Skip to content

42nd IEEE Symposium & Workshops on Security and Privacy

Calendar icon to

Proudly supported by

Speakers

Cristina Cifuentes

Intelligent Application Security

Adria Gascon

Session Chair

Yanfang (Fanny) Ye

Session Chair

Joseph Bonneau

Ethics in Security and Privacy Research Panel

Roger Dingledine

Ethics in Security and Privacy Research Panel

Katie Shilton

Ethics in Security and Privacy Research Panel

Andreas Hülsing

Post-Quantum WireGuard

Daniel Turner-Szymkiewicz

Synthetic Data is the missing cog in the machine for financial crime controls

Daniel W Woods

SoK: Quantifying Cyber Risk

Adam Doupé

Session Chair

Sahar Abdelnabi

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

Tapti Palit

DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection

François Gauthier

Synthesizing Allowlists With RASPunzel

Shanchieh (Jay) Yang

Near Real-time Learning and Extraction of Cyberattack Behavior Models

Ashish Hooda

Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect

Monica Iovan

Sustainable Software Security Program

Beatriz Esteves

Can privacy terms be negotiated in Solid’s personal datastores?

Midas Nouwens

Consent Management Platforms under the GDPR: Processors or Controllers?

Muhammad Usama Sardar

Demystifying Trust Domain Attestation via Formal Verification

Aysajan Abidin

Threshold Group Distance Bounding

Yuval Yarom

Session Chair

Marco Guarnieri

Hardware-Software Contracts for Secure Speculation

Boris Köpf

Hardware-Software Contracts for Secure Speculation

Hany Ragab

CrossTalk: Speculative Data Leaks Across Cores Are Real

Alyssa Milburn

CrossTalk: Speculative Data Leaks Across Cores Are Real

Fatemeh Ganji

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

Alejandro Mera

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis

Simha Sethumadhavan

CRYLOGGER: Detecting Crypto Misuses Dynamically

Jiaqi HONG

A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces

Thilo Krachenfels

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

Henry Corrigan-Gibbs

Lightweight Techniques for Private Heavy Hitters // Session Chair

Anvith Thudi

Proof-of-Learning: Definitions and Practice

Deian Stefan

Session Chair

Ioana Boureanu

Session Chair

James Davis

Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)

Pardis Emami-Naeini

Which Privacy and Security Attributes Most Impact Consumers‚ At Risk Perception and Willingness to Purchase IoT Devices?

Varun Chandrasekaran

Proof-of-Learning: Definitions and Practice

Jian Xiang

Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages

Tegan Brennan

Awards Chair

Yan Lin

When Function Signature Recovery Meets Compiler Optimization

Ningfei Wang

Invisible for both Camera and LiDAR

Sekar Kulandaivel

CANnon: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Yashvanth Kondi

Proactive Threshold Wallets with Offline Devices

Xiao Wang

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

E K

Panelist

Nicolas Papernot

Adversary Instantiation // Proof-of-Learning: Definitions and Practice

Yi Chen

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Andrew Miller

Session Chair

Hari Venugopalan

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

Erkan Tairi

A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs

Varun Madathil

On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols

Benjamin Diamond

Many-out-of-Many Proofs and Applications to Anonymous Zether

Guillermo Pascual Perez

Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement

Ananth Raghunathan

Session Chair

Vanessa Teague

Session Chair

Arthur Gervais

Session Chair

Zhiyun Qian

Session Chair

Emon Rahman Sahaba

humanID: One-Click Anonymous Login

Arkady Yerukhimovich

Session Chair

Rui Li

Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings

Yuan Tian

Session Chair // Shadow PC Chair for IEEE S&P

Antoine Delignat-Lavaud

A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer

Sherman S. M. Chow

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

Tarek El-Hajjaoui

humanID: One-Click Anonymous Login

Rahul Sharma

SIRNN: A Math Library for Secure RNN Inference

Subhajit Roy

Learning Differentially Private Mechanisms

William Robertson

Session Chair

Guevara Noubir

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

Nick (Hengrui) Jia

Proof-of-Learning: Definitions and Practice

Aniket Kate

Session Chair

Jianyu Niu

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Ziyang Li

Arbitrar, User-Guided API Misuse Detection

Hadi Abdullah

Hear “No Evil”, See “Kenansville” // SoK: The Faults in our ASRs

Nathan Dautenhahn

Session Chair

Nikolaos Vasiloglou II

Deep Learning and Security Workshop Organizer

Daniel Takabi

Treasurer for IEEE S&P

Rakesh Bobba

VP/Registration Chair for IEEE S&P

Platon Kotzias

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Stephan van Schaik

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Freddie Barr-Smith

Survivalism: Systematic Analysis of Malware Living-Off-The-Land

Wanzheng Zhu

Self-Supervised Euphemism Detection and Identification for Content Moderation

David Heath

Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs

Muthuramakrishnan Venkitasubramaniam

Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority

Limin Jia

Session Chair

Wen-jie Lu

PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption

Chengbin Pang

SoK: All You Ever Wanted to Know About Binary Disassembly But Were Afraid to Ask

Umar Iqbal

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors

Cas Cremers

Session Chair

Jon Stephens

SmartPulse: Automated Checking of Temporal Properties in Smart Contracts

Leonid Reyzin

Compact Certificates of Collective Knowledge

Brendan DolanGavitt

Session Chair

Jaewon Hur

DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs

Andrea Possemato

Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization

Sahar Abdelnabi

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

Xiaoyu Ji

Poltergeist: Acoustic Manipulation of Image Stabilization towards Object Mis-Labeling

Adam Aviv

Session Chair

Deepak Kumar

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

Jason Xue

Session Chair

Rainer Boehme

SoK: Quantifying Cyber Risk

Kai-Chun Ning

Post-Quantum WireGuard

XiaoFeng Wang

Session Chair

Yuncong Hu

Merkle^2: A Low-Latency Transparency Log System

Wanzheng Zhu

Self-Supervised Euphemism Detection and Identification for Content Moderation

Junpeng Wan

Invisible Probe: Timing Attacks with PCIe Congestion Side-channel

Moritz Lipp

PLATYPUS: Software-based Power Side-Channel Attacks on x86

Daniel Genkin

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Yossi Oren

Session Chair

Benjamin Bichsel

DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers

Nicholas Carlini

Is Private Learning Possible with Instance Encoding?

Saeed Mahloujifar

Is Private Learning Possible with Instance Encoding?

Florian Tramer

Is Private Learning Possible with Instance Encoding?

Carmela Troncoso

Session Chair

Luca Piccolboni

CRYLOGGER: Detecting Crypto Misuses Dynamically

Marcus Peinado

Session Chair

Alaa Daffalla

Defensive Technology Use by Political Activists During the Sudanese Revolution

Lucy Simko

Defensive Technology Use by Political Activists During the Sudanese Revolution

Vincent Gramoli

Red Belly: a Deterministic Scalable Open Permissioned Blockchain

Joachim Neu

Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma

Simon Rohlmann

Breaking the Specification: PDF Certfiication

Nilo Redini

DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices

Yunang Chen

Data Privacy in Trigger-Action IoT Systems

Kasper Rasmussen

Session Chair

Charlie Jacomme

An Interactive Prover for Protocol Verification in the Computational Model

Virgil Gligor

An I/O Separation Model for Formal Verification of Kernel Implementations

Miao Yu

An I/O Separation Model for Formal Verification of Kernel Implementations

Yongheng Chen

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

Rui Zhong

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

Thomas Bourgeat

Intel Award Finalist

Zhuo Zhang

STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

Jaeseung Choi

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

Daejin Lee

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

Guangke Chen

Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems

Kevin Liao

SoK: Computer-Aided Cryptography

XIUHUA WANG

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

Michael Franz

Session Chair

Xueling Zhang

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Mohammad Yaghini

Proof-of-Learning: Definitions and Practice

Amir Rahmati

SafeThings Workshop Organizer

Jonathan Ullman

Manipulation Attacks in Local Differential Privacy

Olya Ohrimenko

Session Chair

Wei Meng

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Haobin Ni

Compositional Security for Reentrant Applications

Rui Zhang

Video Chair for IEEE S&P // Intel Award Finalist

Liyi Zhou

High-Frequency Trading on Decentralized On-Chain Exchanges

Christopher Fletcher

Intel Award Finalist

Xiaojun Xu

Detecting AI Trojans Using Meta Neural Analysis

Justin Hsu

Learning Differentially Private Mechanisms

Dario Pasquini

Improving Password Guessing via Representation Learning

Lukas Aumayr

Bitcoin-Compatible Virtual Channels

Andreas Erwig

Bitcoin-Compatible Virtual Channels

Tai D Nguyen

SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically

Liyi Zhou

On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols

Chelsea Hubbs

Intel Rep

Sri AravindaKrishnan Thyagarajan

Lockable Signatures for Blockchains: Scriptless Scripts for all Signatures

Antoon Purnal

Systematic Analysis of Randomization-based Protected Cache Architectures

David Lie

Session Chair

Wei Song

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

Timothy Trippel

Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time

Deevashwer Rathee

SIRNN: A Math Library for Secure RNN Inference

Gertjan Franken

Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems

XiaoFeng Wang

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Seny Kamara

A Decentralized and Encrypted National Gun Registry

Alexander Viand

SoK: General Purpose Compilers for Secure Multi-Party Computation

Florian Weber

Epochal Signatures for Deniable Group Chats

Penghui Zhang

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

Adam Oest

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

Benjamin Eriksson

Black Widow: Blackbox Data-driven Web Scanning

Amit Klein

Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)

Samaneh Tajalizadehkhoob

WTMC Workshop Organizer

XiaoFeng Wang

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Carlos Ganan

WTMC Workshop Organizer

Itay Tsabary

MAD-HTLC: Because HTLC is Crazy-Cheap to Attack

Ethan Cecchetti

Compositional Security for Reentrant Applications

Lucy Qin

A Decentralized and Encrypted National Gun Registry

Andrew Myers

Compositional Security for Reentrant Applications

Daniel Votipka

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Bryan Parno

Organizing Committee Member for IEEE S&P

Michelle Mazurek

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Chenkai Weng

Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits

Yepeng Yao

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Nicolas Huaman

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites

Maximilian von Tschirschnitz

Method Confusion Attack on the Bluetooth Pairing Process

Ludwig Peuckert

Method Confusion Attack on the Bluetooth Pairing Process

Norbert Ludant

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

Deepak Maram

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

Jasleen Malvai

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

Ben Nassi

SoK: Security and Privacy in the Age of Commercial Drones

Dominique Schroeder

Session Chair

Dan Frumin

Compositional Non-Interference for Fine-Grained Concurrent Programs

Cheng Shen

When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient

Chen Ling

A First Look at Zoombombing

Gianluca Stringhini

A First Look at Zoombombing

Yinxi Liu

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Evgenios Kornaropoulos

Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks

David Cash

Session Chair

Freddie Barr-Smith

Survivalism: Systematic Analysis of Malware Living-Off-The-Land

Brendan Saltaformaggio

Session Chair

Platon Kotzias

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Zainul Din

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

Christina Poepper

Session Chair

Mang Zhao

The Provable Security of Ed25519: Theory and Practice

Iskander Sanchez-Rola

Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

Quan Chen

Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures.

Cas Cremers

Session Chair

Shih-Wei Li

A Secure and Formally Verified Linux KVM Hypervisor

Thomas Haines

Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting

Zhihao Bai

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

Xigao Li

Good Bot, Bad Bot: Characterizing Automated Browsing Activity

James Weimer

SafeThings Workshop Organizer

Eduardo Blázquez

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Xiali (Sharon) Hei

SafeThings Workshop Organizer

Hao Zhou

Happer: Unpacking Android Apps via a Hardware-Assisted Approach

Gang (Gary) Tan

Session Chair

Rune Fiedler

BUFFing signature schemes beyond unforgettability and the case of post-quantum signatures

Jorge Toro

The EMV Standard: Break, Fix, Verify

Emily Shen

Session Chair

Jiyong Yu

Intel Award Finalist

Álvaro Cárdenas

General Chair of IEEE S&P

Alina Oprea

Program Chair

Christian Rossow

Session Chair

Isaura Gaeta

MC for the Intel Awards

Thorsten Holz

Program Chair / Session Chair

Jules Dream

Intel Award Finalist

Adam Morrison

Intel Award Finalist

Cynthia Sturton

Intel Award Finalist

Craig Disselkoen

Intel Award Finalist

Sunjay Cauligi

Intel Award Finalist

Aurélien Francillon

WOOT Workshop Organizer

Booths

Intel

Do Something Wonderful

IBM

IBM Research: Inventing What’s Next.

Apple

Join us. Be you.

Google

Google Security and Privacy

ByteDance

bytedance.com

Palo Alto Networks

paloaltonetworks.com

The CERT Division Carnegie Mellon University Software Engineering Institute

Bringing CERTainty to your organization through advanced methods and technologies.

Technology Innovation Institute

Innovation for a better world

MIT Lincoln Laboratory

MIT Lincoln Laboratory - Technolgy in Support of National Security

Qualcomm

Qualcomm Product Security - We take security vulnerabilities very seriously and always seek to respond appropriately.