Skip to content

42nd IEEE Symposium & Workshops on Security and Privacy

Calendar icon to

Proudly supported by

Speakers

Andreas Hülsing

Post-Quantum WireGuard

Daniel Takabi

Treasurer for IEEE S&P

Sahar Abdelnabi

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

Andrea Possemato

Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization

Daniel W Woods

SoK: Quantifying Cyber Risk

Pardis Emami-Naeini

Which Privacy and Security Attributes Most Impact Consumers‚ At Risk Perception and Willingness to Purchase IoT Devices?

Yuan Tian

Session Chair // Shadow PC Chair for IEEE S&P

Arkady Yerukhimovich

Session Chair

Rui Li

Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings

Cynthia Sturton

Intel Award Finalist

Rui Zhang

Video Chair for IEEE S&P // Intel Award Finalist

Roger Dingledine

Ethics in Security and Privacy Research Panel

Beatriz Esteves

Can privacy terms be negotiated in Solid’s personal datastores?

François Gauthier

Synthesizing Allowlists With RASPunzel

Ashish Hooda

Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect

Muhammad Usama Sardar

Demystifying Trust Domain Attestation via Formal Verification

Cristina Cifuentes

Intelligent Application Security

Aysajan Abidin

Threshold Group Distance Bounding

Shanchieh (Jay) Yang

Near Real-time Learning and Extraction of Cyberattack Behavior Models

Craig Disselkoen

Intel Award Finalist

Thorsten Holz

Program Chair / Session Chair

Monica Iovan

Sustainable Software Security Program

Midas Nouwens

Consent Management Platforms under the GDPR: Processors or Controllers?

Daniel Turner-Szymkiewicz

Synthetic Data is the missing cog in the machine for financial crime controls

Dominique Schroeder

Session Chair

Joseph Bonneau

Ethics in Security and Privacy Research Panel

Katie Shilton

Ethics in Security and Privacy Research Panel

Christopher Fletcher

Intel Award Finalist

Sunjay Cauligi

Intel Award Finalist

Jiaqi HONG

A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces

Ningfei Wang

Invisible for both Camera and LiDAR

Nicolas Papernot

Adversary Instantiation // Proof-of-Learning: Definitions and Practice

Benjamin Diamond

Many-out-of-Many Proofs and Applications to Anonymous Zether

Yan Lin

When Function Signature Recovery Meets Compiler Optimization

Guillermo Pascual Perez

Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement

Wanzheng Zhu

Self-Supervised Euphemism Detection and Identification for Content Moderation

Lucy Simko

Defensive Technology Use by Political Activists During the Sudanese Revolution

Yunang Chen

Data Privacy in Trigger-Action IoT Systems

Miao Yu

An I/O Separation Model for Formal Verification of Kernel Implementations

Jon Stephens

SmartPulse: Automated Checking of Temporal Properties in Smart Contracts

Benjamin Bichsel

DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers

Joachim Neu

Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma

Yongheng Chen

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

Jonathan Ullman

Manipulation Attacks in Local Differential Privacy

Penghui Zhang

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

Adam Oest

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

Norbert Ludant

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

Chen Ling

A First Look at Zoombombing

Junpeng Wan

Invisible Probe: Timing Attacks with PCIe Congestion Side-channel

Carmela Troncoso

Session Chair

Brendan DolanGavitt

Session Chair

Timothy Trippel

Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time

Ethan Cecchetti

Compositional Security for Reentrant Applications

Xiaoyu Ji

Poltergeist: Acoustic Manipulation of Image Stabilization towards Object Mis-Labeling

Adam Aviv

Session Chair

Rainer Boehme

SoK: Quantifying Cyber Risk

Florian Tramer

Is Private Learning Possible with Instance Encoding?

XIUHUA WANG

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

Tai D Nguyen

SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically

Yepeng Yao

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Rahul Chatterjee (He/Him)

Session Chair

Deepak Kumar

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

Jaeseung Choi

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

Justin Hsu

Learning Differentially Private Mechanisms

Sri AravindaKrishnan Thyagarajan

Lockable Signatures for Blockchains: Scriptless Scripts for all Signatures

Mohammad Yaghini

Proof-of-Learning: Definitions and Practice

Bryan Parno

Organizing Committee Member for IEEE S&P

Platon Kotzias

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Xigao Li

Good Bot, Bad Bot: Characterizing Automated Browsing Activity

Yossi Oren

Session Chair

Chengbin Pang

SoK: All You Ever Wanted to Know About Binary Disassembly But Were Afraid to Ask

Xiaojun Xu

Detecting AI Trojans Using Meta Neural Analysis

Andreas Erwig

Bitcoin-Compatible Virtual Channels

Wei Song

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

Daniel Votipka

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Zainul Din

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

XiaoFeng Wang

Session Chair

Alaa Daffalla

Defensive Technology Use by Political Activists During the Sudanese Revolution

Charlie Jacomme

An Interactive Prover for Protocol Verification in the Computational Model

Limin Jia

Session Chair

Xueling Zhang

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Deevashwer Rathee

SIRNN: A Math Library for Secure RNN Inference

Wen-jie Lu

PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption

Umar Iqbal

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors

Nicholas Carlini

Is Private Learning Possible with Instance Encoding?

Benjamin Eriksson

Black Widow: Blackbox Data-driven Web Scanning

Wei Meng

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Evgenios Kornaropoulos

Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks

Lucy Qin

A Decentralized and Encrypted National Gun Registry

Quan Chen

Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures.

Rune Fiedler

BUFFing signature schemes beyond unforgettability and the case of post-quantum signatures

Rui Zhong

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation

Daejin Lee

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

Jason Xue

Session Chair

David Lie

Session Chair

Itay Tsabary

MAD-HTLC: Because HTLC is Crazy-Cheap to Attack

Freddie Barr-Smith

Survivalism: Systematic Analysis of Malware Living-Off-The-Land

Hao Zhou

Happer: Unpacking Android Apps via a Hardware-Assisted Approach

Saeed Mahloujifar

Is Private Learning Possible with Instance Encoding?

Nilo Redini

DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices

Andrew Myers

Compositional Security for Reentrant Applications

Brendan Saltaformaggio

Session Chair

Alina Oprea

Program Chair

Moritz Lipp

PLATYPUS: Software-based Power Side-Channel Attacks on x86

Luca Piccolboni

CRYLOGGER: Detecting Crypto Misuses Dynamically

Olya Ohrimenko

Session Chair

Lukas Aumayr

Bitcoin-Compatible Virtual Channels

Haobin Ni

Compositional Security for Reentrant Applications

Kasper Rasmussen

Session Chair

Nicolas Huaman

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites

Gianluca Stringhini

A First Look at Zoombombing

Adam Morrison

Intel Award Finalist

Jules Dream

Intel Award Finalist

Daniel Genkin

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Vincent Gramoli

Red Belly: a Deterministic Scalable Open Permissioned Blockchain

Virgil Gligor

An I/O Separation Model for Formal Verification of Kernel Implementations

Muthuramakrishnan Venkitasubramaniam

Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority

Zhuo Zhang

STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

Guangke Chen

Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems

Kevin Liao

SoK: Computer-Aided Cryptography

Gertjan Franken

Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems

Yuncong Hu

Merkle^2: A Low-Latency Transparency Log System

Marcus Peinado

Session Chair

Leonid Reyzin

Compact Certificates of Collective Knowledge

Amit Klein

Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)

Jasleen Malvai

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

Dan Frumin

Compositional Non-Interference for Fine-Grained Concurrent Programs

Florian Weber

Epochal Signatures for Deniable Group Chats

Zhihao Bai

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

Kai-Chun Ning

Post-Quantum WireGuard

Alexander Viand

SoK: General Purpose Compilers for Secure Multi-Party Computation

Chenkai Weng

Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits

Deepak Maram

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

Cheng Shen

When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient

Christina Poepper

Session Chair

Jiyong Yu

Intel Award Finalist

Thomas Bourgeat

Intel Award Finalist

Stephan van Schaik

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Antoon Purnal

Systematic Analysis of Randomization-based Protected Cache Architectures

Michelle Mazurek

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Maximilian von Tschirschnitz

Method Confusion Attack on the Bluetooth Pairing Process

Dario Pasquini

Improving Password Guessing via Representation Learning

Rahul Sharma

SIRNN: A Math Library for Secure RNN Inference

Michael Franz

Session Chair

Liyi Zhou

On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols

Jaewon Hur

DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs

Ludwig Peuckert

Method Confusion Attack on the Bluetooth Pairing Process

Ben Nassi

SoK: Security and Privacy in the Age of Commercial Drones

Yinxi Liu

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

Simon Rohlmann

Breaking the Specification: PDF Certfiication

David Cash

Session Chair

Mang Zhao

The Provable Security of Ed25519: Theory and Practice

Eduardo Blázquez

Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem

Chelsea Hubbs

Intel Rep

Cas Cremers

Session Chair

Álvaro Cárdenas

General Chair of IEEE S&P

David Heath

Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs

Shih-Wei Li

A Secure and Formally Verified Linux KVM Hypervisor

Iskander Sanchez-Rola

Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

Thomas Haines

Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting

Jorge Toro

The EMV Standard: Break, Fix, Verify

Christian Rossow

Session Chair

Rakesh Bobba

VP/Registration Chair for IEEE S&P

Emily Shen

Session Chair

Hany Ragab

CrossTalk: Speculative Data Leaks Across Cores Are Real

James Davis

Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)

Varun Madathil

On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols

Gang (Gary) Tan

Session Chair

Adria Gascon

Session Chair

Varun Chandrasekaran

Proof-of-Learning: Definitions and Practice

Sekar Kulandaivel

CANnon: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Adam Doupé

Session Chair

Boris Köpf

Hardware-Software Contracts for Secure Speculation

Deian Stefan

Session Chair

Yanfang (Fanny) Ye

Session Chair

Jian Xiang

Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages

Jianyu Niu

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Henry Corrigan-Gibbs

Lightweight Techniques for Private Heavy Hitters // Session Chair

Alyssa Milburn

CrossTalk: Speculative Data Leaks Across Cores Are Real

Thilo Krachenfels

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

Anvith Thudi

Proof-of-Learning: Definitions and Practice

Isaura Gaeta

MC for the Intel Awards

Yashvanth Kondi

Proactive Threshold Wallets with Offline Devices

Andrew Miller

Session Chair

Ananth Raghunathan

Session Chair

Yi Chen

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

Tapti Palit

DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection

Fatemeh Ganji

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model.

Xiao Wang

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

Marco Guarnieri

Hardware-Software Contracts for Secure Speculation

Ioana Boureanu

Session Chair

Alejandro Mera

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis

Tegan Brennan

Awards Chair

E K

Panelist

Hari Venugopalan

Doing good by fighting fraud: Ethical anti-fraudsystems for mobile payments

Yuval Yarom

Session Chair

Simha Sethumadhavan

CRYLOGGER: Detecting Crypto Misuses Dynamically

Erkan Tairi

A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs

Vanessa Teague

Session Chair

Arthur Gervais

Session Chair

Zhiyun Qian

Session Chair

Emon Rahman Sahaba

humanID: One-Click Anonymous Login

Christopher Choquette-Choo

Machine Unlearning

Guevara Noubir

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

Aniket Kate

Session Chair

William Robertson

Session Chair

Nick (Hengrui) Jia

Proof-of-Learning: Definitions and Practice

Antoine Delignat-Lavaud

A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer

Tarek El-Hajjaoui

humanID: One-Click Anonymous Login

Sherman S. M. Chow

Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient

Subhajit Roy

Learning Differentially Private Mechanisms

Hadi Abdullah

Hear “No Evil”, See “Kenansville” // SoK: The Faults in our ASRs

Nikolaos Vasiloglou II

Deep Learning and Security Workshop Organizer

Nathan Dautenhahn

Session Chair

Carlos Ganan

WTMC Workshop Organizer

Samaneh Tajalizadehkhoob

WTMC Workshop Organizer

Ziyang Li

Arbitrar, User-Guided API Misuse Detection

Aurélien Francillon

WOOT Workshop Organizer

James Weimer

SafeThings Workshop Organizer

Xiali (Sharon) Hei

SafeThings Workshop Organizer

Amir Rahmati

SafeThings Workshop Organizer

Seny Kamara

A Decentralized and Encrypted National Gun Registry

The event is over

Hosted by

IEEE Symposium on Security and Privacy

Share on

Booths

Intel

Do Something Wonderful

IBM

IBM Research: Inventing What’s Next.

Apple

Join us. Be you.

Google

Google Security and Privacy

ByteDance

bytedance.com

Palo Alto Networks

paloaltonetworks.com

The CERT Division Carnegie Mellon University Software Engineering Institute

Bringing CERTainty to your organization through advanced methods and technologies.

Technology Innovation Institute

Innovation for a better world

MIT Lincoln Laboratory

MIT Lincoln Laboratory - Technolgy in Support of National Security

Qualcomm

Qualcomm Product Security - We take security vulnerabilities very seriously and always seek to respond appropriately.