Collection of Security Papers

ACM CCS 2019

Collection of Security Papers

All
IEEE S&P
IEEE S&P
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ACM CCS
ACM CCS
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
USENIX Sec
USENIX Sec
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
NDSS
NDSS
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ICSE
ICSE
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015-1
- 2015-2
ISSTA
ISSTA
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015

ACM CCS 2019

207 papers accepted.

Updated on 2023-09-08.

You can find the lastest information here.

1 Trillion Dollar Refund: How To Spoof PDF Signatures.

Practical Decryption exFiltration: Breaking PDF Encryption.

Omniring: Scaling Private Payments Without Trusted Setup.

WI Is Not Enough: Zero-Knowledge Contingent (Service) Payments Revisited.

A Machine-Checked Proof of Security for AWS Key Management Service.

Mitigating Leakage in Secure Cloud-Hosted Data Structures: Volume-Hiding for Multi-Maps via Hashing.

The Next 700 Policy Miners: A Universal Method for Building Policy Miners.

Towards Continuous Access Control Validation and Forensics.

Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices.

Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing.

Page Cache Attacks.

Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone.

VoltJockey: Breaching TrustZone by Software-Controlled Voltage Manipulation over Multi-core Frequencies.

Principled Unearthing of TCP Side Channel Vulnerabilities.

Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment.

Privacy Risks of Securing Machine Learning Models against Adversarial Examples.

MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples.

Procedural Noise Adversarial Examples for Black-Box Attacks on Deep Convolutional Networks.

Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation.

Endemic Oblivious Transfer.

LevioSA: Lightweight Secure Arithmetic Computation.

Onion Ring ORAM: Efficient Constant Bandwidth Oblivious RAM from (Leveled) TFHE.

Encrypted Databases: New Volume Attacks against Range Queries.

Updatable Oblivious Key Management for Storage Systems.

Efficient Multi-Key Homomorphic Encryption with Packed Ciphertexts with Application to Oblivious Neural Network Inference.

Traceback for End-to-End Encrypted Messaging.

SICO: Surgical Interception Attacks by Manipulating BGP Communities.

Just the Tip of the Iceberg: Internet-Scale Exploitation of Routers for Cryptojacking.

Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet.

Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations.

Matryoshka: Fuzzing Deeply Nested Branches.

Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing.

Learning to Fuzz from Symbolic Execution with Application to Smart Contracts.

HyperService: Interoperability and Programmability Across Heterogeneous Blockchains.

MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol.

Prism: Deconstructing the Blockchain to Approach Physical Limits.

Securely Sampling Biased Coins with Applications to Differential Privacy.

Stormy: Statistics in Tor by Measuring Securely.

Efficient Publicly Verifiable 2PC over a Blockchain with Applications to Financially-Secure Computations.

A Formal Treatment of Deterministic Wallets.

5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol.

Verified Verifiers for Verifying Elections.

Analyzing Subgraph Statistics from Extended Local Views with Decentralized Differential Privacy.

How to Accurately and Privately Identify Anomalies.

Differentially Private Nonparametric Hypothesis Testing.

ZombieLoad: Cross-Privilege-Boundary Data Sampling.

Fallout: Leaking Data on Meltdown-resistant CPUs.

SMoTherSpectre: Exploiting Speculative Execution through Port Contention.

Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks.

Erlay: Efficient Transaction Relay for Bitcoin.

Power Adjusting and Bribery Racing: Novel Mining Attacks in the Bitcoin System.

A High-Assurance Evaluator for Machine-Checked Secure Multiparty Computation.

Practical Fully Secure Three-Party Computation via Sublinear Distributed Zero-Knowledge Proofs.

HoneyBadgerMPC and AsynchroMix: Practical Asynchronous MPC and its Application to Anonymous Communication.

Exploiting Symmetries When Proving Equivalence Properties for Security Protocols.

Are These Pairing Elements Correct?: Automated Verification and Applications.

Post-Collusion Security and Distance Bounding.

Five Years of the Right to be Forgotten.

Binary Control-Flow Trimming.

Program-mandering: Quantitative Privilege Separation.

Flexible Byzantine Fault Tolerance.

Distributed Vector-OLE: Improved Constructions and Implementation.

Houdini's Escape: Breaking the Resource Rein of Linux Control Groups.

Insecure Until Proven Updated: Analyzing AMD SEV's Remote Attestation.

An In-depth Look Into SDN Topology Discovery Mechanisms: Novel Attacks and Practical Countermeasures.

Proof-Carrying Network Code.

Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning.

DeMiCPU: Device Fingerprinting with Magnetic Signals Radiated by CPU.

Multisketches: Practical Secure Sketches Using Off-the-Shelf Biometric Matching Algorithms.

28 Blinks Later: Tackling Practical Challenges of Eye Movement Biometrics.

Velody: Nonlinear Vibration Challenge-Response for Resilient User Authentication.

The Catcher in the Field: A Fieldprint based Spoofing Detection for Text-Independent Speaker Verification.

QUOTIENT: Two-Party Secure Neural Network Training and Prediction.

Quantitative Verification of Neural Networks and Its Security Applications.

ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation.

Lifelong Anomaly Detection Through Unlearning.

Transparency Logs via Append-Only Authenticated Dictionaries.

Probabilistic Data Structures in Adversarial Environments.

Make Some ROOM for the Zeros: Data Sparsity in Secure Distributed Machine Learning.

PIEs: Public Incompressible Encodings for Decentralized Storage.

Protocols for Checking Compromised Credentials.

User Account Access Graphs.

Charting the Attack Surface of Trigger-Action IoT Platforms.

Peeves: Physical Event Verification in Smart Homes.

Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps.

Balance: Dynamic Adjustment of Cryptocurrency Deposits.

TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum.

Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware.

Efficient MPC via Program Analysis: A Framework for Efficient Optimal Mixing.

Two-Thirds Honest-Majority MPC for Malicious Adversaries at Almost the Cost of Semi-Honest.

Fast Actively Secure Five-Party Computation with Security Beyond Abort.

Signed Cryptographic Program Verification with Typed CryptoLine.

Machine-Checked Proofs for Cryptographic Standards: Indifferentiability of Sponge and Secure High-Assurance Implementations of SHA-3.

VeriSketch: Synthesizing Secure Hardware Designs with Timing-Sensitive Information Flow Properties.

SEEMless: Secure End-to-End Encrypted Messaging with less Trust.

PrivDPI: Privacy-Preserving Encrypted Traffic Inspection with Reusable Obfuscated Rules.

Updatable Anonymous Credentials and Applications to Incentive Systems.

Hardware-assisted Trusted Execution Environments: Look Back, Look Ahead.

Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters.

SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel.

SecTEE: A Software-based Approach to Secure Enclave Architecture Using TEE.

A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes.

zkay: Specifying and Enforcing Data Privacy in Smart Contracts.

Log2vec: A Heterogeneous Graph Embedding Based Approach for Detecting Cyber Threats within Enterprise.

Privacy Aspects and Subliminal Channels in Zcash.

POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting.

Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts.

MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis.

Where Does It Go?: Refining Indirect-Call Targets with Multi-Layer Type Analysis.

Different is Good: Detecting the Use of Uninitialized Variables through Differential Replay.

HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs.

Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack.

"I don't see why I would ever want to use it": Analyzing the Usability of Popular Smartphone Password Managers.

Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues.

A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right.

Seeing isn't Believing: Towards More Robust Adversarial Attack Against Real World Object Detectors.

AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning.

Attacking Graph-based Classification via Manipulating the Graph Structure.

Latent Backdoor Attacks on Deep Neural Networks.

Succinct Arguments for Bilinear Group Arithmetic: Practical Structure-Preserving Cryptography.

LegoSNARK: Modular Design and Composition of Succinct Zero-Knowledge Proofs.

Efficient Zero-Knowledge Arguments in the Discrete Log Setting, Revisited.

Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings.

The SPHINCS+ Signature Framework.

GALACTICS: Gaussian Sampling for Lattice-Based Constant- Time Implementation of Cryptographic Signatures, Revisited.

Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures.

Membership Privacy for Fully Dynamic Group Signatures.

Geneva: Evolving Censorship Evasion Strategies.

Conjure: Summoning Proxies from Unused Address Space.

You Shall Not Join: A Measurement Study of Cryptocurrency Peer-to-Peer Bootstrapping Techniques.

SAMPL: Scalable Auditability of Monitoring Processes using Public Ledgers.

Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving.

LibreCAN: Automated CAN Message Translator.

Trick or Heat?: Manipulating Critical Temperature-Based Control Systems Using Rectification Attacks.

OPERA: Open Remote Attestation for Intel's Secure Enclaves.

Towards Memory Safe Enclave Programming with Rust-SGX.

Two-party Private Set Intersection with an Untrusted Third Party.

DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps.

The Art and Craft of Fraudulent App Promotion in Google Play.

CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.

Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web.

You Are Who You Appear to Be: A Longitudinal Study of Domain Impersonation in TLS Certificates.

Certificate Transparency in the Wild: Exploring the Reliability of Monitors.

POSTER: Detecting Audio Adversarial Example through Audio Modification.

Poster: Fuzzing IoT Firmware via Multi-stage Message Generation.

Snout: An Extensible IoT Pen-Testing Tool.

POSTER: Traffic Splitting to Counter Website Fingerprinting.

Force vs. Nudge: Comparing Users' Pattern Choices on SysPal and TinPal.

Poster: Framework for Semi-Private Function Evaluation with Application to Secure Insurance Rate Calculation.

Poster: Deployment-quality and Accessible Solutions for Cryptography Code Development.

Medical Protocol Security: DICOM Vulnerability Mining Based on Fuzzing Technology.

Poster: A Proof-of-Stake (PoS) Blockchain Protocol using Fair and Dynamic Sharding Management.

Kerberoid: A Practical Android App Decompilation System with Multiple Decompilers.

Poster: A Reliable and Accountable Privacy-Preserving Federated Learning Framework using the Blockchain.

Poster: Attacking Malware Classifiers by Crafting Gradient-Attacks that Preserve Functionality.

simFIDO: FIDO2 User Authentication with simTPM.

pFilter: Retrofitting Legacy Applications for Data Privacy.

Poster: Towards a Framework for Assessing Vulnerabilities of Brainwave Authentication Systems.

Poster: Network Message Field Type Recognition.

Poster: Towards a Data Centric Approach for the Design and Verification of Cryptographic Protocols.

ÆGIS: Smart Shielding of Smart Contracts.

Nickel to Lego: Using Foolgle to Create Adversarial Examples to Fool Google Cloud Speech-to-Text API.

Poster: Using Generative Adversarial Networks for Secure Pseudorandom Number Generation.

Poster: Proofs of Retrievability with Low Server Storage.

Data Quality for Security Challenges: Case Studies of Phishing, Malware and Intrusion Detection Datasets.

Poster: Finding JavaScript Name Conflicts on the Web.

Poster: Towards Robust Open-World Detection of Deepfakes.

Poster: Understanding User's Decision to Interact with Potential Phishing Posts on Facebook using a Vignette Study.

Poster: Adversarial Examples for Hate Speech Classifiers.

Poster: Evaluating Security Metrics for Website Fingerprinting.

Poster: Video Fingerprinting in Tor.

Poster: A First Look at the Privacy Risks of Voice Assistant Apps.

Poster: Directed Hybrid Fuzzing on Binary Code.

Poster: On the Application of NLP to Discover Relationships between Malicious Network Entities.

Poster: SDN-based System to Filter Out DRDoS Amplification Traffic in ISP Networks.

Poster: GRANDPA Finality Gadget.

Poster: Towards Characterizing and Limiting Information Exposure in DNN Layers.

Poster: Recovering the Input of Neural Networks via Single Shot Side-channel Attacks.

Poster: Challenges of Accurately Measuring Churn in P2P Botnets.

Poster: TCLP: Enforcing Least Privileges to Prevent Containers from Kernel Vulnerabilities.

Poster: Let History not Repeat Itself (this Time) - Tackling WebAuthn Developer Issues Early On.

Poster: When Adversary Becomes the Guardian - Towards Side-channel Security With Adversarial Attacks.

Poster: Towards Automated Quantitative Analysis and Forecasting of Vulnerability Discoveries in Debian GNU/Linux.

Poster: Effective Layers in Coverage Metrics for Deep Neural Networks.

Poster: Detecting WebAssembly-based Cryptocurrency Mining.

Poster: Evaluating Code Coverage for System Call Fuzzers.

CCSW'19 Workshop Summary: 2019 Cloud Computing Security Workshop.

CPS-SPC 2019: Fifth Workshop on Cyber-Physical Systems Security and PrivaCy.

MTD 2019: The 6th ACM Workshop on Moving Target Defense.

SSR'19: The 5th Conference on Security Standardisation Research.

TIS'19: Theory of Implementation Security Workshop 2019.

WAHC'19: 7th Workshop on Encrypted Computing & Applied Homomorphic Cryptograph.

18th Workshop on Privacy in the Electronic Society (WPES 2019).

AISec'19: 12th ACM Workshop on Artificial Intelligence and Security.

ASHES 2019: 3rd Workshop on Attacks and Solutions in Hardware Security.

1st Workshop on Cyber-Security Arms Race (CYSARM 2019).

IoT S&P 2019: 2nd Workshop on the Internet of Things Security and Privacy.

PLAS 2019: ACM SIGSAC Workshop on Programming Languages and Analysis for Security.

PPML '19: Privacy Preserving Machine Learning.

3rd International Workshop on Software Protection (SPRO 2019).