MAY 22-26, 2022

43rd IEEE Symposium on
Security and Privacy

Accepted Papers


27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University
Christian Stransky (Leibniz University Hannover, Germany), Oliver Wiese (Freie Universität Berlin, Germany), Volker Roth (Freie Universität Berlin, Germany), Yasemin Acar (Max Planck Institute for Security and Privacy, Germany), Sascha Fahl (CISPA / Leibniz University Hannover, Germany)
A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification
Quoc Huy Do (University of Stuttgart, Germany), Pedram Hosseyni (University of Stuttgart, Germany), Ralf Küsters (University of Stuttgart, Germany), Guido Schmitz (University of Stuttgart, Germany and Royal Holloway, University of London, UK), Nils Wenzler (University of Stuttgart, Germany), Tim Würtele (University of Stuttgart, Germany)
Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK
Xuancheng Jin (Shanghai Jiao Tong University), Xuangan Xiao (Shanghai Jiao Tong University), Songlin Jia (Shanghai Jiao Tong University), Wang Gao (Shanghai Jiao Tong University), Hang Zhang (UC Riverside), Dawu Gu (Shanghai Jiao Tong University), Siqi Ma (The University of Queensland), Zhiyun Qian (UC Riverside), Juanru Li (Shanghai Jiao Tong University)
BEACON : Directed Grey-Box Fuzzing with Provable Path Pruning
Heqing Huang (The Hong Kong University of Science and Technology), Yiyuan Guo (The Hong Kong University of Science and Technology), Qingkai Shi (The Hong Kong University of Science and Technology), Peisen Yao (The Hong Kong University of Science and Technology), Rongxin Wu (Xiamen University), Charles Zhang (The Hong Kong University of Science and Technology)
BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning
Jinyuan Jia (Duke University, USA), Yupei Liu (Duke University, USA), Neil Zhenqiang Gong (Duke University, USA)
DEPCOMM: Graph Summarization on System Audit Logs for Attack Investigation
Zhiqiang Xu (Chinese Academy of Sciences, China), Pengcheng Fang (Case Western Reserve University, USA), Changlin Liu (Case Western Reserve University, USA), Xusheng Xiao (Case Western Reserve University, USA), Yu Wen (Chinese Academy of Sciences, China), Dan Meng (Chinese Academy of Sciences, China)
DeepCASE: Semi-Supervised Contextual Analysis of Security Events
Thijs van Ede (University of Twente), Hojjat Aghakhani (University of California, Santa Barbara), Noah Spahn (University of California, Santa Barbara), Riccardo Bortolameotti (ReaQta), Marco Cova (VMware, Inc.), Andrea Continella (University of Twente), Maarten van Steen (University of Twente), Andreas Peter (University of Twente), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California)
Device Fingerprinting with Peripheral Timestamps
John Monaco (Naval Postgraduate School, USA)
Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust
Johnny So (Stony Brook University, USA), Najmeh Miramirkhani (Stony Brook University, USA), Michael Ferdman (Stony Brook University, USA), Nick Nikiforakis (Stony Brook University, USA)
Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices
Hadi Givehchian (UC San Diego), Nishant Bhaskar (UC San Diego), Eliana Rodriguez Herrera (UC San Diego), Hector Lopez Soto (UC San Diego), Christian Dameff (UC San Diego), Dinesh Bharadia (UC San Diego), Aaron Schulman (UC San Diego)
Exploit the Last Straw That Breaks Android Systems
Lei Zhang (Fudan University, China), Keke Lian (Fudan University, China), Haoyu Xiao (Fudan University, China), Zhibo Zhang (Fudan University, China), Peng Liu (The Pennsylvania State University, United States of America), Yuan Zhang (Fudan University, China), Min Yang (Fudan University, China), Haixin Duan (Tsinghua University, China)
Four Attacks and a Proof for Telegram
Martin R. Albrecht (Royal Holloway, University of London, United Kingdom), Lenka Mareková (Royal Holloway, University of London, United Kingdom), Kenneth G. Paterson (ETH Zurich, Switzerland), Igors Stepanovs (ETH Zurich, Switzerland)
HAMRAZ: Resilient Partitioning and Replication
Xiao Li (University of California, Riverside, USA), Farzin Houshmand (University of California, Riverside, USA), Mohsen Lesani (University of California, Riverside, USA)
Hardening Circuit-Design IP Against Reverse-Engineering Attacks
Animesh Chhotaray (University of Florida, USA), Thomas Shrimpton (University of Florida, USA)
How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study
Marco Gutfleisch (Ruhr University Bochum, Germany), Jan H. Klemmer (Leibniz University Hannover, Germany), Niklas Busch (Leibniz University Hannover, Germany), Yasemin Acar (Max Planck Institute for Security and Privacy, Germany), M. Angela Sasse (Ruhr University Bochum, Germany), Sascha Fahl (CISPA / Leibniz University Hannover, Germany)
How to Attack and Generate Honeywords
Ding Wang (Nankai University), Yunkai Zou (Nankai University), Qiying Dong (Nankai University), Yuanming Song (Peking University), Xinyi Huang (Fujian Normal University)
LinkTeller: Recovering Private Edges from Graph Neural Networks via Influence Analysis
Fan Wu (University of Illinois at Urbana-Champaign, USA), Yunhui Long (University of Illinois at Urbana-Champaign, USA), Ce Zhang (ETH Zurich, Switzerland), Bo Li (University of Illinois at Urbana-Champaign, USA)
MatRiCT+: More Efficient Post-Quantum Private Blockchain Payments
Muhammed F. Esgin (Monash University and CSIRO's Data61, Australia), Ron Steinfeld (Monash University, Australia), Raymond K. Zhao (Monash University, Australia)
Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation
Alyssa Milburn (Vrije Universiteit Amsterdam, The Netherlands), Erik van der Kouwe (Vrije Universiteit Amsterdam, The Netherlands), Cristiano Giuffrida (Vrije Universiteit Amsterdam, The Netherlands)
Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security
Giovanni Camurati (EURECOM, France), Aurélien Francillon (EURECOM, France)
PATA: Fuzzing with Path Aware Taint Analysis
Jie Liang (Tsinghua University, China), Mingzhe Wang (Tsinghua University, China), Chijin Zhou (Tsinghua University, China), Zhiyong Wu (Tsinghua University, China), Yu Jiang (Tsinghua University, China), (Jianzhong Liu (Tsinghua University, China), Zhe Liu (Nanjing University of Aeronautics and Astronautics, China), Jiaguang Sun (Tsinghua University, China)
Practical EMV Relay Protection
Andreea-Ina Radu (University of Birmingham, UK), Tom Chothia (University of Birmingham, UK), Christopher J.P. Newton (University of Surrey, UK), Ioana Boureanu (University of Surrey, UK), Liqun Chen (University of Surrey, UK)
ProVerif with Lemmas, Induction, Fast Subsumption, and Much More
Bruno Blanchet (Inria Paris), Vincent Cheval (Inria Paris), Véronique Cortier (Université de Lorraine, CNRS, Inria)
Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms
Zhi Li (School of Cyber Science and Engineering, Huazhong University of Science and Technology, China; School of Computer Science and Technology, Huazhong University of Science and Technology, China; National Engineering Research Center for Big Data Technology and Sytem, China; Cluster and Grid Computing Lab, China; Services Computing Technology and System Lab, China; Big Data Security Engineering Research Center, China), Weijie Liu (Indiana University Bloomington, USA), Hongbo Chen (Indiana University Bloomington, USA), XiaoFeng Wang (Indiana University Bloomington, USA), Xiaojing Liao (Indiana University Bloomington, USA), Luyi Xing (Indiana University Bloomington, USA), Mingming Zha (Indiana University Bloomington, USA), Hai Jin (School of Computer Science and Technology, Huazhong University of Science and Technology, China; National Engineering Research Center for Big Data Technology and Sytem, China; Cluster and Grid Computing Lab, China; Services Computing, Deqing Zou (School of Cyber Science and Engineering, Huazhong University of Science and Technology, China; National Engineering Research Center for Big Data Technology and Sytem, China; Cluster and Grid Computing Lab, China; Services Computing Technology and System Lab, China; Big Data Security Engineering Research Center, China Technology and System Lab, China; Big Data Security Engineering Research Center, China)
Scraping Sticky Leftovers: App User Information Left on Servers After Account Deletion
Preethi Santhanam (Wichita State University), Hoang Dang (Wichita State University), Zhiyong Shan (Wichita State University), Iulian Neamtiu (New Jersey Institute of Technology)
Security Analysis of the MLS Key Derivation
Chris Brzuska (Aalto University, Finland), Eric Cornelissen (Aalto University, Finland), Konrad Kohbrok (Aalto University, Finland)
Site Isolation Enables Timing-Based Cross-Site Browsing Surveillance
Zihao Jin (Microsoft Research Asia and Tsinghua University, China), Ziqiao Kong (Microsoft Research Asia, China), Shuo Chen (Microsoft Research Asia), Haixin Duan (Tsinghua University, China)
SoK: Demystifying Binary Lifters Through the Lens of Downstream Applications
Zhibo Liu (The Hong Kong University of Science and Technology), Yuanyuan Yuan (The Hong Kong University of Science and Technology), Shuai Wang (The Hong Kong University of Science and Technology), Yuyan Bao (University of Waterloo)
SoK: How Robust is Image Classification Deep Neural Network Watermarking?
Nils Lukas (University of Waterloo), Edward Jiang (University of Waterloo), Xinda Li (University of Waterloo), Florian Kerschbaum (University of Waterloo)
Spook.js: Attacking Chrome Strict Site Isolation via Speculative Execution
Ayush Agarwal (University of Michigan, USA), Sioli O’Connell (University of Adelaide, Australia), Jason Kim (Georgia Institute of Technology, USA), Shaked Yehezkel (Tel Aviv University, Israel), Daniel Genkin (Georgia Institute of Technology, USA), Eyal Ronen (Tel Aviv University, Israel), Yuval Yarom (University of Adelaide, Australia)
The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies
Soheil Khodayari (CISPA Helmholtz Center for Information Security, Germany), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security, Germany)
Time-Print: Authenticating USB Flash Drives with Novel Timing Fingerprints
Patrick Cronin (University of Delaware), Xing Gao (University of Delaware), Haining Wang (Virginia Tech), Chase Cotton (University of Delaware)
Universal 3-Dimensional Perturbations for Black-Box Attacks on Video Recognition Systems
Shangyu Xie (Illinois Institute of Technology, USA), Han Wang (Illinois Institute of Technology, USA), Yu Kong (Rochester Institute of Technology, USA), Yuan Hong (Illinois Institute of Technology, USA)
Using Throughput-Centric Byzantine Broadcast to Tolerate Malicious Majority in Blockchains
Ruomu Hou (National University of Singapore), Haifeng Yu (National University of Singapore), Prateek Saxena (National University of Singapore)
Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques
Amit Seal Ami (William & Mary), Nathan Cooper (William & Mary), Kaushal Kafle (William & Mary), Kevin Moran (George Mason University), Denys Poshyvanyk (William & Mary), Adwait Nadkarni (William & Mary)
WtaGraph: Web Tracking and Advertising Detection using Graph Neural Networks
Zhiju Yang (Colorado School of Mines), Weiping Pei (Colorado School of Mines), Monchu Chen (Appen), Chuan Yue (Colorado School of Mines)