|
Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
The Impostor Among US(B): Off-Path Injection Attacks on USB Communications
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Improving Logging to Reduce Permission Over-Granting Mistakes
|
|
|
|
Artifact
Appendix
|
|
|
(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
PUMM: Preventing Use-After-Free Using Execution Unit Partitioning
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Isolated and Exhausted: Attacking Operating Systems via Site Isolation in the Browser
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Security and Privacy Failures in Popular 2FA Apps
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
NVLeak: Off-Chip Side-Channel Attacks via Non-Volatile Memory Systems
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Linear Private Set Union from Multi-Query Reverse Private Membership Test
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Device Tracking via Linux's New TCP Source Port Selection Algorithm
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
|
|
|
|
Artifact
Appendix
|
|
|
Automated Security Analysis of Exposure Notification Systems
|
|
|
|
Artifact
Appendix
|
|
|
Squint Hard Enough: Attacking Perceptual Hashing with Adversarial Machine Learning
|
|
|
|
Appendix
|
Author's link
|
|
One Server for the Price of Two: Simple and Fast Single-Server Private Information Retrieval
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Decompiling x86 Deep Neural Network Executables
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
PolyFuzz: Holistic Greybox Fuzzing of Multi-Language Systems
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Are Consumers Willing to Pay for Security and Privacy of IoT Devices?
|
|
|
|
Artifact
Appendix
|
|
|
Reassembly is Hard: A Reflection on Challenges and Strategies
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
A comprehensive, formal and automated analysis of the EDHOC protocol
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Multi-Factor Key Derivation Function (MFKDF) for Fast, Flexible, Secure, & Practical Key Management
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
HOLMES: Efficient Distribution Testing for Secure Collaborative Learning
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Duoram: A Bandwidth-Efficient Distributed ORAM for 2- and 3-Party Computation
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
NRDelegationAttack: Complexity DDoS attack on DNS Recursive Resolvers
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Pool-Party: Exploiting Browser Resource Pools as Side-Channels for Web Tracking
|
|
|
|
Artifact
Appendix
|
|
|
Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Eos: Efficient Private Delegation of zkSNARK Provers
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Trojan Source: Invisible Vulnerabilities
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Educators’ Perspectives of Using (or Not Using) Online Exam Proctoring
|
|
|
|
Artifact
Appendix
|
|
|
Every Vote Counts: Ranking-Based Training of Federated Learning to Resist Poisoning Attacks
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Side-Channel Attacks on Optane Persistent Memory
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Credit Karma: Understanding Security Implications of Exposed Cloud Services through Automated Capability Inference
|
|
|
|
Artifact
Appendix
|
|
|
Minimalist: Semi-automated Debloating of PHP Web Applications through Static Analysis
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
An Efficient Design of Intelligent Network Data Plane
|
|
|
|
Artifact
Appendix
|
|
|
AutoFR: Automated Filter Rule Generation for Adblocking
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Aegis: Mitigating Targeted Bit-flip Attacks against Deep Neural Networks
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs
|
|
|
|
Artifact
Appendix
|
|
|
Capstone: A Capability-based Foundation for Trustless Secure Memory Access
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
ARMore: Pushing Love Back Into Binaries
|
|
|
|
Artifact
Appendix
|
|
|
USLH: Taking Speculative Load Hardening to the Next Level
|
|
|
|
Artifact
Appendix
|
|
|
BunnyHop: Exploiting the Instruction Prefetcher
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Formal Analysis of Session-Handling in Secure Messaging: Lifting Security from Sessions to Conversations
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Formal Analysis of SPDM: Security Protocol and Data Model version 1.2
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
VeriZexe: Decentralized Private Computation with Universal Setup
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
IvySyn: Automated Vulnerability Discovery in Deep Learning Frameworks
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Practical Asynchronous High-threshold Distributed Key Generation and Distributed Polynomial Sampling
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Meta-Sift: How to Sift Out a Clean Subset in the Presence of Data Poisoning?
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
ACon2: Adaptive Conformal Consensus for Provable Blockchain Oracles
|
|
|
|
Artifact
Appendix
|
|
|
autofz: Automated Fuzzer Composition at Runtime
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Hiding in Plain Sight: An Empirical Study of Web Application Abuse in Malware
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Authenticated private information retrieval
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Understand Users’ Privacy Perception and Decision of V2X Communication in Connected Autonomous Vehicles
|
|
|
|
Artifact
Appendix
|
|
|
Lalaine: Measuring and Characterizing Non-Compliance of Apple Privacy Labels at Scale
|
|
|
|
Artifact
Appendix
|
|
|
Controlled Data Races in Enclaves: Attacks and Detection
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Prime Match: A Privacy Preserving Inventory Matching System
|
|
|
|
Appendix
|
|
|
The Gates of Time: Improving Cache Attacks with Transient Execution
|
|
|
|
Artifact
Appendix
|
|
|
TreeSync: Authenticated Group Management for Messaging Layer Security
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
ICSPatch: Automated Vulnerability Localization and Non-Intrusive Hotpatching in Industrial Control Systems using Data Dependence Graphs
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
ProSpeCT: Provably Secure Speculation for the Constant-Time Policy
|
|
|
|
Artifact
Appendix
|
Author's link ✓
|
|
FISHFUZZ: Catch Deeper Bugs by Throwing Larger Nets
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
TAP: Transparent and Privacy-Preserving Data Services
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
SpectrEM: Exploiting Electromagnetic Emanations During Transient Execution
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
PET: Prevent Discovered Errors from Being Triggered in the Linux Kernel
|
|
|
|
Artifact
Appendix
|
|
|
HorusEye: A Realtime IoT Malicious Traffic Detection Framework using Programmable Switches
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Instructions Unclear: Undefined Behaviour in Cellular Network Specifications
|
|
|
|
Artifact
Appendix
|
|
|
Spying through Your Voice Assistants: Realistic Voice Command Fingerprinting
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Exploring the Unknown DTLS Universe: Analysis of the DTLS Server Ecosystem on the Internet
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
No more Reviewer #2: Subverting Automatic Paper-Reviewer Assignment using Adversarial Learning
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
PoliGraph: Automated Privacy Policy Analysis using Knowledge Graphs
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Is Your Wallet Snitching On You? An Analysis on the Privacy Implications of Web3
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Hoedur: Embedded Firmware Fuzzing using Multi-Stream Inputs
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
SANDDRILLER: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Unique Identification of 50,000+ Virtual Reality Users from Head & Hand Motion Data
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Auditory Eyesight: Demystifying μs-Precision Keystroke Tracking Attacks on Unconstrained Keyboard Inputs
|
|
|
|
Artifact
Appendix
|
|
|
Mitigating Security Risks in Linux with KLAUS -- A Method for Evaluating Patch Correctness
|
|
|
|
Artifact
Appendix
|
|
|
A Verified Confidential Computing as a Service Framework for Privacy Preservation
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
DAFL: Directed Grey-box Fuzzing guided by Data Dependency
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
WaterBear: Asynchronous BFT with Information-Theoretic Security and Quantum Security
|
|
|
|
Artifact
Appendix
|
|
|
Forming Faster Firmware Fuzzers
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
A Bug's Life: Analyzing the Lifecycle and Mitigation Process of Content Security Policy Bugs
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
ACFA: Secure Runtime Auditing & Guaranteed Device Healing via Active Control Flow Attestation
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Remote Direct Memory Introspection
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
BoKASAN: Binary-only Kernel Address Sanitizer for Effective Kernel Fuzzing
|
|
|
|
Artifact
Appendix
|
|
|
CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
ARI: Attestation of Real-time Mission Execution Integrity
|
|
|
|
Artifact
Appendix
|
|
|
Guarding Serverless Applications with Kalium
|
|
|
|
Artifact
Appendix
|
|
|
Uncontained: Uncovering Container Confusion in the Linux Kernel
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
HECO: Fully Homomorphic Encryption Compiler
|
|
|
|
Artifact
Appendix
|
|
|
Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories
|
|
|
|
Artifact
Appendix
|
|
|
Systematic Assessment of Fuzzers using Mutation Analysis
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Powering Privacy: On the Energy Demand and Feasibility of Anonymity Networks on Smartphones
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Inception: Exposing New Attack Surfaces with Training in Transient Execution
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
FloatZone: Accelerating Memory Error Detection using the Floating Point Unit
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Cookie Crumbles: Breaking and Fixing Web Session Integrity
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Precise and Generalized Robustness Certification for Neural Networks
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
URET: Universal Robustness Evaluation Toolkit (for Evasion)
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
PrivateFL: Accurate, Differentially Private Federated Learning via Personalized Data Transformation
|
|
|
|
Artifact
Appendix
|
|
|
How Effective is Multiple-Vantage-Point Domain Control Validation?
|
|
|
|
Artifact
Appendix
|
|
|
SQIRL: Grey-Box Detection of SQL Injection Vulnerabilities Using Reinforcement Learning
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Towards A Proactive ML Approach for Detecting Backdoor Poison Samples
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
TVA: A multi-party computation system for secure and expressive time series analytics
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
McFIL: Model Counting Functionality-Inherent Leakage
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
DeResistor: Toward Detection-Resistant Probing for Evasion of Internet Censorship
|
|
|
|
Artifact
Appendix
|
|
|
Calpric: Inclusive and Fine-grain Labeling of Privacy Policies with Crowdsourcing and Active Learning
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
EnigMap: External-Memory Oblivious Map for Secure Enclaves
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Erebus: Access Control for Augmented Reality Systems
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Towards Targeted Obfuscation of Adversarial Unsafe Images using Reconstruction and Counterfactual Super Region Attribution Explainability
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
VulChecker: Graph-based Vulnerability Localization in Source Code
|
|
|
|
Artifact
Appendix
|
|
|
Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Automated Analysis of Protocols that use Authenticated Encryption: How Subtle AEAD Differences can impact Protocol Security
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Smart Learning to Find Dumb Contracts
|
|
|
|
Artifact
Appendix
|
|
|
Cheesecloth: Zero-Knowledge Proofs of Real World Vulnerabilities
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
The OK Is Not Enough: A Large Scale Study of Consent Dialogs in Smartphone Applications
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
A Peek into the Metaverse: Detecting 3D Model Clones in Mobile Games
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
XCheck: Verifying Integrity of 3D Printed Patient-Specific Devices via Computing Tomography
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
SMACK: Semantically Meaningful Adversarial Audio Attack
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant APIs in WeChat
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
BASECOMP: A Comparative Analysis for Integrity Protection in Cellular Baseband Software
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Not All Data are Created Equal: Data and Pointer Prioritization for Scalable Protection Against Data-Oriented Attacks
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Security Analysis of MongoDB Queryable Encryption
|
|
|
|
Artifact
Appendix
|
|
|
Evading Provenance-Based ML Detectors with Adversarial System Actions
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
BotScreen: Trust Everybody, but Cut the Aimbots Yourself
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
GigaDORAM: Breaking the Billion Address Barrier
|
|
|
|
Artifact
Appendix
|
|
|
SAFER: Efficient and Error-Tolerant Binary Instrumentation
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Curve Trees: Practical and Transparent Zero-Knowledge Accumulators
|
|
|
|
Artifact
Appendix
|
Author's link
|
|
Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables
|
|
|
|
Artifact
Appendix
|
|