USENIX Security '22 has three submission deadlines. Prepublication versions of the accepted papers from the winter submission deadline are available below. The full program will be available soon.
Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses
Mojtaba Zaheri, Yossi Oren, and Reza Curtmola, New Jersey Institute of Technology
"They Look at Vulnerability and Use That to Abuse You'': Participatory Threat Modelling with Migrant Domestic Workers
Julia Slupska and Selina Cho, University of Oxford; Marissa Begonia, Voice of Domestic Workers; Ruba Abu-Salma, King’s College London; Nayanatara Prakash, University of Oxford; Mallika Balakrishnan, Migrants Organise
Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks
Huiying Li, Shawn Shan, and Emily Wenger, University of Chicago; Jiayun Zhang, Fudan University; Heather Zheng and Ben Y. Zhao, University of Chicago
Accelerating the Detection of Route Origin Hijacking by Distinguishing Legitimate and Illegitimate MOAS
Lancheng Qin, Tsinghua University; Dan Li, Tsinghua University, Zhongguancun Laboratory; Ruifeng Li, Tsinghua Shenzhen International Graduate School; Kang Wang, Tsinghua University
AutoDA: Automated Decision-based Iterative Adversarial Attacks
Qi-An Fu, Yinpeng Dong, Hang Su, and Jun Zhu, Tsinghua University; Chao Zhang, Institute for Network Science and Cyberspace of Tsinghua University
SAPIC+: protocol verifiers of the world, unite!
Vincent Cheval, INRIA Paris; Charlie Jacomme, CISPA - Helmholtz Center for Information Security; Steve Kremer, INRIA Nancy - Grand Est; Robert Künnemann, CISPA - Helmholtz Center for Information Security
Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples
Harjot Kaur, Leibniz University Hannover; Sabrina Amft, CISPA Helmholtz Center for Information Security; Daniel Votipka, Tufts University; Yasemin Acar, George Washington University; Sascha Fahl, CISPA Helmholtz Center for Information Security
Ground Truth for Binary Disassembly is Not Easy
Chengbin Pang and Tiantai Zhang, Nanjing University; Ruotong Yu, University of Utah; Bing Mao, Nanjing University; Jun Xu, University of Utah
A Hardware-Software Co-design for Efficient Intra-Enclave Isolation
Jinyu Gu, Bojun Zhu, Mingyu Li, Wentai Li, Yubin Xia, and Haibo Chen, Shanghai Jiao Tong University
Traceback of Targeted Data Poisoning Attacks in Neural Networks
Shawn Shan, Arjun Nitin Bhagoji, Haitao Zheng, and Ben Y. Zhao, University of Chicago
Why Users (Don't) Use Password Managers at a Large Educational Institution
Peter Mayer, Karlsruhe Institute of Technology; Collins W. Munyendo, The George Washington University; Michelle L. Mazurek, University of Maryland, College Park; Adam J. Aviv, The George Washington University
Protecting Internet Communication with a Secure Backbone
Henry Birge-Lee, Princeton University; Joel Wanner, ETH Zürich; Grace H. Cimaszewski, Princeton University; Jonghoon Kwon, ETH Zürich; Liang Wang, Princeton University; François Wirz, ETH Zürich; Prateek Mittal, Princeton University; Adrian Perrig, ETH Zürich; Yixin Sun, University of Virginia
FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing
Sunwoo Kim, Samsung Research; Young Min Kim, Jaewon Hur, and Suhwan Song, Seoul National University; Gwangmu Lee, EPFL; Byoungyoung Lee, Seoul National University
Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds
Zekun Shen, Ritik Roongta, and Brendan Dolan-Gavitt, NYU
Tightly Seal Your Sensitive Pointers with PACTight
Mohannad Ismail, Virginia Tech; Andrew Quach, Oregon State University; Christopher Jelesnianski, Virginia Tech; Yeongjin Jang, Oregon State University; Changwoo Min, Virginia Tech
Practical Privacy-Preserving Authentication for SSH
Lawrence Roy, Stan Lyakhov, Yeongjin Jang, and Mike Rosulek, Oregon State University
Estimating Incidental Collection in Foreign Intelligence Surveillance: Large-Scale Multiparty Private Set Intersection with Union and Sum
Anunay Kulshrestha and Jonathan Mayer, Princeton University
IHOP: Improved Statistical Query Recovery against Searchable Symmetric Encryption through Quadratic Optimization
Simon Oya and Florian Kerschbaum, University of Waterloo
Twilight: A Differentially Private Payment Channel Network
Maya Dotan, Saar Tochner, Aviv Zohar, and Yossi Gilad, Hebrew University of Jerusalem
One-off Disclosure Control by Heterogeneous Generalization
Olga Gkountouna, George Mason University; Katerina Doka, National Technical University of Athens; Mingqiang Xue and Jianneng Cao, Institute for Infocomm Research, Singapore; Panagiotis Karras, Aarhus University
Fuzzing Hardware Like Software
Timothy Trippel and Kang G. Shin, University of Michigan; Alex Chernyakhovsky, Garret Kelly, and Dominic Rizzo, Google, LLC; Matthew Hicks, Virginia Tech
Teacher Model Fingerprinting Attacks Against Transfer Learning
Yufei Chen, Xi'an Jiaotong University & City University of Hong Kong; Chao Shen, Xi'an Jiaotong University; Cong Wang, City University of Hong Kong; Yang Zhang, CISPA Helmholtz Center for Information Security
Birds of a Feather Flock Together: How Set Bias Helps to Deanonymize You via Revealed Intersection Sizes
Xiaojie Guo, Ye Han, Zheli Liu, Ding Wang, and Yan Jia, Nankai University; Jin Li, Guangzhou University
Off-Path Network Traffic Manipulation via Revitalized ICMP Redirect Attacks
Xuewei Feng and Qi Li, Tsinghua University; Kun Sun, George Mason University; Zhiyun Qian, UC Riverside; Gang Zhao, Tsinghua University; Xiaohui Kuang, Beijing University of Posts and Telecommunications; Chuanpu Fu and Ke Xu, Tsinghua University
Smart Home Privacy Policies Demystified: A Study of Availability, Content, and Coverage
Sunil Manandhar and Kaushal Kafle, William & Mary; Benjamin Andow, Google; Kapil Singh, IBM T.J. Watson Research Center; Adwait Nadkarni, William & Mary
How and Why People Use Virtual Private Networks
Agnieszka Dutkowska-Zuk, Lancaster University; Austin Hounsel, Princeton University; Amy Morrill, University of Chicago; Andre Xiong, Princeton University; Marshini Chetty and Nick Feamster, University of Chicago
Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation
Xudong Pan, Mi Zhang, Beina Sheng, Jiaming Zhu, and Min Yang, Fudan University
BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing
Matheus E. Garbelini, Vaibhav Bedi, and Sudipta Chattopadhyay, Singapore University of Technology and Design; Sun Sumei and Ernest Kurniawan, A*Star
Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots
Brian Kondracki, Johnny So, and Nick Nikiforakis, Stony Brook University
COMRace:Detecting Data Race Vulnerabilities in COM Objects
Fangming Gu and Qingli Guo, Institute of Information Engineering, Chinese Academy of Sciences; Lian Li, Institute of Computing Technology, Chinese Academy of Sciences; Zhiniang Peng, Sangfor Technologies Inc; Shenzhen Institutes of Advanced Technology, Chinese Academy of Sciences; Wei Lin, Xiaobo Yang, and Xiaorui Gong, Institute of Information Engineering, Chinese Academy of Sciences
Measurement by Proxy: On the Accuracy of Online Marketplace Measurements
Alejandro Cuevas, Carnegie Mellon University; Fieke Miedema, Delft University of Technology; Nicolas Christin, Carnegie Mellon University and Hikari Labs, Inc.; Kyle Soska, University of Illinois Urbana Champaign and Hikari Labs, Inc.; Rolf van Wegberg, Delft University of Technology
Half-Double: Hammering From the Next Row Over
Andreas Kogler and Jonas Juffinger, Graz University of Technology; Salman Qazi and Yoongu Kim, Google; Moritz Lipp, Graz University of Technology; Nicolas Boichat, Google; Eric Shiu, Rivos; Mattias Nissler, Google; Daniel Gruss, Graz University of Technology
Architecturally Leaking Data from the Microarchitecture
Pietro Borrello, Sapienza University of Rome; Andreas Kogler and Martin Schwarzl, Graz University of Technology; Moritz Lipp, AWS; Daniel Gruss, Graz University of Technology; Michael Schwarz, CISPA Helmholtz Center for Information Security
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Yingchen Wang, University of Texas at Austin; Riccardo Paccagnella and Elizabeth Tang He, University of Illinois Urbana-Champaign; Hovav Shacham, University of Texas at Austin; Christopher Fletcher, University of Illinois Urbana-Champaign; David Kohlbrenner, University of Washington
Piranha: A GPU Platform for Secure Computation
Jean-Luc Watson, Sameer Wagh, and Raluca Popa, UC Berkeley
SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis
Ju Chen, UC Riverside; Wookhyun Han, KAIST; Mingjun Yin and Haochen Zeng, UC Riverside; Yuxuan Chen, Purdue University; Chengyu Song, UC Riverside; Byoungyoung Lee, Seoul National University; Heng Yin, UC Riverside; Insik Shin, KAIST
Binoculars: Contention-Based Side-Channel Attacks Exploiting the Page Walker
Zirui Neil Zhao, University of Illinois Urbana-Champaign; Adam Morrison, Tel Aviv University; Christopher Fletcher and Josep Torrellas, University of Illinois Urbana-Champaign
CellIFT: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in Hardware Designs
Flavien Solt, ETH Zurich; Ben Gras, Intel Corporation; Kaveh Razavi, ETH Zurich
MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components
Seunghoon Woo, Hyunji Hong, Eunjin Choi, and Heejo Lee, Korea University
The Security Lottery: Measuring Client-Side Web Security Inconsistencies
Sebastian Roth, CISPA Helmholtz Center for Information Security; Stefano Calzavara, Università Ca' Foscari Venezia; Moritz Wilhelm, CISPA Helmholtz Center for Information Security; Alvise Rabitti, Università Ca' Foscari Venezia; Ben Stock, CISPA Helmholtz Center for Information Security
Stateful Greybox Fuzzing
Jinsheng Ba, National University of Singapore; Marcel Böhme, MPI-SP, Germany and Monash University; Zahra Mirzamomen, Monash University; Abhik Roychoudhury, National University of Singapore
XDRI Attacks - and - How to Enhance Resilience of Residential Routers
Philipp Jeitner, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE; Haya Shulman, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Goethe-Universität Frankfurt; Lucas Teichmann, Fraunhofer Institute for Secure Information Technology SIT; Michael Waidner, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Technische Universität Darmstadt
An Experimental Study of GPS Spoofing and Takeover Attacks on UAVs
Harshad Sathaye, Northeastern University; Martin Strohmeier and Vincent Lenders, armasuisse; Aanjhan Ranganathan, Northeastern University
AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities
Johannes Krupp, CISPA Helmholtz Center for Information Security; Ilya Grishchenko, University of California, Santa Barbara; Christian Rossow, CISPA Helmholtz Center for Information Security
SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing
Tobias Cloosters, University of Duisburg-Essen; Johannes Willbold, Ruhr University Bochum; Thorsten Holz, CISPA Helmholtz Center for Information Security; Lucas Davi, University of Duisburg-Essen
Loki: Hardening Code Obfuscation Against Automated Attacks
Moritz Schloegel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, and Julius Basler, Ruhr-Universität Bochum; Thorsten Holz, CISPA Helmholtz Center for Information Security; Ali Abbasi, Ruhr-Universität Bochum
PoisonedEncoder: Poisoning the Unlabeled Pre-training Data in Contrastive Learning
Hongbin Liu, Jinyuan Jia, and Neil Gong, Duke University
Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web
Avinash Sudhodanan, Independent Researcher; Andrew Paverd, Microsoft Security Response Center
Faster Yet Safer: Logging System Via Fixed-Key Blockcipher
Viet Tung Hoang, Cong Wu, and Xin Yuan, Department of Computer Science, Florida State University
Investigating State-of-the-Art Practices for Fostering Subjective Trust in Online Voting through Interviews
Karola Marky, University of Glasgow; Paul Gerber, Work and Engineering Psychology, TU Darmstadt; Sebastian Günther, TU Darmstadt; Mohamed Khamis, University of Glasgow; Maximilian Fries and Max Mühlhäuser, TU Darmstadt
Experimental Security Analysis of the App Model in Business Collaboration Platforms
Yunang Chen, Yue Gao, Nick Ceccio, Rahul Chatterjee, Kassem Fawaz, and Earlence Fernandes, University of Wisconsin-Madison
Watching the watchers: bias and vulnerability in remote proctoring software
Ben Burgess, Princeton University; Shaanan Cohney, University of Melbourne; Edward Felten, Princeton University; Avi Ginsberg, Georgetown Law
Pool Inference Attacks on Local Differential Privacy: Quantifying the Privacy Guarantees of Apple's Count Mean Sketch in Practice
Andrea Gadotti, Imperial College London; Florimond Houssiau, Alan Turing Institute; Meenatchi Sundaram Muthu Selva Annamalai and Yves-Alexandre de Montjoye, Imperial College London
Characterizing the Security of Github CI Workflows
Igibek Koishybayev and Aleksandr Nahapetyan, North Carolina State University; Raima Zachariah, Independent Researcher; Siddharth Muralee, Purdue University; Brad Reaves and Alexandros Kapravelos, North Carolina State University; Aravind Machiry, Purdue University
FRAMESHIFTER: Manipulating HTTP/2 Frame Sequences with Fuzzing
Bahruz Jabiyev, Steven Sprecher, Anthony Gavazzi, and Tommaso Innocenti, Northeastern University; Kaan Onarlioglu, Akamai Technologies; Engin Kirda, Northeastern University
Batched Differentially Private Information Retrieval
Kinan Dak Albab, Brown University; Rawane Issa and Mayank Varia, Boston University; Kalman Graffi, Honda Research Institute
The Antrim County 2020 Election Incident: An Independent Forensic Investigation
J. Alex Halderman, University of Michigan
How Are Your Zombie Accounts? Understanding Users’ Practices and Expectations on Mobile App Account Deletion
Yijing Liu, Yan Jia, Qingyin Tan, and Zheli Liu, Nankai University; Luyi Xing, Indiana University Bloomington
QuORAM: A Quorum-Replicated Fault Tolerant ORAM Datastore
Sujaya Maiyya, University of California, Santa Barbara; Seif Ibrahim; Caitlin Scarberry; Amr El Abbadi and Divyakant Agrawal, University of California, Santa Barbara; Rachel Lin and Stefano Tessaro, University of Washington; Victor Zakhary, University of California, Santa Barbara
Gossamer: Securely Measuring Password-based Logins
Marina Sanusi, Cornell University; Mazharul Islam, University of Wisconsin-Madison; Syed Suleman Ahmad, Cloudflare; Michael Swift, University of Wisconsin-Madison; Thomas Ristenpart, Cornell Tech; Rahul Chatterjee, University of Wisconsin-Madison
DnD: A Cross-Architecture Deep Neural Network Decompiler
Ruoyu Wu, Purdue University; Taegyu Kim, The Pennsylvania State University; Dave (Jing) Tian, Antonio Bianchi, and Dongyan Xu, Purdue University
FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing
Zenong Zhang and Zach Patterson, The University of Texas at Dallas; Michael Hicks, University of Maryland; Shiyi Wei, The University of Texas at Dallas
Hecate: Abuse Reporting in Secure Messengers with Sealed Sender
Rawane Issa, Nicolas Alhaddad, and Mayank Varia, Boston University
Composable Cachelets: Protecting Enclaves from Cache Side-Channel Attacks
Daniel Townley, Binghamton University/Peraton Labs; Kerem Arıkan, Yu David Liu, and Dmitry Ponomarev, Binghamton University; Oğuz Ergin, TOBB ETU
FlowMatrix: GPU-Assisted Information-Flow Analysis through Matrix-Based Representation
Kaihang Ji, Jun Zeng, Yuancheng Jiang, and Zhenkai Liang, National University of Singapore; Zheng Leong Chua, Independent Researcher; Prateek Saxena and Abhik Roychoudhury, National University of Singapore
End-to-Same-End Encryption: Modularly Augmenting an App with an Efficient, Portable and Blind Cloud Storage
Long Chen, Instituite of Software Chinese Academy of Sciences; Ya-Nan Li and Qiang Tang, The University of Sydney; Moti Yung, Google/ Columbia
Detecting Logical Bugs of DBMS with Coverage-based Guidance
Yu Liang, Pennsylvania State University; Song Liu, Qi An Xin Group Corp.; Hong Hu, Pennsylvania State University
SWAPP: A New Programmable Playground for Web Application Security
Phakpoom Chinprutthiwong, Jianwei Huang, and Guofei Gu, Texas A&M University
Don't Mesh Around: Side-Channel Attacks and Mitigations on Mesh Interconnects
Miles Dai, MIT; Riccardo Paccagnella, University of Illinois at Urbana-Champaign; Miguel Gomez-Garcia, MIT; John McCalpin, UT Austin; Mengjia Yan, MIT
TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries
Marcel Maehren and Philipp Nieting, Ruhr University Bochum; Sven Hebrok, Paderborn University; Robert Merget, Ruhr University Bochum; Juraj Somorovsky, Paderborn University; Jörg Schwenk, Ruhr University Bochum
Decomperson: How Humans Decompile and What We Can Learn From It
Kevin Burk, Fabio Pagani, Christopher Kruegel, and Giovanni Vigna, UC Santa Barbara
How to Peel a Million: Validating and Expanding Bitcoin Clusters
George Kappos and Haaroon Yousaf, University College London; Rainer Stütz and Sofia Rollet, AIT Austrian Institute of Technology; Bernhard Haslhofer, Complexity Science Hub Vienna; Sarah Meiklejohn, University College London
Open to a fault: Passive compromise of TLS keys via transient errors
George Arnold Sullivan, University of California, San Diego; Jackson Sippe and Eric Wustrow, University of Colorado Boulder; Nadia Heninger, University of California, San Diego
Title TBA
Johannes Wikner and Kaveh Razavi, ETH Zurich
QCSD: A QUIC Client-Side Website-Fingerprinting Defence Framework
Jean-Pierre Smith and Luca Dolfi, ETH Zurich; Prateek Mittal, Princeton University; Adrian Perrig, ETH Zurich
Dynamic Searchable Encryption with Optimal Search in the Presence of Deletions
Javad Ghareh Chamani and Dimitrios Papadopoulos, Hong Kong University of Science and Technology; Mohammadamin Karbasforushan and Ioannis Demertzis, UC Santa Cruz
GET /out: Automated Discovery of Application-Layer Censorship Evasion
Michael Harrity, Kevin Bock, Frederick Sell, and Dave Levin, University of Maryland
StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing
Bodong Zhao, Zheming Li, Shisong Qin, Zheyu Ma, and Ming Yuan, Institute for Network Science and Cyberspace of Tsinghua University; Wenyu Zhu, Department of Electronic Engineering of Tsinghua University; Zhihong Tian, Guangzhou University; Chao Zhang, Institute for Network Science and Cyberspace of Tsinghua University
GPU-accelerated PIR with Client-Independent Preprocessing for Large-Scale Applications
Daniel Günther and Maurice Heymann, Technical University of Darmstadt; Benny Pinkas, Bar Ilan University; Thomas Schneider, Technical University of Darmstadt
RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix
Yeting Li and Yecheng Sun, Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences; Zhiwu Xu, Shenzhen University; Jialun Cao, Department of Computer Science and Engineering, The Hong Kong University of Science and Technology; Yuekang Li, Nanyang Technological University; Rongchen Li and Haiming Chen, State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences; Shing-Chi Cheung, Department of Computer Science and Engineering, The Hong Kong University of Science and Technology; Yang Liu, Nanyang Technological University