Skip to content

Round 2 Accepted Papers

Generic and Automated Drive-by GPU Cache Attacks from the Browser
Lukas Giner (Graz University of Technology, Austria), Roland Czerny (Graz University of Technology, Austria), Christoph Gruber (Graz University of Technology, Austria), Fabian Rauscher (Graz University of Technology, Austria), Andreas Kogler (Graz University of Technology, Austria), Daniel De Almeida Braga (University of Rennes, CNRS, IRISA, France), Daniel Gruss (Graz University of Technology, Austria)
Physical-Layer Public Key Encryption Through Massive MIMO
Senlin Liu (Institute of Information Engineering, CAS, University of Chinese Academy of Sciences, China), Tong Gao (Institute of Information Engineering, CAS, University of Chinese Academy of Sciences, China), Yijian Liu (Institute of Information Engineering, CAS, University of Chinese Academy of Sciences, China), Xianhui Lu (Institute of Information Engineering, CAS, University of Chinese Academy of Sciences, China)
An Investigation into Misuse of Java Security APIs by Large Language Models
Zahra Mousavi (CREST – The Centre for Research on Engineering Software Technologies, University of Adelaide, Cyber Security Cooperative Research Centre, CSIRO/Data61, Australia), Chadni Islam (Queensland University of Technology, Australia), Kristen Moore (CSIRO’s Data61, Australia), Alsharif Abuadbba (CSIRO’s Data61, Australia), M. Ali Babar (CREST – The Centre for Research on Engineering Software Technologies, University of Adelaide, Australia)
HQsFL: A Novel Training Strategy for Constructing High-performance and Quantum-safe Federated Learning
Bo Yu (Bestpay Co., Ltd., China), Huajie Shen (Bestpay Co., Ltd., China), Qian Xu (Bestpay Co., Ltd., China), Wei He (Bestpay Co., Ltd., China), Wankui Mao (Bestpay Co., Ltd., China), Qing Zhang (Bestpay Co., Ltd., China), Fan Zhang (Zhejiang University, China)
Beyond the Edges of Kernel Control-Flow Hijacking Protection with HEK-CFI
Lukas Maar (Graz University of Technology, Graz, Austria), Pascal Nasahl (Graz University of Technology, Graz, Austria), Stefan Mangard (Graz University of Technology, Graz, Austria)
Privacy-Preserving Popularity-Based Deduplication against Malicious Behaviors of the Cloud
Xiaowei Ge (College of Cyber Science, Nankai University, China), Guanxiong Ha (College of Cyber Science, Nankai University, China), Chunfu Jia (Nankai University, China), Zhen Su (College of Cyber Science, Nankai University, China)
Towards Robust Domain Generation Algorithm Classification
Arthur Drichel (RWTH Aachen University, Germany), Marc Meyer (RWTH Aachen University, Germany), Ulrike Meyer (RWTH Aachen University, Germany)
Honest Majority Multiparty Computation over Rings with Constant Online Communication
Minghua Zhao (Shanghai Fudan Microelectronics Group Co.,Ltd, China)
A Formal Analysis of Data Distribution Service Security
Binghan Wang (Beijing University of Posts and Telecommunications, Beijing, China), Hui Li (Beijing University of Posts and Telecommunications, Beijing, China), Jingjing Guan (Beijing University of Posts and Telecommunications, Beijing, China)
Multi-Turn Hidden Backdoor in Large Language Model-powered Chatbot Models
Bocheng Chen (Michigan State University, USA), Nikolay Ivanov (Rowan University, USA), Guangjing Wang (Michigan State University, USA), Qiben Yan (Michigan State University, USA)
Single Round-trip Hierarchical ORAM via Succinct Indices
William Holland (CSIRO’s data61, Australia), Olga Ohrimenko (The University of Melbourne, Australia), Anthony Wirth (the University of Melbourne, Australia)
Reconstructing Chameleon Hash: Full Security and the Multi-Party Setting
Kwan Yin Chan (The University of Hong Kong, China), Liqun Chen (University of Surrey, UK), Yangguang Tian (University of Surrey, UK), Tsz Hon Yuen (Monash University, Australia)
Exploiting Data Redundancy in CKKS Encoding for High-Speed Homomorphic Encryption
Amir Sabbagh Molahosseini (Queen’s University Belfast, UK), Hans Vandierendonck (Queen’s University of Belfast, UK)
What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications
Sebastian Neef (Technische Universität Berlin, Germany), Lorenz Kleissner (Technische Universität Berlin, Germany), Jean-Pierre Seifert (Technische Universität Berlin, Germany)
CryptGraph: An Efficient Privacy-Enhancing Solution for Accurate Shortest Path Retrieval in Cloud Environments
Fuyi Wang (Deakin University, Australia), Zekai Chen (Fuzhou University, China), Lei Pan (Deakin University, Australia), Leo Yu Zhang (Griffith University, Australia), Jianying Zhou (Singapore University of Technology and Design, Singapore)
External Attack-Surface of Modern Organizations
Nethanel Gelernter (IONIX, Israel), Haya Schulmann (Goethe-Universität Frankfurt, Germany), Michael Waidner (Fraunhofer SIT and TU Darmstadt, Germany)
Secure Data-Binding in FPGA-based Hardware Architectures utilizing PUFs
Florian Frank (University of Passau, Germany), Martin Schmid (University of Passau, Germany), Felix Klement (University of Passau, Germany), Purushothaman Palani (Virginia Tech, USA), Andreas Weber (University of Passau, Germany), Elif BilgeKavun (University of Passau, Germany), Wenjie Xiong (Virginia Tech, USA), Tolga Arul (University of Passau, Germany), Stefan Katzenbeisser (University of Passau, Germany)
An Empirical Study of Consensus Protocols’ DoS Resilience
Giacomo Giuliari (ETH Zurich & Mysten Labs, Switzerland), Alberto Sonnino (Mysten Labs & University College London (UCL), UK), Marc Frei (ETH Zurich, Switzerland), Fabio Streun (Anapaya Systems, Switzerland), Lefteris Kokoris-Kogias (Mysten Labs & IST Austria, Austria), Adrian Perrig (ETH Zurich & Mysten Labs, Switzerland)
SoK: Rowhammer on Commodity Operating Systems
Zhi Zhang (The University of Western Australia, Australia), Decheng Chen (School of Microelectronics, South China University of Technology, China), Jiahao Qi (School of Microelectronics, South China University of Technology, China), Yueqiang Cheng (NIO, USA), Shijie Jiang (School of Microelectronics, South China University of Technology, China), Yiyang Lin (School of Microelectronics, South China University of Technology, China), Yansong Gao (CSIRO’s Data61, Australia), Surya Nepal (CSIRO’s Data61, Australia), Yi Zou (School of Microelectronics, South China University of Technology, China), Jiliang Zhang (College of Integrated Circuits, Hunan University, China), Yang Xiang (School of Software and Electrical Engineering, Swinburne University of Technology, Australia)
Quantum-Safe Account Recovery for WebAuthn
Douglas Stebila (University of Waterloo, Canada), Spencer MacLaren Wilson (University of Waterloo, Canada)
FakeX: A Framework for Detecting Fake Reviews of Browser Extensions
Eric Olsson (Chalmers University of Technology, Sweden), Benjamin Eriksson (Chalmers University of Technology, Sweden), Pablo Picazo-Sanchez (Chalmers University of Technology, Halmstad University, Sweden), Lukas Andersson (Chalmers University of Technology, Sweden), Andrei Sabelfeld (Chalmers University of Technology, Sweden)
Kirin: Hitting the Internet with Distributed BGP Announcements
Lars Prehn (Max Planck Institute for Informatics, Germany), Pawel Foremski (IITiS PAN / DomainTools, Poland), Oliver Gasser (IPinfo / Max Planck Institute for Informatics, Germany)
Efficient Unbalanced Quorum PSI from Homomorphic Encryption
Xinpeng Yang (Zhejiang University, China), Liang Cai (Zhejiang University, China), Yinghao Wang (Zhejiang University, China), Keting Yin (Zhejiang University, China), Lu Sun (Zhejiang University, China), Jingwei Hu (Nanyang Technological University, Singapore)
Model Extraction Attacks Revisited
Jiacheng Liang (Stony Brook University, USA), Ren Pang (Penn State University, USA), Changjiang Li (Stony Brook University, USA), Ting Wang (Stony Brook University, USA)
Cross-Language Differential Testing of JSON Parsers
Jonas Möller (Technische Universität Berlin, Germany), Jonas Möller (Technische Universität Berlin, Germany), Felix Weißberg (Technische Universität Berlin, Germany), Lukas Pirch (Technische Universität Berlin, Germany), Thorsten Eisenhofer (Technische Universität Berlin, Germany), Konrad Rieck (Technische Universität Berlin, Germany)
PowSpectre: Powering Up Speculation Attacks with TSX-based Replay
Md Hafizul Islam Chowdhuryy (University of Central Florida, USA), Zhenkai Zhang (Clemson University, USA), Fan Yao (University of Central Florida, USA)
Delegating FIDO Credentials Using Single-use ECDSA Signatures
Wei-Zhu Yeoh (CISPA Helmholtz Center for Information Security, Germany), Lucjan Hanzlik (CISPA Helmholtz Center for Information Security, Germany), Oliver Valta (CISPA Helmholtz Center for Information Security, Germany)
Menhir: An Oblivious Database with Protection against Access and Volume Pattern Leakage
Leonie Reichert (Technical University of Darmstadt, Germany), Gowri R Chandran (Technical University of Darmstadt, Germany), Phillipp Schoppmann (Google, USA), Thomas Schneider (Technical University of Darmstadt, Germany), Björn Scheuermann (Technical University of Darmstadt, Germany)
The SA4P Framework: Sensing and Actuation as a Privilege
Piet De Vaere (ETH Zurich, Switzerland), Felix Stöger (ETH Zürich, Switzerland), Adrian Perrig (ETH Zürich, Switzerland), Gene Tsudik (UCI, USA)
VFCFinder: Pairing Security Advisories and Patches
Trevor Dunlap (North Carolina State University, USA), Elizabeth Lin (North Carolina State University, USA), William Enck (North Carolina State University, USA), Bradley Reaves (North Carolina State University, USA)
Efficient Post-Quantum Secure Deterministic Threshold Wallets from Isogenies
Poulami Das (CISPA Helmholtz Center for Information Security, Germany), Andreas Erwig (Technical University of Darmstadt, Germany), Michael Meyer (University of Regensburg, Germany), Patrick Struck (University of Konstanz, Germany)
Formal Verification and Solutions for Estonian E-Voting
Sevdenur Baloglu (University of Luxembourg, Luxembourg), Sergiu Bursuc (University of Luxembourg, Luxembourg), Sjouke Mauw (University of Luxembourg, Luxembourg), Jun Pang (University of Luxembourg, Luxembourg)
Command Hijacking on Voice-Controlled IoT in Amazon Alexa Platform
Wenbo Ding (University at Buffalo, USA), Song Liao (Clemson University, USA), Long Cheng (Clemson University, USA), Xianghang Mi (University of Science and Technology of China, China), Ziming Zhao (University at Buffalo, USA), Hongxin Hu (University at Buffalo, USA)
SRAM Imprinting for System Protection and Differentiation
Jubayer Mahmod (Virginia Tech, USA), Matthew Hicks (Virginia Tech, USA)
LightPIR: Single-Server PIR via FHE without Gaussian Noise
Han Xia (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS; School of Cyber Security, University of Chinese Academy of Sciences, China), Mingsheng Wang (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS; School of Cyber Security, University of Chinese Academy of Sciences, China)
Beneath the Phishing Scripts: A Script-Level Analysis of Phishing Kits and Their Impact on Real-World Phishing Websites
Woonghee Lee (Korea University, South Korea), Junbeom Hur (Korea University, South Korea), Doowon Kim (University of Tennessee, Knoxville, USA)
ConFIDe: A PWM-Driven Control-Fused Intrusion Detection System for Hardware Security in Unmanned Aerial Vehicles
Muneeba Asif (Florida International University, USA), Ahmad Mohammad (Middle Tennessee State University, USA), Mohammad Ashiqur Rahman (Florida International University, USA), Kemal Akkaya (Florida International University, USA)
A Generative Framework for Low-Cost Result Validation of Machine Learning-as-a-Service Inference
Abhinav Kumar (Saint Louis University, USA), Miguel A. Guirao Aguilera (New Mexico State University, USA), Reza Tourani (Saint Louis University, USA), Satyajayant Misra (New Mexico State University, USA)
REPQC: Reverse Engineering and Backdooring Hardware Accelerators for Post-quantum Cryptography
Samuel Pagliarini (Carnegie Mellon University, USA/Tallinn University of Technology, Estonia), Aikata Aikata (Institute of Applied Information Processing and Communications, Graz University of Technology, Austria), Malik Imran (Tallinn University of Technology, Estonia), Sujoy Sinha Roy (Institute of Applied Information Processing and Communications, Graz University of Technology, Austria)
WhisperVoiceTrace: A Comprehensive Analysis of Voice Command Fingerprinting
Hyojin Kim (Ewha Womans University, South Korea), Minji Jo (Ewha Womans University, South Korea), Jiwoo Hong (Ewha Womans University, South Korea), Hosung Kang (Ewha Womans University, South Korea), Nate Mathews (Rochester Institute of Technology, USA), Se Eun Oh (Ewha Womans University, South Korea)
Tokenised Multi-client Provisioning for Dynamic Searchable Encryption with Forward and Backward Privacy
Arnab Bag (Indian Institute of Technology Kharagpur, India), Sikhar Patranabis (IBM Research India, India), Debdeep Mukhopadhyay (Department of Computer Science and Engineering, IIT Kharagpur, India)
VLIA: Navigating Shadows with Proximity for Highly Accurate Visited Location Inference Attack against Federated Recommendation Models
Thirasara Ariyarathna (University of New South Wales, Australia), Meisam Mohammady (Iowa State University of Science and Technology, USA), Hye-Young Paik (University of New South Wales, Australia), Salil S. Kanhere (University of New South Wales, Australia)
Byzantine Fault-Tolerant Aggregate Signatures
Quentin Kniep (ETH Zurich, Switzerland), Roger Wattenhofer (ETH Zurich, Switzerland)
Auroch: Auction-Based Multipath Routing for Payment Channel Networks
Mohammed Ababneh (New Mexico State University, USA), Kartick Kolachala (New Mexico State University, USA), Roopa Vishwanathan (New Mexico State University, USA)
Nomadic: Normalising Maliciously-Secure Distance with Cosine Similarity for Two-Party Biometric Authentication
Nan Cheng (University of St. Gallen, Switzerland), Melek Önen (EURECOM, France), Aikaterini Mitrokotsa (University of St. Gallen, Switzerland), Oubaïda Chouchane (EURECOM, France), Massimiliano Todisco (EURECOM, France), Alberto Ibarrondo (Copper.co, Switzerland)
Battle of Wits: To What Extent Can Fraudsters Disguise Their Tracks in International bypass Fraud?
Anne Josiane Kouam (TU Berlin, Germany), Aline Carneiro Viana (INRIA, France), Alain Tchana (Grenoble INP, France)
SiGBDT: Large-Scale Gradient Boosting Decision Tree Training via Function Secret Sharing
Yufan Jiang (Huawei European Research Center, Germany), Fei Mei (Huawei European Research Center, Germany), Tianxiang Dai (Huawei European Research Center, Germany), Yong Li (Huawei European Research Center, Germany)
ESem: To Harden Process Synchronization for Servers
Zhanbo Wang (Southern University of Science and Technology, China, and Peng Cheng Laboratory, China), Jiaxin Zhan (Research Institute of Trustworthy Autonomous Systems, Southern University of Science and Technology, China, and Southern University of Science and Technology, China), Xuhua Ding (Singapore Management University, Singapore), Fengwei Zhang (Southern University of Science and Technology China), Ning Hu (Peng Cheng Laboratory, China)
Cloud-Based Machine Learning Models as Covert Communication Channels
Torsten Krauß (University of Würzburg, Germany), Jasper Stang (University of Würzburg, Germany), Alexandra Dmitrienko (University of Würzburg, Germany)
Deep Dive into Client-Side Anti-Phishing: A Longitudinal Study Bridging Academia and Industry
Rana Pourmohamad (Arizona State University, USA), Steven Wirsz (Arizona State University, USA), Adam Oest (Arizona State University, USA), Tiffany Bao (Arizona State University, USA), Yan Shoshitaishvili (Arizona State University, USA), Ruoyu Wang (Arizona State University, USA), Adam Doupé (Arizona State University, USA), Rida A. Bazzi (Arizona State University, USA)
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing
Felix Weißberg (Technische Universität Berlin, Germany), Jonas Möller (Technische Universität Berlin, Germany), Tom Ganz (SAP SE, Germany), Erik Imgrund (SAP Security Research, Germany), Lukas Pirch (Technische Universität Berlin, Germany), Lukas Seidel (Binarly, Germany), Moritz Schloegel (CISPA Helmholtz Center for Information Security, Germany), Thorsten Eisenhofer (Technische Universität Berlin, Germany), Konrad Rieck (Technische Universität Berlin, Germany)
Ratel: MPC-extensions for Smart Contracts
Yunqi Li (University of Illinois at Urbana-Champaign, USA), Kyle Soska (University of Illinois at Urbana-Champaign, USA), Zhen Huang (Shanghai Jiao Tong University, China), Sylvain Bellemare (The Initiative for CryptoCurrencies and Contracts, USA), Mikerah Quintyne-Collins (HashCloack Inc., USA), Lun Wang (Google, USA), Xiaoyuan Liu (University of California, Berkeley, USA), Dawn Song (UC Berkeley, USA), Andrew Miller (University of Illinois at Urbana-Champaign, USA)
From User Insights to Actionable Metrics: A User-Focused Evaluation of Privacy-Preserving Browser Extensions
Ritik Roongta (New York University, USA), Rachel Greenstadt (New York University, USA)
On the Role of Pre-trained Embeddings in Binary Code Analysis
Alwin Maier (TU Berlin, Germany), Felix Weißberg (TU Berlin, Germany), Konrad Rieck (TU Berlin, Germany)