42nd IEEE Symposium & Workshops on Security and Privacy

Post-Quantum WireGuard

Treasurer for IEEE S&P

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization

SoK: Quantifying Cyber Risk

Which Privacy and Security Attributes Most Impact Consumers‚ At Risk Perception and Willingness to Purchase IoT Devices?

Session Chair // Shadow PC Chair for IEEE S&P

Session Chair

Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings

Intel Award Finalist

Video Chair for IEEE S&P // Intel Award Finalist

Ethics in Security and Privacy Research Panel

Can privacy terms be negotiated in Solid’s personal datastores?

Synthesizing Allowlists With RASPunzel

Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect

Demystifying Trust Domain Attestation via Formal Verification

Intelligent Application Security

Threshold Group Distance Bounding

Near Real-time Learning and Extraction of Cyberattack Behavior Models

Intel Award Finalist

Program Chair / Session Chair

Sustainable Software Security Program

Consent Management Platforms under the GDPR: Processors or Controllers?

Synthetic Data is the missing cog in the machine for financial crime controls

Session Chair

Ethics in Security and Privacy Research Panel

Ethics in Security and Privacy Research Panel

Intel Award Finalist

Intel Award Finalist

A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces

Invisible for both Camera and LiDAR

Adversary Instantiation // Proof-of-Learning: Definitions and Practice

Many-out-of-Many Proofs and Applications to Anonymous Zether

When Function Signature Recovery Meets Compiler Optimization

Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement

Self-Supervised Euphemism Detection and Identification for Content Moderation

Defensive Technology Use by Political Activists During the Sudanese Revolution

Data Privacy in Trigger-Action IoT Systems

An I/O Separation Model for Formal Verification of Kernel Implementations

SmartPulse: Automated Checking of Temporal Properties in Smart Contracts

DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers

Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

Manipulation Attacks in Local Differential Privacy

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

A First Look at Zoombombing

Invisible Probe: Timing Attacks with PCIe Congestion Side-channel

Session Chair

Session Chair

Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time

Compositional Security for Reentrant Applications

Poltergeist: Acoustic Manipulation of Image Stabilization towards Object Mis-Labeling

Session Chair

SoK: Quantifying Cyber Risk

Is Private Learning Possible with Instance Encoding?

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Session Chair

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

Learning Differentially Private Mechanisms

Lockable Signatures for Blockchains: Scriptless Scripts for all Signatures

Proof-of-Learning: Definitions and Practice

Organizing Committee Member for IEEE S&P

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Good Bot, Bad Bot: Characterizing Automated Browsing Activity

Session Chair

SoK: All You Ever Wanted to Know About Binary Disassembly But Were Afraid to Ask

Detecting AI Trojans Using Meta Neural Analysis

Bitcoin-Compatible Virtual Channels

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

Session Chair

Defensive Technology Use by Political Activists During the Sudanese Revolution

An Interactive Prover for Protocol Verification in the Computational Model

Session Chair

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

SIRNN: A Math Library for Secure RNN Inference

PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors

Is Private Learning Possible with Instance Encoding?

Black Widow: Blackbox Data-driven Web Scanning

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks

A Decentralized and Encrypted National Gun Registry

Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures.

BUFFing signature schemes beyond unforgettability and the case of post-quantum signatures

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

Session Chair

Session Chair

MAD-HTLC: Because HTLC is Crazy-Cheap to Attack

Survivalism: Systematic Analysis of Malware Living-Off-The-Land

Happer: Unpacking Android Apps via a Hardware-Assisted Approach

Is Private Learning Possible with Instance Encoding?

DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices

Compositional Security for Reentrant Applications

Session Chair

Program Chair

PLATYPUS: Software-based Power Side-Channel Attacks on x86

CRYLOGGER: Detecting Crypto Misuses Dynamically

Session Chair

Bitcoin-Compatible Virtual Channels

Compositional Security for Reentrant Applications

Session Chair

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites

A First Look at Zoombombing

Intel Award Finalist

Intel Award Finalist

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Red Belly: a Deterministic Scalable Open Permissioned Blockchain

An I/O Separation Model for Formal Verification of Kernel Implementations

Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority

STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems

SoK: Computer-Aided Cryptography

Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems

Merkle^2: A Low-Latency Transparency Log System

Session Chair

Compact Certificates of Collective Knowledge

Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

Compositional Non-Interference for Fine-Grained Concurrent Programs

Epochal Signatures for Deniable Group Chats

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

Post-Quantum WireGuard

SoK: General Purpose Compilers for Secure Multi-Party Computation

Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient

Session Chair

Intel Award Finalist

Intel Award Finalist

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Systematic Analysis of Randomization-based Protected Cache Architectures

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Method Confusion Attack on the Bluetooth Pairing Process

Improving Password Guessing via Representation Learning

SIRNN: A Math Library for Secure RNN Inference

Session Chair

On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols

DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs

Method Confusion Attack on the Bluetooth Pairing Process

SoK: Security and Privacy in the Age of Commercial Drones

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Breaking the Specification: PDF Certfiication

Session Chair

The Provable Security of Ed25519: Theory and Practice

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Intel Rep

Session Chair

General Chair of IEEE S&P

Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs

A Secure and Formally Verified Linux KVM Hypervisor

Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting

The EMV Standard: Break, Fix, Verify

Session Chair

VP/Registration Chair for IEEE S&P

Session Chair

CrossTalk: Speculative Data Leaks Across Cores Are Real

Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)

On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols

Session Chair

Session Chair

Proof-of-Learning: Definitions and Practice

CANnon: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Session Chair

Hardware-Software Contracts for Secure Speculation

Session Chair

Session Chair

Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Lightweight Techniques for Private Heavy Hitters // Session Chair

CrossTalk: Speculative Data Leaks Across Cores Are Real

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

Proof-of-Learning: Definitions and Practice

MC for the Intel Awards

Proactive Threshold Wallets with Offline Devices

Session Chair

Session Chair

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Hardware-Software Contracts for Secure Speculation

Session Chair

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis

Awards Chair

Panelist

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

Session Chair

CRYLOGGER: Detecting Crypto Misuses Dynamically

A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs

Session Chair

Session Chair

Session Chair

humanID: One-Click Anonymous Login

Machine Unlearning

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

Session Chair

Session Chair

Proof-of-Learning: Definitions and Practice

A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer

humanID: One-Click Anonymous Login

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

Learning Differentially Private Mechanisms

Hear “No Evil”, See “Kenansville” // SoK: The Faults in our ASRs

Deep Learning and Security Workshop Organizer

Session Chair

WTMC Workshop Organizer

WTMC Workshop Organizer

Arbitrar, User-Guided API Misuse Detection

WOOT Workshop Organizer

SafeThings Workshop Organizer

SafeThings Workshop Organizer

SafeThings Workshop Organizer

A Decentralized and Encrypted National Gun Registry