IEEE S&P 2020 104 papers accepted. Updated on 2023-09-08. You can find the lastest information here. Spectector: Principled Detection of Speculative Information Flows. : Practical Cache Attacks from the Network. SpecCFI: Mitigating Spectre Attacks using CFI Informed Speculation. LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection. HydRand: Efficient Continuous Distributed Randomness. OHIE: Blockchain Scaling Made Simple. Sync HotStuff: Simple and Practical Synchronous State Machine Replication. Replicated state machines without replicated execution. ICLab: A Global, Longitudinal Internet Censorship Measurement Platform. High Precision Open-World Website Fingerprinting. Breaking and (Partially) Fixing Provably Secure Onion Routing. Are anonymity-seekers just like everybody else? An analysis of contributions to Wikipedia from Tor. Detection of Electromagnetic Interference Attacks on Sensor Systems. WaveSpy: Remote and Through-wall Screen Attack via mmWave Sensing. SoK: A Minimalist Approach to Formalizing Analog Sensor Security. Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection Policies. Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication. This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs. The Value of Collaboration in Convex Machine Learning with Differential Privacy. Automatically Detecting Bystanders in Photos to Reduce Privacy Risks. CrypTFlow: Secure TensorFlow Inference. SoK: Differential Privacy as a Causal Property. Private resource allocators and their applications. Towards Effective Differential Privacy Communication for Users' Data Sharing Decision and Comprehension. A Programming Framework for Differential Privacy with Accuracy Concentration Bounds. Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products. Ask the Experts: What Should Be on an IoT Privacy and Security Label? Burglars' IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds. Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses. Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement. Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd. Even Black Cats Cannot Stay Hidden in the Dark: Full-band De-anonymization of Bluetooth Classic Devices. BIAS: Bluetooth Impersonation AttackS. xMP: Selective Memory Protection for Kernel and User Space. MarkUs: Drop-in use-after-free prevention for low-level languages. SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation. Cornucopia: Temporal Safety for CHERI Heaps. The Many Kinds of Creepware Used for Interpersonal Attacks. How not to prove your election outcome. A Security Analysis of the Facebook Ad Library. Can Voters Detect Malicious Manipulation of Ballot Marking Devices? RAMBleed: Reading Bits in Memory Without Accessing Them. Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers. Leveraging EM Side-Channel Information to Detect Rowhammer Attacks. TRRespass: Exploiting the Many Sides of Target Row Refresh. AdGraph: A Graph-Based Approach to Ad and Tracker Blocking. Browsing Unicity: On the Limits of Anonymizing Web Tracking Data. Do Cookie Banners Respect my Choice? : Measuring Legal Compliance of Banners from IAB Europe's Transparency and Consent Framework. Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers. Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers. Path Oblivious Heap: Optimal and Practical Oblivious Priority Queue. Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof. Towards Scalable Threshold Cryptosystems. A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network. Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability. FlyClient: Super-Light Clients for Cryptocurrencies. ZEXE: Enabling Decentralized Private Computation. The Last Mile: High-Assurance and High-Speed Cryptographic Implementations. EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider. Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process. Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level. An Analysis of Pre-installed Android Software. Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS. TextExerciser: Feedback-driven Text Input Exercising for Android Applications. Ex-vivo dynamic analysis framework for Android device drivers. Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps. PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning. Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics. TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks. Tactical Provenance Analysis for Endpoint Detection and Response Systems. Throwing Darts in the Dark? Detecting Bots with Limited Data using Neural Data Augmentation. JIT Leaks: Inducing Timing Side Channels through Just-In-Time Compilation. The State of the Uniform: Attacks on Encrypted Databases Beyond the Uniform Query Distribution. Pseudorandom Black Swans: Cache Attacks on CTR_DRBG. Flaw Label: Exploiting IPv6 Flow Label. HopSkipJumpAttack: A Query-Efficient Decision-Based Attack. Humpty Dumpty: Controlling Word Meanings via Corpus Poisoning. Privacy Risks of General-Purpose Language Models. Intriguing Properties of Adversarial ML Attacks in the Problem Space. Influencing Photo Sharing Decisions on Social Media: A Case of Paradoxical Findings. SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap. A Tale of Sea and Sky On the Security of Maritime VSAT Communications. I Know Where You Parked Last Summer : Automated Reverse Engineering and Privacy Analysis of Modern Cars. SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems. OAT: Attesting Operation Integrity of Embedded Devices. Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment. Plundervolt: Software-based Fault Injection Attacks against Intel SGX. SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal Assumptions. RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization. Unexpected Data Dependency Creation and Chaining: A New Attack to SDN. Neutaint: Efficient Dynamic Taint Analysis with Neural Networks. Karonte: Detecting Insecure Multi-binary Interactions in Embedded Firmware. SPIDER: Enabling Fast Patch Propagation In Related Software Repositories. SAVIOR: Towards Bug-Driven Hybrid Testing. Ijon: Exploring Deep State Spaces via Fuzzing. Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction. Fuzzing JavaScript Engines with Aspect-preserving Mutation. Krace: Data Race Fuzzing for Kernel File Systems. VerX: Safety Verification of Smart Contracts. VERISMART: A Highly Precise Safety Verifier for Ethereum Smart Contracts. Semantic Understanding of Smart Contracts: Executable Operational Semantics of Solidity. Transys: Leveraging Common Security Properties Across Hardware Designs. C3APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage. ICAS: an Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive Trojans.