September 6-10, 2021 (all-digital event)

6th IEEE European Symposium on Security and Privacy

Access Information

IEEE EuroS&P 2021 will be held as an all-digital conference from September 6-10, 2021. The conference sessions will be held via live Zoom sessions. As an additional communication tool, Slack will be used.

At the main conference (September 8-10) paper presentations will be given as prerecorded videos to be followed by a live Q&A, where one author per paper will be present to answer questions. Invited talks will be held as live presentations. The paper presentations and talks in the co-located workshops (September 6-7) will be held as live presentations or pre-recorded videos (depending on the workshop).

Virtual Access

You can find the program of IEEE EuroS&P 2021 below, the respective Zoom room links are included. The password to access the rooms as well as the invitation to join the Slack workspace has been sent out to all registered participants (new registrations as of Sept 01 will find the virtual access data in their registration confirmation email).


If you have any questions, please contact the organizers.


We thank Huawei & Facebook for sponsoring the 6th IEEE European Symposium on Security and Privacy! Check out the vacant positions at Huawei Technologies.


Your registration includes the virtual entrance to all IEEE EuroS&P 2021 conference and workshop sessions!
Note: All times in the program are in CEST.

Opening Remarks

Location: Main Conference Zoom Room

3:00 - 3:15 PM

Session 1: Invited Talk

3:15 - 3:55 PM

Understanding microarchitectural vulnerabilities and countermeasures
Speaker: Frank Piessens, KU Leuven, Belgium

Abstract: It has been known for quite a while that processor optimization features like caches or branch predictors can leak secret information to attackers executing code on the same processor as the victim. With the recent discovery of transient execution attacks like Spectre, Meltdown, and their many variants, it has become clear that these information leaks can be significantly worse than previously expected.

As a consequence, the last four years have seen very intense activity in this area, both in academia and in industry. It is now well-understood that some insight into processor microarchitecture, i.e. the way in which a processor implementation is organized and what performance optimization techniques it uses, is important to evaluate the security properties of software executing on that processor.
One of the key research challenges is to design adequate models of processor behavior, detailed enough to capture relevant attacks, but simple enough to enable the verification of security claims and the evaluation of the benefits and costs of countermeasures.

This talk will provide an overview of the current understanding of microarchitectural vulnerabilities and countermeasures, with a focus on how the language-based security community is trying to build adequate processor models that can be used to evaluate countermeasure designs, and to prove the security of software running on these processors.

Frank Piessens is a professor in the research group DistriNet (Distributed Systems and Computer Networks) at the Computer Science department of the Katholieke Universiteit Leuven. His main research interests are in the field of software security, where he focuses on the development of high-assurance techniques to deal with implementation-level software vulnerabilities and bugs, including techniques such as software verification, run-time monitoring, type systems, language based security and hardware-software co-design for security. These techniques are relevant for many types of software systems, including web applications, embedded software, mobile applications and so forth.

short Coffee Break

3:55 - 4:05 PM

Session 2: Human aspects of security and privacy

4:05 - 5:20 PM

An Investigation of Online Reverse Engineering Community Discussions in the Context of Ghidra
Daniel Votipka (Tufts University); Mary Nicole Punzalan, Seth Rabin, Yla Tausczik and Michelle Mazurek (University of Maryland)
Countering Concurrent Login Attacks in "Just Tap" Push-based Authentication: A Redesign and Usability Evaluations
Jay Prakash, Clarice Chua Qing Yu, Tanvi Ravindra Thombre and Andrei Bytes (Singapore University of Technology and Design); Mohammed Jubur and Nitesh Saxena (University of Alabama at Birmingham); Lucienne Blessing, Jianying Zhou and Tony Q. S Quek (Singapore University of Technology and Design)
SoK: Context Sensing for Access Control in the Adversarial Home IoT
Weijia He, Valerie Zhao, Olivia Morkved and Sabeeka Siddiqui (University of Chicago); Earlence Fernandes (University of Wisconsin-Madison); Josiah Hester (Northwestern University); Blase Ur (University of Chicago)
Secure Messaging Authentication against Active Man-in-the-Middle Attacks
Benjamin Dowling (ETH Zürich); Britta Hale (Naval Postgraduate School (NPS))
Press @$@$ to Login: Strong Wearable Second Factor Authentication via Short Memorywise Effortless Typing Gestures
Prakash Shrestha (Equifax Inc.); Nitesh Saxena (University of Alabama at Birmingham); Diksha Shukla (University of Wyoming); Vir V. Phoha (Syracuse University)

Coffee Break

5:20 - 5:40 PM

Session 3: Blockchain & cryptocurrencies

5:40 - 6:40 PM

Fully Distributed Verifiable Random Functions and their Application to Decentralised Random Beacons
David Galindo ( and University of Birmingham); Jia Liu (; Mihai Ordean (University of Birmingham); Jin-Mann Wong (British Antarctic Survey)
ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts
Christof Ferreira Torres and Antonio Ken Iannillo (University of Luxembourg); Arthur Gervais (Imperial College London); Radu State (University of Luxembourg)
SoK: Cryptojacking Malware
Ege Tekiner, Abbas Acar and A. Selcuk Uluagac (Florida International University); Engin Kirda (Northeastern University); Ali Aydin Selcuk (TOBB University of Economics and Technology)
Cryptocurrencies with Security Policies and Two-Factor Authentication
Florian Breuer (KIT); Vipul Goyal (CMU and NTT); Giulio Malavolta (MPI-SP)

short Coffee Break

6:40 - 6:55 PM

Session 4: Security of AI

6:55 - 8:10 PM

Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability
Hojjat Aghakhani, Dongyu Meng, Yu-Xiang Wang, Christopher Kruegel and Giovanni Vigna (University of California, Santa Barbara)
Trojaning Language Models for Fun and Profit
Xinyang Zhang and Zheng Zhang (Pennsylvania State University); Shouling Ji (Zhejiang University); Ting Wang (Pennsylvania State University)
Fall of Giants: How popular text-based MLaaS fall against a simple evasion attack
Luca Pajola and Mauro Conti (University of Padua)
Sponge Examples: Energy-Latency Attacks on Neural Networks
Ilia Shumailov, Yiren Zhao and Daniel Bates (University of Cambridge); Nicolas Papernot (University of Toronto and Vector Institute); Robert Mullins and Ross Anderson (University of Cambridge)
On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models
Benjamin Zi Hao Zhao (University of New South Wales & Data61-CSIRO); Aviral Agrawal (BITS Pilani K.K.Birla Goa campus & Macquarie University & Data61-CSIRO); Catisha Coburn (Defence Science and Technology Group); Hassan Jameel Asghar (Macquarie University & Data61-CSIRO); Raghav Bhaskar (Data61-CSIRO); Mohamed Ali Kaafar (Macquarie University & Data61-CSIRO); Darren Webb and Peter Dickinson (Defence Science and Technology Group)

End of day

8:10 PM

Distinguished Paper Awards

Location: Main Conference Zoom Room

3:00 - 3:05 PM

Session 5: Privacy

3:05 - 4:20 PM

Privacy of DNS-over-HTTPS: Requiem for a Dream?
Levente Csikor (National University of Singapore); Himanshu Singh (IIIT); Min Suk Kang (KAIST); Dinil Mon Divakaran (Trustwave)
Epoque: Practical End-to-End Verifiable Post-Quantum-Secure E-Voting
Xavier Boyen (Queensland University of Technology); Thomas Haines (NTNU Trondheim); Johannes Mueller (University of Luxembourg)
On the Privacy Risks of Algorithmic Fairness
Hongyan Chang and Reza Shokri (National University of Singapore)
Compression Boosts Differentially Private Federated Learning
Raouf Kerkouche (Privatics team, Univ. Grenoble Alpes, Inria, 38000 Grenoble, France); Gergely Ács (Crysys Lab, BME-HIT Budapest); Claude Castelluccia (Privatics team, Univ. Grenoble Alpes, Inria, 38000 Grenoble, France) and Pierre Genevès (Tyrex team, Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG, 38000 Grenoble)
We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor
Theodor Schnitzler (Ruhr-Universität Bochum); Christina Pöpper (New York University Abu Dhabi); Markus Dürmuth (Ruhr-Universität Bochum); Katharina Kohls (Radboud University)

short Coffee Break

4:20 - 4:30 PM

Session 6: Malware defenses and industrial IoT security

4:30 - 5:30 PM

Can ISPs Help Mitigate IoT Malware? A Longitudinal Study of Broadband ISP Security Efforts
Arman Noroozian and Elsa Turcios Rodriguez (TU-Delft); Elmer Lastdrager (SIDN Labs); Takahiro Kasama (NICT); Michel van Eeten and Carlos H. Ganan (TU-Delft)
Prognosis Negative: Evaluating Real-Time Behavioral Ransomware Detectors
Abhinav Gupta, Aditi Prakash and Nolen Scaife (University of Colorado Boulder)
Remote Non-Intrusive Malware Detection for PLCs based on Chain of Trust Rooted in Hardware
Prashant Hari Narayan Rajput, Esha Sarkar and Dimitrios Tychalas (NYU Tandon School of Engineering); Michail Maniatakos (New York University Abu Dhabi)
Sok: Attacks on Industrial Control Logic and Formal Verification-Based Defenses
Ruimin Sun, Alejandro Mera, Long Lu and David Choffnes (Northeastern University)

Coffee Break

5:30 - 5:50 PM

Session 7: Web, network, and mobile security

5:50 - 7:05 PM

Ephemeral Astroturfing Attacks: The Case of Fake Twitter Trends
Tugrulcan Elmas, Rebekah Overdorf, Ahmed Furkan Özkalay and Karl Aberer (EPFL)
BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks
Johannes Krupp and Christian Rossow (CISPA Helmholtz Center for Information Security)
SoK: A Framework for Asset Discovery: Systematizing Advances in Network Measurements for Protecting Organizations
Mathew Vermeer (Delft University of Technology); Jonathan West (University of Tulsa); Alejandro Cuevas (Carnegie Mellon University); Shuonan Niu (University of Tulsa); Nicolas Christin (Carnegie Mellon University); Michel van Eeten, Tobias Fiebig and Carlos Gañán (Delft University of Technology); Tyler Moore (University of Tulsa)
AppJitsu: Investigating the Resiliency of Android Applications
Onur Zungur (Boston University); Antonio Bianchi (Purdue University); Gianluca Stringhini and Manuel Egele (Boston University)
SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers
Thomas Rokicki (Univ Rennes, CNRS, IRISA); Clémentine Maurice and Pierre Laperdrix (Univ Lille, CNRS, Inria)

short Coffee Break

7:05 - 7:15 PM

Mentoring Session

7:15 - 8:15 PM

The mentoring session will include both small 2-on-2 chats as well as round tables discussing a topic.

End of day

8:15 PM

Session 8: Hardware security and formal methods for security

3:00 - 4:00 PM

SoK: Secure FPGA Multi-Tenancy in the Cloud: Challenges and Opportunities
Shaza Zeitouni, Ghada Dessouky and Ahmad-Reza Sadeghi (Technische Universität Darmstadt)
Nonce@Once: A Single-Trace EM Side Channel Attack on Several Constant-Time Elliptic Curve Implementations in Mobile Platforms
Monjur Alam, Baki Yilmaz and Frank Werner (Georgia Tech); Niels Samwel (Radboud University); Alenka Zajic (Georgia tech); Daniel Genkin (University of Michigan); Yuval Yarom (University of Adelaide and Data61); Milos Prvulovic (Georgia Tech)
DY*: A Modular Symbolic Verification Framework for Executable Cryptographic Protocol Code
Karthikeyan Bhargavan (INRIA); Abhishek Bichhawat (Carnegie Mellon University and IIT Gandhinagar); Quoc Huy Do, Pedram Hosseyni, Ralf Küsters, Guido Schmitz and Tim Würtele (University of Stuttgart)
Nontransitive Policies Transpiled
Mohammad M. Ahmadpanah (Chalmers University of Technology); Aslan Askarov (Aarhus University); Andrei Sabelfeld (Chalmers University of Technology)

short Coffee Break

4:00 - 4:10 PM

Session 9: Invited Talk

4:10 - 4:50 PM

After the Attack: Security through Resilience and Recovery
Speaker: Susan McGregor, Columbia University, US

Abstract: While a main focus of security research is on identifying, mitigating and preventing attacks, the reality is that security failures always have - and always will - continue to happen. What's more, as computing continues to become more distributed and attack surfaces increase, the possibility of truly "securing" real-world computational systems diminishes. Given this environment of persistent attacks and security failures, this talk will explore the question of whether security research should begin to look beyond prevention and begin to concern itself more actively with questions of resilience and recovery when security failures inevitably happen.

Susan McGregor an Associate Research Scholar at Columbia University’s Data Science Institute, where she also co-chairs its Center for Data, Media & Society. McGregor’s research is centered on security and privacy issues affecting journalists and media organizations. Her current projects include NSF-funded work to provide readers with stronger guarantees about digital media by integrating cryptographic signatures into digital publishing workflows, an effort to develop novel classifiers for detecting abusive and harassing speech targeting journalists on Twitter, and using artificial intelligence and computer vision to help journalists recognize unfamiliar political graphics when reporting in the field.

Poster Session

4:50 - 5:35 PM

Angry Birding: Evaluating Application Exceptions as Attack Canaries
Tolga Ünlü (Abertay University), Lynsay Shepherd (Abertay University), Natalie Coull (University of Abertay Dundee) and Colin Mclean (University of Abertay Dundee)
Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions
Suzan Ali, Mounir Elgharabawy, Quentin Duchaussoy, Mohammad Mannan, Amr Youssef (Concordia University, Montreal, Canada)
received the Distinguished Paper Award @ ACSAC 2020
DyPolDroid: User-Centered Counter-Policies Against Android Permission-Abuse Attacks
Matthew Hill (Texas A&M Corpus Christi), Carlos Rubio-Medrano (Texas A&M Corpus Christi), Luis Claramunt (Arizona State University) and Jaejong Baek (Arizona State University)
Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments
Fritz Alder, Jo Van Bulck (KU Leuven, Belgium), Jesse Spielman, David Oswald (University of Birmingham, UK), Frank Piessens (KU Leuven, Belgium)
received the Distinguished Paper Award @ ACSAC 2020
FLATEE -- Federated Learning Across Trusted Execution Environments
Arup Mondal (Ashoka University), Yash More (Ashoka University), Ruthu Rooparaghunath (Ashoka University) and Debayan Gupta (Ashoka University)
Obfuscation Revealed - Electromagnetic obfuscated malware classification
Duy-Phuc Pham (Univ Rennes, CNRS, IRISA), Damien Marion (Univ Rennes, CNRS, IRISA) and Annelie Heuser (Univ Rennes, CNRS, IRISA)
Preventing Spatial and Privacy Attacks in Mobile Augmented Reality Technologies
Luis Claramunt (Arizona State University), Larissa Pokam Epse (Arizona State University), Carlos Rubio-Medrano (Texas A&M University - Corpus Christi), Jaejong Baek (Arizona State University) and Gail-Joon Ahn (Arizona State University & Samsung Research)
Reducing Data Leakage on Personal Data Management Systems
Robin Carpentier (Université de Versailles Saint-Quentin-en-Yvelines), Iulian Sandu Popa (Université de Versailles Saint-Quentin-en-Yvelines) and Nicolas Anciaux (INRIA)
RLBox: Retrofitting Fine Grain Isolation in the Firefox Renderer
Shravan Narayan (UC San Diego), Craig Disselkoen (UC San Diego), Tal Garfinkel (Independent), Sorin Lerner (UC San Diego), Hovav Shacham (UT Austin), Deian Stefan (UC San Diego)
received the Distinguished Paper Award @ USENIX Security 2020
The Need for a Collaborative Approach to Cyber Security Education
Gregor Langner (AIT Austrian Institute of Technology), Jerry Andriessen (Wise & Munro), Gerald Quirchmayr (University of Vienna), Steven Furnell (University of Nottingham), Vittorio Scarano (Universit`a degli Studi di Salerno) and Teemu Johannes Tokola (University of Oulu)
The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs
Maik Ender, Amir Moradi (Ruhr University Bochum, Germany), Christof Paar (Max Planck Institute for Security and Privacy, Germany)
received the Distinguished Paper Award @ USENIX Security 2020
Towards Verifiable Mutability for Blockchains
Erik Daniel (Technische Universität Berlin) and Florian Tschorsch (Technische Universität Berlin)

Coffee Break

5:35 - 5:55 PM

Session 10: AI-based security and privacy tools

5:55 - 6:55 PM

ANDRUSPEX: Leveraging Graph Representation Learning to Predict Harmful App Installations on Mobile Devices
Yun Shen (NortonLifeLock Research Group); Gianluca Stringhini (Boston University)
D-Fence: A Flexible, Efficient, and Comprehensive Phishing Email Detection System
Jehyun Lee, Farren Tang, Pingxiao Ye, Fahim Abbasi, Phil Hay and Dinil Mon Divakaran (Trustwave)
Extractor: Extracting Attack Behavior from Threat Reports
Kiavash Satvat, Rigel Gjomemo and V.N. Venkatakrishnan (University of Illinois at Chicago)
FastSpec: Scalable Generation and Detection of Spectre Gadgets Using Neural Embeddings
M. Caner Tol (Worcester Polytechnic Institute); Berk Gulmezoglu (Iowa State University); Koray Yurtseven and Berk Sunar (Worcester Polytechnic Institute)

short Coffee Break

6:55 - 7:05 PM

Session 11: System security

7:05 - 8:05 PM

Bypassing memory safety mechanisms through speculative control flow hijacks
Andrea Mambretti (Northeastern University); Alexandra Sandulescu and Alessandro Sorniotti (IBM Research - Zurich); William Robertson and Engin Kirda (Northeastern University); Anil Kurmus (IBM Research - Zurich)
NoVT: Eliminating C++ Virtual Calls to Mitigate Vtable Hijacking
Markus Bauer and Christian Rossow (CISPA − Helmholtz Center for Information Security)
Compiler-Assisted Hardening of Embedded Software Against Interrupt Latency Side-Channel Attacks
Hans Winderix, Jan Tobias Mühlberg and Frank Piessens (KU Leuven)
Aim, Wait, Shoot: How the CACHESNIPER Technique Improves Unprivileged Cache Attacks
Samira Briongos (NEC Laboratories Europe); Ida Bruhns (Universität zu Lübeck); Pedro Malagón (Universidad Politécnica de Madrid); Thomas Eisenbarth (Universität zu Lübeck); José Moya (Universidad Politécnica de Madrid)

Closing remarks

8:05 - 8:10 PM


University of Vienna SBA Research TU Wien


Huawei Facebook