Skip to content

Round 1 Accepted Papers

The Catcher in the Eye: Recognizing Users by their Blinks
Ryo Iijima (Waseda University, Japan), Tatsuya Takehisa (Waseda University, Japan), Tetsushi Ohki (Shizuoka University, Japan), Tatsuya Mori (Waseda University, Japan)
SilentProof: Anonymous Authentication with Blockchain-Backed Offloading
Jamal H. Mosakheil (The University of Memphis, USA), Kan Yang (The University of Memphis, USA)
What is in the Chrome Web Store?
Sheryl Hsu (Stanford University, USA), Manda Tran (Stanford University, USA), Aurore Fass (Stanford University & CISPA Helmholtz Center for Information Security, Germany)
Username Squatting on Online Social Networks: A Study on X
Anastasios Lepipas (Imperial College London, UK), Anastasia Borovykh (Imperial College London, UK), Soteris Demetriou (Imperial College London, UK)
Sync-Millibottleneck Attack on Microservices Cloud Architecture
Xuhang Gu (Louisiana State University, USA), Qingyang Wang (Louisiana State University, USA), Qiben Yan (Michigan State University, USA), Jianshu Liu (Louisiana State University, USA), Calton Pu (Georgia Tech, USA)
Mayhem: Targeted Corruption of Register and Stack Variables
Andrew Adiletta (Worcester Polytechnic Institute, USA), M. Caner Tol (Worcester Polytechnic Institute, USA), Yarkın Doröz (Worcester Polytechnic Institute, USA), Berk Sunar (Worcester Polytechnic Institute, USA)
Make out like a (Multi-Armed) Bandit: Improving the Odds of Fuzzer Seed Scheduling with T-Scheduler
Simon Luo (The University of New South Wales, Australia), Adrian Herrera (Australian National Univeristy, Australia), Paul Quirk (DSTG, Australia), Michael Chase (DSTG, Australia), Damith C. Ranasinghe (University of Adelaide, Australia), Salil S Kanhere (The University of New South Wales, Australia)
Madtls: Fine-grained Middlebox-aware End-to-end Security for Industrial Communication
Eric Wagner (Fraunhofer FKIE & RWTH Aachen University, Germany), David Heye (RWTH Aachen University & Fraunhofer FKIE, Germany), Martin Serror (Fraunhofer FKIE, Germany), Ike Kunze (RWTH Aachen University, Germany), Klaus Wehrle (RWTH Aachen University, Germany), Martin Henze (RWTH Aachen University & Fraunhofer FKIE, Germany)
ALLOSAUR: Accumulator with Low-Latency Oblivious Sublinear Anonymous credential Updates with Revocations
Samuel Jaques (University of Waterloo, Canada), Hart Montgomery (The Linux Foundation, USA), Michael Lodder (LIT Protocol, USA)
SyzRisk: A Change-Pattern-Based Continuous Kernel Regression Fuzzer
Gwangmu Lee (EPFL, Switzerland), Duo Xu (EPFL, Switzerland), Solmaz Salimi (Sharif University of Technology, Iran), Byoungyoung Lee (Seoul National University, South Korea), Mathias Payer (EPFL, Switzerland)
TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEs
Jonas Röckl (FAU Erlangen-Nürnberg, Germany), Nils Bernsdorf (FAU Erlangen-Nürnberg, Germany), Tilo Müller (Hof University of Applied Sciences, Germany)
Building Your Own Trusted Execution Environments Using FPGA
MD Armanuzzaman (University at Buffalo, USA), Ahmad-Reza Sadeghi (Technische Universität Darmstadt, Germany), Ziming Zhao (University at Buffalo, USA)
FAKEPCD: Fake Point Cloud Detection via Source Attribution
Yiting Qu (CISPA Helmholtz Center for Information Security, Germany), Zhikun Zhang (CISPA Helmholtz Center for Information Security, Germany), Yun Shen (Netapp, UK), Michael Backes (CISPA Helmholtz Center for Information Security, Germany), Yang Zhang (CISPA Helmholtz Center for Information Security, Germany)
Publishing Common Neighbors Histograms of Social Networks under Edge Differential Privacy
Chaojie Lv (University of Science and Technology of China, China), Xiaokui Xiao (NUS, Singapore), Lan Zhang (University of Science and Technology of China, China), Ting Yu (Qatar Computing Research Institute, Qatar)
Towards Understanding and Improving Security-Relevant Web Application Logging
Merve Sahin (SAP Security Research, France), Noemi Daniele (SAP Security Research, France)
C2Miner: Tricking IoT Malware into Revealing Live Command & Control Servers
Ali Davanian (University of California Riverside, USA), Michail Faloutsos (University of California Riverside, USA), Martina Lindorfer (TU Wien, Austria)
WebGPU-SPY: Finding Fingerprints in the Sandbox through GPU Cache Attacks
Ethan Ferguson (Binghamton University, USA), Adam Wilson (Binghamton University, USA), Hoda Naghibijouybari (Binghamton University, USA)
SoK: Can We Really Detect Cache Side-Channel Attacks by Monitoring Performance Counters?
William Kosasih (University of Adelaide, Australia), Yusi Feng (Chinese Academy of Sciences, China & University of Chinese Academy of Sciences, China), Chitchanok Chuengsatiansup (The University of Melbourne, Australia), Yuval Yarom (Ruhr University Bochum, Germany), Ziyuan Zhu (Chinese Academy of Sciences, China)
SoK: Understanding Design Choices and Pitfalls of Trusted Execution Environments
Mengyuan Li (Massachusetts Institute of Technology, USA), Yuheng Yang (Massachusetts Institute of Technology, USA), Guoxing Chen (Shanghai Jiao Tong University, China), Mengjia Yan (Massachusetts Institute of Technology, USA), Yinqian Zhang (Southern University of Science and Technology, China)
Immutable Memory Management Metadata for Commodity Operating System Kernels
Marius Momeu (Technical University of Munich, Germany), Fabian Kilger (Technical University of Munich, Germany), Christopher Roemheld (Technical University of Munich, Germany), Simon Schnückel (Technical University of Munich, Germany), Sergej Proskurin (BedRock Systems, USA), Michalis Polychronakis (Stony Brook University, USA), Vasileios P. Kemerlis (Brown University, USA)
Fuzzing API Error Handling Behaviors using Coverage Guided Fault Injection
Shashank Sharma (Purdue University, USA), Sai Ritvik Tanksalkar (Purdue University, USA), Sourag Cherupattamoolayil (Purdue University, USA), Aravind Machiry (Purdue University, USA)
SPRITE: Secure and Private Routing in Payment Channel Networks
Gaurav Panwar (New Mexico State University, USA), Roopa Vishwanathan (New Mexico State University, USA), George Torres (New Mexico State University, USA), Satyajayant Misra (New Mexico State University, USA)
AIMFuzz: Automated Function-Level In-Memory Fuzzing on Binaries
TaeWook Kim (Hanyang University, South Korea), Sukhyun Hong (Hanyang University, South Korea), Yeongpil Cho (Hanyang University, South Korea)
Diagnosis-guided Attack Recovery for Securing Robotic Vehicles from Sensor Deception Attacks
Pritam Dash (University of British Columbia, Canada), Guanpeng Li (University of Iowa, USA), Mehdi Karimibiuki (University of British Columbia, Canada), Karthik Pattabiraman (University of British Columbia, Canada)
Beyond Over-Protection: A Targeted Approach to Spectre Mitigation and Performance Optimization
Tiziano Marinaro (CISPA Helmholtz Center for Information Security & Saarland University, Germany), Pablo Buiras (KTH Royal Institute of Technology, Sweden), Andreas Lindner (KTH Royal Institute of Technology, Sweden), Roberto Guanciale (KTH Royal Institute of Technology, Sweden), Hamed Nemati (KTH Royal Institute of Technology, Sweden)
SoK: False Information, Bots and Malicious Campaigns: Demystifying Elements of Social Media Manipulations
Mohammad Majid Akhtar (University of New South Wales, Australia), Rahat Masood (University of New South Wales, Australia), Muhammad Ikram (Macquarie University, Australia), Salil S Kanhere (University of New South Wales, Australia)
Camel: E2E Verifiable Instant Runoff Voting without Tallying Authorities
Luke Harrison (University of Warwick, UK), Samiran Bag (University of Warwick, UK), Feng Hao (University of Warwick, UK)
RACED: Routing in Payment Channel Networks Using Distributed Hash Tables
Kartick Kolachala (New Mexico State University, USA), Mohammed Ababneh (New Mexico State University, USA), Roopa Vishwanathan (New Mexico State University, USA)
Uncovering Covert Attacks on EV Charging Infrastructure: How OCPP Backend Vulnerabilities Could Compromise Your System
Khaled Sarieddine (Concordia University, Canada), Mohammad Ali Sayed (Concordia University, Canada), Sadegh Torabi (George Mason University, USA), Ribal Attallah (Hydro-Quebec Research Institute, Canada), Danial Jafarigiv (Hydro-Quebec Research Institute, Canada), Chadi Assi (Concordia University, Canada), Mourad Debbabi (Concordia University, Canada)
X-Ray-TLS: Transparent Decryption of TLS Sessions by Extracting Session Keys from Memory
Florent Moriconi (EURECOM, France), Olivier Levillain (Télécom SudParis, Institut Polytechnique de Paris, France), Aurélien Francillon (EURECOM, France), Raphael Troncy (EURECOM, France)
DMTI: Accelerating Memory Error Detection in Precompiled C/C++ Binaries with ARM Memory Tagging Extension
Andreas Hager-Clukas (University of Applied Sciences Munich, Geramany), Konrad Hohentanner (Fraunhofer AISEC, Germany)
Revocable TACO: Revocable Threshold based Anonymous Credentials over Blockchains
Kanchan Bisht (IIT Hyderabad, India), Neel Yogendra Kansagra (IIT Hyderabad, India), Reisha Ali (IIT Hyderabad, India), Mohammed Sayeed Shaik (IIT Hyderabad, India), Maria Francis (IIT Hyderabad, India), Kotaro Katoka (IIT Hyderabad, India)
Unstoppable Wallets: Chain-assisted Threshold ECDSA and its Applications
Guy Zyskind (MIT, USA), Avishay Yanai (VMware Research, Israel), Alex Pentland (MIT, USA)
Semantic Ranking for Automated Adversarial Technique Annotation in Security Text
Udesh Kumarasinghe (University of Colombo, Sri Lanka), Ahmed Lekssays (Qatar Computing Research Institute, Qatar), Husrev Taha Sencar (Qatar Computing Research Institute, Qatar), Sabri Boughorbel (Qatar Computing Research Institute, Qatar), Charitha Elvitigala (C2CSI, Sri Lanka), Preslav Nakov (MBZUAI, UAE)
Unmasking the Veiled: A Comprehensive Analysis of Android Evasive Malware
Antonio Ruggia (University of Genova, Italy), Dario Nisi (EURECOM, France), Savino Dambra (EURECOM, France), Alessio Merlo (CASD – School for Advanced Defense Studies, Italy), Davide Balzarotti (EURECOM, France), Simone Aonzo (EURECOM, France)
Charting the Path to SBOM Adoption: A Business Stakeholder-Centric Approach
Berend Kloeg (Northwave Cyber Security, Netherlands), Aaron Yi Ding (TU Delft, Netherlands), Sjoerd Pellegrom (Northwave Cyber Security, Netherlands), Yury Zhauniarovich (TU Delft, Netherlands)
SuperShift Attacks: Exploiting Mobile Super Apps From Desktop Platforms
Chao Wang (The Ohio State University, USA), Yue Zhang (Drexel University, USA), Zhiqiang Lin (The Ohio State University, USA)
PARL: Poisoning Attacks Against Reinforcement Learning-based Recommender Systems
Linkang Du (Zhejiang University, China), Quan Yuan (Zhejiang University, China), Min Chen (CISPA Helmholtz Center for Information Security, Germany), Mingyang Sun (Zhejiang University, China), Peng Cheng (Zhejiang University, China), Jiming Chen (Zhejiang University, China), Zhikun Zhang (Stanford University, USA)
On Practicality of Using ARM TrustZone Trusted Execution Environment for Securing Programmable Logic Controllers
Zhiang Li (National University of Singapore, Singapore), Daisuke Mashima (Illinois ARCS, Singapore), Wen Shei Ong (Illinois ARCS, Singapore), Ertem Esiner (Illinois ARCS, Singapore), Zbigniew Kalbarczyk (University of Illinois at Urbana-Champaign, USA), Ee-Chien Chang (National University of Singapore, Singapore)
Pairwise and Parallel: Enhancing the Key Mismatch Attacks on Kyber and Beyond
Mingyao Shao (Institute of Information Engineering, CAS, China & School of Cyber Security, UCAS, China), Yuejun Liu (School of Cyber Science and Engineering, NJUST, China), Yongbin Zhou (School of Cyber Science and Engineering, NJUST, China & Institute of Information Enginee, CAS, China & School of Cyber Security, UCAS, China)
Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8
Markus Bauer (CISPA Helmholtz Center for Information Security, Germany), Lorenz Hetterich (CISPA Helmholtz Center for Information Security, Germany), Michael Schwarz (CISPA Helmholtz Center for Information Security, Germany), Christian Rossow (CISPA Helmholtz Center for Information Security, Germany)
zkLogis: Scalable, Privacy-Enhanced, and Traceable Logistics on Public Blockchain
Jongho Kim (Hanyang University, South Korea), Junhee Lee (Hanyang University, South Korea), Hyunok Oh (Hanyang University, South Korea), Jihye Kim (Kookmin University, South Korea)
CapsuleFormer: A Capsule and Transformer combined model for Decentralized Application encrypted traffic classification
Xiang Zhou (Shenzhen International Graduate School, Tsinghua University,China), Xi Xiao (Shenzhen International Graduate School, Tsinghua University, China), Qing Li (Peng Cheng Laboratory, China), Bin Zhang (Peng Cheng Laboratory, China), Guangwu Hu (Shenzhen Institute of Information Technology, China), Xiapu Luo (The Hong Kong Polytechnic University, China), Tianwei Zhang (Nanyang Technological University, Singapore)
ABBY: Automating leakage modelling for side-channel analysis
Omid Bazangani (Radboud University, Netherlands), Alexandre Iooss (Radboud University, Netherlands), Ileana Buhan (Radboud University, Netherlands), Lejla Batina (Radboud University, Netherlands)
BinGo: Identifying Security Patches in Binary Code with Graph Representation Learning
Xu He (George Mason University, USA), Shu Wang (George Mason University, USA), Pengbin Feng (Xidian University, China), Xinda Wang (The University of Texas at Dallas, USA), Shiyu Sun (George Mason University, USA), Qi Li (Tsinghua University, China), Kun Sun (George Mason University, USA)
zkMatrix: Batched Short Proof for Committed Matrix Multiplication
Mingshu Cong (The University of Hong Kong, China), Tsz Hon Yuen (The University of Hong Kong, China), Siu-Ming Yiu (The University of Hong Kong, China)
Segment-Based Formal Verification of WiFi Fragmentation and Power Save Mode
Zilin Shen (Purdue University, USA), Imtiaz Karim (Purdue University, USA), Elisa Bertino (Purdue University, USA)
SpotOn: Adversarially Robust Keyword Spotting on Resource-Constrained IoT Platforms
Mehreen Jabbeen (Indian Institute of Technology, Delhi, India), Vireshwar Kumar (Indian Institute of Technology, Delhi, India), Rijurekha Sen (Indian Institute of Technology, Delhi, India)
OASIS: An Intrusion Detection System Embedded in Bluetooth Low Energy Controllers
Romain Cayre (EURECOM, France), Vincent Nicomette (LAAS-CNRS, France), Guillaume Auriol (LAAS-CNRS, France), Mohamed Kaâniche (LAAS-CNRS, France), Aurélien Francillon (EURECOM, France)
BlindShuffler: Universal and Trustless Mixing for Confidential Transactions
Chenke Wang (Shanghai Jiao Tong University, China), Zhonghui Ge (Shanghai Jiao Tong University, China), Yu Long (Shanghai Jiao Tong University, China), Xian Xu (East China University of Science and Technology, China), Shi-Feng Sun (Shanghai Jiao Tong University, China), Dawu Gu (Shanghai Jiao Tong University, China)
TriSAS: Toward Dependable Inter-SAS Coordination with Auditability
Shanghao Shi (Virginia Tech, USA), Yang Xiao (University of Kentucky, UK), Changlai Du (Virginia Tech, USA), Yi Shi (Virginia Tech, USA), Chonggang Wang (InterDigital, USA), Robert Gazda (InterDigital, USA), Y. Thomas Hou (Virginia Tech, USA), Eric Burger (Virginia Tech, USA), Luiz DaSilva (Virginia Tech, USA), Wenjing Lou (Virginia Tech, USA)
Key Establishment for Secure Asymmetric Cross-Technology Communication
Wei Wang (Saint Louis University, USA), Xin Liu (The Ohio State University, USA), Zicheng Chi (Cleveland State University, USA), Stuart Ray (Saint Louis University, USA), Ting Zhu (The Ohio State University, USA)
Exposed by Default: A Security Analysis of Home Router Default Settings
Junjian Ye (Nanjing University of Posts and Telecommunications, China), Xavier de Carné de Carnavalet (The Hong Kong Polytechnic University, China), Lianying Zhao (Carleton University, Canada), Mengyuan Zhang (The Hong Kong Polytechnic University, China), Lifa Wu (Nanjing University of Posts and Telecommunications, China), Wei Zhang (Nanjing University of Posts and Telecommunications, China)
Catch me if you can: Covert Information Leakage from Drones using MAVLink Protocol
Maryna Veksler (Florida International University, USA), Kemal Akkaya (Florida International University, USA), Selcuk Uluagac (Florida International University, USA)
Skye: An Expanding PRF based Fast KDF and its Applications
Amit Singh Bhati (COSIC, KU Leuven, Belgium), Antonín Dufka (Masaryk University, Czech Republic), Elena Andreeva (Technical University of Vienna, Austria), Arnab Roy (University of Innsbruck, Austria), Bart Preneel (COSIC, KU Leuven, Belgium)
DISCO: Dynamic Searchable Encryption with Constant State
Xiangfu Song (National University of Singapore, Singapore), Yu Zheng (Chinese University of Hong Kong, China), Jianli Bai (University of Auckland, New Zealand), Changyu Dong (Guangzhou University, China), Zheli Liu (Nankai University, China), Ee-Chien Chang (National University of Singapore, Singapore)
MultiTEE: Distributing Trusted Execution Environments
Simon Ott (Fraunhofer AISEC, Germany), Benjamin Orthen (Fraunhofer AISEC, Germany), Alexander Weidinger (Fraunhofer AISEC, Germany), Julian Horsch (Fraunhofer AISEC, Germany), Vijayanand Nayani (Huawei Technologies, Finland), Jan-Erik Ekberg (Huawei Technologies, Finland)
Look What’s There! Utilizing the Internet’s Existing Data for Censorship Circumvention with OPPRESSION
Sebastian Zillien (Hochschule Worms, Germany), Tobias Schmidbauer (Bavarian State Office for IT-Security, Germany), Mario Kubek (Georgia State University, USA), Joerg Keller (FernUniversität in Hagen, Germany), Steffen Wendzel (Hochschule Worms & FernUniversität in Hagen, Germany)
BinAdapter: Leveraging Continual Learning for Inferring Function Symbol Names in a Binary
Nozima Murodova (Sungkyunkwan University, South Korea), Hyungjoon Koo (Sungkyunkwan University, South Korea)
SoK: CryptographicEstimators — a Software Library for Cryptographic Hardness Estimation
Andre Esser (Technology Innovation Institute, UAE), Javier Verbel (Technology Innovation Institute, UAE), Floyd Zweydinger (Technology Innovation Institute, UAE), Emanuele Bellini (Technology Innovation Institute, UAE)
On The Effect of Replacement Policies on The Security of Randomized Cache Architectures
Moritz Peters (Ruhr University Bochum, Germany), Nicolas Gaudin (Université Bretagne Sud, France), Jan Philipp Thoma (Ruhr University Bochum, Germany), Vianney Lapôtre (Université Bretagne Sud, France), Pascal Cotret (Université Bretagne Sud, France), Guy Gogniat (Université Bretagne Sud, France), Tim Güneysu (Ruhr University Bochum, Germany)
Who’s Breaking the Rules? Studying Conformance to the HTTP Specifications and its Security Impact
Jannis Rautenstrauch (CISPA Helmholtz Center for Information Security, Germany), Ben Stock (CISPA Helmholtz Center for Information Security, Germany)
Transferable, Auditable and Anonymous Ticketing Protocol
Pascal Lafourcade (LIMOS, Universite Clermont Auvergne, France), Dhekra Mahmoud (LIMOS, Universite Clermont Auvergne, France), Gael Marcadet (LIMOS, Universite Clermont Auvergne, France), Charles Olivier-Anclin (LIMOS, Universite Clermont Auvergne, France)
SweetPAKE: Key exchange with decoy passwords
Afonso Arriaga (University of Luxembourg, Luxembourg), Marjan Skrobot (University of Luxembourg, Luxembourg), Peter Ryan (University of Luxembourg, Luxembourg)
OPRFs from Isogenies: Designs and Analysis
Lena Heimberger (Graz University of Technology, Austria), Tobias Hennerbichler (Graz University of Technology, Austria), Fredrik Meisingseth (Graz University of Technology & Know-Center, Austria), Sebastian Ramacher (AIT Austrian Institute of Technology, Austria), Christian Rechberger (Graz University of Technology, Austria)
PEPPER: Privacy-prEserving, auditable, and fair Payment based resource discovery at the PERvasive edge
Emrah Sariboz (New Mexico State University, USA), Reza Tourani (Saint Louis University, USA), Roopa Vishwanathan (New Mexico State University, USA), Satyajayant Misra (New Mexico State University, USA)
Non-Fusion Based Coherent Cache Randomization Using Cross-Domain Accesses
Kartik Ramkrishnan (University Of Minnesota, USA), Stephen McCamant (University Of Minnesota, USA), Antonia Zhai (University Of Minnesota, USA), Pen-Chung Yew (University of Minnesota at Twin Cities, USA)
MOSAIC: A Prune-and-Assemble Approach for Efficient Model Pruning in Privacy-Preserving Deep Learning
Yifei Cai (Old Dominion University, USA), Qiao Zhang (Chongqing University, China), Rui Ning (Old Dominion University, USA), Chunsheng Xin (Old Dominion University, USA), Hongyi Wu (University of Arizona, USA)
Decoding the MITRE Engenuity ATT&CK Enterprise Evaluation: An Analysis of EDR Performance in Real-World Environments
Xiangmin Shen (Northwestern University, USA), Zhenyuan Li (Zhejiang University, China), Graham Burleigh (Northwestern University, USA), Yan Chen (Northwestern University, USA), Lingzhi Wang (Northwestern University, USA)
SecPLF: Secure Protocols for Loanable Funds against Oracle Manipulation Attacks
Sanidhay Arora (University of Oregon, USA), Yingjiu Li (University of Oregon, USA), Yebo Feng (Nanyang Technological University, Singapore), Jiahua Xu (UCL, UK)
Self-Supervised Fine-Tuning of Automatic Speech Recognition Systems against Signal Processing Attacks
Oshan Jayawardena (University of Moratuwa, Sri Lanka), Dilmi Caldera (University of Moratuwa, Sri Lanka), Sandani Jayawardena (University of Moratuwa, Sri Lanka), Avishka Sandeepa (University of Moratuwa, Sri Lanka), Vincent Bindschaedler (University of Florida, USA), Subodha Charles (University of Moratuwa, Sri Lanka)
(In)visible Privacy Indicator: Security Analysis of Privacy Indicator on Android Devices
Yurak Choe (Sungkyunkwan University, South Korea), Hyungseok Yu (Samsung Electronics, South Korea), Taeho Kim (Samsung Electronics, South Korea), Shinjae Lee (Samsung Electronics, South Korea), Hojoon Lee (Sungkyunkwan University, South Korea), Hyoungshick Kim (Sungkyunkwan University, South Korea)
Mitigating Distributed Backdoor Attack in Federated Learning Through Mode Connectivity
Kane Walter (UNSW, Australia), Meisam Mohammady (Iowa State University of Science and Technology, USA), Surya Nepal (Data61, CSIRO, Australia), Salil S. Kanhere (UNSW, Australia)
Efficient Privacy-Preserving Approximation of the Kidney Exchange Problem
Malte Breuer (RWTH Aachen University, Germany), Ulrike Meyer (RWTH Aachen University, Germany), Susanne Wetzel (Stevens Institute of Technology, USA)