42nd IEEE Symposium & Workshops on Security and Privacy
Proudly supported by
Speakers
Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization


Session Chair
Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings

Session Chair // Shadow PC Chair for IEEE S&P
Ethics in Security and Privacy Research Panel
Ethics in Security and Privacy Research Panel
Synthesizing Allowlists With RASPunzel

Near Real-time Learning and Extraction of Cyberattack Behavior Models
Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect
Sustainable Software Security Program
Consent Management Platforms under the GDPR: Processors or Controllers?

Post-Quantum WireGuard
Merkle^2: A Low-Latency Transparency Log System
Session Chair
CacheOut: Leaking Data on Intel CPUs via Cache Evictions
CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Is Private Learning Possible with Instance Encoding?
DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers
Is Private Learning Possible with Instance Encoding?

Is Private Learning Possible with Instance Encoding?
Defensive Technology Use by Political Activists During the Sudanese Revolution
Defensive Technology Use by Political Activists During the Sudanese Revolution
DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices
Data Privacy in Trigger-Action IoT Systems
Session Chair
An I/O Separation Model for Formal Verification of Kernel Implementations
An I/O Separation Model for Formal Verification of Kernel Implementations
Session Chair
Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority
One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation
One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation
Session Chair
STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis
Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems
SoK: Computer-Aided Cryptography
CRYLOGGER: Detecting Crypto Misuses Dynamically
SoK: All You Ever Wanted to Know About Binary Disassembly But Were Afraid to Ask
ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis
Detecting AI Trojans Using Meta Neural Analysis
Learning Differentially Private Mechanisms
Lockable Signatures for Blockchains: Scriptless Scripts for all Signatures
PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption
CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing
SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically
Compositional Security for Reentrant Applications
DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs
Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits
Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis
Session Chair
Method Confusion Attack on the Bluetooth Pairing Process
Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols
They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites

When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient
Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities
Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities
Breaking the Specification: PDF Certfiication
Session Chair
A Decentralized and Encrypted National Gun Registry
Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs
Epochal Signatures for Deniable Group Chats
The Provable Security of Ed25519: Theory and Practice

Session Chair
Survivalism: Systematic Analysis of Malware Living-Off-The-Land
Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem
Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures.
A Secure and Formally Verified Linux KVM Hypervisor
Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting
Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks
Happer: Unpacking Android Apps via a Hardware-Assisted Approach
BUFFing signature schemes beyond unforgettability and the case of post-quantum signatures

Intel Rep
Intel Award Finalist
Intel Award Finalist
Intel Award Finalist
Video Chair for IEEE S&P // Intel Award Finalist
Intel Award Finalist
Session Chair
Session Chair
Session Chair
CrossTalk: Speculative Data Leaks Across Cores Are Real
DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection
A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
CRYLOGGER: Detecting Crypto Misuses Dynamically
Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.
Lightweight Techniques for Private Heavy Hitters // Session Chair

Proof-of-Learning: Definitions and Practice
Session Chair
Session Chair
MC for the Intel Awards
Proof-of-Learning: Definitions and Practice
Awards Chair
When Function Signature Recovery Meets Compiler Optimization

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis
Panelist
Adversary Instantiation // Proof-of-Learning: Definitions and Practice
Session Chair
Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments
A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs
Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement
Session Chair
Session Chair
humanID: One-Click Anonymous Login
SIRNN: A Math Library for Secure RNN Inference
Session Chair
Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols
A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer
Learning Differentially Private Mechanisms
ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis
humanID: One-Click Anonymous Login
VP/Registration Chair for IEEE S&P

Treasurer for IEEE S&P
Deep Learning and Security Workshop Organizer

Arbitrar, User-Guided API Misuse Detection
A Decentralized and Encrypted National Gun Registry
SafeThings Workshop Organizer
SafeThings Workshop Organizer
Booths

Intel
Do Something Wonderful

IBM
IBM Research: Inventing What’s Next.

Apple
Join us. Be you.

Google Security and Privacy

ByteDance
bytedance.com

Palo Alto Networks
paloaltonetworks.com

The CERT Division Carnegie Mellon University Software Engineering Institute
Bringing CERTainty to your organization through advanced methods and technologies.

Technology Innovation Institute
Innovation for a better world
MIT Lincoln Laboratory
MIT Lincoln Laboratory - Technolgy in Support of National Security

Qualcomm
Qualcomm Product Security - We take security vulnerabilities very seriously and always seek to respond appropriately.