Delft, July 3-7, 2023

8th IEEE European Symposium on Security and Privacy

Accepted Papers

"Act natural!": Exchanging Private Messages on Public Blockchains Thore Tiemann (University of Lübeck), Sebastian Berndt (University of Lübeck), Thomas Eisenbarth (University of Lübeck), Maciej Liskiewicz (University of Lübeck)
A Certified Radius-Guided Attack Framework to Image Segmentation Models Wenjie Qu (Huazhong University of Science and Technology), Youqi Li (Beijing Institute of Technology), Binghui Wang (Illinois Institute of Technology)
A Formal Model to Study CPS Safety in an Adversarial Setting John H. Castellanos (CISPA Helmholtz Center for Information Security), Mohamed Maghenem (CNRS France), Alvaro Cardenas (UC Santa Cruz), Ricardo G. Sanfelice (UC Santa Cruz), Jianying Zhou (Singapore University of Technology and Design)
A Generic Obfuscation Framework for Preventing ML-Attacks on Strong-PUFs through Exploitation of DRAM-PUFs Owen Millwood (University of Sheffield), Meltem Kurt Pehlivanoğlu (Kocaeli University), Jack Miskelly (Queen's University Belfast), Aryan Mohammadi Pasikhani (University of Sheffield), Prosanta Gope (University of Sheffield), Elif Bilge Kavun (University of Passau)
Active Countermeasures for Email Fraud Wentao Chen (University of Bristol), Fuzhou Wang (City University of Hong Kong), Matthew Edwards (University of Bristol)
An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph Nafis Tanveer Islam (University of Texas at San Antonio), Gonzalo De La Torre Parra (University of the Incarnate Word), Dylan Manuel (University of Texas at San Antonio), Elias Bou-Harb (University of Texas at San Antonio), Peyman Najafirad (University of Texas at San Antonio)
Android, notify me when it is time to go phishing Antonio Ruggia (University of Genoa), Andrea Possemato (EURECOM), Alessio Merlo (University of Genoa), Dario Nisi (EURECOM), Simone Aonzo (EURECOM)
Anomaly-based Filtering of Application-Layer DDoS Against DNS Authoritatives Jonas Bushart (CISPA Helmholtz Center for Information Security), Christian Rossow (CISPA Helmholtz Center for Information Security)
AoT - Attack on Things: A security analysis of IoT firmware updates Muhammad Ibrahim (Purdue University), Andrea Continella (University of Twente), Antonio Bianchi (Purdue University)
Asynchronous Remote Key Generation for Post-Quantum Cryptosystems from Lattices Nick Frymann (University of Surrey), Daniel Gardham (University of Surrey), Mark Manulis (Universität der Bundeswehr München)
Automatic verification of transparency protocols Vincent Cheval (INRIA Paris, France), José Moreira (Valory AG, Switzerland), Mark Ryan (University of Birmingham)
Been here already? Detecting Synchronized Browsers in the Wild Pantelina Ioannou (University of Cyprus), Elias Athanasopoulos (University of Cyprus)
Careful with MAc-then-SIGn: A Computational Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol Felix Günther (ETH Zurich), Marc Ilunga Tshibumbu Mukendi (Trail of Bits)
Certifiably Vulnerable: Using Certificate Transparency Logs for Target Reconnaissance Stijn Pletinckx (University of California, Santa Barbara), Thanh-Dat Nguyen (Delft University of Technology), Tobias Fiebig (Max Planck Institute for Informatics), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)
CHERI-TrEE: Flexible enclaves on capability machines Thomas Van Strydonck (KU Leuven), Job Noorman (KU Leuven), Jennifer Jackson (University of Birmingham), Leonardo Alves Dias (University of Birmingham), Robin Vanderstraeten (Vrije Universiteit Brussel), David Oswald (University of Birmingham), Frank Piessens (KU Leuven), Dominique Devriese (KU Leuven)
Chrowned by an Extension: Exploiting the Chrome DevTools Protocol José Miguel Moreno (Universidad Carlos III de Madrid), Narseo Vallina-Rodriguez (IMDEA Networks/AppCensus), Juan Tapiador (Universidad Carlos III de Madrid)
Code Vulnerability Detection via Signal-Aware AI Sahil Suneja (IBM Research), Yufan Zhuang (UCSD), Yunhui Zheng (IBM Research), Jim Laredo (IBM Research), Alessandro Morari (IBM Research), Udayan Khurana (IBM Research)
CommiTEE: An Efficient and Secure Commit-Chain Protocol using TEEs Andreas Erwig (TU Darmstadt), Sebastian Faust (TU Darmstadt), Siavash Riahi (TU Darmstadt), Tobias Stöckert (Fraunhofer sit)
Comprehensively Analyzing the Impact of Cyberattacks on Power Grids Lennart Bader (Fraunhofer FKIE & RWTH Aachen University), Martin Serror (Fraunhofer FKIE), Olav Lamberts (Fraunhofer FKIE & RWTH Aachen University), Ömer Sen (RWTH Aachen University & Fraunhofer FIT), Dennis van der Velde (Fraunhofer FIT), Immanuel Hacker (RWTH Aachen University & Fraunhofer FIT), Julian Filter (RWTH Aachen University), Elmar Padilla (Fraunhofer FKIE), Martin Henze (RWTH Aachen University & Fraunhofer FKIE)
Coverage and Secure Use Analysis of Content Security Policies via Clustering Mengxia Ren (Colorado School of Mines), Chuan Yue (Colorado School of Mines)
DarkDialogs: Automated detection of 10 dark patterns on cookie dialogs Daniel Kirkman (University of Edinburgh), Kami Vaniea (University of Edinburgh), Daniel W Woods (University of Edinburgh)
EF/CF: High Performance Smart Contract Fuzzing for Exploit Generation Michael Rodler (Amazon Web Services), David Paaßen (University of Duisburg-Essen), Wenting Li (NEC Laboratories Europe), Lukas Bernhard (Ruhr University Bochum), Thorsten Holz (CISPA Helmholtz Center for Information Security), Ghassan Karame (Ruhr University Bochum), Lucas Davi (University of Duisburg-Essen)
Exploring Smart Commercial Building Occupants' Perceptions and Notification Preferences of Internet of Things Data Collection in the United States Tu Le (University of Virginia), Alan Wang (University of Virginia), Yaxing Yao (University of Maryland, Baltimore County), Yuanyuan Feng (University of Vermont), Arsalan Heydarian (University of Virginia), Norman Sadeh (Carnegie Mellon University), Yuan Tian (University of California, Los Angeles)
faulTPM: Exposing AMD fTPMs’ Deepest Secrets Hans Niklas Jacob (Technische Universität Berlin), Christian Werling (Technische Universität Berlin), Robert Buhren (Technische Universität Berlin), Jean-Pierre Seifert (Technische Universität Berlin)
Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis Trevor Dunlap (North Carolina State University), Seaver Thorn (North Carolina State University), William Enck (North Carolina State University), Bradley Reaves (North Carolina State University)
Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy Enze Liu (University of California, San Diego), Gautam Akiwate (Stanford University), Mattijs Jonker (University of Twente), Ariana Mirian (University of California, San Diego), Grant Ho (University of California, San Diego), Geoffrey M. Voelker (University of California, San Diego), Stefan Savage (University of California, San Diego)
From Dragondoom to Dragonstar: Side-channel Attacks and Formally Verified Implementation of WPA3 Dragonfly Handshake Daniel De Almeida Braga (Université de Rennes 1, CNRS, IRISA), Mohamed Sabt (Université de Rennes 1, CNRS, IRISA), Pierre-Alain Fouque (Université de Rennes 1, CNRS, IRISA), Natalia Kulatova (Mozilla), Karthikeyan Bhargavan (INRIA)
Fuzzing SGX Enclaves via Host Program Mutations Arslan Khan (Purdue University), Muqi Zou (Purdue University), Kyungtae Kim (Purdue University), Dongyan Xu (Purdue University), Antonio Bianchi (Purdue University), Dave Jing Tian (Purdue University)
GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks Andrea Agiollo (University of Bologna), Enkeleda Bardhi (Sapienza University of Rome), Mauro Conti (University of Padua / Delft University of Technology), Riccardo Lazzeretti (Sapienza University of Rome), Eleonora Losiouk (University of Padua), Andrea Omicini (University of Bologna)
HEX-ML: A Hybrid Cryptographic-Hardware Solution for Oblivious Inference in the Cloud Deepika Natarajan (University of Michigan-Ann Arbor), Andrew Loveless (University of Michigan-Ann Arbor), Wei Dai (Microsoft Research), Ron Dreslinski (University of Michigan-Ann Arbor)
Hunting for Truth: Analyzing Explanation Methods in Learning-based Vulnerability Discovery Tom Ganz (SAP Security Research), Philipp Rall (SAP Security Research), Martin Härterich (SAP Security Research), Konrad Rieck (Technische Universität Braunschweig)
Is Federated Learning a Practical PET Yet? Franziska Boenisch (Vector Institute), Adam Dziedzic (University of Toronto and Vector Institute), Roei Schuster (Vector Institute), Ali Shahin Shamsabadi (Vector Institute and The Alan Turing Institute), Ilia Shumailov (Vector Institute), Nicolas Papernot (University of Toronto and Vector Institute)
Masterkey attacks against free-text keystroke dynamics and security implications of demographic factors Tim Van hamme (imec - DistriNet, KU Leuven), Giuseppe Garofalo (imec - DistriNet, KU Leuven), Davy Preuveneers (imec - DistriNet, KU Leuven), Wouter Joosen (imec - DistriNet, KU Leuven)
MISO: Legacy-compatible Privacy-preserving Single Sign-on using Trusted Execution Environments Rongwu Xu (Tsinghua University), Sen Yang (Yale University), Fan Zhang (Yale University), Zhixuan Fang (Tsinghua University), Rongwu Xu (Tsinghua University), Sen Yang (Yale University)
Multi-Factor Credential Hashing for Asymmetric Brute-Force Attack Resistance Vivek Nair (UC Berkeley), Dawn Song (UC Berkeley)
NodeMedic: End-to-End Analysis of Node.js Vulnerabilities with Provenance Graphs Darion Cassel (Carnegie Mellon University), Limin Jia (Carnegie Mellon University), Wai Tuck Wong (Singapore Management University)
Protecting Voice-Controllable Devices Against Self-Issued Voice Commands Sergio Esposito (Royal Holloway University of London), Daniele Sgandurra (Royal Holloway University of London), Giampaolo Bella (Università degli Studi di Catania)
Principled Side-Channel Mitigation through Microarchitectural Profiling Marton Bognar (KU Leuven), Hans Winderix (KU Leuven), Jo Van Bulck (KU Leuven), Frank Piessens (KU Leuven)
Privately Evaluating Region Overlaps with Applications to Collaborative Sensor Output Validation Anrin Chakraborti (Duke University), Michael K. Reiter (Duke University)
Privformer: Privacy-preserving Transformer with MPC Yoshimasa Akimoto (University of Tsukuba), Kazuto Fukuchi (University of Tsukuba), Yohei Akimoto (University of Tsukuba), Jun Sakuma (University of Tsukuba / RIKEN AIP)
Proof-of-Learning is Currently More Broken Than You Think Congyu Fang (University of Toronto and Vector Institute), Hengrui Jia (University of Toronto and Vector Institute), Anvith Thudi (University of Toronto and Vector Institute), Mohammad Yaghini (University of Toronto and Vector Institute), Christopher A. Choquette-Choo (Google), Natalie Dullerud (University of Toronto and Vector Institute), Varun Chandrasekaran (Microsoft Research & University of Illinois Urbana-Champaign), Nicolas Papernot (University of Toronto and Vector Institute)
Conjunctive Searchable Symmetric Encryption from Hard Lattices Debadrita Talapatra (IIT Kharagpur, India), Sikhar Patranabis (IBM Research, India), Debdeep Mukhopadhyay (IIT Kharagpur, India)
Recurring Contingent Service Payment Aydin Abadi (University College London), Steven J. Murdoch (University College London), Thomas Zacharias (University of Edinburgh)
Revelio: A Network-Level Attack Against the Privacy in the Lightning Network Theo von Arx (ETH Zurich), Muoi Tran (ETH Zurich), Laurent Vanbever (ETH Zurich)
SIM: Secure Interval Membership Testing and Applications to Secure Comparison Albert Yu (Purdue University), Donghang Lu (Purdue University), Aniket Kate (Purdue University), Hemanta K. Maji (Purdue University)
SMART Credentials in the Multi-queue of Slackness (or Secure Management of Anonymous Reputation Traits without Global Halting) Jack P. K. Ma (The Chinese University of Hong Kong), Sherman S. M. Chow (The Chinese University of Hong Kong)
smartFHE: Privacy-Preserving Smart Contracts from Fully Homomorphic Encryption Ravital Solomon (Sunscreen), Rick Weber (Sunscreen), Ghada Almashaqbeh (University of Connecticut)
SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots Marcin Nawrocki (Freie Universität Berlin), John Kristoff (NETSCOUT, University of Illinois at Chicago), Chris Kanich (University of Illinois at Chicago), Raphael Hiesgen (HAW Hamburg), Thomas C. Schmidt (HAW Hamburg), Matthias Wählisch (Freie Universität Berlin)
SoK: Analysis of Root Causes and Defense Strategies for Attacks on Microarchitectural Optimizations Nadja Ramhöj Holtryd (Chalmers University of Technology), Madhavan Manivannan (Chalmers University of Technology), Per Stenström (Chalmers University of Technology)
SoK: Content Moderation in Social Media, from Guidelines to Enforcement, and Research to Practice Mohit Singhal (The University of Texas at Arlington), Chen Ling (Boston University), Pujan Paudel (Boston University), Poojitha Thota (The University of Texas at Arlington), Nihal Kumarswamy (The University of Texas at Arlington), Gianluca Stringhini (Boston University), Shirin Nilizadeh (The University of Texas at Arlington)
SoK: Data Sovereignty Jens Ernstberger (Technical University of Munich), Jan Lauinger (Technical University of Munich), Fatima Elsheimy (Yale University), Liyi Zhou (Imperial College London), Sebastian Steinhorst (Technical University of Munich), Arthur Gervais (University College London), Dawn Song (UC Berkeley)
SoK: Explainable Machine Learning for Computer Security Applications Azqa Nadeem (Delft University of Technology), Daniël Vos (Delft University of Technology), Clinton Cao (Delft University of Technology), Luca Pajola (University of Padua), Simon Dieck (Delft University of Technology), Robert Baumgartner (Delft University of Technology), Sicco Verwer (Delft University of Technology)
SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection Giovanni Apruzzese (University of Liechtenstein), Pavel Laskov (University of Liechtenstein), Johannes Schneider (University of Liechtenstein)
SoK: Rethinking Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View Yuan Xu (Nanyang Technological University), Xingshuo Han (Nanyang Technological University), Gelei Deng (Nanyang Technological University), Jiwei Li (Zhejiang University), Yang Liu (Nanyang Technological University), Tianwei Zhang (Nanyang Technological University)
SOK: Side Channel Monitoring for Additive Manufacturing - Bridging Cybersecurity and Quality Assurance Communities Muhammad Ahsan (Virginia Commonwealth University), Muhammad Haris Rais (Virginia Commonwealth University), Irfan Ahmed (Virginia Commonwealth University)
Systematic Improvement of Access-Stratum Security in Mobile Networks Rhys Miller (University of Surrey), Ioana Boureanu (University of Surrey), Steve Wesemeyer (University of Surrey), Hemant Zope (Fraunhofer Society), Zhili Sun (University of Surrey)
Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code Ferhat Erata (Yale University), Ruzica Piskac (Yale University), Victor Mateu (Technology Innovation Institute), Jakub Szefer (Yale University)
Towards Fine-Grained Localization of Privacy Behaviors Vijayanta Jain (University of Maine), Sepideh Ghanavati (University of Maine), Sai Teja Peddinti (Google Inc.), Collin McMillan (University of Notre Dame)
Understanding the Security Risks of Decentralized Exchanges in the Wild Jiaqi Chen (Syracuse University), Yibo Wang (Syracuse University), Yuxuan Zhou (Syracuse University), Wanning Ding (Syracuse University), Yuzhe Tang (Syracuse University), XiaoFeng Wang (Indiana University Bloomington), Kai Li (San Diego State University)
Understanding, Measuring, and Detecting Modern Technical Support Scams Jienan Liu (University of Georgia), Pooja Pun (University of New Orleans), Phani Vadrevu (University of New Orleans), Roberto Perdisci (University of Georgia and Georgia Tech)
Watermarking Graph Neural Networks based on Backdoor Attacks Jing Xu (Delft University of Technology), Stefanos Koffas (Delft University of Technology), Oguzhan Ersoy (Radboud University), Stjepan Picek (Radboud University)
When the Curious Abandon Honesty: Federated Learning Is Not Private Franziska Boenisch (Vector Institute), Adam Dziedzic (University of Toronto and Vector Institute), Roei Schuster (Vector Institute), Ali Shahin Shamsabadi (Vector Institute and The Alan Turing Institute), Ilia Shumailov (Vector Institute), Nicolas Papernot (University of Toronto and Vector Institute)
You Cannot Always Win the Race: Analyzing mitigations for branch target prediction attacks Alyssa Milburn (Intel Corporation), Ke Sun (Intel Corporation), Henrique Kawakami (Intel Corporation)

Distinguished Paper Award Winners

IEEE Euro S&P 2023 Distinguished Reviewers

Distinguished Paper Award Finalists