Collection of Security Papers

ACM CCS 2021

Collection of Security Papers

All
IEEE S&P
IEEE S&P
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ACM CCS
ACM CCS
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
USENIX Sec
USENIX Sec
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
NDSS
NDSS
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ICSE
ICSE
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015-1
- 2015-2
ISSTA
ISSTA
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015

ACM CCS 2021

222 papers accepted.

Updated on 2023-09-08.

You can find the lastest information here.

Chunk-Level Password Guessing: Towards Modeling Refined Password Composition Representations.

Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale.

Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits.

Reverse Attack: Black-box Attacks on Collaborative Recommendation.

It's Not What It Looks Like: Manipulating Perceptual Hashing based Applications.

Black-box Adversarial Attacks on Commercial Speech Platforms with Minimal Information.

A Hard Label Black-box Adversarial Attack Against Graph Neural Networks.

Robust Adversarial Attacks Against DNN-Based Wireless Communication Systems.

AI-Lancet: Locating Error-inducing Neurons to Optimize Neural Networks.

Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time.

Constant-Overhead Zero-Knowledge for RAM Programs.

Appenzeller to Brie: Efficient Zero-Knowledge Proofs for Mixed-Mode Arithmetic and Z2k.

Shorter and Faster Post-Quantum Designated-Verifier zkSNARKs from Lattices.

"Hello, It's Me": Deep Learning-based Speech Synthesis Attacks in the Real World.

Don't Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication.

Dissecting Click Fraud Autonomy in the Wild.

Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic.

Usable User Authentication on a Smartwatch using Vibration.

Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis.

Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference.

Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing.

HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs.

HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators.

DPGen: Automated Program Synthesis for Differential Privacy.

A Formally Verified Configuration for Hardware Security Modules in the Cloud.

Solver-Aided Constant-Time Hardware Verification.

Exorcising Spectres with Secure Compilers.

Structured Leakage and Applications to Cryptographic Constant-Time and Cost.

Learning Security Classifiers with Verified Global Robustness Properties.

On the Robustness of Domain Constraints.

Cert-RNN: Towards Certifying the Robustness of Recurrent Neural Networks.

TSS: Transformation-Specific Smoothing for Robustness Certification.

Efficient Online-friendly Two-Party ECDSA Signature.

One Hot Garbling.

The Return of Eratosthenes: Secure Generation of RSA Moduli using Distributed Sieving.

Secure Graph Analysis at Scale.

Oblivious Linear Group Actions and Applications.

Wireless Charging Power Side-Channel Attacks.

Indistinguishability Prevents Scheduler Side Channels in Real-Time Systems.

Rosita++: Automatic Higher-Order Leakage Elimination from Cryptographic Code.

Periscope: A Keystroke Inference Attack Using Human Coupled Electromagnetic Emanations.

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization.

ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels.

SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers.

Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization.

SmashEx: Smashing SGX Enclaves Using Exceptions.

CPscan: Detecting Bugs Caused by Code Pruning in IoT Kernels.

Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels.

Honest-but-Curious Nets: Sensitive Attributes of Private Inputs Can Be Secretly Coded into the Classifiers' Outputs.

Quantifying and Mitigating Privacy Risks of Contrastive Learning.

Membership Inference Attacks Against Recommender Systems.

Membership Leakage in Label-Only Exposures.

When Machine Unlearning Jeopardizes Privacy.

Deterrence of Intelligent DDoS via Multi-Hop Traffic Divergence.

Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks.

Warmonger: Inflicting Denial-of-Service via Serverless Functions in the Cloud.

United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale.

Revisiting Nakamoto Consensus in Asynchronous Networks: A Comprehensive Analysis of Bitcoin Safety and ChainQuality.

How Does Blockchain Security Dictate Blockchain Implementation?

The Exact Security of BIP32 Wallets.

A Security Framework for Distributed Ledgers.

This Sneaky Piggy Went to the Android Ad Market: Misusing Mobile Sensors for Stealthy Data Exfiltration.

Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices.

All your Credentials are Belong to Us: On Insecure WPA2-Enterprise Configurations.

On-device IoT Certificate Revocation Checking with Small Memory and Low Latency.

Labeled PSI from Homomorphic Encryption with Reduced Computation and Communication.

Simple, Fast Malicious Multiparty Private Set Intersection.

Compact and Malicious Private Set Intersection for Small Sets.

Efficient Linear Multiparty PSI and Extensions to Circuit/Quorum PSI.

Differential Privacy for Directional Data.

Differentially Private Sparse Vectors with Low Error, Optimal Space, and Fast Access.

Continuous Release of Data Streams under both Centralized and Local Differential Privacy.

Side-Channel Attacks on Query-Based Data Anonymization.

AHEAD: Adaptive Hierarchical Decomposition for Range Query under Local Differential Privacy.

Who's In Control? On Security Risks of Disjointed IoT Device Management Channels.

DroneKey: A Drone-Aided Group-Key Generation Scheme for Large-Scale IoT Networks.

You Make Me Tremble: A First Look at Attacks Against Structural Control Systems.

MaMIoT: Manipulation of Energy Market Leveraging High Wattage IoT Botnets.

Aion: Enabling Open Systems through Strong Availability Guarantees for Enclaves.

Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem.

On Re-engineering the X.509 PKI with Executable Specification for Better Implementation Guarantees.

APECS: A Distributed Access Control Framework for Pervasive Edge Computing Services.

Let's Downgrade Let's Encrypt.

A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs.

Modular Design of Secure Group Messaging Protocols and the Security of MLS.

Secure Complaint-Enabled Source-Tracking for Encrypted Messaging.

Fuzzy Message Detection.

Meteor: Cryptographically Secure Steganography for Realistic Distributions.

Hiding the Lengths of Encrypted Messages via Gaussian Padding.

Android on PC: On the Security of End-user Android Emulators.

Ghost in the Binder: Binder Transaction Redirection Attacks in Android System Services.

Dissecting Residual APIs in Custom Android ROMs.

VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks.

Detecting Missed Security Operations Through Differential Checking of Object-based Similar Paths.

DETER: Denial of Ethereum Txpool sERvices.

SyncAttack: Double-spending in Bitcoin Without Mining Power.

Multi-Threshold Byzantine Fault Tolerance.

Securing Parallel-chain Protocols under Variable Mining Power.

BFT Protocol Forensics.

Supply-Chain Vulnerability Elimination via Active Learning and Regeneration.

XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers.

DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale.

T-Reqs: HTTP Request Smuggling with Differential Fuzzing.

Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction.

Spinner: Automated Dynamic Command Subsystem Perturbation.

FakeWake: Understanding and Mitigating Fake Wake-up Words of Voice Assistants.

Robust Detection of Machine-induced Audio Attacks in Intelligent Audio Systems with Microphone Array.

Glowworm Attack: Optical TEMPEST Sound Recovery via a Device's Power Indicator LED.

CapSpeaker: Injecting Voices to Microphones via Capacitors.

I Can See the Light: Attacks on Autonomous Vehicles Using Invisible Lights.

Can We Use Arbitrary Objects to Attack LiDAR Perception in Autonomous Driving?

A PKI-based Framework for Establishing Efficient MPC Channels.

The Security of ChaCha20-Poly1305 in the Multi-User Setting.

With a Little Help from My Friends: Constructing Practical Anonymous Credentials.

Key Agreement for Decentralized Secure Group Messaging with Strong Security Guarantees.

Revisiting Fuzzy Signatures: Towards a More Risk-Free Cryptographic Authentication System based on Biometrics.

On the (In)Security of ElGamal in OpenPGP.

EncoderMI: Membership Inference against Pre-trained Encoders in Contrastive Learning.

TableGAN-MCA: Evaluating Membership Collisions of GAN-Synthesized Tabular Data Releasing.

Unleashing the Tiger: Inference Attacks on Split Learning.

Locally Private Graph Neural Networks.

DataLens: Scalable Privacy Preserving Training via Gradient Compression and Aggregation.

Regression Greybox Fuzzing.

MirChecker: Detecting Bugs in Rust Programs via Static Analysis.

V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing.

Hardware Support to Improve Fuzzing Performance and Precision.

SoFi: Reflection-Augmented Fuzzing for JavaScript Engines.

Reconstructing with Less: Leakage Abuse Attacks in Two Dimensions.

εpsolute: Efficiently Querying Databases While Providing Differential Privacy.

Compressed Oblivious Encoding for Homomorphically Encrypted Search.

OnionPIR: Response Efficient Single-Server PIR.

LEAP: Leakage-Abuse Attack on Efficiently Deployable, Efficiently Searchable Encryption with Partially Known Dataset.

On the Rényi Differential Privacy of the Shuffle Model.

Private Hierarchical Clustering in Federated Networks.

Secure Multi-party Computation of Differentially Private Heavy Hitters.

Automated Privacy Policy Annotation with Information Highlighting Made Practical Using Deep Representations.

POSTER: Recovering Songs from a Hanging Light Bulb.

Search-Based Local Black-Box Deobfuscation: Understand, Improve and Mitigate (Poster).

Membership Inference Attacks against GANs by Leveraging Over-representation Regions.

Earable Authentication via Acoustic Toothprint.

POSTER: An Open-Source Framework for Developing Heterogeneous Distributed Enclave Applications.

Towards Automated Computational Auditing of mHealth Security and Privacy Regulations.

DEMO: A Secure Voting System for Score Based Elections.

POSTER: A Tough Nut to Crack: Attempting to Break Modulation Obfuscation.

POSTER: ReAvatar: Virtual Reality De-anonymization Attack Through Correlating Movement Signatures.

Revisiting Hybrid Private Information Retrieval.

POSTER: How Dangerous is My Click? Boosting Website Fingerprinting By Considering Sequences of Webpages.

Human and Organizational Factors in Public Key Certificate Authority Failures.

On Adoptability and Use Case Exploration of Threat Modeling for Mobile Communication Systems.

Enabling Visual Analytics via Alert-driven Attack Graphs.

Predictive Cipher-Suite Negotiation for Boosting Deployment of New Ciphers.

Chronos: Timing Interference as a New Attack Vector on Autonomous Cyber-physical Systems.

Demo: Detecting Third-Party Library Problems with Combined Program Analysis.

CyberBunker 2.0 - A Domain and Traffic Perspective on a Bulletproof Hoster.

An Ontology-driven Knowledge Graph for Android Malware.

De-identification of Unstructured Clinical Texts from Sequence to Sequence Perspective.

MANIAC: A Man-Machine Collaborative System for Classifying Malware Author Groups.

Evaluating Resilience of Domains in PKI.

Demo: Large Scale Analysis on Vulnerability Remediation in Open-source JavaScript Projects.

Optimized Predictive Control for AGC Cyber Resiliency.

POSTER: OS Independent Fuzz Testing of I/O Boundary.

Util: : Lookup: Exploiting Key Decoding in Cryptographic Libraries.

Morpheus: Bringing The (PKCS) One To Meet the Oracle.

PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild.

Search-Based Local Black-Box Deobfuscation: Understand, Improve and Mitigate.

Learning to Explore Paths for Symbolic Execution.

Mechanized Proofs of Adversarial Complexity and Application to Universal Composability.

EasyPQC: Verifying Post-Quantum Cryptography.

Machine-checked ZKP for NP relations: Formally Verified Security Proofs and Implementations of MPC-in-the-Head.

An In-Depth Symbolic Security Analysis of the ACME Standard.

Biometrics-Authenticated Key Exchange for Secure Messaging.

Verifying Table-Based Elections.

Efficient CCA Timed Commitments in Class Groups.

MPC-Friendly Commitments for Publicly Verifiable Covert Security.

Asynchronous Data Dissemination and its Applications.

Faster Lattice-Based KEMs via a Generic Fujisaki-Okamoto Transform Using Prefix Hashing.

PPE Circuits for Rational Polynomials.

Amortized Threshold Symmetric-key Encryption.

The Invisible Shadow: How Security Cameras Leak Private Activities.

The One-Page Setting: A Higher Standard for Evaluating Website Fingerprinting Defenses.

WristPrint: Characterizing User Re-identification Risks from Wrist-worn Accelerometry Data.

Consistency Analysis of Data-Usage Purposes in Mobile Apps.

SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking.

Towards Transparent and Stealthy Android OS Sandboxing via Customizable Container-Based Virtualization.

One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization.

RealSWATT: Remote Software-based Attestation for Embedded Devices under Realtime Constraints.

Prime+Scope: Overcoming the Observer Effect for High-Precision Cache Contention Attacks.

On the TOCTOU Problem in Remote Attestation.

CrossLine: Breaking "Security-by-Crash" based Memory Isolation in AMD SEV.

Zero Knowledge Static Program Analysis.

zkCNN: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy.

QuickSilver: Efficient and Affordable Zero-Knowledge Proofs for Circuits and Polynomials over Any Field.

ZKCPlus: Optimized Fair-exchange Protocol Supporting Practical and Flexible Data Exchange.

Limbo: Efficient Zero-knowledge MPCitH-based Arguments.

"I need a better description": An Investigation Into User Expectations For Differential Privacy.

An Inside Look into the Practice of Malware Analysis.

The Effect of Google Search on Software Security: Unobtrusive Security Interventions via Content Re-ranking.

12 Angry Developers - A Qualitative Study on Developers' Struggles with CSP.

Subpopulation Data Poisoning Attacks.

Hidden Backdoors in Human-Centric Language Models.

Backdoor Pre-trained Models Can Transfer to All.

Feature-Indistinguishable Attack to Circumvent Trapdoor-Enabled Defense.

DetectorGuard: Provably Securing Object Detectors against Localized Patch Hiding Attacks.

DeepAID: Interpreting and Improving Deep Learning-based Anomaly Detection in Security Applications.

Structural Attack against Graph Based Android Malware Detection.

PalmTree: Learning an Assembly Language Model for Instruction Embedding.

A One-Pass Distributed and Private Sketch for Kernel Sums with Applications to Machine Learning at Scale.

COINN: Crypto/ML Codesign for Oblivious Inference via Neural Networks.

Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking.

Facilitating Vulnerability Assessment through PoC Migration.

Igor: Crash Deduplication Through Root-Cause Clustering.

Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks.

C3PO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration.

New Directions in Automated Traffic Analysis.

Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison.

DNS Cache Poisoning Attack: Resurrections with Side Channels.

Packet Scheduling with Optional Client Privacy.

Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis.

OpenSquare: Decentralized Repeated Modular Squaring Service.

Generalized Proof of Liabilities.

Mining in Logarithmic Space.

RandPiper - Reconfiguration-Friendly Random Beacons with Quadratic Communication.