42nd IEEE Symposium & Workshops on Security and Privacy

WOOT Workshop Organizer

SafeThings Workshop Organizer

SafeThings Workshop Organizer

SafeThings Workshop Organizer

A Decentralized and Encrypted National Gun Registry

WTMC Workshop Organizer

WTMC Workshop Organizer

Session Chair

Arbitrar, User-Guided API Misuse Detection

Deep Learning and Security Workshop Organizer

Treasurer for IEEE S&P

VP/Registration Chair for IEEE S&P

Hear “No Evil”, See “Kenansville” // SoK: The Faults in our ASRs

humanID: One-Click Anonymous Login

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Learning Differentially Private Mechanisms

A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer

Session Chair

Proof-of-Learning: Definitions and Practice

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

Session Chair

SIRNN: A Math Library for Secure RNN Inference

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

humanID: One-Click Anonymous Login

Session Chair

Machine Unlearning

Session Chair

Session Chair

Session Chair

Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement

Many-out-of-Many Proofs and Applications to Anonymous Zether

On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols

A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

Session Chair

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Proof-of-Learning: Definitions and Practice

Adversary Instantiation // Proof-of-Learning: Definitions and Practice

Panelist

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Proactive Threshold Wallets with Offline Devices

Which Privacy and Security Attributes Most Impact Consumers‚ At Risk Perception and Willingness to Purchase IoT Devices?

CANnon: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Invisible for both Camera and LiDAR

When Function Signature Recovery Meets Compiler Optimization

Awards Chair

Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages

Proof-of-Learning: Definitions and Practice

High-Frequency Trading on Decentralized On-Chain Exchanges

Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)

MC for the Intel Awards

Session Chair

Session Chair

Session Chair

Lightweight Techniques for Private Heavy Hitters // Session Chair

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

CRYLOGGER: Detecting Crypto Misuses Dynamically

CRYLOGGER: Detecting Crypto Misuses Dynamically

A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis

DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection

CrossTalk: Speculative Data Leaks Across Cores Are Real

CrossTalk: Speculative Data Leaks Across Cores Are Real

Hardware-Software Contracts for Secure Speculation

Hardware-Software Contracts for Secure Speculation

Session Chair

Session Chair

Session Chair

Session Chair

Session Chair

Session Chair

Session Chair

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Video Chair for IEEE S&P // Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Intel Award Finalist

Intel Rep

Program Chair

General Chair of IEEE S&P

The EMV Standard: Break, Fix, Verify

Session Chair

BUFFing signature schemes beyond unforgettability and the case of post-quantum signatures

Epochal Signatures for Deniable Group Chats

Happer: Unpacking Android Apps via a Hardware-Assisted Approach

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Good Bot, Bad Bot: Characterizing Automated Browsing Activity

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting

A Secure and Formally Verified Linux KVM Hypervisor

Session Chair

Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures.

Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems

The Provable Security of Ed25519: Theory and Practice

Session Chair

Session Chair

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Session Chair

Survivalism: Systematic Analysis of Malware Living-Off-The-Land

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Survivalism: Systematic Analysis of Malware Living-Off-The-Land

Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs

A Decentralized and Encrypted National Gun Registry

Session Chair

Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks

Breaking the Specification: PDF Certfiication

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

A First Look at Zoombombing

A First Look at Zoombombing

When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient

Compositional Non-Interference for Fine-Grained Concurrent Programs

SoK: Security and Privacy in the Age of Commercial Drones

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites

Improving Password Guessing via Representation Learning

Session Chair

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

Method Confusion Attack on the Bluetooth Pairing Process

Method Confusion Attack on the Bluetooth Pairing Process

Session Chair

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Organizing Committee Member for IEEE S&P

Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs

Compositional Security for Reentrant Applications

Compositional Security for Reentrant Applications

Compositional Security for Reentrant Applications

MAD-HTLC: Because HTLC is Crazy-Cheap to Attack

SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically

Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)

Black Widow: Blackbox Data-driven Web Scanning

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors

SoK: General Purpose Compilers for Secure Multi-Party Computation

PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

SIRNN: A Math Library for Secure RNN Inference

Session Chair

Proof-of-Learning: Definitions and Practice

Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

Session Chair

Systematic Analysis of Randomization-based Protected Cache Architectures

Lockable Signatures for Blockchains: Scriptless Scripts for all Signatures

On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols

Bitcoin-Compatible Virtual Channels

Bitcoin-Compatible Virtual Channels

Learning Differentially Private Mechanisms

Detecting AI Trojans Using Meta Neural Analysis

Manipulation Attacks in Local Differential Privacy

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Session Chair

SoK: All You Ever Wanted to Know About Binary Disassembly But Were Afraid to Ask

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

SoK: Computer-Aided Cryptography

Session Chair

Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

Session Chair

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

Compact Certificates of Collective Knowledge

Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority

SmartPulse: Automated Checking of Temporal Properties in Smart Contracts

Session Chair

An I/O Separation Model for Formal Verification of Kernel Implementations

An I/O Separation Model for Formal Verification of Kernel Implementations

An Interactive Prover for Protocol Verification in the Computational Model

Self-Supervised Euphemism Detection and Identification for Content Moderation

Session Chair

Data Privacy in Trigger-Action IoT Systems

DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices

Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma

Red Belly: a Deterministic Scalable Open Permissioned Blockchain

Defensive Technology Use by Political Activists During the Sudanese Revolution

Defensive Technology Use by Political Activists During the Sudanese Revolution

Session Chair

Is Private Learning Possible with Instance Encoding?

Is Private Learning Possible with Instance Encoding?

Is Private Learning Possible with Instance Encoding?

DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers

Session Chair

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

PLATYPUS: Software-based Power Side-Channel Attacks on x86

Invisible Probe: Timing Attacks with PCIe Congestion Side-channel

Self-Supervised Euphemism Detection and Identification for Content Moderation

Merkle^2: A Low-Latency Transparency Log System

Post-Quantum WireGuard

SoK: Quantifying Cyber Risk

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

Session Chair

Session Chair // Shadow PC Chair for IEEE S&P

Poltergeist: Acoustic Manipulation of Image Stabilization towards Object Mis-Labeling

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings

Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization

Threshold Group Distance Bounding

Synthetic Data is the missing cog in the machine for financial crime controls

Demystifying Trust Domain Attestation via Formal Verification

Consent Management Platforms under the GDPR: Processors or Controllers?

Can privacy terms be negotiated in Solid’s personal datastores?

Sustainable Software Security Program

Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect

Near Real-time Learning and Extraction of Cyberattack Behavior Models

Synthesizing Allowlists With RASPunzel

Intelligent Application Security

Ethics in Security and Privacy Research Panel

Ethics in Security and Privacy Research Panel

Ethics in Security and Privacy Research Panel

Program Chair / Session Chair

Session Chair

SoK: Quantifying Cyber Risk

Post-Quantum WireGuard

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding