default search action
32nd USENIX Security Symposium 2023: Anaheim, CA, USA
- Joseph A. Calandrino, Carmela Troncoso:
32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023. USENIX Association 2023
Breaking Wireless Protocols
- Ang Li, Jiawei Li, Dianqi Han, Yan Zhang, Tao Li, Ting Zhu, Yanchao Zhang:
PhyAuth: Physical-Layer Message Authentication for ZigBee Networks. 1-18 - Claudio Anliker, Giovanni Camurati, Srdjan Capkun:
Time for Change: How Clocks Break UWB Secure Ranging. 19-36 - Min Shi, Jing Chen, Kun He, Haoran Zhao, Meng Jia, Ruiying Du:
Formal Analysis and Patching of BLE-SC Pairing. 37-52 - Domien Schepers, Aanjhan Ranganathan, Mathy Vanhoef:
Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues. 53-68
Interpersonal Abuse
- Sophie Stephenson, Majed Almansoori, Pardis Emami Naeini, Danny Yuxing Huang, Rahul Chatterjee:
Abuse Vectors: A Framework for Conceptualizing IoT-Enabled Interpersonal Abuse. 69-86 - Rosanna Bellini, Kevin Lee, Megan A. Brown, Jeremy Shaffer, Rasika Bhalerao, Thomas Ristenpart:
The Digital-Safety Risks of Financial Technologies for Survivors of Intimate Partner Violence. 87-104 - Sophie Stephenson, Majed Almansoori, Pardis Emami Naeini, Rahul Chatterjee:
"It's the Equivalent of Feeling Like You're in Jail": Lessons from Firsthand and Secondhand Accounts of IoT-Enabled Intimate Partner Abuse. 105-122 - Rose Ceccio, Sophie Stephenson, Varun Chadha, Danny Yuxing Huang, Rahul Chatterjee:
Sneaky Spy Devices and Defective Detectors: The Ecosystem of Intimate Partner Surveillance with Covert Devices. 123-140
Inferring User Details
- Zhuolin Yang, Yuxin Chen, Zain Sarwar, Hadleigh Schwartz, Ben Y. Zhao, Haitao Zheng:
Towards a General Video-based Keystroke Inference Attack. 141-158 - Carter Slocum, Yicheng Zhang, Nael B. Abu-Ghazaleh, Jiasi Chen:
Going through the motions: AR/VR keylogging from user head motions. 159-174 - Yazhou Tu, Liqun Shan, Md. Imran Hossen, Sara Rampazzi, Kevin R. B. Butler, Xiali Hei:
Auditory Eyesight: Demystifying μs-Precision Keystroke Tracking Attacks on Unconstrained Keyboard Inputs. 175-192 - Noé Zufferey, Mathias Humbert, Romain Tavenard, Kévin Huguenin:
Watch your Watch: Inferring Personality Traits from Wearable Activity Trackers. 193-210
Adversarial ML beyond ML
- Jonathan Prokos, Neil Fendley, Matthew Green, Roei Schuster, Eran Tromer, Tushar M. Jois, Yinzhi Cao:
Squint Hard Enough: Attacking Perceptual Hashing with Adversarial Machine Learning. 211-228 - Xiaojun Xu, Qingying Hao, Zhuolin Yang, Bo Li, David M. Liebovitz, Gang Wang, Carl A. Gunter:
How to Cover up Anomalous Accesses to Electronic Health Records. 229-246 - Xinghui Wu, Shiqing Ma, Chao Shen, Chenhao Lin, Qian Wang, Qi Li, Yuan Rao:
KENKU: Towards Efficient and Stealthy Black-box Adversarial Attacks against ASR Systems. 247-264 - Shimaa Ahmed, Yash Wani, Ali Shahin Shamsabadi, Mohammad Yaghini, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz:
Tubes Among Us: Analog Attack on Automatic Speaker Identification. 265-282
Private Set Operations
- Mingli Wu, Tsz Hon Yuen:
Efficient Unbalanced Private Set Intersection Cardinality and User-friendly Privacy-preserving Contact Tracing. 283-300 - Alexander Bienstock, Sarvar Patel, Joon Young Seo, Kevin Yeo:
Near-Optimal Oblivious Key-Value Stores for Efficient PSI, PSU and Volume-Hiding Multi-Maps. 301-318 - Anrin Chakraborti, Giulia Fanti, Michael K. Reiter:
Distance-Aware Private Set Intersection. 319-336 - Cong Zhang, Yu Chen, Weiran Liu, Min Zhang, Dongdai Lin:
Linear Private Set Union from Multi-Query Reverse Private Membership Test. 337-354
Logs and Auditing
- Peng Jiang, Ruizhe Huang, Ding Li, Yao Guo, Xiangqun Chen, Jianhai Luan, Yuxin Ren, Xinwei Hu:
Auditing Frameworks Need Resource Isolation: A Systematic Study on the Super Producer Threat to System Auditing and Its Mitigation. 355-372 - Hailun Ding, Juan Zhai, Yuhong Nan, Shiqing Ma:
AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts. 373-390 - Varun Gandhi, Sarbartha Banerjee, Aniket Agrawal, Adil Ahmad, Sangho Lee, Marcus Peinado:
Rethinking System Audit Architectures for High Event Coverage and Synchronous Log Availability. 391-408 - Bingyu Shen, Tianyi Shan, Yuanyuan Zhou:
Improving Logging to Reduce Permission Over-Granting Mistakes. 409-426
Fighting the Robots
- Sathvik Prasad, Trevor Dunlap, Alexander J. Ross, Bradley Reaves:
Diving into Robocall Content with SnorCall. 427-444 - Changlai Du, Hexuan Yu, Yang Xiao, Y. Thomas Hou, Angelos D. Keromytis, Wenjing Lou:
UCBlocker: Unwanted Call Blocking Using Anonymous Authentication. 445-462 - Sharbani Pandit, Krishanu Sarker, Roberto Perdisci, Mustaque Ahamad, Diyi Yang:
Combating Robocalls with Phone Virtual Assistant Mediated Interaction. 463-479 - Minyeop Choi, Gihyuk Ko, Sang Kil Cha:
BotScreen: Trust Everybody, but Cut the Aimbots Yourself. 481-498
Perspectives and Incentives
- Garrett Smith, Tarun Kumar Yadav, Jonathan Dutson, Scott Ruoti, Kent E. Seamons:
"If I could do this, I feel anyone could: " The Design and Evaluation of a Secondary Authentication Factor Manager. 499-515 - Oshrat Ayalon, Dana Turjeman, Elissa M. Redmiles:
Exploring Privacy and Incentives Considerations in Adoption of COVID-19 Contact Tracing Apps. 517-534 - Zixin Wang, Danny Yuxing Huang, Yaxing Yao:
Exploring Tenants' Preferences of Privacy Negotiation in Airbnb. 535-551 - Michele Campobasso, Luca Allodi:
Know Your Cybercriminal: Evaluating Attacker Preferences by Measuring Profile Sales on an Active, Leading Criminal Market for User Impersonation at Scale. 553-570
Traffic Analysis
- Yutao Dong, Qing Li, Kaidong Wu, Ruoyu Li, Dan Zhao, Gareth Tyson, Junkun Peng, Yong Jiang, Shutao Xia, Mingwei Xu:
HorusEye: A Realtime IoT Malicious Traffic Detection Framework using Programmable Switches. 571-588 - Jian Qu, Xiaobo Ma, Jianfeng Li, Xiapu Luo, Lei Xue, Junjie Zhang, Zhenhua Li, Li Feng, Xiaohong Guan:
An Input-Agnostic Hierarchical Deep Learning Framework for Traffic Fingerprinting. 589-606 - Meng Shen, Kexin Ji, Zhenbo Gao, Qi Li, Liehuang Zhu, Ke Xu:
Subverting Website Fingerprinting Defenses with Robust Traffic Representation. 607-624 - Renjie Xie, Jiahao Cao, Enhuan Dong, Mingwei Xu, Kun Sun, Qi Li, Licheng Shen, Menghao Zhang:
Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation. 625-642
Adversarial Patches and Images
- Mazal Bethany, Andrew Seong, Samuel Henrique Silva, Nicole Beebe, Nishant Vishwamitra, Peyman Najafirad:
Towards Targeted Obfuscation of Adversarial Unsafe Images using Reconstruction and Counterfactual Super Region Attribution Explainability. 643-660 - Wenjun Zhu, Xiaoyu Ji, Yushi Cheng, Shibo Zhang, Wenyuan Xu:
TPatch: A Triggered Physical Adversarial Patch. 661-678 - Shibo Zhang, Yushi Cheng, Wenjun Zhu, Xiaoyu Ji, Wenyuan Xu:
CAPatch: Physical Adversarial Patch against Image Captioning Systems. 679-696 - Guanhong Tao, Shengwei An, Siyuan Cheng, Guangyu Shen, Xiangyu Zhang:
Hard-label Black-box Universal Adversarial Patch Attack. 697-714
Decentralized Finance
- Svetlana Abramova, Rainer Böhme:
Anatomy of a High-Profile Data Breach: Dissecting the Aftermath of a Crypto-Wallet Case. 715-732 - Giulia Scaffino, Lukas Aumayr, Zeta Avarikioti, Matteo Maffei:
Glimpse: On-Demand PoW Light Client with Constant-Size Storage for DeFi. 733-750 - Fieke Miedema, Kelvin Lubbertsen, Verena Schrama, Rolf van Wegberg:
Mixed Signals: Analyzing Ground-Truth Data on the Users and Economics of a Bitcoin Mixing Service. 751-768 - Christof Ferreira Torres, Fiona Willi, Shweta Shinde:
Is Your Wallet Snitching On You? An Analysis on the Privacy Implications of Web3. 769-786
Memory
- Jason Zhijingcheng Yu, Conrad Watt, Aditya Badole, Trevor E. Carlson, Prateek Saxena:
Capstone: A Capability-based Foundation for Trustless Secure Memory Access. 787-804 - Floris Gorter, Enrico Barberis, Raphael Isemann, Erik van der Kouwe, Cristiano Giuffrida, Herbert Bos:
FloatZone: Accelerating Memory Error Detection using the Floating Point Unit. 805-822 - Carter Yagemann, Simon P. Chung, Brendan Saltaformaggio, Wenke Lee:
PUMM: Preventing Use-After-Free Using Execution Unit Partitioning. 823-840 - Xingman Chen, Yinghao Shi, Zheyu Jiang, Yuan Li, Ruoyu Wang, Haixin Duan, Haoyu Wang, Chao Zhang:
MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries. 841-858
Security in Digital Realities
- Sindhu Reddy Kalathur Gopal, Diksha Shukla, James David Wheelock, Nitesh Saxena:
Hidden Reality: Caution, Your Hand Gesture Inputs in the Immersive Virtual World are Visible to All! 859-876 - Habiba Farrukh, Reham Mohamed, Aniket Nare, Antonio Bianchi, Z. Berkay Celik:
LocIn: Inferring Semantic Location from Spatial Maps in Mixed Reality. 877-894 - Vivek Nair, Wenbo Guo, Justus Mattern, Rui Wang, James F. O'Brien, Louis B. Rosenberg, Dawn Song:
Unique Identification of 50, 000+ Virtual Reality Users from Head & Hand Motion Data. 895-910 - Kaiming Cheng, Jeffery F. Tian, Tadayoshi Kohno, Franziska Roesner:
Exploring User Reactions and Mental Models Towards Perceptual Manipulation Attacks in Mixed Reality. 911-928 - Yoonsang Kim, Sanket Goutam, Amir Rahmati, Arie E. Kaufman:
Erebus: Access Control for Augmented Reality Systems. 929-946
Password Guessing
- Ding Wang, Xuan Shan, Qiying Dong, Yaosheng Shen, Chunfu Jia:
No Single Silver Bullet: Measuring the Accuracy of Password Strength Meters. 947-964 - Ding Wang, Yunkai Zou, Zijian Zhang, Kedong Xiu:
Password Guessing Using Random Forest. 965-982 - Ding Wang, Yunkai Zou, Yuan-an Xiao, Siqi Ma, Xiaofeng Chen:
Pass2Edit: A Multi-Step Generative Model for Guessing Edited Passwords. 983-1000 - Ming Xu, Jitao Yu, Xinyi Zhang, Chuanwang Wang, Shenghao Zhang, Haoqi Wu, Weili Han:
Improving Real-world Password Guessing Attacks via Bi-directional Transformers. 1001-1018 - Mazharul Islam, Marina Sanusi Bohuk, Paul Chung, Thomas Ristenpart, Rahul Chatterjee:
Araña: Discovering and Characterizing Password Guessing Attacks in Practice. 1019-1036
Privacy Policies, Labels, Etc.
- Hao Cui, Rahmadi Trimananda, Athina Markopoulou, Scott Jordan:
PoliGraph: Automated Privacy Policy Analysis using Knowledge Graphs. 1037-1054 - Wenjun Qiu, David Lie, Lisa M. Austin:
Calpric: Inclusive and Fine-grain Labeling of Privacy Policies with Crowdsourcing and Active Learning. 1055-1072 - Lu Zhou, Chengyongxiao Wei, Tong Zhu, Guoxing Chen, Xiaokuan Zhang, Suguo Du, Hui Cao, Haojin Zhu:
POLICYCOMP: Counterpart Comparison of Privacy Policies Uncovers Overbroad Personal Data Collection Practices. 1073-1090 - Yue Xiao, Zhengyi Li, Yue Qin, Xiaolong Bai, Jiale Guan, Xiaojing Liao, Luyi Xing:
Lalaine: Measuring and Characterizing Non-Compliance of Apple Privacy Labels. 1091-1108 - Rishabh Khandelwal, Asmit Nayak, Hamza Harkous, Kassem Fawaz:
Automated Cookie Notice Analysis and Enforcement. 1109-1126
ML Applications to Malware
- Yizheng Chen, Zhoujie Ding, David A. Wagner:
Continuous Learning for Android Malware Detection. 1127-1144 - Simone Aonzo, Yufei Han, Alessandro Mantovani, Davide Balzarotti:
Humans vs. Machines in Malware Classification. 1145-1162 - Keane Lucas, Samruddhi Pai, Weiran Lin, Lujo Bauer, Michael K. Reiter, Mahmood Sharif:
Adversarial Training for Raw-Binary Malware Classifiers. 1163-1180 - Heng Li, Zhang Cheng, Bang Wu, Liheng Yuan, Cuiying Gao, Wei Yuan, Xiapu Luo:
Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information. 1181-1198 - Kunal Mukherjee, Joshua Wiedemeier, Tianhao Wang, James Wei, Feng Chen, Muhyun Kim, Murat Kantarcioglu, Kangkook Jee:
Evading Provenance-Based ML Detectors with Adversarial System Actions. 1199-1216
Secure Messaging
- Théophile Wallez, Jonathan Protzenko, Benjamin Beurdouche, Karthikeyan Bhargavan:
TreeSync: Authenticated Group Management for Messaging Layer Security. 1217-1233 - Cas Cremers, Charlie Jacomme, Aurora Naska:
Formal Analysis of Session-Handling in Secure Messaging: Lifting Security from Sessions to Conversations. 1235-1252 - David Balbás, Daniel Collins, Serge Vaudenay:
Cryptographic Administration for Secure Group Messaging. 1253-1270 - Anrin Chakraborti, Darius Suciu, Radu Sion:
Wink: Deniable Secure Messaging. 1271-1288 - Kenneth G. Paterson, Matteo Scarlata, Kien T. Truong:
Three Lessons From Threema: Analysis of a Secure Messenger. 1289-1306
x-Fuzz
- Jinyan Xu, Yiyuan Liu, Sirui He, Haoran Lin, Yajin Zhou, Cong Wang:
MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation. 1307-1324 - Yongheng Chen, Rui Zhong, Yupeng Yang, Hong Hu, Dinghao Wu, Wenke Lee:
µFUZZ: Redesign of Parallel Fuzzing using Microservice Architecture. 1325-1342 - Han Zheng, Jiayuan Zhang, Yuhang Huang, Zezhong Ren, He Wang, Chunjie Cao, Yuqing Zhang, Flavio Toffalini, Mathias Payer:
FISHFUZZ: Catch Deeper Bugs by Throwing Larger Nets. 1343-1360 - Chen Chen, Rahul Kande, Nathan Nguyen, Flemming Andersen, Aakash Tyagi, Ahmad-Reza Sadeghi, Jeyavijayan Rajendran:
HyPFuzz: Formal-Assisted Processor Fuzzing. 1361-1378 - Wen Li, Jinyang Ruan, Guangbei Yi, Long Cheng, Xiapu Luo, Haipeng Cai:
PolyFuzz: Holistic Greybox Fuzzing of Multi-Language Systems. 1379-1396
Programs, Code, and Binaries
- Hengkai Ye, Song Liu, Zhechang Zhang, Hong Hu:
VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks. 1397-1414 - Peiwei Hu, Ruigang Liang, Ying Cao, Kai Chen, Runze Zhang:
AURC: Detecting Errors in Program Code and Documentation. 1415-1432 - Salman Ahmed, Hans Liljestrand, Hani Jamjoom, Matthew Hicks, N. Asokan, Danfeng Yao:
Not All Data are Created Equal: Data and Pointer Prioritization for Scalable Protection Against Data-Oriented Attacks. 1433-1450 - Soumyakant Priyadarshan, Huan Nguyen, Rohit Chouhan, R. Sekar:
SAFER: Efficient and Error-Tolerant Binary Instrumentation. 1451-1468 - Hyungseok Kim, Soomin Kim, Junoh Lee, Kangkook Jee, Sang Kil Cha:
Reassembly is Hard: A Reflection on Challenges and Strategies. 1469-1486
IoT Security Expectations and Barriers
- Lorenz Kustosch, Carlos Gañán, Mattis van 't Schip, Michel van Eeten, Simon Parkin:
Measuring Up to (Reasonable) Consumer Expectations: Providing an Empirical Basis for Holding IoT Manufacturers Legally Responsible. 1487-1504 - Pardis Emami Naeini, Janarth Dheenadhayalan, Yuvraj Agarwal, Lorrie Faith Cranor:
Are Consumers Willing to Pay for Security and Privacy of IoT Devices? 1505-1522 - Swaathi Vetrivel, Veerle van Harten, Carlos Hernandez Gañán, Michel van Eeten, Simon Parkin:
Examining Consumer Reviews to Understand Security and Privacy Issues in the Market of Smart Home Devices. 1523-1540 - Nissy Sombatruang, Tristan Caulfield, Ingolf Becker, Akira Fujita, Takahiro Kasama, Koji Nakao, Daisuke Inoue:
Internet Service Providers' and Individuals' Attitudes, Barriers, and Incentives to Secure IoT. 1541-1558 - Haotian Chi, Qiang Zeng, Xiaojiang Du:
Detecting and Handling IoT Interaction Threats in Multi-Platform Multi-Control-Channel Smart Homes. 1559-1576
Differential Privacy
- Chenghong Wang, David Pujol, Kartik Nayak, Ashwin Machanavajjhala:
Private Proof-of-Stake Blockchains using Differentially-Private Stake Distortion. 1577-1594 - Yuchen Yang, Bo Hui, Haolin Yuan, Neil Zhenqiang Gong, Yinzhi Cao:
PrivateFL: Accurate, Differentially Private Federated Learning via Personalized Data Transformation. 1595-1612 - Priyanka Nanayakkara, Mary Anne Smart, Rachel Cummings, Gabriel Kaptchuk, Elissa M. Redmiles:
What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy. 1613-1630 - Milad Nasr, Jamie Hayes, Thomas Steinke, Borja Balle, Florian Tramèr, Matthew Jagielski, Nicholas Carlini, Andreas Terzis:
Tight Auditing of Differentially Private Machine Learning. 1631-1648 - Haiming Wang, Zhikun Zhang, Tianhao Wang, Shibo He, Michael Backes, Jiming Chen, Yang Zhang:
PrivTrace: Differentially Private Trajectory Synthesis by Adaptive Markov Models. 1649-1666
Poisoning
- Yi Zeng, Minzhou Pan, Himanshu Jahagirdar, Ming Jin, Lingjuan Lyu, Ruoxi Jia:
Meta-Sift: How to Sift Out a Clean Subset in the Presence of Data Poisoning? 1667-1684 - Xiangyu Qi, Tinghao Xie, Jiachen T. Wang, Tong Wu, Saeed Mahloujifar, Prateek Mittal:
Towards A Proactive ML Approach for Detecting Backdoor Poison Samples. 1685-1702 - Jinyuan Jia, Yupei Liu, Yuepeng Hu, Neil Zhenqiang Gong:
PORE: Provably Robust Recommender Systems against Data Poisoning Attacks. 1703-1720 - Hamid Mozaffari, Virat Shejwalkar, Amir Houmansadr:
Every Vote Counts: Ranking-Based Training of Federated Learning to Resist Poisoning Attacks. 1721-1738 - Xiaoguang Li, Ninghui Li, Wenhai Sun, Neil Zhenqiang Gong, Hui Li:
Fine-grained Poisoning Attack to Local Differential Privacy Protocols for Mean and Variance Estimation. 1739-1756
Smart Contracts
- Zhuo Zhang, Zhiqiang Lin, Marcelo Morales, Xiangyu Zhang, Kaiyuan Zhang:
Your Exploit is Mine: Instantly Synthesizing Counterattack Smart Contract. 1757-1774 - Tamer Abdelaziz, Aquinas Hobor:
Smart Learning to Find Dumb Contracts. 1775-1792 - Fabio Gritti, Nicola Ruaro, Robert McLaughlin, Priyanka Bose, Dipanjan Das, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna:
Confusum Contractum: Confused Deputy Vulnerabilities in Ethereum Smart Contracts. 1793-1810 - Zhiyuan Sun, Xiapu Luo, Yinqian Zhang:
Panda: Security Analysis of Algorand Smart Contracts. 1811-1828 - William Edward Bodell III, Sajad Meisami, Yue Duan:
Proxy Hunting: Understanding and Characterizing Proxy-based Upgradeable Smart Contracts in Blockchains. 1829-1846
x-Fuzz and Fuzz-x
- Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, Thorsten Holz:
Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge. 1847-1864 - Junjie Wang, Zhiyi Zhang, Shuang Liu, Xiaoning Du, Junjie Chen:
FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler. 1865-1882 - Hui Peng, Zhihao Yao, Ardalan Amiri Sani, Dave Tian, Mathias Payer:
GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation. 1883-1899 - Yu-Fu Fu, Jae-Hyuk Lee, Taesoo Kim:
autofz: Automated Fuzzer Composition at Runtime. 1901-1918 - Dawei Wang, Ying Li, Zhiyu Zhang, Kai Chen:
CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing. 1919-1936
Cache Attacks
- Federico Canale, Tim Güneysu, Gregor Leander, Jan Philipp Thoma, Yosuke Todo, Rei Ueno:
SCARF - A Low-Latency Block Cipher for Secure Cache-Randomization. 1937-1954 - Daniel Katzman, William Kosasih, Chitchanok Chuengsatiansup, Eyal Ronen, Yuval Yarom:
The Gates of Time: Improving Cache Attacks with Transient Execution. 1955-1972 - Jiyong Yu, Aishani Dutta, Trent Jaeger, David Kohlbrenner, Christopher W. Fletcher:
Synchronization Storage Channels (S2C): Timer-less Cache Side-Channel Attacks on the Apple M1 via Hardware Synchronization Instructions. 1973-1990 - Jan Philipp Thoma, Christian Niesler, Dominic A. Funke, Gregor Leander, Pierre Mayr, Nils Pohl, Lucas Davi, Tim Güneysu:
ClepsydraCache - Preventing Cache Attacks with Time-Based Evictions. 1991-2008 - Yuanyuan Yuan, Zhibo Liu, Shuai Wang:
CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software. 2009-2026
Authentication
- Yu Chen, Yang Yu, Lidong Zhai:
InfinityGauntlet: Expose Smartphone Fingerprint Authentication to Brute-force Attack. 2027-2041 - Anthony Gavazzi, Ryan Williams, Engin Kirda, Long Lu, Andre King, Andy Davis, Tim Leek:
A Study of Multi-Factor and Risk-Based Authentication Availability. 2043-2060 - Suood Abdulaziz Al-Roomi, Frank Li:
A Large-Scale Measurement of Website Login Policies. 2061-2078 - Conor Gilsenan, Fuzail Shakir, Noura Alomar, Serge Egelman:
Security and Privacy Failures in Popular 2FA Apps. 2079-2096