Collection of Security Papers

USENIX Sec 2018

Collection of Security Papers

All
IEEE S&P
IEEE S&P
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ACM CCS
ACM CCS
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
USENIX Sec
USENIX Sec
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
NDSS
NDSS
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ICSE
ICSE
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015-1
- 2015-2
ISSTA
ISSTA
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015

USENIX Sec 2018

101 papers accepted.

Updated on 2023-09-08.

You can find the lastest information here.

Fear the Reaper: Characterization and Fast Detection of Card Skimmers.

BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid.

Skill Squatting Attacks on Amazon Alexa.

CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition.

ACES: Automatic Compartments for Embedded Systems.

IMIX: In-Process Memory Isolation EXtension.

HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security.

Guarder: A Tunable Secure Allocator.

Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies.

Effective Detection of Multimedia Protocol Tunneling using Machine Learning.

Quack: Scalable Remote Measurement of Application-Layer Censorship.

Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse.

Forgetting of Passwords: Ecological Theory and Data.

The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to Strength.

Rethinking Access Control and Authentication for the Home Internet of Things (IoT).

ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem.

Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems.

Inception: System-Wide Security Testing of Real-World Embedded Systems Software.

Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices.

FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps.

Sensitive Information Tracking in Commodity IoT.

Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking.

Dependence-Preserving Data Compaction for Scalable Forensic Analysis.

A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning.

Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers.

NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications.

Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks.

How Do Tor Users Interact With Onion Services?

Towards Predicting Efficient and Anonymous Tor Circuits.

BurnBox: Self-Revocable Encryption in a World Of Compelled Access.

An Empirical Analysis of Anonymity in Zcash.

Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes.

AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning.

Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning.

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels.

The Dangers of Key Reuse: Practical Attacks on IPsec IKE.

One&Done: A Single-Decryption EM-Based Attack on OpenSSL's Constant-Time Blinded RSA.

DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries.

The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level.

SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection.

Practical Accountability of Secret Processes.

DIZK: A Distributed Zero Knowledge Proof System.

NetHide: Secure and Practical Network Topology Obfuscation.

Towards a Secure Zero-rating Framework with Three Parties.

MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation.

QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing.

Automatic Heap Layout Manipulation for Exploitation.

FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities.

The Secure Socket API: TLS as an Operating System Service.

Return Of Bleichenbacher's Oracle Threat (ROBOT).

Bamboozling Certificate Authorities with BGP.

The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI.

Debloating Software through Piece-Wise Compilation and Loading.

Precise and Accurate Patch Presence Test for Binaries.

From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild.

Understanding the Reproducibility of Crowd-reported Security Vulnerabilities.

Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think.

Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks.

Meltdown: Reading Kernel Memory from User Space.

Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution.

Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets.

Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces.

Schrödinger's RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem.

The aftermath of a crypto-ransomware attack at a large academic institution.

We Still Don't Have Secure Cross-Domain Requests: an Empirical Study of CORS.

End-to-End Measurements of Email Spoofing Attacks.

Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path.

End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks.

SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics.

FANCI : Feature-based Automated NXDomain Classification and Intelligence.

An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications.

Fast and Service-preserving Recovery from Malware Infections Using CRIU.

The Second Crypto War - What's Different Now.

The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX.

A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping.

Tackling runtime-based obfuscation in Android with TIRO.

Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation.

With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning.

When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks.

teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts.

Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts.

Arbitrum: Scalable, private smart contracts.

Erays: Reverse Engineering Ethereum's Opaque Smart Contracts.

DelegaTEE: Brokered Delegation Using Trusted Execution Environments.

Simple Password-Hardened Encryption Services.

Security Namespace: Making Linux Security Frameworks Available to Containers.

Shielding Software From Privileged Side-Channel Attacks.

Vetting Single Sign-On SDK Implementations via Symbolic Reasoning.

O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web.

WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring.

Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer.

Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors.

Modelling and Analysis of a Hierarchy of Distance Bounding Attacks.

Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets.

Formal Security Analysis of Neural Networks using Symbolic Intervals.

Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring.

A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation.

GAZELLE: A Low Latency Framework for Secure Neural Network Inference.