Collection of Security Papers

IEEE S&P 2022

Collection of Security Papers

All
IEEE S&P
IEEE S&P
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ACM CCS
ACM CCS
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
USENIX Sec
USENIX Sec
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
NDSS
NDSS
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ICSE
ICSE
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015-1
- 2015-2
ISSTA
ISSTA
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015

IEEE S&P 2022

148 papers accepted.

Updated on 2023-09-08.

You can find the lastest information here.

PATA: Fuzzing with Path Aware Taint Analysis.

JIGSAW: Efficient and Scalable Path Constraints Fuzzing.

BEACON: Directed Grey-Box Fuzzing with Provable Path Pruning.

Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents.

ProVerif with Lemmas, Induction, Fast Subsumption, and Much More.

Four Attacks and a Proof for Telegram.

Noise*: A Library of Verified High-Performance Secure Channel Protocol Implementations.

A Logic and an Interactive Prover for the Computational Post-Quantum Security of Protocols.

IronMask: Versatile Verification of Masking Security.

SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds.

ZeeStar: Private Smart Contracts by Homomorphic Encryption and Zero-knowledge Proofs.

Quantifying Blockchain Extractable Value: How dark is the forest?

A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification.

Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks.

TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems.

SoK: Authentication in Augmented and Virtual Reality.

Delay Wreaks Havoc on Your Smart Home: Delay-based Automation Interference Attacks.

Peekaboo: A Hub-Based Approach to Enable Transparency in Data Processing within Smart Homes.

vSGX: Virtualizing SGX Enclaves on AMD SEV.

A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP.

RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone.

A Secret-Free Hypervisor: Rethinking Isolation in the Age of Speculative Vulnerabilities.

Smile: Secure Memory Introspection for Live Enclave.

Statistical Quantification of Differential Privacy: A Local Approach.

Locally Differentially Private Sparse Vector Aggregation.

Differentially Private Histograms in the Shuffle Model from Fake Users.

Differential Privacy and Swapping: Examining De-Identification's Impact on Minority Representation and Privacy Preservation in the U.S. Census.

Are We There Yet? Timing and Floating-Point Attacks on Differential Privacy Systems.

SHADEWATCHER: Recommendation-guided Cyber Threat Analysis using System Audit Records.

SIRAJ: A Unified Framework for Aggregation of Malicious Entity Detectors.

DEEPCASE: Semi-Supervised Contextual Analysis of Security Events.

DEPCOMM: Graph Summarization on System Audit Logs for Attack Investigation.

Measuring and Mitigating the Risk of IP Reuse on Public Clouds.

SecFloat: Accurate Floating-Point meets Secure 2-Party Computation.

Multi-Server Verifiable Computation of Low-Degree Polynomials.

Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques.

"They're not that hard to mitigate": What Cryptographic Library Developers Think About Timing Attacks.

Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK.

SoK: Practical Foundations for Software Spectre Defenses.

SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks.

Spook.js: Attacking Chrome Strict Site Isolation via Speculative Execution.

BLACKSMITH: Scalable Rowhammering in the Frequency Domain.

ProTRR: Principled yet Optimal In-DRAM Target Row Refresh.

Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions.

Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures.

SoK: How Robust is Image Classification Deep Neural Network Watermarking?

Transcending TRANSCEND: Revisiting Malware Classification in the Presence of Concept Drift.

Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models.

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study.

27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University.

Investigating Influencer VPN Ads on YouTube.

How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study.

Private Approximate Nearest Neighbor Search with Sublinear Communication.

SPIRAL: Fast, High-Rate Single-Server PIR via FHE Composition.

SNARKBlock: Federated Anonymous Blocklisting from Hidden Common Input Aggregate Proofs.

How to Attack and Generate Honeywords.

WIGHT: Wired Ghost Touch Attack on Capacitive Touchscreens.

Time-Print: Authenticating USB Flash Drives with Novel Timing Fingerprints.

Device Fingerprinting with Peripheral Timestamps.

PCR-Auth: Solving Authentication Puzzle Challenge with Encoded Palm Contact Response.

Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation.

SYMBEXCEL: Automated Analysis and Understanding of Malicious Excel 4.0 Macros.

HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images.

SoK: Demystifying Binary Lifters Through the Lens of Downstream Applications.

Property Inference from Poisoning.

Reconstructing Training Data with Informed Adversaries.

DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories.

Model Stealing Attacks Against Inductive Graph Neural Networks.

Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security.

mmSpy: Spying Phone Calls using mmWave Radars.

Attacks on Wireless Coexistence: Exploiting Cross-Technology Performance Features for Inter-Chip Privilege Escalation.

Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices.

Using Throughput-Centric Byzantine Broadcast to Tolerate Malicious Majority in Blockchains.

MatRiCT+: More Efficient Post-Quantum Private Blockchain Payments.

Universal Atomic Swaps: Secure Exchange of Coins Across All Blockchains.

Foundations of Dynamic BFT.

Back to the Drawing Board: A Critical Evaluation of Poisoning Attacks on Production Federated Learning.

Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security.

Universal 3-Dimensional Perturbations for Black-Box Attacks on Video Recognition Systems.

"Adversarial Examples" for Proof-of-Learning.

Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings.

Graphics Peeping Unit: Exploiting EM Side-Channel Information of GPUs to Eavesdrop on Your Neighbors.

Adversarial Prefetch: New Cross-Core Cache Side Channel Attacks.

Finding and Exploiting CPU Features using MSR Templating.

Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest.

MeshUp: Stateless Cache Side-channel Attack on CPU Mesh.

Timing-Based Browsing Privacy Vulnerabilities Via Site Isolation.

WTAGRAPH: Web Tracking and Advertising Detection using Graph Neural Networks.

Surakav: Generating Realistic Traces for a Strong Website Fingerprinting Defense.

Wobfuscator: Obfuscating JavaScript Malware via Opportunistic Translation to WebAssembly.

The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies.

IRQDebloat: Reducing Driver Attack Surface in Embedded Devices.

Finding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis.

Mind the Gap: Studying the Insecurity of Provably Secure Embedded Trusted Execution Architectures.

How Not to Protect Your IP - An Industry-Wide Break of IEEE 1735 Implementations.

Hardening Circuit-Design IP Against Reverse-Engineering Attacks.

Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices.

IRShield: A Countermeasure Against Adversarial Physical-Layer Wireless Sensing.

Anti-Tamper Radio: System-Level Tamper Detection for Computing Systems.

Practical EMV Relay Protection.

AccEar: Accelerometer Acoustic Eavesdropping with Unconstrained Vocabulary.

Towards Automated Auditing for Account and Session Management Flaws in Single Sign-On Deployments.

HARDLOG: Practical Tamper-Proof System Auditing Using a Novel Audit Device.

SWARMFLAWFINDER: Discovering and Exploiting Logic Flaws of Swarm Algorithms.

PGPatch: Policy-Guided Logic Bug Patching for Robotic Vehicles.

"Flawed, but like democracy we don't have a better system": The Experts' Insights on the Peer Review Process of Evaluating Security Papers.

Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects.

Membership Inference Attacks From First Principles.

DeepCoFFEA: Improved Flow Correlation Attacks on Tor via Metric Learning and Amplification.

ShorTor: Improving Tor Network Latency via Multi-hop Overlay Routing.

Sabre: Sender-Anonymous Messaging with Fast Audits.

Security Foundations for Application-Based Covert Communication Channels.

Bad Characters: Imperceptible NLP Attacks.

LINKTELLER: Recovering Private Edges from Graph Neural Networks via Influence Analysis.

Piccolo: Exposing Complex Backdoors in NLP Transformer Models.

BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning.

Repairing DoS Vulnerability of Real-World Regexes.

GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs.

Goshawk: Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis.

FSAFlow: Lightweight and Fast Dynamic Path Tracking and Control for Privacy Protection on Android Using Hybrid Analysis with State-Reduction Strategy.

Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust.

Scraping Sticky Leftovers: App User Information Left on Servers After Account Deletion.

TrollMagnifier: Detecting State-Sponsored Troll Accounts on Reddit.

Analyzing Ground-Truth Data of Mobile Gambling Scams.

Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis.

FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks.

Exploit the Last Straw That Breaks Android Systems.

CirC: Compiler infrastructure for proof systems, software verification, and more.

HAMRAZ: Resilient Partitioning and Replication.

Formal Model-Driven Discovery of Bluetooth Protocol Design Vulnerabilities.

"Desperate Times Call for Desperate Measures": User Concerns with Mobile Loan Apps in Kenya.

SoK: The Dual Nature of Technology in Sexual Abuse.

SoK: A Framework for Unifying At-Risk User Research.

Deployment of Source Address Validation by Network Operators: A Randomized Control Trial.

Exposed Infrastructures: Discovery, Attacks and Remediation of Insecure ICS Remote Management Devices.

Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms.

Privacy-from-Birth: Protecting Sensed Data from Malicious Sensors with VERSA.

Publicly Accountable Robust Multi-Party Computation.

Hark: A Deep Learning System for Navigating Privacy Feedback at Scale.

Sphinx: Enabling Privacy-Preserving Online Learning over the Cloud.

Spurt: Scalable Distributed Randomness Beacon with Transparent Setup.

Practical Asynchronous Distributed Key Generation.

Security Analysis of the MLS Key Derivation.

Low-Bandwidth Threshold ECDSA via Pseudorandom Correlation Generators.