MAY 18-20, 2020

41st IEEE Symposium on
Security and Privacy

   Access details

Accepted Papers

A Programming Framework for Differential Privacy with Accuracy Concentration Bounds
Elisabet Lobo-Vesga (Chalmers University of Technology), Alejandro Russo (Chalmers University of Technology), Marco Gaboardi (Boston University)
A Security Analysis of the Facebook Ad Library
Laura Edelson (New York University), Tobias Lauinger (New York University), Damon McCoy (New York University)
A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network
Muoi Tran (National University of Singapore), Inho Choi (National University of Singapore), Gi Jun Moon (Korea University), Anh Vu (Japan Advanced Institute of Science and Technology), Min Suk Kang (National University of Singapore)
A Tale of Sea and Sky: On the Security of Maritime VSAT Communications
James Pavur (Oxford University), Daniel Moser (armasuisse), Martin Strohmeier (armasuisse), Vincent Lenders (armasuisse), Ivan Martinovic (Oxford University)
AdGraph: A Graph-Based Approach to Ad and Tracker Blocking
Umar Iqbal (University of Iowa / Brave Software), Peter Snyder (Brave Software), Shitong Zhu (UC Riverside), Benjamin Livshits (Brave Software / Imperial College London), Zhiyun Qian (UC Riverside), Zubair Shafiq (University of Iowa)
An Analysis of Pre-installed Android Software
Julien Gamba (IMDEA Networks Institute, Universidad Carlos III de Madrid), Mohammed Rashed (Universidad Carlos III de Madrid), Abbas Razaghpanah (Stony Brook University), Juan Tapiador (Universidad Carlos III de Madrid), Narseo Vallina-Rodriguez (IMDEA Networks Institute, ICSI)
Are Anonymity-Seekers Just Like Everybody Else? An Analysis of Contributions to Wikipedia from Tor
Chau Tran (New York University), Kaylea Champion (University of Washington), Andrea Forte (Drexel University), Benjamin Mako Hill (University of Washington), Rachel Greenstadt (New York University)
Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers
Lucian Cojocar (Microsoft Research), Jeremie Kim (ETH Zurich, CMU), Minesh Patel (ETH Zurich), Lillian Tsai (MIT), Stefan Saroiu (Microsoft Research), Alec Wolman (Microsoft Research), Onur Mutlu (ETH Zurich, CMU)
Ask the Experts: What Should Be on an IoT Privacy and Security Label?
Pardis Emami-Naeini (Carnegie Mellon University), Yuvraj Agarwal (Carnegie Mellon University), Lorrie Faith Cranor (Carnegie Mellon University), Hanan Hibshi (Carnegie Mellon University)
Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps
Quingchuan Zhao (The Ohio State University), Chaoshun Zuo (The Ohio State University), Brendan Dolan-Gavitt (New York University), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security, Germany), Zhiqiang Lin (The Ohio State University)
Automatically Detecting Bystanders in Photos to Reduce Privacy Risks
Rakibul Hasan (Indiana University), David Crandall (Indiana University), Mario Fritz (CISPA Helmholtz Center for Information Security, Germany), Apu Kapadia (Indiana University)
BIAS: Bluetooth Impersonation AttackS
Daniele Antonioli (École Polytechnique Fédérale de Lausanne (EPFL)), Nils Ole Tippenhauer (CISPA Helmholtz Center for Information Security, Germany), Kasper Rasmussen (University of Oxford)
Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level
Lesly-Ann Daniel (CEA, List, Université Paris-Sacley), Sébastien Bardin (CEA, List, Université Paris-Sacley), Tamara Rezk (INRIA Sophia-Antipolis, INDES Project, France)
Breaking and (Partially) Fixing Provably Secure Onion Routing
Christiane Kuhn (KIT Karlsruhe), Martin Beck (TU Dresden), Thorsten Strufe (Karlsruhe Institute of Technology (KIT) and Centre of Tactile Internet (TU Dresden))
Browsing Unicity: On the Limits of Anonymizing Web Tracking Data
Clemens Deußer (TU Dresden), Steffen Passmann (INFOnline GMbH), Thorsten Strufe (Karlsruhe Institute of Technology (KIT) and Centre of Tactile Internet (TU Dresden))
Burglars' IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds
Yan Jia (Xidian University / University of Chinese Academy of Sciences / Indana University at Bloomington), Luyi Xing (Indiana University at Bloomington), Yuhang Mao (Xidian University / University of Chinese Academy of Sciences), Dongfang Zhao (Indiana University at Bloomington), XiaoFeng Wang (Indiana University at Bloomington), Shangru Zhao (Xidian University / University of Chinese Academy of Sciences), Yuqing Zhang (Xidian University / University of Chinese Academy of Sciences)
C3APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage
Ilias Giechaskiel (University of Oxford), Kasper Bonne Rasmussen (University of Oxford), Jakub Szefer (Yale University)
Can Voters Detect Malicious Manipulation of Ballot Marking Devices?
Matthew Bernhard (University of Michigan), Allison McDonald (University of Michigan), Henry Meng (University of Michigan), Jensen Hwa (University of Michigan), Nakul Bajaj (The Harker School), Kevin Chang (University of Michigan), J. Alex Halderman (University of Michigan)
Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics
Md Nahid Hossain (Stony Brook University), Sanaz Sheikhi (Stony Brook University), R. Sekar (Stony Brook University)
Cornucopia: Temporal Safety for CHERI Heaps
Nathaniel Wesley Filardo (University of Cambridge), Brett F. Gutstein (University of Cambridge), Jonathan Woodruff (University of Cambridge), Sam Ainsworth (University of Cambridge), Lucian Paul-Trifu (University of Cambridge), Brooks Davis (SRI International), Hongyan Xia (University of Cambridge), Edward Tomasz Napierala (University of Cambridge), Alexander Richardson (University of Cambridge), John Baldwin (Ararat River Consulting), David Chisnall (Microsoft Research / University of Cambridge), Jessica Clarke (University of Cambridge), Khilan Gudka (University of Cambridge), Alexandre Joannou (University of Cambridge), A. Theodore Markettos (University of Cambridge), Alfredo Mazzinghi (University of Cambridge), Robert Norton (University of Cambridge), Michael Roe (University of Cambridge), Peter Sewell (University of Cambridge), Stacey Son (University of Cambridge), Timothy M. Jones (University of Cambridge), Simon Moore (University of Cambridge), Peter G. Neumann (SRI International), Robert N. M. Watson (University of Cambridge)
CrypTFlow : Secure TensorFlow Inference
Nishant Kumar (Microsoft Research, India), Mayank Rathee (Microsoft Research, India), Nishanth Chandran (Microsoft Research, India), Divya Gupta (Microsoft Research, India), Aseem Rastogi (Microsoft Research, India), Rahul Sharma (Microsoft Research, India)
Detection of Electromagnetic Interference Attacks on Sensor Systems
Youqian Zhang (University of Oxford), Kasper Rasmussen (University of Oxford)
Do Cookie Banners Respect My Choice? Measuring Legal Compliance of Banners from IAB Europe's Transparancy and Consent Framework
Célestin Matte (Inria, France), Nataliia Bielova (Inria, France), Cristiana Santos (Inria, France)
Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
Mathy Vanhoef (New York University Abu Dhabi), Eyal Ronen (Tel Aviv University / KU Leuven)
Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers
Chun Guo (Université catholique de Louvain), Jonathan Katz (University of Maryland), Xiao Wang (Northwestern University), Yu Yu (Shanghai Jiao Tong University)
Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment
Jianping Zhu (University of Chinese Academy of Sciences), Rui Hou (University of Chinese Academy of Sciences), XiaoFeng Wang (Indiana University at Bloomington), Wenhao Wang (University of Chinese Academy of Sciences), Jianfeng Cao (University of Chinese Academy of Sciences), Boyan Zhao (University of Chinese Academy of Sciences), Zhongpu Wang (University of Chinese Academy of Sciences), Yuhui Zhang (University of Chinese Academy of Sciences), Jiameng Ying (University of Chinese Academy of Sciences), Lixin Zhang (Institute of Computing Technology, CAS), Dan Meng (University of Chinese Academy of Sciences)
Even Black Cats Cannot Stay Hidden in the Dark: Full-band De-anonymization of Bluetooth Classic Devices
Marco Cominelli (CNIT / University of Brescia), Francesco Gringoli (CNIT / University of Brescia), Margus Lind (Context Information Security, Scotland), Paul Patras (The University of Edinburgh), Guevara Noubir (Northeastern University)
EverCrypt: A Fast, Verified, Cross-Platform Crytographic Provider
Jonathan Protzenko (Microsoft Research), Bryan Parno (Carnegie Melon University), Aymeric Fromherz (Carnegie Melon University), Chris Hawblitzel (Microsoft Research), Marina Polubelova (Inria, France), Karthikeyan Bhargavan (Inria, France), Benjamin Beurdouche (Inria, France), Joonwon Choi (MIT / Microsoft Research), Antione Delignat-Lavaud (Microsoft Research), Cédric Fournet (Microsoft Research), Natalia Kulatova (Inria, France), Tahina Ramananandro (Microsoft Research), Aseem Rastogi (Microsoft Research, India), Nikhil Swamy (Microsoft Research), Christoph Wintersteiger (Microsoft Research, UK), Santiago Zanella-Beguelin (Microsoft Research, UK)
Ex-vivo dynamic analysis framework for Android device drivers
Ivan Pustogarov (University of Toronto), Qian Wu (University of Toronto), David Lie (University of Toronto)
Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability
Philip Daian (Cornell Tech), Steven Goldfeder (Cornell Tech), Tyler Kell (Cornell Tech), Yunqi Li (UIUC), Xueyuan Zhao (Carnegie Mellon University), Iddo Bentov (Cornell Tech), Lorenz Breidenbach (ETH Zurich), Ari Juels (Cornell Tech)
Flaw Label: Exploiting IPv6 Flow Label
Jonathan Berger (Bar-Ilan University), Amit Klein (Bar-Ilan University), Benny Pinkas (Bar-Ilan University)
FlyClient: Super-Light Clients for Cryptocurrencies
Benedikt Bünz (Stanford University), Lucianna Kiffer (Northeastern University), Loi Luu (Kyber Network), Mahdi Zamani (Visa Research)
Fuzzing JavaScript Engines with Aspect-preserving Mutation
Soyeon Park (Georgia Institute of Technology), Wen Xu (Georgia Institute of Technology), Insu Yun (Georgia Institute of Technology), Daehee Jang (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology)
Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection Policies
Eunyong Cheon (UNIST, Republic of Korea), Yonghwan Shin (UNIST, Republic of Korea), Jun Ho Huh (Samsung Research, Republic of Korea), Hyoungshick Kim (Sungkyunkwan University, Republic of Korea), Ian Oakley (UNIST, Republic of Korea)
High Precision Open-World Website Fingerprinting
Tao Wang (Hong Kong University of Science and Technology)
HopSkipJumpAttack: A Query-Efficient Decision-Based Attack
Jianbo Chen (University of California, Berkeley), Michael I. Jordan (University of California, Berkeley), Martin J. Wainwright (University of California, Berkeley / Voleon Group)
How Not to Prove Your Election Outcome
Thomas Haines (Norweigian University of Science and Technology), Sarah Jamie Lewis (Open Privacy Research Society), Olivier Pereira (UCLouvian ICTEAM), Vanessa Teague (The University of Melbourne)
Humpty Dumpty: Controlling Word Meanings via Corpus Poisoning
Roei Schuster (Tel Aviv University), Tal Schuster (CSAIL / MIT), Yoav Meri (Cornell Tech), Vitaly Shmatikov (Cornell Tech)
HydRand: Efficient Continuous Distributed Randomness
Philipp Schindler (SBA Research), Aljosha Judmayer (SBA Research), Nicholas Stifter (SBA Research / TU Wien), Edgar Weippl (SBA Research / TU Wien)
ICAS: An Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive Trojans
Timothy Trippel (University of Michigan), Kang Shin (University of Michigan), Kevin Bush (MIT Lincoln Laboratory), Matthew Hicks (Virginia Tech)
ICLab: A Global, Longitudinal Internet Censorship Measurement Platform
Arian Akhavan Niaki (University of Massachusetts, Amherst), Shinyoung Cho (University of Massachusetts, Amherst / Stony Brook University), Zachary Weinberg (Carnegie Mellon University), Nguyen Phong Hoang (Stony Brook University), Abbas Razaghpanah (Stony Brook University), Nicholas Christin (Carnegie Mellon University), Phillipa Gill (Stony Brook University)
IJON: Exploring Deep State Spaces via Fuzzing
Cornelius Aschermann (Ruhr University Bochum), Sergej Schumilo (Ruhr University Bochum), Ali Abbasi (Ruhr University Bochum), Thorsten Holz (Ruhr University Bochum)
Influencing Photo Sharing Decisions on Social Media: A Case of Paradoxical Findings
Mary Jean Amon (University of Colorado Boulder), Rakibul Hasan (Indiana University), Kurt Hugenberg (Indiana University), Bennett Bertenthal (Indiana University), Apu Kapadia (Indiana University)
Intriguing Properties of Adversarial ML Attacks in the Problem Space
Fabio Pierazzi (King's College London), Feargus Pendlebury (King's College London & Royal Holloway, University of London & The Alan Turing Institute), Jacopo Cortellazzi (King's College London), Lorenzo Cavallaro (King's College London)
Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication
Sanam Ghorbani Lyastani (CISPA Helmholtz Center for Information Security, Germany), Michael Schilling (CISPA Helmholtz Center for Information Security, Germany), Michaela Neumayr (CISPA Helmholtz Center for Information Security, Germany), Michael Backes (CISPA Helmholtz Center for Information Security, Germany), Sven Bugiel (CISPA Helmholtz Center for Information Security, Germany)
JIT Leaks: Inducing Timing Side Channels through Just-In-Time Compilation
Tegan Brennan (University of California, Santa Barbara), Nicolás Rosner (University of California, Santa Barbara), Tevfik Bultan (University of California, Santa Barbara)
KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware
Nilo Redini (University of California, Santa Barbara), Aravind Machiry (University of California, Santa Barbara), Ruoyu Wang (Arizona State University), Chad Spensky (University of California, Santa Barbara), Andrea Continella (University of California, Santa Barbara), Yan Shoshitaishvili (Arizona State University), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)
Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS
Luke Deshotels (North Carolina State University / Samsung Research America), Costin Carabaș (University POLITEHNICA of Bucharest), Jordan Beichler (North Carolina State University), Răzvan Deaconescu (University POLITEHNICA of Bucharest), William Enck (North Carolina State University)
Krace: Data Race Fuzzing for Kernel File Systems
Meng Xu (Georgia Institute of Technology), Sanidhya Kashyap (Georgia Institute of Technology), Hanqing Zhao (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology)
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection
Jo Van Bulck (imec-DistriNet, KU Leuven), Daniel Moghimi (Worchester Polytechnic Institute), Michael Schwarz (Graz University of Technology), Moritz Lipp (Graz University of Technology), Marina Minkin (University of Michigan), Daniel Genkin (University of Michigan), Yuval Yarom (University of Adalaide and Data61), Berk Sunar (Worchester Polytechnic Institute), Daniel Gruss (Graz University of Technology), Frank Piessens (imec-DistriNet, KU Leuven)
Leveraging EM Side-Channel Information to Detect Rowhammer Attacks
Zhenkai Zhang (Texas Tech University), Zihao Zhan (Vanderbilt University), Daniel Balasubramanian (Vanderbilt University), Bo Li (Univeristy of Illinios at Urbana-Champaign), Peter Volgyesi (Vanderbilt University), Xenofon Koutsoukos (Vanderbilt University)
MarkUs: Drop-in use-after-free prevention for low-level languages
Sam Ainsworth (University of Cambridge), Timothy Jones (University of Cambridge)
Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers
Brian Kondracki (Stony Brook University), Assel Aliyeva (Boston University), Manuel Egele (Boston University), Jason Polakis (University of Illinios at Chicago), Nick Nikiforakis (Stony Brook University)
Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement
Patrick Leu (ETH Zurich), Mridula Singh (ETH Zurich), Marc Roeschlin (ETH Zurich), Kenneth Paterson (ETH Zurich), Srdjan Capkun (ETH Zurich)
NetCAT: Practical Cache Attacks for the Network
Michael Kurth (Vrije Universiteit Amsterdam, The Netherlands; ETH Zurich, Switzerland), Ben Gras (Vrije Universiteit Amsterdam, The Netherlands), Dennis Andriesse (Vrije Universiteit Amsterdam, The Netherlands), Cristiano Giuffrida (Vrije Universiteit Amsterdam, The Netherlands), Herbert Bos (Vrije Universiteit Amsterdam, The Netherlands), Kaveh Razavi (Vrije Universiteit Amsterdam, The Netherlands)
Neutaint: Efficient Dynamic Taint Analysis with Neural Networks
Dongdong She (Columbia University), Yizheng Chen (Columbia University), Abhishek Shah (Columbia University), Baishakhi Ray (Columbia University), Suman Jana (Columbia University)
OAT: Attesting Operation Integrity of Embedded Devices
Zhichuang Sun (Northeastern University), Bo Feng (Northeastern University), Long Lu (Northeastern University), Somesh Jha (University of Wisconsin-Madison)
OHIE: Blockchain Scaling Made Simple
Haifeng Yu (National University of Singapore), Ivica Nikolic (National University of Singapore), Ruomu Hou (National University of Singapore), Prateek Saxena (National University of Singapore)
PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning
Wei You (Purdue University), Zhuo Zhang (Purdue University), Yonghwi Kwon (University of Virginia), Yousra Aafer (Purdue University), Fei Peng (Purdue University), Yu Shi (Purdue University), Carson Harmon (Purdue University), Xiangyu Zhang (Purdue University)
Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
Heqing Huang (The Hong Kong University of Science and Technology), Peisen Yao (The Hong Kong University of Science and Technology), Rongxin Wu (Xiamen University), Qingkai Shi (The Hong Kong University of Science and Technology), Charles Zhang (The Hong Kong University of Science and Technology)
Path Oblivious Heap: Optimal and Practical Oblivious Priority Queue
Elaine Shi (Cornell University)
Plundervolt: Software-based Fault Injection Attacks against Intel SGX
Kit Murdock (University of Birmingham), David Oswald (University of Birmingham), Flavio Garcia (University of Birmingham), Jo Van Bulck (imec-DistriNet, KU Leuven), Daniel Gruss (Graz University of Technology), Frank Piessens (imec-DistriNet, KU Leuven)
Privacy Risks of General-Purpose Language Models
Xudong Pan (Fudan University), Mi Zhang (Fudan University), Shouling Ji (Zhejiiang University / Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies), Min Yang (Fudan University)
Private Resource Allocators and Their Applications
Sebastian Angel (University of Pennsylvania), Sampath Kannan (University of Pennsylvania), Zachary Ratliff (Raytheon BBN Technologies)
Pseudorandom Black Swans: Cache Attacks on CTR_DRBG
Shaanan Cohney (University of Pennsylvania), Andrew Kwong (University of Michigan), Sharar Paz (Tel Aviv University), Daniel Genkin (University of Michigan), Nadia Heninger (University of California, San Diego), Eyal Ronen (Tel Eviv University / COSIC), Yuval Yarom (University of Adalaide / Data61)
RAMBleed: Reading Bits in Memory Without Accessing Them
Andrew Kwong (University of Michigan), Daniel Genkin (University of Michigan), Daniel Gruss (Graz University of Technology), Yuval Yarom (University of Adalaide and Data61)
Replicated State Machines Without Replicated Execution
Jonathan Lee (Microsoft Research), Kirill Nikitin (EPFL), Srinath Setty (Microsoft Research)
RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization
Sushant Dinesh (Purdue University), Nathan Burow (Purdue University), Dongyan Xu (Purdue University), Mathias Payer (EPFL)
Rigorous Engineering for Hardware Security: Formal Modelling and Proof in the CHERI Design and Implementation Process
Kyndylan Nienhuis (University of Cambridge), Alexandre Joannou (University of Cambridge), Thomas Bauereiss (University of Cambridge), Anthony Fox (ARM Limited), Michael Roe (University of Cambridge), Brian Campbell (University of Edinburgh), Matthew Naylor (University of Cambridge), Robert Norton (University of Cambridge), Simon Moore (University of Cambridge), Peter Neumann (SRI International), Ian Stark (University of Edinburgh), Robert Watson (University of Cambridge), Peter Sewell (University of Cambridge)
SAVIOR: Towards Bug-Driven Hybrid Testing
Yaohui Chen (Northeastern University), Peng Li (Baidu USA), Jun Xu (Stevens Institute of Technology), Shengjian Guo (Baidu USA), Rundong Zhou (Baidu USA), Yulong Zhang (Baidu USA), Tao Wei (Baidu USA), Long Lu (Northeastern University)
SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation
Zhe Wang (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Chenggang Wu (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Mengyao Xie (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Yinqian Zhang (The Ohio State University), Kangjie Lu (University of Minnesota), Xiaofeng Zhang (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Yuanming Lai (Institute of Computing Technology, CAS, University of Chinese Academy of Sciences), Yang Kang (Institute of Computing Technology, CAS), Min Yang (Fudan University)
SEVurity: No Security Without Integrity - Breaking Integrity-Free Memory Encryption with Minimal Assumptions
Luca Wilke (University of Lübeck), Jan Wichelmann (University of Lübeck), Mathias Morbitzer (Fraunhofer AISEC), Thomas Eisenbarth (University of Lübeck)
SPECCFI: Mitigating Spectre Attacks Using CFI Imformed Speculation
Esmaeil Mohammadian Koruyeh (University of California, Riverside), Shirin Hajl Amin Shirazi (University of California, Riverside), Khaled Khasawneh (George Mason University), Chengyu Song (University of California, Riverside), Nael Abu-Ghazaleh (University of California, Riverside)
SPIDER: Enabling Fast Patch Propagation in Related Software Repositories
Aravind Machiry (University of California, Santa Barbara), Nilo Redini (University of California, Santa Barbara), Eric Camellini (Politecnico di Milano), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)
Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products
Philipp Morgner (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Christoph Mai (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Nicole Koschate-Fischer (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Felix Freiling (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Zinaida Benenson (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU))
Semantic Understanding of Smart Contracts: Executable Operational Semantics of Solidity
Jiao Jiao (Nanyang Technological University), Shuanglong Kan (Nanyang Technological University), Shang-Wei Lin (Nanyang Technological University), David Sanán (Nanyang Technological University), Yang Liu (Nanyang Technological University), Jun Sun (Singapore Management University)
SoK: A Minimalist Approach to Formalizing Analog Sensor Security
Chen Yan (Zhejiang University), Hocheol Shin (KAIST), Connor Bolton (University of Michigan), Wenyuan Xu (Zhejiang University), Yongdae Kim (KAIST), Kevin Fu (University of Michigan)
SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap
Savino Dambra (Eurecom), Leyla Bilge (Symantec Research Labs), Davide Balzarotti (Eurecom)
SoK: Differential Privacy as a Causal Property
Michael Carl Tschantz (International Computer Science Institute), Shayak Sen (Carnegie Melon University), Anupam Datta (Carnegie Melon University)
SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems
David Cerdeira (Universidade do Minho), Nuno Santos (INESC-ID / Instituto Superior Técnico, Universidade de Lisboa), Pedro Fonseca (Purdue University), Sandro Pinto (Universidade do Minho)
Spectector: Principled Detection of Speculative Information Flows
Marco Guarnieri (IMDEA Software Institute), Boris Köpf (Microsoft Research), José Morales (IMDEA Software Institute), Jan Reineke (Saarland University), Andrés Sánchez (IMDEA Software Institute)
Sync HotStuff: Simple and Practical Synchronous State Machine Replication
Ittai Abraham (Vmware Research), Dahlia Malkhi (Calibra), Kartik Nayak (Duke University), Ling Ren (University of Illinois at Urbana-Champaign), Maofan Yin (Cornell University)
TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks
Ranjita Pai Kasturi (Georgia Institute of Technology), Yiting Sun (Georgia Institute of Technology), Ruian Duan (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Ehsan Asdar (Georgia Institute of Technology), Victor Zhu (Georgia Institute of Technology), Yonghwi Kwon (University of Virginia), Brendan Saltaformaggio (Georgia Institute of Technology)
TRRespass: Exploiting the Many Sides of Target Row Refresh
Pietro Frigo (Vrije Universiteit Amsterdam, The Netherlands), Emanuele Vannacci (Vrije Universiteit Amsterdam, The Netherlands), Hasan Hassan (ETH Zürich), Victor van der Veen (Qualcomm Technologies, Inc.), Onur Mutlu (ETH Zürich), Cristiano Giuffrida (Vrije Universiteit Amsterdam, The Netherlands), Herbert Bos (Vrije Universiteit Amsterdam, The Netherlands), Kaveh Razavi (Vrije Universiteit Amsterdam, The Netherlands)
Tactical Provenance Analysis for Endpoint Detection and Response Systems
Wajih Ul Hassan (University of Illinois at Urbana-Champaign), Adam Bates (University of Illinois at Urbana-Champaign), Daniel Marino (NortonLifeLock Research Group)
TextExerciser: Feedback-driven Text Input Exercising for Android Applications
Yuyu He (Fudan University), Lei Zhang (Fudan University), Zhemin Yang (Fudan University), Yinzhi Cao (Johns Hopkins University), Keke Lian (Fudan University), Shuai Li (Fudan University), Wei Yang (University of Texas at Dallas), Zhibo Zhang (Fudan University), Min Yang (Fudan University), Yuan Zhang (Fudan University), Haixin Duan (Fudan University)
The Last Mile: High-Assurance and High-Speed Cryptographic Implementations
José Bacelar Almeida (University of Minho / INESC TEC), Manuel Barbosa (University of Porto (FCUP) / INESC TEC), Gilles Barthe (MPI for Security and Privacy / IMDEA Software), Benjamin Grégoire (Inria), Adrien Koutsos (LSV, CNRS, ENS Paris-Saclay), Vincent Laporte (Inria), Tiago Oliveira (University of Porto (FCUP) / INESC TEC), Pierre-Yves Strub (Ecole Polytechnique)
The Many Kinds of Creepware Used for Interpersonal Attacks
Kevin Roundy (NortonLifeLock Research Group), Paula Barmaimon Mendelberg (Cornell Tech), Nicola Dell (Cornell Tech), Damon McCoy (New York University), Daniel Nissani (Cornell Tech), Thomas Ristenpart (Cornell Tech), Acar Tamersoy (NortonLifeLock Research Group)
The State of the Uniform: Attacks on Encrypted Databases Beyond the Uniform Query Distribution
Evgenios Kornaropoulos (UC Berkeley), Charalampos Papamanthou (University of Maryland), Roberto Tamassia (Brown University)
The Value of Collaboration in Convex Machine Learning with Differential Privacy
Nan Wu (Macquarie University), Farhad Farokhi (CSIRO's Data61 / The University of Melbourne), David Smith (CSIRO's Data61 / Austrailian National University), Mohamed Ali Kaafar (CSIRO's Data61 / Macquarie University)
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
Philipp Markert (Ruhr University Bochum), Daniel Bailey (Ruhr University Bochum), Maximilian Golla (Max Planck Institute for Security and Privacy), Markus Dürmuth (Ruhr University Bochum), Adam Aviv (The George Washington University)
Throwing Darts in the Dark? Detecting Bots with Limited Data using Neural Data Augmentation
Steve T.K. Jan (University of Illinios at Urbana-Champaign / Virginia Tech), Qingying Hao (University of Illinios at Urbana-Champaign), Tianrui Hu (Virginia Tech), Jiameng Pu (Virginia Tech), Sonal Oswal (Radware, Isreal), Gang Wang (University of Illinios at Urbana-Champaign), Bimal Viswanath (Virginia Tech)
Towards Effective Differential Privacy Communication for Users' Data Sharing Decision and Comprehension
Aiping Xiong (Penn State University), Tianhao Wang (Purdue University), Ninghui Li (Purdue University), Somesh Jha (University of Wisconsin-Madison)
Towards Scalable Threshold Cryptosystems
Alin Tomescu (MIT CSAIL), Robert Chen (MIT PRIMES / Lexington High School), Yiming Zheng (MIT PRIMES / Lexington High School), Ittai Abraham (VMware Research), Benny Pinkas (VMware Research / Bar Ilan University), Guy Golan Gueta (VMware Research), Srinivas Devadas (MIT CSAIL)
Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses
Sunil Manandhar (William & Mary), Kevin Moran (William & Mary), Kaushal Kafle (William & Mary), Ruhao Tang (William & Mary), Denys Poshyvanyk (William & Mary), Adwait Nadkarni (William & Mary)
Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof
Jiaheng Zhang (UC Berkeley), Tiancheng Xie (UC Berkeley), Yupeng Zhang (Texas A&M University), Dawn Song (UC Berkeley)
Transys: Leveraging Common Security Properties Across Hardware Designs
Rui Zhang (University of North Carolina at Chapel Hill), Cynthia Sturton (University of North Carolina at Chapel Hill)
Unexpected Data Dependency Creation and Chaining: A New Attack to SDN
Feng Xiao (The Pennsylvania State University), Jinquan Zhang (The Pennsylvania State University), Jianwei Huang (Texas A&M University), Guofei Gu (Texas A&M University), Dinghao Wu (The Pennsylvania State University), Peng Liu (The Pennsylvania State University)
VerX: Safety Verification of Smart Contracts
Anton Permenev (ChainSecurity), Dimitar Dimitrov (ETH Zurich), Petar Tsankov (ChainSecurity), Dana Drachsler-Cohen (ETH Zurich), Martin Vechev (ETH Zurich)
VeriSmart: A Highly Precise Safety Verifier for Ethereum Smart Contracts
Sunbeom So (Korea University), Myungho Lee (Korea University), Jisu Park (Korea University), Heejo Lee (Korea University), Hakjoo Oh (Korea University)
WaveSpy: Remote and Through-wall Screen Attack via mmWave Sensing
Zhengxiong Li (University of Buffalo, SUNY), Fenglong Ma (University of Buffalo, SUNY), Aditya Singh Rathore (University of Buffalo, SUNY), Zhuolin Yang (University of Buffalo, SUNY), Baicheng Chen (University of Buffalo, SUNY), Lu Su (University of Buffalo, SUNY), Wenyao Xu (University of Buffalo, SUNY)
ZEXE: Enabling Decentralized Private Computation
Sean Bowe (Zcash), Alessandro Chiesa (University of California, Berkeley), Matthew Green (Johns Hopkins University), Ian Miers (Cornell Tech), Pratyush Mishra (University of California, Berkeley), Howard Wu (University of California, Berkeley)
_ I Know Where You Parked Last Summer _ Automated Reverse Engineering and Privacy Analysis of Modern Cars
Daniel Frassinelli (CISPA Helmholtz Center for Information Security, Saarland Informatics Campus, Germany), Sohyeon Park (CISPA Helmholtz Center for Information Security, Saarland Informatics Campus, Germany), Stefan Nürnberger (CISPA Helmholtz Center for Information Security, Saarland Informatics Campus, Germany)
xMP: Selective Memory Protection for Kernel and User Space
Sergej Proskurin (Technical University of Munich), Marius Momeu (Technical University of Munich), Seyedhamed Ghavamnia (Stony Brook University), Vasileios Kemerlis (Brown University), Michalis Polychronakis (Stony Brook University)