Generic and Automated Drive-by GPU Cache Attacks from the Browser Lukas Giner (Graz University of Technology, Austria), Roland Czerny (Graz University of Technology, Austria), Christoph Gruber (Graz University of Technology, Austria), Fabian Rauscher (Graz University of Technology, Austria), Andreas Kogler (Graz University of Technology, Austria), Daniel De Almeida Braga (University of Rennes, CNRS, IRISA, France), Daniel Gruss (Graz University of Technology, Austria) |
Physical-Layer Public Key Encryption Through Massive MIMO Senlin Liu (Institute of Information Engineering, CAS, University of Chinese Academy of Sciences, China), Tong Gao (Institute of Information Engineering, CAS, University of Chinese Academy of Sciences, China), Yijian Liu (Institute of Information Engineering, CAS, University of Chinese Academy of Sciences, China), Xianhui Lu (Institute of Information Engineering, CAS, University of Chinese Academy of Sciences, China) |
An Investigation into Misuse of Java Security APIs by Large Language Models Zahra Mousavi (CREST – The Centre for Research on Engineering Software Technologies, University of Adelaide, Cyber Security Cooperative Research Centre, CSIRO/Data61, Australia), Chadni Islam (Queensland University of Technology, Australia), Kristen Moore (CSIRO’s Data61, Australia), Alsharif Abuadbba (CSIRO’s Data61, Australia), M. Ali Babar (CREST – The Centre for Research on Engineering Software Technologies, University of Adelaide, Australia) |
HQsFL: A Novel Training Strategy for Constructing High-performance and Quantum-safe Federated Learning Bo Yu (Bestpay Co., Ltd., China), Huajie Shen (Bestpay Co., Ltd., China), Qian Xu (Bestpay Co., Ltd., China), Wei He (Bestpay Co., Ltd., China), Wankui Mao (Bestpay Co., Ltd., China), Qing Zhang (Bestpay Co., Ltd., China), Fan Zhang (Zhejiang University, China) |
Beyond the Edges of Kernel Control-Flow Hijacking Protection with HEK-CFI Lukas Maar (Graz University of Technology, Graz, Austria), Pascal Nasahl (Graz University of Technology, Graz, Austria), Stefan Mangard (Graz University of Technology, Graz, Austria) |
Privacy-Preserving Popularity-Based Deduplication against Malicious Behaviors of the Cloud Xiaowei Ge (College of Cyber Science, Nankai University, China), Guanxiong Ha (College of Cyber Science, Nankai University, China), Chunfu Jia (Nankai University, China), Zhen Su (College of Cyber Science, Nankai University, China) |
Towards Robust Domain Generation Algorithm Classification Arthur Drichel (RWTH Aachen University, Germany), Marc Meyer (RWTH Aachen University, Germany), Ulrike Meyer (RWTH Aachen University, Germany) |
Honest Majority Multiparty Computation over Rings with Constant Online Communication Minghua Zhao (Shanghai Fudan Microelectronics Group Co.,Ltd, China) |
A Formal Analysis of Data Distribution Service Security Binghan Wang (Beijing University of Posts and Telecommunications, Beijing, China), Hui Li (Beijing University of Posts and Telecommunications, Beijing, China), Jingjing Guan (Beijing University of Posts and Telecommunications, Beijing, China) |
Multi-Turn Hidden Backdoor in Large Language Model-powered Chatbot Models Bocheng Chen (Michigan State University, USA), Nikolay Ivanov (Rowan University, USA), Guangjing Wang (Michigan State University, USA), Qiben Yan (Michigan State University, USA) |
Single Round-trip Hierarchical ORAM via Succinct Indices William Holland (CSIRO’s data61, Australia), Olga Ohrimenko (The University of Melbourne, Australia), Anthony Wirth (the University of Melbourne, Australia) |
Reconstructing Chameleon Hash: Full Security and the Multi-Party Setting Kwan Yin Chan (The University of Hong Kong, China), Liqun Chen (University of Surrey, UK), Yangguang Tian (University of Surrey, UK), Tsz Hon Yuen (Monash University, Australia) |
Exploiting Data Redundancy in CKKS Encoding for High-Speed Homomorphic Encryption Amir Sabbagh Molahosseini (Queen’s University Belfast, UK), Hans Vandierendonck (Queen’s University of Belfast, UK) |
What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications Sebastian Neef (Technische Universität Berlin, Germany), Lorenz Kleissner (Technische Universität Berlin, Germany), Jean-Pierre Seifert (Technische Universität Berlin, Germany) |
CryptGraph: An Efficient Privacy-Enhancing Solution for Accurate Shortest Path Retrieval in Cloud Environments Fuyi Wang (Deakin University, Australia), Zekai Chen (Fuzhou University, China), Lei Pan (Deakin University, Australia), Leo Yu Zhang (Griffith University, Australia), Jianying Zhou (Singapore University of Technology and Design, Singapore) |
External Attack-Surface of Modern Organizations Nethanel Gelernter (IONIX, Israel), Haya Schulmann (Goethe-Universität Frankfurt, Germany), Michael Waidner (Fraunhofer SIT and TU Darmstadt, Germany) |
Secure Data-Binding in FPGA-based Hardware Architectures utilizing PUFs Florian Frank (University of Passau, Germany), Martin Schmid (University of Passau, Germany), Felix Klement (University of Passau, Germany), Purushothaman Palani (Virginia Tech, USA), Andreas Weber (University of Passau, Germany), Elif BilgeKavun (University of Passau, Germany), Wenjie Xiong (Virginia Tech, USA), Tolga Arul (University of Passau, Germany), Stefan Katzenbeisser (University of Passau, Germany) |
An Empirical Study of Consensus Protocols’ DoS Resilience Giacomo Giuliari (ETH Zurich & Mysten Labs, Switzerland), Alberto Sonnino (Mysten Labs & University College London (UCL), UK), Marc Frei (ETH Zurich, Switzerland), Fabio Streun (Anapaya Systems, Switzerland), Lefteris Kokoris-Kogias (Mysten Labs & IST Austria, Austria), Adrian Perrig (ETH Zurich & Mysten Labs, Switzerland) |
SoK: Rowhammer on Commodity Operating Systems Zhi Zhang (The University of Western Australia, Australia), Decheng Chen (School of Microelectronics, South China University of Technology, China), Jiahao Qi (School of Microelectronics, South China University of Technology, China), Yueqiang Cheng (NIO, USA), Shijie Jiang (School of Microelectronics, South China University of Technology, China), Yiyang Lin (School of Microelectronics, South China University of Technology, China), Yansong Gao (CSIRO’s Data61, Australia), Surya Nepal (CSIRO’s Data61, Australia), Yi Zou (School of Microelectronics, South China University of Technology, China), Jiliang Zhang (College of Integrated Circuits, Hunan University, China), Yang Xiang (School of Software and Electrical Engineering, Swinburne University of Technology, Australia) |
Quantum-Safe Account Recovery for WebAuthn Douglas Stebila (University of Waterloo, Canada), Spencer MacLaren Wilson (University of Waterloo, Canada) |
FakeX: A Framework for Detecting Fake Reviews of Browser Extensions Eric Olsson (Chalmers University of Technology, Sweden), Benjamin Eriksson (Chalmers University of Technology, Sweden), Pablo Picazo-Sanchez (Chalmers University of Technology, Halmstad University, Sweden), Lukas Andersson (Chalmers University of Technology, Sweden), Andrei Sabelfeld (Chalmers University of Technology, Sweden) |
Kirin: Hitting the Internet with Distributed BGP Announcements Lars Prehn (Max Planck Institute for Informatics, Germany), Pawel Foremski (IITiS PAN / DomainTools, Poland), Oliver Gasser (IPinfo / Max Planck Institute for Informatics, Germany) |
Efficient Unbalanced Quorum PSI from Homomorphic Encryption Xinpeng Yang (Zhejiang University, China), Liang Cai (Zhejiang University, China), Yinghao Wang (Zhejiang University, China), Keting Yin (Zhejiang University, China), Lu Sun (Zhejiang University, China), Jingwei Hu (Nanyang Technological University, Singapore) |
Model Extraction Attacks Revisited Jiacheng Liang (Stony Brook University, USA), Ren Pang (Penn State University, USA), Changjiang Li (Stony Brook University, USA), Ting Wang (Stony Brook University, USA) |
Cross-Language Differential Testing of JSON Parsers Jonas Möller (Technische Universität Berlin, Germany), Jonas Möller (Technische Universität Berlin, Germany), Felix Weißberg (Technische Universität Berlin, Germany), Lukas Pirch (Technische Universität Berlin, Germany), Thorsten Eisenhofer (Technische Universität Berlin, Germany), Konrad Rieck (Technische Universität Berlin, Germany) |
PowSpectre: Powering Up Speculation Attacks with TSX-based Replay Md Hafizul Islam Chowdhuryy (University of Central Florida, USA), Zhenkai Zhang (Clemson University, USA), Fan Yao (University of Central Florida, USA) |
Delegating FIDO Credentials Using Single-use ECDSA Signatures Wei-Zhu Yeoh (CISPA Helmholtz Center for Information Security, Germany), Lucjan Hanzlik (CISPA Helmholtz Center for Information Security, Germany), Oliver Valta (CISPA Helmholtz Center for Information Security, Germany) |
Menhir: An Oblivious Database with Protection against Access and Volume Pattern Leakage Leonie Reichert (Technical University of Darmstadt, Germany), Gowri R Chandran (Technical University of Darmstadt, Germany), Phillipp Schoppmann (Google, USA), Thomas Schneider (Technical University of Darmstadt, Germany), Björn Scheuermann (Technical University of Darmstadt, Germany) |
The SA4P Framework: Sensing and Actuation as a Privilege Piet De Vaere (ETH Zurich, Switzerland), Felix Stöger (ETH Zürich, Switzerland), Adrian Perrig (ETH Zürich, Switzerland), Gene Tsudik (UCI, USA) |
VFCFinder: Pairing Security Advisories and Patches Trevor Dunlap (North Carolina State University, USA), Elizabeth Lin (North Carolina State University, USA), William Enck (North Carolina State University, USA), Bradley Reaves (North Carolina State University, USA) |
Efficient Post-Quantum Secure Deterministic Threshold Wallets from Isogenies Poulami Das (CISPA Helmholtz Center for Information Security, Germany), Andreas Erwig (Technical University of Darmstadt, Germany), Michael Meyer (University of Regensburg, Germany), Patrick Struck (University of Konstanz, Germany) |
Formal Verification and Solutions for Estonian E-Voting Sevdenur Baloglu (University of Luxembourg, Luxembourg), Sergiu Bursuc (University of Luxembourg, Luxembourg), Sjouke Mauw (University of Luxembourg, Luxembourg), Jun Pang (University of Luxembourg, Luxembourg) |
Command Hijacking on Voice-Controlled IoT in Amazon Alexa Platform Wenbo Ding (University at Buffalo, USA), Song Liao (Clemson University, USA), Long Cheng (Clemson University, USA), Xianghang Mi (University of Science and Technology of China, China), Ziming Zhao (University at Buffalo, USA), Hongxin Hu (University at Buffalo, USA) |
SRAM Imprinting for System Protection and Differentiation Jubayer Mahmod (Virginia Tech, USA), Matthew Hicks (Virginia Tech, USA) |
LightPIR: Single-Server PIR via FHE without Gaussian Noise Han Xia (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS; School of Cyber Security, University of Chinese Academy of Sciences, China), Mingsheng Wang (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS; School of Cyber Security, University of Chinese Academy of Sciences, China) |
Beneath the Phishing Scripts: A Script-Level Analysis of Phishing Kits and Their Impact on Real-World Phishing Websites Woonghee Lee (Korea University, South Korea), Junbeom Hur (Korea University, South Korea), Doowon Kim (University of Tennessee, Knoxville, USA) |
ConFIDe: A PWM-Driven Control-Fused Intrusion Detection System for Hardware Security in Unmanned Aerial Vehicles Muneeba Asif (Florida International University, USA), Ahmad Mohammad (Middle Tennessee State University, USA), Mohammad Ashiqur Rahman (Florida International University, USA), Kemal Akkaya (Florida International University, USA) |
A Generative Framework for Low-Cost Result Validation of Machine Learning-as-a-Service Inference Abhinav Kumar (Saint Louis University, USA), Miguel A. Guirao Aguilera (New Mexico State University, USA), Reza Tourani (Saint Louis University, USA), Satyajayant Misra (New Mexico State University, USA) |
REPQC: Reverse Engineering and Backdooring Hardware Accelerators for Post-quantum Cryptography Samuel Pagliarini (Carnegie Mellon University, USA/Tallinn University of Technology, Estonia), Aikata Aikata (Institute of Applied Information Processing and Communications, Graz University of Technology, Austria), Malik Imran (Tallinn University of Technology, Estonia), Sujoy Sinha Roy (Institute of Applied Information Processing and Communications, Graz University of Technology, Austria) |
WhisperVoiceTrace: A Comprehensive Analysis of Voice Command Fingerprinting Hyojin Kim (Ewha Womans University, South Korea), Minji Jo (Ewha Womans University, South Korea), Jiwoo Hong (Ewha Womans University, South Korea), Hosung Kang (Ewha Womans University, South Korea), Nate Mathews (Rochester Institute of Technology, USA), Se Eun Oh (Ewha Womans University, South Korea) |
Tokenised Multi-client Provisioning for Dynamic Searchable Encryption with Forward and Backward Privacy Arnab Bag (Indian Institute of Technology Kharagpur, India), Sikhar Patranabis (IBM Research India, India), Debdeep Mukhopadhyay (Department of Computer Science and Engineering, IIT Kharagpur, India) |
VLIA: Navigating Shadows with Proximity for Highly Accurate Visited Location Inference Attack against Federated Recommendation Models Thirasara Ariyarathna (University of New South Wales, Australia), Meisam Mohammady (Iowa State University of Science and Technology, USA), Hye-Young Paik (University of New South Wales, Australia), Salil S. Kanhere (University of New South Wales, Australia) |
Byzantine Fault-Tolerant Aggregate Signatures Quentin Kniep (ETH Zurich, Switzerland), Roger Wattenhofer (ETH Zurich, Switzerland) |
Auroch: Auction-Based Multipath Routing for Payment Channel Networks Mohammed Ababneh (New Mexico State University, USA), Kartick Kolachala (New Mexico State University, USA), Roopa Vishwanathan (New Mexico State University, USA) |
Nomadic: Normalising Maliciously-Secure Distance with Cosine Similarity for Two-Party Biometric Authentication Nan Cheng (University of St. Gallen, Switzerland), Melek Önen (EURECOM, France), Aikaterini Mitrokotsa (University of St. Gallen, Switzerland), Oubaïda Chouchane (EURECOM, France), Massimiliano Todisco (EURECOM, France), Alberto Ibarrondo (Copper.co, Switzerland) |
Battle of Wits: To What Extent Can Fraudsters Disguise Their Tracks in International bypass Fraud? Anne Josiane Kouam (TU Berlin, Germany), Aline Carneiro Viana (INRIA, France), Alain Tchana (Grenoble INP, France) |
SiGBDT: Large-Scale Gradient Boosting Decision Tree Training via Function Secret Sharing Yufan Jiang (Huawei European Research Center, Germany), Fei Mei (Huawei European Research Center, Germany), Tianxiang Dai (Huawei European Research Center, Germany), Yong Li (Huawei European Research Center, Germany) |
ESem: To Harden Process Synchronization for Servers Zhanbo Wang (Southern University of Science and Technology, China, and Peng Cheng Laboratory, China), Jiaxin Zhan (Research Institute of Trustworthy Autonomous Systems, Southern University of Science and Technology, China, and Southern University of Science and Technology, China), Xuhua Ding (Singapore Management University, Singapore), Fengwei Zhang (Southern University of Science and Technology China), Ning Hu (Peng Cheng Laboratory, China) |
Cloud-Based Machine Learning Models as Covert Communication Channels Torsten Krauß (University of Würzburg, Germany), Jasper Stang (University of Würzburg, Germany), Alexandra Dmitrienko (University of Würzburg, Germany) |
Deep Dive into Client-Side Anti-Phishing: A Longitudinal Study Bridging Academia and Industry Rana Pourmohamad (Arizona State University, USA), Steven Wirsz (Arizona State University, USA), Adam Oest (Arizona State University, USA), Tiffany Bao (Arizona State University, USA), Yan Shoshitaishvili (Arizona State University, USA), Ruoyu Wang (Arizona State University, USA), Adam Doupé (Arizona State University, USA), Rida A. Bazzi (Arizona State University, USA) |
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing Felix Weißberg (Technische Universität Berlin, Germany), Jonas Möller (Technische Universität Berlin, Germany), Tom Ganz (SAP SE, Germany), Erik Imgrund (SAP Security Research, Germany), Lukas Pirch (Technische Universität Berlin, Germany), Lukas Seidel (Binarly, Germany), Moritz Schloegel (CISPA Helmholtz Center for Information Security, Germany), Thorsten Eisenhofer (Technische Universität Berlin, Germany), Konrad Rieck (Technische Universität Berlin, Germany) |
Ratel: MPC-extensions for Smart Contracts Yunqi Li (University of Illinois at Urbana-Champaign, USA), Kyle Soska (University of Illinois at Urbana-Champaign, USA), Zhen Huang (Shanghai Jiao Tong University, China), Sylvain Bellemare (The Initiative for CryptoCurrencies and Contracts, USA), Mikerah Quintyne-Collins (HashCloack Inc., USA), Lun Wang (Google, USA), Xiaoyuan Liu (University of California, Berkeley, USA), Dawn Song (UC Berkeley, USA), Andrew Miller (University of Illinois at Urbana-Champaign, USA) |
From User Insights to Actionable Metrics: A User-Focused Evaluation of Privacy-Preserving Browser Extensions Ritik Roongta (New York University, USA), Rachel Greenstadt (New York University, USA) |
On the Role of Pre-trained Embeddings in Binary Code Analysis Alwin Maier (TU Berlin, Germany), Felix Weißberg (TU Berlin, Germany), Konrad Rieck (TU Berlin, Germany) |