MAY 24-27, 2021

42nd IEEE Symposium on
Security and Privacy

   Registration and Access

Accepted Papers

A Decentralized and Encrypted National Gun Registry
Seny Kamara (Brown University), Tarik Moataz (Aroki Systems), Andrew Park (Brown University), Lucy Qin (Brown University)
A First Look at Zoombombing
Chen Ling (Boston University), Utkucan Balcı (Binghamton University), Jeremy Blackburn (Binghamton University), Gianluca Stringhini (Boston University)
A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
Jiaqi Hong (Singapore Management University), Xuhua Ding (Singapore Management University)
A Secure and Formally Verified Linux KVM Hypervisor
Shih-Wei Li (Columbia University), Xupeng Li (Columbia University), John Hui (Columbia University), Jason Nieh (Columbia University), Ronghui Gu (Columbia University)
A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer
Antoine Delignat-Lavaud (Microsoft Research), Cedric Fournet (Microsoft Research), Bryan Parno (Carnegie Mellon University), Jonathan Protzenko (Microsoft Research), Tahina Ramananandro (Microsoft Research), Jay Bosamiya (Carnegie Mellon University), Joseph Lallemand (Loria, Inria Nancy Grand Est), Itsaka Rakotonirina (Loria, Inria Nancy Grand Est), Yi Zhou (Carnegie Mellon University), Joseph Lallemand (ETH Zürich)
A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs
Erkan Tairi (TU Wien), Pedro Moreno-Sanchez (IMDEA Software Institute), Matteo Maffei (TU Wien)
ARBITRAR : User-Guided API Misuse Detection
Ziyang Li (University of Pennsylvania), Aravind Machiry (Purdue University), Binghong Chen (Georgia Institute of Technology), Ke Wang (Visa Research), Mayur Naik (University of Pennsylvania), Le Song (Georgia Institute of Technology)
Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
Sahar Abdelnabi (CISPA Helmholtz Center for Information Security), Mario Fritz (CISPA Helmholtz Center for Information Security)
Adversary Instantiation: Lower bounds for differentially private machine learning
Milad Nasr (University of Massachusetts Amherst), Shuang Song (Google), Abhradeep Guha Thakurta (Google), Nicolas Papernot (Google), Nicholas Carlini (Google)
An I/O Separation Model for Formal Verification of Kernel Implementations
Miao Yu (Carnegie Mellon University), Virgil Gligor (Carnegie Mellon University), Limin Jia (Carnegie Mellon University)
An Interactive Prover for Protocol Verification in the Computational Model
David Baelde (LSV, CNRS, ENS Paris-Saclay, Université Paris-Saclay), Stéphanie Delaune (Univ Rennes, CNRS, IRISA), Charlie Jacomme (CISPA Helmholtz Center for Information Security), Adrien Koutsos (INRIA Paris), Solene Moreau (Univ Rennes, CNRS, IRISA), Charlie Jacomme (LSV & CNRS & ENS Paris-Saclay & INRIA & Université Paris-Saclay, Paris, France)
Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings
Rui Li (Shandong University), Wenrui Diao (Shandong University), Zhou Li (University of California, Irvine), Jianqi Du (Shandong University), Shanqing Guo (Shandong University)
BUFFing signature schemes beyond unforgeability and the case of post-quantum signatures
Cas Cremers (CISPA Helmholtz Center for Information Security), Samed Düzlü (TU Darmstadt), Rune Fiedler (TU Darmstadt), Marc Fischlin (TU Darmstadt), Christian Janson (TU Darmstadt)
Bitcoin-Compatible Virtual Channels
Lukas Aumayr (Technische Universität Wien), Oguzhan Ersoy (Delft University of Technology), Andreas Erwig (Technische Universität Darmstadt), Sebastian Faust (Technische Universität Darmstadt), Kristina Hostáková (ETH Zürich), Matteo Maffei (Technische Universität Wien), Pedro Moreno-Sanchez (Technische Universität Wien), Siavash Riahi (Technische Universität Darmstadt)
Black Widow: Blackbox Data-driven Web Scanning
Benjamin Eriksson (Chalmers University of Technology), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security), Andrei Sabelfeld (Chalmers University of Technology)
Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time
Timothy Trippel (University of Michigan), Kang G. Shin (University of Michigan), Kevin B. Bush (MIT Lincoln Laboratory), Matthew Hicks (Virginia Tech)
Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis
Yi Chen (Indiana University Bloomington), Yepeng Yao (Institute of Information Engineering, CAS), XiaoFeng Wang (Indiana University Bloomington), Dandan Xu (Institute of Information Engineering, CAS), Xiaozhong Liu (Indiana University Bloomington), Chang Yue (Institute of Information Engineering, CAS), Kai Chen (Institute of Information Engineering, CAS), Haixu Tang (Indiana University Bloomington), Baoxu Liu (Institute of Information Engineering, CAS)
Breaking the Specification: PDF Certification
Simon Rohlmann (Ruhr University Bochum), Vladislav Mladenov (Ruhr University Bochum), Christian Mainka (Ruhr University Bochum), Jörg Schwenk (Ruhr University Bochum)
CANnon: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers
Sekar Kulandaivel (Carnegie Mellon University), Shalabh Jain (Research and Technology Center, Robert Bosch LLC, USA), Jorge Guajardo (Research and Technology Center, Robert Bosch LLC, USA), Vyas Sekar (Carnegie Mellon University)
CRYLOGGER: Detecting Crypto Misuses Dynamically
Luca Piccolboni (Columbia University), Giuseppe Di Guglielmo (Columbia University), Luca P. Carloni (Columbia University), Simha Sethumadhavan (Columbia University)
CacheOut: Leaking Data on Intel CPUs via Cache Evictions
Stephan van Schaik (University of Michigan), Marina Minkin (University of Michigan), Andrew Kwong (University of Michigan), Daniel Genkin (University of Michigan), Yuval Yarom (University of Adelaide and Data61)
CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability
Sai Krishna Deepak Maram (Cornell Tech), Fan Zhang (Cornell Tech), Harjasleen Malvai (Cornell), Ari Juels (Cornell Tech), Alexander Frolov (Cornell), Nerla Jean-Louis (University of Illinois at Urbana-Champaign), Andrew Miller (University of Illinois at Urbana-Champaign), Tyler Kell (Cornell Tech)
Co-Inflow: Coarse-Grained Information Flow Control for Java-like Languages
Jian Xiang (Harvard University), Stephen Chong (Harvard University)
Compact Certificates of Collective Knowledge
Silvio Micali (Algorand and MIT), Leonid Reyzin (Algorand and Boston University), Georgios Vlachos (), Riad S. Wahby (Algorand and Stanford), Nickolai Zeldovich (Algorand and MIT)
Compositional Non-Interference for Fine-Grained Concurrent Programs
Dan Frumin (Radboud University), Robbert Krebbers (TU Delft), Lars Birkedal (Aarhus University)
Compositional Security for Reentrant Applications
Ethan Cecchetti (Cornell University), Siqiu Yao (Cornell University), Haobin Ni (Cornell University), Andrew C. Myers (Cornell University)
ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis
Xueling Zhang (University of Texas at San Antonio), Xiaoyin Wang (University of Texas at San Antonio), Rocky Slavin (University of Texas at San Antonio), Jianwei Niu (University of Texas at San Antonio)
CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing
Penghui Zhang (Arizona State University), Adam Oest (Arizona State University), Haehyun Cho (Arizona State University), Zhibo Sun (Arizona State University), RC Johnson (PayPal), Brad Wardman (PayPal), Shaown Sarker (North Carolina State University), Alexandros Kapravelos (North Carolina State University), Tiffany Bao (Arizona State University), Ruoyu Wang (Arizona State University), Yan Shoshitaishvili (Arizona State University), Adam Doupé (Arizona State University), Gail-Joon Ahn (Arizona State University and Samsung Research)
Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)
Amit Klein (Bar Ilan University)
Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient
Xiuhua Wang (The Chinese University of Hong Kong), Sherman S. M. Chow (The Chinese University of Hong Kong)
CrossTalk: Speculative Data Leaks Across Cores Are Real
Hany Ragab (Vrije Universiteit Amsterdam), Alyssa Milburn (Vrije Universiteit Amsterdam), Kaveh Razavi (Vrije Universiteit Amsterdam), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam), Kaveh Razavi (ETH Zurich)
CryptGPU: Fast Privacy-Preserving Machine Learning on the GPU
Sijun Tan (University of Virginia), Brian Knott (Facebook AI Research), Yuan Tian (University of Virginia), David J. Wu (University of Virginia)
DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices
Nilo Redini (UC Santa Barbara), Andrea Continella (University of Twente), Dipanjan Das (UC Santa Barbara), Giulio De Pasquale (UC Santa Barbara), Noah Spahn (UC Santa Barbara), Aravind Machiry (UC Santa Barbara), Antonio Bianchi (Purdue University), Christopher Kruegel (UC Santa Barbara), Giovanni Vigna (UC Santa Barbara)
DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis
Alejandro Mera (Northeastern University), Bo Feng (Northeastern University), Long Lu (Northeastern University), Engin Kirda (Northeastern University)
DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs
Jaewon Hur (Seoul National University), Suhwan Song (Seoul National University), Dongup Kwon (Seoul National University), Eunjin Baek (Seoul National University), Jangwoo Kim (Seoul National University), Byoungyoung Lee (Seoul National University)
DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers
Benjamin Bichsel (ETH Zurich), Samuel Steffen (ETH Zurich), Ilija Bogunovic (ETH Zurich), Martin Vechev (ETH Zurich)
Data Privacy in Trigger-Action Systems
Yunang Chen (University of Wisconsin-Madison), Amrita Roy Chowdhury (University of Wisconsin-Madison), Ruizhe Wang (University of Wisconsin-Madison), Andrei Sabelfeld (Chalmers University of Technology), Rahul Chatterjee (University of Wisconsin-Madison), Earlence Fernandes (University of Wisconsin-Madison)
Defensive Technology Use by Political Activists During the Sudanese Revolution
Alaa Daffalla (University of Kansas), Lucy Simko (University of Washington), Tadayoshi Kohno (University of Washington), Alexandru G. Bardas (University of Kansas)
Detecting AI Trojans Using Meta Neural Analysis
Xiaojun Xu (University of Illinois at Urbana-Champaign), Qi Wang (University of Illinois at Urbana-Champaign), Huichen Li (University of Illinois at Urbana-Champaign), Nikita Borisov (University of Illinois at Urbana-Champaign), Carl A. Gunter (University of Illinois at Urbana-Champaign), Bo Li (University of Illinois at Urbana-Champaign)
Detecting Filter List Evasion with Event-Loop-Turn Granularity JavaScript Signatures
Quan Chen (North Carolina State University), Peter Snyder (Brave Software), Ben Livshits (Brave Software), Alexandros Kapravelos (North Carolina State University)
Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting
Thomas Haines (Norwegian University of Science and Technology), Rajeev Gore (Australian National University), Bhavesh Sharma (Australian National University), Thomas Haines (Norwegian University of Science and Technology)
Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority
Carmit Hazay (Bar-Ilan University), Megan Chen (Northeastern U.), Yuval Ishai (Technion), Yuriy Kashnikov (Ligero Inc.), Daniele Micciancio (UC San Diego), Tarik Riviere (Ligero Inc.), abhi shelat (Northeastern U.), Ruihan Wang (Ligero Inc.), Muthu Venkitasubramaniam (U. of Rochester)
Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments
Zainul Abi Din (UC Davis), Hari Venugopalan (UC Davis), Henry Lin (Bouncer Technologies), Adam Wushensky (Bouncer Technologies), Steven Liu (Bouncer Technologies), Samuel T. King (UC Davis and Bouncer Technologies)
DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection
Tapti Palit (Stony Brook University), Jarin Firose Moon (Stony Brook University), Fabian Monrose (University of North Carolina, Chapel Hill), Michalis Polychronakis (Stony Brook University)
Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma
Joachim Neu (Stanford University), Ertem Nusret Tas (Stanford University), David Tse (Stanford University)
Electromagnetic Covert Channels Can Be Super Resilient
Cheng Shen (Peking University), Tian Liu (Peking University), Jun Huang (MIT), Rui Tan (Nanyang Technological University)
Epochal Signatures for Deniable Group Chats
Florian Weber (TU Eindhoven), Andreas Hülsing (TU Eindhoven)
Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors
Umar Iqbal (The University of Iowa), Steven Englehardt (Mozilla Corporation ), Zubair Shafiq (University of California, Davis)
Good Bot, Bad Bot: Characterizing Automated Browsing Activity
Xigao Li (Stony Brook University), Babak Amin Azad (Stony Brook University), Amir Rahmati (Stony Brook University), Nick Nikiforakis (Stony Brook University)
HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises
Daniel Votipka (Tufts University), Eric Zhang (University of Maryland), Michelle Mazurek (University of Maryland)
Happer: Unpacking Android Apps via a Hardware-Assisted Approach
Lei Xue (The Hong Kong Polytechnic University), Hao Zhou (The Hong Kong Polytechnic University), Xiapu Luo (The Hong Kong Polytechnic University), Yajin Zhou (Zhejiang University), Yang Shi (Tongji University), Guofei Gu (Texas A&M University), Fengwei Zhang (Southern University of Science and Technology (SUSTech)), Man Ho Au (The University of Hong Kong)
Hardware-Software Contracts for Secure Speculation
Marco Guarnieri (IMDEA Software Institute), Boris Köpf (Microsoft Research), Jan Reineke (Saarland University), Pepe Vila (IMDEA Software Institute)
Hear "No Evil", See "Kenansville": Efficient and Transferable Black-Box Attacks on Speech Recognition and Voice Identification Systems
Hadi Abdullah (University of Florida), Muhammad Sajidur Rahman (University of Florida), Washington Garcia (University of Florida), Kevin Warren (University of Florida), Anurag Swarnim Yadav (University of Florida), Tom Shrimpton (University of Florida), Patrick Traynor (University of Florida)
High-Assurance Cryptography in the Spectre Era
Gilles Barthe (Max Planck Institute for Security and Privacy and IMDEA Software Institute), Sunjay Cauligi (University of California San Diego), Benjamin Gregoire (INRIA Sophia Antipolis), Adrien Koutsos (Inria Paris, Max Planck Institute for Security and Privacy), Kevin Liao (Max Planck Institute for Security and Privacy and Massachusetts Institute of Technology), Tiago Oliveira (University of Porto (FCUP) and INESC TEC), Swarn Priya (Purdue University), Tamara Rezk (INRIA Sophia Antipolis), Peter Schwabe (Max Planck Institute for Security and Privacy)
High-Frequency Trading on Decentralized On-Chain Exchanges
Liyi Zhou (Imperial College London), Kaihua Qin (Imperial College London), Christof Ferreira Torres (University of Luxembourg), Duc V Le (Purdue University), Arthur Gervais (Imperial College London)
How Did That Get In My Phone? Unwanted App Distribution on Android Devices
Platon Kotzias (NortonLifelock Research Group), Juan Caballero (IMDEA Software Institute), Leyla Bilge (NortonLifelock Research Group)
Improving Password Guessing via Representation Learning
Dario Pasquini (Sapienza University of Rome; Stevens Institute of Technology; Institute of Applied Computing CNR), Ankit Gangwal (University of Padua; Stevens Institute of Technology), Giuseppe Ateniese (Stevens Institute of Technology), Massimo Bernaschi (Institute of Applied Computing CNR), Mauro Conti (University of Padua)
Invisible Probe: Timing Attacks with PCIe Congestion Side-channel
Mingtian Tan (Fudan University), Junpeng Wan (Fudan University), Zhe Zhou (Fudan University), Zhou Li (University of California, Irvine)
Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks
Yulong Cao* (University of Michigan), Ningfei Wang* (University of California, Irvine), Chaowei Xiao* (NVIDIA Research and Arizona State University), Dawei Yang* (University of Michigan), Jin Fang (Baidu Research and National Engineering Laboratory of Deep Learning Technology and Application, China), Ruigang Yang (Inceptio), Qi Alfred Chen (University of California, Irvine), Mingyan Liu (University of Michigan), Bo Li (University of Illinois at Urbana-Champaign), (*co-first authors)
Is Private Learning Possible with Instance Encoding?
Nicholas Carlini (Google), Samuel Deng (Columbia), Sanjam Garg (UC Berkeley), Somesh Jha (UW-Madison), Saeed Mahloujifar (Princeton), Mohammad Mahmoody (University of Virginia), Abhradeep Thakurta (Google), Florian Tramer (Stanford University)
Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships
Iskander Sanchez-Rola (NortonLifeLock Research Group), Matteo Dell'Amico (NortonLifeLock Research Group), Davide Balzarotti (EURECOM), Pierre-Antoine Vervier (NortonLifeLock Research Group), Leyla Bilge (NortonLifeLock Research Group), Iskander ()
Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement
Joel Alwen (Wickr Inc.), Margarita Capretto (Universidad Nacional de Rosario), Miguel Cueto (ENS Lyon), Chethan Kamath (Northeastern University), Karen Klein (IST Austria), Ilia Markov (IST Austria), Guillermo Pascual-Perez (IST Austria), Krzysztof Pietrzak (IST Austria), Michael Walter (IST Austria), Michelle Yeo (IST Austria)
Learning Differentially Private Mechanisms
Subhajit Roy (IIT Kanpur), Justin Hsu (University of Wisconsin--Madison), Aws Albarghouthi (University of Wisconsin--Madison)
Lightweight Techniques for Private Heavy Hitters
Dan Boneh (Stanford), Elette Boyle (IDC Herzliya), Henry Corrigan-Gibbs (MIT CSAIL), Niv Gilboa (Ben-Gurion University), Yuval Ishai (Technion)
Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols
Norbert Ludant (Northeastern University), Tien D. Vo-Huu (Northeastern University), Sashank Narain (University of Massachusetts Lowell), Guevara Noubir (Northeastern University)
Lockable Signatures for Blockchains: Scriptless Scripts for all Signatures
Sri AravindaKrishnan Thyagarajan (Friedrich Alexander Universität Erlangen-Nürnberg), Giulio Malavolta (Max Planck Institute for Security and Privacy)
MAD-HTLC: Because HTLC is Crazy-Cheap to Attack
Itay Tsabary (Technion), Matan Yechieli (Technion), Alex Manuskin (ZenGo), Ittay Eyal (Technion, VMware)
Machine Unlearning
Lucas Bourtoule (University of Toronto; Vector Institute), Varun Chandrasekaran (University of Wisconsin-Madison), Christopher A. Choquette-Choo (University of Toronto; Vector Institute), Hengrui Jia (University of Toronto; Vector Institute), Adelin Travers (University of Toronto; Vector Institute), Baiwu Zhang (University of Toronto; Vector Institute), David Lie (University of Toronto), Nicolas Papernot (University of Toronto; Vector Institute)
Manipulation Attacks in Local Differential Privacy
Albert Cheu (Northeastern University), Adam Smith (Boston University), Jonathan Ullman (Northeastern University)
Many-out-of-Many Proofs and Applications to Anonymous Zether
Benjamin E. Diamond (J.P. Morgan)
Merkle^2: A Low-Latency Transparency Log System
Yuncong Hu (UC Berkeley), Kian Hooshmand (UC Berkeley), Rajeswari Harika Kalidhindi (UC Berkeley), Seung Jin Yang (UC Berkeley), Raluca Popa (UC Berkeley)
Method Confusion Attack on Bluetooth Pairing
Maximilian von Tschirschnitz (Technical University Munich), Ludwig Peuckert (Technical University Munich), Fabian Franzen (Technical University Munich), Jens Grossklags (Technical University Munich)
NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis
Jaeseung Choi (KAIST), Kangsu Kim (KAIST), Daejin Lee (KAIST), Sang Kil Cha (KAIST)
OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary
Zhuo Zhang (Purdue University), Yapeng Ye (Purdue University), Wei You (Renmin University of China), Guanhong Tao (Purdue University), Wen-chuan Lee (Purdue University), Yonghwi Kwon (University of Virginia), Yousra Aafer (University of Waterloo), Xiangyu Zhang (Purdue University)
On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols
Varun Madathil (North Carolina State University), Alessandra Scafuro (North Carolina State University), Kartik Nayak (Duke University), Markulf Kohlweiss (University of Edinburgh)
On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols
Liyi Zhou (Imperial College London), Kaihua Qin (Imperial College London), Antoine Cully (Imperial College London), Benjamin Livshits (Imperial College London), Arthur Gervais (Imperial College London)
One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation
Yongheng Chen (Georgia Institute of Technology), Rui Zhong (Pennsylvania State University), Hong Hu (Pennsylvania State University), Hangfan Zhang (Pennsylvania State University), Yupeng Yang (University of Electronic Science and Technology of China), Dinghao Wu (Pennsylvania State University), Wenke Lee (Georgia Institute of Technology)
PLATYPUS: Software-based Power Side-Channel Attacks on x86
Moritz Lipp (Graz University of Technology), Andreas Kogler (Graz University of Technology), David Oswald (The University of Birmingham, UK), Michael Schwarz (CISPA Helmholtz Center for Information Security), Catherine Easdon (Graz University of Technology), Claudio Canella (Graz University of Technology), Daniel Gruss (Graz University of Technology), Catherine Easdon (Graz University of Technology)
Pegasus: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption
Wen-jie Lu (Alibaba Group), Zhicong Huang (Alibaba Group), Cheng Hong (Alibaba Group), Yiping Ma (University of Pennsylvania), Fuping Qu (Alibaba Group)
Poltergeist: Acoustic Adversarial Machine Learning against Cameras and Computer Vision
Xiaoyu Ji (Zhejiang University), Yushi Cheng (Zhejiang University), Yuepeng Zhang (Zhejiang University), Kai Wang (Zhejiang University), Chen Yan (Zhejiang University), Kevin Fu (University of Michigan), Wenyuan Xu (Zhejiang University)
Post-Quantum WireGuard
Andreas Hülsing (Eindhoven University of Technology, NL), Kai-Chun Ning (KPN B.V., NL), Peter Schwabe (Radboud University, NL), Florian Weber (Eindhoven University of Technology, NL), Philip R. Zimmermann (Delft University of Technology & KPN B.V., NL)
Proactive Threshold Wallets with Offline Devices
Yashvanth Kondi (Northeastern University), Bernardo Magri (Aarhus University), Claudio Orlandi (Aarhus University), Omer Shlomovits (ZenGo X)
Proof-of-Learning: Definitions and Practice
Hengrui Jia (University of Toronto and Vector Institute), Mohammad Yaghini (University of Toronto and Vector Institute), Christopher A. Choquette-Choo (University of Toronto and Vector Institute), Natalie Dullerud (University of Toronto and Vector Institute), Anvith Thudi (University of Toronto and Vector Institute), Varun Chandrasekaran (University of Wisconsin-Madison), Nicolas Papernot (University of Toronto and Vector Institute)
Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It
Wei Song (State Key Laboratory of Information Security, Institute of Information Engineering, CAS), Boya Li (State Key Laboratory of Information Security, Institute of Information Engineering, CAS), Zihan Xue (State Key Laboratory of Information Security, Institute of Information Engineering, CAS), Zhenzhen Li (State Key Laboratory of Information Security, Institute of Information Engineering, CAS), Wenhao Wang (State Key Laboratory of Information Security, Institute of Information Engineering, CAS), Peng Liu (The Pennsylvania State University)
Reading between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems
Gertjan Franken (imec-DistriNet, KU Leuven), Tom Van Goethem (imec-DistriNet, KU Leuven), Wouter Joosen (imec-DistriNet, KU Leuven)
Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.
Thilo Krachenfels (Technische Universität Berlin), Amir Moradi (Ruhr-Uni­ver­si­tät Bo­chum), Jean-Pierre Seifert (Technische Universität Berlin), Fatemeh Ganji (Worcester Polytechnic Institute), Shahin Tajik (Worcester Polytechnic Institute)
Red Belly: A Secure, Fair and Scalable Open Blockchain
Tyler Crain (University of Sydney), Christopher Natoli (University of Sydney), Vincent Gramoli (University of Sydney and EPFL)
Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks
Evgenios Kornaropoulos (UC Berkeley), Charalampos Papamanthou (University of Maryland), Roberto Tamassia (Brown University)
Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities
Yinxi Liu (The Chinese University of Hong Kong), Mingxue Zhang (The Chinese University of Hong Kong), Wei Meng (The Chinese University of Hong Kong)
Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks
Zhihao Bai (Johns Hopkins University), Ke Wang (Peking University), Hang Zhu (Johns Hopkins University), Yinzhi Cao (Johns Hopkins University), Xin Jin (Peking University)
SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically
Tai D. Nguyen (Singapore Management University), Long H. Pham (Singapore Management University), Jun Sun (Singapore Management University)
SIRNN: A Math Library for Secure RNN Inference
Deevashwer Rathee (Microsoft), Mayank Rathee (Microsoft), Rahul Kranti Kiran Goli (Microsoft), Divya Gupta (Microsoft), Rahul Sharma (Microsoft), Nishanth Chandran (Microsoft), Aseem Rastogi (Microsoft)
STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
Zhuo Zhang (Purdue University), Wei You (Renmin University of China), Guanhong Tao (Purdue University), Yousra Aafer (University of Waterloo), Xuwei Liu (Purdue University), Xiangyu Zhang (Purdue University)
Self-Supervised Euphemism Detection and Identification for Content Moderation
Wanzheng Zhu (University of Illinois, at Urbana-Champaign), Hongyu Gong (Facebook), Rohan Bansal (Carnegie Mellon University), Zachary Weinberg (University of Massachusetts, Amherst), Nicolas Christin (Carnegie Mellon University), Giulia Fanti (Carnegie Mellon University), Suma Bhat (University of Illinois, at Urbana-Champaign)
SmartPulse: Automated Checking of Temporal Properties in Smart Contracts
Jon Stephens (The University of Texas at Austin), Kostas Ferles (The University of Texas at Austin), Benjamin Mariano (The University of Texas at Austin), Shuvendu Lahiri (Microsoft Research), Isil Dillig (The University of Texas at Austin)
SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly but Were Afraid to Ask
Chengbin Pang (Stevens Institute of Technology; Nanjing University), Ruotong Yu (Stevens Institute of Technology), Yaohui Chen (Facebook Inc.), Eric Koskinen (Stevens Institute of Technology), Georgios Portokalidis (Stevens Institute of Technology), Bing Mao (Nanjing University), Jun Xu (Stevens Institute of Technology)
SoK: Computer-Aided Cryptography
Manuel Barbosa (University of Porto and INESC TEC), Gilles Barthe (Max Planck Institute for Security and Privacy; IMDEA Software Institute), Karthik Bhargavan (INRIA Paris), Bruno Blanchet (INRIA Paris), Cas Cremers (CISPA Helmholtz Center for Information Security), Kevin Liao (Max Planck Institute for Security and Privacy; Massachusetts Institute of Technology), Bryan Parno (Carnegie Mellon University)
SoK: Fully Homomorphic Encryption Compilers
Alexander Viand (ETH Zurich), Patrick Jattke (ETH Zurich), Anwar Hithnawi (ETH Zurich)
SoK: Hate, Harassment, and the Changing Landscape of Online Abuse
Kurt Thomas (Google), Deepak Kumar (University of Illinois, Urbana-Champaign), Michael Bailey (University of Illinois, Urbana-Champaign), Sarah Meiklejohn (University College London), Thomas Ristenpart (Cornell Tech), Devdatta Akhawe (Independent Researcher), Dan Boneh (Stanford), Zakir Durumeric (Stanford), Damon McCoy (New York University), Gianluca Stringhini (Boston University), Sunny Consolvo (Google), Patrick Gage Kelley (Google), Elie Bursztein (Google), Nicki Dell (Cornell)
SoK: Quantifying Cyber Risk
Daniel W Woods (University of Innsbruck), Rainer Böhme (University of Innsbruck)
SoK: Security and Privacy in the Age of Commercial Drones
Ben Nassi (Ben-Gurion University of the Negev), Ron Bitton (Ben-Gurion University of the Negev), Ryusuke Masuoka (Fujitsu System Integration Laboratories), Asaf Shabtai (Ben-Gurion University of the Negev), Yuval Elovici (Ben-Gurion University of the Negev)
SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems
Hadi Abdullah (University of Florida), Kevin Warren (University of Florida), Vincent Bindschaedler (University of Florida), Nicolas Papernot (University of Toronto), Patrick Traynor (University of Florida)
Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land
Frederick Barr-Smith (Oxford University), Xabier Ugarte-Pedrero (Cisco Systems), Mariano Graziano (Cisco Systems), Riccardo Spolaor (Oxford University), Ivan Martinovic (Oxford University)
Systematic Analysis of Randomization-Based Protected Cache Architectures
Antoon Purnal (imec-COSIC, KU Leuven), Lukas Giner (Graz University of Technology), Daniel Gruss (Graz University of Technology), Ingrid Verbauwhede (imec-COSIC, KU Leuven)
The EMV Standard: Break, Fix, Verify
David Basin (Department of Computer Science, ETH Zurich), Ralf Sasse (Department of Computer Science, ETH Zurich), Jorge Toro-Pozo (Department of Computer Science, ETH Zurich)
The Provable Security of Ed25519: Theory and Practice
Jacqueline Brendel (CISPA), Cas Cremers (CISPA), Dennis Jackson (ETH Zurich), Mang Zhao (CISPA - Helmholtz Center for Information Security)
They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites
Nicolas Huaman (Leibniz University Hannover), Sabrina Amft (Leibniz University Hannover), Marten Oltrogge (CISPA Helmholtz Center for Information Security), Yasemin Acar (Leibniz University Hannover and Max Planck Institute for Security and Privacy (MPI-SP)), Sascha Fahl (Leibniz University Hannover)
Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem
Eduardo Blázquez (Universidad Carlos III de Madrid), Sergio Pastrana (Universidad Carlos III de Madrid), Álvaro Feal (IMDEA Networks Institute / Universidad Carlos III de Madrid), Julien Gamba (IMDEA Networks Institute / Universidad Carlos III de Madrid), Platon Kotzias (NortonLifelock Research Group), Narseo Vallina-Rodriguez (IMDEA Networks Institute / ICSI / AppCensus Inc.), Juan Tapiador (Universidad Carlos III de Madrid)
Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization
Andrea Possemato (IDEMIA/Eurecom), Simone Aonzo (Eurecom), Davide Balzarotti (Eurecom), Yanick Fratantonio (Eurecom)
Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)
James Davis (Virginia Tech / Purdue University), Francisco Servant (Virginia Tech), Dongyoon Lee (Stony Brook University)
When Function Signature Recovery Meets Compiler Optimization
Yan Lin (Singapore Management University), Debin Gao (Singapore Management University)
Which Privacy and Security Attributes Most Impact Consumers‚ Risk Perception and Willingness to Purchase IoT Devices?
Pardis Emami-Naeini (University of Washington), Janarth Dheenadhayalan (Carnegie Mellon University), Yuvraj Agarwal (Carnegie Mellon University), Lorrie Faith Cranor (Carnegie Mellon University)
Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems
Guangke Chen (ShanghaiTech University; Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences; University of Chinese Academy of Sciences), Sen Chen (Tianjin University; Nanyang Technological University), Lingling Fan (Nanyang Technological University), Xiaoning Du (Nanyang Technological University), Zhe Zhao (ShanghaiTech University), Fu Song (ShanghaiTech University; Shanghai Engineering Research Center of Intelligent Vision and Imaging), Yang Liu (Nanyang Technological University)
Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits
Chenkai Weng (Northwestern University), Kang Yang (State Key Laboratory of Cryptology), Jonathan Katz (University of Maryland), Xiao Wang (Northwestern University)
Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs
David Heath (Georgia Institute of Technology), Yibin Yang (Georgia Institute of Technology), David Devecsery (Georgia Institute of Technology), Vladimir Kolesnikov (Georgia Institute of Technology)