September 6-10, 2021 (all-digital event)

6th IEEE European Symposium on Security and Privacy


Your registration includes the virtual entrance to all IEEE EuroS&P 2021 conference and workshop sessions! The respective Zoom room links will be included in the program short before the conference starts.

Note: All times in the program are in CEST.

Opening Remarks

3:00 - 3:15 PM

Inivited Talk

3:15 - 3:55 PM


short Coffee Break

3:55 - 4:05 PM

Session: Human aspects of security and privacy

4:05 - 5:20 PM

An Investigation of Online Reverse Engineering Community Discussions in the Context of Ghidra
Daniel Votipka (Tufts University); Mary Nicole Punzalan, Seth Rabin, Yla Tausczik and Michelle Mazurek (University of Maryland)
Countering Concurrent Login Attacks in "Just Tap" Push-based Authentication: A Redesign and Usability Evaluations
Jay Prakash, Clarice Chua Qing Yu, Tanvi Ravindra Thombre and Andrei Bytes (Singapore University of Technology and Design); Mohammed Jubur and Nitesh Saxena (University of Alabama at Birmingham); Lucienne Blessing, Jianying Zhou and Tony Q. S Quek (Singapore University of Technology and Design)
SoK: Context Sensing for Access Control in the Adversarial Home IoT
Weijia He, Valerie Zhao, Olivia Morkved and Sabeeka Siddiqui (University of Chicago); Earlence Fernandes (University of Wisconsin-Madison); Josiah Hester (Northwestern University); Blase Ur (University of Chicago)
Secure Messaging Authentication against Active Man-in-the-Middle Attacks
Benjamin Dowling (ETH Zürich); Britta Hale (Naval Postgraduate School (NPS))
Press @$@$ to Login: Strong Wearable Second Factor Authentication via Short Memorywise Effortless Typing Gestures
Prakash Shrestha (Equifax Inc.); Nitesh Saxena (University of Alabama at Birmingham); Diksha Shukla (University of Wyoming); Vir V. Phoha (Syracuse University)

Coffee Break

5:20 - 5:40 PM

Session: Blockchain & cryptocurrencies

5:40 - 6:40 PM

Fully Distributed Verifiable Random Functions and their Application to Decentralised Random Beacons
David Galindo ( and University of Birmingham); Jia Liu (; Mihai Ordean (University of Birmingham); Jin-Mann Wong (British Antartic Survey)
ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts
Christof Ferreira Torres and Antonio Ken Iannillo (University of Luxembourg); Arthur Gervais (Imperial College London); Radu State (University of Luxembourg)
SoK: Cryptojacking Malware
Ege Tekiner, Abbas Acar and A. Selcuk Uluagac (Florida International University); Engin Kirda (Northeastern University); Ali Aydin Selcuk (TOBB University of Economics and Technology)
Cryptocurrencies with Security Policies and Two-Factor Authentication
Florian Breuer (KIT); Vipul Goyal (CMU and NTT); Giulio Malavolta (MPI-SP)

short Coffee Break

6:40 - 6:55 PM

Session: Security of AI

6:55 - 8:10 PM

Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability
Hojjat Aghakhani, Dongyu Meng, Yu-Xiang Wang, Christopher Kruegel and Giovanni Vigna (University of California, Santa Barbara)
Trojaning Language Models for Fun and Profit
Xinyang Zhang and Zheng Zhang (Pennsylvania State University); Shouling Ji (Zhejiang University); Ting Wang (Pennsylvania State University)
Fall of Giants: How popular text-based MLaaS fall against a simple evasion attack
Luca Pajola and Mauro Conti (University of Padua)
Sponge Examples: Energy-Latency Attacks on Neural Networks
Ilia Shumailov, Yiren Zhao and Daniel Bates (University of Cambridge); Nicolas Papernot (University of Toronto and Vector Institute); Robert Mullins and Ross Anderson (University of Cambridge)
On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models
Benjamin Zi Hao Zhao (University of New South Wales & Data61-CSIRO); Aviral Agrawal (BITS Pilani K.K.Birla Goa campus & Macquarie University & Data61-CSIRO); Catisha Coburn (Defence Science and Technology Group); Hassan Jameel Asghar (Macquarie University & Data61-CSIRO); Raghav Bhaskar (Data61-CSIRO); Mohamed Ali Kaafar (Macquarie University & Data61-CSIRO); Darren Webb and Peter Dickinson (Defence Science and Technology Group)

End of day

8:10 PM

Distinguished Paper Awards

3:00 - 3:05 PM

Session: Privacy

3:05 - 4:20 PM

Privacy of DNS-over-HTTPS: Requiem for a Dream?
Levente Csikor (National University of Singapore); Himanshu Singh (IIIT); Min Suk Kang (KAIST); Dinil Mon Divakaran (Trustwave)
Epoque: Practical End-to-End Verifiable Post-Quantum-Secure E-Voting
Xavier Boyen (Queensland University of Technology); Thomas Haines (NTNU Trondheim); Johannes Mueller (University of Luxembourg)
On the Privacy Risks of Algorithmic Fairness
Hongyan Chang and Reza Shokri (National University of Singapore)
Compression Boosts Differentially Private Federated Learning
Raouf Kerkouche (Privatics team, Univ. Grenoble Alpes, Inria, 38000 Grenoble, France); Gergely Ács (Crysys Lab, BME-HIT Budapest); Claude Castelluccia (Privatics team, Univ. Grenoble Alpes, Inria, 38000 Grenoble, France) and Pierre Genevès (Tyrex team, Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG, 38000 Grenoble)
We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor
Theodor Schnitzler (Ruhr-Universität Bochum); Christina Pöpper (New York University Abu Dhabi); Markus Dürmuth (Ruhr-Universität Bochum); Katharina Kohls (Radboud University)

short Coffee Break

4:20 - 4:30 PM

Session: Malware defenses and industrial IoT security

4:30 - 5:30 PM

Can ISPs Help Mitigate IoT Malware? A Longitudinal Study of Broadband ISP Security Efforts
Arman Noroozian and Elsa Turcios Rodriguez (TU-Delft); Elmer Lastdrager (SIDN Labs); Takahiro Kasama (NICT); Michel van Eeten and Carlos H. Ganan (TU-Delft)
Prognosis Negative: Evaluating Real-Time Behavioral Ransomware Detectors
Abhinav Gupta, Aditi Prakash and Nolen Scaife (University of Colorado Boulder)
Remote Non-Intrusive Malware Detection for PLCs based on Chain of Trust Rooted in Hardware
Prashant Hari Narayan Rajput, Esha Sarkar and Dimitrios Tychalas (NYU Tandon School of Engineering); Michail Maniatakos (New York University Abu Dhabi)
Sok: Attacks on Industrial Control Logic and Formal Verification-Based Defenses
Ruimin Sun, Alejandro Mera, Long Lu and David Choffnes (Northeastern University)

Coffee Break

5:30 - 5:50 PM

Session: Web, network, and mobile security

5:50 - 7:05 PM

Ephemeral Astroturfing Attacks: The Case of Fake Twitter Trends
Tugrulcan Elmas, Rebekah Overdorf, Ahmed Furkan Özkalay and Karl Aberer (EPFL)
PGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks
Johannes Krupp and Christian Rossow (CISPA Helmholtz Center for Information Security)
SoK: A Framework for Asset Discovery: Systematizing Advances in Network Measurements for Protecting Organizations
Mathew Vermeer (Delft University of Technology); Jonathan West (University of Tulsa); Alejandro Cuevas (Carnegie Mellon University); Shuonan Niu (University of Tulsa); Nicolas Christin (Carnegie Mellon University); Michel van Eeten, Tobias Fiebig and Carlos Gañán (Delft University of Technology); Tyler Moore (University of Tulsa)
AppJitsu: Investigating the Resiliency of Android Applications
Onur Zungur (Boston University); Antonio Bianchi (Purdue University); Gianluca Stringhini and Manuel Egele (Boston University)
SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers
Thomas Rokicki (Univ Rennes, CNRS, IRISA); Clémentine Maurice and Pierre Laperdrix (Univ Lille, CNRS, Inria)

short Coffee Break

7:05 - 7:15 PM

Mentoring Session

7:15 - 8:15 PM

More details tba

End of day

8:15 PM

Session: Hardware security and formal methods for security

3:00 - 4:00 PM

SoK: Secure FPGA Multi-Tenancy in the Cloud: Challenges and Opportunities
Shaza Zeitouni, Ghada Dessouky and Ahmad-Reza Sadeghi (Technische Universität Darmstadt)
Nonce@Once: A Single-Trace EM Side Channel Attack on Several Constant-Time Elliptic Curve Implementations in Mobile Platforms
Monjur Alam, Baki Yilmaz and Frank Werner (Georgia Tech); Niels Samwel (Radboud University); Alenka Zajic (Georgia tech); Daniel Genkin (University of Michigan); Yuval Yarom (University of Adelaide and Data61); Milos Prvulovic (Georgia Tech)
DY*: A Modular Symbolic Verification Framework for Executable Cryptographic Protocol Code
Karthikeyan Bhargavan (INRIA); Abhishek Bichhawat (Carnegie Mellon University and IIT Gandhinagar); Quoc Huy Do, Pedram Hosseyni, Ralf Küsters, Guido Schmitz and Tim Würtele (University of Stuttgart)
Nontransitive Policies Transpiled
Mohammad M. Ahmadpanah (Chalmers University of Technology); Aslan Askarov (Aarhus University); Andrei Sabelfeld (Chalmers University of Technology)

short Coffee Break

4:00 - 4:10 PM

Inivited Talk

4:10 - 4:45 PM


Poster Session

4:45 - 5:30 PM


Coffee Break

5:30 - 5:50 PM

Session: AI-based security and privacy tools

5:50 - 6:50 PM

ANDRUSPEX: Leveraging Graph Representation Learning to Predict Harmful App Installations on Mobile Devices
Yun Shen (NortonLifeLock Research Group); Gianluca Stringhini (Boston University)
D-Fence: A Flexible, Efficient, and Comprehensive Phishing Email Detection System
Jehyun Lee, Farren Tang, Pingxiao Ye, Fahim Abbasi, Phil Hay and Dinil Mon Divakaran (Trustwave)
Extractor: Extracting Attack Behavior from Threat Reports
Kiavash Satvat, Rigel Gjomemo and V.N. Venkatakrishnan (University of Illinois at Chicago)
FastSpec: Scalable Generation and Detection of Spectre Gadgets Using Neural Embeddings
M. Caner Tol (Worcester Polytechnic Institute); Berk Gulmezoglu (Iowa State University); Koray Yurtseven and Berk Sunar (Worcester Polytechnic Institute)

short Coffee Break

6:50 - 7:00 PM

Session: System security

7:00 - 8:00 PM

Bypassing memory safety mechanisms through speculative control flow hijacks
Andrea Mambretti (Northeastern University); Alexandra Sandulescu and Alessandro Sorniotti (IBM Research - Zurich); William Robertson and Engin Kirda (Northeastern University); Anil Kurmus (IBM Research - Zurich)
NoVT: Eliminating C++ Virtual Calls to Mitigate Vtable Hijacking
Markus Bauer and Christian Rossow (CISPA − Helmholtz Center for Information Security)
Compiler-Assisted Hardening of Embedded Software Against Interrupt Latency Side-Channel Attacks
Hans Winderix, Jan Tobias Mühlberg and Frank Piessens (KU Leuven)
Aim, Wait, Shoot: How the CACHESNIPER Technique Improves Unprivileged Cache Attacks
Samira Briongos (NEC Laboratories Europe); Ida Bruhns (Universität zu Lübeck); Pedro Malagón (Universidad Politécnica de Madrid); Thomas Eisenbarth (Universität zu Lübeck); José Moya (Universidad Politécnica de Madrid)

Closing remarks

8:00 - 8:05 PM