Collection of Security Papers

IEEE S&P 2023

Collection of Security Papers

All
IEEE S&P
IEEE S&P
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ACM CCS
ACM CCS
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
USENIX Sec
USENIX Sec
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
NDSS
NDSS
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ICSE
ICSE
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015-1
- 2015-2
ISSTA
ISSTA
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015

IEEE S&P 2023

191 papers accepted.

Updated on 2023-09-08.

You can find the lastest information here.

Scaphy: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsical.

Shedding Light on Inconsistencies in Grid Cybersecurity: Disconnects and Recommendations.

Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations.

SoK: Distributed Randomness Beacons.

WeRLman: To Tackle Whale (Transactions), Go Deep (RL).

Three Birds with One Stone: Efficient Partitioning Attacks on Interdependent Cryptocurrency Networks.

Bitcoin-Enhanced Proof-of-Stake Security: Possibilities and Impossibilities.

MEGA: Malleable Encryption Goes Awry.

DBREACH: Stealing from Databases Using Compression Side Channels.

Weak Fiat-Shamir Attacks on Modern Proof Systems.

Attitudes towards Client-Side Scanning for CSAM, Terrorism, Drug Trafficking, Drug Use and Tax Evasion in Germany.

Deep perceptual hashing algorithms with hidden dual purpose: when client-side scanning does facial recognition.

Public Verification for Private Hash Matching.

Is Cryptographic Deniability Sufficientƒ Non-Expert Perceptions of Deniability in Secure Messaging.

On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive Learning.

Lambretta: Learning to Rank for Twitter Soft Moderation.

SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning.

Analyzing Leakage of Personally Identifiable Information in Language Models.

Accuracy-Privacy Trade-off in Deep Ensemble: A Membership Inference Perspective.

D-DAE: Defense-Penetrating Model Extraction Attacks.

SNAP: Efficient Extraction of Private Properties with Poisoning.

On the (In)security of Peer-to-Peer Decentralized Machine Learning.

Vectorized Batch Private Information Retrieval.

RoFL: Robustness of Secure Federated Learning.

Flamingo: Multi-Round Single-Server Secure Aggregation with Applications to Private Federated Learning.

SoK: Cryptographic Neural-Network Computation.

FLUTE: Fast and Secure Lookup Table Evaluations.

Bicoptor: Two-round Secure Three-party Non-linear Computation without Preprocessing for Privacy-preserving Machine Learning.

Investigating the Password Policy Practices of Website Administrators.

"In Eighty Percent of the Cases, I Select the Password for Them": Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya.

Towards a Rigorous Statistical Analysis of Empirical Password Datasets.

Confident Monte Carlo: Rigorous Analysis of Guessing Curves for Probabilistic Password Models.

Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid Distribution.

Disguising Attacks with Explanation-Aware Backdoors.

AI-Guardian: Defeating Adversarial Attacks using Backdoors.

Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers.

BayBFed: Bayesian Backdoor Defense for Federated Learning.

Redeem Myself: Purifying Backdoors in Deep Learning Models using Self Attention Distillation.

Threshold BBS+ Signatures for Distributed Anonymous Credential Issuance.

zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure.

MPCAuth: Multi-factor Authentication for Distributed-trust Systems.

Silph: A Framework for Scalable and Accurate Generation of Hybrid MPC Protocols.

SoK: Anti-Facial Recognition Technology.

Spoofing Real-world Face Authentication Systems through Optical Synthesis.

ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes.

DepthFake: Spoofing 3D Face Authentication with a 2D Photo.

Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective.

Breaking Security-Critical Voice Authentication.

SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses.

Fashion Faux Pas: Implicit Stylistic Fingerprints for Bypassing Browsers' Anti-Fingerprinting Defenses.

Robust Multi-tab Website Fingerprinting Attacks in the Wild.

Only Pay for What You Leak: Leveraging Sandboxes for a Minimally Invasive Browser Fingerprinting Defense.

It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses.

Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability.

Sound Verification of Security Protocols: From Design to Interoperable Implementations.

Typing High-Speed Cryptography against Spectre v1.

Owl: Compositional Verification of Security Protocols via an Information-Flow Type System.

AUC: Accountable Universal Composability.

High-Order Masking of Lattice Signatures in Quasilinear Time.

Practical Timing Side-Channel Attacks on Memory Compression.

TEEzz: Fuzzing Trusted Applications on COTS Android Devices.

Half&Half: Demystifying Intel's Directional Branch Predictors for Fast, Secure Partitioned Execution.

Half&Half: Demystifying Intel's Directional Branch Predictors for Fast, Secure Partitioned Execution.

Improving Developers' Understanding of Regex Denial of Service Tools through Anti-Patterns and Fix Strategies.

Practical Program Modularization with Type-Based Dependence Analysis.

WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches.

SoK: Certified Robustness for Deep Neural Networks.

RAB: Provable Robustness Against Backdoor Attacks.

ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic Masking.

PublicCheck: Public Integrity Verification for Services of Run-time Deep Models.

FedRecover: Recovering from Poisoning Attacks in Federated Learning using Historical Information.

On The Empirical Effectiveness of Unrealistic Adversarial Hardening Against Realistic Adversarial Attacks.

Rethinking Searchable Symmetric Encryption.

Private Collaborative Data Cleaning via Non-Equi PSI.

Private Collaborative Data Cleaning via Non-Equi PSI.

SPHINCS+C: Compressing SPHINCS+ With (Almost) No Cost.

Threshold Signatures in the Multiverse.

FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation.

Token meets Wallet: Formalizing Privacy and Revocation for FIDO2.

SoK: Taxonomy of Attacks on Open-Source Software Supply Chains.

It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security.

"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain.

Continuous Intrusion: Characterizing the Security of Continuous Integration Services.

ShadowNet: A Secure and Efficient On-device Model Inference System for Convolutional Neural Networks.

Deepfake Text Detection: Limitations and Opportunities.

StyleFool: Fooling Video Classification Systems via Style Transfer.

GeeSolver: A Generic, Efficient, and Effortless Solver with Self-Supervised Learning for Breaking Text Captchas.

TrojanModel: A Practical Trojan Attack against Automatic Speech Recognition Systems.

REGA: Scalable Rowhammer Mitigation with Refresh-Generating Activations.

CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer.

Jolt: Recovering TLS Signing Keys via Rowhammer Faults.

Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testing.

Spectre Declassified: Reading from the Right Place at the Wrong Time.

Volttack: Control IoT Devices by Manipulating Power Supply Voltage.

Inducing Wireless Chargers to Voice Out for Inaudible Command Attacks.

mmSpoof: Resilient Spoofing of Automotive Millimeter-wave Radars using Reflect Array.

PLA-LiDAR: Physical Laser Attacks against LiDAR-based 3D Object Detection in Autonomous Vehicle.

mmEcho: A mmWave-based Acoustic Eavesdropping Method.

Side Eye: Characterizing the Limits of POV Acoustic Eavesdropping from Smartphone Cameras with Rolling Shutters and Movable Lenses.

3DFed: Adaptive and Extensible Framework for Covert Backdoor Attack in Federated Learning.

Scalable and Privacy-Preserving Federated Principal Component Analysis.

Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential Privacy.

Spectral-DP: Differentially Private Deep Learning through Spectral Perturbation and Filtering.

ELSA: Secure Aggregation for Federated Learning with Malicious Actors.

No One Drinks From the Firehose: How Organizations Filter and Prioritize Vulnerability Information.

Vulnerability Discovery for All: Experiences of Marginalization in Vulnerability Discovery.

"We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startups.

"How technical do you get? I'm an English teacher": Teaching and Learning Cybersecurity and AI Ethics in High School.

Everybody's Got ML, Tell Me What Else You Have: Practitioners' Perception of ML-Based Security Tools and Explanations.

Precise Detection of Kernel Data Races with Probabilistic Lockset Analysis.

SegFuzz: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing.

AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities.

AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities.

When Top-down Meets Bottom-up: Detecting and Exploiting Use-After-Cleanup Bugs in Linux Kernel.

RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing.

A Theory to Instruct Differentially-Private Learning via Clipping Bias Reduction.

Continual Observation under User-level Differential Privacy.

Locally Differentially Private Frequency Estimation Based on Convolution Framework.

Telepath: A Minecraft-based Covert Communication System.

Discop: Provably Secure Steganography in Practice Based on "Distribution Copies".

SQUIP: Exploiting the Scheduler Queue Contention Side Channel.

Scatter and Split Securely: Defeating Cache Contention and Occupancy Attacks.

DevIOus: Device-Driven Side-Channel Attacks on the IOMMU.

DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data.

A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs.

Examining Zero-Shot Vulnerability Repair with Large Language Models.

Examining Zero-Shot Vulnerability Repair with Large Language Models.

Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive Learning.

XFL: Naming Functions in Binaries with Extreme Multi-label Learning.

D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling.

GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics.

Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation.

SoK: Decentralized Finance (DeFi) Attacks.

BlindHub: Bitcoin-Compatible Privacy-Preserving Payment Channel Hubs Supporting Variable Amounts.

Optimistic Fast Confirmation While Tolerating Malicious Majority in Blockchains.

Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts.

Tyr: Finding Consensus Failure Bugs in Blockchain System with Behaviour Divergent Model.

Leaking Arbitrarily Many Secrets: Any-out-of-Many Proofs and Applications to RingCT Protocols.

Could you clean up the Internet with a Pit of Tar? Investigating tarpit feasibility on Internet worms.

Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale.

Limits of I/O Based Ransomware Detection: An Imitation Based Attack.

From Grim Reality to Practical Solution: Malware Classification in Real-World Noise.

SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions.

Collaborative Ad Transparency: Promises and Limitations.

Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities.

UTopia: Automatic Generation of Fuzz Driver using Unit Tests.

SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration.

ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing.

The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web.

WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms.

Detection of Inconsistencies in Privacy Practices of Browser Extensions.

TeSec: Accurate Server-side Attack Investigation for Web Applications.

Characterizing Everyday Misuse of Smart Home Devices.

"It's up to the Consumer to be Smart": Understanding the Security and Privacy Attitudes of Smart Home Users on Reddit.

User Perceptions and Experiences with Smart Home Updates.

Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments.

When and Why Do People Want Ad Targeting Explanations? Evidence from a Four-Week, Mixed-Methods Field Study.

SecureCells: A Secure Compartmentalized Architecture.

WaVe: a verifiably secure WebAssembly sandboxing runtime.

μSwitch: Fast Kernel Context Isolation with Implicit Context Switches.

Control Flow and Pointer Integrity Enforcement in a Secure Tagged Architecture.

EC: Embedded Systems Compartmentalization via Intra-Kernel Isolation.

Low-Cost Privilege Separation with Compile Time Compartmentalization for Embedded Systems.

One Key to Rule Them All: Secure Group Pairing for Heterogeneous IoT Devices.

Optimistic Access Control for the Smart Home.

Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards.

LazyTAP: On-Demand Data Minimization for Trigger-Action Applications.

Blue's Clues: Practical Discovery of Non-Discoverable Bluetooth Devices.

DeHiREC: Detecting Hidden Voice Recorders via ADC Electromagnetic Radiation.

IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation.

From 5G Sniffing to Harvesting Leakages of Privacy-Preserving Messengers.

Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects.

Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable Switches.

PCSPOOF: Compromising the Safety of Time-Triggered Ethernet.

BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations.

ViDeZZo: Dependency-aware Virtual Device Fuzzing.

DevFuzz: Automatic Device Model-Guided Device Driver Fuzzing.

SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers.

QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries.

Pyfet: Forensically Equivalent Transformation for Python Binary Decompilation.

Adaptive Risk-Limiting Comparison Audits.

Blue Is the New Black (Market): Privacy Leaks and Re-Victimization from Police-Auctioned Cellphones.

No Privacy in the Electronics Repair Industry.

How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices.

Privacy Leakage via Unrestricted Motion-Position Sensors in the Age of Virtual Reality: A Study of Snooping Typed Input on Virtual Keyboards.

Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels.

MagBackdoor: Beware of Your Loudspeaker as A Backdoor For Magnetic Injection Attacks.

Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing.

Low-effort VR Headset User Authentication Using Head-reverberated Sounds with Replay Resistance.