Registered attendees should have received an email from ieeesp@executivevents.com on May 15 with details on how to access our online conference. If you registered to the event and are having issues, please email ieeesp@executivevents.com.

May 18

Opening Remarks, Paper Awards, and Test of Time Awards

Rooms 1, 2 & 3

08:00AM - 09:20AM

Session #1 Paper Previews

Rooms 1, 2 & 3

09:20AM - 09:30AM

Session #1: Microarchitectural Security

Room 1

09:30AM - 10:50AM

Session chair: Hovav Shacham (UT Austin)

Spectector: Principled Detection of Speculative Information Flows
Marco Guarnieri (IMDEA Software Institute), Boris Köpf (Microsoft Research), José Morales (IMDEA Software Institute), Jan Reineke (Saarland University), Andrés Sánchez (IMDEA Software Institute)

NetCAT: Practical Cache Attacks for the Network
Michael Kurth (Vrije Universiteit Amsterdam, The Netherlands; ETH Zurich, Switzerland), Ben Gras (Vrije Universiteit Amsterdam, The Netherlands), Dennis Andriesse (Vrije Universiteit Amsterdam, The Netherlands), Cristiano Giuffrida (Vrije Universiteit Amsterdam, The Netherlands), Herbert Bos (Vrije Universiteit Amsterdam, The Netherlands), Kaveh Razavi (Vrije Universiteit Amsterdam, The Netherlands)

SPECCFI: Mitigating Spectre Attacks Using CFI Imformed Speculation
Esmaeil Mohammadian Koruyeh (University of California, Riverside), Shirin Hajl Amin Shirazi (University of California, Riverside), Khaled Khasawneh (George Mason University), Chengyu Song (University of California, Riverside), Nael Abu-Ghazaleh (University of California, Riverside)

LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection
Jo Van Bulck (imec-DistriNet, KU Leuven), Daniel Moghimi (Worchester Polytechnic Institute), Michael Schwarz (Graz University of Technology), Moritz Lipp (Graz University of Technology), Marina Minkin (University of Michigan), Daniel Genkin (University of Michigan), Yuval Yarom (University of Adalaide and Data61), Berk Sunar (Worchester Polytechnic Institute), Daniel Gruss (Graz University of Technology), Frank Piessens (imec-DistriNet, KU Leuven)

Session #1: Blockchain I

Room 2

09:30AM - 10:50AM

Session chair: Aniket Kate (Purdue University)

HydRand: Efficient Continuous Distributed Randomness
Philipp Schindler (SBA Research), Aljosha Judmayer (SBA Research), Nicholas Stifter (SBA Research / TU Wien), Edgar Weippl (SBA Research / TU Wien)

OHIE: Blockchain Scaling Made Simple
Haifeng Yu (National University of Singapore), Ivica Nikolic (National University of Singapore), Ruomu Hou (National University of Singapore), Prateek Saxena (National University of Singapore)

Sync HotStuff: Simple and Practical Synchronous State Machine Replication
Ittai Abraham (Vmware Research), Dahlia Malkhi (Calibra), Kartik Nayak (Duke University), Ling Ren (University of Illinois at Urbana-Champaign), Maofan Yin (Cornell University)

Replicated State Machines Without Replicated Execution
Jonathan Lee (Microsoft Research), Kirill Nikitin (EPFL), Srinath Setty (Microsoft Research)

Session #1: Anonymity and Censorship

Room 3

09:30AM - 10:50AM

Session chair: Dave Levin (University of Maryland)

ICLab: A Global, Longitudinal Internet Censorship Measurement Platform
Arian Akhavan Niaki (University of Massachusetts, Amherst), Shinyoung Cho (University of Massachusetts, Amherst / Stony Brook University), Zachary Weinberg (Carnegie Mellon University), Nguyen Phong Hoang (Stony Brook University), Abbas Razaghpanah (Stony Brook University), Nicholas Christin (Carnegie Mellon University), Phillipa Gill (Stony Brook University)

High Precision Open-World Website Fingerprinting
Tao Wang (Hong Kong University of Science and Technology)

Breaking and (Partially) Fixing Provably Secure Onion Routing
Christiane Kuhn (KIT Karlsruhe), Martin Beck (TU Dresden), Thorsten Strufe (Karlsruhe Institute of Technology (KIT) and Centre of Tactile Internet (TU Dresden))

Are Anonymity-Seekers Just Like Everybody Else? An Analysis of Contributions to Wikipedia from Tor
Chau Tran (New York University), Kaylea Champion (University of Washington), Andrea Forte (Drexel University), Benjamin Mako Hill (University of Washington), Rachel Greenstadt (New York University)

Session #1 Paper Q&A

Rooms 1, 2 & 3

10:50AM - 11:10AM

Session #2 Paper Previews

Rooms 1, 2 & 3

11:10AM - 11:20AM

Session #2: Sensors and Emanations

Room 1

11:20AM - 12:20PM

Session chair: Aanjhan Ranganathan (Northeastern University)

Detection of Electromagnetic Interference Attacks on Sensor Systems
Youqian Zhang (University of Oxford), Kasper Rasmussen (University of Oxford)

WaveSpy: Remote and Through-wall Screen Attack via mmWave Sensing
Zhengxiong Li (University of Buffalo, SUNY), Fenglong Ma (University of Buffalo, SUNY), Aditya Singh Rathore (University of Buffalo, SUNY), Zhuolin Yang (University of Buffalo, SUNY), Baicheng Chen (University of Buffalo, SUNY), Lu Su (University of Buffalo, SUNY), Wenyao Xu (University of Buffalo, SUNY)

SoK: A Minimalist Approach to Formalizing Analog Sensor Security
Chen Yan (Zhejiang University), Hocheol Shin (KAIST), Connor Bolton (University of Michigan), Wenyuan Xu (Zhejiang University), Yongdae Kim (KAIST), Kevin Fu (University of Michigan)

Session #2: Authentication

Room 2

11:20AM - 12:20PM

Session chair: Henry Corrigan-Gibbs (EPFL and MIT CSAIL)

Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection Policies
Eunyong Cheon (UNIST, Republic of Korea), Yonghwan Shin (UNIST, Republic of Korea), Jun Ho Huh (Samsung Research, Republic of Korea), Hyoungshick Kim (Sungkyunkwan University, Republic of Korea), Ian Oakley (UNIST, Republic of Korea)

Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication
Sanam Ghorbani Lyastani (CISPA Helmholtz Center for Information Security, Germany), Michael Schilling (CISPA Helmholtz Center for Information Security, Germany), Michaela Neumayr (CISPA Helmholtz Center for Information Security, Germany), Michael Backes (CISPA Helmholtz Center for Information Security, Germany), Sven Bugiel (CISPA Helmholtz Center for Information Security, Germany)

This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
Philipp Markert (Ruhr University Bochum), Daniel Bailey (Ruhr University Bochum), Maximilian Golla (Max Planck Institute for Security and Privacy), Markus Dürmuth (Ruhr University Bochum), Adam Aviv (The George Washington University)

Session #2: Machine Learning and Privacy

Room 3

11:20AM - 12:20PM

Session chair: Piotr Mardziel (Carnegie Mellon University)

The Value of Collaboration in Convex Machine Learning with Differential Privacy
Nan Wu (Macquarie University), Farhad Farokhi (CSIRO's Data61 / The University of Melbourne), David Smith (CSIRO's Data61 / Austrailian National University), Mohamed Ali Kaafar (CSIRO's Data61 / Macquarie University)

Automatically Detecting Bystanders in Photos to Reduce Privacy Risks
Rakibul Hasan (Indiana University), David Crandall (Indiana University), Mario Fritz (CISPA Helmholtz Center for Information Security, Germany), Apu Kapadia (Indiana University)

CrypTFlow : Secure TensorFlow Inference
Nishant Kumar (Microsoft Research, India), Mayank Rathee (Microsoft Research, India), Nishanth Chandran (Microsoft Research, India), Divya Gupta (Microsoft Research, India), Aseem Rastogi (Microsoft Research, India), Rahul Sharma (Microsoft Research, India)

Session #2 Paper Q&A

Rooms 1, 2 & 3

12:20PM - 12:40PM

Lunch Break / BoF

Rooms 1 & 2

12:40PM - 01:20PM

An Intel-Sponsored Debate: Apocalypse Preparedness | Mount the Defenses
It's said that a worker is only as good as their tools; but in an age of limited time and resources, which tool is best? We ask two experts: when only one method of security testing can reign supreme, which would you trust?

Session #3 Paper Previews

Rooms 1, 2 & 3

01:20PM - 01:30PM

Session #3: Differential Privacy

Room 2

01:30PM - 02:50PM

Session chair: Raluca Ada Popa (UC Berkeley)

SoK: Differential Privacy as a Causal Property
Michael Carl Tschantz (International Computer Science Institute), Shayak Sen (Carnegie Melon University), Anupam Datta (Carnegie Melon University)

Private Resource Allocators and Their Applications
Sebastian Angel (University of Pennsylvania), Sampath Kannan (University of Pennsylvania), Zachary Ratliff (Raytheon BBN Technologies)

Towards Effective Differential Privacy Communication for Users' Data Sharing Decision and Comprehension
Aiping Xiong (Penn State University), Tianhao Wang (Purdue University), Ninghui Li (Purdue University), Somesh Jha (University of Wisconsin-Madison)

A Programming Framework for Differential Privacy with Accuracy Concentration Bounds
Elisabet Lobo-Vesga (Chalmers University of Technology), Alejandro Russo (Chalmers University of Technology), Marco Gaboardi (Boston University)

Session #3: Internet of Things

Room 3

01:30PM - 02:50PM

Session chair: Xiaojing Liao (Indiana University Bloomington)

Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products
Philipp Morgner (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Christoph Mai (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Nicole Koschate-Fischer (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Felix Freiling (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Zinaida Benenson (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU))

Ask the Experts: What Should Be on an IoT Privacy and Security Label?
Pardis Emami-Naeini (Carnegie Mellon University), Yuvraj Agarwal (Carnegie Mellon University), Lorrie Faith Cranor (Carnegie Mellon University), Hanan Hibshi (Carnegie Mellon University)

Burglars' IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds
Yan Jia (Xidian University / University of Chinese Academy of Sciences / Indana University at Bloomington), Luyi Xing (Indiana University at Bloomington), Yuhang Mao (Xidian University / University of Chinese Academy of Sciences), Dongfang Zhao (Indiana University at Bloomington), XiaoFeng Wang (Indiana University at Bloomington), Shangru Zhao (Xidian University / University of Chinese Academy of Sciences), Yuqing Zhang (Xidian University / University of Chinese Academy of Sciences)

Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses
Sunil Manandhar (William & Mary), Kevin Moran (William & Mary), Kaushal Kafle (William & Mary), Ruhao Tang (William & Mary), Denys Poshyvanyk (William & Mary), Adwait Nadkarni (William & Mary)

Session #3: Wireless Protocols

Room 1

01:30PM - 02:50PM

Session chair: Kasper Rasmussen (University of Oxford)

Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement
Patrick Leu (ETH Zurich), Mridula Singh (ETH Zurich), Marc Roeschlin (ETH Zurich), Kenneth Paterson (ETH Zurich), Srdjan Capkun (ETH Zurich)

Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
Mathy Vanhoef (New York University Abu Dhabi), Eyal Ronen (Tel Aviv University / KU Leuven)

Even Black Cats Cannot Stay Hidden in the Dark: Full-band De-anonymization of Bluetooth Classic Devices
Marco Cominelli (CNIT / University of Brescia), Francesco Gringoli (CNIT / University of Brescia), Margus Lind (Context Information Security, Scotland), Paul Patras (The University of Edinburgh), Guevara Noubir (Northeastern University)

BIAS: Bluetooth Impersonation AttackS
Daniele Antonioli (École Polytechnique Fédérale de Lausanne (EPFL)), Nils Ole Tippenhauer (CISPA Helmholtz Center for Information Security, Germany), Kasper Rasmussen (University of Oxford)

Session #3 Paper Q&A

Rooms 1, 2 & 3

02:50PM - 03:10PM

Virtual Poster Reception

Rooms 1 & 2

03:10PM - 04:00PM

Room 1	1	The Marriage of Fully Homomorphic Encryption and Blockchain
	2	Poster: Nebula: an Industrial-purpose Privacy-preserving Machine Learning System
	3	Query-Efficient Adversarial Attack Framework by Utilizing Transfer Gradients
	4	A Secure Plausibly Deniable System for Mobile Devices against Multi-snapshot Adversaries
	5	Poster: Transparent Certificate Revocation for CBE Based on Blockchain
	6	Poster: Defining Actionable Rules for Verifying IoT Security
	7	Ensemble Learning-Based Detection of Office Malware
	8	Privacy-Preserving Contact Tracing of COVID-19 Patients
	9	Incorporating Malware Detection into The Flash Translation Layer
Room 2	1	Android IME Privacy Leakage Analyzer
	2	Evolution of Adblock Plus's Acceptable Ads
	3	Ultimate Power of Inference Attacks: Privacy Risks of Learning High-Dimensional Graphical Models
	4	Poster: Perceptions of Handling Sensitive Data in Cloud Office Applications
	5	Poster: Sharing Expertise and Artifacts for Reuse through Cybersecurity Community Hub (SEARCCH)
	6	Poster: Privacy Risks of Explaining Machine Learning Models
	7	Safe and Sound: Approximately-Optimal Black-box Model Explanations with Differential Privacy
	8	Poster: When Brave Hurts Privacy: Why Too Many Choices do More Harm Than Good

Speed Mentoring

Rooms 1, 2 & 3

04:00PM - 05:30PM

May 19

Session #4 Paper Previews

Rooms 1, 2 & 3

08:00AM - 08:10AM

Session #4: Memory Safety

Room 1

08:10AM - 09:30AM

Session chair: Christian Rossow (CISPA)

xMP: Selective Memory Protection for Kernel and User Space
Sergej Proskurin (Technical University of Munich), Marius Momeu (Technical University of Munich), Seyedhamed Ghavamnia (Stony Brook University), Vasileios Kemerlis (Brown University), Michalis Polychronakis (Stony Brook University)

MarkUs: Drop-in use-after-free prevention for low-level languages
Sam Ainsworth (University of Cambridge), Timothy Jones (University of Cambridge)

SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation
Zhe Wang (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Chenggang Wu (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Mengyao Xie (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Yinqian Zhang (The Ohio State University), Kangjie Lu (University of Minnesota), Xiaofeng Zhang (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Yuanming Lai (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Yang Kang (Institute of Computing Technology, CAS), Min Yang (Fudan University)

Cornucopia: Temporal Safety for CHERI Heaps
Nathaniel Wesley Filardo (University of Cambridge), Brett F. Gutstein (University of Cambridge), Jonathan Woodruff (University of Cambridge), Sam Ainsworth (University of Cambridge), Lucian Paul-Trifu (University of Cambridge), Brooks Davis (SRI International), Hongyan Xia (University of Cambridge), Edward Tomasz Napierala (University of Cambridge), Alexander Richardson (University of Cambridge), John Baldwin (Ararat River Consulting), David Chisnall (Microsoft Research / University of Cambridge), Jessica Clarke (University of Cambridge), Khilan Gudka (University of Cambridge), Alexandre Joannou (University of Cambridge), A. Theodore Markettos (University of Cambridge), Alfredo Mazzinghi (University of Cambridge), Robert Norton (University of Cambridge), Michael Roe (University of Cambridge), Peter Sewell (University of Cambridge), Stacey Son (University of Cambridge), Timothy M. Jones (University of Cambridge), Simon Moore (University of Cambridge), Peter G. Neumann (SRI International), Robert N. M. Watson (University of Cambridge)

Session #4: Computing and Society

Room 2

08:10AM - 09:30AM

Session chair: Elissa Redmiles (Microsoft Research)

The Many Kinds of Creepware Used for Interpersonal Attacks
Kevin Roundy (NortonLifeLock Research Group), Paula Barmaimon Mendelberg (Cornell Tech), Nicola Dell (Cornell Tech), Damon McCoy (New York University), Daniel Nissani (Cornell Tech), Thomas Ristenpart (Cornell Tech), Acar Tamersoy (NortonLifeLock Research Group)

How Not to Prove Your Election Outcome
Thomas Haines (Norweigian University of Science and Technology), Sarah Jamie Lewis (Open Privacy Research Society), Olivier Pereira (UCLouvian ICTEAM), Vanessa Teague (The University of Melbourne)

A Security Analysis of the Facebook Ad Library
Laura Edelson (New York University), Tobias Lauinger (New York University), Damon McCoy (New York University)

Can Voters Detect Malicious Manipulation of Ballot Marking Devices?
Matthew Bernhard (University of Michigan), Allison McDonald (University of Michigan), Henry Meng (University of Michigan), Jensen Hwa (University of Michigan), Nakul Bajaj (The Harker School), Kevin Chang (University of Michigan), J. Alex Halderman (University of Michigan)

Session #4: Multiparty Computation

Room 3

08:10AM - 09:30AM

Session chair: Emily Shen (MIT Lincoln Laboratory)

Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers
Chun Guo (Université catholique de Louvain), Jonathan Katz (University of Maryland), Xiao Wang (Northwestern University), Yu Yu (Shanghai Jiao Tong University)

Path Oblivious Heap: Optimal and Practical Oblivious Priority Queue
Elaine Shi (Cornell University)

Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof
Jiaheng Zhang (UC Berkeley), Tiancheng Xie (UC Berkeley), Yupeng Zhang (Texas A&M University), Dawn Song (UC Berkeley)

Towards Scalable Threshold Cryptosystems
Alin Tomescu (MIT CSAIL), Robert Chen (MIT PRIMES / Lexington High School), Yiming Zheng (MIT PRIMES / Lexington High School), Ittai Abraham (VMware Research), Benny Pinkas (VMware Research / Bar Ilan University), Guy Golan Gueta (VMware Research), Srinivas Devadas (MIT CSAIL)

Session #4 Paper Q&A

Rooms 1, 2 & 3

09:30AM - 09:50AM

Session #5 Paper Previews

Rooms 1, 2 & 3

09:50AM - 10:00AM

Session #5: Web Privacy

Room 1

10:00AM - 11:20AM

Session chair: Joe Calandrino (Federal Trade Commission)

AdGraph: A Graph-Based Approach to Ad and Tracker Blocking
Umar Iqbal (University of Iowa / Brave Software), Peter Snyder (Brave Software), Shitong Zhu (UC Riverside), Benjamin Livshits (Brave Software / Imperial College London), Zhiyun Qian (UC Riverside), Zubair Shafiq (University of Iowa)

Browsing Unicity: On the Limits of Anonymizing Web Tracking Data
Clemens Deußer (TU Dresden), Steffen Passmann (INFOnline GMbH), Thorsten Strufe (Karlsruhe Institute of Technology (KIT) and Centre of Tactile Internet (TU Dresden))

Do Cookie Banners Respect My Choice? Measuring Legal Compliance of Banners from IAB Europe's Transparancy and Consent Framework
Célestin Matte (Inria, France), Nataliia Bielova (Inria, France), Cristiana Santos (Inria, France)

Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers
Brian Kondracki (Stony Brook University), Assel Aliyeva (Boston University), Manuel Egele (Boston University), Jason Polakis (University of Illinios at Chicago), Nick Nikiforakis (Stony Brook University)

Session #5: Rowhammer

Room 2

10:00AM - 11:20AM

Session chair: Michael Franz (UC Irvine)

RAMBleed: Reading Bits in Memory Without Accessing Them
Andrew Kwong (University of Michigan), Daniel Genkin (University of Michigan), Daniel Gruss (Graz University of Technology), Yuval Yarom (University of Adalaide and Data61)

Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers
Lucian Cojocar (Microsoft Research), Jeremie Kim (ETH Zurich, CMU), Minesh Patel (ETH Zurich), Lillian Tsai (MIT), Stefan Saroiu (Microsoft Research), Alec Wolman (Microsoft Research), Onur Mutlu (ETH Zurich, CMU)

Leveraging EM Side-Channel Information to Detect Rowhammer Attacks
Zhenkai Zhang (Texas Tech University), Zihao Zhan (Vanderbilt University), Daniel Balasubramanian (Vanderbilt University), Bo Li (Univeristy of Illinios at Urbana-Champaign), Peter Volgyesi (Vanderbilt University), Xenofon Koutsoukos (Vanderbilt University)

TRRespass: Exploiting the Many Sides of Target Row Refresh
Pietro Frigo (Vrije Universiteit Amsterdam, The Netherlands), Emanuele Vannacci (Vrije Universiteit Amsterdam, The Netherlands), Hasan Hassan (ETH Zürich), Victor van der Veen (Qualcomm Technologies, Inc.), Onur Mutlu (ETH Zürich), Cristiano Giuffrida (Vrije Universiteit Amsterdam, The Netherlands), Herbert Bos (Vrije Universiteit Amsterdam, The Netherlands), Kaveh Razavi (Vrije Universiteit Amsterdam, The Netherlands)

Session #5: Blockchain II

Room 3

10:00AM - 11:20AM

Session chair: Neha Narula (MIT Media Lab)

A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network
Muoi Tran (National University of Singapore), Inho Choi (National University of Singapore), Gi Jun Moon (Korea University), Anh Vu (Japan Advanced Institute of Science and Technology), Min Suk Kang (National University of Singapore)

Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability
Philip Daian (Cornell Tech), Steven Goldfeder (Cornell Tech), Tyler Kell (Cornell Tech), Yunqi Li (UIUC), Xueyuan Zhao (Carnegie Mellon University), Iddo Bentov (Cornell Tech), Lorenz Breidenbach (ETH Zurich), Ari Juels (Cornell Tech)

FlyClient: Super-Light Clients for Cryptocurrencies
Benedikt Bünz (Stanford University), Lucianna Kiffer (Northeastern University), Loi Luu (Kyber Network), Mahdi Zamani (Visa Research)

ZEXE: Enabling Decentralized Private Computation
Sean Bowe (Zcash), Alessandro Chiesa (University of California, Berkeley), Matthew Green (Johns Hopkins University), Ian Miers (Cornell Tech), Pratyush Mishra (University of California, Berkeley), Howard Wu (University of California, Berkeley)

Session #5 Paper Q&A

Rooms 1, 2 & 3

11:20AM - 11:40AM

Lunch Break

11:40AM - 12:20PM

Session #6 Paper Previews

Rooms 1, 2 & 3

12:20PM - 12:30PM

Session #6: Formal Verification

Room 3

12:30PM - 01:50PM

Session chair: Deian Stefan (UCSD)

The Last Mile: High-Assurance and High-Speed Cryptographic Implementations
José Bacelar Almeida (University of Minho / INESC TEC), Manuel Barbosa (University of Porto (FCUP) / INESC TEC), Gilles Barthe (MPI for Security and Privacy / IMDEA Software), Benjamin Grégoire (Inria), Adrien Koutsos (LSV, CNRS, ENS Paris-Saclay), Vincent Laporte (Inria), Tiago Oliveira (University of Porto (FCUP) / INESC TEC), Pierre-Yves Strub (Ecole Polytechnique)

EverCrypt: A Fast, Verified, Cross-Platform Crytographic Provider
Jonathan Protzenko (Microsoft Research), Bryan Parno (Carnegie Melon University), Aymeric Fromherz (Carnegie Melon University), Chris Hawblitzel (Microsoft Research), Marina Polubelova (Inria, France), Karthikeyan Bhargavan (Inria, France), Benjamin Beurdouche (Inria, France), Joonwon Choi (MIT / Microsoft Research), Antione Delignat-Lavaud (Microsoft Research), Cédric Fournet (Microsoft Research), Natalia Kulatova (Inria, France), Tahina Ramananandro (Microsoft Research), Aseem Rastogi (Microsoft Research, India), Nikhil Swamy (Microsoft Research), Christoph Wintersteiger (Microsoft Research, UK), Santiago Zanella-Beguelin (Microsoft Research, UK)

Rigorous Engineering for Hardware Security: Formal Modelling and Proof in the CHERI Design and Implementation Process
Kyndylan Nienhuis (University of Cambridge), Alexandre Joannou (University of Cambridge), Thomas Bauereiss (University of Cambridge), Anthony Fox (ARM Limited), Michael Roe (University of Cambridge), Brian Campbell (University of Edinburgh), Matthew Naylor (University of Cambridge), Robert Norton (University of Cambridge), Simon Moore (University of Cambridge), Peter Neumann (SRI International), Ian Stark (University of Edinburgh), Robert Watson (University of Cambridge), Peter Sewell (University of Cambridge)

Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level
Lesly-Ann Daniel (CEA, List, Université Paris-Sacley), Sébastien Bardin (CEA, List, Université Paris-Sacley), Tamara Rezk (INRIA Sophia-Antipolis, INDES Project, France)

Session #6: Android and iOS

Room 1

12:30PM - 02:10PM

Session chair: Rahul Chatterjee (UW-Madison)

An Analysis of Pre-installed Android Software
Julien Gamba (IMDEA Networks Institute, Universidad Carlos III de Madrid), Mohammed Rashed (Universidad Carlos III de Madrid), Abbas Razaghpanah (Stony Brook University), Juan Tapiador (Universidad Carlos III de Madrid), Narseo Vallina-Rodriguez (IMDEA Networks Institute, ICSI)

Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS
Luke Deshotels (North Carolina State University / Samsung Research America), Costin Carabaș (University POLITEHNICA of Bucharest), Jordan Beichler (North Carolina State University), Răzvan Deaconescu (University POLITEHNICA of Bucharest), William Enck (North Carolina State University)

TextExerciser: Feedback-driven Text Input Exercising for Android Applications
Yuyu He (Fudan University), Lei Zhang (Fudan University), Zhemin Yang (Fudan University), Yinzhi Cao (Johns Hopkins University), Keke Lian (Fudan University), Shuai Li (Fudan University), Wei Yang (University of Texas at Dallas), Zhibo Zhang (Fudan University), Min Yang (Fudan University), Yuan Zhang (Fudan University), Haixin Duan (Fudan University)

Ex-vivo dynamic analysis framework for Android device drivers
Ivan Pustogarov (University of Toronto), Qian Wu (University of Toronto), David Lie (University of Toronto)

Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps
Quingchuan Zhao (The Ohio State University), Chaoshun Zuo (The Ohio State University), Brendan Dolan-Gavitt (New York University), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security, Germany), Zhiqiang Lin (The Ohio State University)

Session #6: Attacks and Forensics

Room 2

12:30PM - 02:10PM

Session chair: Adam Bates (University of Illinois at Urbana-Champaign)

PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning
Wei You (Purdue University), Zhuo Zhang (Purdue University), Yonghwi Kwon (University of Virginia), Yousra Aafer (Purdue University), Fei Peng (Purdue University), Yu Shi (Purdue University), Carson Harmon (Purdue University), Xiangyu Zhang (Purdue University)

Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics
Md Nahid Hossain (Stony Brook University), Sanaz Sheikhi (Stony Brook University), R. Sekar (Stony Brook University)

TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks
Ranjita Pai Kasturi (Georgia Institute of Technology), Yiting Sun (Georgia Institute of Technology), Ruian Duan (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Ehsan Asdar (Georgia Institute of Technology), Victor Zhu (Georgia Institute of Technology), Yonghwi Kwon (University of Virginia), Brendan Saltaformaggio (Georgia Institute of Technology)

Tactical Provenance Analysis for Endpoint Detection and Response Systems
Wajih Ul Hassan (University of Illinois at Urbana-Champaign), Adam Bates (University of Illinois at Urbana-Champaign), Daniel Marino (NortonLifeLock Research Group)

Throwing Darts in the Dark? Detecting Bots with Limited Data using Neural Data Augmentation
Steve T.K. Jan (University of Illinios at Urbana-Champaign / Virginia Tech), Qingying Hao (University of Illinios at Urbana-Champaign), Tianrui Hu (Virginia Tech), Jiameng Pu (Virginia Tech), Sonal Oswal (Radware, Isreal), Gang Wang (University of Illinios at Urbana-Champaign), Bimal Viswanath (Virginia Tech)

Session #6 Paper Q&A

Rooms 1, 2 & 3

02:10PM - 02:30PM

Short Talks

Rooms 1, 2 & 3

02:30PM - 03:30PM

Room 1	1	The Marriage of Fully Homomorphic Encryption and Blockchain
	2	MP-SPDZ: A Versatile Framework for Multi-Party Computation
	3	Expected Constant Round Byzantine Broadcast under Dishonest Majority
	4	Privado : Privacy-Preserving Group-based Advertising using Multiple Independent Social Network Providers
	5	Financial Synthetic Data is the New Oil for FinCrime Analytics
Room 2	1	Security versus Privacy in the Age of COVID-19
	2	Coronavirus Contact Tracing App Privacy: What Data Is Shared By The Singapore OpenTrace App?
	3	Privacy Preserving Model for Contact Tracing Logs
	4	#Psybersecurity: The Mental Health Attack Surface
	5	Legal Concepts in Privacy and Security for Innovative Emerging Technologies (Smart Robots, Advanced Ambient Experiences and Our AI Digital Self)
Room 3	1	Cyber Threat Information Portal for the PSGE
	2	NSF SEARCCH
	3	Translating Code to Privacy Statements
	4	Influencing Photo-sharing Behaviors on Social Media to Reduce Privacy Risks
	5	Hardware-assisted Black-box Adversarial Attack Evaluation Framework on Binarized Neural Network

May 20

Session #7 Paper Previews

Rooms 1, 2 & 3

08:00AM - 08:10AM

Session #7: Cryptanalysis and Side Channels

Room 1

08:10AM - 09:30AM

Session chair: David Kohlbrenner (UC Berkeley)

JIT Leaks: Inducing Timing Side Channels through Just-In-Time Compilation
Tegan Brennan (University of California, Santa Barbara), Nicolás Rosner (University of California, Santa Barbara), Tevfik Bultan (University of California, Santa Barbara)

The State of the Uniform: Attacks on Encrypted Databases Beyond the Uniform Query Distribution
Evgenios Kornaropoulos (UC Berkeley), Charalampos Papamanthou (University of Maryland), Roberto Tamassia (Brown University)

Pseudorandom Black Swans: Cache Attacks on CTR_DRBG
Shaanan Cohney (University of Pennsylvania), Andrew Kwong (University of Michigan), Sharar Paz (Tel Aviv University), Daniel Genkin (University of Michigan), Nadia Heninger (University of California, San Diego), Eyal Ronen (Tel Eviv University / COSIC), Yuval Yarom (University of Adalaide / Data61)

Flaw Label: Exploiting IPv6 Flow Label
Jonathan Berger (Bar-Ilan University), Amit Klein (Bar-Ilan University), Benny Pinkas (Bar-Ilan University)

Session #7: Adversarial Machine Learning

Room 2

08:10AM - 09:30AM

Session chair: Nicholas Carlini (Google)

HopSkipJumpAttack: A Query-Efficient Decision-Based Attack
Jianbo Chen (University of California, Berkeley), Michael I. Jordan (University of California, Berkeley), Martin J. Wainwright (University of California, Berkeley / Voleon Group)

Humpty Dumpty: Controlling Word Meanings via Corpus Poisoning
Roei Schuster (Tel Aviv University), Tal Schuster (CSAIL / MIT), Yoav Meri (Cornell Tech), Vitaly Shmatikov (Cornell Tech)

Privacy Risks of General-Purpose Language Models
Xudong Pan (Fudan University), Mi Zhang (Fudan University), Shouling Ji (Zhejiiang University / Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies), Min Yang (Fudan University)

Intriguing Properties of Adversarial ML Attacks in the Problem Space
Fabio Pierazzi (King's College London), Feargus Pendlebury (King's College London & Royal Holloway, University of London & The Alan Turing Institute), Jacopo Cortellazzi (King's College London), Lorenzo Cavallaro (King's College London)

Session #7: New Directions and Settings

Room 3

08:10AM - 09:30AM

Session chair: Marcus Peinado (Microsoft Research)

Influencing Photo Sharing Decisions on Social Media: A Case of Paradoxical Findings
Mary Jean Amon (University of Colorado Boulder), Rakibul Hasan (Indiana University), Kurt Hugenberg (Indiana University), Bennett Bertenthal (Indiana University), Apu Kapadia (Indiana University)

SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap
Savino Dambra (Eurecom), Leyla Bilge (Symantec Research Labs), Davide Balzarotti (Eurecom)

A Tale of Sea and Sky: On the Security of Maritime VSAT Communications
James Pavur (Oxford University), Daniel Moser (armasuisse), Martin Strohmeier (armasuisse), Vincent Lenders (armasuisse), Ivan Martinovic (Oxford University)

_ I Know Where You Parked Last Summer _ Automated Reverse Engineering and Privacy Analysis of Modern Cars
Daniel Frassinelli (CISPA Helmholtz Center for Information Security, Saarland Informatics Campus, Germany), Sohyeon Park (CISPA Helmholtz Center for Information Security, Saarland Informatics Campus, Germany), Stefan Nürnberger (CISPA Helmholtz Center for Information Security, Saarland Informatics Campus, Germany)

Session #7 Paper Q&As

Rooms 1, 2 & 3

09:30AM - 09:50AM

Session #8 Paper Previews

Rooms 1, 2 & 3

09:50AM - 10:00AM

Session #8: TEEs and Attestation

Room 1

10:00AM - 11:40AM

Session chair: Raluca Ada Popa (UC Berkeley)

SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems
David Cerdeira (Universidade do Minho), Nuno Santos (INESC-ID / Instituto Superior Técnico, Universidade de Lisboa), Pedro Fonseca (Purdue University), Sandro Pinto (Universidade do Minho)

OAT: Attesting Operation Integrity of Embedded Devices
Zhichuang Sun (Northeastern University), Bo Feng (Northeastern University), Long Lu (Northeastern University), Somesh Jha (University of Wisconsin-Madison)

Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment
Jianping Zhu (University of Chinese Academy of Sciences), Rui Hou (University of Chinese Academy of Sciences), XiaoFeng Wang (Indiana University at Bloomington), Wenhao Wang (University of Chinese Academy of Sciences), Jianfeng Cao (University of Chinese Academy of Sciences), Boyan Zhao (University of Chinese Academy of Sciences), Zhongpu Wang (University of Chinese Academy of Sciences), Yuhui Zhang (University of Chinese Academy of Sciences), Jiameng Ying (University of Chinese Academy of Sciences), Lixin Zhang (Institute of Computing Technology, CAS), Dan Meng (University of Chinese Academy of Sciences)

Plundervolt: Software-based Fault Injection Attacks against Intel SGX
Kit Murdock (University of Birmingham), David Oswald (University of Birmingham), Flavio Garcia (University of Birmingham), Jo Van Bulck (imec-DistriNet, KU Leuven), Daniel Gruss (Graz University of Technology), Frank Piessens (imec-DistriNet, KU Leuven)

SEVurity: No Security Without Integrity - Breaking Integrity-Free Memory Encryption with Minimal Assumptions
Luca Wilke (University of Lübeck), Jan Wichelmann (University of Lübeck), Mathias Morbitzer (Fraunhofer AISEC), Thomas Eisenbarth (University of Lübeck)

Session #8: Program Analysis

Room 2

10:00AM - 11:40AM

Session chair: Yuan Tian (University of Virginia)

RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization
Sushant Dinesh (Purdue University), Nathan Burow (Purdue University), Dongyan Xu (Purdue University), Mathias Payer (EPFL)

Unexpected Data Dependency Creation and Chaining: A New Attack to SDN
Feng Xiao (The Pennsylvania State University), Jinquan Zhang (The Pennsylvania State University), Jianwei Huang (Texas A&M University), Guofei Gu (Texas A&M University), Dinghao Wu (The Pennsylvania State University), Peng Liu (The Pennsylvania State University)

Neutaint: Efficient Dynamic Taint Analysis with Neural Networks
Dongdong She (Columbia University), Yizheng Chen (Columbia University), Abhishek Shah (Columbia University), Baishakhi Ray (Columbia University), Suman Jana (Columbia University)

KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware
Nilo Redini (University of California, Santa Barbara), Aravind Machiry (University of California, Santa Barbara), Ruoyu Wang (Arizona State University), Chad Spensky (University of California, Santa Barbara), Andrea Continella (University of California, Santa Barbara), Yan Shoshitaishvili (Arizona State University), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)

SPIDER: Enabling Fast Patch Propagation in Related Software Repositories
Aravind Machiry (University of California, Santa Barbara), Nilo Redini (University of California, Santa Barbara), Eric Camellini (Politecnico di Milano), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)

Session #8: Fuzzing

Room 3

10:00AM - 11:40AM

Session chair: Zhiyun Qian (University of California, Riverside)

SAVIOR: Towards Bug-Driven Hybrid Testing
Yaohui Chen (Northeastern University), Peng Li (Baidu USA), Jun Xu (Stevens Institute of Technology), Shengjian Guo (Baidu USA), Rundong Zhou (Baidu USA), Yulong Zhang (Baidu USA), Tao Wei (Baidu USA), Long Lu (Northeastern University)

IJON: Exploring Deep State Spaces via Fuzzing
Cornelius Aschermann (Ruhr University Bochum), Sergej Schumilo (Ruhr University Bochum), Ali Abbasi (Ruhr University Bochum), Thorsten Holz (Ruhr University Bochum)

Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
Heqing Huang (The Hong Kong University of Science and Technology), Peisen Yao (The Hong Kong University of Science and Technology), Rongxin Wu (Xiamen University), Qingkai Shi (The Hong Kong University of Science and Technology), Charles Zhang (The Hong Kong University of Science and Technology)

Fuzzing JavaScript Engines with Aspect-preserving Mutation
Soyeon Park (Georgia Institute of Technology), Wen Xu (Georgia Institute of Technology), Insu Yun (Georgia Institute of Technology), Daehee Jang (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology)

Krace: Data Race Fuzzing for Kernel File Systems
Meng Xu (Georgia Institute of Technology), Sanidhya Kashyap (Georgia Institute of Technology), Hanqing Zhao (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology)

Session #8 Paper Q&A

Rooms 1, 2 & 3

11:40AM - 12:00AM

Lunch Break / BoF

Rooms 1 & 2

12:00PM - 12:40PM

Sharing Cybersecurity Research Artifacts To Accelerate Progress
NSF is funding work to develop an open-access, community collaboration hub for sharing and reusing cybersecurity research artifacts. This work is being done under the Sharing Expertise and Artifacts for Reuse through Cybersecurity Community Hub (SEARCCH) project. SEARCCH aims to help researchers package and share experiment designs, code, data, and other research artifacts in a simple and meaningful way and, on the other side, help researchers rapidly find artifacts relevant to their work that they can leverage to produce better results more quickly.

We invite all researchers to participate in a Birds of a Feather (BoF) session, where we will unveil the strawman SEARCCH sharing hub and elicit open comments and feedback to help shape the hub and make it an invaluable resource -- one that facilitates better sharing, reproducibility, repeatability, and reuse across the cybersecurity research community.

Session #9 Paper Previews

Rooms 1, 2 & 3

12:40PM - 12:50PM

Session #9: Analysis of Smart Contracts

Room 2

12:50PM - 01:50PM

Session chair: Xiao Wang (Northwestern University)

VerX: Safety Verification of Smart Contracts
Anton Permenev (ChainSecurity), Dimitar Dimitrov (ETH Zurich), Petar Tsankov (ChainSecurity), Dana Drachsler-Cohen (ETH Zurich), Martin Vechev (ETH Zurich)

VeriSmart: A Highly Precise Safety Verifier for Ethereum Smart Contracts
Sunbeom So (Korea University), Myungho Lee (Korea University), Jisu Park (Korea University), Heejo Lee (Korea University), Hakjoo Oh (Korea University)

Semantic Understanding of Smart Contracts: Executable Operational Semantics of Solidity
Jiao Jiao (Nanyang Technological University), Shuanglong Kan (Nanyang Technological University), Shang-Wei Lin (Nanyang Technological University), David Sanán (Nanyang Technological University), Yang Liu (Nanyang Technological University), Jun Sun (Singapore Management University)

Session #9: Hardware Security

Room 1

12:50PM - 01:50PM

Session chair: Simha Sethumadhavan (Columbia University)

Transys: Leveraging Common Security Properties Across Hardware Designs
Rui Zhang (University of North Carolina at Chapel Hill), Cynthia Sturton (University of North Carolina at Chapel Hill)

C3APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage
Ilias Giechaskiel (University of Oxford), Kasper Bonne Rasmussen (University of Oxford), Jakub Szefer (Yale University)

ICAS: An Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive Trojans
Timothy Trippel (University of Michigan), Kang Shin (University of Michigan), Kevin Bush (MIT Lincoln Laboratory), Matthew Hicks (Virginia Tech)

Agenda

Note: All times in the program are in PDT time zone.

May 18

Opening Remarks, Paper Awards, and Test of Time Awards

Rooms 1, 2 & 3

08:00AM - 09:20AM

Session #1 Paper Previews

Rooms 1, 2 & 3

09:20AM - 09:30AM

Session #1: Microarchitectural Security

Room 1

09:30AM - 10:50AM

Session #1: Blockchain I

Room 2

09:30AM - 10:50AM

Session #1: Anonymity and Censorship

Room 3

09:30AM - 10:50AM

Session #1 Paper Q&A

Rooms 1, 2 & 3

10:50AM - 11:10AM

Session #2 Paper Previews

Rooms 1, 2 & 3

11:10AM - 11:20AM

Session #2: Sensors and Emanations

Room 1

11:20AM - 12:20PM

Session #2: Authentication

Room 2

11:20AM - 12:20PM

Session #2: Machine Learning and Privacy

Room 3

11:20AM - 12:20PM

Session #2 Paper Q&A

Rooms 1, 2 & 3

12:20PM - 12:40PM

Lunch Break / BoF

Rooms 1 & 2

12:40PM - 01:20PM

Session #3 Paper Previews

Rooms 1, 2 & 3

01:20PM - 01:30PM

Session #3: Differential Privacy

Room 2

01:30PM - 02:50PM

Session #3: Internet of Things

Room 3

01:30PM - 02:50PM

Session #3: Wireless Protocols

Room 1

01:30PM - 02:50PM

Session #3 Paper Q&A

Rooms 1, 2 & 3

02:50PM - 03:10PM

Virtual Poster Reception

Rooms 1 & 2

03:10PM - 04:00PM

Speed Mentoring

Rooms 1, 2 & 3

04:00PM - 05:30PM

May 19

Session #4 Paper Previews

Rooms 1, 2 & 3

08:00AM - 08:10AM

Session #4: Memory Safety

Room 1

08:10AM - 09:30AM

Session #4: Computing and Society

Room 2

08:10AM - 09:30AM

Session #4: Multiparty Computation

Room 3

08:10AM - 09:30AM

Session #4 Paper Q&A

Rooms 1, 2 & 3

09:30AM - 09:50AM

Session #5 Paper Previews

Rooms 1, 2 & 3

09:50AM - 10:00AM

Session #5: Web Privacy