NDSS 2021

87 papers accepted.

Updated on 2023-09-08.

You can find the lastest information here.

---

Flexsealing BGP Against Route Leaks: Peerlock Active Measurement and Analysis.

A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers?

OblivSketch: Oblivious Network Measurement as a Cloud Service.

ROV++: Improved Deployable Defense against BGP Hijacking.

Trust the Crowd: Wireless Witnessing to Detect Attacks on ADS-B-Based Air-Traffic Surveillance.

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages.

Processing Dangerous Paths - On Security and Privacy of the Portable Document Format.

XDA: Accurate, Robust Disassembly with Transfer Learning.

Shadow Attacks: Hiding and Replacing Content in Signed PDFs.

KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel.

Awakening the Web's Sleeper Agents: Misusing Service Workers for Privacy Leakage.

All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers.

Improving Signal's Sealed Sender.

Tales of Favicons and Caches: Persistent Tracking in Modern Browsers.

Reining in the Web's Inconsistencies with Site Policy.

From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR.

Understanding the Growth and Security Considerations of ECS.

Mondrian: Comprehensive Inter-domain Network Zoning Architecture.

Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework.

SymQEMU: Compilation-based symbolic execution for binaries.

TASE: Reducing Latency of Symbolic Execution with Transactional Memory.

Refining Indirect Call Targets at the Binary Level.

Obfuscated Access and Search Patterns in Searchable Encryption.

More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes.

Forward and Backward Private Conjunctive Searchable Symmetric Encryption.

Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy.

Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks.

Deceptive Deletions for Protecting Withdrawn Posts on Social Media Platforms.

Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI.

To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media.

SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web.

The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud.

Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks.

Understanding Worldwide Private Information Collection on Android.

On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices.

Preventing and Detecting State Inference Attacks on Android.

As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service.

RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness.

LaKSA: A Probabilistic Proof-of-Stake Protocol.

SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning.

Bitcontracts: Supporting Smart Contracts in Legacy Blockchains.

QPEP: An Actionable Approach to Secure and Performant Broadband From Geostationary Orbit.

A Formal Analysis of the FIDO UAF Protocol.

PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification.

The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol.

NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces.

Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel.

Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers.

Hunting the Haunter - Efficient Relational Symbolic Execution for Spectre with Haunted RelSE.

SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets.

Understanding and Detecting International Revenue Share Fraud.

Differential Training: A Generic Framework to Reduce Label Noises for Android Malware Detection.

MINOS: A Lightweight Real-Time Cryptojacking Detection System.

Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes.

Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem.

IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery.

PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection.

EarArray: Defending against DolphinAttack via Acoustic Attenuation.

POP and PUSH: Demystifying and Defending against (Mach) Port-oriented Programming.

Доверя'й, но проверя'й: SFI safety for native-compiled Wasm.

Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning.

Let's Stride Blindfolded in a Forest: Sublinear Multi-Client Decision Trees Evaluation.

Practical Blind Membership Inference Attack via Differential Comparisons.

GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks.

FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data.

PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles.

Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases.

WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning.

Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing.

Evading Voltage-Based Intrusion Detection on Automotive CAN.

HERA: Hotpatching of Embedded Real-time Applications.

From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware.

BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols.

POSEIDON: Privacy-Preserving Federated Neural Network Learning.

FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping.

Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning.

Data Poisoning Attacks to Deep Learning Based Recommender Systems.

C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis.

ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation.

WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.

DOVE: A Data-Oblivious Virtual Environment.

CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs.

Emilia: Catching Iago in Legacy Code.

CV-Inspector: Towards Automating Detection of Adblock Circumvention.

FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications.

PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps.

Towards Understanding and Detecting Cyberbullying in Real-world Images.