42nd IEEE Symposium & Workshops on Security and Privacy

Intelligent Application Security

Session Chair

Session Chair

Ethics in Security and Privacy Research Panel

Ethics in Security and Privacy Research Panel

Ethics in Security and Privacy Research Panel

Post-Quantum WireGuard

Synthetic Data is the missing cog in the machine for financial crime controls

SoK: Quantifying Cyber Risk

Session Chair

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection

Synthesizing Allowlists With RASPunzel

Near Real-time Learning and Extraction of Cyberattack Behavior Models

Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect

Sustainable Software Security Program

Can privacy terms be negotiated in Solid’s personal datastores?

Consent Management Platforms under the GDPR: Processors or Controllers?

Demystifying Trust Domain Attestation via Formal Verification

Threshold Group Distance Bounding

Session Chair

Hardware-Software Contracts for Secure Speculation

Hardware-Software Contracts for Secure Speculation

CrossTalk: Speculative Data Leaks Across Cores Are Real

CrossTalk: Speculative Data Leaks Across Cores Are Real

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis

CRYLOGGER: Detecting Crypto Misuses Dynamically

A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

Lightweight Techniques for Private Heavy Hitters // Session Chair

Proof-of-Learning: Definitions and Practice

Session Chair

Session Chair

Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)

Which Privacy and Security Attributes Most Impact Consumers‚ At Risk Perception and Willingness to Purchase IoT Devices?

Proof-of-Learning: Definitions and Practice

Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages

Awards Chair

When Function Signature Recovery Meets Compiler Optimization

Invisible for both Camera and LiDAR

CANnon: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Proactive Threshold Wallets with Offline Devices

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Panelist

Adversary Instantiation // Proof-of-Learning: Definitions and Practice

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Session Chair

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs

On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols

Many-out-of-Many Proofs and Applications to Anonymous Zether

Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement

Session Chair

Session Chair

Session Chair

Machine Unlearning

Session Chair

humanID: One-Click Anonymous Login

Session Chair

Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings

Session Chair // Shadow PC Chair for IEEE S&P

A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

humanID: One-Click Anonymous Login

SIRNN: A Math Library for Secure RNN Inference

Learning Differentially Private Mechanisms

Session Chair

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

Proof-of-Learning: Definitions and Practice

Session Chair

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Arbitrar, User-Guided API Misuse Detection

Hear “No Evil”, See “Kenansville” // SoK: The Faults in our ASRs

Session Chair

Deep Learning and Security Workshop Organizer

Treasurer for IEEE S&P

VP/Registration Chair for IEEE S&P

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Survivalism: Systematic Analysis of Malware Living-Off-The-Land

Self-Supervised Euphemism Detection and Identification for Content Moderation

Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs

Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority

Session Chair

PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption

SoK: All You Ever Wanted to Know About Binary Disassembly But Were Afraid to Ask

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors

Session Chair

SmartPulse: Automated Checking of Temporal Properties in Smart Contracts

Compact Certificates of Collective Knowledge

Session Chair

DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs

Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

Poltergeist: Acoustic Manipulation of Image Stabilization towards Object Mis-Labeling

Session Chair

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

Session Chair

SoK: Quantifying Cyber Risk

Post-Quantum WireGuard

Session Chair

Merkle^2: A Low-Latency Transparency Log System

Self-Supervised Euphemism Detection and Identification for Content Moderation

Invisible Probe: Timing Attacks with PCIe Congestion Side-channel

PLATYPUS: Software-based Power Side-Channel Attacks on x86

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Session Chair

DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers

Is Private Learning Possible with Instance Encoding?

Is Private Learning Possible with Instance Encoding?

Is Private Learning Possible with Instance Encoding?

Session Chair

CRYLOGGER: Detecting Crypto Misuses Dynamically

Session Chair

Defensive Technology Use by Political Activists During the Sudanese Revolution

Defensive Technology Use by Political Activists During the Sudanese Revolution

Red Belly: a Deterministic Scalable Open Permissioned Blockchain

Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma

Breaking the Specification: PDF Certfiication

DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices

Data Privacy in Trigger-Action IoT Systems

Session Chair

An Interactive Prover for Protocol Verification in the Computational Model

An I/O Separation Model for Formal Verification of Kernel Implementations

An I/O Separation Model for Formal Verification of Kernel Implementations

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

Intel Award Finalist

STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems

SoK: Computer-Aided Cryptography

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

Session Chair

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Proof-of-Learning: Definitions and Practice

SafeThings Workshop Organizer

Manipulation Attacks in Local Differential Privacy

Session Chair

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Compositional Security for Reentrant Applications

Video Chair for IEEE S&P // Intel Award Finalist

High-Frequency Trading on Decentralized On-Chain Exchanges

Intel Award Finalist

Detecting AI Trojans Using Meta Neural Analysis

Learning Differentially Private Mechanisms

Improving Password Guessing via Representation Learning

Bitcoin-Compatible Virtual Channels

Bitcoin-Compatible Virtual Channels

SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically

On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols

Intel Rep

Lockable Signatures for Blockchains: Scriptless Scripts for all Signatures

Systematic Analysis of Randomization-based Protected Cache Architectures

Session Chair

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time

SIRNN: A Math Library for Secure RNN Inference

Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

A Decentralized and Encrypted National Gun Registry

SoK: General Purpose Compilers for Secure Multi-Party Computation

Epochal Signatures for Deniable Group Chats

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

Black Widow: Blackbox Data-driven Web Scanning

Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)

WTMC Workshop Organizer

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

WTMC Workshop Organizer

MAD-HTLC: Because HTLC is Crazy-Cheap to Attack

Compositional Security for Reentrant Applications

A Decentralized and Encrypted National Gun Registry

Compositional Security for Reentrant Applications

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Organizing Committee Member for IEEE S&P

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites

Method Confusion Attack on the Bluetooth Pairing Process

Method Confusion Attack on the Bluetooth Pairing Process

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

Session Chair

SoK: Security and Privacy in the Age of Commercial Drones

Session Chair

Compositional Non-Interference for Fine-Grained Concurrent Programs

When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient

A First Look at Zoombombing

A First Look at Zoombombing

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks

Session Chair

Survivalism: Systematic Analysis of Malware Living-Off-The-Land

Session Chair

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

Session Chair

The Provable Security of Ed25519: Theory and Practice

Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures.

Session Chair

A Secure and Formally Verified Linux KVM Hypervisor

Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

Good Bot, Bad Bot: Characterizing Automated Browsing Activity

SafeThings Workshop Organizer

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

SafeThings Workshop Organizer

Happer: Unpacking Android Apps via a Hardware-Assisted Approach

Session Chair

BUFFing signature schemes beyond unforgettability and the case of post-quantum signatures

The EMV Standard: Break, Fix, Verify

Session Chair

Intel Award Finalist

General Chair of IEEE S&P

Program Chair

Session Chair

MC for the Intel Awards

Program Chair / Session Chair

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

WOOT Workshop Organizer