://github.com/0x5ec1ab/gpu-tlb.git
Profile-guided System Optimizations for Accelerated Greybox Fuzzing.	https://github.com/galli-leo/AFL-Snapshot-LKM

2022 (123)

Paper	Artifact
Private and Reliable Neural Network Inference.	https://github.com/eth-sri/phoenix
Distributed, Private, Sparse Histograms in the Two-Server Model.	https://github.com/google-research/sparse_dp_histograms
TurboPack: Honest Majority MPC with Constant Online Communication.	https://github.com/deescuderoo/turbopack.git
Reinforced Concrete: A Fast Hash Function for Verifiable Computation.	https://github.com/dusk-network/plonkup
Bolt-Dumbo Transformer: Asynchronous Consensus As Fast As the Pipelined BFT.	https://github.com/yylluu/BDT
Enhanced Membership Inference Attacks against Machine Learning Models.
Efficient Zero-Knowledge Proofs on Signed Data with Applications to Verifiable Computation on Data Streams.	https://github.com/arkworks-rs
QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems.	https://github.com/computationalprivacy/querysnout
Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels.	https://github.com/scy-phy/plumber/
ENGRAFT: Enclave-guarded Raft on Byzantine Faulty Nodes.	https://github.com/wwl020/ENGRAFT
Helping or Hindering?: How Browser Extensions Undermine Security.	https://github.com/shubh401/black_canary.git
Practical, Round-Optimal Lattice-Based Blind Signatures.	https://rscf.ru/project/22-41-04411/
Post Quantum Noise.	https://cryptojedi.org/papers/#pqwireguard
Thora: Atomic and Privacy-Preserving Multi-Channel Updates.	https://github.com/Thora-Payments/overhead
Sleepy Channels: Bi-directional Payment Channels without Watchtowers.	https://github.com/sleepy-channels/simulation
i-TiRE: Incremental Timed-Release Encryption or How to use Timed-Release Encryption on Blockchains?	https://github.com/gotatle/tatle
Membership Inference Attacks and Generalization: A Causal Perspective.	https://github.com/teobaluta/etio
Tidy: Symbolic Verification of Timed Cryptographic Protocols.	https://gitlab.com/irakoton/20-timed-dy/-/releases/tech-report
Threshold Cryptography as a Service (in the Multiserver and YOSO Models).	https://github.com/shaih/go-yosovss
Privacy Limitations of Interest-based Advertising on The Web: A Post-mortem Empirical Analysis of Google's FLoC.	https://github.com/aberke/floc-analysis
JIT-Picking: Differential Fuzzing of JavaScript Engines.	https://github.com/RUB-SysSec/JIT-Picker
Themis: An On-Site Voting System with Systematic Cast-as-intended Verification and Partial Accountability.	https://hal.inria.fr/hal-03763294
Victory by KO: Attacking OpenPGP Using Key Overwriting.	https://kopenpgp.com
Do Opt-Outs Really Opt Me Out?	https://github.com/ducalpha/optoutcheck_ccs22
Vizard: A Metadata-hiding Data Analytic System with End-to-End Policy Controls.	https://github.com/CongGroup/vizard
Succinct Zero-Knowledge Batch Proofs for Set Accumulators.	https://github.com/matteocam/libsnark-lego
Widespread Underestimation of Sensitivity in Differentially Private Libraries and How to Fix It.	https://github.com/opendp/opendp/pull/467
Graph Unlearning.	https://github.com/MinChen00/Graph-Unlearning
SFuzz: Slice-based Fuzzing for Real-Time Operating Systems.	https://github.com/NSSL-SJTU/SFuzz
MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware.	https://github.com/RiS3-Lab/p2im-real_firmware/issues/2
HammerScope: Observing DRAM Power Consumption Using Rowhammer.	https://github.com/hammerscope/artifacts
SortingHat: Efficient Private Decision Tree Evaluation via Homomorphic Encryption and Transciphering.	https://github.com/KULeuven-COSIC/SortingHat
SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders.	https://github.com/tianshuocong/SSLGuard
VRust: Automated Vulnerability Detection for Solana Smart Contracts.	https://github.com/neodyme-labs/neodyme-breakpoint-workshop
Fast Fully Secure Multi-Party Computation over Any Ring with Two-Thirds Honest Majority.	https://github.com/anderspkd/ccs-DEN22.git
STAR: Secret Sharing for Private Threshold Aggregation Reporting.	https://github.com/brave-experiments/sta-rs
Understanding Real-world Threats to Deep Learning Models in Android Apps.	https://github.com/Advdroid/advdroid-pro
StrongBox: A GPU TEE on Arm Endpoints.	https://github.com/Compass-All/CCS22-StrongBox
On the (In)Security of Secure ROS2.	https://sites.google.com/view/secure-sros2
Second-Order Low-Randomness d + 1 Hardware Sharing of the AES.	https://github.com/ChairImpSec/Low_Random_Second_Order_AES
Shorter Signatures Based on Tailor-Made Minimalist Symmetric-Key Crypto.	https://github.com/IAIK/rainier-signatures
Exposing the Rat in the Tunnel: Using Traffic Analysis for Tor-based Malware Detection.	https://github.com/malfp/tormalwarefp
Towards Automated Safety Vetting of Smart Contracts in Decentralized Applications.	https://github.com/vetsc/VetSC
When Frodo Flips: End-to-End Key Recovery on FrodoKEM via Rowhammer.	https://github.com/a-as-plus-e/FrodoFLIP
NFGen: Automatic Non-linear Function Evaluation Code Generator for General-purpose MPC Platforms.	https://github.com/Fannxy/NFGen
CINI MINIS: Domain Isolation for Fault and Combined Security.	https://github.com/Chair-for-Security-Engineering/VERICA
LibAFL: A Framework to Build Modular and Reusable Fuzzers.	https://github.com/AFLplusplus/LibAFL
Minotaur: Multi-Resource Blockchain Consensus.	https://github.com/xuechao2/Minotaur
Squirrel: Efficient Synchronized Multi-Signatures from Lattices.	https://github.com/zhenfeizhang/squirrel
Dumbo-NG: Fast Asynchronous BFT Consensus with Throughput-Oblivious Latency.	https://github.com/fascy/Dumbo_NG
C2C: Fine-grained Configuration-driven System Call Filtering.	https://github.com/shamedgh/c2c
ATTRITION: Attacking Static Hardware Trojan Detection Techniques Using Reinforcement Learning.	https://github.com/gohil-vasudev/ATTRITION
Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration.	https://github.com/cybersec-code/watchyourback
DangZero: Efficient Use-After-Free Detection via Direct Page Table Access.	https://github.com/vusec/dangzero
Proof-of-Possession for KEM Certificates using Verifiable Generation.	https://github.com/Chair-for-Security-Engineering/KEM-NIZKPoP
Identifying a Training-Set Attack's Target Using Renormalized Influence Estimation.	https://github.com/ZaydH/target_identification
On the Privacy Risks of Cell-Based NAS Architectures.	https://github.com/MiracleHH/nas_privacy
Kryvos: Publicly Tally-Hiding Verifiable E-Voting.	https://github.com/JulianLiedtke/kryvos
Selective MPC: Distributed Computation of Differentially Private Key-Value Statistics.	https://git.uwaterloo.ca/r5akhava/selective-mpc
Differentially Private Triangle and 4-Cycle Counting in the Shuffle Model.	https://github.com/Triangle4CycleShuffle/Triangle4CycleShuffle
AI/ML for Network Security: The Emperor has no Clothes.	https://github.com/TrusteeML/emperor
DISTINCT: Identity Theft using In-Browser Communications in Dual-Window Single Sign-On.	https://github.com/RUB-NDS/DISTINCT
Are Attribute Inference Attacks Just Imputation?	https://github.com/bargavj/EvaluatingDPML
Evocatio: Conjuring Bug Capabilities from a Single PoC.	https://github.com/HexHive/Evocatio
Understanding IoT Security from a Market-Scale Perspective.	https://github.com/Secure-Platforms-Lab-W-M/IoTSpotter
SymLM: Predicting Function Names in Stripped Binaries via Context-Sensitive Execution-Aware Code Embeddings.	https://github.com/OSUSecLab/SymLM
P-Verifier: Understanding and Mitigating Security Risks in Cloud-based IoT Access Policies.	https://sites.google.com/view/p-verify/home
TRACER: Signature-based Static Analysis for Detecting Recurring Vulnerabilities.	https://prosys.kaist.ac.kr/tracer/
HyperDbg: Reinventing Hardware-Assisted Debugging.	https://github.com/HyperDbg/HyperDbg
DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing.	https://gitlab.com/s3lab-code/public/drivefuzz
Phishing URL Detection: A Network-based Approach Robust to Evasion.	https://github.com/taerikkk/BPE
Low-Latency Hardware Private Circuits.	https://github.com/Chair-for-Security-Engineering/AGEMA
LPGNet: Link Private Graph Networks for Node Classification.	https://github.com/ashgeek/lpgnet-prototype
Hammurabi: A Framework for Pluggable, Logic-Based X.509 Certificate Validation Policies.	https://github.com/semaj/hammurabi
Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing.	https://github.com/cerberus-ccs22/TAPC.git
Auditing Membership Leakages of Multi-Exit Networks.	https://github.com/zhenglisec/Multi-Exit-Privacy
Collect Responsibly But Deliver Arbitrarily?: A Study on Cross-User Privacy Leakage in Mobile Apps.	https://github.com/xpochecker/
Overo: Sharing Private Audio Recordings.	https://github.com/inclincs/overo
DirtyCred: Escalating Privilege in Linux Kernel.	https://zplin.me/
InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution.	https://github.com/SHiftLin/CCS2022-InviCloak
Membership Inference Attacks by Exploiting Loss Trajectory.	https://github.com/DennisLiu2022/Membership-Inference-Attacks-by-Exploiting-Loss-Trajectory
Order-Disorder: Imitation Adversarial Attacks for Black-box Neural Ranking Models.	https://github.com/LauJames/PAT
Empirical Analysis of EIP-1559: Transaction Fees, Waiting Times, and Consensus Security.	https://github.com/SciEcon/EIP1559
Harnessing Perceptual Adversarial Patches for Crowd Counting.	https://github.com/shunchang-liu/PAP-Pytorch
When Evil Calls: Targeted Adversarial Voice over IP Network.	https://sites.google.com/view/targeted-adversarial-voip
Matproofs: Maintainable Matrix Commitment with Efficient Aggregation.	https://github.com/Matproofs
Detecting Missing-Permission-Check Vulnerabilities in Distributed Cloud Systems.	https://github.com/lujiefsi/MPChecker
TChecker: Precise Static Inter-Procedural Analysis for Detecting Taint-Style Vulnerabilities in PHP Applications.	https://github.com/cuhk-seclab/TChecker
Frequency Estimation in the Shuffle Model with Almost a Single Message.	https://github.com/hkustDB/SDPFE
Federated Boosted Decision Trees with Differential Privacy.	https://github.com/Samuel-Maddock/federated-boosted-dp-trees
Securing Reset Operations in NISQ Quantum Computers.	https://caslab.csl.yale.edu/code/qc-secure-resets/
Physical Hijacking Attacks against Object Trackers.	https://github.com/purseclab/AttrackZone
NARRATOR: Secure and Practical State Continuity for Trusted Execution in the Cloud.	https://github.com/pw0rld/Narrator
Discovering IoT Physical Channel Vulnerabilities.	https://github.com/purseclab/IoTSeer
Eluding Secure Aggregation in Federated Learning via Model Inconsistency.	https://github.com/pasquini-dario/EludingSecureAggregation
Hidden in Plain Sight: Exploring Encrypted Channels in Android Apps.	https://github.com/SajjadPourali/ThirdEye
FABEO: Fast Attribute-Based Encryption with Optimal Security.	https://github.com/DoreenRiepel/FABEO
ROAST: Robust Asynchronous Schnorr Threshold Signatures.	https://github.com/robot-dreams/roast
Fast Fully Oblivious Compaction and Shuffling.	https://crysp.uwaterloo.ca/software/obliv/
FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs.	https://github.com/feido-token
pMPL: A Robust Multi-Party Learning Framework with a Privileged Party.	https://github.com/FudanMPL/pMPL
Bullshark: DAG BFT Protocols Made Practical.	https://github.com/asonnino/narwhal/tree/bullshark
Batching, Aggregation, and Zero-Knowledge Proofs in Bilinear Accumulators.	https://github.com/accumulators-agg/accumulators
Zapper: Smart Contracts with Data and Identity Privacy.	https://github.com/eth-sri/zapper
The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning.	https://github.com/ChrisMcMStone/state-inspector
Clues in Tweets: Twitter-Guided Discovery and Analysis of SMS Spam.	https://sites.google.com/view/twitterspamsms
NeVerMore: Exploiting RDMA Mistakes in NVMe-oF Storage Applications.	https://github.com/spcl/nevermore
CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks.	https://github.com/necst/CANflict
VeRSA: Verifiable Registries with Efficient Client Audits from RSA Authenticated Dictionaries.	https://github.com/nirvantyagi/versa
Practical Volume-Hiding Encrypted Multi-Maps with Optimal Overhead and Beyond.	https://github.com/CDSecLab/XorMM
Microwalk-CI: Practical Side-Channel Analysis for JavaScript Applications.	https://github.com/microwalk-project/Microwalk
Understanding and Mitigating Remote Code Execution Vulnerabilities in Cross-platform Ecosystem.	https://github.com/xiaofen9/XGuard
zkBridge: Trustless Cross-chain Bridges Made Practical.	https://github.com/sunblaze-ucb/Virgo
Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection.	https://github.com/OSUSecLab/CMRFScanner
WINK: Wireless Inference of Numerical Keystrokes via Zero-Training Spatiotemporal Analysis.	https://projectwink.info
An Extensive Study of Residential Proxies in China.	https://rpaas.site/
HeatDeCam: Detecting Hidden Spy Cameras via Thermal Emissions.	https://heatdecam.github.io/
Caulk: Lookup Arguments in Sublinear Time.	https://github.com/matteocam/libsnark-lego/
PACE: Fully Parallelizable BFT from Reproposable Byzantine Agreement.	https://github.com/fififish/beat
VOProof: Efficient zkSNARKs from Vector Oracle Compilers.	https://github.com/yczhangsjtu/voproof
Uncovering Intent based Leak of Sensitive Data in Android Framework.	https://github.com/moonZHH/LeakDetector
Non-Distinguishable Inconsistencies as a Deterministic Oracle for Detecting Security Bugs.	https://github.com/umnsec/ndi
What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation.	https://github.com/MCUSec/SEmu

2021 (100)

Paper	Artifact
Continuous Release of Data Streams under both Centralized and Local Differential Privacy.	https://github.com/dp-cont/dp-cont
Hardware Support to Improve Fuzzing Performance and Precision.	https://github.com/sslab-gatech/SNAP
Differentially Private Sparse Vectors with Low Error, Optimal Space, and Fast Access.	https://github.com/opendp/opendp
DetectorGuard: Provably Securing Object Detectors against Localized Patch Hiding Attacks.	https://github.com/inspire-group/DetectorGuard
The Effect of Google Search on Software Security: Unobtrusive Security Interventions via Content Re-ranking.	https://github.com/fischerfel/TUM-Crypto
CapSpeaker: Injecting Voices to Microphones via Capacitors.	https://github.com/USSLab/CapSpeaker
Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison.	https://github.com/seclab-ucr/Themis
Aion: Enabling Open Systems through Strong Availability Guarantees for Enclaves.	https://github.com/sancus-tee/sancus-riot
Machine-checked ZKP for NP relations: Formally Verified Security Proofs and Implementations of MPC-in-the-Head.	https://github.com/SRI-CSL/high-assurance-crypto
Structured Leakage and Applications to Cryptographic Constant-Time and Cost.	https://github.com/jasmin
Appenzeller to Brie: Efficient Zero-Knowledge Proofs for Mixed-Mode Arithmetic and Z2k.	https://github.com/GaloisInc/swanky
Packet Scheduling with Optional Client Privacy.	https://github.com/eniac/IFS
Fuzzy Message Detection.	https://github.com/becgabri/fuzzycrypto
An In-Depth Symbolic Security Analysis of the ACME Standard.	https://github.com/reprosec/acme-case-study
Side-Channel Attacks on Query-Based Data Anonymization.	https://github.com/uvm-plaid/chorus
Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization.	https://github.com/pietroborrello/constantine
PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild.	https://github.com/ProtonMail/proton-python-client
Consistency Analysis of Data-Usage Purposes in Mobile Apps.	https://github.com/ducalpha/PurPlianceOpenSource
Efficient Linear Multiparty PSI and Extensions to Circuit/Quorum PSI.	https://aka.ms/PQC-mPSI
When Machine Unlearning Jeopardizes Privacy.	https://github.com/MinChen00/UnlearningLeaks
Learning Security Classifiers with Verified Global Robustness Properties.	https://github.com/surrealyz/
Indistinguishability Prevents Scheduler Side Channels in Real-Time Systems.	https://github.com/bo-rc/Rover
SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers.	https://github.com/seclab-ucr/SyzGen_setup
Labeled PSI from Homomorphic Encryption with Reduced Computation and Communication.	https://GitHub.com/Microsoft/APSI
SmashEx: Smashing SGX Enclaves Using Exceptions.	https://jasonyu1996.github.io/SmashEx/
On Re-engineering the X.509 PKI with Executable Specification for Better Implementation Guarantees.	https://github.com/joyantaDebnath/CERES
APECS: A Distributed Access Control Framework for Pervasive Edge Computing Services.	https://github.com/nsol-nmsu/APECS
AHEAD: Adaptive Hierarchical Decomposition for Range Query under Local Differential Privacy.	https://github.com/link-zju/ccs21-AHEAD
Cert-RNN: Towards Certifying the Robustness of Recurrent Neural Networks.	https://edwin-de-jong.github.io/blog/mnist-sequence-data/
DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale.	https://github.com/Aurore54F/DoubleX
Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference.	https://github.com/XtEsco/Snipuzz
A Formally Verified Configuration for Hardware Security Modules in the Cloud.	https://github.com/secgroup/CloudHSM-model
CPscan: Detecting Bugs Caused by Code Pruning in IoT Kernels.	https://github.com/zjuArclab/CPscan
Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis.	https://github.com/fuchuanpu/Whisper
HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs.	https://github.com/MSRSSP/hyperfuzzer-seeds
Solver-Aided Constant-Time Hardware Verification.	https://chc-comp.github.io/
DeepAID: Interpreting and Improving Deep Learning-based Anomaly Detection in Security Applications.	https://github.com/dongtsi/DeepAID
It's Not What It Looks Like: Manipulating Perceptual Hashing based Applications.	https://gangw.cs.illinois.edu/hash.html
A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs.	https://github.com/PQShield/chained-cmpke
Learning to Explore Paths for Symbolic Execution.	https://github.com/eth-sri/learch
SoFi: Reflection-Augmented Fuzzing for JavaScript Engines.	https://sites.google.com/view/sofi4js
Quantifying and Mitigating Privacy Risks of Contrastive Learning.	https://github.com/xinleihe/ContrastiveLeaks
Feature-Indistinguishable Attack to Circumvent Trapdoor-Enabled Defense.	https://github.com/CGCL-codes/FeatureIndistinguishableAttack
PPE Circuits for Rational Polynomials.	https://github.com/JHUISI/auto-tools
COINN: Crypto/ML Codesign for Oblivious Inference via Neural Networks.	https://github.com/ACESLabUCSD/COINN.git
Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices.	https://github.com/SyNSec-den/DIKEUE
Shorter and Faster Post-Quantum Designated-Verifier zkSNARKs from Lattices.	https://github.com/lattice-based-zkSNARKs/lattice-zksnark
VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks.	https://github.com/cosmoss-vt/vip
T-Reqs: HTTP Request Smuggling with Differential Fuzzing.	https://github.com/defparam/smuggler/blob/master/configs/exhaustive.py
Igor: Crash Deduplication Through Root-Cause Clustering.	https://github.com/HexHive/Igor
ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels.	https://github.com/valour01/ecmo
Meteor: Cryptographically Secure Steganography for Realistic Distributions.	https://meteorfrom.space
XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers.	https://xsinator.com
Private Hierarchical Clustering in Federated Networks.	https://github.com/ashgeek/privaCT-public
Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits.	https://catching-transparent-phish.github.io
Hidden Backdoors in Human-Centric Language Models.	https://github.com/lishaofeng/NLP_Backdoor
PalmTree: Learning an Assembly Language Model for Instruction Embedding.	https://github.com/palmtreemodel/PalmTree
MirChecker: Detecting Bugs in Rust Programs via Static Analysis.	https://github.com/lizhuohua/rust-mir-checker
TSS: Transformation-Specific Smoothing for Robustness Certification.	https://github.com/AI-secure/semantic-randomized-smoothing
Membership Leakage in Label-Only Exposures.	https://github.com/zhenglisec/Decision-based-MIA
Detecting Missed Security Operations Through Differential Checking of Object-based Similar Paths.	https://github.com/dinghaoliu/IPPO
Honest-but-Curious Nets: Sensitive Attributes of Private Inputs Can Be Secretly Coded into the Classifiers' Outputs.	https://github.com/mmalekzadeh/honest-but-curious-nets
DNS Cache Poisoning Attack: Resurrections with Side Channels.	https://www.saddns.net/
Search-Based Local Black-Box Deobfuscation: Understand, Improve and Mitigate.	https://github.com/werew/qsynth-artifacts
Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing.	https://github.com/FoRTE-Research/HeXcite
Glowworm Attack: Optical TEMPEST Sound Recovery via a Device's Power Indicator LED.	https://youtu.be/Mi6T2K9zQgE
Simple, Fast Malicious Multiparty Private Set Intersection.	https://github.com/asu-crypto/mPSI
On the TOCTOU Problem in Remote Attestation.	https://github.com/sprout-uci/RATA
V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing.	https://github.com/hustdebug/v-shuttle
Unleashing the Tiger: Inference Attacks on Split Learning.	https://github.com/pasquini-dario/SplitNN_FSHA
Secure Complaint-Enabled Source-Tracking for Encrypted Messaging.	https://github.com/cpeale/srctracking
Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale.	https://github.com/OrphanDetection/orphan-detection
Prime+Scope: Overcoming the Observer Effect for High-Precision Cache Contention Attacks.	https://www.github.com/KULeuven-COSIC/PRIME-SCOPE
Compact and Malicious Private Set Intersection for Small Sets.	https://github.com/osu-crypto/MiniPSI
12 Angry Developers - A Qualitative Study on Developers' Struggles with CSP.	https://github.com/cispa/12-angry-developers-web-applications
Locally Private Graph Neural Networks.	https://github.com/sisaman/LPGNN
Rosita++: Automatic Higher-Order Leakage Elimination from Cryptographic Code.	https://github.com/0xADE1A1DE/Rositaplusplus
On-device IoT Certificate Revocation Checking with Small Memory and Low Latency.	https://github.com/jonnekaunisto/TinyCR
Util: : Lookup: Exploiting Key Decoding in Cryptographic Libraries.	https://github.com/UzL-ITS/rsa-key-recovery
SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking.	https://github.com/SugarCoatJS/sugarcoat
Towards Transparent and Stealthy Android OS Sandboxing via Customizable Container-Based Virtualization.	https://github.com/VPBox/Dev
Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking.	https://github.com/exatoa/Bench4BL
OpenSquare: Decentralized Repeated Modular Squaring Service.	https://github.com/verifiable-timed-signatures/OpenSquare
Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction.	http://github.com/andromeda/mir
DPGen: Automated Program Synthesis for Differential Privacy.	https://github.com/cmla-psu/dpgen
Spinner: Automated Dynamic Command Subsystem Perturbation.	https://github.com/cmd-spinner/
DataLens: Scalable Privacy Preserving Training via Gradient Compression and Aggregation.	https://github.com/AI-secure/DataLens
Key Agreement for Decentralized Secure Group Messaging with Strong Security Guarantees.	https://github.com/trvedata/key-agreement
Ghost in the Binder: Binder Transaction Redirection Attacks in Android System Services.	https://github.com/xiangxiaobo/BiTRe
Chunk-Level Password Guessing: Towards Modeling Refined Password Composition Representations.	https://github.com/snow0011/CKL_PSM/tree/main
Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis.	https://github.com/carter-yagemann/arcus
Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks.	https://github.com/carter-yagemann/MARSARA
Morpheus: Bringing The (PKCS) One To Meet the Oracle.	https://github.com/Morpheus-Repo/Morpheus.git
Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization.	https://github.com/ZJU-SEC/AbstractResourceAttack
QuickSilver: Efficient and Affordable Zero-Knowledge Proofs for Circuits and Polynomials over Any Field.	https://doi.org/10.1007/978-3-030-84259-8_4
HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators.	https://github.com/kaist-hacking/HardsHeap
You Make Me Tremble: A First Look at Attacks Against Structural Control Systems.	https://github.com/BuildingResearch/security
Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels.	https://github.com/seclab-ucr/SUTURE
Membership Inference Attacks Against Recommender Systems.	https://github.com/minxingzhang/MIARS
Regression Greybox Fuzzing.	https://github.com/aflchurn/aflchurn

2020 (57)

Paper	Artifact
Estimating g-Leakage via Machine Learning.	https://github.com/LEAVESrepo/leaves
FREEDOM: Engineering a State-of-the-Art DOM Fuzzer.	https://github.com/sslab-gatech/freedom
DeepDyve: Dynamic Verification for Deep Neural Networks.	https://github.com/Lyken17/pytorch-OpCounter
Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China.	https://github.com/Cypher-Z/FBS_SMS_Dataset
VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity.	https://s-abdelnabi.github.io/VisualPhishNet/
Blinder - Scalable, Robust Anonymous Committed Broadcast.	<github.com/vmware/concord-bft>
Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP.	https://github.com/salmanyam/jitrop-native
LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage.	https://github.com/akiratk0355/ladderleak-attack-ecdsa
Private Summation in the Multi-Message Shuffle Model.	https://github.com/adriagascon/shuffledpsummation
Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC.	https://github.com/dmbb/Protozoa
Analyzing Information Leakage of Updates to Natural Language Models.	https://github.com/microsoft/language-privacy
Security Analysis and Implementation of Relay-Resistant Contactless Payments.	https://hal.inria.fr/hal-02917076
TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting.	https://github.com/TrafficSliver
Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale.	https://security1.win.tue.nl
A Systematic Study of Elastic Objects in Kernel Exploitation.	https://github.com/chenyueqi/w2l
Dangerous Skills Got Certified: Measuring the Trustworthiness of Skill Certification in Voice Personal Assistant Platforms.	https://vpa-sec-lab.github.io
Oracle Simulation: A Technique for Protocol Composition with Long Term Shared Secrets.	https://hal.inria.fr/hal-02913866
Clone Detection in Secure Messaging: Improving Post-Compromise Security in Practice.	https://github.com/dr-clone-detection/model
Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries.	https://github.com/bingseclab/
Asynchronous Remote Key Generation: An Analysis of Yubico's Proposal for W3C WebAuthn.	https://github.com/Yubico/webauthn-recovery-extension/
Speculative Probing: Hacking Blind in the Spectre Era.	https://vusec.net/projects/blindside
Pointproofs: Aggregating Proofs for Multiple Vector Commitments.	https://github.com/algorand/pointproofs
The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures.	https://github.com/pki-xs-analysis/cross-signing-analysis
Implementing the Exponential Mechanism with Base-2 Differential Privacy.	https://github.com/cilvento/b2dp
PDiff: Semantic-based Patch Presence Testing for Downstream Kernels.	https://github.com/seclab-fudan/PDiff
Deploying Android Security Updates: an Extensive Study Involving Manufacturers, Carriers, and End Users.	https://github.com/undo-lab/Deploying-Android-Security-Updates-Carrier-Dataset
MP-SPDZ: A Versatile Framework for Multi-Party Computation.	https://github.com/data61/mp-spdz
AdvPulse: Universal, Synchronization-free, and Targeted Audio Adversarial Attacks via Subsecond Perturbations.	https://mosis.eecs.utk.edu/advpulse.html
Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms.	https://github.com/vul337/cfi-eval
Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features.	https://github.com/TemporaryAcc0unt/composite-attack
HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems.	https://github.com/sefcom/honeyplc
Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems.	https://sites.google.com/view/appinapp/
RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection.	http://kaichen.org/tools/Advance.html
Practical Lattice-Based Zero-Knowledge Proofs for Integer Relations.	<github.com/gregorseiler/irelzk>
QuantumHammer: A Practical Hybrid Attack on the LUOV Signature Scheme.	http://github.com/VernamLab/QuantumHammer
Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks.	https://github.com/ymirsky/GhostBusters
WI is Almost Enough: Contingent Payment All Over Again.	https://github.com/security-kouza/cont-pay
MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces.	https://github.com/sipa/
TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA.	https://github.com/adilahmad17/Obfuscuro
Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection.	https://github.com/umnsec/eecatch/
A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models.	https://github.com/alps-lab/imc
You've Changed: Detecting Malicious Browser Extensions through their Update Deltas.	https://github.com/wspr-ncsu/extensiondeltas
Slimium: Debloating the Chromium Browser with Feature Subsetting.	https://github.com/cxreet/chromium-debloating
Censored Planet: An Internet-wide, Longitudinal Censorship Observatory.	https://censoredplanet.org
CrypTFlow2: Practical 2-Party Secure Inference.	https://github.com/mpc-msri/EzPC
CLAPS: Client-Location-Aware Path Selection in Tor.	https://github.com/orgs/CLAPS-CCS2020/
Post-Quantum TLS Without Handshake Signatures.	https://cryptojedi.org/
A Generic Technique for Automatically Finding Defense-Aware Code Reuse Attacks.	https://github.com/sei-eschwartz/BOPC
Mitigation of Attacks on Email End-to-End Encryption.	https://github.com/RUB-NDS/Mitigation-of-Attacks-on-Email-E2E-Encryption
VAHunt: Warding Off New Repackaged Android Malware in App-Virtualization's Clothing.	https://github.com/whucs303/VAHunt
PMForce: Systematically Analyzing postMessage Handlers at Scale.	https://github.com/mariussteffens/pmforce
Verifiable Timed Signatures Made Practical.	https://www.gwern.net/Self-decrypting-files
CheckDP: An Automated and Integrated Approach for Proving Differential Privacy or Finding Precise Counterexamples.	https://github.com/cmla-psu/checkdp
FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware.	https://github.com/OSUSecLab/FirmXRay
Bypassing Tor Exit Blocking with Exit Bridge Onion Services.	https://github.com/GUSecLab/tor-exit-relays
Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware.	https://github.com/seclab-fudan/APIGraph
SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback.	https://github.com/s3team/Squirrel

2019 (64)

Paper	Artifact
Efficient Zero-Knowledge Arguments in the Discrete Log Setting, Revisited.	https://github.com/emsec/QESA_ZK
ZombieLoad: Cross-Privilege-Boundary Data Sampling.	https://github.com/IAIK/ZombieLoad
TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum.	http://bit.ly/Tokenscope
Principled Unearthing of TCP Side Channel Vulnerabilities.	https://github.com/seclab-ucr/SCENT
Onion Ring ORAM: Efficient Constant Bandwidth Oblivious RAM from (Leveled) TFHE.	https://tfhe.github.io/tfhe/
Efficient Multi-Key Homomorphic Encryption with Packed Ciphertexts with Application to Oblivious Neural Network Inference.	https://github.com/Microsoft/SEAL
Machine-Checked Proofs for Cryptographic Standards: Indifferentiability of Sponge and Secure High-Assurance Implementations of SHA-3.	https://gitlab.com/easycrypt/sha3
GALACTICS: Gaussian Sampling for Lattice-Based Constant- Time Implementation of Cryptographic Signatures, Revisited.	https://github.com/espitau/GALACTICS
The SPHINCS+ Signature Framework.	https://sphincs.org/resources.html
SICO: Surgical Interception Attacks by Manipulating BGP Communities.	https://github.com/inspire-group/SICO-tools
Peeves: Physical Event Verification in Smart Homes.	https://www.doi.org/10.5287/bodleian:mv22Jk2Xj
Updatable Anonymous Credentials and Applications to Incentive Systems.	https://github.com/upbcuk
Geneva: Evolving Censorship Evasion Strategies.	https://geneva.cs.umd.edu
Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation.	https://github.com/osu-crypto/libOTe
Insecure Until Proven Updated: Analyzing AMD SEV's Remote Attestation.	https://github.com/RobertBuhren/Insecure-Until-Proven-Updated-Analyzing-AMD-SEV-s-Remote-Attestation
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes.	https://github.com/jovanbulck/0xbadc0de
LegoSNARK: Modular Design and Composition of Succinct Zero-Knowledge Proofs.	https://github.com/imdea-software/legosnark
Different is Good: Detecting the Use of Uninitialized Variables through Differential Replay.	https://github.com/AlibabaOrionSecurityLab/TimePlayer
Securely Sampling Biased Coins with Applications to Differential Privacy.	https://www.gitlab.com/neucrypt/securely_sampling
Matryoshka: Fuzzing Deeply Nested Branches.	https://github.com/AngoraFuzzer/Angora
SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel.	https://github.com/chenyueqi/SLAKE.git
OPERA: Open Remote Attestation for Intel's Secure Enclaves.	https://sites.google.com/site/operasgxkb/
Exploiting Symmetries When Proving Equivalence Properties for Security Protocols.	https://deepsec-prover.github.io/
Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing.	https://github.com/seclab-yonsei/intriguer
The Next 700 Policy Miners: A Universal Method for Building Policy Miners.	http://archive.ics.uci.edu/ml/datasets/Amazon+Access+Samples
Differentially Private Nonparametric Hypothesis Testing.	<github.com/simonpcouch/non-pm-dpht>
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed.	https://github.com/lightbox-impl/LightBox
28 Blinks Later: Tackling Practical Challenges of Eye Movement Biometrics.	https://simonizor.github.io/28blinkslater
A High-Assurance Evaluator for Machine-Checked Secure Multiparty Computation.	https://github.com/easyuc/EasyUC
Conjure: Summoning Proxies from Unused Address Space.	https://github.com/refraction-networking/gotapdance/tree/dark-decoy
Verified Verifiers for Verifying Elections.	https://github.com/gerlion/secure-e-voting-with-coq
User Account Access Graphs.	https://infsec.ethz.ch/research/software/account_access_graphs.html
Balance: Dynamic Adjustment of Cryptocurrency Deposits.	https://github.com/nud3l/balance
Learning to Fuzz from Symbolic Execution with Application to Smart Contracts.	https://github.com/eth-sri/ilf
Are These Pairing Elements Correct?: Automated Verification and Applications.	https://github.com/
5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol.	https://github.com/relentless-warrior/5GReasoner.git
Efficient MPC via Program Analysis: A Framework for Efficient Optimal Mixing.	https://github.com/ishaq/OPA
MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples.	https://github.com/tensorflow/privacy
Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts.	https://github.com/li-zhenyuan/PowerShellDeobfuscation
ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation.	https://github.com/onnx/models
HyperService: Interoperability and Programmability Across Heterogeneous Blockchains.	https://github.com/HyperService-Consortium
HoneyBadgerMPC and AsynchroMix: Practical Asynchronous MPC and its Application to Anonymous Communication.	https://github.com/initc3/HoneyBadgerMPC
Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet.	https://spoofer.caida.org
Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings.	https://github.com/zknuckles/sonic
Post-Collusion Security and Distance Bounding.	https://github.com/jorgetp/dbverify
1 Trillion Dollar Refund: How To Spoof PDF Signatures.	https://pdfs.semanticscholar.org/f1f8/6dbd8b39c9601e6315214783343ca18377b4.pdf
Erlay: Efficient Transaction Relay for Bitcoin.	https://github.com/trachten/cpisync
SAMPL: Scalable Auditability of Monitoring Processes using Public Ledgers.	https://github.com/nsol-nmsu/SAMPL
CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.	https://github.com/CryptoGuardOSS/cryptoapi-bench
Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone.	https://github.com/nccgroup/cachegrab
Make Some ROOM for the Zeros: Data Sparsity in Secure Distributed Machine Learning.	https://github.com/schoppmp/room-framework
Distributed Vector-OLE: Improved Constructions and Implementation.	https://github.com/schoppmp/distributed-vector-ole
Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning.	https://github.com/triplet-fingerprinting/tf
Proof-Carrying Network Code.	https://github.com/uvm-plaid/PCNC_CCS_2019
Privacy Risks of Securing Machine Learning Models against Adversarial Examples.	https://github.com/inspire-group/privacy-vs-robustness
zkay: Specifying and Enforcing Data Privacy in Smart Contracts.	https://github.com/eth-sri/zkay
Transparency Logs via Append-Only Authenticated Dictionaries.	https://github.com/alinush/libaad-ccs2019
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning.	https://github.com/ftramer/ad-versarial
Traceback for End-to-End Encrypted Messaging.	https://github.com/nirvantyagi/tracing
(Un)informed Consent: Studying GDPR Consent Notices in the Field.	https://github.com/RUB-SysSec/uninformed-consent
Stormy: Statistics in Tor by Measuring Securely.	https://github.com/rwails/stormy
Towards Memory Safe Enclave Programming with Rust-SGX.	https://github.com/baidu/rust-sgx-sdk
Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing.	https://github.com/UChicagoSUPERgroup/TrackingTransparencyCCS2019/
DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps.	https://github.com/deepintent-ccs/DeepIntent

2018 (53)

Paper	Artifact
The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors.	https://github.com/sensor-js/OpenWPM-mobile
Tight on Budget?: Tight Bounds for r-Fold Approximate Differential Privacy.	https://github.com/dabingo/privacybuckets
Precise Android API Protection Mapping Derivation and Reasoning.	https://arcade-android.github.io/arcade
When Good Components Go Bad: Formally Secure Compilation Despite Dynamic Compromise.	https://github.com/secure-compilation/when-good-components-go-bad/
Secure Search on Encrypted Data via Multi-Ring Sketch.	https://github.com/HayimShaul/liphe
Prime and Prejudice: Primality Testing Under Adversarial Conditions.	https://oeis.org/A217120
Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems.	https://github.com/mikeliturbe/pasad
Generalizing the SPDZ Compiler For Other Protocols.	https://github.com/cryptobiu/SPDZ-2
An End-to-End System for Large Scale P2P MPC-as-a-Service and Low-Bandwidth MPC for Weak Participants.
Symbolic Proofs for Lattice-Based Cryptography.	https://doi.org/10.1017/S0956796813000142
BitML: A Calculus for Bitcoin Smart Contracts.	https://github.com/bitml-lang/bitml-compiler
TACHYON: Fast Signatures from Compact Knapsack.	https://github.com/ozgurozmen/TACHYON
DP-Finder: Finding Differential Privacy Violations by Sampling and Optimization.	https://github.com/eth-sri/dp-finder
Domain Validation++ For MitM-Resilient PKI.	https://github.com/dvpp/dvpp
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic.	https://github.com/jovanbulck/nemesis
HyCC: Compilation of Hybrid Protocols for Practical Secure Computation.	https://gitlab.com/securityengineering/HyCC
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers.	http://s3.eurecom.fr/tools/screaming_channels/
New Constructions for Forward and Backward Private Symmetric Searchable Encryption.	https://github.com/jgharehchamani/SSE
Mystique: Uncovering Information Leakage from Browser Extensions.	https://mystique.csc.ncsu.edu/
Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost.	https://upx.github.io/
EviHunter: Identifying Digital Evidence in the Permanent Storage of Android Devices via Static Analysis.	https://github.com/MobileDeviceForensics/EviHunter
On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees.	https://github.com/facebookresearch/asynchronousratchetingtree
Secure Opportunistic Multipath Key Exchange.	https://github.com/nets-cs-pub-ro/smkex
ALCHEMY: A Language and Compiler for Homomorphic Encryption Made easY.	https://github.com/cpeikert/ALCHEMY
Investigating System Operators' Perspective on Security Misconfigurations.	https://labs.ripe.net/Members/constanze_dietrich/on-the-operators-perspective-on-security-misconfigurations-the-survey
Detecting Violations of Differential Privacy.	https://github.com/cmla-psu/statdp
FairSwap: How To Fairly Exchange Digital Goods.	<github.com/lEthDev/FairSwap>
Peeling the Onion's User Experience Layer: Examining Naturalistic Use of the Tor Browser.	https://github.com/kcg295/TorUsabilityBrowserSensor
Lattice-Based zk-SNARKs from Square Span Programs.	https://github.com/dwu4/lattice-snarg
Debin: Predicting Debug Information in Stripped Binaries.	https://debin.ai
How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World.	https://github.com/deluser8/cmtracker
Block Oriented Programming: Automating Data-Only Attacks.	https://github.com/HexHive/BOPC
Privacy-Preserving Dynamic Learning of Tor Network Traffic.	https://tmodel-ccs2018.github.io
Model-Reuse Attacks on Deep Learning Systems.	https://github.com/udacity/self-driving-car
Secure Outsourced Matrix Computation and Application to Neural Networks.	https://github.com/K-miran/HEMat
Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures.	https://microsoft.github.io/Picnic
An Exploratory Analysis of Microcode as a Building Block for System Defenses.	https://github.com/RUB-SysSec/Microcode
MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense.	https://github.com/vusec/minesweeper
Measuring Information Leakage in Website Fingerprinting Attacks and Defenses.	https://github.com/s0irrlor7m/InfoLeakWebsiteFingerprint
K-Hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces.	https://github.com/gossip-sjtu/k-hunt/
ABY3: A Mixed Protocol Framework for Machine Learning.	https://github.com/osu-crypto/libOTe
DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning.	https://people.cs.umass.edu/~amir/FlowCorrelation.html
Runtime Analysis of Whole-System Provenance.	http://camflow.org/
Faceted Secure Multi Execution.	https://github.com/MaximilianAlgehed/Multef
Predicting Impending Exposure to Malicious Content from User Behavior.	https://github.com/mahmoods01/exposure-prediction
Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning.	https://github.com/deep-fingerprinting/df
Practical Backward-Secure Searchable Encryption from Symmetric Puncturable Encryption.	https://github.com/MonashCybersecurityLab/JanusPP
Securify: Practical Security Analysis of Smart Contracts.	https://securify.ch
Release the Kraken: New KRACKs in the 802.11 Standard.	https://www.krackattacks.com/
VMHunt: A Verifiable Approach to Partially-Virtualized Binary Code Simplification.	https://github.com/s3team/VMHunt
Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach.	https://goo.gl/92VxXC
Pinto: Enabling Video Privacy for Commodity IoT Cameras.	https://github.com/inclincs/pinto
NANOPI: Extreme-Scale Actively-Secure Multi-Party Computation.	https://github.com/nanoPIMPC/nanoPI

2017 (46)

Paper	Artifact
walk2friends: Inferring Social Links from Mobility Profiles.	https://github.com/yangzhangalmo/walk2friends
FAME: Fast Attribute-based Message Encryption.	https://github.com/sagrawal87/ABE
Economic Factors of Vulnerability Trade and Exploitation.	http://security1.win.tue.nl
Jasmin: High-Assurance and High-Speed Cryptography.	https://github.com/jasmin-lang/jasmin
A Fast and Verified Software Stack for Secure Function Evaluation.	https://github.com/haslab/circgen
Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions.	https://github.com/Practical-Graphs/Argon2-Practical-Graph
Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions.	https://github.com/miguel-ambrona/ggm-symbolic-solver
Directed Greybox Fuzzing.	https://github.com/aflgo/aflgo.git
Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives.	https://github.com/OpenSSE/opensse-schemes
Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain.	<github.com/miracl/amcl>
Deterministic Browser.	https://github.com/nkdxczh/gecko-dev/tree/deterfox
5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits.	https://github.com/5GenCrypto/
Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives.	https://github.com/Microsoft/Picnic
The TypTop System: Personalized Typo-Tolerant Password Checking.	https://typtop.info/330
DIFUZE: Interface Aware Fuzzing for Kernel Drivers.	<www.github.com/ucsb-seclab/difuze>
A Comprehensive Symbolic Analysis of TLS 1.3.	https://tls13tamarin.github.io/TLS13Tamarin/
Scaling ORAM for Secure Computation.	https://gitlab.com/neucrypt/floram
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing.	https://github.com/mjod89/SmartContracts
Identifying Open-Source License Violation and 1-day Security Risk at Large Scale.	https://github.com/lingfennan/osspolice
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing against strongSwan and Electromagnetic Emanations in Microcontrollers.	https://github.com/mti/bliss-sidechannel
Distributed Measurement with Private Set-Union Cardinality.	http://safecounting.com/
IRON: Functional Encryption using Intel SGX.	https://github.com/5GenCrypto
Implementing BP-Obfuscation Using Graph-Induced Encoding.	http://shoup.net/ntl/
IMF: Inferred Model-based Fuzzer.	https://github.com/SoftSec-KAIST/IMF
S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing.	https://github.com/thanghoang/S3ORAM
The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android.	https://github.com/Project-ARTist
HexType: Efficient Detection of Type Confusion Errors for C++.	https://github.com/HexHive/HexType
Revive: Rebalancing Off-Blockchain Payment Networks.	https://github.com/rami-khalil/revive
Practical Multi-party Private Set Intersection from Symmetric-Key Techniques.	https://github.com/osu-crypto/MultipartyPSI
DUPLO: Unifying Cut-and-Choose for Garbled Circuits.	https://github.com/osu-crypto/libOTe
Code-Reuse Attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets.	https://github.com/google/security-research-pocs
Rewriting History: Changing the Archived Web from the Present.	https://rewritinghistory.cs.washington.edu
Oblivious Neural Network Predictions via MiniONN Transformations.	http://rodrigob.github.io/are_we_there_yet/build/classification_datasets_results.html
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components.	https://OpenCryptoJC.org
How Unique is Your .onion?: An Analysis of the Fingerprintability of Tor Onion Services.	https://cosic.esat.kuleuven.be/fingerprintability/
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs.	https://github.com/tgianko/deemon
Malicious-Secure Private Set Intersection via Dual Execution.	<github.com/osu-crypto/libPSI>
Deterministic, Stash-Free Write-Only ORAM.	https://github.com/detworam/detworam
FreeGuard: A Faster Secure Heap Allocator.	https://github.com/UTSASRG/FreeGuard
Machine Learning Models that Remember Too Much.	https://github.com/Lasagne/Recipes/blob/master/modelzoo/resnet50.py
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.	http://www.kb.cert.org/vuls/id/228519
Full Accounting for Verifiable Outsourcing.	http://www.pepper-project.org/
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation.	https://github.com/emp-toolkit
Global-Scale Secure Multiparty Computation.	https://github.com/emp-toolkit
Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries.	https://github.com/pool
HACL*: A Verified Modern Cryptographic Library.	https://github.com/mitls/hacl-star/

2016 (33)

Paper	Artifact
C-FLAT: Control-Flow Attestation for Embedded Systems Software.	https://goo.gl/pTiVdU
On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN.	http://sweet32.info
Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement.	https://crysp.uwaterloo.ca/software/slitheen
Coverage-based Greybox Fuzzing as Markov Chain.	https://github.com/mboehme/aflfast
Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE.	https://github.com/lwe-frodo/
A Systematic Analysis of the Juniper Dual EC Incident.	https://www.imperialviolet.org/2015/12/19/juniper.html
Host of Troubles: Multiple Host Ambiguities in HTTP Implementations.	https://hostoftroubles.com/online-checker.html
Λολ: Functional Lattice Cryptography.	https://github.com/cpeikert/Lol
Secure Stable Matching at Scale.	https://www.oblivc.org/matching
Practical Detection of Entropy Loss in Pseudo-Random Number Generators.	http://dx.doi.org/10.5445/IR/1000058113
Online Tracking: A 1-million-site Measurement and Analysis.	https://github.com/citp/OpenWPM
A Comprehensive Formal Security Analysis of OAuth 2.0.	https://tools.ietf.org/html/draft-ietf-oauth-mix-up-mitigation-01
On the Security and Performance of Proof of Work Blockchains.	http://arthurgervais.github.io/
Breaking Web Applications Built On Top of Encrypted Data.	https://css.csail.mit.edu/mylar/
TypeSan: Practical Type Confusion Detection.	https://github.com/vusec/typesan
An In-Depth Study of More Than Ten Years of Java Exploitation.	https://github.com/pholzinger/exploitstudy
Enforcing Least Privilege Memory Views for Multithreaded Applications.	https://github.com/terry-hsu/smv
Safely Measuring Tor.	https://github.com/privcount/privcount
Attribute-based Key Exchange with General Policies.	https://github.com/amaloz/abke
Efficient Batched Oblivious PRF with Applications to Private Set Intersection.	https://github.com/osu-crypto/BaRK-OPRF
5Gen: A Framework for Prototyping Applications Using Multilinear Maps and Matrix Branching Programs.	https://github.com/5GenCrypto
Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds.	https://github.com/kevinlewi/fastore
The Honey Badger of BFT Protocols.	https://github.com/amiller/HoneyBadgerBFT
POPE: Partial Order Preserving Encoding.	https://github.com/dsroche/pope
Build It, Break It, Fix It: Contesting Secure Development.	https://builditbreakit.org
Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency.	http://www.cs.cornell.edu/projects/fabric
Systematic Fuzzing and Testing of TLS Libraries.	https://github.com/RUB-NDS/TLS-Attacker
ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices.	https://github.com/ProjectVault
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms.	https://vusec.net/projects/drammer/
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy.	https://www.w3.org/TR/CSP3/#strict-dynamic-usage
CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump.	https://github.com/junxzm1990/credal.git
Hypnoguard: Protecting Secrets across Sleep-wake Cycles.	http://spectrum.library.concordia.ca/981477/
Practical Censorship Evasion Leveraging Content Delivery Networks.	https://github.com/CacheBrowser

2015 (26)

Paper	Artifact
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice.	https://weakdh.org
Automating Fast and Secure Translations from Type-I to Type-III Pairing Schemes.	https://github.com/jhuisi/auto-tools
Automated Proofs of Pairing-Based Cryptography.	https://github.com/ZooCrypt/AutoGnP
CoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions.	http://www.lhs.loria.fr
Automated Synthesis of Optimized Circuits for Secure Computation.	https://github.com/encryptogroup/ABY
A Search Engine Backed by Internet-Wide Scanning.	https://github.com/zmap/zgrab
SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web.	https://spresso.me
Clean Application Compartmentalization with SOAAP.	https://www.cl.cam.ac.uk/research/security/ctsrd/soaap/
Automated Analysis and Synthesis of Authenticated Encryption Schemes.	https://github.com/amaloz/ae-generator
CacheBrowser: Bypassing Chinese Censorship without Proxies Using Cached Content.	https://github.com/getlantern/flashlight
Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence.	https://columbia.github.io/sunlight/
CCFI: Cryptographically Enforced Control Flow Integrity.	http://ccfi.scs.stanford.edu
Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions.	http://cs.umd.edu/~amiller/
LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code.	https://github.com/s3team/loop
Inference Attacks on Property-Preserving Encrypted Databases.	https://github.com/google/encrypted-bigquery-client
WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers.	http://webcapsule.org
Per-Input Control-Flow Integrity.	https://github.com/mcfi
Micropayments for Decentralized Currencies.	https://bitcoinj.github.io/working-with-micropayments
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits.	http://sethrobertson.GitHub.io/GitBestPractices/
Where's Wally?: Precise User Discovery Attacks in Location Proximity Services.	http://www.cs.columbia.edu/nsl/projects/vpsn/
Privacy-Preserving Deep Learning.	https://github.com/facebook/fblualib
Moat: Verifying Confidentiality of Enclave Programs.	https://devmoat.github.io
Deniable Key Exchanges for Secure Messaging.	http://hdl.handle.net/10012/9406
Practical Context-Sensitive CFI.	https://github.com/dennisaa/patharmor
Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance.	https://github.com/SPQ-EditDistance/code
IntegriDB: Verifiable SQL for Outsourced Databases.

2014 (19)

Paper	Artifact
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild.	http://w3c.github.io/fingerprinting-guidance/
ARPKI: Attack Resilient Public-Key Infrastructure.	http://www.netsec.ethz.ch/research/arpki
Securing SSL Certificate Verification through Dynamic Linking.	https://github.com/pieterlexis/swede
Optimal Geo-Indistinguishable Mechanisms for Location Privacy.	https://github.com/chatziko/location-guard
A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses.	https://crysp.uwaterloo.ca/software/webfingerprint/
Verifying Curve25519 Software.	http://cryptojedi.org/
The UNIX Process Identity Crisis: A Standards-Driven Approach to Setuid.	https://github.com/mdittmer/unix-process-identity
PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks.	https://crysp.uwaterloo.ca/software/privex/
Collaborative Verification of Information Flow for a High-Assurance App Store.	http://types.cs.washington.edu/sparta/
VerSum: Verifiable Computations over Large Public Logs.	https://github.com/jellevandenhooff/versum
Breaking Integrated Circuit Device Security through Test Mode Silicon Reverse Engineering.
A Nearly Four-Year Longitudinal Study of Search-Engine Poisoning.	https://arima.cylab.cmu.edu/rx/
RockJIT: Securing Just-In-Time Compilation Using Modular Control-Flow Integrity.	https://github.com/0vercl0k/rp
AutoCog: Measuring the Description-to-permission Fidelity in Android Applications.	https://github.com/ticcky/esalib
Rosemary: A Robust, Secure, and High-performance Network Operating System.	http://www.openflowsec.org
Security Analysis of the Estonian Internet Voting System.	https://www.estoniaevoting.org
Fail-Secure Access Control.	<www.infsec.ethz.ch/research/software/bellog>
SCORAM: Oblivious RAM for Secure Computation.	http://www.oblivm.com
Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps.	http://amandroid.sireum.org

2013 (14)

Paper	Artifact
FPDetective: dusting the web for fingerprinters.	http://homes.esat.kuleuven.be/~gacar/fpdetective/
More efficient oblivious transfer and extensions for faster secure computation.	http://encrypto.de/code/OTExtension
Automatic verification of protocols with lists of unbounded length.	http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetPaiolaCCS13.html
Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education.	http://www.controlalthack.com
Tappan Zee (north) bridge: mining memory accesses for introspection.	http://github.com/moyix/panda/
Protocol misidentification made easy with format-transforming encryption.	https://github.com/redjack/FTE
Rethinking SSL development in an appified world.	https://github.com/moxie0/AndroidPinning
Detecting stealthy, distributed SSH brute-forcing.	http://www.bsdly.net/~peter/hailmary/
Users get routed: traffic correlation on tor by realistic adversaries.	http://torps.github.io
SAuth: protecting user accounts from password database leaks.	http://www.cs.columbia.edu/~kontaxis/sauth/
Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security.	http://ic.ese.upenn.edu/distributions/fatptr_ccs2013
Towards reducing the attack surface of software backdoors.	https://github.com/flxflx/weasel
Scheduling black-box mutational fuzzing.	http://security.ece.cmu.edu/fuzzsim/
Chucky: exposing missing checks in source code for vulnerability discovery.	https://github.com/fabsx00/joern

2012 (7)

Paper	Artifact
Aligot: cryptographic function identification in obfuscated binary programs.	http://code.google.com/p/aligot/
Adaptive defenses for commodity software through virtual application partitioning.	http://code.google.com/p/virtual-partitioning/9
The most dangerous code in the world: validating SSL certificates in non-browser software.	http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https
FlowFox: a web browser with flexible and precise information flow control.	http://distrinet.cs.kuleuven.be/software/FlowFox/
Secure two-party computations in ANSI C.	http://www.forsyte.at/
OTO: online trust oracle for user-centric trust establishment.	http://www.cnet.com
SkypeMorph: protocol obfuscation for Tor bridges.	http://crysp.uwaterloo.ca/software/

2011 (4)

Paper	Artifact
Countering GATTACA: efficient and secure testing of fully-sequenced human genomes.	http://sprout.ics.uci.edu/projects/privacy-dna
Automated black-box detection of side-channel vulnerabilities in web applications.	http://www.cs.virginia.edu/sca
Fear the EAR: discovering and mitigating execution after redirect vulnerabilities.	https://github.com/adamdoupe/find_ear_rails
Automatic error finding in access-control policies.	http://code.google.com/p/mohawk/

2010 (4)

Paper	Artifact
Platform-independent programs.	http://security.ece.cmu.edu
@spam: the underground on 140 characters or less.	http://spam.com
Abstraction by set-membership: verifying security protocols and web services with databases.	http://www.imm.dtu.dk/~samo
Security analysis of India's electronic voting machines.	http://IndiaEVM.org

2009 (2)

Paper	Artifact
Attacking cryptographic schemes based on "perturbation polynomials".	http://perso.ens-lyon.fr/damien.stehle
XCS: cross channel scripting and its impact on web applications.	http://seclab.stanford.edu/websec/embedded/

2008 (5)

Paper	Artifact
Type-checking zero-knowledge.	http://www.infsec.cs.uni-sb.de/projects/zk-typechecker
Traitor tracing with constant size ciphertext.	<crypto.stanford.edu/~dabo/pubs.html>
Computational soundness of observational equivalence.	https://hal.inria.fr/inria-00274158
Ether: malware analysis via hardware virtualization extensions.	http://ether.gtisc.gatech.edu
SOMA: mutual approval for included content in web pages.	http://ccsl.carleton.ca/software/soma

2007 (6)

Paper	Artifact
Asirra: a CAPTCHA that exploits interest-aligned manual image categorization.
How much anonymity does network latency leak?	http://freehaven.net/anonbib
Protecting browsers from dns rebinding attacks.	http://crypto.stanford.edu/dns
Split-ballot voting: everlasting privacy with distributed trust.	http://www.wisdom.weizmann.ac.il/~naor/onpub.html
Predicting vulnerable software components.	http://www.st.cs.uni-sb.de/softevo/
Efficient policy analysis for administrative role based access control.	<www.cs.stonybrook.edu/~stoller/ccs2007/>

2006 (4)

Paper	Artifact
Puppetnets: misusing web browsers as a distributed attack infrastructure.	http://s3g.i2r.a-star.edu.sg/proj/puppetnets
Inferring the source of encrypted HTTP connections.	http://freehaven.net/anonbib/topic.html
Hot or not: revealing hidden services by their clock skew.	http://www.cl.cam.ac.uk/users/sjm217/
Secure attribute-based systems.	http://siis.cse.psu.edu/attribute.htmlThese

2005 (2)

Paper	Artifact
Modeling insider attacks on group key-exchange protocols.	http://www.cs.umd.edu/~jkatz/papers.html
A framework for concrete reputation-systems with applications to history-based access control.	http://www.brics.dk/RS/05/23

2004 (2)

Paper	Artifact
Group signatures with verifier-local revocation.	http://crypto.stanford.edu/~dabo/pubs.html
Pong-cache poisoning in GUESS.	http://dbpubs.stanford.edu/pub/2003-51

2003 (1)

Paper	Artifact
PPay: micropayments for peer-to-peer systems.	http://dbpubs.stanford.edu/pub/2003-31

2002 (2)

Paper	Artifact
MOPS: an infrastructure for examining security properties of software.	http://www.cs.berkeley.edu/~daw/mops/
Defending against redirect attacks in mobile IP.	https://core.ac.uk/display/13248815?utm_source=pdf&utm_medium=banner&utm_campaign=pdf-decoration-v1

2001 (2)

Paper	Artifact
On the relationship between strand spaces and multi-agent systems.	http://www.cs.cornell.edu/home/halpern
OCB: a block-cipher mode of operation for efficient authenticated encryption.	<www-cse.ucsd.edu/users/mihir>

NDSS

2025 (98)

Paper	Artifact
AlphaDog: No-Box Camouflage Attacks via Alpha Channel Oversight	https://sites.google.com/view/alphachannelattack/home
An Empirical Study on Fingerprint API Misuse with Lifecycle Analysis in Real-world Android Apps	https://github.com/FpAuth/
Be Careful of What You Embed: Demystifying OLE Vulnerabilities	https://api.semanticscholar.org/CorpusID:267621808
BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKS	https://github.com/gyg128/BULKHEAD
BumbleBee: Secure Two-party Inference Framework for Large Transformers	https://github.com/AntCPLab/OpenBumbleBee
Careful About What App Promotion Ads Recommend! Detecting and Explaining Malware Promotion via App Promotion Graph	https://github.com/AppPromotionAdsResearch/AdGPE
CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling	https://censor-gradient.github.io
CLIBE: Detecting Dynamic Backdoors in Transformer-based NLP Models	https://github.com/Raytsang123/CLIBE
Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange	https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#name-status-of-this-memo
Compiled Models, Built-In Exploits: Uncovering Pervasive Bit-Flip Attack Surfaces in DNN Executables	https://sites.google.com/view/exe-single-bit-bfa
Dissecting Payload-based Transaction Phishing on Ethereum	https://github.com/HypoopyH/PTXPhish
Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution	https://github.com/shaoshuo-ss/EaaW
Generating API Parameter Security Rules with LLM for API Misuse Detection	https://github.com/icy17/GPTAid/
Horcrux: Synthesize, Split, Shift and Stay Alive; Preventing Channel Depletion via Universal and Enhanced Multi-hop Payments	https://github.com/Anqi333/implementation-of-horcrux
Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection	https://github.com/LexusWang/CAPTAIN
LeakLess: Selective Data Protection against Memory Leakage Attacks for Serverless Platforms	https://github.com/mrostamipoor/LeakLess
MALintent: Coverage Guided Intent Fuzzing Framework for Android	https://github.com/sslab-gatech/MALintent
Magmaw: Modality-Agnostic Adversarial Attacks on Machine Learning-Based Wireless Communication Systems	https://github.com/juc023/Magmaw
Manifoldchain: Maximizing Blockchain Throughput via Bandwidth-Clustered Sharding	https://github.com/Hide-on-bush2/Manifoldchain
Mens Sana In Corpore Sano: Sound Firmware Corpora for Vulnerability Research	https://github.com/fkie-cad/linux-firmware-corpus
Misdirection of Trust: Demystifying the Abuse of Dedicated URL Shortening Service	https://github.com/seclab-fudan/Ditto.git
Moneta: Ex-Vivo GPU Driver Fuzzing by Recalling In-Vivo Execution States	https://github.com/yonsei-sslab/moneta
Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack	https://github.com/Internet-Architecture-and-Security/Packet-Size-Side-Channel-Attack
On the Realism of LiDAR Spoofing Attacks against Autonomous Driving Vehicle at High Speed and Long Distance	https://sites.google.com/view/av-ioat-sec/real-av-lidar-attack
Passive Inference Attacks on Split Learning via Adversarial Regularization	https://github.com/zhxchd/SDAR_SplitNN/
PhantomLiDAR: Cross-modality Signal Injection Attacks against LiDAR	https://sites.google.com/view/phantomlidar
RACONTEUR: A Knowledgeable, Insightful, and Portable LLM-Powered Shell Command Explainer	https://raconteur-ndss.github.io/
ReDAN: An Empirical Study on Remote DoS Attacks against NAT Networks	https://github.com/Internet-Architecture-and-Security/Remote-DoS-Attacks-against-NAT-Networks
Reinforcement Unlearning	https://github.com/cp-lab-uts/Reinforcement-Unlearning
ReThink: Reveal the Threat of Electromagnetic Interference on Power Inverters	https://tinyurl.com/ReThinkDemoVideos
Revisiting EM-based Estimation for Locally Differentially Private Protocols	https://github.com/yyt20080808/LDP-EM-MR
Revisiting Physical-World Adversarial Attack on Traffic Sign Recognition: A Commercial Systems Perspective	https://sites.google.com/view/av-ioat-sec/commercial-tsr-test
SCRUTINIZER: Towards Secure Forensics on Compromised TrustZone	https://github.com/Compass-All/SCRUTINIZER
Secure Transformer Inference Made Non-interactive	https://github.com/zju-abclab/NEXUS
Silence False Alarms: Identifying Anti-Reentrancy Patterns on Ethereum to Refine Smart Contract Reentrancy Detection	https://github.com/ashessqy126/Anti-reentrancy-Pattern-Injection
The Midas Touch: Triggering the Capability of LLMs for RM-API Misuse Detection	https://libexpat.github.io/doc/api/latest/
The Philosopher’s Stone: Trojaning Plugins of Large Language Models	https://github.com/chichidd/llm-lora-trojan
The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps	https://github.com/KeyMagnetProject2025/KeyMagnet
Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems	https://github.com/PSU-Security-Universe/badass
Tweezers: A Framework for Security Event Detection via Event Attribution-centric Tweet Embedding	https://github.com/jiancui-research/tweezers
Understanding Data Importance in Machine Learning Attacks: Does Valuable Data Pose Greater Harm?	https://github.com/TrustAIRLab/importance-in-mlattacks
Understanding Miniapp Malware: Identification, Dissection, and Characterization	https://minimalware.github.io/
VeriBin: Adaptive Verification of Patches at the Binary Level	https://github.com/purseclab/VeriBin
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China	https://gfw.report/publications/ndss25/en/
“Who is Trying to Access My Account?” Exploring User Perceptions and Reactions to Risk-based Authentication Notifications	https://weitongxin.wixsite.com/mysite
A Comprehensive Memory Safety Analysis of Bootloaders	https://github.com/wjqsec/bootloader
A Formal Approach to Multi-Layered Privileges for Enclaves	https://github.com/arxgy/Penglai-Enclave-Privileged
A Multifaceted Study on the Use of TLS and Auto-detect in Email Ecosystems	https://github.com/tls-downgrade/email-security.git
All your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks	https://github.com/KevinLiebergen/dbransom
Automatic Insecurity: Exploring Email Auto-configuration in the Wild	https://github.com/emailconfigtest/mailconfig
Automatic Library Fuzzing through API Relation Evolvement	https://figshare.com/s/9539927ac84ee6a7ac14
BARBIE: Robust Backdoor Detection Based on Latent Separability	https://github.com/Forliqr/BARBIE
Beyond Classification: Inferring Function Names in Stripped Binaries via Domain Adapted LLMs	https://github.com/OSUSecLab/SymGen
BinEnhance: An Enhancement Framework Based on External Environment Semantics for Binary Code Search	https://github.com/wang-yongpan/BinEnhance
BitShield: Defending Against Bit-Flip Attacks on DNN Executables	https://sites.google.com/view/bitshield-exe
Blindfold: Confidential Memory Management by Untrusted Operating System	https://github.com/caihuali95/blindfold/
CCTAG: Configurable and Combinable Tagged Architecture	https://github.com/CTSRD-CHERI/
Deanonymizing Device Identities via Side-channel Attacks in Exclusive-use IoTs & Mitigation	https://github.com/OSUSecLab/AnonymizationLayer
DiStefano: Decentralized Infrastructure for Sharing Trusted Encrypted Facts and Nothing More	https://github.com/brave-experiments/DiStefano
Distributed Function Secret Sharing and Applications	https://github.com/xingpz2008/dealerless-FSS_public
Do (Not) Follow the White Rabbit: Challenging the Myth of Harmless Open Redirection	https://github.com/SoheilKhodayari/STORK
Exploring User Perceptions of Security Auditing in the Web3 Ecosystem	https://github.com/Anonymousauthor2024/Supplementary-documentation
Enhancing Security in Third-Party Library Reuse - Comprehensive Detection of 1-day Vulnerability through Code Patch Analysis	https://github.com/ShangzhiXu/VULTURE_Detector
FUZZUER: Enabling Fuzzing of UEFI Interfaces on EDK-2	https://doi.org/10.5281/zenodo.14257287
GadgetMeter: Quantitatively and Accurately Gauging the Exploitability of Speculative Gadgets	https://github.com/qiling07/GadgetMeter.git
GhostShot: Manipulating the Image of CCD Cameras with Electromagnetic Interference	https://sites.google.com/view/ghostshot
Hidden and Lost Control: on Security Design Risks in IoT User-Facing Matter Controller	https://sites.google.com/view/mattercontrollerflaws
I Know What You Asked: Prompt Leakage via KV-Cache Sharing in Multi-Tenant LLM Serving	https://github.com/sgl-project/sglang
ICSQuartz: Scan Cycle-Aware and Vendor-Agnostic Fuzzing for Industrial Control Systems	https://github.com/momalab/ICSQuartz
I know what you MEME! Understanding and Detecting Harmful Memes with Multimodal Large Language Models	https://github.com/koi-yong/HMGuard
Impact Tracing: Identifying the Culprit of Misinformation in Encrypted Messaging Systems	https://github.com/Ming-bc/impact-tracing
IsolateGPT: An Execution Isolation Architecture for LLM-Based Agentic Systems	https://github.com/llm-platform-security/SecGPT
L-HAWK: A Controllable Physical Adversarial Patch Against a Long-Distance Target	https://github.com/Jupiterliu/L-Hawk
LADDER: Multi-Objective Backdoor Attack via Evolutionary Algorithm	https://github.com/dzhliu/LADDER
LightAntenna: Characterizing the Limits of Fluorescent Lamp-Induced Electromagnetic Interference	https://tinyurl.com/LightAntenna
Mysticeti: Reaching the Latency Limits with Uncertified DAGs	https://github.com/asonnino/mysticeti/tree/paper
Non-intrusive and Unconstrained Keystroke Inference in VR Platforms via Infrared Side Channel	https://vreckey.github.io/
On Borrowed Time - Preventing Static Side-Channel Analysis	https://github.com/0xADE1A1DE/Borrowed-Time
PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation	https://github.com/Pr0pertyGPT/PropertyGPT
Provably Unlearnable Data Examples	https://github.com/NeuralSec/certified-data-learnability
QMSan: Efficiently Detecting Uninitialized Memory Errors During Fuzzing	https://github.com/heinzeen/qmsan
RContainer: A Secure Container Architecture through Extending ARM CCA Hardware Primitives	https://hewlettpackard.github.io/netperf/
Repurposing Neural Networks for Efficient Cryptographic Computation	https://github.com/OSUSecLab/TensorCrypt
Retrofitting XoM for Stripped Binaries without Embedded Data Relocation	https://zenodo.org/records/14251050
ScopeVerif: Analyzing the Security of Android’s Scoped Storage via Differential Analysis	https://github.com/purseclab/ScopeVerif
Securing BGP ASAP: ASPA and other Post-ROV Defenses	https://github.com/jfuruness/aspa_eval
Sheep’s Clothing, Wolf’s Data: Detecting Server-Induced Client Vulnerabilities in Windows Remote IPC	https://github.com/Anonymous130301/GLEIPNIR
SIGuard: Guarding Secure Inference with Post Data Privacy	https://github.com/Wangxinqian/SIGuard-secure-MIA-defense
SketchFeature: High-Quality Per-Flow Feature Extractor Towards Security-Aware Data Plane	https://github.com/ISRL-EWHA/SketchFeature
Speak Up, I’m Listening: Extracting Speech from Zero-Permission VR Sensors	https://github.com/suno-ai/bark
Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel	https://github.com/uafx/uafx
The Guardians of Name Street: Studying the Defensive Registration Practices of the Fortune 500	https://doi.org/10.5281/zenodo.14188149
The Forking Way: When TEEs Meet Consensus	https://cloning-tee-blockchains.github.io/
Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual Devices	https://github.com/vul337/Truman
Uncovering the iceberg from the tip: Generating API Specifications for Bug Detection via Specification Propagation Analysis	https://github.com/Yuuoniy/APISpecGen
URVFL: Undetectable Data Reconstruction Attack on Vertical Federated Learning	https://github.com/duanyiyao/URVFL
VulShield: Protecting Vulnerable Code Before Deploying Patches	https://github.com/vul337/VulShield
You Can Rand but You Can’t Hide: A Holistic Security Analysis of Google Fuchsia’s (and gVisor’s) Network Stack	https://wicg.github.io/private-network-access/

2024 (65)

Paper	Artifact
BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet	https://wangchuhan.cn/
Bernoulli Honeywords	https://github.com/k3coby/bhwmonitoring-go
Crafter: Facial Feature Crafting against Inversion-based Identity Theft on Deep Models	https://github.com/ShimingWang98/Facial_Feature_Crafting_against_Inversion_based_Identity_Theft/tree/main
CrowdGuard: Federated Backdoor Detection in Federated Learning	https://github.com/TRUST-TUDa/crowdguard
File Hijacking Vulnerability: The Elephant in the Room	https://sites.google.com/view/iamjerry
GhostType: The Limits of Using Contactless Electromagnetic Interference to Inject Phantom Keys into Analog Circuits of Keyboards	https://sites.google.com/view/ghosttype-demo
IDA: Hybrid Attestation with Support for Interrupts and TOCTOU	https://github.com/ssysarch/IDA
Inaudible Adversarial Perturbation: Manipulating the Recognition of User Speech in Real Time	https://sites.google.com/view/Vrifle
LDR: Secure and Efficient Linux Driver Runtime for Embedded TEE Systems	https://github.com/SparkYHY/Linux-Driver-Runtime
LiDAR Spoofing Meets the New-Gen: Capability Improvements, Broken Assumptions, and New Attack Strategies	https://sites.google.com/view/cav-sec/new-gen-lidar-sec
LMSanitator: Defending Prompt-Tuning Against Task-Agnostic Backdoors	https://github.com/meng-wenlong/LMSanitator
Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic	https://github.com/XXnormal/RAPIER
MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency	https://github.com/m0ck1ng/mock
MPCDiff: Testing and Repairing MPC-Hardened Deep Learning Models	https://github.com/Qi-Pang/MPCDiff
NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation	https://github.com/Nodlink/Simulated-Data
ShapFuzz: Efficient Fuzzing via Shapley-Guided Byte Selection	https://github.com/ShapFuzz/ShapFuzz
Unus pro omnibus: Multi-Client Searchable Encryption via Access Control	https://jhuisi.github.io/charm
A Duty to Forget, a Right to be Assured? Exposing Vulnerabilities in Machine Unlearning Services	https://github.com/TASI-LAB/Over-unlearning
Abusing the Ethereum Smart Contract Verification Services for Fun and Profit	https://github.com/source-code-scam-paper/source-scam-all-in-one
ActiveDaemon: Unconscious DNN Dormancy and Waking Up via User-specific Invisible Token	https://github.com/LANCEREN/ActiveDaemon
Automatic Adversarial Adaption for Stealthy Poisoning Attacks in Federated Learning	https://www.private-ai.org
BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks	https://github.com/c-morris/bgpy_pathsec
CAGE: Complementing Arm CCA with GPU Extensions	https://github.com/Compass-All/NDSS24-CAGE
Certificate Transparency Revisited: The Public Inspections on Third-party Monitors	https://doi.org/10.5281/zenodo.10148256
CP-IoT: A Cross-Platform Monitoring System for Smart Home	https://github.com/colinLH/CP-IoT
DeGPT: Optimizing Decompiler Output with LLM	https://github.com/PeiweiHu/DeGPT
Detecting Voice Cloning Attacks via Timbre Watermarking	https://timbrewatermarking.github.io/samples
DorPatch: Distributed and Occlusion-Robust Adversarial Patch to Evade Certifiable Defenses	https://github.com/CGCL-codes/DorPatch
DynPRE: Protocol Reverse Engineering via Dynamic Inference	https://github.com/DynPRE/DynPRE
EM Eye: Characterizing Electromagnetic Side-channel Eavesdropping on Embedded Cameras	https://emeyeattack.github.io/Website/
EnclaveFuzz: Finding Vulnerabilities in SGX Applications	https://github.com/LeoneChen/EnclaveFuzz
Faster and Better: Detecting Vulnerabilities in Linux-based IoT Firmware with Optimized Reaching Definition Analysis	https://github.com/f01lprophet/HermeScan
Faults in Our Bus: Novel Bus Fault Attack to Break ARM TrustZone	https://github.com/KULeuven
From Interaction to Independence: zkSNARKs for Transparent and Non-Interactive Remote Attestation	https://github.com/zero-savvy/zk-remote-attestation
Information Based Heavy Hitters for Real-Time DNS Data Exfiltration Detection	https://github.com/akamai/Information-based-Heavy-Hitters-for-Real-Time-DNS-Exfiltration-Detection
IRRedicator: Pruning IRR with RPKI-Valid BGP Insights	https://irredicator.netsecurelab.org
Invisible Reflections: Leveraging Infrared Laser Reflections to Target Traffic Sign Perception	https://sites.google.com/view/cav-sec/ilr-attack
K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel	https://github.com/seclab-ucr/K-LEAK
Like, Comment, Get Scammed: Characterizing Comment Scams on Media Platforms	https://like-comment-get-scammed.github.io/
LoRDMA: A New Low-Rate DoS Attack in RDMA Networks	https://github.com/wangshicheng1225/LoRDMA
MirageFlow: A New Bandwidth Inflation Attack on Tor	https://shadow.github.io/
MASTERKEY: Automated Jailbreaking of Large Language Model Chatbots	https://api.semanticscholar.org/CorpusID:260777640
Pencil: Private and Extensible Collaborative Learning without the Non-Colluding Assumption	https://github.com/lightbulb128/Pencil
Powers of Tau in Asynchrony	https://github.com/sourav1547/qsdh-py
Predictive Context-sensitive Fuzzing	https://github.com/eurecom-s3/predictive-cs-fuzzing
PriSrv: Privacy-Enhanced and Highly Usable Service Discovery in Wireless Communications	https://github.com/prisrv
ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing	https://github.com/Konano/ReqsMiner
REPLICAWATCHER: Training-less Anomaly Detection in Containerized Microservices	https://github.com/utwente-scs/Replicawatcher
Proof of Backhaul: Trustfree Measurement of Broadband Bandwidth	https://github.com/multichallengerpob/proof-of-backhaul
QUACK: Hindering Deserialization Attacks via Static Duck Typing	https://figshare.com/articles/software/QUACK_Hindering_Deserialization_Attacks_via_Static_Duck_Typing/24578644
Scrappy: SeCure Rate Assuring Protocol with PrivacY	https://github.com/akakou/scrappy
Secret-Shared Shuffle with Malicious Security	https://github.com/emp-toolkit
Secure Multiparty Computation of Threshold Signatures Made More Efficient	https://gitlab.com/alephledger/threshold-ecdsa
SENSE: Enhancing Microarchitectural Awareness for TEEs via Subscription-Based Notification	https://github.com/sslab-gatech/Sense
SLMIA-SR: Speaker-Level Membership Inference Attacks against Speaker Recognition Systems	https://github.com/S3L-official/SLMIA-SR
SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem	https://github.com/seclab-ucr/SyzBridge
SSL-WM: A Black-Box Watermarking Approach for Encoders Pre-trained by Self-Supervised Learning	https://github.com/lvpeizhuo/SSL-WM
TALISMAN: Tamper Analysis for Reference Monitors	https://github.com/isolachine/talisman
The CURE to Vulnerabilities in RPKI Validation	https://github.com/rp-cure/rp-cure
TextGuard: Provable Defense against Backdoor Attacks on Text Classification	https://github.com/AI-secure/TextGuard
Understanding the Implementation and Security Implications of Protective DNS Services	https://github.com/MingxuanLiu/ProtectiveDNS
Towards Automated Regulation Analysis for Effective Privacy Compliance	https://github.com/Secure-Platforms-Lab-W-M/ARC
Untangle: Multi-Layer Web Server Fingerprinting	https://tranco-list.eu/list/997K2
VETEOS: Statically Vetting EOSIO Contracts for the “Groundhog Day” Vulnerabilities	https://github.com/HKJL10201/VetEOS
You Can Use But Cannot Recognize: Preserving Visual Privacy in Deep Neural Networks	https://github.com/Edison9419/ndss

2023 (63)

Paper	Artifact
An OS-agnostic Approach to Memory Forensics	https://github.com/eurecom-s3/fossil
Automata-Based Automated Detection of State Machine Bugs in Protocol Implementations	https://doi.org/10.5281/zenodo.7129240
Brokenwire: Wireless Disruption of CCS Electric Vehicle Charging	https://github.com/ssloxford/brokenwire
Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis	https://github.com/fuchuanpu/HyperVision
DARWIN: Survival of the Fittest Fuzzing Mutators	https://github.com/TUDA-SSL/DARWIN
Efficient Dynamic Proof of Retrievability for Cold Storage	https://github.com/vt-asaplab/porla
Evasion Attacks and Defenses on Smart Home Physical Event Verification	https://github.com/purseclab/EVS_Evasion
Extrapolating Formal Analysis to Uncover Attacks in Bluetooth Passkey Entry Pairing	https://github.com/OSUSecLab/bluetooth-pairing-formal-verification
Fusion: Efficient and Secure Inference Resilient to Malicious Servers	https://github.com/daisy611/Fusion
Faster Secure Comparisons with Offline Phase for Efficient Private Set Intersection	https://github.com/BlazingFastPSI/NDSS23
Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation	https://netsec.ccert.edu.cn/people/lx19
Let Me Unwind That For You: Exceptions to Backward-Edge Protection	https://github.com/chop-project/chop
Machine Unlearning of Features and Labels	https://github.com/alewarne/MachineUnlearning
MyTEE: Own the Trusted Execution Environment on Embedded Devices	https://github.com/sssecret2019/mytee
On the Anonymity of Peer-To-Peer Network Anonymity Schemes Used by Cryptocurrencies	https://github.com/pi-yush/
POSE: Practical Off-chain Smart Contract Execution	https://github.com/AppliedCryptoGroup/PoseCode
PPA: Preference Profiling Attack Against Federated Learning	https://github.com/PPAattack
Private Certifier Intersection	https://github.com/ghoshbishakh/pci
QUICforge: Client-side Request Forgery in QUIC	https://github.com/yurigbur/QUICforge
RoVISQ: Reduction of Video Service Quality via Adversarial Attacks on Deep Learning-based Video Compression	https://sites.google.com/view/demo-of-rovisq/home
Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning	https://github.com/sss-wue/smarter-contracts
Towards Automatic and Precise Heap Layout Manipulation for General-Purpose Programs	https://github.com/Stab1el/BAGUA
Your Router is My Prober: Measuring IPv6 Networks via ICMP Rate Limiting Side Channels	https://github.com/iVantage-NDSS23/iVantage
Trellis: Robust and Scalable Metadata-private Anonymous Broadcast	https://github.com/SimonLangowski/trellis
VICEROY: GDPR-/CCPA-compliant Enforcement of Verifiable Accountless Consumer Requests	https://github.com/sprout-uci/VICEROY
Access Your Tesla without Your Awareness: Compromising Keyless Entry System of Model 3	https://github.com/fmsh-seclab/TesMla
Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation	https://github.com/dongtsi/OWAD
Attacks as Defenses: Designing Robust Audio CAPTCHAs Using Attacks on Automatic Speech Recognition Systems	https://sites.google.com/view/attacksasdefenses/home
Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software	https://conffuzz.github.io
Backdoor Attacks Against Dataset Distillation	https://github.com/liuyugeng/baadd
BARS: Local Robustness Certification for Deep Learning based Traffic Analysis Systems	https://github.com/KaiWangGitHub/BARS
BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense	https://github.com/Megum1/BEAGLE
CHKPLUG: Checking GDPR Compliance of WordPress Plugins via Cross-language Code Property Graph	https://github.com/faysalhossain2007/CHKPLUG
BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects	https://github.com/VPRLab/BlkVulnReport
Copy-on-Flip: Hardening ECC Memory Against Rowhammer Attacks	https://github.com/vusec/Copy-on-Flip
Cryptographic Oracle-based Conditional Payments	https://adiabat.github.io/dlc.pdf
DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing	https://github.com/WSP-LAB/DiffCSP
Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams	https://double-and-nothing.github.io/
Drone Security and the Mysterious Case of DJI’s DroneID	https://github.com/RUB-SysSec/DroneSecurity
Focusing on Pinocchio’s Nose: A Gradients Scrutinizer to Thwart Split-Learning Hijacking Attacks Using Intrinsic Attributes	https://github.com/CGCL-codes/GradientsScrutinizer
FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities	https://github.com/evaluating-fuzzilli-for-js-jit-fuzzing
Him of Many Faces: Characterizing Billion-scale Adversarial and Benign Browser Fingerprints on Commercial Websites	https://github.com/bfpmeasurementgithub/browser-fingeprint-measurement
How to Count Bots in Longitudinal Datasets of IP Addresses	https://github.com/CardCount
I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape	https://github.com/SecPriv/hbbtv-blocker
InfoMasker: Preventing Eavesdropping Using Phoneme-Based Noise	https://github.com/desperado1999/InfoMasker
LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols	https://github.com/ConsensusFuzz/LOKI
No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions	https://github.com/BUseclab/FuzzNG
OBSan: An Out-Of-Bound Sanitizer to Harden DNN Executables	https://sites.google.com/view/oob-sanitizer/
OptRand: Optimistically Responsive Reconfigurable Distributed Randomness	https://github.com/nibeshrestha/optrand
Parakeet: Practical Key Transparency for End-to-End Encrypted Messaging	https://github.com/facebook/akd
Paralyzing Drones via EMI Signal Injection on Sensory Communication Channels	https://sites.google.com/view/paralyzing-drones-via-emi
Preventing SIM Box Fraud Using Device Model Fingerprinting	https://sites.google.com/view/devicefingerprinting
RAI2: Responsible Identity Audit Governing the Artificial Intelligence	https://github.com/chichidd/RAI2
ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning	https://gitlab.com/kostasdrk/rescan
REDsec: Running Encrypted Discretized Neural Networks in Seconds	https://github.com/TrustworthyComputing/REDsec
Sometimes, You Aren’t What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems	https://bitbucket.org/sts-lab/mimicry-provenance-generator/src/master/
StealthyIMU: Stealing Permission-protected Private Information From Smartphone Voice Assistant Using Zero-Permission Sensors	https://github.com/Samsonsjarkal/StealthyIMU
SynthDB: Synthesizing Database via Program Analysis for Security Testing of Web Applications	https://github.com/carloFanc/Security-Testing/tree/main/inventory-management-system-fixed
The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption	https://github.com/MonashCybersecurityLab/Aura
Un-Rocking Drones: Foundations of Acoustic Injection Attacks and Recovery Thereof	https://sites.google.com/view/unrocker/
Thwarting Smartphone SMS Attacks at the Radio Interface Layer	https://github.com/OSUSecLab/RILDefender
VulHawk: Cross-architecture Vulnerability Detection with Entropy-based Binary Code Search	https://github.com/RazorMegrez/VulHawk
BinaryInferno: A Semantic-Driven Approach to Field Inference for Binary Message Formats	https://github.com/vs-uulm/fieldhunter

2022 (44)

Paper	Artifact
FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware	https://www.github.com/FirmWire/FirmWire
HARPO: Learning to Subvert Online Behavioral Advertising	https://github.com/bitzj2015/Harpo-NDSS22
Get a Model! Model Hijacking Attack Against Machine Learning Models	https://github.com/AhmedSalem2/Model-Hijacking
Interpretable Federated Transformer Log Learning for Cloud Threat Forensics	https://doi.org/10.5281/zenodo.3227177
hbACSS: How to Robustly Share Many Secrets	<github.com/tyurek/hbACSS>
Property Inference Attacks Against GANs	https://github.com/Zhou-Junhao/PIA_GAN
Remote Memory-Deduplication Attacks	https://github.com/IAIK/Remote-Page-Deduplication-Attacks
SemperFi: Anti-spoofing GPS Receiver for UAVs	https://semperfi-gps.com/
The Droid is in the Details: Environment-aware Evasion of Android Sandboxes	https://droid-in-the-details.github.io
The Taming of the Stack: Isolating Stack Data from Memory Errors	https://github.com/Lightninghkm/DataGuard
Uncovering Cross-Context Inconsistent Access Control Enforcement in Android	https://github.com/moonZHH/IAceFinder
Transparency Dictionaries with Succinct Proofs of Correct Operation	http://people.cs.georgetown.edu/jthaler/
A Lightweight IoT Cryptojacking Detection Mechanism in Heterogeneous Smart Home Networks	https://github.com/cslfiu/IoTCryptojacking
Building Embedded Systems Like It’s 1996	https://github.com/junxzm1990/iot-security
Chosen-Instruction Attack Against Commercial Code Virtualization Obfuscators	https://github.com/chosen-instruction-attack/
Clarion: Anonymous Communication from Multiparty Shuffling Protocols	https://github.com/SabaEskandarian/Clarion
COOPER: Testing the Binding Code of Scripting Languages with Cooperative Mutation	https://github.com/TCA-ISCAS/Cooper
Cross-Language Attacks	https://github.com/mit-ll/Cross-Language-Attacks
Demystifying Local Business Search Poisoning for Illicit Drug Promotion	https://sites.google.com/view/idlls
Euler: Detecting Network Lateral Movement via Scalable Temporal Graph Link Prediction	https://github.com/iHeartGraph/Euler
ditto: WAN Traffic Obfuscation at Line Rate	https://github.com/nsg-ethz/ditto
Evaluating Susceptibility of VPN Implementations to DoS Attacks Using Adversarial Testing	https://github.com/fstreun/Flood-Generator
GhostTalk: Interactive Attack on Smartphone Voice System Through Power Line	https://ghosttalkattack.github.io/
Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat Systems	https://sites.google.com/view/hazard-integrated
HeadStart: Efficiently Verifiable and Low-Latency Participatory Randomness Generation at Scale	https://github.com/csienslab
Hybrid Trust Multi-party Computation with Trusted Execution Environment	https://github.com/HybrTC/HybrTC
Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel	https://www.vusec.net/projects/kasper
LogicMEM: Automatic Profile Generation for Binary-Only Memory Forensics via Logic Inference	https://github.com/bitsecurerlab/LogicMem
MIRROR: Model Inversion for Deep Learning Network with High Fidelity	https://model-inversion.github.io/mirror/
Packet-Level Open-World App Fingerprinting on Wireless Traffic	https://github.com/jflixjtu/PacketPrint
PHYjacking: Physical Input Hijacking for Zero-Permission Authorization Attacks on Android	https://mobitec.ie.cuhk.edu.hk/phyjacking
Preventing Kernel Hacks with HAKCs	https://github.com/mit-ll/HAKC
Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world Websites	https://github.com/client-pp/ProbetheProto
Progressive Scrutiny: Incremental Detection of UBI bugs in the Linux Kernel	https://github.com/seclab-ucr/IncreLux
RamBoAttack: A Robust and Query Efficient Deep Neural Network Decision Exploit
RVPLAYER: Robotic Vehicle Forensics by Replay with What-if Reasoning	https://sites.google.com/view/rvplayer#h.7rugn56gjilm
ScriptChecker: To Tame Third-party Script Execution With Task Capabilities	https://github.com/lwyeluo/ScriptChecker
Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators	https://github.com/secsysresearch/DRFuzz.git
Shaduf: Non-Cycle Payment Channel Rebalancing	https://github.com/Lonely-Programmer/Shaduf
SynthCT: Towards Portable Constant-Time Code	https://github.com/FPSG-UIUC/synthCT
Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications	https://github.com/enferas/TestabilityTarpits
Titanium: A Metadata-Hiding File-Sharing System with Malicious Security	https://github.com/samee/
Too Afraid to Drive: Systematic Discovery of Semantic DoS Vulnerability in Autonomous Driving Planning under Physical-World Attacks	https://sites.google.com/view/cav-sec/planfuzz
What You See is Not What the Network Infers: Detecting Adversarial Examples Based on Semantic Contradiction	https://github.com/cure-lab/ContraNet.git

2021 (49)

Paper	Artifact
SODA: A Generic Online Detection Framework for Smart Contracts	https://github.com/pandabox-dev/SODA
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers	https://contact-discovery.github.io/
As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service	https://github.com/melonproject/
DOVE: A Data-Oblivious Virtual Environment	https://github.com/dove-project
Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem	https://www.alexa-skill-analysis.org/
Obfuscated Access and Search Patterns in Searchable Encryption	https://github.com/z6shang/OSSE
POP and PUSH: Demystifying and Defending against (Mach) Port-oriented Programming	https://github.com/zhengmin1989/POP_AND_PUSH
Reining in the Web’s Inconsistencies with Site Policy	https://github.com/cispa/site-policy
Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers	https://github.com/0xADE1A1DE/Rosita
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages	https://github.com/osssanitizer/maloss
XDA: Accurate, Robust Disassembly with Transfer Learning	https://github.com/CUMLSec/XDA
A Formal Analysis of the FIDO UAF Protocol	https://github.com/CactiLab/UAFVerif
ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation	https://github.com/ALchemist2020/Workload
BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols	https://github.com/SysSec-KAIST/BaseSpec
CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs	https://github.com/intel/
CV-Inspector: Towards Automating Detection of Adblock Circumvention	https://athinagroup.eng.uci.edu/projects/cv-inspector/
Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning	https://github.com/Navidem/k-meld/blob/main/results/FOIs.txt
Emilia: Catching Iago in Legacy Code	https://github.com/mfriedl/sk-sgx
FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data	https://github.com/junjieliang672/FARE
Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases	https://github.com/favocado/Favocado
FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications	https://github.com/dmbb/FlowLens
From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware	https://github.com/MCUSec/para-rehosting
GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks	https://github.com/mc2-project/delphi
HERA: Hotpatching of Embedded Real-time Applications	https://github.com/FreeRTOS/FreeRTOS/tree/master
Improving Signal’s Sealed Sender	https://github.com/signalapp
Hunting the Haunter – Efficient Relational Symbolic Execution for Spectre with Haunted RelSE	https://github.com/binsec/haunted_bench
KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel	https://github.com/RiS3-Lab/kubo
NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces	https://github.com/netplier-tool/NetPlier
OblivSketch: Oblivious Network Measurement as a Cloud Service	https://github.com/MonashCybersecurityLab/measurement
On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices	https://pursec.cs.purdue.edu/projects/sms_mobile.html
PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles	https://github.com/purseclab/PGFUZZ
PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification	https://phoenixlte.github.io/
Practical Blind Membership Inference Attack via Differential Comparisons	https://github.com/hyhmia/BlindMI
Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy	https://github.com/MonashCybersecurityLab/SDd
PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps	https://github.com/privacy-tech-lab/privacyflash-pro/
QPEP: An Actionable Approach to Secure and Performant Broadband From Geostationary Orbit	https://github.com/ssloxford/qpep
RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness	https://github.com/PhilippSchindler/RandRunner
Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing	https://github.com/bitsecurerlab/aflplusplus-hier
Shadow Attacks: Hiding and Replacing Content in Signed PDFs	https://itextpdf.com/en/blog/technical-notes/investigating-pdf-shadow-attacks-what-are-shadow-attacks-part-1
SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web	https://github.com/yuske/SerialDetector
SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets	https://github.com/bitsecurerlab/SpecTaint.git
SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning	https://github.com/wuwuz/SquirRL
SymQEMU: Compilation-based symbolic execution for binaries	http://www.s3.eurecom.fr/tools/symbolic_execution/symqemu.html
TASE: Reducing Latency of Symbolic Execution with Transactional Memory	https://klee.github.io/docker/
To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media	https://github.com/belizkaleli/TypoNoMo
Trust the Crowd: Wireless Witnessing to Detect Attacks on ADS-B-Based Air-Traffic Surveillance	https://github.com/kai-jansen/ADSB-Trust-Evaluation
Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI	https://smurf-ndss.github.io/
WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning	https://github.com/sslab-gatech/winnie
Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks	https://github.com/mixianghang/mpaas

2020 (41)

Paper	Artifact
A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints	https://github.com/DistriNet/avalanche-ndss2020
ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures	https://github.com/bbbrumley/portsmash
Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps	https://github.com/OSUSecLab/CANHunter
Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking	https://www.github.com/bujcich/EventScope
BLAG: Improving the Accuracy of Blacklists	https://steel.isi.edu/Projects/BLAG/
Broken Metre: Attacking Resource Metering in EVM	https://github.com/danhper/aleth/tree/measure-gas
Bobtail: Improved Blockchain Security with Low-Variance Mining	https://github.com/umass-forensics/bobtail-simulations
ConTExT: A Generic Approach for Mitigating Spectre	https://github.com/IAIK/contextlight
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution	https://bitbucket.org/sts-lab/custos/
DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing	https://github.com/deepbindiff/DeepBinDiff
DESENSITIZATION: Privacy-Aware and Attack-Preserving Crash Report	https://github.com/sslab-gatech/desensitization
Designing a Better Browser for Tor with BLAST	<github.com/blastpipeline/blastpipeline>
DISCO: Sidestepping RPKI’s Deployment Barriers	https://github.com/yossigi/disco
Dynamic Searchable Encryption with Small Client Storage	https://github.com/jgharehchamani/SSE
Encrypted DNS -> Privacy? A Traffic Analysis Perspective	https://github.com/facebookexperimental/doh-proxy
FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic	https://github.com/Thijsvanede/FlowPrint
FUSE: Finding File Upload Bugs via Penetration Testing	https://github.com/WSP-LAB/FUSE
Heterogeneous Private Information Retrieval	https://github.com/SPIN-UMass/HPIR
HFL: Hybrid Fuzzing on the Linux Kernel	https://github.com/nccgroup/
HYPER-CUBE: High-Dimensional Hypervisor Fuzzing	https://github.com/RUB-SysSec/hypercube
Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals	https://sites.google.com/view/aubreychatbot
Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer	https://github.com/tianzheng4/learning_speech_from_accelerometer
MassBrowser: Unblocking the Censored Web for the Masses, by the Masses	https://massbrowser.cs.umass.edu
MACAO: A Maliciously-Secure and Client-Efficient Active ORAM Framework	https://github.com/thanghoang/MACAO
Metal: A Metadata-Hiding File-Sharing System	https://www.oblivious.app/
Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems	https://acoustic-metamorph-system.github.io/
Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization	https://github.com/TortoiseFuzz/
On the Resilience of Biometric Authentication Systems against Random Inputs	https://imathatguy.github.io/Acceptance-Region
On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways	https://github.com/RUB-SysSec/MiddleboxProtocolStudy/
Packet-Level Signatures for Smart Home Devices	http://plrg.ics.uci.edu/pingpong/
Practical Traffic Analysis Attacks on Secure Messaging Applications	https://github.com/SPIN-UMass/IMProxy
SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves	https://surfingattack.github.io/
SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery	https://github.com/seclab-ucr/sym-tcp
SVLAN: Secure & Scalable Network Virtualization	https://www.scionlab.org
The Attack of the Clones Against Proof-of-Authority	https://github.com/jpmorganchase/
TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications	https://drive.google.com/drive/folders/1Yfnz-ZpBpL8lftYIdM6JtH-QKE88NcSX?
When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features	https://github.com/ucsb-seclab/packware
Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats	https://github.com/crimson-unicorn
Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning through Real-World Measurements	https://github.com/VolSec/active-bgp-measurement
You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis	https://github.com/share-we/malware
uRAI: Securing Embedded Systems with Return Address Integrity	https://github.com/embedded-sec/uRAI

2019 (38)

Paper	Artifact
Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding.	https://adversarial-attacks.net
A Treasury System for Cryptocurrencies: Enabling Better Collaborative Intelligence.	https://iohk.io/research/papers/#AJSEAT7K
BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals.	https://sites.google.com/view/bluetoothvul/
Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers.	https://github.com/asonnino/coconut
CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines.	https://github.com/SoftSec-KAIST/CodeAlchemist
Constructing an Adversary Solver for Equihash.	https://github.com/BTCGPU/BTCGPU/issues/324resistance
Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing.	https://github.com/cwfletcher/oisa
Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.	https://github.com/cispa/persistent-clientside-xss//
Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game Theory.	https://github.com/keroserene/
Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based.	https://github.com/sagrawal87/ABE
Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers.	https://github.com/JHU-ARC/state_for_the_stateless/
How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories.	https://cloudplatform.googleblog.com/
How to End Password Reuse on the Web.	https://github.com/miracl/
ICSREF: A Framework for Automated Reverse Engineering of Industrial Control Systems Binaries.	https://github.com/momalab/ICSREF
JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits.	https://github.com/IAIK/jstemplate
maTLS: How to Make TLS middlebox-aware?	https://github.com/middlebox-aware-tls/matls-implementation
MBeacon: Privacy-Preserving Beacons for DNA Methylation Data.	https://mbeacon-network.github.io/MBeacon-network/
Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet.	https://iot.cs.umd.edu
ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models.	https://github.com/AhmedSalem2/ML-Leaks
NAUTILUS: Fishing for Deep Bugs with Grammars.	https://github.com/RUB-SysSec/nautilus
Nearby Threats: Reversing, Analyzing, and Attacking Google's 'Nearby Connections' on Android.	https://github.com/francozappa/rearby
Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs.	https://nmt4binaries.github.io
NIC: Detecting Adversarial Samples with Neural Network Invariant Checking.	https://github.com/carlini/nn_robust_attacks
OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX.	https://github.com/01org/
One Engine To Serve 'em All: Inferring Taint Rules Without Architectural Semantics.	https://taintinduce.github.io/
PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary.	https://github.com/securesystemslab/periscope
Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems.	https://sites.google.com/view/practicalhiddenvoice
REDQUEEN: Fuzzing with Input-to-State Correspondence.	https://github.com/RUB-SysSec/redqueen
rORAM: Efficient Range ORAM with O(log2 N) Locality.	https://github.com/anrinch/rORAM
Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks.	https://www.syssec.wiwi.uni-due.de/en/research/research-projects/securing-smart-contracts/
Stealthy Adversarial Perturbations Against Real-Time Video Classification Systems.	https://github.com/sli057/Video-Perturbation.git
TEE-aided Write Protection Against Privileged Data Tampering.	https://madiba.encs.concordia.ca/software.html
The use of TLS in Censorship Circumvention.	https://tlsfingerprint.io
Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals.	https://www.thunderclap.io/
TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V.	https://github.com/IAIK/timber-v
Total Recall: Persistence of Passwords in Android.	https://github.com/friendlyJLee/totalrecall
Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries.	https://sites.google.com/view/swtwmyc/home
We Value Your Privacy … Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy.	https://github.com/RUB-SysSec/we-value-your-privacy

2018 (29)

Paper	Artifact
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices	https://github.com/avatartwo/ndss18_wycinwyc
Didn’t You Hear Me? – Towards More Successful Web Vulnerability Notifications	https://github.com/ben-stock/notification-ndss2018
rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System	https://github.com/josecl/cool-php-captcha
Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach	https://github.com/samueljero/TCPwn
LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE	https://github.com/relentless-warrior/LTEInspector
A Security Analysis of Honeywords	https://github.com/pkusec/rethinking-honeywords
Revisiting Private Stream Aggregation: Lattice-Based PSA	https://github.com/shaih/HElib
ZeroTrace : Oblivious Memory Primitives from Intel SGX	https://github.com/ssasy/ZeroTrace
Automated Website Fingerprinting through Deep Learning	https://distrinet.cs.kuleuven.be/software/tor-wf-dl/
VulDeePecker: A Deep Learning-Based System for Vulnerability Detection	https://github.com/CGCL-codes/VulDeePecker
Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection	https://github.com/ymirsky/KitNET-py
Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks	https://evadeML.org
Trojaning Attack on Neural Networks	https://github.com/trojannn/TrojanNN
Broken Fingers: On the Usage of the Fingerprint API in Android	https://github.com/ucsb-seclab/android_broken_fingers
KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks	https://github.com/IAIK/keydrown
K-Miner: Uncovering Memory Corruption in Linux	https://github.com/ssl-tud/k-miner
CFIXX: Object Type Integrity for C++	https://github.com/HexHive/CFIXX
Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics	<github.com/utds3lab/multiverse>
Bug Fixes, Improvements, … and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions	https://recon.meddle.mobi/appversions/
OBLIVIATE: A Data Oblivious Filesystem for Intel SGX	https://github.com/01org/linux-sgx
When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries	https://github.com/calaylin/bda
SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS.	https://github.com/sola-da/Synode
JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks	https://github.com/IAIK/ChromeZero
Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting	https://github.com/wrmelicher/ChromiumTaintTracking
JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions	https://github.com/perdisci/JSgraph
Resolving the Predicament of Android Custom Permissions	https://sites.google.com/view/cusper-custom-permissions/home
Chainspace: A Sharded Smart Contracts Platform	https://github.com/chainspace/chainspace
Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions	https://crysp.uwaterloo.ca/software/speedymurmurs/
Inside Job: Applying Traffic Analysis to Measure Tor from Within	https://onionpop.github.io

2017 (16)

Paper	Artifact
A Large-scale Analysis of the Mnemonic Password Advice	https://github.com/webis-de/password-generation-rules
Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO	https://github.com/AarhusCrypto/TinyLEGO
MARX: Uncovering Class Hierarchies in C++ Programs	https://github.com/RUB-SysSec/Marx
Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots	https://chromepic.github.io/chromepic-browser/
Safelnit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities	https://github.com/vusec/safeinit
Catching Worms, Trojan Horses and PUPs: Unsupervised Detection of Silent Delivery Campaigns	https://networkx.github.io/
BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments	https://github.com/ucsb-seclab/boomerang/
The Effect of DNS on Tor’s Anonymity	https://nymity.ch/tor-dns/
TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation	http://web.ist.utl.pt/nuno.lopes/netverif
Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability	https://utopia-group.github.io/astroid/
Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying	https://github.com/dslab-epfl/s2e.git
VUzzer: Application-aware Evolutionary Fuzzing	https://www.vusec.net/projects/fuzzing
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web	https://github.com/RetireJS/
P2P Mixing and Unlinkable Bitcoin Transactions	https://github.com/real-or-random/python-dicemix
The Security Impact of HTTPS Interception	https://github.com/zakird/tlsfingerprints
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis	https://github.com/ucsb-seclab/agrigento

2016 (13)

Paper	Artifact
Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy	http://www.caida.org/tools/measurement/scamper/
Attacking the Network Time Protocol	http://www.cs.bu.edu/~goldbe/NTPattack.html
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems	https://github.com/darshakframework/darshak
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware	https://github.com/firmadyne/
Protecting C++ Dynamic Dispatch Through VTable Interleaving	http://clang.llvm.org/docs/ControlFlowIntegrityDesign.html
Efficient Private Statistics with Succinct Sketches	https://github.com/indutny/elliptic
Measuring and Mitigating AS-level Adversaries Against Tor	http://nrg.cs.stonybrook.edu/astoria-as-aware-relay-selection-for-tor/
Website Fingerprinting at Internet Scale	https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks
Extract Me If You Can: Abusing PDF Parsers in Malware Detectors	https://goo.gl/qtbuOC
Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers	http://www.evadeML.org
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis	http://github.com/mit-ll/LO-PHI
Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework	http://tinyurl.com/kratos15
Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding	https://github.com/cea-sec/miasm

2015 (7)

Paper	Artifact
Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware	http://github.com/zardus/pyvex
ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation	http://encrypto.de/code/ABY
Efficient RAM and Control Flow in Verifiable Outsourced Computation	https://github.com/pepper-project
Opaque Control-Flow Integrity	https://github.com/corelan/
Gracewipe: Secure and Verifiable Deletion under Coercion	https://madiba.encs.concordia.ca/software.html
CopperDroid: Automatic Reconstruction of Android Malware Behaviors	http://s2lab.isg.rhul.ac.uk/projects/mobsec/
Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse	https://github.com/JohannesBuchner/imagehash

2014 (10)

Paper	Artifact
Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares	http://s3.eurecom.fr/tools/avatar
AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable	http://web.engr.illinois.edu/~sdey4/AccelPrintDataSourceCode.html
Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks	https://github.com/georgiev-martin/NoFrak
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network	http://torps.github.io/
From Very Weak to Very Strong: Analyzing Password-Strength Meters	http://spectrum.library.concordia.ca/978049/
Hardening Persona - Improving Federated Web Login	https://github.com/WhisperSystems/
Botcoin: Monetizing Stolen Cycles	https://github.com/forrestv/p2pool
A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks	https://github.com/secure-software-engineering/SuSi
AirBag: Boosting Smartphone Resistance to Malware Infection	http://www.malgenomeproject.org/
Efficient Private File Retrieval by Combining ORAM and PIR	http://pasmac.ccs.neu.edu/

2013 (1)

Paper	Artifact
InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations	https://sites.google.com/site/InteGuard

2012 (5)

Paper	Artifact
Making argument systems for outsourced computation practical (sometimes)	http://www.cs.utexas.edu/pepper
Charm: A Framework for Rapidly Prototyping Cryptosystems	http://charm-crypto.com
Private Set Intersection: Are Garbled Circuits Better than Custom Protocols?	http://MightBeEvil.org
Shadow: Running Tor in a Box for Accurate and Efficient Experimentation	http://shadow.cs.umn.edu/
Chrome Extensions: Threat Analysis and Countermeasures	http://code.google.com/chrome/extensions/manifest.html

2011 (1)

Paper	Artifact
Efficient Privacy-Preserving Biometric Identification.	http://mightbeevil.org

2010 (2)

Paper	Artifact
Preventing Capability Leaks in Secure JavaScript Subsets.	http://webblaze.cs.berkeley.edu/2010/blancura/
Adnostic: Privacy Preserving Targeted Advertising.	http://crypto.stanford.edu/adnostic/

2009 (2)

Paper	Artifact
CSAR: A Practical and Provable Technique to Make Randomized Systems Accountable.	http://peerreview.mpi-sws.org/
Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic.	http://www.cs.columbia.edu/ids/

2006 (2)

Paper	Artifact
Isolating Intrusions by Automatic Experiments.	http://www.st.cs.uni-sb.de/malfor/
Inoculating SSH Against Address Harvesting.	http://nms.csail.mit.edu/projects/ssh/

SP

2025 (137)

Paper	Artifact
PEFTGuard: Detecting Backdoor Attacks Against Parameter-Efficient Fine-Tuning.	https://github.com/Vincent-HKUSTGZ/PEFTGuard
GPTracker: A Large-Scale Measurement of Misused GPTs.	https://github.com/TrustAIRLab/GPTracker
Edge Unlearning is Not "on Edge"! an Adaptive Exact Unlearning System on Resource-Constrained Devices.	https://github.com/XLab-hub/CAUSE
Verifiable Secret Sharing Simplified.	https://github.com/sourav1547/e2e-vss
CHLOE: Loop Transformation over Fully Homomorphic Encryption via Multi-Level Vectorization and Control-Path Reduction.	https://github.com/heir-compiler/heir
Smaug: Modular Augmentation of LLVM for MPC.	https://github.com/radhika1601/smaug
Efficient Storage Integrity in Adversarial Settings.	https://github.com/MadSP-McDaniel/pac
Adversarial Robust ViT-Based Automatic Modulation Recognition in Practical Deep Learning-Based Wireless Systems.	https://github.com/coulsonlee/Robust-ViT-for-AMR-SP2025
Towards ML-KEM & ML-DSA on OpenTitan.	https://github.com/PQC-OpenTitan/towards-ml-kem-and-ml-dsa-on-opentitan
Faster Verification of Faster Implementations: Combining Deductive and Circuit-Based Reasoning in EasyCrypt.	https://github.com/formosa-crypto/
PQ-Hammer: End-to-End Key Recovery Attacks on Post-Quantum Cryptography Using Rowhammer.	https://github.com/pqrowhammer/pqhammer
Liquefaction: Privately Liquefying Blockchain Assets.	https://github.com/key-encumbrance/liquefaction
Hash-Prune-Invert: Improved Differentially Private Heavy-Hitter Detection in the Two-Server Model.	https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf
Ringtail: Practical Two-Round Threshold Signatures from Learning with Errors.	https://github.com/daryakaviani/ringtail
Preprocessing for Life: Dishonest-Majority MPC with a Trusted or Untrusted Dealer.	https://github.com/MatanHamilis/PreprocessingForLife
Improved Constructions for Distributed Multi-Point Functions.	https://github.com/MatanHamilis/dmpf
Verifiable Boosted Tree Ensembles.	https://github.com/LorenzoCazzaro/verifiable-boosted-tree-ensembles
TreePIR: Efficient Private Retrieval of Merkle Proofs via Tree Colorings with Fast Indexing and Zero Storage Overhead.	https://github.com/PIR-PIXR/TreePIR
MatriGear: Accelerating Authenticated Matrix Triple Generation with Scalable Prime Fields via Optimized HE Packing.	https://github.com/SNUCP/
Firmrca: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-Based Fault Localization.	https://github.com/NESA-Lab/FirmRCA
A Composability Analysis Framework for Web3 Wallet Recovery Mechanisms.	https://gitlab.com/status-im/docs/EIPs/blob/secret-multisig-recovery/EIPS/eip-2429.md1545
Differentially Private Selection Using Smooth Sensitivity.	https://github.com/iagocc/smooth-noisy-max
Racedb: Detecting Request Race Vulnerabilities in Database-Backed Web Applications.	https://github.com/sscf224/racedb
Unveiling Security Vulnerabilities in Git Large File Storage Protocol.	https://github.com/NESA-Lab/LFSonar
Scheduled Disclosure: Turning Power into Timing Without Frequency Scaling.	https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/frequency-throttling-side-channel-guidance.html
Impossibility Results for Post-Compromise Security in Real-World Communication Systems.	https://github.com/pcsanalysiseprint/pcsanalysiseprint
Saecred: A State-Aware, Over-the-Air Protocol Testing Approach for Discovering Parsing Bugs in SAE Handshake Implementations of COTS Wi-Fi Access Points.	https://github.com/izdar/SAECRED
VerITAS: Verifying Image Transformations at Scale.	https://github.com/zk-VerITAS/VerITAS
Countmamba: A Generalized Website Fingerprinting Attack via Coarse-Grained Representation and Fine-Grained Prediction.	https://github.com/SJTU-dxw/CountMamba-WF
Beyond the Horizon: Uncovering Hosts and Services Behind Misconfigured Firewalls.	https://impliedchaos.github.io/ip-alloc/
MANTIS: Detection of Zero-Day Malicious Domains Leveraging Low Reputed Hosting Infrastructure.	https://github.com/fatihdeniz/mantis
Phecda: Post-Quantum Transparent zkSNARKs from Improved Polynomial Commitment and VOLE-in-the-Head with Application in Publicly Verifiable AES.	<github.com/zkPrfs/phecda>
Half Spectre, Full Exploit: Hardening Rowhammer Attacks with Half-Spectre Gadgets.	https://github.com/vusec/half-spectre
Fuzz-Testing Meets LLM-Based Agents: An Automated and Efficient Framework for Jailbreaking Text-to-Image Generation Models.	https://github.com/YingkaiD/JailFuzzer
INCOGNITOS: A Practical Unikernel Design for Full-System Obfuscation in Confidential Virtual Machines.	https://github.com/sslab-skku/incognitos
Permissionless Verifiable Information Dispersal (Data Availability for Bitcoin Rollups).	https://github.com/bitcoin/
Disassembly as Weighted Interval Scheduling with Learned Weights.	https://github.com/GrammaTech/ddisasm-wis-evaluation
Sparta: Practical Anonymity with Long-Term Resistance to Traffic Analysis.	https://github.com/ucsc-anonymity/sparta-experiments
Not All Edges are Equally Robust: Evaluating the Robustness of Ranking-Based Federated Learning.	https://github.com/gongzir1/VEM
EPScan: Automated Detection of Excessive RBAC Permissions in Kubernetes Applications.	https://github.com/seclab-fudan/EPScan
Mon CHERI: Mitigating Uninitialized Memory Access with Conditional Capabilities.	https://github.com/conditionalcapabilities
SHARK: Actively Secure Inference Using Function Secret Sharing.	https://github.com/kanav99/shark
Growlithe: A Developer-Centric Compliance Tool for Serverless Applications.	https://github.com/ubc-cirrus-lab/growlithe
P2C2T: Preserving the Privacy of Cross-Chain Transfer.	https://github.com/smallfrog/ptoctot
Codebreaker: Dynamic Extraction Attacks on Code Language Models.	https://github.com/nuwaLab/Codebreaker
Differentially Private Release of Israel's National Registry of Live Births.	https://github.com/shlomihod/synthflow
"Sorry for Bugging you so much." Exploring Developers' Behavior Towards Privacy-Compliant Implementation.	https://github.com/privacy-programming-study/project-health-app
On the (In)Security of LLM App Stores.	https://github.com/security-pride/LLM-App-Security
Opera: Achieving Secure and High-Performance OLAP with Parallelized Homomorphic Comparisons.	<github.com/hku-systems/Opera>
Towards Efficient and Practical Multi-party Computation under Inconsistent Trust in TEEs.	https://github.com/TEEs-projects/Inconsistent-trust-MPC
"Only as Strong as the Weakest Link": On the Security of Brokered Single Sign-On on the Web.	https://doi.org/10.5281/zenodo.13918427
CoBBL: Dynamic Constraint Generation for SNARKs.	https://github.com/cmu-snarks/CoBBl
Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites.	https://github.com/Follow-my-Flow-GaLA/analysis
Groundhog: A Restart-Based Systems Framework for Increasing Availability in Threshold Cryptosystems.	https://github.com/synercys/Groundhog
UnMarker: A Universal Attack on Defensive Image Watermarking.	https://github.com/andrekassis/ai-watermark
Myco: Unlocking Polylogarithmic Accesses in Metadata-Private Messaging.	https://github.com/myco-org/myco/
ALPACA: Anonymous Blocklisting with Constant-Sized Updatable Proofs.	https://github.com/jiwonkimpark/alpaca
Open Sesame! On the Security and Memorability of Verbal Passwords.	https://doi.org/10.6084/m9.figshare.28804049
Tiktag: Breaking ARM's Memory Tagging Extension with Speculative Execution.	https://github.com/compsec-snu/tiktag
Chimera: Fuzzing P4 Network Infrastructure for Multi-Plane Bug Detection and Vulnerability Discovery.	https://github.com/purseclab/Chimera
Transparency in Usable Privacy and Security Research: Scholars' Perspectives, Practices, and Recommendations.	https://secartifacts.github.io/
BaseBridge: Bridging the Gap Between Over-the-Air and Emulation Testing for Cellular Baseband Firmware.	https://github.com/FirmWire/BaseBridge
DPolicy: Managing Privacy Risks Across Multiple Releases with Differential Privacy.	https://github.com/pps-lab/dpolicy
Rushing at SPDZ: On the Practical Security of Malicious MPC Implementations.	https://github.com/rot256/mpc-pitfalls
Fun-tuning: Characterizing the Vulnerability of Proprietary LLMs to Optimization-Based Prompt Injection Attacks via the Fine-Tuning Interface.	https://github.com/earlence-security/fun-tuning
Architectural Neural Backdoors from First Principles.	https://github.com/Hjel2/resnet-cifar-taxonomy
Hermes: Efficient and Secure Multi-Writer Encrypted Database.	https://github.com/vt-asaplab/Hermes
From Easy to Hard: Building a Shortcut for Differentially Private Image Synthesis.	https://github.com/SunnierLee/DP-FETA
SV-TrustEval-C: Evaluating Structure and Semantic Reasoning in Large Language Models for Source Code Vulnerability Analysis.	https://github.com/Jackline97/SV-TrustEval-C
Make a Feint to the East While Attacking in the West: Blinding LLM-Based Code Auditors with Flashboom Attacks.	https://github.com/oxygen-hunter/Flashboom
Redefining Indirect Call Analysis with KallGraph.	https://github.com/seclab-ucr/KallGraph
Query Provenance Analysis: Efficient and Robust Defense Against Query-Based Black-Box Attacks.	https://github.com/0xllssFF/QPA
HyperPianist: Pianist with Linear-Time Prover and Logarithmic Communication Cost.	https://github.com/AntCPLab/HyperPianist
Is MPC Secure? Leveraging Neural Network Classifiers to Detect Data Leakage Vulnerabilities in MPC Implementations.	https://github.com/FudanMPL/MPCGuard
DataSentinel: A Game-Theoretic Detection of Prompt Injection Attacks.	https://github.com/liu00222/Open-Prompt-Injection
Mind the Location Leakage in LEO Direct-to-Cell Satellite Networks.	https://github.com/SpaceNetLab/DCator
Cauchyproofs: Batch-Updatable Vector Commitment with Easy Aggregation and Application to Stateless Blockchains.	https://github.com/zhtluo/buvc-rs
A Low-Cost Privacy-Preserving Digital Wallet for Humanitarian Aid Distribution.	https://github.com/wouterl/humanitarian-wallet-code
Machine Learning with Privacy for Protected Attributes.	https://github.com/VSehwag/
SCAD: Towards a Universal and Automated Network Side-Channel Vulnerability Detection.	https://github.com/seclab-ucr/SCAD
Harmonycloak: Making Music Unlearnable for Generative AI.	https://mosis.eecs.utk.edu/harmonycloak.html
BadRAM: Practical Memory Aliasing Attacks on Trusted Execution Environments.	https://github.com/badramattack/badram
Connecting the Extra Dots (Contexts): Correlating External Information about Point of Interest for Attack Investigation.	https://doi.org/10.5281/zenodo.15200285
IUBIK: Isolating User Bytes in Commodity Operating System Kernels via Memory Tagging Extensions.	https://github.com/tum-itsec/iubik
Trust Nobody: Privacy-Preserving Proofs for Edited Photos with Your Laptop.	https://github.com/PIERdemo/Privacy-PreservingProofs4EditedPhotos
Slice+Slice Baby: Generating Last-Level Cache Eviction Sets in the Blink of an Eye.	https://github.com/0xADE1A1DE/Slice-Slice-Baby
AccuRevoke: Enhancing Certificate Revocation with Distributed Cryptographic Accumulators.	https://accurevoke.netsecurelab.org
Investigating Physical Latency Attacks Against Camera-Based Perception.	https://github.com/purseclab/DetStorm
Augmented Shuffle Protocols for Accurate and Robust Frequency Estimation Under Differential Privacy.	https://github.com/LocalNoiseFreeDP/LocalNoiseFreeDP
"It's almost like Frankenstein": Investigating the Complexities of Scientific Collaboration and Privilege Management within Research Computing Infrastructures.	https://github.com/sefcom/Frankenstein/tree/master
PEARTS: Provable Execution in Real-Time Embedded Systems.	https://github.com/RIT-CHAOS-SEC/PEARTS
Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-Layer.	https://github.com/tls-attacker/Censor-Scanner/releases/tag/v1.0_sp2025
Papercraft: Lattice-Based Verifiable Delay Function Implemented.	https://github.com/russell-lai/rok-paper-sissors-estimator/
PFortifier: Mitigating PHP Object Injection Through Automatic Patch Generation.	https://github.com/CyanM0un/PFortifier
RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes.	https://github.com/kaist-hacking/RGFuzz
Restricting the Link: Effects of Focused Attention and Time Delay on Phishing Warning Effectiveness.	https://github.com/spilab-umich/phishing-experiment-infrastructure-2
Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage.	https://github.com/CISPA/LLCSliceReversing
Stateful Analysis and Fuzzing of Commercial Baseband Firmware.	https://github.com/SyNSec-den/Loris
Analyzing Ad Prevalence, Characteristics, and Compliance in Alexa Skills.	https://privacy-datahub.csc.ncsu.edu/publication/sabir-sp-2025/
Clubcards for the WebPKI: Smaller Certificate Revocation Tests in Theory and Practice.	https://github.com/davidben/merkle-tree-certs/issues/41#
Constant Latency and Finality for Dynamically Available DAG.	https://github.com/hans-repo/Consensus
BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target.	https://github.com/SolidShen/BAIT
Ring Referral: Efficient Publicly Verifiable Ad hoc Credential Scheme with Issuer and Strong User Anonymity for Decentralized Identity and More.	https://github.com/sidckchau/RingReferral
Robust Threshold ECDSA with Online-Friendly Design in Three Rounds.	https://github.com/silence-laboratories/silent-shard-dkls23-ll
Evaluating the Effectiveness of Memory Safety Sanitizers.	<www.github.com/Fraunhofer-AISEC/MSET>
TreeKEM: A Modular Machine-Checked Symbolic Security Analysis of Group Key Agreement in Messaging Layer Security.	https://github.com/Inria-Prosecco/treekem-artifact
From One Stolen Utterance: Assessing the Risks of Voice Cloning in the AIGC Era.	https://github.com/hayeong0/DDDM-VC
Predator: Directed Web Application Fuzzing for Efficient Vulnerability Validation.	https://github.com/cuhk-seclab/Predator
TypeForge: Synthesizing and Selecting Best-Fit Composite Data Types for Stripped Binaries.	https://github.com/noobone123/TypeForge
The Digital Cybersecurity Expert: How Far Have We Come?	https://github.com/NASP-THU/CSEBenchmark
Benchmarking Attacks on Learning with Errors.	https://github.com/facebookresearch/LWE-benchmarking
SoK: Decoding the Enigma of Encrypted Network Traffic Classifiers.	https://github.com/nime-sha256/ntc-enigma
Training Solo: On the Limitations of Domain Isolation Against Spectre-v2 Attacks.	https://github.com/vusec/training-solo
PyLingual: Toward Perfect Decompilation of Evolving High-Level Languages.
Breaking the Barrier: Post-Barrier Spectre Attacks.	https://comsec.ethz.ch/breaking-the-barrier
Space RADSIM: Binary-Agnostic Fault Injection to Evaluate Cosmic Radiation Impact on Exploit Mitigation Techniques in Space.	https://github.com/CISPA-SysSec/space-radsim
A Wall Behind A Wall: Emerging Regional Censorship in China.	https://gfw.report/publications/sp25/en
Low-Cost and Robust Global Time Synchronization.	https://github.com/netsec-ethz/everdeen-eval-wnb
HouseFuzz: Service-Aware Grey-Box Fuzzing for Vulnerability Detection in Linux-Based Firmware.	https://github.com/seclab-fudan/HouseFuzz
BridgeRouter: Automated Capability Upgrading of Out-Of-Bounds Write Vulnerabilities to Arbitrary Memory Write Primitives in the Linux Kernel.	https://github.com/CheUhxg/BridgeRouter
"Check-Before-you-Solve": Verifiable Time-Lock Puzzles.	https://github.com/jiajunxin/VTLP
The File That Contained the Keys Has Been Removed: An Empirical Analysis of Secret Leaks in Cloud Buckets and Responsible Disclosure Outcomes.	https://docs.github.com/en/code-security/secret-scanning/secret-scanning-patterns
Alleviating the Fear of Losing Alignment in LLM Fine-tuning.	https://github.com/kangyangWHU/LLMAlignment
Gold OPRF: Post-Quantum Oblivious Power-Residue PRF.	https://github.com/gconeice/PR-OPRF
CoinDef: A Comprehensive Code Injection Defense for the Electron Framework.	https://github.com/ian7yang/CoInDef
PGUS: Pretty Good User Security for Thick MVNOs with a Novel Sanitizable Blind Signature.	https://github.com/YYangNUS/PGUS
RankGuess: Password Guessing Using Adversarial Ranking.	https://bit.ly/4h2hKXo)
Empc: Effective Path Prioritization for Symbolic Execution with Path Cover.	https://github.com/joshuay2022/empc
Exploring Parent-Child Perceptions on Safety in Generative AI: Concerns, Mitigation Strategies, and Design Implications.	https://github.com/SPresearch/Interview-protocol
CipherSteal: Stealing Input Data from TEE-Shielded Neural Networks with Ciphertext Side Channels.	https://github.com/Yuanyuan-Yuan/CipherSteal
EvilHarmony: Stealthy Adversarial Attacks Against Black-Box Speech Recognition Systems.	https://sites.google.com/view/evilharmony
FairZK: A Scalable System to Prove Machine Learning Fairness in Zero-Knowledge.	https://github.com/tnyuzg/FairZK
Identifying Incoherent Search Sessions: Search Click Fraud Remediation Under Real-World Constraints.	https://github.com/CyFI-Lab-Public/COSEC
CamLopa: A Hidden Wireless Camera Localization Framework via Signal Propagation Path Analysis.	https://github.com/CamLoPA/CamLoPA-Code
MicroNova: Folding-Based Arguments with Efficient (On-Chain) Verification.	https://github.com/Microsoft/Nova
My Model is Malware to You: Transforming AI Models into Malware by Abusing TensorFlow APIs.	https://github.com/ZJU-SEC/TensorAbuse
Lombard-VLD: Voice Liveness Detection Based on Human Auditory Feedback.	https://github.com/hongchengzhu/Lombard-VLD

2024 (155)

Paper	Artifact
An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape.	<github.com/secml-lab-vt/EvolvingThreat-DeepfakeImageDetect>
Larger-scale Nakamoto-style Blockchains Don't Necessarily Offer Better Security.	https://github.com/RUB-InfSec/simblock
Device-Oriented Group Messaging: A Formal Cryptographic Analysis of Matrix' Core.	https://meta.discourse.org/t/matrix-protocol-for-chat/210780
Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes.	https://github.com/pandora-tee
"False negative - that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing.	https://github.com/Secure-Platforms-Lab-W-M/false-negatives-kill
DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing.	https://github.com/openssl/
Casual Users and Rational Choices within Differential Privacy.	https://doi.org/10.5167/uzh-258447
SoK: Security and Privacy of Blockchain Interoperability.	https://github.com/RafaelAPB/SoKSPBlockchainInterop
P4Control: Line-Rate Cross-Host Attack Prevention via In-Network Information Flow Control Enabled by Programmable Switches and eBPF.	https://github.com/peng-gao-lab/p4control
Tabbed Out: Subverting the Android Custom Tab Security Model.	<purl.org/ct-paper>
CaFA: Cost-aware, Feasible Attacks With Database Constraints Against Neural Tabular Classifiers.	https://github.com/matanbt/attack-tabular
Automated Synthesis of Effect Graph Policies for Microservice-Aware Stateful System Call Specialization.	https://github.com/sysflow-telemetry/upolicycraft
Don't Eject the Impostor: Fast Three-Party Computation With a Known Cheater.	https://encrypto.de/code/MOTION-FD
Understanding Parents' Perceptions and Practices Toward Children's Security and Privacy in Virtual Reality.	https://osf.io/4p9c3/?view_only=b1dfae593e5142a6ac0bb59866479d40
SINBAD: Saliency-informed detection of breakage caused by ad blocking.	https://github.com/spring-epfl/sinbad
SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing.	https://github.com/seclab-ucr/SyzGenPlusPlus.git
Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient Delay.	https://github.com/SecTechTool/Chronos
Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance.	https://github.com/ProvenanceAnalytics/kairos
OdScan: Backdoor Scanning for Object Detection Models.	https://github.com/Megum1/ODSCAN
ALIF: Low-Cost Adversarial Audio Attacks on Black-Box Speech Platforms using Linguistic Features.	https://github.com/TASER2023/TASER
Attacking Byzantine Robust Aggregation in High Dimensions.	https://github.com/sarthak-choudhary/HIDRA
Test-Time Poisoning Attacks Against Test-Time Adaptation Models.	https://github.com/tianshuocong/TePA
It's Simplex! Disaggregating Measures to Improve Certified Robustness.	https://github.com/andrew-cullen/ensemble-simplex-certifications
ARMOR: A Formally Verified Implementation of X.509 Certificate Chain Validation.	https://github.com/joyantaDebnath/armor/
SoK: Efficient Design and Implementation of Polynomial Hash Functions over Prime Fields.	https://github.com/jangilcher/polynomial_hashing_framework
Sophon: Non-Fine-Tunable Learning to Restrain Task Transferability For Pre-trained Models.	https://github.com/ChiangE/Sophon
Can we cast a ballot as intended and be receipt free?	https://inria.hal.science/hal-04371905v1
Sabre: Cutting through Adversarial Noise with Adaptive Spectral Filtering and Input Reconstruction.	https://github.com/Mobile-Intelligence-Lab/SABRE
ConjunCT: Learning Inductive Invariants to Prove Unbounded Instruction Safety Against Microarchitectural Timing Attacks.	https://github.com/FPSG-UIUC/conjunct
Threshold ECDSA in Three Rounds.	https://gitlab.com/neucrypt/mpecdsa
SoK: Unintended Interactions among Machine Learning Defenses and Risks.	https://github.com/ssg-research/sok-unintended-interactions
Janus: Safe Biometric Deduplication for Humanitarian Aid Distribution.	https://github.com/spring-epfl/Janus
Synq: Public Policy Analytics Over Encrypted Data.	https://github.com/encryptedsystems/synq
DPI: Ensuring Strict Differential Privacy for Infinite Data Streaming.	https://github.com/ShuyaFeng/DPI
A Representative Study on Human Detection of Artificially Generated Media Across Countries.	https://github.com/RUB-SysSec/GeneratedMediaSurvey
Practical Attacks Against DNS Reputation Systems.	https://github.com/Astrolavos/dns-reputation-system-sp2024
DeepTheft: Stealing DNN Model Architectures through Power Side Channel.	https://github.com/LearningMaker/DeepTheft
hinTS: Threshold Signatures with Silent Setup.	https://github.com/hintsrepo/hints
Efficient and Generic Microarchitectural Hash-Function Recovery.	https://github.com/CISPA/Microarchitectural-Hash-Function-Recovery
Thwarting Last-Minute Voter Coercion.	https://github.com/fgiustol/Loki
Efficient Zero-Knowledge Arguments For Paillier Cryptosystem.	https://github.com/RaeGBR/ZKP-Paillier-SP24
Baffle: Hiding Backdoors in Offline Reinforcement Learning Datasets.	https://github.com/2019ChenGong/Offline_RL_Poisoner/
Sticky Tags: Efficient and Deterministic Spatial Memory Error Mitigation using Persistent Memory Tags.	https://github.com/vusec/stickytags
More Haste, Less Speed: Cache Related Security Threats in Continuous Integration Services.	https://github.com/cicache-poc/liquibase__liquibase
Backdooring Multimodal Learning.	https://github.com/multimodalbags/BAGS_Multimodal
Specious Sites: Tracking the Spread and Sway of Spurious News Stories at Scale.	https://github.com/hanshanley/specious-sites
Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy Research.	https://github.com/cispa/Ethical-Server-Side-Scanning
Nurgle: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation.	https://github.com/hzysvilla/Nurgle_Oakland24
You Only Prompt Once: On the Capabilities of Prompt Learning on Large Language Models to Tackle Toxic Content.	https://github.com/xinleihe/toxic-prompt
Non-Atomic Arbitrage in Decentralized Finance.	https://github.com/liobaheimbach/Non-Atomic-Arbitrage-in-Decentralized-Finance
Leaky Address Masking: Exploiting Unmasked Spectre Gadgets with Noncanonical Address Translation.	https://github.com/bcoles/kasld
Learn What You Want to Unlearn: Unlearning Inversion Attacks against Machine Unlearning.	https://github.com/TASI-LAB/Unlearning-inversion-attacks/tree/main
SoK: Privacy-Preserving Data Synthesis.	https://sok-ppds.github.io/data_utility_and_fidelity.html
Titan : Efficient Multi-target Directed Greybox Fuzzing.	https://github.com/5hadowblad3/Titan
To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux' Wireless Stacks through VirtIO Devices.	https://github.com/seemoo-lab/VirtFuzz
Time-Aware Projections: Truly Node-Private Graph Statistics under Continual Observation.	https://github.com/cwagaman/time-aware-proj
Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security.	https://github.com/topics/awesome
Orca: FSS-based Secure Training and Inference with GPUs.	https://github.com/mpc-msri/EzPC.git
Budget Recycling Differential Privacy.	https://github.com/tiktok-privacy-innovation/PrivacyGo
APP-Miner: Detecting API Misuses via Automatically Mining API Path Patterns.	https://github.com/JiangJias/APP-Miner
Asterisk: Super-fast MPC with a Friend.	https://github.com/cris-coders-iisc/Asterisk
Prune+PlumTree - Finding Eviction Sets at Scale.	https://github.com/TomKessous/
A Systematic Study of Physical Sensor Attack Hardness.	https://github.com/purseclab/RVProber
Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials.	https://github.com/ias-tubs/HTML_parsing_differentials
Pudding: Private User Discovery in Anonymity Networks.	https://github.com/ckocaogullar/pudding-protocol
NetShuffle: Circumventing Censorship with Shuffle Proxies at the Edge.	https://github.com/patrickkon/NetShuffle
Cohere: Managing Differential Privacy in Large Scale Systems.	https://github.com/pps-lab/cohere
Formal Model-Driven Analysis of Resilience of GossipSub to Attacks from Misbehaving Peers.	<github.com/gossipsubfm>
FlowMur: A Stealthy and Practical Audio Backdoor Attack with Limited Knowledge.	https://github.com/cristinalan/FlowMur
Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis.	https://github.com/secureweb/symphp
DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses.	https://dnsbomb.net
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets.	https://lixiang521.com/
Make Revocation Cheaper: Hardware-Based Revocable Attribute-Based Encryption.	https://doi.org/10.1109/SP54263.2024.00100
MAWSEO: Adversarial Wiki Search Poisoning for Illicit Online Promotion.	https://sites.google.com/view/mawseo
Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences.	https://github.com/yuske/server-side-prototype-pollution
PIRANA: Faster Multi-query PIR via Constant-weight Codes.	https://github.com/ahenzinger/simplepir
AFGen: Whole-Function Fuzzing for Applications and Libraries.	https://github.com/Marsman1996/AFGen
Pianist: Scalable zkRollups via Fully Distributed Zero-Knowledge Proofs.	https://github.com/dreamATD/pianist-gnark
Attacking and Improving the Tor Directory Protocol.	https://github.com/zhtluo/DirCast
MEA-Defender: A Robust Watermark against Model Extraction Attack.	https://github.com/lvpeizhuo/MEA-Defender
Need for Speed: Taming Backdoor Attacks with Speed and Precision.	https://github.com/Echotoken/ReBack
Investigating Voter Perceptions of Printed Physical Audit Trails for Online Voting.	https://www.gla.ac.uk/tangiblevoting
E-Vote Your Conscience: Perceptions of Coercion and Vote Buying, and the Usability of Fake Credentials in Online Voting.	https://github.com/dedis/trip-usability
ERASan: Efficient Rust Address Sanitizer.	https://github.com/S2-Lab/ERASan
Leveraging Prefix Structure to Detect Volumetric DDoS Attack Signatures with Programmable Switches.	https://onrg.gitlab.io/projects/zapdos/
Robust Backdoor Detection for Deep Learning via Topological Evolution Dynamics.	https://github.com/tedbackdoordefense/ted
Serberus: Protecting Cryptographic Code from Spectres at Compile-Time.	https://github.com/nmosier/llsct
Targeted and Troublesome: Tracking and Advertising on Children's Websites.	https://github.com/targeted-and-troublesome/
On SMS Phishing Tactics and Infrastructure.	https://github.com/wspr-ncsu/sms-phishing
Private Hierarchical Governance for Encrypted Messaging.	https://github.com/AME2E/MLSGov
Measure-Observe-Remeasure: An Interactive Paradigm for Differentially-Private Exploratory Analysis.	https://interactive-dp-analysis.github.io/
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device's Power LED Captured by Standard Video Cameras.	https://www.nassiben.com/video-based-crypta
Multi-Instance Adversarial Attack on GNN-Based Malicious Domain Detection.	https://github.com/mahmoudkanazzal/MintA
Optimal Flexible Consensus and its Application to Ethereum.	https://github.com/tse-group/flexible-eth
"Len or index or count, anything but v1": Predicting Variable Names in Decompilation Output with Transfer Learning.	https://github.com/sefcom/VarBERT
TCP Spoofing: Reliable Payload Transmission Past the Spoofed TCP Handshake.	https://github.com/ypando/spoofing_feedback
BOLT: Privacy-Preserving, Accurate and Efficient Inference for Transformers.	https://github.com/Clive2312/BOLT
Benzene: A Practical Root Cause Analysis System with an Under-Constrained State Mutation.	https://github.com/zer0fall/BENZENE
Universal Neural-Cracking-Machines: Self-Configurable Password Models from Auxiliary Data.	https://github.com/TheAdamProject/UniversalNeuralCrackingMachines
Patchy Performance? Uncovering the Vulnerability Management Practices of IoT-Centric Vendors.	https://github.com/4
BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting.	https://github.com/JSun20220909/BELT
Private Analytics via Streaming, Sketching, and Silently Verifiable Proofs.	https://github.com/ucbsky/whisper
To Auth or Not To Auth? A Comparative Analysis of the Pre- and Post-Login Security Landscape.	https://github.com/cispa/login-security-landscape
Flash: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning.	https://github.com/DART-Laboratory/Flash-IDS
BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect.	https://github.com/ESCristiano/BUSted
From Chatbots to Phishbots?: Phishing Scam Generation in Commercial Large Language Models.	https://huggingface.co/phishbot/ScamLLM
Do You Play It by the Books? A Study on Incident Response Playbooks and Influencing Factors.	https://github.com/luduslibrum/awesome-playbooks
SoK: Prudent Evaluation Practices for Fuzzing.	https://github.com/fuzz-evaluator/
WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP.	https://ahoi-attacks.github.io/wesee
Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing Factors.	https://github.com/PurdueDualityLab/signature-adoption
eAudit: A Fast, Scalable and Deployable Audit Data Collection System.	https://eprov.org
Large-Scale Study of Vulnerability Scanners for Ethereum Smart Contracts.	https://github.com/sss-wue/sc-study/
DrSec: Flexible Distributed Representations for Efficient Endpoint Security.	https://github.com/mahmoods01/DrSec-Oakland-2024
AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource Management.	https://cpseclab.github.io/aquasonic/
Real-Time Website Fingerprinting Defense via Traffic Cluster Anonymization.	https://github.com/kxdkxd/Palette
Hyena: Balancing Packing, Reuse, and Rotations for Encrypted Inference.	https://github.com/UtahArch/HEPack-Sim
From Principle to Practice: Vertical Data Minimization for Machine Learning.	https://github.com/eth-sri/datamin
Distribution Preserving Backdoor Attack in Self-supervised Learning.	https://github.com/Gwinhen/DRUPE
The Times They Are A-Changin': Characterizing Post-Publication Changes to Online News.	https://changing-times.github.io/
LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks.	https://github.com/ai4cloudops/SecLLMHolmes
The Inventory is Dark and Full of Misinformation: Understanding Ad Inventory Pooling in the Ad-Tech Supply Chain.	https://osf.io/hxfkw/?view
Moderating New Waves of Online Hate with Chain-of-Thought Reasoning in Large Language Models.	https://github.com/CactiLab/HateGuard
GrOVe: Ownership Verification of Graph Neural Networks using Embeddings.	https://github.com/ssg-research/GrOVe
Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls.	https://github.com/EkiXu/WAFManis
SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices.	https://github.com/SyzTrust
SwiftRange: A Short and Efficient Zero-Knowledge Range Argument For Confidential Transactions and More.	https://github.com/wangnan-vincent/Flashproofs
Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web Applications.	https://github.com/SSRFuzz/SSRFuzz
LACMUS: Latent Concept Masking for General Robustness Enhancement of DNNs.	https://github.com/TASI-LAB/LACMUS
SmartInv: Multimodal Learning for Smart Contract Invariant Inference.	https://github.com/columbia/SmartInv
MM-BD: Post-Training Detection of Backdoor Attacks with Arbitrary Backdoor Pattern Types Using a Maximum Margin Statistic.	https://github.com/wanghangpsu/MM-BD
LLMIF: Augmented Large Language Model for Fuzzing IoT Devices.	https://github.com/wang70880/LLMIF
Rethinking IC Layout Vulnerability: Simulation-Based Hardware Trojan Threat Assessment with High Fidelity.	https://github.com/xinming-wei/SiliconCritic
A Picture is Worth 500 Labels: A Case Study of Demographic Disparities in Local Machine Learning Models for Instagram and TikTok.	https://github.com/wi-pi/500-labels-resources
Obelix: Mitigating Side-Channels Through Dynamic Obfuscation.	https://github.com/UzL-ITS/obelix
Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs.	https://gitlab.com/hanswinderix/ami ✓
Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities.	https://doi.org/10.5281/zenodo.8163826
POMABuster: Detecting Price Oracle Manipulation Attacks in Decentralized Finance.	https://github.com/DependableSystemsLab/POMABuster
Jasmine: Scale up JavaScript Static Security Analysis with Computation-based Semantic Explanation.	https://github.com/xiaofen9/Jasmine
GAuV: A Graph-Based Automated Verification Framework for Perfect Semi-Honest Security of Multiparty Computation Protocols.	https://doi.org/10.5281/zenodo.10277758
Understanding and Bridging the Gap Between Unsupervised Network Representation Learning and Security Analytics.	https://github.com/C0ldstudy/Argus
SrcMarker: Dual-Channel Source Code Watermarking via Scalable Code Transformations.	https://github.com/YBRua/SrcMarker
Pulling Off The Mask: Forensic Analysis of the Deceptive Creator Wallets Behind Smart Contract Fraud.	https://github.com/CyFI-Lab-Public/COCO
Wear's my Data? Understanding the Cross-Device Runtime Permission Model in Wearables.	https://github.com/purseclab/WearOS
Few-shot Unlearning.	https://github.com/ml-postech/Few-shot-Unlearning
MQTTactic: Security Analysis and Verification for Logic Flaws in MQTT Implementations.	https://github.com/CGCL-codes/MQTTactic/
Exploring the Orthogonality and Linearity of Backdoor Attacks.	https://github.com/KaiyuanZh/OrthogLinearBackdoor
No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML.	https://github.com/ziqi-zhang/TEESlice-artifact
Why Does Little Robustness Help? A Further Step Towards Understanding Adversarial Transferability.	https://github.com/CGCL-codes/TransferAttackSurrogates
Predecessor-aware Directed Greybox Fuzzing.	https://github.com/SEU-SSL/PDGF
Springproofs: Efficient Inner Product Arguments for Vectors of Arbitrary Length.	https://github.com/zkcrypto/
Nyx: Detecting Exploitable Front-Running Vulnerabilities in Smart Contracts.	https://github.com/Troublor/Nyx
Bounded and Unbiased Composite Differential Privacy.	https://github.com/CompositeDP/CompositeDP
Cerberus: Enabling Efficient and Effective In-Network Monitoring on Programmable Switches.	https://github.com/successlab/Cerberus
Securely Fine-tuning Pre-trained Encoders Against Adversarial Examples.	https://github.com/CGCL-codes/Gen-AF
Piano: Extremely Simple, Single-Server PIR with Sublinear Server Computation.	https://github.com/pianopir/Piano-PIR

2023 (95)

Paper	Artifact
Pyfet: Forensically Equivalent Transformation for Python Binary Decompilation.	https://github.com/pyfet-pyc/src
Practically-exploitable Cryptographic Vulnerabilities in Matrix.	https://matrix.org/blog/2022/09/30/this-week-in-matrix-2022-09-30
ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes.	https://github.com/njuaplusplus/imu
Sound Verification of Security Protocols: From Design to Interoperable Implementations.	https://doi.org/10.5281/zenodo.7409524
Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts.	https://github.com/defi-anon/cff/
MEGA: Malleable Encryption Goes Awry.	https://mega-awry.io/
Threshold Signatures in the Multiverse.	https://github.com/rsinha/mts
SecureCells: A Secure Compartmentalized Architecture.	https://github.com/riscv-software-src/
FLUTE: Fast and Secure Lookup Table Evaluations.	https://encrypto.de/code/FLUTE
TEEzz: Fuzzing Trusted Applications on COTS Android Devices.	https://github.com/HexHive/teezz-fuzzer
ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing.	https://github.com/ODDFuzz/ODDFuzz
StyleFool: Fooling Video Classification Systems via Style Transfer.	https://github.com/JosephCao0327/StyleFool
Silph: A Framework for Scalable and Accurate Generation of Hybrid MPC Protocols.	https://github.com/edwjchen/Silph
Inducing Wireless Chargers to Voice Out for Inaudible Command Attacks.	https://anplus.github.io/magsound/
Robust Multi-tab Website Fingerprinting Attacks in the Wild.	https://github.com/Xinhao-Deng/Multi-tab-WF-Attack-datasets
Discop: Provably Secure Steganography in Practice Based on "Distribution Copies".	https://github.com/comydream/Discop
Locally Differentially Private Frequency Estimation Based on Convolution Framework.	https://github.com/SEUNICK/LDP
RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks.	https://github.com/rulekeeper/rulekeeper
It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security.	https://publications.teamusec.de/2023-oakland-repro/
Owl: Compositional Verification of Security Protocols via an Information-Flow Type System.	https://github.com/secure-foundations/owl
SQUIP: Exploiting the Scheduler Queue Contention Side Channel.	http://blog.stuffedcow.net/2013/05/measuring-rob-capaci
A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs.	https://github.com/cispa/Security-RISC
Scatter and Split Securely: Defeating Cache Contention and Occupancy Attacks.	https://github.com/IAIK/CacheSim
Rethinking Searchable Symmetric Encryption.	https://github.com/RethinkingSSE/
SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers.	https://github.com/seclab-ucr/SyzDescribe
Optimistic Fast Confirmation While Tolerating Malicious Majority in Blockchains.	https://dl.comp.nus.edu.sg/handle/1900.100/12
SPHINCS+C: Compressing SPHINCS+ With (Almost) No Cost.	https://github.com/eyalr0/sphincsplusc
Scaphy: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsical.	https://github.com/lordmoses/SCAPHY
Deep perceptual hashing algorithms with hidden dual purpose: when client-side scanning does facial recognition.	https://github.com/computationalprivacy/dual-purpose-client-side-scanning
UTopia: Automatic Generation of Fuzz Driver using Unit Tests.	https://github.com/Samsung/UTopia
SegFuzz: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing.	https://github.com/casys-kaist/segfuzz
Less is more: refinement proofs for probabilistic proofs.	https://github.com/PepperSieve/vprexocompiler
Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability.	https://github.com/fast-sp-2023/fast
BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations.	https://github.com/BLEDiff
It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses.	https://github.com/SoheilKhodayari/TheThing
SoK: Taxonomy of Attacks on Open-Source Software Supply Chains.	https://doi.org/10.5281/zenodo.6395965
SoK: Certified Robustness for Deep Neural Networks.
3DFed: Adaptive and Extensible Framework for Covert Backdoor Attack in Federated Learning.	https://github.com/haoyangliASTAPLE/3DFed
ViDeZZo: Dependency-aware Virtual Device Fuzzing.	https://github.com/HexHive/ViDeZZo
Side Eye: Characterizing the Limits of POV Acoustic Eavesdropping from Smartphone Cameras with Rolling Shutters and Movable Lenses.	https://sideeyeattack.github.io/Website/
Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing.	https://github.com/longyan97/EyeglassFilter
Practical Program Modularization with Type-Based Dependence Analysis.	https://github.com/umnsec/typm
From 5G Sniffing to Harvesting Leakages of Privacy-Preserving Messengers.	https://github.com/NorbLd/5GSniffer
SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration.	https://github.com/
RoFL: Robustness of Secure Federated Learning.	https://github.com/pps-lab/fl-analysis
Flamingo: Multi-Round Single-Server Secure Aggregation with Applications to Private Federated Learning.
When Top-down Meets Bottom-up: Detecting and Exploiting Use-After-Cleanup Bugs in Linux Kernel.	https://github.com/uacatcher/uacatcher-repo
Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards.	https://iotrim.github.io/safeguards.html
REGA: Scalable Rowhammer Mitigation with Refresh-Generating Activations.	https://comsec.ethz.ch/rega
SoK: Cryptographic Neural-Network Computation.	https://sokcryptonn.github.io
Disguising Attacks with Explanation-Aware Backdoors.	https://intellisec.de/research/xai-backdoor
Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testing.	https://github.com/microsoft/sca-fuzzer
XFL: Naming Functions in Binaries with Extreme Multi-label Learning.	https://github.com/unibw-patch/xfl
Lambretta: Learning to Rank for Twitter Soft Moderation.	https://github.com/idramalab/lambretta
Examining Zero-Shot Vulnerability Repair with Large Language Models.	https://zenodo.org/record/7199939
High-Order Masking of Lattice Signatures in Quasilinear Time.	https://github.com/masksign/sp23-craccoon
Deepfake Text Detection: Limitations and Opportunities.	https://github.com/jmpu/DeepfakeTextDetection
Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations.	https://github.com/emsec/ChipSuite
BlindHub: Bitcoin-Compatible Privacy-Preserving Payment Channel Hubs Supporting Variable Amounts.	https://github.com/blind-channel/blind-hub
On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive Learning.	https://github.com/YitingQu/meme-evolution
ELSA: Secure Aggregation for Federated Learning with Malicious Actors.	https://github.com/ucbsky/elsa
The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web.	https://github.com/cispa/xs-observations
Blue Is the New Black (Market): Privacy Leaks and Re-Victimization from Police-Auctioned Cellphones.	https://policeauctions.cs.umd.edu
zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure.	https://github.com/rozbb/zkcreds-rs
Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential Privacy.	https://github.com/FudanMPL/SecMML
Precise Detection of Kernel Data Races with Probabilistic Lockset Analysis.	<www.github.com/gryan11/PLA>
IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation.
Public Verification for Private Hash Matching.	https://github.com/citp/pvphm
Practical Timing Side-Channel Attacks on Memory Compression.	https://github.com/IAIK/Memory-Compression-Attacks
Private Access Control for Function Secret Sharing.	https://github.com/sachaservan/pacl
Typing High-Speed Cryptography against Spectre v1.	https://artifacts.formosa-crypto.org/data/selslh.tar.bz2
Shedding Light on Inconsistencies in Grid Cybersecurity: Disconnects and Recommendations.	https://github.com/bsinger98/CyberGridSim
ShadowNet: A Secure and Efficient On-device Model Inference System for Convolutional Neural Networks.	https://github.com/RiS3-Lab/ShadowNet
Blue's Clues: Practical Discovery of Non-Discoverable Bluetooth Devices.	https://github.com/TylerTucker/BluesClues
WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms.	https://secpriv.github.io/webspec/report.pdf
Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid Distribution.	https://github.com/spring-epfl/not-yet-another-id-code
TeSec: Accurate Server-side Attack Investigation for Web Applications.	https://github.com/tesec-open/tesec
GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics.	https://sunlab-gmu.github.io/GraphSPD
Volttack: Control IoT Devices by Manipulating Power Supply Voltage.	https://github.com/USSLab/Volttack
"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain.	https://publications.teamusec.de/2023-oakland-oss-consumers/
Space Odyssey: An Experimental Software Security Analysis of Satellites.	https://github.com/CISPA-SysSec/SpaceOdyssey-QEMU-AVR32
DepthFake: Spoofing 3D Face Authentication with a 2D Photo.	https://sites.google.com/view/depthfake
From Grim Reality to Practical Solution: Malware Classification in Real-World Noise.	https://github.com/nuwuxian/morse
ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic Masking.	https://github.com/inspire-group/ObjectSeeker
A Theory to Instruct Differentially-Private Learning via Clipping Bias Reduction.	https://github.com/zihangxiang/A-Theory-to-Instruct-Differentially-Private-Learning-via-Clipping-Bias-Reduction.git
WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches.	https://github.com/HexHive/WarpAttack
Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers.	https://whyisyoung.github.io/JigsawPuzzle
D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling.	https://github.com/yapengye/D-ARM
Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective.	https://github.com/kdrag0n/safetynet-fix/blob/master/docs/details.md
GeeSolver: A Generic, Efficient, and Effortless Solver with Self-Supervised Learning for Breaking Text Captchas.	https://github.com/NSSL-SJTU/GeeSolver
Limits of I/O Based Ransomware Detection: An Imitation Based Attack.	https://github.com/ChijinZ/Animagus
Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable Switches.	https://github.com/hczhou574/Mew-prototype
Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive Learning.	https://github.com/vul337/Callee
TrojanModel: A Practical Trojan Attack against Automatic Speech Recognition Systems.	https://sites.google.com/
WeRLman: To Tackle Whale (Transactions), Go Deep (RL).	https://github.com/roibarzur/pto-selfish-mining

2022 (80)

Paper	Artifact
How to Attack and Generate Honeywords.	https://github.com/honeyword/honeywords-project
LINKTELLER: Recovering Private Edges from Graph Neural Networks via Influence Analysis.	https://aisecure.github.io/PUBLICATIONS/files/LinkTeller.pdf
Exploit the Last Straw That Breaks Android Systems.	<Https://github.com/kekeLian/StrawFuzzer>
Low-Bandwidth Threshold ECDSA via Pseudorandom Correlation Generators.	https://github.com/ZenGo-X/silent-ecdsa
Spook.js: Attacking Chrome Strict Site Isolation via Speculative Execution.
HARDLOG: Practical Tamper-Proof System Auditing Using a Novel Audit Device.	https://github.com/microsoft/HardLog
Four Attacks and a Proof for Telegram.	https://github.com/DrKLO/
Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques.	https://github.com/Secure-Platforms-Lab-W-M/MASC-Artifact
Transcending TRANSCEND: Revisiting Malware Classification in the Presence of Concept Drift.	https://s2lab.cs.ucl.ac.uk/projects/transcend/
IronMask: Versatile Verification of Masking Security.	https://github.com/CryptoExperts/IronMask
ProVerif with Lemmas, Induction, Fast Subsumption, and Much More.	https://proverif.inria.fr/snp22/
Mind the Gap: Studying the Insecurity of Provably Secure Embedded Trusted Execution Architectures.	https://github.com/martonbognar/gap-attacks ✓
Bad Characters: Imperceptible NLP Attacks.	https://proceedings.neurips.cc/paper/2021
Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security.	https://github.com/eurecom-s3/noise-sdr
Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models.	https://github.com/Testing4AI/DeepJudge
JIGSAW: Efficient and Scalable Path Constraints Fuzzing.	https://github.com/R-Fuzz/jigsaw
Delay Wreaks Havoc on Your Smart Home: Delay-based Automation Interference Attacks.	https://github.com/vanhoefm/modwifi
Repairing DoS Vulnerability of Real-World Regexes.	https://github.com/NariyoshiChida/SP2022
Practical Asynchronous Distributed Key Generation.	https://github.com/sourav1547/adkg
Waldo: A Private Time-Series Database from Function Secret Sharing.	https://github.com/ucbrise/waldo
DEEPCASE: Semi-Supervised Contextual Analysis of Security Events.	https://github.com/Thijsvanede/DeepLog
Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices.	https://github.com/ucsdsysnet/blephytracking.git
Surakav: Generating Realistic Traces for a Strong Website Fingerprinting Defense.	https://github.com/websitefingerprinting/surakav-imp
HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images.	<github.com/ucsb-seclab/heapster>
Adversarial Prefetch: New Cross-Core Cache Side Channel Attacks.	https://github.com/PittECEArch/AdversarialPrefetch
How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study.	https://publications.teamusec.de/2022-oakland-usec-in-sdps/
Hark: A Deep Learning System for Navigating Privacy Feedback at Scale.	<github.com/google/hark>
Noise*: A Library of Verified High-Performance Secure Channel Protocol Implementations.	https://github.com/Inria-Prosecco/noise-star
ShorTor: Improving Tor Network Latency via Multi-hop Overlay Routing.	https://github.com/sachaservan/ShorTor
IRQDebloat: Reducing Driver Attack Surface in Embedded Devices.	https://github.com/messlabnyu/irqdebloat
AccEar: Accelerometer Acoustic Eavesdropping with Unconstrained Vocabulary.	https://github.com/hui-zhuang/AccEar.git
BEACON: Directed Grey-Box Fuzzing with Provable Path Pruning.	https://hub.docker.com/r/yguoaz/beacon
"They're not that hard to mitigate": What Cryptographic Library Developers Think About Timing Attacks.	https://crocs.fi.muni.cz/public/papers/
BLACKSMITH: Scalable Rowhammering in the Frequency Domain.	https://github.com/comsec-group/blacksmith
BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning.	https://github.com/jjy1994/BadEncoder
Peekaboo: A Hub-Based Approach to Enable Transparency in Data Processing within Smart Homes.	https://github.com/CMUChimpsLab/Peekaboo
FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks.	<Https://github.com/purseclab/fuzzusb>
PGPatch: Policy-Guided Logic Bug Patching for Robotic Vehicles.	https://github.com/purseclab/PGPatch/
Finding and Exploiting CPU Features using MSR Templating.	https://github.com/IAIK/msrevelio
Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks.	https://github.com/unibw-patch/Kaibyo
PATA: Fuzzing with Path Aware Taint Analysis.	https://github.com/PATA-FUZZ/pata
GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs.	https://github.com/Markakd/GREBE
Piccolo: Exposing Complex Backdoors in NLP Transformer Models.	https://github.com/PurduePAML/PICCOLO
SoK: How Robust is Image Classification Deep Neural Network Watermarking?	https://github.com/dnn-security/Watermark-Robustness-Toolbox
Goshawk: Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis.	https://goshawk.code-analysis.org
Property Inference from Poisoning.	https://github.com/smahloujifar/
Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings.	https://github.com/AlgebraLoveme/Transfer-Attacks-Revisited-A-Large-Scale-Empirical-Study-in-Real-Computer-Vision-Settings
SPIRAL: Fast, High-Rate Single-Server PIR via FHE Composition.	https://github.com/menonsamir/spiral
Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation.	https://github.com/vusec/typeisolation
Privacy-from-Birth: Protecting Sensed Data from Malicious Sensors with VERSA.	https://github.com/sprout-uci/pfb
DeepCoFFEA: Improved Flow Correlation Attacks on Tor via Metric Learning and Amplification.	https://github.com/traffic-analysis/deepcoffea
CirC: Compiler infrastructure for proof systems, software verification, and more.	<github.com/circify/circ>
Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents.	https://github.com/RFCNLP
Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions.	https://doi.org/10.5281/zenodo.5225650
Quantifying Blockchain Extractable Value: How dark is the forest?	https://github.com/flashbots
DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories.	https://github.com/casrl/DeepSteal-exploit
SecFloat: Accurate Floating-Point meets Secure 2-Party Computation.	https://github.com/mpc-msri/EzPC
Wobfuscator: Obfuscating JavaScript Malware via Opportunistic Translation to WebAssembly.	https://github.com/js2wasm-obfuscator/translator
SNARKBlock: Federated Anonymous Blocklisting from Hidden Common Input Aggregate Proofs.	https://github.com/rozbb/snarkblock
SYMBEXCEL: Automated Analysis and Understanding of Malicious Excel 4.0 Macros.	https://github.com/ucsb-seclab/symbexcel
Scraping Sticky Leftovers: App User Information Left on Servers After Account Deletion.	https://github.com/LeftoverAccountInformation/LAI
Private Approximate Nearest Neighbor Search with Sublinear Communication.	https://github.com/sachaservan/private-ann
Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis.	https://github.com/Dongdongshe/K-Scheduler
Model Stealing Attacks Against Inductive Graph Neural Networks.	https://github.com/xinleihe/GNNStealing
Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust.	https://github.com/lanjelot/
IRShield: A Countermeasure Against Adversarial Physical-Layer Wireless Sensing.	https://doi.org/10.5281/zenodo.6367411
ZeeStar: Private Smart Contracts by Homomorphic Encryption and Zero-knowledge Proofs.	https://github.com/eth-sri/zkay/tree/sp2022
27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University.	https://publications.teamusec.de/2022-oakland-email/
Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security.	https://github.com/ModelOrth/MOTH
SIRAJ: A Unified Framework for Aggregation of Malicious Entity Detectors.	https://github.com/qcri/SIRAJ
Sphinx: Enabling Privacy-Preserving Online Learning over the Cloud.	https://github.com/OpenMined/TenSEAL
Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest.	https://github.com/FPSG-UIUC/augury
RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone.	https://github.com/WUSTL-CSPL/RT-TEE
Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects.	https://publications.teamusec.de/2022-oakland-sec-oss/
DEPCOMM: Graph Summarization on System Audit Logs for Attack Investigation.	https://github.com/ieeesp2021sub/depcomm
WTAGRAPH: Web Tracking and Advertising Detection using Graph Neural Networks.	https://github.com/jun521ju/
SHADEWATCHER: Recommendation-guided Cyber Threat Analysis using System Audit Records.	https://github.com/jun-zeng/ShadeWatcher
Graphics Peeping Unit: Exploiting EM Side-Channel Information of GPUs to Eavesdrop on Your Neighbors.	https://github.com/0x5ec1ab/gpu-mem-em-sig-processing
vSGX: Virtualizing SGX Enclaves on AMD SEV.	<github.com/OSUSeclab/vSGX>
Locally Differentially Private Sparse Vector Aggregation.	https://github.com/wuwuz/sparse-vector-aggregation

2021 (62)

Paper	Artifact
SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems.	https://sites.google.com/view/adv-asr-sok/
Bitcoin-Compatible Virtual Channels.	https://github.com/utxo-virtual-channels/vc
An Interactive Prover for Protocol Verification in the Computational Model.	https://hal.archives-ouvertes.fr/hal-03172119
Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks.	https://github.com/netx-repo/RegexNet
Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land.	https://github.com/ssloxford/livingofftheland
The EMV Standard: Break, Fix, Verify.	https://emvrace.github.io/
DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers.	https://github.com/eth-sri/dp-sniper
Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem.	https://github.com/Android-Observatory/FotaFinder
Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks.	https://sites.google.com/view/cav-sec/msf-adv
Is Private Learning Possible with Instance Encoding?	https://github.com/Hazelsuko07/InstaHide
Compositional Security for Reentrant Applications.	https://www.cs.cornell.edu/jif
Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems.	https://sites.google.com/view/fakebob
Data Privacy in Trigger-Action Systems.	https://github.com/EarlMadSec/etap
Detecting Filter List Evasion with Event-Loop-Turn Granularity JavaScript Signatures.	https://github.com/brave/brave-browser/wiki/PageGraph
Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis.	https://sites.google.com/view/atomic-bookworm
One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation.	https://github.com/s3team/Polyglot
Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS).	http://github.com/PurdueDualityLab/memoized-regex-engine/
A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer.	https://github.com/secure-foundations/everquic-dafny
Many-out-of-Many Proofs and Applications to Anonymous Zether.	<github.com/benediamond/anonymous-zether>
Doing good by fighting fraud: Ethical anti-fraud systems for mobile payments.	https://eng.lyft.com/stopping-fraudsters-by-changing-products-452240f2d2cc
Black Widow: Blackbox Data-driven Web Scanning.	https://www.cse.chalmers.se/research/group/security/black-widow/
Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems.	https://github.com/DistriNet/evil-epubs
Compositional Non-Interference for Fine-Grained Concurrent Programs.	https://iris-project.org/
Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting.	https://github.com/gerlion/secure-e-voting-with-coq
A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces.	https://github.com/OnsiteAnalysis/OASIS
They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites.	https://publications.teamusec.de/
Post-quantum WireGuard.	https://cryptojedi.org/
Epochal Signatures for Deniable Group Chats.	https://github.com/mkannwischer/xmssfs
DifuzzRTL: Differential Fuzz Testing to Find CPU Bugs.	https://github.com/compsec-snu/difuzz-rtl
Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors.	https://uiowa-irl.github.io/FP-Inspector
Poltergeist: Acoustic Adversarial Machine Learning against Cameras and Computer Vision.	https://github.com/USSLab/PoltergeistAttack
Proof-of-Learning: Definitions and Practice.	<github.com/cleverhans-lab/Proof-of-Learning>
Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.	http://dx.doi.org/10.14279/depositonce-10440
CANNON: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers.	https://github.com/sksecurity/cannon
Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings.	https://sites.google.com/view/custom-permission
ARBITRAR: User-Guided API Misuse Detection.	https://github.com/petablox/arbitrar
PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption.	https://github.com/Alibaba-Gemini-Lab/OpenPEGASUS
DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis.	https://github.com/RiS3-Lab/DICE-D
Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma.	https://github.com/tse-group/gasper-attack
SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically.	https://github.com/reentrancy/sGuard
DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection.	https://github.com/taptipalit/dynpta
SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask.	https://github.com/junxzm1990/x86-sok
Improving Password Guessing via Representation Learning.	https://github.com/pasquini-dario/PLR
CRYLOGGER: Detecting Crypto Misuses Dynamically.	https://github.com/lucapiccolboni/crylogger
Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization.	https://github.com/marin-m/vmlinux-to-elf
CrossTalk: Speculative Data Leaks Across Cores Are Real.	https://www.vusec.net/projects/crosstalk
SiRnn: A Math Library for Secure RNN Inference.	https://github.com/mpc-msri/EzPC
Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices.	https://github.com/ucsb-seclab/diane
SmartPulse: Automated Checking of Temporal Properties in Smart Contracts.	https://github.com/crytic/
Lockable Signatures for Blockchains: Scriptless Scripts for All Signatures.	https://github.com/Chia
Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time.	https://github.com/timothytrippel/bomberman
Method Confusion Attack on Bluetooth Pairing.	https://github.com/maxdos64/BThack
SoK: Fully Homomorphic Encryption Compilers.	https://github.com/MarbleHE/SoK
HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises.	https://www.hackedu.com/
Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages.	https://github.com/HarvardPL/Co-InflowPrototype
Detecting AI Trojans Using Meta Neural Analysis.	https://github.com/AI-secure/
Happer: Unpacking Android Apps via a Hardware-Assisted Approach.	https://github.com/rewhy/happer
An I/O Separation Model for Formal Verification of Kernel Implementations.	https://github.com/superymk/iosep
ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis.	https://sites.google.com/view/condysta2020
StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting.	https://github.com/ZhangZhuoSJTU/StochFuzz
On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols.	https://github.com/arthurgervais/pow_mdp
Self-Supervised Euphemism Detection and Identification for Content Moderation.	https://github.com/WanzhengZhu/Euphemism

2020 (41)

Paper	Artifact
CrypTFlow: Secure TensorFlow Inference.	https://github.com/mpc-msri/EzPC
MarkUs: Drop-in use-after-free prevention for low-level languages.	https://github.com/SamAinsworth/MarkUs-sp2020
The Last Mile: High-Assurance and High-Speed Cryptographic Implementations.	https://github.com/tfaoliveira/libjc
BIAS: Bluetooth Impersonation AttackS.	https://github.com/francozappa/bias
Ijon: Exploring Deep State Spaces via Fuzzing.	https://github.com/RUB-SysSec/ijon
ZEXE: Enabling Decentralized Private Computation.	https://github.com/scipr-lab/zexe
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection.	http://www.openssl.org
HopSkipJumpAttack: A Query-Efficient Decision-Based Attack.	https://github.com/Jianbo-Lab/HSJA/
Pseudorandom Black Swans: Cache Attacks on CTR_DRBG.	<github.com/bl4ck5un/>
Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers.	https://github.com/vusec/drammer-app
Even Black Cats Cannot Stay Hidden in the Dark: Full-band De-anonymization of Bluetooth Classic Devices.	https://github.com/bsnet/btsniffer
Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.	https://github.com/pdaian/flashboys2
RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization.	https://github.com/HexHive/retrowrite
A Security Analysis of the Facebook Ad Library.	https://www.theatlantic.com/technology/archive/2018/10/the-secretive-organization-quietly-buying-millions-in-facebook-political-ads/573289/
Spectector: Principled Detection of Speculative Information Flows.	https://spectector.github.io
How not to prove your election outcome.	https://github.com/StefanosChaliasos/gsoc17module-zeus
TextExerciser: Feedback-driven Text Input Exercising for Android Applications.	<Https://github.com/yyyyHe/TextExerciser>
AdGraph: A Graph-Based Approach to Ad and Tracker Blocking.	https://uiowa-irl.github.io/AdGraph/
Semantic Understanding of Smart Contracts: Executable Operational Semantics of Solidity.	https://github.com/kframework/solidity-semantics
SPIDER: Enabling Fast Patch Propagation In Related Software Repositories.	https://github.com/bminor/glibc.git
Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses.	https://github.com/and
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs.	https://this-pin-can-be-easily-guessed.github.io
Do Cookie Banners Respect my Choice? : Measuring Legal Compliance of Banners from IAB Europe's Transparency and Consent Framework.	https://github.com/Perdu/Cookinspect
Plundervolt: Software-based Fault Injection Attacks against Intel SGX.	https://github.com/KitMurdock/plundervolt
Ask the Experts: What Should Be on an IoT Privacy and Security Label?
ICLab: A Global, Longitudinal Internet Censorship Measurement Platform.	https://citizenlab.ca/2015/10/information-controls-military-
Privacy Risks of General-Purpose Language Models.	https://github.com/PaddlePaddle/ERNIE
Fuzzing JavaScript Engines with Aspect-preserving Mutation.	https://github.com/sslab-gatech/DIE
VerX: Safety Verification of Smart Contracts.	https://github.com/eth-sri/verx-benchmarks
EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider.	https://project-everest.github.io/
Karonte: Detecting Insecure Multi-binary Interactions in Embedded Firmware.	https://github.com/ucsb-seclab/karonte
HydRand: Efficient Continuous Distributed Randomness.	https://github.com/PhilippSchindler/hydrand
Path Oblivious Heap: Optimal and Practical Oblivious Priority Queue.	https://github.com/obliviousram/PathOHeap
VERISMART: A Highly Precise Safety Verifier for Ethereum Smart Contracts.	https://nvd.nist.gov/vuln/detail/CVE-2018-13326
Towards Scalable Threshold Cryptosystems.	https://github.com/alinush/libpolycrypto
Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd.	https://wpa3.mathyvanhoef.com/#tools
High Precision Open-World Website Fingerprinting.	https://github.com/OpenWF/openwf.git
SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal Assumptions.	https://github.com/an
Unexpected Data Dependency Creation and Chaining: A New Attack to SDN.	https://github.com/xiaofen9/SVHunter
OHIE: Blockchain Scaling Made Simple.	https://github.com/ivicanikolicsg/OHIE
Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps.	<github.com/OSUSecLab/InputScope>

2019 (28)

Paper	Artifact
SoK: Shining Light on Shadow Stacks.	https://github.com/HexHive/ShadowStack
Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem.	https://github.com/GoogleChrome/puppeteer
F-BLEAU: Fast Black-Box Leakage Estimation.	https://github.com/gchers/fbleau
SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security.	https://github.com/UNCSecLab/hpc.git
True2F: Backdoor-Resistant Authentication Tokens.	https://github.com/edauterman/true2f
Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization.	https://github.com/McGill-DMaS/Kam1n0-Plugin-IDA-Pro
Threshold ECDSA from ECDSA Assumptions: The Multiparty Case.	https://gitlab.com/neucrypt/mpecdsa
Perun: Virtual Payment Hubs over Cryptocurrencies.	https://github.com/PERUNnetwork/Perun
Simple High-Level Code for Cryptographic Arithmetic - With Proofs, Without Compromises.	https://github.com/mit-plv/fiat-crypto
Fidelius: Protecting User Secrets from Compromised Browsers.	https://github.com/SabaEskandarian/Fidelius
An Extensive Formal Security Analysis of the OpenID Financial-Grade API.	https://tools.ietf.org/html/draft-ietf-oauth-security-topics
SoK: General Purpose Compilers for Secure Multi-Party Computation.	https://github.com/MPC-SoK/frameworks
Razzer: Finding Kernel Race Bugs through Fuzzing.	https://github.com/compsec-snu/razzer
Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane.	https://github.com/fgsect/scat
Spectre Attacks: Exploiting Speculative Execution.	https://gist.github.com/anonymous/99a72c9c1003f8ae0707b4927ec1bd8a
Certified Robustness to Adversarial Examples with Differential Privacy.	https://github.com/columbia/pixeldp
Reasoning Analytically about Password-Cracking Software.	https://github.com/UChicagoSUPERgroup/analytic-password-cracking
Resident Evil: Understanding Residential IP Proxy as a Dark Service.	http://rpaas.site
Full-Speed Fuzzing: Reducing Fuzzing Overhead through Coverage-Guided Tracing.	https://github.com/FoRTE-Research/UnTracer-AFL
How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples.	https://github.com/SP2atMC2/SampleComparison
Breaking LTE on Layer Two.	http://www.alter-attack.net
RIDL: Rogue In-Flight Data Load.	https://ridl.eu
NEUZZ: Efficient Fuzzing with Neural Program Smoothing.	http://github.com/dongdongshe/neuzz
SoK: Sanitizing for Security.	https://github.com/securesystemslab/sanitizing-for-security-benchmarks
LBM: A Security Framework for Peripherals within the Linux Kernel.	https://github.com/FICS/lbm
Theory and Practice of Finding Eviction Sets.	https://github.com/cgvwzq/evsets
SensorID: Sensor Calibration Fingerprinting for Smartphones.	https://sensorid.cl.cam.ac.uk/
Why Does Your Data Leak? Uncovering the Data Leakage in Cloud from Mobile Apps.	https://github.com/OSUSecLab/LeakScope

2018 (14)

Paper	Artifact
DEEPSEC: Deciding Equivalence Properties in Security Protocols Theory and Practice.	https://deepsec-prover.github.io
Secure Two-party Threshold ECDSA from ECDSA Assumptions.	https://gitlab.com/neucrypt/mpecdsa/
When Your Fitness Tracker Betrays You: Quantifying the Predictability of Biometric Features Across Contexts.	https://ora.ox.ac.uk/objects/uuid:0175c157-2c9b-47d0-aa77-febaf07fca71
AI2: Safety and Robustness Certification of Neural Networks with Abstract Interpretation.	http://ai2.ethz.ch
Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning.	https://github.com/jagielski/manip-ml
Compiler-Assisted Code Randomization.	https://github.com/kevinkoo001/CCR
Tracking Certificate Misissuance in the Wild.	https://github.com/zmap/zlint
FuturesMEX: Secure, Distributed Futures Market Exchange.	https://github.com/bristolcrypto/SPDZ-2
Distance-Bounding Protocols: Verification without Time and Location.	http://satoss.uni.lu/software/DBVerify/
T-Fuzz: Fuzzing by Program Transformation.	https://github.com/HexHive/T-Fuzz
A Tale of Two Studies: The Best and Worst of YubiKey Usability.	https://isrl.byu.edu/data/
Routing Around Congestion: Defeating DDoS Attacks and Adverse Network Conditions via Reactive BGP Routing.	https://github.com/VolSec/chaos
FP-STALKER: Tracking Browser Fingerprint Evolutions.	https://github.com/Spirals-Team/FPStalker
Doubly-Efficient zkSNARKs Without Trusted Setup.	https://github.com/hyraxZK

2017 (24)

Paper	Artifact
Identifying Personal DNA Methylation Profiles by Genotype Inference.	https://github.com/paberr/ciphermed-forests
Hijacking Bitcoin: Routing Attacks on Cryptocurrencies.	https://btc-hijack.ethz.ch
Backward-Bounded DSE: Targeting Infeasibility Questions on Obfuscated Codes.	http://github.com/Z3Prover/z3
Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate.	https://github.com/inria-prosecco/reftls
SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations.	https://github.com/wolfSSL/wolfssl/commit/d248a7660cc441b68dc48728b10256e852928ea3
Protecting Bare-Metal Embedded Systems with Privilege Overlays.	https://github.com/HexHive/EPOXY
Machine-Checked Proofs of Privacy for Electronic Voting Protocols.	https://github.com/catalindragan/minivoting-privacy
Implementing and Proving the TLS 1.3 Record Layer.	https://project-everest.github.io/record/
To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild.	https://github.com/David-Reguera-Garcia-Dreg/anticuckoo
Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security.	https://rtyley.github.io/spongycastle/
SoK: Cryptographically Protected Database Search.	https://github.com/mitll-csa/
Hardening Java's Access Control by Abolishing Implicit Privilege Elevation.	https://github.com/stg-tud/jdeopt
VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery.	https://iotcube.net/our
Securing Augmented Reality Output.	https://github.com/AlDanial/cloc/releases/tag/v1.70
Pyramid: Enhancing Selectivity in Big Data Protection with Count Featurization.	https://columbia.github.io/selective-data-systems/
SoK: Exploiting Network Printers.	http://www.bbc.com/news/technology-38879671
From Trash to Treasure: Timing-Sensitive Garbage Collection.	http://users-cs.au.dk/askarov/gc-timing/
NEZHA: Efficient Domain-Independent Differential Testing.	https://github.com/nezha-dt
Membership Inference Attacks Against Machine Learning Models.	https://github.com/frankmcsherry/blog/blob/master/posts/2016-06-14.md
HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL/TLS Implementations.	https://github.com/HVLearn
Scalable Bias-Resistant Distributed Randomness.	https://github.com/dedis/cothority
Catena: Efficient Non-equivocation via Bitcoin.	https://github.com/non-equivocation/catena-java
Cryptographic Function Detection in Obfuscated Binaries via Bit-Precise Symbolic Loop Mapping.	https://github.com/s3team/CryptoHunt
vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases.	https://github.com/integridb/Code

2016 (9)

Paper	Artifact
Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication.	http://tls13tamarin.github.io/TLS13Tamarin/
A Method for Verifying Privacy-Type Properties: The Unbounded Case.	http://projects.lsv.ens-cachan.fr/ukano/
Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks.
Cloak of Visibility: Detecting When Machines Browse a Different Web.	http://w3c.github.io/webappsec/specs/
PhotoProof: Cryptographic Image Authentication for Any Set of Permissible Transformations.	https://github.com/scipr-lab/libsnark
Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks.	<github.com/uncseclab>
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning.	https://github.com/dedis/cothority
Verifiable ASICs.	http://www.pepper-project.org/
Revisiting Square-Root ORAM: Efficient Random Access in Multi-party Computation.	http://oblivc.org/

2015 (11)

Paper	Artifact
ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data.	https://github.com/scipr-lab/libsnark
Micro-Policies: Formally Verified, Tag-Based Security Monitors.	https://github.com/micro-policies/micro-policies-coq
Secure Sampling of Public Parameters for Succinct Zero Knowledge Proofs.	https://github.com/scipr-lab/libsnark
SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies.	https://bitcointalk.org/
Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem.	https://github.com/dstebila/rlwekex
Riposte: An Anonymous Messaging System Handling Millions of Users.	https://bitbucket.org/henrycg/riposte/
Caelus: Verifying the Consistency of Cloud Services with Battery-Powered Devices.	https://github.com/milliseconds
ObliVM: A Programming Framework for Secure Computation.	http://www.oblivm.com
GraphSC: Parallel Secure Computation Made Easy.	http://www.oblivm.com
Effective Real-Time Android Application Auditing.	https://github.com/mingyuan-xia/AppAudit/wiki/BeanBot-analysis-report
Automatic Inference of Search Patterns for Taint-Style Vulnerabilities.	https://github.com/fabsx00/querygen

2014 (9)

Paper	Artifact
Secure Multiparty Computations on Bitcoin.	<en.bitcoin.it/wiki/Contracts>
Hacking Blind.	http://www.scs.stanford.edu/brop/
When HTTPS Meets CDN: A Case of Authentication in Delegated Service.	https://github.com/cdnsec
Stopping a Rapid Tornado with a Puff.	http://www.lasige.di.fc.ul.pt/openrq/514
Quantifying Information Flow for Dynamic Secrets.	https://github.com/plum-umd/qif/tree/master/oakland14
Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains.
Wysteria: A Programming Language for Generic, Mixed-Mode Multiparty Computations.	http://bitbucket.org/aseemr/wysteria
Automated Verification of Group Key Agreement Protocols.	http://tamarin-prover.github.io
Practical Evasion of a Learning-Based Classifier: A Case Study.	https://github.com/srndic/mimicus

2013 (7)

Paper	Artifact
Efficient Garbling from a Fixed-Key Blockcipher.	http://cseweb.ucsd.edu/groups/justgarble
Declarative, Temporal, and Practical Programming with Capabilities.	http://minds.wisconsin.edu/handle/1793/64927
A Scanner Darkly: Protecting User Privacy from Perceptual Applications.	https://github.com/liquidmetal/
Anon-Pass: Practical Anonymous Subscriptions.	http://z.cs.utexas.edu/users/osa/anon-pass/
Welcome to the Entropics: Boot-Time Entropy in Embedded Devices.	https://github.com/RobertCNelson/stable-kernel
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization.	http://github.com/pakt/ropc
Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework.	http://xmhf.org

2012 (8)

Paper	Artifact
Detecting Hoaxes, Frauds, and Deception in Writing Style Online.	https://psal.cs.drexel.edu
Sharing Mobile Code Securely with Information Flow Control.	http://www.cs.cornell.edu/projects/fabric
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes.	<www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.html>
Hummingbird: Privacy at the Time of Twitter.	http://sprout.ics.uci.edu/hummingbird
Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail.	http://www.kpdyer.com/
ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions.	https://github.com/skyhover/Deckard
Third-Party Web Tracking: Policy and Technology.	http://webpolicy.org/2012/
Dissecting Android Malware: Characterization and Evolution.	http://paulsparrows.wordpress.com/2011/08/11/one-year-of-android-malware-full-list/

2010 (2)

Paper	Artifact
A Proof-Carrying File System.	http://www.openssl.org
Chip and PIN is Broken.	http://www.lightbluetouchpaper.org/2010/02/11/chip-and-pin-is-broken/444

2009 (1)

Paper	Artifact
Plaintext Recovery Attacks against SSH.	http://www.openssh.org/security.html

2008 (3)

Paper	Artifact
ClearShot: Eavesdropping on Keyboard Input from Video.
Civitas: Toward a Secure Voting System.	http://www.cs.cornell.edu/projects/civitas
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.	http://www.secure-medicine.org

2006 (2)

Paper	Artifact
A Framework for the Evaluation of Intrusion Detection Systems.	http://www.cshcn.umd.edu/research/IDSanalyzer
Locating Hidden Servers.	http://freehaven.net/anonbib/

2003 (2)

Paper	Artifact
Active Mapping: Resisting NIDS Evasion without Altering Traffic.
Using Replication and Partitioning to Build Secure Distributed Systems.	http://www.cs.cornell.edu/jif

2002 (1)

Paper	Artifact
Optical Time-Domain Eavesdropping Risks of CRT Displays.	http://cryptome.org/nsa-tempest.htm

2000 (1)

Paper	Artifact
Kronos: A Scalable Group Re-Keying Approach for Secure Multicast.

USENIX

2025 (68)

Paper	Artifact
Easy As Child’s Play: An Empirical Study on Age Verification of Adult-Oriented Android Apps	https://zenodo.org/records/14688696
Abusability of Automation Apps in Intimate Partner Violence	https://doi.org/10.5061/dryad.b2rbnzssm
A First Look at Governments’ Enterprise Security Guidance	https://doi.org/10.5281/zenodo.15612458
Mind the Inconspicuous: Revealing the Hidden Weakness in Aligned LLMs’ Refusal Boundaries	https://github.com/sherdencooper/XLLM
My ZIP isn’t your ZIP: Identifying and Exploiting Semantic Gaps Between ZIP Parsers	https://github.com/ouuan/ZipDiff
SoK: Towards a Unified Approach to Applied Replicability for Computer Security	https://zenodo.org/records/15616973
Exposing the Guardrails: Reverse-Engineering and Jailbreaking Safety Filters in DALL*E Text-to-Image Pipelines	https://github.com/corbanvilla/T2I-Attacks-USENIX-2025
Neural Invisibility Cloak: Concealing Adversary in Images via Compromised AI-driven Image Signal Processing	https://sites.google.com/view/neural-invisibility-cloak
Backdooring Bias (B^2) into Stable Diffusion Models	https://doi.org/10.5281/zenodo.15612673
CloudFlow: Identifying Security-sensitive Data Flows in Serverless Applications	https://doi.org/10.5281/zenodo.15609299
Approve Once, Regret Forever: On the Exploitation of Ethereum’s Approve-TransferFrom Ecosystem	https://zenodo.org/records/15599087
SoK: Inaccessible & Insecure: An Exposition of Authentication Challenges Faced by Blind and Visually Impaired Users in State-of-the-Art Academic Proposals	https://doi.org/10.5281/zenodo.15612034
SoK: Come Together - Unifying Security, Information Theory, and Cognition for a Mixed Reality Deception Attack Ontology & Analysis Framework	https://doi.org/10.5281/zenodo.14732979
I Know What You Said: Unveiling Hardware Cache Side-Channels in Local Large Language Model Inference	https://doi.org/10.5281/zenodo.15610475
AidFuzzer: Adaptive Interrupt-Driven Firmware Fuzzing via Run-Time State Recognition	https://github.com/wjqsec/aidfuzzer
Efficient 2PC for Constant Round Secure Equality Testing and Comparison	https://doi.org/10.5281/zenodo.14580231
zkGPT: An Efficient Non-interactive Zero-knowledge Proof Framework for LLM Inference	https://zenodo.org/records/14727819
Efficient Multi-Party Private Set Union Without Non-Collusion Assumptions	https://doi.org/10.5281/zenodo.14694832
“I wasn’t sure if this is indeed a security risk”: Data-driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source npm Packages	https://zenodo.org/records/15614029
Context Matters: Qualitative Insights into Developers’ Approaches and Challenges with Software Composition Analysis	https://doi.org/10.5281/zenodo.15537121
A limited technical background is sufficient for attack-defense tree acceptability	https://doi.org/10.5281/zenodo.14717342
“It’s not my responsibility to write them”: An Empirical Study of Software Product Managers and Security Requirements	https://doi.org/10.6084/m9.figshare.29234525
Patching Up: Stakeholder Experiences of Security Updates for Connected Medical Devices	https://doi.org/10.4121/71a01e8f-b432-4a40-b922-c1e1a07b86f7
StruQ: Defending Against Prompt Injection with Structured Queries	https://github.com/Sizhe-Chen/StruQ
TEEcorrelate: An Information-Preserving Defense against Performance-Counter Attacks on TEEs	https://doi.org/10.5281/zenodo.15592842
Systematic Evaluation of Randomized Cache Designs against Cache Occupancy	https://doi.org/10.5281/zenodo.14737392
General-Purpose f-DP Estimation and Auditing in a Black-Box Setting	https://github.com/stoneboat/fdp-estimation
FastLloyd: Federated, Accurate, Secure, and Tunable k-Means Clustering with Differential Privacy	https://doi.org/10.5281/zenodo.15530617
Addressing Sensitivity Distinction in Local Differential Privacy: A General Utility-Optimized Framework	https://zenodo.org/records/15614307
“I’m regretting that I hit run”: In-situ Assessment of Potential Malware	https://github.com/Brandon1234/
“I’m trying to learn…and I’m shooting myself in the foot”: Beginners’ Struggles When Solving Binary Exploitation Exercises	https://github.com/Anonymous-Giraffe/Just-Google-It-Challenges
“That’s my perspective from 30 years of doing this”: An Interview Study on Practices, Experiences, and Challenges of Updating Cryptographic Code	https://doi.org/10.6084/m9.figshare.25975120
“I have no idea how to make it safer”: Studying Security and Privacy Mindsets of Browser Extension Developers	https://doi.org/10.5281/zenodo.15631753
DP-BREM: Differentially-Private and Byzantine-Robust Federated Learning with Client Momentum	https://github.com/xiaolangu/DP-BREM
No Way to Sign Out? Unpacking Non-Compliance with Google Play’s App Account Deletion Requirements	https://zenodo.org/records/15610882
ImpROV: Measurement and Practical Mitigation of Collateral Damage in RPKI Route Origin Validation	https://improv.netsecurelab.org
“I Cannot Write This Because It Violates Our Content Policy”: Understanding Content Moderation Policies and User Experiences in Generative AI Products	https://doi.org/10.6084/m9.figshare.29257187
DiskSpy: Exploring a Long-Range Covert-Channel Attack via mmWave Sensing of mm-level HDD Vibrations	https://doi.org/10.5281/zenodo.14649224
The Ghost Navigator: Revisiting the Hidden Vulnerability of Localization in Autonomous Driving	https://sites.google.com/view/msaf-attack
BarraCUDA: Edge GPUs do Leak DNN Weights	https://zenodo.org/records/14678147
NeuroScope: Reverse Engineering Deep Neural Network on Edge Devices using Dynamic Analysis	https://github.com/purseclab/NeuroScope
On the Atomicity and Efficiency of Blockchain Payment Channels	https://doi.org/10.5281/zenodo.15559635
Following Devils’ Footprint: Towards Real-time Detection of Price Manipulation Attacks	https://figshare.com/articles/online_resource/SMARTCAT_Artifact/28192028
Thunderdome: Timelock-Free Rationally-Secure Virtual Channels	https://github.com/BartWaaang/Thunderdome
SoK: Towards Effective Automated Vulnerability Repair	https://sok-avr.github.io/
SoK: Automated TTP Extraction from CTI Reports - Are We There Yet?	https://doi.org/10.5281/zenodo.15608555
High Stakes, Low Certainty: Evaluating the Efficacy of High-Level Indicators of Compromise in Ransomware Attribution	https://doi.org/10.5281/zenodo.14732550
‘Hey mum, I dropped my phone down the toilet’: Investigating Hi Mum and Dad SMS Scams in the United Kingdom	https://github.com/sharad1126/Hi-Mum-and-Dad-Scams/blob/main/mum_dad_scam_infra.png?raw=true
“Please don’t send that bot anything”: A Mixed-methods Study of Personal Impersonation Attacks Targeting Digital Payments on Social Media	https://doi.org/10.5281/zenodo.15611471
Improved Secure Two-party Computation from a Geometric Perspective	https://zenodo.org/records/14643158
zk-promises: Anonymous Moderation, Reputation, and Blocking from Anonymous Credentials with Callbacks	https://github.com/moshih/zk-promises
A Formal Analysis of Apple’s iMessage PQ3 Protocol	https://doi.org/10.5281/zenodo.14710688
Tracking the Takes and Trajectories of English-Language News Narratives across Trustworthy and Worrisome Websites	https://github.com/hanshanley/tracking-takes
The Conspiracy Money Machine: Uncovering Telegram’s Conspiracy Channels and their Profit Model	https://github.com/SystemsLab-Sapienza/conspiracy-alert-plugin
For Human Ears Only: Preventing Automated Monitoring on Voice Data	https://github.com/Voice-Privacy-Challenge/
Websites’ Global Privacy Control Compliance at Scale and over Time	https://doi.org/10.5281/zenodo.14729170
Privacy Law Enforcement Under Centralized Governance: A Qualitative Analysis of Four Years’ Special Privacy Rectification Campaigns	https://github.com/YkGUWbrF/SPRC
Who Pays Whom? Anonymous EMV-Compliant Contactless Payments	https://hal.science/hal-04917364
Privacy Solution or Menace? Investigating Perceptions of Radio-Frequency Sensing	https://doi.org/10.1007/978-3-642-21599-5_11
As Advertised? Understanding the Impact of Influencer VPN Ads	https://aspredicted.org/rk8xe.pdf
ELFuzz: Efficient Input Generation via LLM-driven Synthesis Over Fuzzer Space	https://doi.org/10.5281/zenodo.15833146
SoK: Gradient Inversion Attacks in Federated Learning	https://github.com/D1aoBoomm/GI-PIP
Addressing the Address Books’ (Interdependent) Privacy Issues	https://github.com/DataDrivenSurveys
DiffLoc: WiFi Hidden Camera Localization Based on Electromagnetic Diffraction	https://github.com/CamLoPA/DiffLoc
How to Compare Bandwidth Constrained Two-Party Secure Messaging Protocols: A Quest for A More Efficient and Secure Post-Quantum Protocol	https://zenodo.org/records/15571276
Private Set Intersection and other Set Operations in the Third Party Setting	https://zenodo.org/records/14729415
A Framework for Abusability Analysis: The Case of Passkeys in Interpersonal Threat Models	https://doi.org/10.5281/zenodo.14745290
Leuvenshtein: Efficient FHE-based Edit Distance Computation with Single Bootstrap per Cell	https://zenodo.org/records/15638825

2024 (155)

Paper	Artifact
AttackGNN: Red-Teaming GNNs in Hardware Security Using Reinforcement Learning	https://github.com/gohil-vasudev/AttackGNN
Page-Oriented Programming: Subverting Control-Flow Integrity of Commodity Operating System Kernels with Non-Writable Code Pages	https://github.com/kkamagui/page-oriented-programming
Loopy Hell(ow): Infinite Traffic Loops at the Application Layer	https://github.com/cispa/loop-DoS
Efficient Privacy Auditing in Federated Learning
Lotto: Secure Participant Selection against Adversarial Servers in Federated Learning	https://github.com/SamuelGong/Lotto
A Taxonomy of C Decompiler Fidelity Issues	https://doi.org/10.5281/zenodo.8419614
SymFit: Making the Common (Concrete) Case Fast for Binary-Code Concolic Execution	https://github.com/bitsecurerlab/symfit.git
K-Waay: Fast and Deniable Post-Quantum X3DH without Ring Signatures	https://github.com/lehugueni/frodokexp-rust
Formal verification of the PQXDH Post-Quantum key agreement protocol for end-to-end secure messaging	https://github.com/Inria-Prosecco/pqxdh-analysis/tree/2e676a009471f370dbbfad3ac7ab5d7d9518ab57
PhishDecloaker: Detecting CAPTCHA-cloaked Phishing Websites via Hybrid Vision-based Interactive Models	https://sites.google.com/view/phishdecloaker/home
Less Defined Knowledge and More True Alarms: Reference-based Phishing Detection without a Pre-defined Reference List	https://github.com/code-philia/PhishLLM/
The Impact of Exposed Passwords on Honeyword Efficacy	https://github.com/zonghaohuang007/honeywords-analysis
UIHash: Detecting Similar Android UIs through Grid-Based Visual Appearance Representation	https://github.com/DaweiX/UIHash
Racing for TLS Certificate Validation: A Hijacker’s Guide to the Android TLS Galaxy	https://github.com/Madiba-Research/Marvin
Vulnerability-oriented Testing for RESTful APIs	https://github.com/NSSL-SJTU/VoAPI2
KnowPhish: Large Language Models Meet Multimodal Knowledge Graphs for Enhancing Reference-Based Phishing Detection	https://github.com/imethanlee/KnowPhish
Exploring ChatGPT’s Capabilities on Vulnerability Management	https://github.com/Jamrot/ChatGPT-Vulnerability-Management
Large Language Models for Code Analysis: Do LLMs Really Do Their Job?	https://github.com/aseec-lab/llms-for-code-analysis
OptFuzz: Optimization Path Guided Fuzzing for JavaScript JIT Compilers	https://github.com/JimWongM/OptFuzz
Towards Generic Database Management System Fuzzing	https://github.com/OMH4ck/BuzzBee
HYPERPILL: Fuzzing for Hypervisor-bugs by Leveraging the Hardware Virtualization Interface	https://github.com/HexHive/HyperPill
Gradients Look Alike: Sensitivity is Often Overestimated in DP-SGD	https://github.com/cleverhans-lab/Gradients-Look-Alike-Sensitivity-is-Often-Overestimated-in-DP-SGD
SoK: The Good, The Bad, and The Unbalanced: Measuring Structural Limitations of Deepfake Media Datasets	https://sites.google.com/view/thegoodthebadandtheunbalanced
Can I Hear Your Face? Pervasive Attack on Voice Authentication Systems with a Single Face Image	https://github.com/SeCATrity/Foice
dp-promise: Differentially Private Diffusion Probabilistic Models for Image Synthesis	https://github.com/deabfc/dp-promise
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation	https://github.com/Markakd/
EVOKE: Efficient Revocation of Verifiable Credentials in IoT Networks	https://github.com/evokevc/EVOKE
DNN-GP: Diagnosing and Mitigating Model’s Faults Using Latent Concepts	https://github.com/TASI-LAB/DNN-GP
Yes, One-Bit-Flip Matters! Universal DNN Model Inference Depletion with Runtime Code Fault Injection	https://github.com/FrameFlip/SGXBLAS
Don’t Waste My Efforts: Pruning Redundant Sanitizer Checks by Developer-Implemented Type Checks	https://github.com/seclab-ucr/TPrunify
Practical Security Analysis of Zero-Knowledge Proof Circuits	https://github.com/whbjzzwjxq/ZKAP
True Attacks, Attack Attempts, or Benign Triggers? An Empirical Measurement of Network Alerts in a Security Operations Center	https://github.com/idashlab/SOC_Measurement_Usenix24_related_material
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms	https://comsec.ethz.ch/research/dram/zenhammer
00SEVen - Re-enabling Virtual Machine Forensics: Introspecting Confidential VMs Using Privileged in-VM Agents	https://github.com/sev-vmi/00seven
WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web	https://youtu.be/7yxKcbhBqeQWEBRR
An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection	https://github.com/datasec-lab/CodeBreaker/
REMARK-LLM: A Robust and Efficient Watermarking Framework for Generative Large Language Models	https://github.com/jwkirchenbauer/lm-watermarking
Instruction Backdoor Attacks Against Customized LLMs	https://github.com/zhangrui4041/Instruction_Backdoor_Attack
Formalizing and Benchmarking Prompt Injection Attacks and Defenses	https://github.com/liu00222/Open-Prompt-Injection
FIRE: Combining Multi-Stage Filtering with Taint Analysis for Scalable Recurring Vulnerability Detection	https://github.com/CGCL-codes/FIRE
ORANalyst: Systematic Testing Framework for Open RAN Implementations	https://github.com/SyNSec-den/ORANalyst
A Binary-level Thread Sanitizer or Why Sanitizing on the Binary Level is Hard	https://github.com/CISPA-SysSec/binary-tsan
Lightweight Authentication of Web Data via Garble-Then-Prove	https://github.com/tlsnotary/tlsn
Invalidate+Compare: A Timer-Free GPU Cache Attack Primitive	https://github.com/0x5ec1ab/invalidate-compare.git
AutoFHE: Automated Adaption of CNNs for Efficient Evaluation over FHE	https://github.com/human-analysis/AutoFHE
Fast and Private Inference of Deep Neural Networks by Co-designing Activation Functions	https://github.com/LucasFenaux/
Accelerating Secure Collaborative Machine Learning with Protocol-Aware RDMA	https://github.com/renzh1998/CORA
CalcuLatency: Leveraging Cross-Layer Network Latency Measurements to Detect Proxy-Enabled Abuse	https://github.com/censoredplanet/calculatency-code
6Sense: Internet-Wide IPv6 Scanning and its Security Applications	https://github.com/IPv6-Security/6Sense
Did the Neurons Read your Book? Document-level Membership Inference for Large Language Models	https://github.com/computationalprivacy/document-level-membership-inference
A Linear Reconstruction Approach for Attribute Inference Attacks against Synthetic Data	https://github.com/synthetic-society/recon-synth
Critical Code Guided Directed Greybox Fuzzing for Commits	https://github.com/NESA-Lab/WAFLGo
Inf2Guard: An Information-Theoretic Framework for Learning Privacy-Preserving Representations against Inference Attacks	https://github.com/leilynourbakhsh/Inf2Guard
Property Existence Inference against Generative Models	https://github.com/wljLlla/PEI_Code
Data Coverage for Guided Fuzzing	https://github.com/THU-WingTecher/wingfuzz
SymBisect: Accurate Bisection for Fuzzer-Exposed Vulnerabilities	https://github.com/zhangzhenghsy/SymBisect
FEASE: Fast and Expressive Asymmetric Searchable Encryption	https://github.com/Usenix2024/FEASE
GFWeb: Measuring the Great Firewall’s Web Censorship at Scale	https://gfweb.ca
Snowflake, a censorship circumvention system using temporary WebRTC proxies	https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/214
That Doesn’t Go There: Attacks on Shared State in Multi-User Augmented Reality Applications	https://sites.google.com/view/multi-ar-defense/
“I’m not convinced that they don’t collect more than is necessary”: User-Controlled Data Minimization Design in Search Engines	https://github.com/Sree0270/usenix2024-supplimentary
The Effect of Design Patterns on (Present and Future) Cookie Consent Decisions	https://inria.hal.science/hal-04235032
Neural Network Semantic Backdoor Detection and Mitigation: A Causality-Based Approach	https://gitlab.com/sunbing7/SODA
Transferability of White-box Perturbations: Query-Efficient Adversarial Attacks against Commercial DNN Services	https://github.com/lcycode/DSA
It Doesn’t Look Like Anything to Me: Using Diffusion Model to Subvert Visual Phishing Detectors	https://github.com/gyNancy/Visualphish_public
Athena: Analyzing and Quantifying Side Channels of Transport Layer Protocols	https://github.com/athena-paper/athena
SOAP: A Social Authentication Protocol	https://soap-wg.github.io/sources
Engaging Company Developers in Security Research Studies: A Comprehensive Literature Review and Quantitative Survey	https://figshare.com/articles/dataset/Engaging_Company_Developers_in_Security_Research_Studies_A_Comprehensive_Literature_Review_and_Quantitative_Survey_Replication_Package_pdf/25298338
“What Keeps People Secure is That They Met The Security Team”: Deconstructing Drivers And Goals of Organizational Security Awareness	https://doi.org/10.4121/9dc01aa6-8274-43f4-b137-6d185e7008d1
Sync+Sync: A Covert Channel Built on fsync with Storage	https://github.com/toast-lab/Sync-Sync
Pixel Thief: Exploiting SVG Filter Leakage in Firefox and Chrome	https://github.com/0xADE1A1DE/PixelThief
HECKLER: Breaking Confidential VMs with Malicious Interrupts	https://disrupt-interrupts.github.io/heckler
Mempool Privacy via Batched Threshold Encryption: Attacks and Defenses	https://github.com/gnosischain/specs/blob/6e454e5ebb0655495e2584c355f81609cc2d7c11/shutter/low-level.md
GuideEnricher: Protecting the Anonymity of Ethereum Mixing Service Users with Deep Reinforcement Learning	https://github.com/ucsb-seclab/GUIDE-ENRICHER
All Your Tokens are Belong to Us: Demystifying Address Verification Vulnerabilities in Solidity Smart Contracts	https://github.com/security-pride/avverifier
Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts	https://zepscope.github.io/
Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion	https://github.com/njuaplusplus/Insight
Splitting the Difference on Adversarial Training	https://github.com/matanle51/Splitting-the-Difference-on-Adversarial-Training
DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping	https://github.com/das-lab/Donapi
SecurityNet: Assessing Machine Learning Vulnerabilities on Public Models	https://github.com/SecurityNet-Research/SecurityNet
SoK: What Don’t We Know? Understanding Security Vulnerabilities in SNARKs	https://github.com/NilFoundation/zkLLVM
Digital Discrimination of Users in Sanctioned States: The Case of the Cuba Embargo	https://github.com/censoredplanet/geoinspector
A Broad Comparative Evaluation of Software Debloating Tools	https://github.com/trailofbits/debloater-eval
VoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger	https://sites.google.com/view/voltschemer/
VibSpeech: Exploring Practical Wideband Eavesdropping via Bandlimited Signal of Vibration-based Side Channel	https://demo-online.github.io/VibSpeech/
GPU Memory Exploitation for Fun and Profit	https://github.com/SecureArch/gpu_mem_attack
Fledging Will Continue Until Privacy Improves: Empirical Analysis of Google’s Privacy-Preserving Targeted Advertising	https://github.com/masood/fledge-sec-24
BackdoorIndicator: Leveraging OOD Data for Proactive Backdoor Detection in Federated Learning	https://github.com/ybdai7/Backdoor-indicator-defense
Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection	https://github.com/niklasrisse/USENIX_2024
TYGR: Type Inference on Stripped Binaries using Graph Neural Networks	https://github.com/sefcom/TYGR
LaKey: Efficient Lattice-Based Distributed PRFs Enable Scalable Distributed Key Management	https://github.com/torusresearch/
Hermes: Unlocking Security Analysis of Cellular Network Protocols by Synthesizing Finite State Machines from Natural Language Specifications	https://github.com/SyNSec-den/hermes-spec-to-fsm
Finding Traceability Attacks in the Bluetooth Low Energy Specification and Its Implementations	https://github.com/purseclab/btprivacy
Exploring Covert Third-party Identifiers through External Storage in the Android New Era	https://github.com/security
Smudged Fingerprints: Characterizing and Improving the Performance of Web Application Fingerprinting	https://pragseclab.github.io/smudged-fingerprints/
LLM-Fuzzer: Scaling Assessment of Large Language Model Jailbreaks	https://github.com/sherdencooper/GPTFuzz
Making Them Ask and Answer: Jailbreaking Large Language Models in Few Queries via Disguise and Reconstruction	https://github.com/LLM-DRA/DRA/
Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities	https://github.com/cispa-syssec/atropos-legacy
From One Thousand Pages of Specification to Unveiling Hidden Bugs: Large Language Model Assisted Fuzzing of Matter IoT Devices	https://iot-fuzz.github.io
“What do you want from theory alone?” Experimenting with Tight Auditing of Differentially Private Synthetic Data Generation	https://github.com/spalabucr/synth-audit
Towards More Practical Threat Models in Artificial Intelligence Security	https://nicholas.carlini.com/writing/2019/all-adversarial-example-papers.html
TAPFixer: Automatic Detection and Repair of Home Automation Vulnerabilities based on Negated-property Reasoning	https://github.com/q1uTr5th/TAPFixer
“Belt and suspenders” or “just red tape”?: Investigating Early Artifacts and User Perceptions of IoT App Security Certification	https://sites.google.com/view/iotcompliance/home
“I really just leaned on my community for support”: Barriers, Challenges, and Coping Mechanisms Used by Survivors of Technology-Facilitated Abuse to Seek Social Support	https://zenodo.org/doi/10.5281/zenodo.10637989
ATTention Please! An Investigation of the App Tracking Transparency Permission	https://github.com/purseclab/ATT_Analysis
Tickets or Privacy? Understand the Ecosystem of Chinese Ticket Grabbing Apps	https://sites.google.com/view/ticket-grabbing-apps/
Learning with Semantics: Towards a Semantics-Aware Routing Anomaly Detection System	https://github.com/yhchen-tsinghua/routing-anomaly-detection
MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning	https://github.com/FDUDSDE/MAGIC
DeepEclipse: How to Break White-Box DNN-Watermarking Schemes	https://www.private-ai.org/
SHiFT: Semi-hosted Fuzz Testing for Embedded Applications	https://github.com/RiS3-Lab/SHiFT
GridSE: Towards Practical Secure Geographic Search via Prefix Symmetric Searchable Encryption	https://github.com/rykieguo1771/GridSE-RAM
Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem	https://github.com/becgabri/abuse-resistant-private-lt
ElectionGuard: a Cryptographic Toolkit to Enable Verifiable Elections	https://www.electionguard.vote
A High Coverage Cybersecurity Scale Predictive of User Behavior	https://eribean.github.io/girth/
Biosignal Authentication Considered Harmful Today	https://github.com/Ethos-lab/biosignal-auth-harmful
Abandon All Hope Ye Who Enter Here: A Dynamic, Longitudinal Investigation of Android’s Data Safety Section	https://github.com/GiannisArk/USENIX24_DataSafety
iHunter: Hunting Privacy Violations at Scale in the Software Supply Chain on iOS	https://sites.google.com/view/ihunterios
A NEW HOPE: Contextual Privacy Policies for Mobile Applications and An Approach Toward Automated Generation	https://cpp4app.github.io/SeePrivacy/
Deciphering Textual Authenticity: A Generalized Strategy through the Lens of Large Language Semantics for Detecting Human vs. Machine-Generated Text	https://github.com/SecureAIAutonomyLab/LLM-Cipher
Prompt Stealing Attacks Against Text-to-Image Generation Models	https://github.com/verazuo/prompt-stealing-attack
Quantifying Privacy Risks of Prompts in Visual Prompt Learning	https://github.com/yxoh/prompt_leak_usenix2024/
Improving Indirect-Call Analysis in LLVM with Type and Data-Flow Co-Analysis	https://github.com/umnsec/mlta
I Experienced More than 10 DeFi Scams: On DeFi Users’ Perception of Security Breaches and Countermeasures	https://github.com/mingyiliu95/defi-user-study
LR-Miner: Static Race Detection in OS Kernels by Mining Locking Rules	https://sites.google.com/view/LR-Miner/
GhostRace: Exploiting and Mitigating Speculative Race Conditions	https://www.vusec.net/projects/ghostrace
zkCross: A Novel Architecture for Cross-Chain Privacy-Preserving Auditing	https://github.com/Anonymous-Authors-zkCross/zkCross
CARDSHARK: Understanding and Stablizing Linux Kernel Concurrency Bugs Against the Odds	https://github.com/keymaker-arch/CARDSHARK
Pixel+ and Pixel++: Compact and Efficient Forward-Secure Multi-Signatures for PoS Blockchain Consensus	https://github.com/Crypto4hub/Pixel-signatures
VOGUES: Validation of Object Guise using Estimated Components	https://github.com/purseclab/VOGUES
Cryptographic Analysis of Delta Chat	https://github.com/deltachat/
Unbalanced Circuit-PSI from Oblivious Key-Value Retrieval	https://github.com/alibaba-edu/mpc4j
PEPSI: Practically Efficient Private Set Intersection in the Unbalanced Setting	https://github.com/RasoulAM/pepsi
Scalable Private Set Union, with Stronger Security	https://github.com/yanxue820/SecurePSU.git
O-Ring and K-Star: Efficient Multi-party Private Set Intersection	https://github.com/private-panda/oring
DVSorder: Ballot Randomization Flaws Threaten Voter Privacy	https://DVSorder.org
Navigating the Privacy Compliance Maze: Understanding Risks with Privacy-Configurable Mobile SDKs	https://sites.google.com/view/picoscan/home
Demystifying the Security Implications in IoT Device Rental Services	https://vehicle-security.github.io/shared-iot.html
SAIN: Improving ICS Attack Detection Sensitivity via State-Aware Invariants	https://github.com/purseclab/SAIN
Privacy Side Channels in Machine Learning Systems	https://github.com/huggingface/datatrove
Hijacking Attacks against Neural Network by Analyzing Training Data	https://github.com/NISPLab/CleanSheet/
Landscape More Secure Than Portrait? Zooming Into the Directionality of Digital Images With Security Implications	https://github.com/uibk-uncover/directionality
POPSTAR: Lightweight Threshold Reporting with Reduced Leakage	https://github.com/emp-toolkit
DaCapo: Automatic Bootstrapping Management for Efficient Fully Homomorphic Encryption	https://github.com/corelab-src/elasm
Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded Systems	https://sites.google.com/view/lara-data
SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation	https://github.com/BadDataLab/SCAVY
The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts	https://doi.org/10.5281/zenodo.8404611
A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service	https://doi.org/10.25835/wasieu9f
Devil in the Room: Triggering Audio Backdoors in the Physical World	https://zju-muslab.github.io/projects/trojanroom
p-Jack: Physical-World Adversarial Attack on Monocular Depth Estimation with Perspective Hijacking	https://github.com/pi-Jack/pi-Jack
AE-Morpher: Improve Physical Robustness of Adversarial Objects against LiDAR-based Detectors via Object Reconstruction	https://sites.google.com/view/ae-morpher
EaTVul: ChatGPT-based Evasion Attack Against Software Vulnerability Detection	https://github.com/wolong3385/EatVul-Resources
FVD-DPM: Fine-grained Vulnerability Detection via Conditional Diffusion Probabilistic Models	https://github.com/VulDet/FVD-DPM.git
A Wolf in Sheep’s Clothing: Practical Black-box Adversarial Attacks for Evading Learning-based Windows Malware Detection in the Wild	https://lief-project.github.io
Leakage-Abuse Attacks Against Structured Encryption for SQL	https://github.com/ste4sql/LAA4STE4SQL
Key Recovery Attacks on Approximate Homomorphic Encryption with Non-Worst-Case Noise Flooding Countermeasures	https://github.com/d-nabokov/KRAonCKKS

2023 (144)

Paper	Artifact
Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues	https://github.com/domienschepers/wifi-framing
Formal Analysis and Patching of BLE-SC Pairing	https://github.com/luojiazhishu/BLE-SC-Pairing-Model
Abuse Vectors: A Framework for Conceptualizing IoT-Enabled Interpersonal Abuse	https://go.wisc.edu/k7ai9p
“It’s the Equivalent of Feeling Like You’re in Jail”: Lessons from Firsthand and Secondhand Accounts of IoT-Enabled Intimate Partner Abuse	https://go.wisc.edu/gh813r
The Digital-Safety Risks of Financial Technologies for Survivors of Intimate Partner Violence	https://www.semanticscholar.org/paper/Strategies-and-Perceived-Risks-of-Sending-Sensitive-Warford-Munyendo/5cc1e7d8708f8b76fe3465739a109c343ed0478d
Sneaky Spy Devices and Defective Detectors: The Ecosystem of Intimate Partner Surveillance with Covert Devices	https://github.com/ceccio247/IPV-Spy-Device-Study
Towards a General Video-based Keystroke Inference Attack	https://sandlab.cs.uchicago.edu/keystroke/
Auditory Eyesight: Demystifying ms-Precision Keystroke Tracking Attacks on Unconstrained Keyboard Inputs	https://github.com/auditoryeye/auditoryeyesight
Watch your Watch: Inferring Personality Traits from Wearable Activity Trackers	https://dx.doi.org/10.5281/zenodo.7621224
How to Cover up Anomalous Accesses to Electronic Health Records	https://github.com/iHeartGraph/Euler
KENKU: Towards Efficient and Stealthy Black-box Adversarial Attacks against ASR Systems	https://github.com/Xinghui-Wu/KENKU
Tubes Among Us: Analog Attack on Automatic Speaker Identification	https://github.com/asvspoof-challenge/2021
Near-Optimal Oblivious Key-Value Stores for Efficient PSI, PSU and Volume-Hiding Multi-Maps	https://github.com/alibaba-edu/mpc4j
Distance-Aware Private Set Intersection	https://github.com/emp-toolkit/emp-zk
Efficient Unbalanced Private Set Intersection Cardinality and User-friendly Privacy-preserving Contact Tracing	https://github.com/microsoft/APSI
Auditing Frameworks Need Resource Isolation: A Systematic Study on the Super Producer Threat to System Auditing and Its Mitigation	https://github.com/PKU-ASAL/NoDrop
AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts	https://github.com/dhl123/Airtag-2023
Exploring Tenants’ Preferences of Privacy Negotiation in Airbnb	https://osf.io/c43j5/
Know Your Cybercriminal: Evaluating Attacker Preferences by Measuring Profile Sales on an Active, Leading Criminal Market for User Impersonation at Scale	https://security1.win.tue.nl
An Input-Agnostic Hierarchical Deep Learning Framework for Traffic Fingerprinting	https://github.com/shashadehuajiang/trace_classifier
Subverting Website Fingerprinting Defenses with Robust Traffic Representation	https://github.com/robust-fingerprinting/RF
Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation	https://github.com/sunskyXX/Rosetta.git
TPatch: A Triggered Physical Adversarial Patch	https://github.com/USSLab/TPatch
CAPatch: Physical Adversarial Patch against Image Captioning Systems	https://github.com/USSLab/CAPatch
Hard-label Black-box Universal Adversarial Patch Attack	https://github.com/Gwinhen/HardBeat
Glimpse: On-Demand PoW Light Client with Constant-Size Storage for DeFi	https://github.com/Glimpse
Exploring User Reactions and Mental Models Towards Perceptual Manipulation Attacks in Mixed Reality	https://github.com/UWCSESecurityLab/MR-PMA-Harness
Improving Real-world Password Guessing Attacks via Bi-directional Transformers	https://github.com/snow0011/PassBertStrengthMeter
Arana: Discovering and Characterizing Password Guessing Attacks in Practice	https://github.com/islamazhar/Arana-Public
Lalaine: Measuring and Characterizing Non-Compliance of Apple Privacy Labels	https://sites.google.com/view/privacylabel/home
Continuous Learning for Android Malware Detection	https://github.com/wagner-group/active-learning
Cryptographic Administration for Secure Group Messaging	<github.com/cryptographicadmins/impl>
uFUZZ: Redesign of Parallel Fuzzing using Microservice Architecture	https://github.com/OMH4ck/mufuzz
VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks	https://github.com/psu-security-universe/viper
AURC: Detecting Errors in Program Code and Documentation	https://github.com/PeiweiHu/AURC
Measuring Up to (Reasonable) Consumer Expectations: Providing an Empirical Basis for Holding IoT Manufacturers Legally Responsible	https://doi.org/10.4121/c.6440264.v1
Detecting and Handling IoT Interaction Threats in Multi-Platform Multi-Control-Channel Smart Homes	https://github.com/HaotianChi/IoTMediator
PrivTrace: Differentially Private Trajectory Synthesis by Adaptive Markov Models	https://github.com/DpTrace/PrivTrace
Your Exploit is Mine: Instantly Synthesizing Counterattack Smart Contract	https://github.com/ZhangZhuoSJTU/STING
Proxy Hunting: Understanding and Characterizing Proxy-based Upgradeable Smart Contracts in Blockchains	https://github.com/USCHunt-Anon/USCHunt
GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation	https://github.com/HexHive/GLeeFuzz
SCARF - A Low-Latency Block Cipher for Secure Cache-Randomization	https://github.com/Chair-for-Security-Engineering/SCARF
Synchronization Storage Channels (S2C): Timer-less Cache Side-Channel Attacks on the Apple M1 via Hardware Synchronization Instructions	https://github.com/FPSG-UIUC/S2C
InfinityGauntlet: Expose Smartphone Fingerprint Authentication to Brute-force Attack	https://github.com/alohachen/InfinityGauntlet
CodexLeaks: Privacy Leaks from Code Generation Language Models in GitHub Copilot	https://github.com/niuliang42/CodexLeaks
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings	https://github.com/vaggelis-sudo/SMS-Location-Identification-Attack
PTW: Pivotal Tuning Watermarking for Pre-Trained Image Generators	https://github.com/dnn-security/gan-watermark
Hey Kimya, Is My Smart Speaker Spying on Me? Taking Control of Sensor Privacy Through Isolation and Amnesia	https://github.com/KimyaGateway
Learning Normality is Enough: A Software-based Mitigation against Inaudible Voice Attacks	https://sites.google.com/view/normdetect
QFA2SR: Query-Free Adversarial Transfer Attacks to Speaker Recognition Systems	https://sites.google.com/view/qfa2sr
To Cloud or not to Cloud: A Qualitative Study on Self-Hosters’ Motivation, Operation, and Security Mindset	https://github.com/usrgroup/USENIX23-selfhosting
“I wouldn’t want my unsafe code to run my pacemaker”: An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust	https://doi.org/10.25835/gggv8xg7
Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom	https://github.com/censoredplanet/geoinspector
Timeless Timing Attacks and Preload Defenses in Tor’s DNS Cache	https://gitlab.torproject.org/rgdd/ttapd/-/tree/main/artifact
A Data-free Backdoor Injection Approach in Neural Networks	https://github.com/lvpeizhuo/Data-free_Backdoor
Sparsity Brings Vulnerabilities: Exploring New Metrics in Backdoor Attacks	https://lief-project.github.io/
Aliasing Backdoor Attacks on Pre-trained Models	https://github.com/CassiniHuy/AliasingBackdoorAttack
ASSET: Robust Backdoor Data Detection Across a Multiplicity of Deep Learning Paradigms	https://github.com/ruoxi-jia-group/ASSET
DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing	https://github.com/vul337/DDRace
Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation	https://sites.google.com/view/rubick-lore/home
PatchVerif: Discovering Faulty Patches in Robotic Vehicles	https://github.com/purseclab/PatchVerif
You Can’t See Me: Physical Removal Attacks on LiDAR-based Autonomous Vehicles Driving Frameworks	https://cpseclab.github.io/youcantseeme/
Fast IDentity Online with Anonymous Credentials (FIDO-AC)	https://github.com/FIDO-AC/fidoac
Inducing Authentication Failures to Bypass Credit Card PINs	https://emvrace.github.io
An Empirical Study & Evaluation of Modern CAPTCHAs	https://github.com/sprout-uci/captcha-study
Two Sides of the Shield: Understanding Protective DNS adoption factors	https://doi.org/10.4121/22232911.v1
The Maginot Line: Attacking the Boundary of DNS Caching Protection	https://netsec.ccert.edu.cn/people/duanhx/
Inductive Graph Unlearning	https://github.com/Happy2Git/GUIDE
GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation	https://github.com/sisaman/GAP
PrivGraph: Differentially Private Graph Data Publication by Exploiting Community Information	https://github.com/Privacy-Graph/PrivGraph
The Case for Learned Provenance Graph Storage Systems	https://github.com/dhl123/Leonard
A Large Scale Study of the Ethereum Arbitrage Ecosystem	https://github.com/ucsb-seclab/goldphish
ACon^2: Adaptive Conformal Consensus for Provable Blockchain Oracles	https://github.com/sslab-gatech/ACon2
Snapping Snap Sync: Practical Attacks on Go Ethereum Synchronising Nodes	https://github.com/massitaverna/malicious-go-ethereum
LibScan: Towards More Precise Third-Party Library Identification for Android Applications	https://github.com/wyf295/LibScan
Union under Duress: Understanding Hazards of Duplicate Resource Mismediation in Android Software Supply Chain	https://sites.google.com/view/union-under-duress
UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware	https://github.com/BBge/IoT-CVE
Beyond Typosquatting: An In-depth Look at Package Confusion	https://github.com/ldklab/typomind-release
Sherlock on Specs: Building LTE Conformance Tests through Automated Reasoning	https://sites.google.com/view/contester
Detecting API Post-Handling Bugs Using Code and Description in Patches	https://github.com/Yuuoniy/APHP
X-Adv: Physical Adversarial Object Attacks against X-ray Prohibited Item Detection	https://github.com/DIG-Beihang/X-adv
Egg Hunt in Tesla Infotainment: A First Look at Reverse Engineering of Qt Binaries	https://github.com/OSUSecLab/QtRE
You’ve Got Report: Measurement and Security Implications of DMARC Reporting	https://dmarc-study.github.io/
Knowledge Expansion and Counterfactual Interaction for Reference-Based Phishing Detection	https://github.com/code-philia/Dynaphish
Network Detection of Interactive SSH Impostors Using Deep Learning	https://github.com/wagner-group/ssh_keystroke_analytics
BalanceProofs: Maintainable Vector Commitments with Fast Aggregation	https://github.com/wangnick2017/balanceproofs-go
zkSaaS: Zero-Knowledge SNARKs as a Service	https://github.com/guruvamsi-policharla/zksaas
Intender: Fuzzing Intent-Based Networking with Intent-State Transition Guidance	https://github.com/purseclab/intender
Automated Exploitable Heap Layout Generation for Heap Overflows Through Manipulation Distance-Guided Fuzzing	https://github.com/Epeius/Scatter
MINER: A Hybrid Data-Driven Approach for REST API Fuzzing	https://github.com/puppet-meteor/MINER
HOMESPY: The Invisible Sniffer of Infrared Remote Control of Smart TVs	https://sites.google.com/view/homespydemo4560
Near-Ultrasound Inaudible Trojan (Nuit): Exploiting Your Speaker to Attack Your Microphone	https://sites.google.com/view/nuitattack/home
Medusa Attack: Exploring Security Hazards of In-App QR Code Scanning	https://medusa.code-analysis.org
ELASM: Error-Latency-Aware Scale Management for Fully Homomorphic Encryption	https://github.com/corelab-src/elasm
DiffSmooth: Certifiably Robust Learning via Diffusion Models and Local Smoothing	https://github.com/openai/improved-diffusion
Keep Your Friends Close, but Your Routeservers Closer: Insights into RPKI Validation in the Internet	https://www.ripe.net/ripe/mail/archives/db-wg/2023-March/007772.html
No Linux, No Problem: Fast and Correct Windows Binary Fuzzing via Target-embedded Snapshotting	<github.com/FoRTE-Research/winfuzz>
ACTOR: Action-Guided Kernel Fuzzing	https://github.com/ucsb-seclab/actor
KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations	https://github.com/vul337/KextFuzz
Educators’ Perspectives of Using (or Not Using) Online Exam Proctoring	https://github.com/gwusec/2023-USENIX-Educator-Perspectives-of-Exam-Proctoring
Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations	https://securityethics.cs.washington.edu/
Catch You and I Can: Revealing Source Voiceprint Against Voice Conversion	https://github.com/Jackson-Kang/VQVC-Pytorch
Extracting Training Data from Diffusion Models	https://github.com/openai/improved-diffusion
A Plot is Worth a Thousand Words: Model Information Stealing Attacks via Scientific Plots	https://github.com/boz083/Plot_Steal
Beyond The Gates: An Empirical Analysis of HTTP-Managed Password Stealers and Operators	https://github.com/Astrolavos/stealer-sec23
WaterBear: Practical Asynchronous BFT Matching Security Guarantees of Partially Synchronous BFT	https://github.com/fififish/waterbear
Efficient 3PC for Binary Circuits with Application to Maliciously-Secure DNN Inference	https://github.com/AntCPLab/malicious_3pc_binary
Long Live The Honey Badger: Robust Asynchronous DPSS and its Applications	https://github.com/tyurek/dpss
Eye-Shield: Real-Time Protection of Mobile Device Screen Information from Shoulder Surfing	https://www.bjaytang.com/projects/post_008/
Lost in Conversion: Exploit Data Structure Conversion with Attribute Loss to Break Android Systems	https://github.com/little-leiry/TwinDroid
AnimateDead: Debloating Web Applications Using Concolic Execution	https://debloating.com
NAUTILUS: Automated RESTful API Vulnerability Detection	https://sites.google.com/view/nautilus-testing
Fuzz The Power: Dual-role State Guided Black-box Fuzzing for USB Power Delivery	<Https://github.com/purseclab/fuzzpd>
Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses	https://hal.archives-ouvertes.fr/hal-03795715
High Recovery with Fewer Injections: Practical Binary Volumetric Injection Attacks against Dynamic Searchable Encryption	https://github.com/Kskfte/BVA-BVMA
Cross Container Attacks: The Bewildered eBPF on Clouds	https://github.com/cilium/tetragon
WHIP: Improving Static Vulnerability Detection in Web Application by Forcing tools to Collaborate	https://github.com/enferas/WHIP
Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages	https://www.staicu.org/native-extension-risks
Did the Shark Eat the Watchdog in the NTP Pool? Deceiving the NTP Pool’s Monitoring System	https://github.com/ntppool/
SHELTER: Extending Arm CCA with Isolation in User Space	https://github.com/Compass-All/SHELTER
Secure Floating-Point Training	https://github.com/mpc-msri/EzPC
FedVal: Different good or different bad in federated learning	https://github.com/viktorvaladi/FedVal
FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases	https://github.com/SCLBD/BackdoorBench
Machine-checking Multi-Round Proofs of Shuffle: Terelius-Wikstrom and Bayer-Groth	https://github.com/gerlion/secure-e-voting-with-coq
V1SCAN: Discovering 1-day Vulnerabilities in Reused C/C++ Open-source Software Components Using Code Classification Techniques	https://github.com/wooseunghoon/V1SCAN-public
The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders	https://github.com/h26forge/h26forge
TRIDENT: Towards Detecting and Mitigating Web-based Social Engineering Attacks	https://github.com/ian7yang/trident
Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems	https://github.com/S-Abdelnabi/Fact-Saboteurs
CipherH: Automated Detection of Ciphertext Side-channel Vulnerabilities in Cryptographic Implementations	https://github.com/Sen-Deng/CipherH
That Person Moves Like A Car: Misclassification Attack Detection for Autonomous Systems Using Spatiotemporal Consistency	https://github.com/harry1993/percepguard
Extending a Hand to Attackers: Browser Privilege Escalation Attacks via Extensions	https://github.com/compsec-snu/
RoB: Ransomware over Modern Web Browsers	https://github.com/cslfiu/RoB_Ransomware_over_Modern_Web_Browsers
Pool-Party: Exploiting Browser Resource Pools for Web Tracking	https://w3ctag.github.io/privacy-principles/
Ultimate SLH: Taking Speculative Load Hardening to the Next Level	https://github.com/0xADE1A1DE/USLH
Downfall: Exploiting Speculative Data Gathering	https://downfall.page
FACE-AUDITOR: Data Auditing in Facial Recognition Systems	https://github.com/MinChen00/Face-Auditor
Fairness Properties of Face Recognition and Obfuscation Systems	<github.com/wi-pi/fairness_face_obfuscation>
UnGANable: Defending Against GAN-based Face Manipulation	https://github.com/zhenglisec/UnGANable
Can a Deep Learning Model for One Architecture Be Used for Others? Retargeted-Architecture Binary Code Analysis	https://github.com/lannan/UniMap
AIRS: Explanation for Deep Reinforcement Learning based Security Applications	https://github.com/sherdencooper/AIRS
Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures	https://github.com/RUB-NDS/OOXML_Signature_Security
Downgrading DNSSEC: How to Exploit Crypto Agility for Hijacking Signed Zones	https://www.dnssec-downgrade.net/
All cops are broadcasting: TETRA under scrutiny	https://github.com/MidnightBlueLabs/TETRA_burst
On the Feasibility of Malware Unpacking via Hardware-assisted Loop Profiling	https://github.com/binlinc/LoopHPCs

2022 (77)

Paper	Artifact
Under the Hood of DANE Mismanagement in SMTP	https://dane-study.github.io
Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change Requests	https://sites.google.com/view/3gpp-creek
Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces	https://cyfi.ece.gatech.edu/
Breaking Bridgefy, again: Adopting libsignal is not enough	https://github.com/eikendev/breaking-bridgefy-again
OS-Aware Vulnerability Prioritization via Differential Severity Analysis	https://sites.google.com/view/diffcvss/
Pool Inference Attacks on Local Differential Privacy: Quantifying the Privacy Guarantees of Apple’s Count Mean Sketch in Practice	https://github.com/computationalprivacy/pool-inference
Communication-Efficient Triangle Counting under Local Differential Privacy	https://github.com/TriangleLDP/TriangleLDP
Watching the watchers: bias and vulnerability in remote proctoring software	https://github.com/WWP22/ProctoringSuiteAdoption
AMD Prefetch Attacks through Power and Time	https://github.com/amdprefetch/amd-prefetch-attacks
Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring	https://github.com/yihan0512/HidingInPlainSight.git
Binoculars: Contention-Based Side-Channel Attacks Exploiting the Page Walker	https://github.com/zzrcxb/binoculars
The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions	https://github.com/kostassolo/dangers-of-human-touch
Unleash the Simulacrum: Shifting Browser Realities for Robust Extension-Fingerprinting Prevention	https://github.com/SimulacrumExtension/Simulacrum
Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World	https://torusage-imc2018.github.io
How Are Your Zombie Accounts? Understanding Users’ Practices and Expectations on Mobile App Account Deletion	https://sites.google.com/view/paperappendix/
Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones	https://github.com/LERSSE/neither_access_nor_control
FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing	https://github.com/compsec-snu/fuzzorigin
FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies	https://github.com/bahruzjabiyev/frameshifter
Lumos: Identifying and Localizing Diverse Hidden IoT Devices in an Unfamiliar Environment	https://youtu.be/QwMXiyn-e28
“OK, Siri” or “Hey, Google”: Evaluating Voiceprint Distinctiveness via Content-based PROLE Score	https://github.com/USSLab/PROLE-Score
Watching the Watchers: Practical Video Identification Attack in LTE Networks	https://sites.google.com/view/sec21-wtw/watching-the-watchers
DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices	https://github.com/SysSec-KAIST/DoLTEst
Synthetic Data - Anonymisation Groundhog Day	https://github.com/spring-epfl/synthetic_data_release
Birds of a Feather Flock Together: How Set Bias Helps to Deanonymize You via Revealed Intersection Sizes	https://github.com/ErwinSCat/set_membership_inference
FReD: Identifying File Re-Delegation in Android System Services	https://github.com/wspr-ncsu/fred
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch	https://github.com/USSLab/GhostTouch
SARA: Secure Android Remote Authorization	https://github.com/purseclab/SARA-Secure-Android-Remote-Authorization
FOAP: Fine-Grained Open-World Android App Fingerprinting	https://github.com/jflixjtu/FOAP
Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach	https://github.com/lindsey98/PhishIntention.git
Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand	https://spritz.math.unipd.it/projects/HandMeYourPIN
GPU-accelerated PIR with Client-Independent Preprocessing for Large-Scale Applications	https://encrypto.de/code/cip-pir
Increasing Adversarial Uncertainty to Scale Private Similarity Testing	https://github.com/vegetable68/sbb
Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission	https://github.com/leaky-forms
DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems	https://fakedepth.github.io/.
SAID: State-aware Defense Against Injection Attacks on In-vehicle Network	https://github.com/rewhy/said
Rolling Colors: Adversarial Laser Exploits against Traffic Light Recognition	https://sites.google.com/view/rollingcolors
Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols	https://github.com/yulele/DP-Reverser
How Machine Learning Is Solving the Binary Function Similarity Problem	https://github.com/Cisco-Talos/binary_function_similarity
Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks	https://sandlab.cs.uchicago.edu/blacklight
DnD: A Cross-Architecture Deep Neural Network Decompiler	https://github.com/purseclab/DnD
GAROTA: Generalized Active Root-Of-Trust Architecture (for Tiny Embedded Devices)	https://github.com/sprout-uci/garota
ReZone: Disarming TrustZone with TEE Privilege Reduction	https://gitlab.com/ESRGv3/rezone/
Hecate: Abuse Reporting in Secure Messengers with Sealed Sender	https://github.com/Ra1issa/hecate
IHOP: Improved Statistical Query Recovery against Searchable Symmetric Encryption through Quadratic Optimization	https://github.com/simon-oya/USENIX22-ihop-code
Dynamic Searchable Encryption with Optimal Search in the Presence of Deletions	https://github.com/jgharehchamani/OS-SSE
ALASTOR: Reconstructing the Provenance of Serverless Intrusions	https://bitbucket.org/sts-lab/alastor/
Towards More Robust Keyword Spotting for Voice Assistants	https://github.com/wi-pi/EKOS
VerLoc: Verifiable Localization in Decentralized Systems	https://github.com/katharinakohls/VerLoc
Who Are You (I Really Wanna Know)? Detecting Audio DeepFakes Through Vocal Tract Reconstruction	https://github.com/blue-logan/who_are_you/
RE-Mind: a First Look Inside the Mind of a Reverse Engineer	https://github.com/elManto/REmind
Characterizing the Security of Github CI Workflows	https://kapravelos.com/projects/githubactions/
Decomperson: How Humans Decompile and What We Can Learn From It	https://github.com/decompetition/disassembler
Shuffle-based Private Set Union: Faster and More Secure	https://github.com/dujiajun/PSU
MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components	https://github.com/wooseunghoon/MOVERY-public
Rendering Contention Channel Made Practical in Web Browsers	https://github.com/renderingsidechannelattacks/rendersidechannelattacks
StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing	https://github.com/vul337/StateFuzz
Private Signaling	https://github.com/anon-submission-1100/pps
Practical Privacy-Preserving Authentication for SSH	https://github.com/osu-crypto/PSIPK-ssh
Smart Home Privacy Policies Demystified: A Study of Availability, Content, and Coverage	https://github.com/Secure-Platforms-Lab-W-M/smart-home-privacy-policies
MaDIoT 2.0: Modern High-Wattage IoT Botnet Attacks and Defenses	https://github.com/MaDIoT20/MaDIoT-2.0.git
Teacher Model Fingerprinting Attacks Against Transfer Learning	https://github.com/yfchen1994/Teacher-Fingerprinting
QuORAM: A Quorum-Replicated Fault Tolerant ORAM Datastore	https://github.com/SeifIbrahim/QuORAM/
Tightly Seal Your Sensitive Pointers with PACTight	https://github.com/cosmoss-jigu/pactight
Stick It to The Man: Correcting for Non-Cooperative Behavior of Subjects in Experiments on Social Networks	https://github.com/KDL-umass/Non-cooperative-spillover
Rapid Prototyping for Microarchitectural Attacks	https://github.com/libtea/frameworks
ProFactory: Improving IoT Security via Formalized Protocol Customization	https://github.com/JacobFeiWang/USENIX22_ProFactory
AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture	https://github.com/IAIK/AEPIC
Dos and Don’ts of Machine Learning in Computer Security	http://dodo-mlsec.org
Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis	https://tinyurl.com/2p8pvyra
RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix	https://sites.google.com/view/regexscalpel/
Augmenting Decompiler Output with Learned Variable Names and Types	https://dirtdirty.github.io/explorer.html
Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths	https://drive.google.com/file/d/1QPp6n4RNfEPH58tGvYkZy6_Od4QbZiyM/view?usp=sharing
Lamphone: Passive Sound Recovery from a Desk Lamp’s Light Bulb Vibrations	https://youtu.be/86CDP9QP1Bw
XDRI Attacks - and - How to Enhance Resilience of Residential Routers	https://xdi-attack.net/
V’CER: Efficient Certificate Validation in Constrained Networks	https://github.com/vcer4pki/VCER
ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models	https://github.com/liuyugeng/ML-Doctor
Inference Attacks Against Graph Neural Networks	https://github.com/Zhangzhk0819/GNN-Embedding-Leaks

2021 (104)

Paper	Artifact
“It’s Stored, Hopefully, on an Encrypted Server’’: Mitigating Users’ Misconceptions About FIDO2 Biometric WebAuthn	https://github.com/UChicagoSUPERgroup/fido2biometrics
On the Usability of Authenticity Checks for Hardware Security Tokens	https://github.com/adriandab/usec-hwtoken
Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption	https://github.com/simon-oya/USENIX21-sap-code
Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions	https://emvrace.github.io/
Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)	https://github.com/tls-attacker/raccoon-code
A Side Journey To Titan	https://ninjalab.io/a-side-journey-to-titan/
On the Design and Misuse of Microcoded (Embedded) Processors – A Cautionary Note	https://github.com/emsec/riscv-ucode
M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles	https://github.com/purseclab/M2MON
Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems	https://github.com/NSSL-SJTU/SaTC
LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks	https://github.com/purseclab/lightblue
PriSEC: A Privacy Settings Enforcement Controller	https://github.com/wi-pi/prisec_data
Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine Learning	https://github.com/LatticeX-Foundation/Rosetta
Poseidon: A New Hash Function for Zero-Knowledge Proof Systems	https://github.com/dusk-network/Poseidon252
Where’s Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code	https://github.com/wheres-crypto/wheres-crypto
Dynamic proofs of retrievability with low server storage	https://github.com/dsroche/la-por
Towards Formal Verification of State Continuity for Enclave Programs	https://github.com/OSUSecLab/SGX-Enclave-Formal-Verification
CSProp: Ciphertext and Signature Propagation Low-Overhead Public-Key Cryptosystem for IoT Environments	https://www.internic.net/domain/root.zone
Protecting Cryptography Against Compelled Self-Incrimination	https://github.com/sarahscheffler/password-ag2pc
Automatic Extraction of Secrets from the Transistor Jungle using Laser-Assisted Side-Channel Attacks	http://dx.doi.org/10.14279/depositonce-11354
VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface	https://github.com/zt-chen/voltpillager
Reducing Bias in Modeling Real-world Password Strength via Deep Learning and Dynamic Dictionaries	https://github.com/TheAdamProject/adams
Using Amnesia to Detect Credential Database Breaches	https://github.com/k3coby/pcr-go
Incrementally Updateable Honey Password Vaults	https://hbcheng.net
Private Blocklist Lookups with Checklist	https://github.com/dimakogan/checklist
How to Make Private Distributed Cardinality Estimation Practical, and Get Differential Privacy for Free	https://github.com/saftoes/pdce
Locally Differentially Private Analysis of Graph Statistics	https://github.com/LDPGraphStatistics/LDPGraphStatistics
DICE*: A Formally Verified Implementation of DICE Measured Boot	https://github.com/verified-HRoT/dice-star
A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises	https://publications.teamusec.de/cybercrime
On the Routing-Aware Peering against Network-Eclipse Attacks in Bitcoin	https://erebus-attack-countermeasures.github.io/
EOSAFE: Security Analysis of EOSIO Smart Contracts	https://github.com/HNYuuu/EOSafe-benchmark
EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts	https://github.com/uni-due-syssec/evmpatch-developer-study
Swivel: Hardening WebAssembly against Spectre	https://swivel.pro
Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks	https://www.vusec.net/projects/fpvi-scsb
Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs	https://github.com/IAIK/coco-alma
Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers	https://github.com/ClonedOne/MalwareBackdoors
Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection	https://github.com/TDteach/backdoor.git
Fine Grained Dataflow Tracking with Proximal Gradients	https://github.com/gryan11/PGA
MAZE: Towards Automated Heap Feng Shui	https://github.com/Dirac5ea/Maze
VScape: Assessing and Escaping Virtual Call Protections	https://github.com/cooplus-vscape
KeyForge: Non-Attributable Email from Forward-Forgeable Signatures	https://github.com/mspecter/KeyForge
Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy	https://github.com/SabaEskandarian/Express
Deep-Dup: An Adversarial Weight Duplication Attack Framework to Crush Deep Neural Network in Multi-Tenant FPGA	https://github.com/ASU-ESIC-FAN-Lab/DEEPDUPA
Entangled Watermarks as a Defense against Model Extraction	<github.com/cleverhans-lab/entangled-watermark>
ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems	https://github.com/carter-yagemann/ARCUS
Automatic Firmware Emulation through Invalidity-guided Knowledge Inference	https://github.com/MCUSec/uEmu
Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code	https://github.com/RiS3-Lab/FICS
Precise and Scalable Detection of Use-after-Compacting-Garbage-Collection Bugs	https://github.com/DaramG/CGSan
Reducing Test Cases with Attention Mechanism of Neural Networks	https://github.com/zxhree/SCREAM
Privacy and Integrity Preserving Computations with CRISP	https://github.com/ldsec/CRISP
ABY2.0: Improved Mixed-Protocol Secure Two-Party Computation	https://cs231n.github.io/convolutional-networks/
Fantastic Four: Honest-Majority Four-Party Secure Computation With Malicious Security	https://github.com/csiro-mlai/mnist-mpc
PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking	https://github.com/inspire-group/PatchGuard
T-Miner: A Generative Approach to Defend Against Trojan Attacks on DNN-based Text Classification	https://github.com/reza321/T-Miner
WaveGuard: Understanding and Mitigating Audio Adversarial Examples	https://github.com/waveguard/waveguard_defense
Dompteur: Taming Audio Adversarial Examples	https://github.com/rub-syssec/dompteur
Cost-Aware Robust Tree Ensembles for Security Applications	https://github.com/surrealyz/growtrees
SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening	https://github.com/rssys/shard
Preventing Use-After-Free Attacks with Fast Forward Allocation	https://github.com/bwickman97/ffmalloc
Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support	https://doi.org/10.5281/zenodo.4075131
JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals	https://github.com/SoheilKhodayari/JAW
AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party Ads	https://github.com/WSP-LAB/AdCube
Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types	https://github.com/RUB-SysSec/nyx
Systematic Evaluation of Privacy Risks of Machine Learning Models	https://github.com/inspire-group/membership-inference-evaluation
Extracting Training Data from Large Language Models	https://github.com/openai/gpt-3
Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations	https://github.com/SPIN-UMass/BLANKET
SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning	https://github.com/seclab-ucr/SyzVegas
UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers	https://github.com/unifuzz/overview
The Use of Likely Invariants as Feedback for Fuzzers	https://github.com/eurecom-s3/invscov
APICraft: Fuzz Driver Generation for Closed-source SDK Libraries	https://sites.google.com/view/0xlib-harness
ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications	https://github.com/momalab/icsfuzz
SandTrap: Securing JavaScript-driven Trigger-Action Platforms	https://www.cse.chalmers.se/research/group/security/SandTrap/
Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web
U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild	https://js-antidebug.github.io/
Abusing Hidden Properties to Attack the Node.js Ecosystem	https://github.com/xiaofen9/Lynx
ATLAS: A Sequence-based Learning Approach for Attack Investigation	https://github.com/purseclab/ATLAS
ELISE: A Storage Efficient Logging System Powered by Redundancy Reduction and Representation Learning	https://github.com/dhl123/ELISE-2021
V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities	https://github.com/wooseunghoon/V0Finder-public
Hopper: Modeling and Detecting Lateral Movement	https://github.com/grantho/
LZR: Identifying Unexpected Internet Services	https://github.com/stanford-esrg/lzr
Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS	https://xdi-attack.net
Causal Analysis for Software-Defined Networking Attacks	https://github.com/bujcich/PicoSDN
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks	https://github.com/mo-xiaoxi/EmailSpoofingTestTool
Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations	https://youtu.be/a__Se2MrjVs
Dirty Road Can Attack: Security of Deep Learning based Automated Lane Centering under Physical-World Attack	https://sites.google.com/view/cav-sec/drp-attack/
Weaponizing Middleboxes for TCP Reflected Amplification	https://geneva.cs.umd.edu/
Balboa: Bobbing and Weaving around Network Censorship	https://github.com/GaloisInc/balboa
DeepReflect: Discovering Malicious Functionality through Binary Reconstruction	https://github.com/evandowning/deepreflect
The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle	https://badthings.info
PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop	https://github.com/seemoo-lab/privatedrop
Share First, Ask Later (or Never?) Studying Violations of GDPR’s Explicit Consent in Android Apps	https://github.com/cispa/gdpr-consent
Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs	https://github.com/qcri/compromised
Assessing Browser-level Defense against IDN-based Phishing	https://github.com/stevetkjan/IDN_Testing/blob/master/
Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages	https://sites.google.com/view/phishpedia-site/home
Ripple: A Programmable, Decentralized Link-Flooding Defense Against Adaptive Adversaries	https://github.com/jiarong0907/Ripple
Jaqen: A High-Performance Switch-Native Approach for Detecting and Mitigating Volumetric DDoS Attacks with Programmable Switches	https://github.com/Froot-NetSys/Jaqen
Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi	https://github.com/seemoo-lab/wifi-password-sharing
Virtual Secure Platform: A Five-Stage Pipeline Processor over TFHE	https://github.com/virtualsecureplatform/kvsp
Blitz: Secure Multi-Hop Payments Without Two-Phase Commits	https://github.com/blitz-payments/overhead
Understanding Malicious Cross-library Data Harvesting on Android	https://sites.google.com/view/roommatetheft/
Capture: Centralized Library Management for Heterogeneous IoT Devices	https://github.com/synergylabs/iot-capture
MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols	https://github.com/wqqqy/MPInspector
HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes	https://github.com/infinitywings/HAWatcher.git
ReDMArk: Bypassing RDMA Security Mechanisms	https://github.com/spcl/redmark
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication	https://github.com/RUB-NDS/alpaca-code

2020 (48)

Paper	Artifact
You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFi	https://github.com/jamesdlow/open-airplay/
Everything Old is New Again: Binary Security of WebAssembly	https://github.com/sola-st/wasm-binary-security
AURORA: Statistical Crash Analysis for Automated Root Cause Explanation	https://github.com/RUB-SysSec/aurora
BigMAC: Fine-Grained Policy Analysis of Android Firmware	https://github.com/FICS/BigMAC
CopyCat: Controlled Instruction-Level Attacks on Enclaves	https://github.com/SSGAalto/sgx-branch-shadowing-mitigation
BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof	https://shwetasshinde24.github.io/BesFS/
Programmable In-Network Security for Context-aware BYOD Policies	https://github.com/qiaokang92/poise
Zero-delay Lightweight Defenses against Website Fingerprinting	https://github.com/websitefingerprinting/
SAVIOR: Securing Autonomous Vehicles with Robust Physical Invariants	https://github.com/Cyphysecurity/SAVIOR.git
Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT	https://github.com/OSUSecLab/DongleScope
Walking Onions: Scaling Anonymity Networks while Protecting Users	https://git-crysp.uwaterloo.ca/iang/walkingonions
KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities	https://github.com/seclab-ucr/KOOBE
Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation	https://sites.google.com/view/shattered-chain-of-trust-under/
COUNTERFOIL: Verifying Provenance of Integrated Circuits using Intrinsic Package Fingerprints and Inexpensive Cameras	https://en.oxforddictionaries.com/definition/counterfoil
Hall Spoofing: A Non-Invasive DoS Attack on Grid-Tied Solar Inverter	https://sites.google.com/view/usenix-spoofing/home
PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems	https://github.com/SELinuxProject
Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis	https://github.com/vernamlab/Medusa
SpecFuzz: Bringing Spectre-type vulnerabilities to the surface	https://github.com/tudinfse/SpecFuzz
Cardpliance: PCI DSS Compliance of Android Applications	https://github.com/wspr-ncsu/cardpliance
VoteAgain: A scalable coercion-resistant voting system	https://github.com/spring-epfl/voteagain
Justinian’s GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent	https://bit.ly/2wjR2bb
Interpretable Deep Learning under Fire	https://github.com/ngessert/isic2018
SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust	https://github.com/SHA-mbles/sha1-cp
The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums	https://www.ipvtechresearch.org
DatashareNetwork: A Decentralized Privacy-Preserving Search Engine for Investigative Journalists	https://github.com/spring-epfl/datashare-network-crypto
Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections	https://github.com/vanhoefm/modwifi
NetWarden: Mitigating Network Covert Channels while Preserving Performance	https://github.com/jiarong0907/NetWarden
TPM-FAIL: TPM meets Timing and Lattice Attacks	https://github.com/VernamLab/TPM-Fail
Pixel: Multi-signatures for Consensus	https://github.com/algorand/pixel
Composition Kills: A Case Study of Email Sender Authentication	https://github.com/chenjj/espoofer
That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers	https://userlab.utk.edu/papers/oesch2020that
FuzzGen: Automatic Fuzzer Generation	https://github.com/HexHive/FuzzGen
FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning	https://github.com/zongpy/FuzzGuard
ParmeSan: Sanitizer-guided Greybox Fuzzing	https://github.com/vusec/parmesan
MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs	https://github.com/Lawliar/ConAFL
On Training Robust PDF Malware Classifiers	https://github.com/surrealyz/pdfclassifier
Automatic Hot Patch Generation for Android Kernels	https://sites.google.com/view/usenix-auto-patch-paper
iOS, Your OS, Everybody’s OS: Vetting and Analyzing Network Services of iOS Applications	https://github.com/pwnzen-mobile
Pancake: Frequency Smoothing for Encrypted Data Stores	https://github.com/pancake-security
Droplet: Decentralized Authorization and Access Control for Encrypted Data Streams	https://dropletchain.github.io/
Secure parallel computation on national scale volumes of data	https://github.com/sama730/National-Scale-Secure-Parallel-Computation
Delphi: A Cryptographic Inference Service for Neural Networks	https://github.com/chiraag/gazelle_mpc
USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation	https://github.com/HexHive/USBFuzz
Devil’s Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices	https://github.com/RiskySignal/Devil-Whisper-Attack
Void: A fast and light voice liveness detection system	https://keithito.com/LJ-Speech-Dataset/
Preech: A System for Privacy-Preserving Speech Transcription	https://bit.ly/2Vytbx7
ETHBMC: A Bounded Model Checker for Smart Contracts	https://github.com/RUB-SysSec/EthBMC
TXSPECTOR: Uncovering Attacks in Ethereum from Transactions	https://github.com/OSUSecLab/TxSpector

2019 (56)

Paper	Artifact
A Study of the Feasibility of Co-located App Attacks against BLE and a Large-Scale Analysis of the Current Application-Layer Security Landscape	https://github.com/projectbtle/BLECryptracer
A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link	https://seemoo.de/opendrop
Hiding in Plain Signal: Physical Signal Overshadowing Attack on LTE	https://github.com/fgsect/scat
Clinical Computer Security for Victims of Intimate Partner Violence	https://www.ipvtechresearch.org
Secure Multi-User Content Sharing for Augmented Reality Applications
Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study	https://github.com/UWCSESecurityLab/smarter-home
PAC it up: Towards Pointer Integrity using ARM Pointer Authentication	https://github.com/pointer-authentication
Origin-sensitive Control Flow Integrity	https://github.com/mustakcsecuet/OS-CFI
A Systematic Evaluation of Transient Execution Attacks and Defenses	https://github.com/IAIK/transientfail
The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks	https://github.com/tensorflow/privacy/
Improving Robustness of ML Classifiers against Realizable Evasion Attacks Using Conserved Features	https://github.com/mzweilin/
CANvas: Fast and Inexpensive Automotive Network Mapping	https://github.com/sekarkulandaivel/canvas
Losing the Car Keys: Wireless PHY-Layer Insecurity in EV Charging	https://gitlab.com/rbaker/hpgp-emis-rx
Seeing is Not Believing: Camouflage Attacks on Image Scaling Algorithms	https://github.com/beniz/deepdetect
CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning	https://github.com/ymirsky/CT-GAN
SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks	https://github.com/UzL-ITS/Spoiler
Pythia: Remote Oracles for the Masses	https://github.com/Wuklab/Pythia
HideMyApp: Hiding the Presence of Sensitive Apps on Android	https://github.com/lca1/HideMyApp
StrongChain: Transparent and Collaborative Proof-of-Work Consensus	https://github.com/ivan-homoliak-sutd/strongchain-demo/
Towards the Detection of Inconsistencies in Public Security Vulnerability Reports	https://github.com/pinkymm/inconsistency_detection
Leaky Images: Targeted Privacy Attacks in the Web	https://robinlinus.github.io/
What Are You Searching For? A Remote Keylogging Attack on Search Engine Autocomplete	https://github.com/vmonaco/kreep
Small World with High Risks: A Study of Security Threats in the npm Ecosystem	https://github.com/eslint/eslint-scope/issues/39
“Johnny, you are fired!” - Spoofing OpenPGP and S/MIME Signatures in Emails	https://github.com/RUB-NDS/Johnny-You-Are-Fired
The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR	https://github.com/francozappa/knob
Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities	https://github.com/RUB-NDS/TLS-Padding-Oracles
From IP ID to Device ID and KASLR Bypass	http://www.securitygalore.com/site3/usenix2019
When the Signal is in the Noise: Exploiting Diffix’s Sticky Noise	https://cpg.doc.ic.ac.uk/signal-in-the-noise
FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation	https://github.com/zyw-200/FirmAFL
Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms	https://github.com/espressif/esp8266-alink-v1.0
KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities	https://github.com/ww9210/kepler-cfhp
PeX: A Permission Check Analysis Framework for Linux Kernel	https://github.com/lzto/pex
ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)	https://gitlab.mpi-sws.org/vahldiek/erim
WAVE: A Decentralized Authorization Framework with Transitive Delegation	https://github.com/immesys/wave
in-toto: Providing farm-to-table guarantees for bits and bytes	https://in-toto.io
VRASED: A Verified Hardware/Software Co-Design for Remote Attestation	https://github.com/sprout-uci/vrased
IODINE: Verifying Constant-Time Execution of Hardware	https://github.com/gokhankici/iodine
Mobile Private Contact Discovery at Scale	https://contact-discovery.github.io
EverParse: Verified Secure Zero-Copy Parsers for Authenticated Message Formats	https://github.com/project-everest/everparse
JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT	https://github.com/ucbrise/jedi-protocol
The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts	https://github.com/christoftorres/HoneyBadger
Inadvertently Making Cyber Criminals Rich: A Comprehensive Study of Cryptojacking Campaigns at Internet Scale	https://coinhive.com/
Site Isolation: Process Separation for Web Sites within the Browser	https://developers.google.com/web/updates/2018/07/site-isolation
Less is More: Quantifying the Security Benefits of Debloating Web Applications	https://debloating.com
RAZOR: A Framework for Post-deployment Software Debloating	https://github.com/cxreet/razor
Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences	https://github.com/umnsec/crix/
DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis	https://github.com/Henrygwb/deepvsa/
CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software	https://github.com/SoftwareLanguagesSecurityLab/ConFIRM
Point Break: A Study of Bandwidth Denial-of-Service Attacks against Tor	https://tmodel-ccs2018.github.io
On (The Lack Of) Location Privacy in Crowdsourcing Applications	https://github.com/spring-epfl/MCSAuditing
Evaluating Differentially Private Machine Learning in Practice	https://github.com/bargavj/EvaluatingDPML
Fuzzification: Anti-Fuzzing Techniques	https://github.com/sslab-gatech/fuzzification
AntiFuzz: Impeding Fuzzing Audits of Binary Executables	https://github.com/RUB-SysSec/antifuzz
MOPT: Optimized Mutation Scheduling for Fuzzers	https://github.com/puppet-meteor/MOpt-AFL
EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers	https://github.com/enfuzz/enfuzz
GRIMOIRE: Synthesizing Structure while Fuzzing	https://github.com/RUB-SysSec/grimoire

2018 (41)

Paper	Artifact
CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition	https://sites.google.com/view/commandersong/
ACES: Automatic Compartments for Embedded Systems	https://github.com/embedded-sec/ACES
HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security	https://github.com/angr/heaphopper
Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies	https://github.com/Spirals-Team/FP-Scanner
Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies	https://github.com/DistriNet/xsr-framework
Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse	https://erb.cs.uni-saarland.de/
ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem	http://atcommands.org
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems	https://trusslab.github.io/charm/
Inception: System-Wide Security Testing of Real-World Embedded Systems Software	https://github.com/Inception-framework/
A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning	https://github.com/VTLeeLab/node-cure
Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers	https://github.com/sola-da/ReDoS-vulnerabilities
NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications	https://github.com/aalhuz/navex
How Do Tor Users Interact With Onion Services?	https://nymity.ch/onion-services/
BurnBox: Self-Revocable Encryption in a World Of Compelled Access	https://github.com/mhmughees/burnbox
An Empirical Analysis of Anonymity in Zcash	https://github.com/manganese/zcash-empirical-analysis
Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning	https://pribot.org
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries	https://github.com/Fraunhofer-AISEC/DATA
NetHide: Secure and Practical Network Topology Obfuscation	https://nethide.ethz.ch/
QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing	https://github.com/sslab-gatech/qsym
FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities	https://github.com/ww9210/Linux_kernel_exploits
Automatic Heap Layout Manipulation for Exploitation	https://sean.heelan.io/heaplayout
Return Of Bleichenbacher’s Oracle Threat (ROBOT)	https://www.tripwire.com/state-of-security/vert/return-bleichenbachers-oracle-threat-robot
The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI	http://virustotal.github.io/yara/
Understanding the Reproducibility of Crowd-reported Security Vulnerabilities	https://github.com/VulnReproduction/LinuxFlaw
Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think	https://vusec.net/projects/xlate
Meltdown: Reading Kernel Memory from User Space	https://github.com/IAIK/meltdown
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution	https://foreshadowattack.eu/
Reading Thieves’ Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces	https://sites.google.com/view/cantreader
We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS	https://github.com/chenjj/CORScanner
An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications	https://xhzhang.github.io/XPMChecker/
FANCI : Feature-based Automated NXDomain Classification and Intelligence
Fast and Service-preserving Recovery from Malware Infections Using CRIU	https://github.com/ashtonwebster/criu
Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation	https://muse-security-evaluation.github.io
When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks	https://github.com/sdsatumd
Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts	https://thehydra.io/
WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring	https://sites.google.com/site/wpseproject/
Modelling and Analysis of a Hierarchy of Distance Bounding Attacks	https://cs.bham.ac.uk/~tpc/distance-bounding-protocols/
Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets	https://sites.google.com/view/tcp-off-path-exploits/
FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps	https://github.com/SocietyMaster/FlowCog
Sensitive Information Tracking in Commodity IoT	https://github.com/IoTBench

2017 (28)

Paper	Artifact
How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel	https://github.com/UCL-CREST/
Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts	https://github.com/junxzm1990/pomp.git
CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory	https://github.com/IAIK/rowhammerjs/tree/master/native
kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels	https://github.com/RUB-SysSec/kAFL
Venerable Variadic Vulnerabilities Vanquished	https://github.com/HexHive/HexVASAN
Towards Practical Tools for Side Channel Aware Software Engineering: ‘Grey Box’ Modelling for Instruction Leakages	https://github.com/bristol-sca/ELMO
Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory	http://aka.ms/msr-cloak
DeTor: Provably Avoiding Geographic Regions in Tor	https://detor.cs.umd.edu
AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings	https://github.com/gxp18/AWare
TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication
Transcend: Detecting Concept Drift in Malware Classification Models	https://s2lab.isg.rhul.ac.uk/projects/ce
Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning	http://tigress.cs.arizona.edu/
Same-Origin Policy: Evaluation in Modern Browsers	http://www.your-sop.com
BootStomp: On the Security of Bootloaders in Mobile Devices	https://github.com/ucsb-seclab/bootstomp
Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers	https://github.com/vusec/dangsan/commit/78006af30db70e42df25b7d44352ec717f6b0802
Loophole: Timing Attacks on Shared Event Loops in Chrome	https://github.com/cgvwzq/rlang-loophole
Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers
Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions	https://github.com/cr-marcstevens/sha1collisiondetection
Vale: Verifying High-Performance Cryptographic Assembly Code	https://github.com/project-everest/vale
Towards Efficient Heap Overflow Discovery	https://github.com/ivanfratric/winafl
Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution	https://github.com/jovanbulck/sgx-pte
DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers	<github.com/ucsb-seclab/dr_checker>
Reverse Engineering x86 Processor Microcode	https://github.com/RUB-SysSec/Microcode
The Loopix Anonymity System	https://github.com/UCL-InfoSec/loopix
CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds	https://github.com/dedis/paper_chainiac
“I Have No Idea What I’m Doing” - On the Usability of Deploying HTTPS	https://caddyserver.com/
A Privacy Analysis of Cross-device Tracking	https://github.com/SebastianZimmeck/Cross_Device_Tracking
SmartPool: Practical Decentralized Pooled Mining	https://github.com/smartpool

2016 (32)

Paper	Artifact
Flip Feng Shui: Hammering a Needle in the Software Stack	https://vusec.net/projects/flip-feng-shui
Verifying Constant-Time Implementations	https://github.com/imdea-software/verifying-constant-time
Secure, Precise, and Fast Floating-Point Operations on x86 Processors	https://github.com/grievejia/tpa
uberSpark: Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor	http://uberspark.org
zxcvbn: Low-Budget Password Strength Estimation	http://github.com/dropbox/zxcvbn
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks	https://github.com/cupslab/neural_network_cracking
An Empirical Study of Textual Key-Fingerprint Representations	https://github.com/akwizgran/basic-english
Website-Targeted False Content Injection by Network Operators	https://www.netresec.com/?page=Blog&month=2016-03&post=Packet-Injection-Attacks-in-the-Wild
Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing	https://github.com/DeDiS/Cothority
Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution	https://github.com/osu-crypto/batchDualEx
Post-quantum Key Exchange–A New Hope	https://cryptojedi.org/
Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks	https://github.com/graffiti
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads	http://personalization.ccs.neu.edu/
Hidden Voice Commands	http://hiddenvoicecommands.com
ARMageddon: Cache Attacks on Mobile Devices	https://github.com/IAIK/armageddon
DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks	https://github.com/IAIK/drama
An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries	https://www.vusec.net/projects/disassembly/
Stealing Machine Learning Models via Prediction APIs	https://github.com/ftramer/Steal-ML
DROWN: Breaking TLS Using SSLv2	https://drownattack.com
Specification Mining for Intrusion Detection in Networked Control Systems	https://github.com/specification-mining-paper-usenix-2016/specification-mining
Authenticated Network Time Synchronization	https://github.com/DowlingBJ/AuthenticatedNTP
Sanctum: Minimal Hardware Extensions for Strong Software Isolation	https://github.com/pwnall/sanctum
Ariadne: A Minimal Approach to State Continuity	https://distrinet.cs.kuleuven.be/software/sce/ariadne.html
Lock It and Still Lose It –on the (In)Security of Automotive Remote Keyless Entry Systems	https://github.com/bastibl/gr-keyfob
OblivP2P: An Oblivious Peer-to-Peer Content Sharing System	https://github.com/jiayaoqijia/OblivP2P-Code
Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016	http://trackingexcavator.cs.washington.edu/
ZKBoo: Faster Zero-Knowledge for Boolean Circuits	https://github.com/Sobuno/ZKBoo
The Cut-and-Choose Game and Its Application to Cryptographic Protocols	https://github.com/cut-n-choose
Practical DIFC Enforcement on Android	http://wspr.csc.ncsu.edu/weir/
Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images	https://github.com/ProjectRetroScope/RetroScope
Identifying and Characterizing Sybils in the Tor Network	https://nymity.ch/sybilhunting/
Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles	https://networkx.github.io

2015 (18)

Paper	Artifact
Under-Constrained Symbolic Execution: Correctness Checking for Real Code	http://cs.stanford.edu/~daramos/usenix-sec-2015
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network	https://github.com/bitcoin/bitcoin/pull/6355
Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception	https://github.com/sampsyo/quala
Protocol State Fuzzing of TLS Implementations	https://github.com/yymax/x509test
Verified Correctness and Security of OpenSSL HMAC	https://github.com/PrincetonUniversity/VST/
To Pin or Not to Pin–Helping App Developers Bullet Proof Their TLS Connections	https://github.com/sfahl/mallodroid
De-anonymizing Programmers via Code Stylometry	https://github.com/calaylin/CodeStylometry
Trustworthy Whole-System Provenance for the Linux Kernel	http://linuxprovenance.org
Marionette: A Programmable Network Traffic Obfuscation System	https://github.com/kpdyer/marionette/
CONIKS: Bringing Key Transparency to End Users	https://github.com/coniks-sys/coniks-ref-implementation
Phasing: Private Set Intersection Using Permutation-based Hashing	https://github.com/encryptogroup/PSI
Meerkat: Detecting Website Defacements through Image-based Object Recognition	http://cs.ucsb.edu/~kevinbo/sec15-meerkat/legitimate.txt.bz2
How the ELF Ruined Christmas	https://github.com/ucsb-seclab/leakless
Cookies Lack Integrity: Real-World Implications	https://github.com/seccookie/ExtSecureCookie
Anatomization and Protection of Mobile Apps’ Location Privacy Threats	https://github.com/kmfawaz/LP-Doctor
PowerSpy: Location Tracking Using Mobile Device Power Analysis	https://bitbucket.org/ymcrcat/powerspy
Bohatei: Flexible and Elastic DDoS Defense	https://github.com/ddos-defense/bohatei
Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches	https://github.com/IAIK/cache_template_attacks

2014 (19)

Paper	Artifact
A Large-Scale Analysis of the Security of Embedded Firmwares	http://firmware.re/usenixsec14
Never Been KIST: Tor’s Congestion Management Blossoms with Kernel-Informed Socket Transport	http://torps.github.io/
Effective Attacks and Provable Defenses for Website Fingerprinting	https://crysp.uwaterloo.ca/software/webfingerprint/
TapDance: End-to-Middle Anticensorship without Flow Blocking	https://github.com/ewust/forge_socket/
iSeeYou: Disabling the MacBook Webcam Indicator LED	https://github.com/stevecheckoway/
Security Analysis of a Full-Body Scanner	https://radsec.org/
Password Managers: Attacks and Defenses	https://isecpartners.github.io/whitepapers/passwords/2013/11/05/Browser-Extension-Password-Managers.html
SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities	http://www.SSOScan.org/
A Look at Targeted Attacks Through the Lense of an NGO	http://slingshot.mpi-sws.org
FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack	http://www.kb.cert.org/vuls/id/976534
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks	http://www.ibm.com/support/docview.wss?uid=swg21678204
BYTEWEIGHT: Learning to Recognize Functions in Binary Code	http://bitblaze.cs.berkeley.edu/
Optimizing Seed Selection for Fuzzing	http://security.ece.cmu.edu/coverset/
LibFTE: A Toolkit for Constructing Practical, Format-Abiding Encryption Schemes	https://libfte.org/
SDDR: Light-Weight, Secure Mobile Encounters	http://www.cs.umd.edu/projects/ebn
ret2dir: Rethinking Kernel Isolation	http://www.cs.columbia.edu/~vpk/research/ret2dir/
ASM: A Programmable Interface for Extending Android Security	http://androidsecuritymodules.org
Brahmastra: Driving Apps to Test the Security of Third-Party Components	https://github.com/plum-umd/redexer
Gyrophone: Recognizing Speech from Gyroscope Signals	http://crypto.stanford.edu/gyrophone

2013 (9)

Paper	Artifact
Towards Automatic Software Lineage Inference	https://github.com/of
Securing Embedded User Interfaces: Android and Beyond	https://layercake.cs.washington.edu/
Proactively Accountable Anonymous Messaging in Verdict	https://github.com/DeDiS/Dissent
DupLESS: Server-Aided Encryption for Deduplicated Storage	http://cseweb.ucsd.edu/users/skeelvee/dupless
CacheAudit: A Tool for the Static Analysis of Cache Side Channels	http://software.imdea.org/cacheaudit
FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution	http://pages.cs.wisc.edu/davidson/fie
Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis	http://siis.cse.psu.edu/
ZMap: Fast Internet-wide Scanning and Its Security Applications	https://zmap.io/
Language-based Defenses Against Untrusted Browser Origins	http://www.defensivejs.com

2012 (8)

Paper	Artifact
Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion	http://www.cs.unc.edu/videocaptcha/
I Forgot Your Password: Randomness Attacks Against PHP Applications	http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks.html
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices	https://factorable.net
Taking Proof-Based Verified Computation a Few Steps Closer to Practicality	http://www.cs.utexas.edu/pepper
Privilege Separation in HTML5 Applications	http://github.com/devd/html5privsep
kGuard: Lightweight Kernel Protection against Return-to-User Attacks	http://www.cs.columbia.edu/~vpk/research/kguard/
Privacy-Preserving Social Plugins	http://www.cs.columbia.edu/~kontaxis/
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider	https://github.com/scrosby/fastsig

2011 (6)

Paper	Artifact
mCarve: Carving Attributed Dump Sets.	http://satoss.uni.lu/mcarve
QUIRE: Lightweight Provenance for Smart Phone Operating Systems.	http://developer.android.com/guide/market/billing/billing_best_practices.html
A Study of Android Application Security.	http://siis.cse.psu.edu/ded/
Faster Secure Two-Party Computation Using Garbled Circuits.	http://MightBeEvil.org
ADsafety: Type-Based Verification of JavaScript Sandboxing.	<cs.brown.edu/research/plt/dl/adsafety/v1>
Telex: Anticensorship in the Network Infrastructure.	https://telex.cc

2010 (5)

Paper	Artifact
SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics.	http://www.sepia.ee.ethz.ch
Chipping Away at Censorship Firewalls with User-Generated Content.	http://www.gtnoise.net/collage/
ZKPDL: A Language-Based System for Efficient Zero-Knowledge Proofs and Electronic Cash.	http://github.com/brownie/cashlib
Automatic Generation of Remediation Procedures for Malware Infections.	http://www.cs.wisc.edu/~mfredrik/remediate
Capsicum: Practical Capabilities for UNIX.	http://www.cl.cam.ac.uk/research/security/capsicum/

2009 (2)

Paper	Artifact
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine.	http://www.gtnoise.net/
VPriv: Protecting Privacy in Location-Based Vehicular Services.	http://cartel.csail.mit.edu/#vpriv.2

2008 (4)

Paper	Artifact
Helios: Web-based Open-Audit Voting.	http://heliosvoting.org
Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs.	http://adeona.cs.washington.edu/
An Improved Clock-skew Measurement Technique for Revealing Hidden Services.	http://www.cl.cam.ac.uk/~sjm217/
Highly Predictive Blacklisting.

2007 (3)

Paper	Artifact
SIF: Enforcing Confidentiality and Integrity in Web Applications.	http://www.cs.cornell.edu/jif
BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation.	<www.cyber-ta.org/botHunter/>
OSLO: Improving the Security of Trusted Computing.	http://os.inf.tu-dresden.de/~kauer/oslo

2005 (3)

Paper	Artifact
Fixing Races for Fun and Profit: How to Abuse atime.	http://nikita.ca/
Stronger Password Authentication Using Browser Extensions.	http://crypto.stanford.edu/PwdHash
Where's the FEEB? The Effectiveness of Instruction Set Randomization.	http://www.cs.virginia.edu/feeb

2004 (1)

Paper	Artifact
A Virtual Honeypot Framework.	http://www.citi.umich.edu/u/provos/honeyd/

2003 (2)

Paper	Artifact
Static Analysis of Executables to Detect Malicious Patterns.	http://www.cs.wisc.edu/wisa
SSL Splitting: Securely Serving Data from Untrusted Caches.	http://pdos.lcs.mit.edu/barnraising/

2002 (2)

Paper	Artifact
Infranet: Circumventing Web Censorship and Surveillance.	http://nms.lcs.mit.edu/projects/infranet
How to Own the Internet in Your Spare Time.	http://www.icir.org/vern

2001 (6)

Paper	Artifact
A Method for Fast Revocation of Public Key Certificates and Security Capabilities.	http://crypto.stanford.edu/semmail/
FormatGuard: Automatic Protection From printf Format String Vulnerabilities.	http://immunix.org
The Dos and Don'ts of Client Authentication on the Web.	http://pdos.lcs.mit.edu/asrg/
SC-CFS: Smartcard Secured Cryptographic File System.	http://www.citi.umich.edu/projects/smartcard/sc-cfs.html
Statically Detecting Likely Buffer Overflow Vulnerabilities.	http://www.wu-ftpd.org
Defending Against Statistical Steganalysis.