42nd IEEE Symposium & Workshops on Security and Privacy

Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

Post-Quantum WireGuard

SoK: Quantifying Cyber Risk

Which Privacy and Security Attributes Most Impact Consumers‚ At Risk Perception and Willingness to Purchase IoT Devices?

Session Chair

Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings

Session Chair // Shadow PC Chair for IEEE S&P

Program Chair / Session Chair

Ethics in Security and Privacy Research Panel

Ethics in Security and Privacy Research Panel

Ethics in Security and Privacy Research Panel

Intelligent Application Security

Synthesizing Allowlists With RASPunzel

Near Real-time Learning and Extraction of Cyberattack Behavior Models

Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect

Sustainable Software Security Program

Consent Management Platforms under the GDPR: Processors or Controllers?

Can privacy terms be negotiated in Solid’s personal datastores?

Demystifying Trust Domain Attestation via Formal Verification

Synthetic Data is the missing cog in the machine for financial crime controls

Threshold Group Distance Bounding

Poltergeist: Acoustic Manipulation of Image Stabilization towards Object Mis-Labeling

Session Chair

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

SoK: Quantifying Cyber Risk

Post-Quantum WireGuard

Merkle^2: A Low-Latency Transparency Log System

Session Chair

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Self-Supervised Euphemism Detection and Identification for Content Moderation

Invisible Probe: Timing Attacks with PCIe Congestion Side-channel

Session Chair

PLATYPUS: Software-based Power Side-Channel Attacks on x86

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Is Private Learning Possible with Instance Encoding?

DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers

Is Private Learning Possible with Instance Encoding?

Is Private Learning Possible with Instance Encoding?

Session Chair

Defensive Technology Use by Political Activists During the Sudanese Revolution

Defensive Technology Use by Political Activists During the Sudanese Revolution

Red Belly: a Deterministic Scalable Open Permissioned Blockchain

Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma

DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices

Data Privacy in Trigger-Action IoT Systems

Session Chair

An Interactive Prover for Protocol Verification in the Computational Model

An I/O Separation Model for Formal Verification of Kernel Implementations

An I/O Separation Model for Formal Verification of Kernel Implementations

Session Chair

SmartPulse: Automated Checking of Temporal Properties in Smart Contracts

Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority

Compact Certificates of Collective Knowledge

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

Session Chair

STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems

Session Chair

SoK: Computer-Aided Cryptography

CRYLOGGER: Detecting Crypto Misuses Dynamically

Session Chair

SoK: All You Ever Wanted to Know About Binary Disassembly But Were Afraid to Ask

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Manipulation Attacks in Local Differential Privacy

Session Chair

Detecting AI Trojans Using Meta Neural Analysis

Learning Differentially Private Mechanisms

Bitcoin-Compatible Virtual Channels

Bitcoin-Compatible Virtual Channels

On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols

Lockable Signatures for Blockchains: Scriptless Scripts for all Signatures

Systematic Analysis of Randomization-based Protected Cache Architectures

Session Chair

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time

Proof-of-Learning: Definitions and Practice

SIRNN: A Math Library for Secure RNN Inference

PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption

SoK: General Purpose Compilers for Secure Multi-Party Computation

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

Black Widow: Blackbox Data-driven Web Scanning

SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically

Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)

Compositional Security for Reentrant Applications

MAD-HTLC: Because HTLC is Crazy-Cheap to Attack

Compositional Security for Reentrant Applications

DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Compositional Security for Reentrant Applications

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Organizing Committee Member for IEEE S&P

Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Session Chair

Method Confusion Attack on the Bluetooth Pairing Process

Method Confusion Attack on the Bluetooth Pairing Process

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

Session Chair

Improving Password Guessing via Representation Learning

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites

SoK: Security and Privacy in the Age of Commercial Drones

Compositional Non-Interference for Fine-Grained Concurrent Programs

When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient

A First Look at Zoombombing

A First Look at Zoombombing

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Breaking the Specification: PDF Certfiication

Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks

Session Chair

A Decentralized and Encrypted National Gun Registry

Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

Epochal Signatures for Deniable Group Chats

The Provable Security of Ed25519: Theory and Practice

Session Chair

Survivalism: Systematic Analysis of Malware Living-Off-The-Land

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems

Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures.

Session Chair

Session Chair

A Secure and Formally Verified Linux KVM Hypervisor

Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

Good Bot, Bad Bot: Characterizing Automated Browsing Activity

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Happer: Unpacking Android Apps via a Hardware-Assisted Approach

BUFFing signature schemes beyond unforgettability and the case of post-quantum signatures

The EMV Standard: Break, Fix, Verify

General Chair of IEEE S&P

Program Chair

Intel Rep

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Video Chair for IEEE S&P // Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Session Chair

Session Chair

Session Chair

Session Chair

Session Chair

Session Chair

Hardware-Software Contracts for Secure Speculation

Session Chair

Hardware-Software Contracts for Secure Speculation

CrossTalk: Speculative Data Leaks Across Cores Are Real

CrossTalk: Speculative Data Leaks Across Cores Are Real

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis

DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection

A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces

CRYLOGGER: Detecting Crypto Misuses Dynamically

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

Lightweight Techniques for Private Heavy Hitters // Session Chair

Proof-of-Learning: Definitions and Practice

Session Chair

Session Chair

Session Chair

MC for the Intel Awards

Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)

Proof-of-Learning: Definitions and Practice

Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages

Awards Chair

When Function Signature Recovery Meets Compiler Optimization

Invisible for both Camera and LiDAR

CANnon: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Proactive Threshold Wallets with Offline Devices

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Panelist

Adversary Instantiation // Proof-of-Learning: Definitions and Practice

Session Chair

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs

On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols

Many-out-of-Many Proofs and Applications to Anonymous Zether

Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement

Session Chair

Session Chair

Session Chair

Machine Unlearning

Session Chair

humanID: One-Click Anonymous Login

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

SIRNN: A Math Library for Secure RNN Inference

Session Chair

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

Proof-of-Learning: Definitions and Practice

Session Chair

A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer

Learning Differentially Private Mechanisms

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

humanID: One-Click Anonymous Login

Hear “No Evil”, See “Kenansville” // SoK: The Faults in our ASRs

VP/Registration Chair for IEEE S&P

Treasurer for IEEE S&P

Deep Learning and Security Workshop Organizer

Arbitrar, User-Guided API Misuse Detection

Session Chair

WTMC Workshop Organizer

WTMC Workshop Organizer

A Decentralized and Encrypted National Gun Registry

SafeThings Workshop Organizer

SafeThings Workshop Organizer

SafeThings Workshop Organizer

WOOT Workshop Organizer