NDSS 2021 87 papers accepted. Updated on 2023-09-08. You can find the lastest information here. Flexsealing BGP Against Route Leaks: Peerlock Active Measurement and Analysis. A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers? OblivSketch: Oblivious Network Measurement as a Cloud Service. ROV++: Improved Deployable Defense against BGP Hijacking. Trust the Crowd: Wireless Witnessing to Detect Attacks on ADS-B-Based Air-Traffic Surveillance. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. Processing Dangerous Paths - On Security and Privacy of the Portable Document Format. XDA: Accurate, Robust Disassembly with Transfer Learning. Shadow Attacks: Hiding and Replacing Content in Signed PDFs. KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel. Awakening the Web's Sleeper Agents: Misusing Service Workers for Privacy Leakage. All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers. Improving Signal's Sealed Sender. Tales of Favicons and Caches: Persistent Tracking in Modern Browsers. Reining in the Web's Inconsistencies with Site Policy. From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR. Understanding the Growth and Security Considerations of ECS. Mondrian: Comprehensive Inter-domain Network Zoning Architecture. Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework. SymQEMU: Compilation-based symbolic execution for binaries. TASE: Reducing Latency of Symbolic Execution with Transactional Memory. Refining Indirect Call Targets at the Binary Level. Obfuscated Access and Search Patterns in Searchable Encryption. More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes. Forward and Backward Private Conjunctive Searchable Symmetric Encryption. Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy. Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks. Deceptive Deletions for Protecting Withdrawn Posts on Social Media Platforms. Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI. To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media. SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web. The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud. Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks. Understanding Worldwide Private Information Collection on Android. On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices. Preventing and Detecting State Inference Attacks on Android. As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service. RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness. LaKSA: A Probabilistic Proof-of-Stake Protocol. SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning. Bitcontracts: Supporting Smart Contracts in Legacy Blockchains. QPEP: An Actionable Approach to Secure and Performant Broadband From Geostationary Orbit. A Formal Analysis of the FIDO UAF Protocol. PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification. The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol. NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces. Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel. Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers. Hunting the Haunter - Efficient Relational Symbolic Execution for Spectre with Haunted RelSE. SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets. Understanding and Detecting International Revenue Share Fraud. Differential Training: A Generic Framework to Reduce Label Noises for Android Malware Detection. MINOS: A Lightweight Real-Time Cryptojacking Detection System. Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes. Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem. IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery. PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection. EarArray: Defending against DolphinAttack via Acoustic Attenuation. POP and PUSH: Demystifying and Defending against (Mach) Port-oriented Programming. Доверя'й, но проверя'й: SFI safety for native-compiled Wasm. Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning. Let's Stride Blindfolded in a Forest: Sublinear Multi-Client Decision Trees Evaluation. Practical Blind Membership Inference Attack via Differential Comparisons. GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks. FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data. PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles. Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning. Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing. Evading Voltage-Based Intrusion Detection on Automotive CAN. HERA: Hotpatching of Embedded Real-time Applications. From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware. BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols. POSEIDON: Privacy-Preserving Federated Neural Network Learning. FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping. Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning. Data Poisoning Attacks to Deep Learning Based Recommender Systems. C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis. ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation. WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics. DOVE: A Data-Oblivious Virtual Environment. CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs. Emilia: Catching Iago in Legacy Code. CV-Inspector: Towards Automating Detection of Adblock Circumvention. FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications. PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps. Towards Understanding and Detecting Cyberbullying in Real-world Images.