USENIX Sec 2017

85 papers accepted.

Updated on 2023-10-06.

You can find the lastest information here.

---

How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel.

Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts.

Ninja: Towards Transparent Tracing and Debugging on ARM.

Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX.

On the effectiveness of mitigations against floating-point timing channels.

Constant-Time Callees with Variable-Time Callers.

Neural Nets Can Learn Function Type Signatures From Binaries.

CAn't Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory.

Efficient Protection of Path-Sensitive Control Security.

Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities.

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels.

Venerable Variadic Vulnerabilities Vanquished.

Towards Practical Tools for Side Channel Aware Software Engineering: 'Grey Box' Modelling for Instruction Leakages.

Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory.

CacheD: Identifying Cache-Based Timing Channels in Production Software.

BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking.

PlatPal: Detecting Malicious Documents with Platform Diversity.

Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART.

Global Measurement of DNS Manipulation.

Characterizing the Nature and Dynamics of Tor Exit Blocking.

DeTor: Provably Avoiding Geographic Regions in Tor.

SmartAuth: User-Centered Authorization for the Internet of Things.

AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings.

6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices.

Identifier Binding Attacks and Defenses in Software-Defined Networks.

HELP: Helper-Enabled In-Band Device Pairing Resistant Against Signal Cancellation.

Attacking the Brain: Races in the SDN Control Plane.

Detecting Credential Spearphishing in Enterprise Settings.

SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data.

When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers.

Hacking in Darkness: Return-oriented Programming against Secure Enclaves.

vTZ: Virtualizing ARM TrustZone.

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing.

AuthentiCall: Efficient Identity and Content Authentication for Phone Calls.

Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment.

TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication.

Transcend: Detecting Concept Drift in Malware Classification Models.

Syntia: Synthesizing the Semantics of Obfuscated Code.

Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning.

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies.

CCSP: Controlled Relaxation of Content Security Policies by Runtime Policy Composition.

Same-Origin Policy: Evaluation in Modern Browsers.

Locally Differentially Private Protocols for Frequency Estimation.

BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model.

Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More.

BootStomp: On the Security of Bootloaders in Mobile Devices.

Seeing Through The Same Lens: Introspecting Guest Address Space At Native Speed.

Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers.

PDF Mirage: Content Masking Attack Against Information-Based Online Services.

Loophole: Timing Attacks on Shared Event Loops in Chrome.

Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers.

Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions.

Phoenix: Rebirth of a Cryptographic Password-Hardening Service.

Vale: Verifying High-Performance Cryptographic Assembly Code.

Exploring User Perceptions of Discrimination in Online Targeted Advertising.

Measuring the Insecurity of Mobile Deep Links of Android.

How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security.

Towards Efficient Heap Overflow Discovery.

DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers.

Dead Store Elimination (Still) Considered Harmful.

Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution.

CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management.

AutoLock: Why Cache Attacks on ARM Are Harder Than You Think.

Understanding the Mirai Botnet.

MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning.

Detecting Android Root Exploits by Learning from Root Providers.

USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs.

Reverse Engineering x86 Processor Microcode.

See No Evil, Hear No Evil, Feel No Evil, Print No Evil? Malicious Fill Patterns Detection in Additive Manufacturing.

The Loopix Anonymity System.

MCMix: Anonymous Messaging via Secure Multiparty Computation.

ORide: A Privacy-Preserving yet Accountable Ride-Hailing Service.

Adaptive Android Kernel Live Patching.

CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds.

ROTE: Rollback Protection for Trusted Execution.

A Longitudinal, End-to-End View of the DNSSEC Ecosystem.

Measuring HTTPS Adoption on the Web.

"I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS.

Beauty and the Burst: Remote Identification of Encrypted Video Streams.

Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks.

A Privacy Analysis of Cross-device Tracking.

SmartPool: Practical Decentralized Pooled Mining.

REM: Resource-Efficient Mining for Blockchains.

Ensuring Authorized Updates in Multi-user Database-Backed Applications.

Qapla: Policy compliance for database-backed systems.