IEEE S&P 2019 84 papers accepted. Updated on 2023-09-08. You can find the lastest information here. Spectre Attacks: Exploiting Speculative Execution. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security. Theory and Practice of Finding Eviction Sets. Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks. Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives. RIDL: Rogue In-Flight Data Load. Perun: Virtual Payment Hubs over Cryptocurrencies. Redactable Blockchain in the Permissionless Setting. Proof-of-Stake Sidechains. Ouroboros Crypsinous: Privacy-Preserving Proof-of-Stake. Lay Down the Common Metrics: Evaluating Proof-of-Work Consensus Protocols' Security. XCLAIM: Trustless, Interoperable, Cryptocurrency-Backed Assets. Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate. EmPoWeb: Empowering Web Applications with Browser Extensions. "If HTTPS Were Secure, I Wouldn't Need 2FA" - End User and Administrator Mental Models of HTTPS. Fidelius: Protecting User Secrets from Compromised Browsers. Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. Towards Practical Differentially Private Convex Optimization. PrivKV: Key-Value Data Collection with Local Differential Privacy. Differentially Private Model Publishing for Deep Learning. KHyperLogLog: Estimating Reidentifiability and Joinability of Large Data at Scale. Characterizing Pixel Tracking through the Lens of Disposable Email Services. Reasoning Analytically about Password-Cracking Software. True2F: Backdoor-Resistant Authentication Tokens. Beyond Credential Stuffing: Password Similarity Models Using Neural Networks. The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations. An Extensive Formal Security Analysis of the OpenID Financial-Grade API. Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization. Iodine: Fast Dynamic Taint Tracking Using Rollback-free Optimistic Hybrid Analysis. CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. Towards Automated Safety Vetting of PLC Code in Real-World Plants. Using Safety Properties to Generate Vulnerability Patches. Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy. Demystifying Hidden Privacy Settings in Mobile Apps. Security of GPS/INS Based On-road Location Tracking Systems. Understanding the Security of ARM Debugging Features. Tap 'n Ghost: A Compilation of Novel Attack Techniques against Smartphone Touchscreens. SensorID: Sensor Calibration Fingerprinting for Smartphones. Certified Robustness to Adversarial Examples with Differential Privacy. DEEPSEC: A Uniform Platform for Security Analysis of Deep Learning Model. Exploiting Unintended Feature Leakage in Collaborative Learning. Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. Helen: Maliciously Secure Coopetitive Learning for Linear Models. Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning. Razzer: Finding Kernel Race Bugs through Fuzzing. ProFuzzer: On-the-fly Input Type Probing for Better Zero-Day Vulnerability Discovery. Full-Speed Fuzzing: Reducing Fuzzing Overhead through Coverage-Guided Tracing. NEUZZ: Efficient Fuzzing with Neural Program Smoothing. Fuzzing File Systems via Two-Dimensional Input Space Exploration. F-BLEAU: Fast Black-Box Leakage Estimation. Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels. Port Contention for Fun and Profit. Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World. Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized Microphone. "Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response. Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion. LBM: A Security Framework for Peripherals within the Linux Kernel. SoK: Shining Light on Shadow Stacks. Kiss from a Rogue: Evaluating Detectability of Pay-at-the-Pump Card Skimmers. Blind Certificate Authorities. Data Recovery on Encrypted Databases with k-Nearest Neighbor Query Leakage. Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks. On the Security of Two-Round Multi-Signatures. New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning. Breaking LTE on Layer Two. HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows. Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane. On the Feasibility of Rerouting-Based DDoS Defenses. Resident Evil: Understanding Residential IP Proxy as a Dark Service. Simple High-Level Code for Cryptographic Arithmetic - With Proofs, Without Compromises. SoK: General Purpose Compilers for Secure Multi-Party Computation. The Code That Never Ran: Modeling Attacks on Speculative Evaluation. Formally Verified Cryptographic Web Applications in WebAssembly. SoK: Sanitizing for Security. Why Does Your Data Leak? Uncovering the Data Leakage in Cloud from Mobile Apps. Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions. How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples. PhishFarm: A Scalable Framework for Measuring the Effectiveness of Evasion Techniques against Browser Phishing Blacklists. SoK: Security Evaluation of Home-Based IoT Deployments. Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems. Drones' Cryptanalysis - Smashing Cryptography with a Flicker. Dominance as a New Trusted Computing Primitive for the Internet of Things.