Venice, June 30 - July 4, 2025
10th IEEE European Symposium on Security and Privacy
| Demystifying the Perceptions Gap Between Designers and Practitioners in Two Security Standards | Shreyas Kumar (Texas A&M University), Evelyn Croww (Texas A&M University), Guofei Gu (Texas A&M University) |
| PreFence: A Fine-Grained and Scheduling-Aware Defense Against Prefetching-Based Attacks | Till Schlüter (CISPA Helmholtz Center for Information Security), Nils Ole Tippenhauer (CISPA Helmholtz Center for Information Security) |
| openIPE: An Extensible Memory Isolation Framework for Microcontrollers | Marton Bognar (DistriNet, KU Leuven), Jo Van Bulck (DistriNet, KU Leuven) |
| MalMixer: Few-Shot Malware Classification with Retrieval-Augmented Semi-Supervised Learning | Jiliang Li (Stanford University), Yifan Zhang (Vanderbilt University), Yu Huang (Vanderbilt University), Kevin Leach (Vanderbilt University) |
| CAIBA: Multicast Source Authentication for CAN Through Reactive Bit Flipping | Eric Wagner (Fraunhofer FKIE & RWTH Aachen University), Frederik Basels (Fraunhofer FKIE), Jan Bauer (Fraunhofer FKIE), Till Zimmermann (Osnabrück University), Klaus Wehrle (RWTH Aachen University), Martin Henze (RWTH Aachen University & Fraunhofer FKIE) |
| The Art of Bonsai: How Well-Shaped Trees Improve the Communication Cost of MLS | Céline Chevalier (Ecole normale supérieure-PSL, Université Paris-Panthéon-Assas), Guirec Lebrun (Ecole normale supérieure-PSL, ANSSI), Ange Martinelli (ANSSI), Jérôme Plût (ANSSI) |
| Endless Subscriptions: Open RAN is Open to RIC E2 Subscription Denial of Service Attacks | Felix Klement (University of Passau), Alessandro Brighente (University of Padua), Anup Kiran Bhattacharjee (TU Delft), Stefano Cecconello (University of Padua & TU Delft), Fernando Kuipers (TU Delft), Georgios Smaragdakis (TU Delft), Mauro Conti (University of Padua & TU Delft), Stefan Katzenbeisser (University of Passau) |
| Port Forwarding Services Are Forwarding Security Risks | Haoyuan Wang (University of Science and Technology of China), Yue Xue (University of Science and Technology of China), Xuan Feng (Microsoft Research Asia), Xianghang Mi (University of Science and Technology of China) |
| CHARON: Polyglot Code Analysis for Detecting Vulnerabilities in Scripting Languages Native Extensions | Raoul Scholtes (CISPA Helmholtz Center for Information Security), Soheil Khodayari (CISPA Helmholtz Center for Information Security), Cristian-Alexandru Staicu (CISPA Helmholtz Center for Information Security), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security) |
| Incentivizing Security Excellence in Cyber Liability Insurance | Shreyas Kumar (Texas A&M University), Paula Dewitte (Texas A&M University), Guofei Gu (Texas A&M University) |
| Rubicon: Precise Microarchitectural Attacks with Page-Granular Massaging | Matej Bölcskei (ETH Zurich), Patrick Jattke (ETH Zurich), Johannes Wikner (ETH Zurich), Kaveh Razavi (ETH Zurich) |
| You Can’t Trust Your Tag Neither: Privacy Leaks and Potential Legal Violations within the Google Tag Manager | Gilles Mertens (Inria), Cristiana Santos (Utrecht University), Nataliia Bielova (Inria), Vincent Roca (Inria) |
| Exploring the Design Space for Security Warnings in Immersive Environments | Andrea Mengascini (CISPA Helmholtz-Z. für Inform. gGmbH), Annabelle Walle (CISPA Helmholtz-Z. für Inform. gGmbH), Rebecca Weil (CISPA Helmholtz-Z. für Inform. gGmbH), Jürgen Steimle (Saarland University), Giancarlo Pellegrino (CISPA Helmholtz-Z. für Inform. gGmbH) |
| On the Lack of Robustness of Binary Function Similarity Systems | Gianluca Capozzi (Sapienza University of Rome), Tong Tang (Zhejiang University), Jie Wan (Zhejiang University), Ziqi Yang (Zhejiang University), Daniele Cono D'Elia (Sapienza University of Rome), Giuseppe Antonio Di Luna (Sapienza University of Rome), Lorenzo Cavallaro (University College London), Leonardo Querzoni (Sapienza University of Rome) |
| All that Glitters is not Gold: Uncovering Exposed Industrial Control Systems and Honeypots in the Wild | Martin Mladenov (Delft University of Technology), Laszlo Tibor Erdodi (Norwegian University of Science and Technology), Georgios Smaragdakis (Delft University of Technology) |
| SoK: Hardening Techniques in the Mobile Ecosystem – Are We There Yet? | Magdalena Steinböck (TU Wien), Jens Troost (Vrije Universiteit Amsterdam), Wilco van Beijnum (University of Twente), Jan Seredynski (Vrije Universiteit Amsterdam), Herbert Bos (Vrije Universiteit Amsterdam), Martina Lindorfer (TU Wien), Andrea Continella (University of Twente) |
| Best-Possible Unpredictable Proof-of-Stake: An Impossibility and a Practical Design | Lei Fan (Shanghai Jiao Tong University), Jonathan Katz (Google and University of Maryland), Zhenghao Lu (Shanghai Jiao Tong University), Phuc Thai (Sky Mavis), Hong-Sheng Zhou (Virginia Commonwealth University) |
| Beneath the Surface: A Measurement Analysis of OEM Customizations on the Android TLS Protocol Stack | Vinuri Bandara (IMDEA Networks/Universidad Carlos III de Madrid), Stijn Pletinckx (UC Santa Barbara), Ilya Grishchenko (UC Santa Barbara), Christopher Kruegel (UC Santa Barbara), Giovanni Vigna (UC Santa Barbara), Juan Tapiador (Universidad Carlos III de Madrid), Narseo Vallina-Rodriguez (IMDEA Networks) |
| CovFUZZ: Coverage-based fuzzer for 4G&5G protocols | Ilja Siros (COSIC, KU Leuven), Dave Singelee (COSIC, KU Leuven), Bart Preneel (COSIC, KU Leuven) |
| TAPShield: Securing Trigger-Action Platforms against Strong Attackers | Mojtaba Moazen (KTH Royal Institute of Technology), Nicolae Paladi (CanaryBit AB and Lund University), Adnan Jamil Ahsan (KTH Royal Institute of Technology), Musard Balliu (KTH Royal Institute of Technology) |
| Active Attribute Inference Against Well-Generalized Models In Federated Learning | Catarina Gomes (CRACS/INESC TEC and Dept. of Computer Science, Faculty of Sciences, University of Porto), João P. Vilela (CRACS/INESC TEC and Dept. of Computer Science, Faculty of Sciences, University of Porto), Ricardo Mendes (CISUC and Dept. of Informatics Engineering University of Coimbra) |
| LibAFLGo: Evaluating and Advancing Directed Greybox Fuzzing | Andrea Jemmett (Vrije Universiteit Amsterdam), Elia Geretto (Vrije Universiteit Amsterdam), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam) |
| CTINexus: Automatic Cyber Threat Intelligence Knowledge Graph Construction Using Large Language Models | Yutong Cheng (Virginia Tech), Osama Bajaber (Virginia Tech), Saimon Amanuel Tsegai (Virginia Tech), Dawn Song (UC Berkeley), Peng Gao (Virginia Tech) |
| LATTE: Layered Attestation for Portable Enclaved Applications | Haoxuan Xu (Shanghai Jiao Tong University), Jia Xiang (Shanghai Jiao Tong University), Zhen Huang (Shanghai Jiao Tong University), Guoxing Chen (Shanghai Jiao Tong University), Yan Meng (Shanghai Jiao Tong University), Haojin Zhu (Shanghai Jiao Tong University) |
| Mario: Multi-round Multiple-Aggregator Secure Aggregation with Robustness against Malicious Actors | Truong Son Nguyen (Arizona State University), Tancrède Lepoint (Amazon Web Service Inc), Ni Trieu (Arizona State University) |
| The Danger of Packet Length Leakage: Off-path TCP/IP Hijacking Attacks Against Wireless and Mobile Networks | Guancheng Li (Tencent Security Xuanwu Lab), Minghao Zhang (Tsinghua University), Jianjun Chen (Tsinghua University), Ge Dai (Tencent Security Xuanwu Lab), Pinji Chen (Tsinghua University), Huiming Liu (Tencent Security Xuanwu Lab), Yang Yu (Tencent Security Xuanwu Lab), Haixin Duan (Tsinghua University), Zhiyun Qian (University of California, Riverside) |
| Efficient Authentication Protocols from the Restricted Syndrome Decoding Problem | Vu Nguyen (Lund University), Thomas Johansson (Lund University), Mustafa Khairallah (Lund University) |
| Can You Hear Me? A First Study Of VoIP Censorship Techniques In Saudi Arabia And The UAE | Friedemann Lipphardt (Max Planck Institute for Informatics), Anja Feldmann (Max Planck Institute for Informatics), Devashish Gosain (IIT Bombay) |
| Commitment Attacks on Ethereum’s Reward Mechanism | Roozbeh Sarenche (COSIC, KU Leuven), Ertem Nusret Tas (Stanford University), Barnabé Monnot (Robust Incentives Group, Ethereum Foundation), Caspar Schwarz-Schilling (Robust Incentives Group, Ethereum Foundation), Bart Preneel (COSIC, KU Leuven) |
| SoK: Security of EMV Contactless Payment Systems | Mahshid Mehr Nezhad (Secure Cyber Systems Research Centre, WMG, University of Warwick), Feng Hao (Department of Computer Science, University of Warwick), Gregory Epiphaniou (Secure Cyber Systems Research Centre, WMG, University of Warwick), Carsten Maple (Secure Cyber Systems Research Centre, WMG, University of Warwick), Timur Yunusov (Payment Village) |
| KubeKeeper: Protecting Kubernetes Secrets Against Excessive Permissions | Maryam Rostamipoor (Stony Brook University), Aliakbar Sadeghi (Stony Brook University), Michalis Polychronakis (Stony Brook University) |
| AceCov: Auxiliary Composite Edge Coverage for Fuzzing | Yoshida Haruki (The University of Tokyo), Yuichi Sugiyama (The University of Tokyo), Ryota Shioya (The University of Tokyo) |
| LLMPot: Dynamically Configured LLM-based Honeypot for Industrial Protocol and Physical Process Emulation | Christoforos Vasilatos (New York University Abu Dhabi), Dunia J. Mahboobeh (New York University Abu Dhabi), Hithem Lamri (New York University Abu Dhabi), Manaar Alam (New York University Abu Dhabi), Michail Maniatakos (New York University Abu Dhabi) |
| Unharmful Backdoor-based Client-side Watermarking in Federated Learning | Kaijing Luo (The University of Hong Kong), Ka-Ho Chow (The University of Hong Kong) |
| SoK: Systematization and Benchmarking of Deepfake Detectors in a Unified Framework | Minh Binh Le (Sungkyunkwan University), Jiwon Kim (Sungkyunkwan University), Simon S. Woo (Sungkyunkwan University), Kristen Moore (CSIRO’s Data61), Alsharif Abuadbba (CSIRO’s Data61), Shahroz Tariq (CSIRO’s Data61) |
| Your Car Tells Me Where You Drove: A Novel Path Inference Attack via CAN Bus and OBD-II Data | Tommaso Bianchi (University of Padova), Alessandro Brighente (University of Padova), Mauro Conti (University of Padova & Delft University of Technology), Andrea Valori (Innova Trieste S.p.A.) |
| Pfuzzer: Practical, Sound, and Effective Multi-path Analysis of Environment-sensitive Malware with Coverage-guided Fuzzing | Nicola Bottura (Sapienza University of Rome), Daniele Cono D'Elia (Sapienza University of Rome), Leonardo Querzoni (Sapienza University of Rome) |
| A Formal Security Analysis of Hyperledger AnonCreds | Ashley Fraser (Lancaster University), Steve Schneider (University of Surrey) |
| Scalable and Fine-Tuned Privacy Pass from Group Verifiable Random Functions | Dennis Faut (Karlsruhe Institute of Technology), Julia Hesse (IBM Research Europe - Zurich), Lisa Kohl (CWI Amsterdam), Andy Rupp (University of Luxembourg and KASTEL SRL) |
| Deep Unlearn: Benchmarking Machine Unlearning for Image Classification | Xavier Cadet (Imperial College London), Anastasia Borovykh (Imperial College London), Mohammad Malekzadeh (Nokia Bell Labs), Sara Ahmadi-Abhari (Imperial College London), Hamed Haddadi (Imperial College London & Brave Software) |
| Shaking up authenticated encryption | Joan Daemen (Radboud University), Seth Hoffert (), Silvia Mella (Radboud University), Gilles Van Assche (STMicroelectronics), Ronny Van Keer (STMicroelectronics) |
| Cryptographic Commitments on Anonymizable Data | Xavier Bultel (LIFO, Université d’Orléans, INSA Centre Val de Loire, INRIA, France), Céline Chevalier (CRED, Université Panthéon-Assas, Paris II, France, DIENS, École normale supérieure, PSL University, CNRS, INRIA, Paris, France), Charlène Jojon (LIFO, Université d’Orléans, INSA Centre Val de Loire, INRIA, France), Diandian Liu (LIFO, Université d’Orléans, INSA Centre Val de Loire, France), Benjamin Nguyen (LIFO, Université d’Orléans, INSA Centre Val de Loire, INRIA, France) |
| They See Me Scooting - A Long-Term Real-World Data Analysis of Shared Micro-Mobility Services and their Privacy Leakage | Karina Elzer (RPTU Kaiserslautern), Eric Jedermann (RPTU Kaiserslautern), Stefanie Roos (RPTU Kaiserslautern), Jens Schmitt (RPTU Kaiserslautern) |
| SoK: No Goto, No Cry? The Fairy Tale of Flawless Control-Flow Structuring | Eva-Maria C. Behner (Fraunhofer FKIE, Germany), Steffen Enders (Fraunhofer FKIE, Germany), Elmar Padilla (Fraunhofer FKIE, Germany) |
| Dredging the River Styx: Fortifying the Web through Robust and Real-Time Script Attribution | Kostas Drakonakis (Technical University of Crete), Sotiris Ioannidis (Technical University of Crete), Jason Polakis (University of Illinois Chicago) |
| WWXSS: Web Workers Cross-Site Scripting | Dolière Francis Somé (CISPA Helmholtz Center for Information Security) |
| Incompleteness in Number-Theoretic Transforms: New Tradeoffs and Faster Lattice Cryptography-Based Applications | Syed Mahbub Hafiz (LG Electronics), Bahattin Yildiz (LG Electronics), Marcos Simplicio Jr (University of Sao Paulo and LG Electronics), Thales Paiva (LG Electronics), Henrique Ogawa (LG Electronics), Gabrielle De Micheli (LG Electronics), Eduardo L. Cominetti (LG Electronics) |
| Sequentially Consistent Concurrent Encrypted Multimaps | Archita Agarwal (MongoDB Research), Zachary Espiritu (MongoDB Research) |
| A Systematic Study of Practical & Formal Privacy in the 5G AKMA Procedure | Ioana Boureanu (Surrey Centre for Cyber Security, University of Surrey), Stephan Wesemeyer (Surrey Centre for Cyber Security, University of Surrey), Fortunat Rajaona (Surrey Centre for Cyber Security, University of Surrey), Steve Schneider (Surrey Centre for Cyber Security, University of Surrey), Helen Treharne (Surrey Centre for Cyber Security, University of Surrey) |
| SPARK: Secure Privacy-Preserving Anonymous Swarm Attestation for In-Vehicle Networks | Wouter Hellemans (KU Leuven), Nada El Kassem (University of Surrey), Md Masoom Rabbani (Chalmers University of Technology.), Edlira Dushku (Aalborg University), Liqun Chen (University of Surrey), An Braeken (Vrije Universiteit Brussel), Bart Preneel (KU Leuven), Nele Mentens (KU Leuven and Leiden University) |
| Attacking and Fixing the Android Protected Confirmation Protocol | Myrto Arapinis (The University of Edinburgh), Vincent Danos (Ecole Normale Supérieure), Maïwenn Racouchot (INRIA Nancy - Grand Est), David Robin (Ecole Normale Supérieure), Thomas Zacharias (University of Glasgow) |
| LegoLog: A configurable transparency log | Vivian Fang (UC Berkeley), Emma Dauterman (MIT), Akshay Ravoor (UC Berkeley), Akshit Dewan (UC Berkeley), Raluca Ada Popa (UC Berkeley) |
| Sandi: A System for Accountability | F. Betül Durak (Microsoft Research), Kim Laine (Microsoft Research), Radames Cruz Moreno (Microsoft Research), Simon Langowski (Massachusetts Institute of Technology) |
| LeapFrog: The Rowhammer Instruction Skip Attack | Andrew Adiletta (MITRE), M. Caner Tol (Worcester Polytechnic Institute), Kemal Derya (Worcester Polytechnic Institute), Saad Islam (Worcester Polytechnic Institute), Berk Sunar (Worcester Polytechnic Institute) |
| Divide and Conquer: Introducing Partial Multi-Variant Execution | Jonas Vinck (DistriNet, KU Leuven), Adriaan Jacobs (DistriNet, KU Leuven), Alexios Voulimeneas (TU Delft), Stijn Volckaert (DistriNet, KU Leuven) |
| Not in The Prophecies: Practical Attacks on Nostr | Hayato Kimura (University of Hyogo), Ryoma Ito (NICT), Kazuhiko Minematsu (NEC), Shogo Shiraki (University of Hyogo), Takanori Isobe (University of Hyogo) |
| Cybersquatting in Web3: The Case of NFT | Kai Ma (Huazhong University of Science and Technology), Ningyu He (The Hong Kong Polytechnic University), Jintao Huang (Huazhong University of Science and Technology), Bosi Zhang (Huazhong University of Science and Technology), Ping Wu (Fiberhome Telecommunication Technologies Co.,Ltd.), Haoyu Wang (Huazhong University of Science and Technology) |
| CTRAPS: CTAP Impersonation and API Confusion Attacks and Defenses on FIDO2 | Marco Casagrande (EURECOM), Daniele Antonioli (EURECOM) |
| O'MINE: A Novel Collaborative DDoS Detection Mechanism for Programmable Data-Planes | Enkeleda Bardhi (Delft University of Technology), Chenxing Ji (Delft University of Technology), Ali Imran (Purdue University), Muhammad Shahbaz (Purdue University), Riccardo Lazzeretti (Sapienza University of Rome), Mauro Conti (University of Padua), Fernando Kuipers (Delft University of Technology) |
| Enhancing Cybersecurity Awareness in Small and Medium Enterprises Through a User-Friendly Risk Assessment Tool | Miriam Curtin (Munster Technological University), Brian Sheehan (Munster Technological University), Melanie Gruben (Munster Technological University), Gillian O Carroll (Munster Technological University), Hazel Murray (Munster Technological University) |