42nd IEEE Symposium & Workshops on Security and Privacy
Proudly supported by
Speakers

Treasurer for IEEE S&P

Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization

Session Chair // Shadow PC Chair for IEEE S&P

Session Chair
Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings
Intel Award Finalist
Video Chair for IEEE S&P // Intel Award Finalist
Synthesizing Allowlists With RASPunzel
Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect

Near Real-time Learning and Extraction of Cyberattack Behavior Models
Sustainable Software Security Program
Consent Management Platforms under the GDPR: Processors or Controllers?

Ethics in Security and Privacy Research Panel
Ethics in Security and Privacy Research Panel
A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
Adversary Instantiation // Proof-of-Learning: Definitions and Practice
When Function Signature Recovery Meets Compiler Optimization
Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement
Defensive Technology Use by Political Activists During the Sudanese Revolution
Data Privacy in Trigger-Action IoT Systems
An I/O Separation Model for Formal Verification of Kernel Implementations
DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers
One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation
CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing
Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols
Session Chair

Is Private Learning Possible with Instance Encoding?
SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically
Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis
Learning Differentially Private Mechanisms
Lockable Signatures for Blockchains: Scriptless Scripts for all Signatures
Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem
SoK: All You Ever Wanted to Know About Binary Disassembly But Were Afraid to Ask
Detecting AI Trojans Using Meta Neural Analysis
Session Chair
Defensive Technology Use by Political Activists During the Sudanese Revolution
Session Chair
ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis
PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption

Is Private Learning Possible with Instance Encoding?
Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities
A Decentralized and Encrypted National Gun Registry
Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures.
BUFFing signature schemes beyond unforgettability and the case of post-quantum signatures
One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation
NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis
Survivalism: Systematic Analysis of Malware Living-Off-The-Land
Happer: Unpacking Android Apps via a Hardware-Assisted Approach
Is Private Learning Possible with Instance Encoding?
DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices

Session Chair
CRYLOGGER: Detecting Crypto Misuses Dynamically
Compositional Security for Reentrant Applications
Session Chair
They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites
Intel Award Finalist
CacheOut: Leaking Data on Intel CPUs via Cache Evictions
An I/O Separation Model for Formal Verification of Kernel Implementations
Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority
STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems
SoK: Computer-Aided Cryptography
Merkle^2: A Low-Latency Transparency Log System
Session Chair
Epochal Signatures for Deniable Group Chats
Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks
Post-Quantum WireGuard
Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits

When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient
Intel Award Finalist
Intel Award Finalist
CacheOut: Leaking Data on Intel CPUs via Cache Evictions
SIRNN: A Math Library for Secure RNN Inference
DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs
Method Confusion Attack on the Bluetooth Pairing Process
Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities
Breaking the Specification: PDF Certfiication
Session Chair
The Provable Security of Ed25519: Theory and Practice

Intel Rep
Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs
A Secure and Formally Verified Linux KVM Hypervisor
Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting
VP/Registration Chair for IEEE S&P
Session Chair
Session Chair
Proof-of-Learning: Definitions and Practice

Session Chair
Session Chair
ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis
Lightweight Techniques for Private Heavy Hitters // Session Chair
CrossTalk: Speculative Data Leaks Across Cores Are Real

Proof-of-Learning: Definitions and Practice
MC for the Intel Awards
Session Chair
Session Chair
DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection
Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.
ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis
Awards Chair
Panelist
Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments
Session Chair
CRYLOGGER: Detecting Crypto Misuses Dynamically
A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs
Session Chair
humanID: One-Click Anonymous Login
Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols
Session Chair
A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer
humanID: One-Click Anonymous Login
Learning Differentially Private Mechanisms
Deep Learning and Security Workshop Organizer

Arbitrar, User-Guided API Misuse Detection
SafeThings Workshop Organizer
SafeThings Workshop Organizer
A Decentralized and Encrypted National Gun Registry
Booths

Intel
Do Something Wonderful

IBM
IBM Research: Inventing What’s Next.

Apple
Join us. Be you.

Google Security and Privacy

ByteDance
bytedance.com

Palo Alto Networks
paloaltonetworks.com

The CERT Division Carnegie Mellon University Software Engineering Institute
Bringing CERTainty to your organization through advanced methods and technologies.

Technology Innovation Institute
Innovation for a better world
MIT Lincoln Laboratory
MIT Lincoln Laboratory - Technolgy in Support of National Security

Qualcomm
Qualcomm Product Security - We take security vulnerabilities very seriously and always seek to respond appropriately.