Delft, July 3-7, 2023
8th IEEE European Symposium on Security and Privacy
| "Act natural!": Exchanging Private Messages on Public Blockchains | (University of Lübeck), (University of Lübeck), (University of Lübeck), (University of Lübeck) |
| A Certified Radius-Guided Attack Framework to Image Segmentation Models | (Huazhong University of Science and Technology), (Beijing Institute of Technology), (Illinois Institute of Technology) |
| A Formal Model to Study CPS Safety in an Adversarial Setting | (CISPA Helmholtz Center for Information Security), (CNRS France), (UC Santa Cruz), (UC Santa Cruz), (Singapore University of Technology and Design) |
| A Generic Obfuscation Framework for Preventing ML-Attacks on Strong-PUFs through Exploitation of DRAM-PUFs | (University of Sheffield), (Kocaeli University), (Queen's University Belfast), (University of Sheffield), (University of Sheffield), (University of Passau) |
| Active Countermeasures for Email Fraud | (University of Bristol), (City University of Hong Kong), (University of Bristol) |
| An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph | (University of Texas at San Antonio), (University of the Incarnate Word), (University of Texas at San Antonio), (University of Texas at San Antonio), (University of Texas at San Antonio) |
| Android, notify me when it is time to go phishing | (University of Genoa), (EURECOM), (University of Genoa), (EURECOM), (EURECOM) |
| Anomaly-based Filtering of Application-Layer DDoS Against DNS Authoritatives | (CISPA Helmholtz Center for Information Security), (CISPA Helmholtz Center for Information Security) |
| AoT - Attack on Things: A security analysis of IoT firmware updates | (Purdue University), (University of Twente), (Purdue University) |
| Asynchronous Remote Key Generation for Post-Quantum Cryptosystems from Lattices | (University of Surrey), (University of Surrey), (Universität der Bundeswehr München) |
| Automatic verification of transparency protocols | (INRIA Paris, France), (Valory AG, Switzerland), (University of Birmingham) |
| Been here already? Detecting Synchronized Browsers in the Wild | (University of Cyprus), (University of Cyprus) |
| Careful with MAc-then-SIGn: A Computational Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol | (ETH Zurich), (Trail of Bits) |
| Certifiably Vulnerable: Using Certificate Transparency Logs for Target Reconnaissance | (University of California, Santa Barbara), (Delft University of Technology), (Max Planck Institute for Informatics), (University of California, Santa Barbara), (University of California, Santa Barbara) |
| CHERI-TrEE: Flexible enclaves on capability machines | (KU Leuven), (KU Leuven), (University of Birmingham), (University of Birmingham), (Vrije Universiteit Brussel), (University of Birmingham), (KU Leuven), (KU Leuven) |
| Chrowned by an Extension: Exploiting the Chrome DevTools Protocol | (Universidad Carlos III de Madrid), (IMDEA Networks/AppCensus), (Universidad Carlos III de Madrid) |
| Code Vulnerability Detection via Signal-Aware AI | (IBM Research), (UCSD), (IBM Research), (IBM Research), (IBM Research), (IBM Research) |
| CommiTEE: An Efficient and Secure Commit-Chain Protocol using TEEs | (TU Darmstadt), (TU Darmstadt), (TU Darmstadt), (Fraunhofer sit) |
| Comprehensively Analyzing the Impact of Cyberattacks on Power Grids | (Fraunhofer FKIE & RWTH Aachen University), (Fraunhofer FKIE), (Fraunhofer FKIE & RWTH Aachen University), (RWTH Aachen University & Fraunhofer FIT), (Fraunhofer FIT), (RWTH Aachen University & Fraunhofer FIT), (RWTH Aachen University), (Fraunhofer FKIE), (RWTH Aachen University & Fraunhofer FKIE) |
| Coverage and Secure Use Analysis of Content Security Policies via Clustering | (Colorado School of Mines), (Colorado School of Mines) |
| DarkDialogs: Automated detection of 10 dark patterns on cookie dialogs | (University of Edinburgh), (University of Edinburgh), (University of Edinburgh) |
| EF/CF: High Performance Smart Contract Fuzzing for Exploit Generation | (Amazon Web Services), (University of Duisburg-Essen), (NEC Laboratories Europe), (Ruhr University Bochum), (CISPA Helmholtz Center for Information Security), (Ruhr University Bochum), (University of Duisburg-Essen) |
| Exploring Smart Commercial Building Occupants' Perceptions and Notification Preferences of Internet of Things Data Collection in the United States | (University of Virginia), (University of Virginia), (University of Maryland, Baltimore County), (University of Vermont), (University of Virginia), (Carnegie Mellon University), (University of California, Los Angeles) |
| faulTPM: Exposing AMD fTPMs’ Deepest Secrets | (Technische Universität Berlin), (Technische Universität Berlin), (Technische Universität Berlin), (Technische Universität Berlin) |
| Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis | (North Carolina State University), (North Carolina State University), (North Carolina State University), (North Carolina State University) |
| Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy | (University of California, San Diego), (Stanford University), (University of Twente), (University of California, San Diego), (University of California, San Diego), (University of California, San Diego), (University of California, San Diego) |
| From Dragondoom to Dragonstar: Side-channel Attacks and Formally Verified Implementation of WPA3 Dragonfly Handshake | (Université de Rennes 1, CNRS, IRISA), (Université de Rennes 1, CNRS, IRISA), (Université de Rennes 1, CNRS, IRISA), (Mozilla), (INRIA) |
| Fuzzing SGX Enclaves via Host Program Mutations | (Purdue University), (Purdue University), (Purdue University), (Purdue University), (Purdue University), (Purdue University) |
| GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks | (University of Bologna), (Sapienza University of Rome), (University of Padua / Delft University of Technology), (Sapienza University of Rome), (University of Padua), (University of Bologna) |
| CHEX-MIX: Combining Homomorphic Encryption with Trusted Execution Environments for Oblivious Inference in the Cloud | (University of Michigan-Ann Arbor), (University of Michigan-Ann Arbor), (Microsoft Research), (University of Michigan-Ann Arbor) |
| Hunting for Truth: Analyzing Explanation Methods in Learning-based Vulnerability Discovery | (SAP Security Research), (SAP Security Research), (SAP Security Research), (Technische Universität Braunschweig) |
| Reconstructing Individual Data Points in Federated Learning Hardened with Differential Privacy and Secure Aggregation | (Vector Institute), (University of Toronto and Vector Institute), (Vector Institute), (Vector Institute and The Alan Turing Institute), (Vector Institute), (University of Toronto and Vector Institute) |
| Masterkey attacks against free-text keystroke dynamics and security implications of demographic factors | (imec - DistriNet, KU Leuven), (imec - DistriNet, KU Leuven), (imec - DistriNet, KU Leuven), (imec - DistriNet, KU Leuven) |
| MISO: Legacy-compatible Privacy-preserving Single Sign-on using Trusted Execution Environments | (Tsinghua University), (Yale University), (Yale University), (Tsinghua University), (Tsinghua University), (Yale University) |
| Multi-Factor Credential Hashing for Asymmetric Brute-Force Attack Resistance | (UC Berkeley), (UC Berkeley) |
| NodeMedic: End-to-End Analysis of Node.js Vulnerabilities with Provenance Graphs | (Carnegie Mellon University), (Carnegie Mellon University), (Singapore Management University) |
| Protecting Voice-Controllable Devices Against Self-Issued Voice Commands | (Royal Holloway University of London), (Royal Holloway University of London), (Università degli Studi di Catania) |
| MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling | (KU Leuven), (KU Leuven), (KU Leuven), (KU Leuven) |
| Privately Evaluating Region Overlaps with Applications to Collaborative Sensor Output Validation | (Duke University), (Duke University) |
| Privformer: Privacy-preserving Transformer with MPC | (University of Tsukuba), (University of Tsukuba), (University of Tsukuba), (University of Tsukuba / RIKEN AIP) |
| Proof-of-Learning is Currently More Broken Than You Think | (University of Toronto and Vector Institute), (University of Toronto and Vector Institute), (University of Toronto and Vector Institute), (University of Toronto and Vector Institute), (Google), (University of Toronto and Vector Institute), (Microsoft Research & University of Illinois Urbana-Champaign), (University of Toronto and Vector Institute) |
| Conjunctive Searchable Symmetric Encryption from Hard Lattices | (IIT Kharagpur, India), (IBM Research, India), (IIT Kharagpur, India) |
| Recurring Contingent Service Payment | (University College London), (University College London), (University of Edinburgh) |
| Revelio: A Network-Level Attack Against the Privacy in the Lightning Network | (ETH Zurich), (ETH Zurich), (ETH Zurich) |
| SIM: Secure Interval Membership Testing and Applications to Secure Comparison | (Purdue University), (Purdue University), (Purdue University), (Purdue University) |
| SMART Credentials in the Multi-queue of Slackness (or Secure Management of Anonymous Reputation Traits without Global Halting) | (The Chinese University of Hong Kong), (The Chinese University of Hong Kong) |
| smartFHE: Privacy-Preserving Smart Contracts from Fully Homomorphic Encryption | (Sunscreen), (Sunscreen), (University of Connecticut) |
| SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots | (Freie Universität Berlin), (NETSCOUT, University of Illinois at Chicago), (University of Illinois at Chicago), (HAW Hamburg), (HAW Hamburg), (Freie Universität Berlin) |
| SoK: Analysis of Root Causes and Defense Strategies for Attacks on Microarchitectural Optimizations | (Chalmers University of Technology), (Chalmers University of Technology), (Chalmers University of Technology) |
| SoK: Content Moderation in Social Media, from Guidelines to Enforcement, and Research to Practice | (The University of Texas at Arlington), (Boston University), (Boston University), (The University of Texas at Arlington), (The University of Texas at Arlington), (Boston University), (The University of Texas at Arlington) |
| SoK: Data Sovereignty | (Technical University of Munich), (Technical University of Munich), (Yale University), (Imperial College London), (Technical University of Munich), (University College London), (UC Berkeley) |
| SoK: Explainable Machine Learning for Computer Security Applications | (Delft University of Technology), (Delft University of Technology), (Delft University of Technology), (University of Padua), (Delft University of Technology), (Delft University of Technology), (Delft University of Technology) |
| SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection | (University of Liechtenstein), (University of Liechtenstein), (University of Liechtenstein) |
| SoK: Rethinking Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View | (Nanyang Technological University), (Nanyang Technological University), (Nanyang Technological University), (Zhejiang University), (Nanyang Technological University), (Nanyang Technological University) |
| SOK: Side Channel Monitoring for Additive Manufacturing - Bridging Cybersecurity and Quality Assurance Communities | (Virginia Commonwealth University), (Virginia Commonwealth University), (Virginia Commonwealth University) |
| Systematic Improvement of Access-Stratum Security in Mobile Networks | (University of Surrey), (University of Surrey), (University of Surrey), (Fraunhofer Society), (University of Surrey) |
| Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code | (Yale University), (Yale University), (Technology Innovation Institute), (Yale University) |
| Towards Fine-Grained Localization of Privacy Behaviors | (University of Maine), (University of Maine), (Google Inc.), (University of Notre Dame) |
| Understanding the Security Risks of Decentralized Exchanges in the Wild | (Syracuse University), (Syracuse University), (Syracuse University), (Syracuse University), (Syracuse University), (Indiana University Bloomington), (San Diego State University) |
| Understanding, Measuring, and Detecting Modern Technical Support Scams | (University of Georgia), (University of New Orleans), (University of New Orleans), (University of Georgia and Georgia Tech) |
| Watermarking Graph Neural Networks based on Backdoor Attacks | (Delft University of Technology), (Delft University of Technology), (Radboud University), (Radboud University) |
| When the Curious Abandon Honesty: Federated Learning Is Not Private | (Vector Institute), (University of Toronto and Vector Institute), (Vector Institute), (Vector Institute and The Alan Turing Institute), (Vector Institute), (University of Toronto and Vector Institute) |
| You Cannot Always Win the Race: Analyzing mitigations for branch target prediction attacks | (Intel Corporation), (Intel Corporation), (Intel Corporation) |