Collection of Security Papers

USENIX Sec 2020

Collection of Security Papers

All
IEEE S&P
IEEE S&P
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ACM CCS
ACM CCS
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
USENIX Sec
USENIX Sec
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
NDSS
NDSS
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ICSE
ICSE
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015-1
- 2015-2
ISSTA
ISSTA
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015

USENIX Sec 2020

159 papers accepted.

Updated on 2023-09-08.

You can find the lastest information here.

A Formal Analysis of IEEE 802.11's WPA2: Countering the Kracks Caused by Cracking the Counters.

Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets.

Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks.

You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFi.

Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE.

A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web.

Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It.

Empirical Measurement of Systemic 2FA Usability.

What Twitter Knows: Characterizing Ad Targeting Practices, User Perceptions, and Ad Explanations Through Users' Own Twitter Data.

The Impact of Ad-Blockers on Product Search and Purchase Behavior: A Lab Experiment.

Symbolic execution with SymCC: Don't interpret, compile!

Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code.

Everything Old is New Again: Binary Security of WebAssembly.

AURORA: Statistical Crash Analysis for Automated Root Cause Explanation.

SmartVerif: Push the Limit of Automation Capability of Verifying Security Protocols by Dynamic Strategies.

BigMAC: Fine-Grained Policy Analysis of Android Firmware.

From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security.

FANS: Fuzzing Android Native System Services via Automated Interface Analysis.

Chaperone: Real-time Locking and Loss Prevention for Smartphones.

Towards HTTPS Everywhere on Android: We Are Not There Yet.

Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale.

PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists.

Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis.

See No Evil: Phishing for Permissions with False Transparency.

A different cup of TI? The added value of commercial threat intelligence.

HybCache: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments.

CopyCat: Controlled Instruction-Level Attacks on Enclaves.

An Off-Chip Attack on Hardware Enclaves via the Memory Bus.

Civet: An Efficient Java Partitioning Framework for Hardware Enclaves.

BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof.

EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet.

ShadowMove: A Stealthy Lateral Movement Strategy.

Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices.

Programmable In-Network Security for Context-aware BYOD Policies.

A Longitudinal and Comprehensive Study of the DANE Ecosystem in Email.

NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities.

Shim Shimmeny: Evaluating the Security and Privacy Contributions of Link Shimming in the Modern Web.

Cached and Confused: Web Cache Deception in the Wild.

A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web.

Retrofitting Fine Grain Isolation in the Firefox Renderer.

Zero-delay Lightweight Defenses against Website Fingerprinting.

Achieving Keyless CDNs with Conclaves.

SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients.

APEX: A Verified Architecture for Proofs of Execution on Remote Devices under Full Software Compromise.

PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation.

PHMon: A Programmable Hardware Monitor and Its Security Use Cases.

Horizontal Privilege Escalation in Trusted Applications.

TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves.

The 2020 Election: Remote Voting, Disinformation, and Audit.

Stealthy Tracking of Autonomous Vehicles with Cache Side Channels.

Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor Attack and Countermeasures.

SAVIOR: Securing Autonomous Vehicles with Robust Physical Invariants.

From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAY.

Drift with Devil: Security of Multi-Sensor Fusion based Localization in High-Level Autonomous Driving under GPS Spoofing.

Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT.

PCKV: Locally Differentially Private Correlated Key-Value Data Collection with Optimized Utility.

Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck.

Walking Onions: Scaling Anonymity Networks while Protecting Users.

Differentially-Private Control-Flow Node Coverage for Software Usage Analysis.

Visor: Privacy-Preserving Video Analytics as a Cloud Service.

Datalog Disassembly.

KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities.

Automatic Techniques to Systematically Discover New Heap Exploitation Primitives.

The Industrial Age of Hacking.

BScout: Direct Whole Patch Presence Test for Java Executables.

MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures.

Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation.

HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation.

Silhouette: Efficient Protected Shadow Stacks for Embedded Systems.

P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling.

COUNTERFOIL: Verifying Provenance of Integrated Circuits using Intrinsic Package Fingerprints and Inexpensive Cameras.

Hall Spoofing: A Non-Invasive DoS Attack on Grid-Tied Solar Inverter.

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning.

Exploring Connections Between Active Learning and Model Extraction.

Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries.

High Accuracy and High Fidelity Extraction of Neural Networks.

Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning.

TextShield: Robust Text Classification Based on Multimodal Embedding and Neural Machine Translation.

Data Recovery from "Scrubbed" NAND Flash Storage: Need for Analog Sanitization.

PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems.

Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis.

V0LTpwn: Attacking x86 Processor Integrity from Software.

DeepHammer: Depleting the Intelligence of Deep Neural Networks through Targeted Chain of Bit Flips.

SpecFuzz: Bringing Spectre-type vulnerabilities to the surface.

Digital Contact Tracing.

Security Analysis of Unified Payments Interface and Payment Apps in India.

Cardpliance: PCI DSS Compliance of Android Applications.

The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.

VoteAgain: A scalable coercion-resistant voting system.

Boxer: Preventing fraud by scanning credit cards.

Fawkes: Protecting Privacy against Unauthorized Deep Learning Models.

Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference.

Local Model Poisoning Attacks to Byzantine-Robust Federated Learning.

Justinian's GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent.

Interpretable Deep Learning under Fire.

Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86.

(Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization.

DECAF: Automatic, Adaptive De-bloating and Hardening of COTS Firmware.

McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers.

Temporal System Call Specialization for Attack Surface Reduction.

Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations.

Estonian Electronic Identity Card: Security Flaws in Key Management.

The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs.

Automating the Development of Chosen Ciphertext Attacks.

SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust.

A Spectral Analysis of Noise: A Comprehensive, Automated, Formal Analysis of Diffie-Hellman Protocols.

An Observational Investigation of Reverse Engineers' Processes.

The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums.

DatashareNetwork: A Decentralized Privacy-Preserving Search Engine for Investigative Journalists.

'I have too much respect for my elders': Understanding South African Mobile Users' Perceptions of Privacy and Current Behaviors on Facebook and WhatsApp.

RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks.

Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections.

Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures.

Certified Side Channels.

NetWarden: Mitigating Network Covert Channels while Preserving Performance.

TPM-FAIL: TPM meets Timing and Lattice Attacks.

Scaling Verifiable Computation Using Efficient Set Accumulators.

Pixel: Multi-signatures for Consensus.

SANNS: Scaling Up Secure Approximate k-Nearest Neighbors Search.

MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal zk-SNARKs.

Secure Multi-party Computation of Differentially Private Median.

That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers.

Composition Kills: A Case Study of Email Sender Authentication.

Detecting Stuffing of a User's Credentials at Her Own Accounts.

Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks.

Human Distinguishable Visual Key Fingerprints.

FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning.

FuzzGen: Automatic Fuzzer Generation.

ParmeSan: Sanitizer-guided Greybox Fuzzing.

EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit.

MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs.

On Training Robust PDF Malware Classifiers.

Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines.

FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware.

Automatic Hot Patch Generation for Android Kernels.

iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Applications.

SEAL: Attack Mitigation for Encrypted Databases via Adjustable Leakage.

Pancake: Frequency Smoothing for Encrypted Data Stores.

Droplet: Decentralized Authorization and Access Control for Encrypted Data Streams.

Secure parallel computation on national scale volumes of data.

Delphi: A Cryptographic Inference Service for Neural Networks.

Analysis of DTLS Implementations Using Protocol State Fuzzing.

Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints.

USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation.

GREYONE: Data Flow Sensitive Fuzzing.

Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection.

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer.

Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems.

SkillExplorer: Understanding the Behavior of Skills in Large Scale.

Devil's Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices.

Void: A fast and light voice liveness detection system.

Preech: A System for Privacy-Preserving Speech Transcription.

BlockSci: Design and applications of a blockchain analysis platform.

Remote Side-Channel Attacks on Anonymous Transactions.

ETHBMC: A Bounded Model Checker for Smart Contracts.

TXSPECTOR: Uncovering Attacks in Ethereum from Transactions.

An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum Ecosystem.