USENIX Security '22 Winter Accepted Papers

USENIX Security '22 has three submission deadlines. Prepublication versions of the accepted papers from the winter submission deadline are available below. The full program will be available soon.

SAPIC+: protocol verifiers of the world, unite!

Vincent Cheval, INRIA Paris; Charlie Jacomme, CISPA - Helmholtz Center for Information Security; Steve Kremer, INRIA Nancy - Grand Est; Robert Künnemann, CISPA - Helmholtz Center for Information Security

Protecting Internet Communication with a Secure Backbone

Henry Birge-Lee, Princeton University; Joel Wanner, ETH Zürich; Grace H. Cimaszewski, Princeton University; Jonghoon Kwon, ETH Zürich; Liang Wang, Princeton University; François Wirz, ETH Zürich; Prateek Mittal, Princeton University; Adrian Perrig, ETH Zürich; Yixin Sun, University of Virginia

Fuzzing Hardware Like Software

Timothy Trippel and Kang G. Shin, University of Michigan; Alex Chernyakhovsky, Garret Kelly, and Dominic Rizzo, Google, LLC; Matthew Hicks, Virginia Tech

How and Why People Use Virtual Private Networks

Agnieszka Dutkowska-Zuk, Lancaster University; Austin Hounsel, Princeton University; Amy Morrill, University of Chicago; Andre Xiong, Princeton University; Marshini Chetty and Nick Feamster, University of Chicago

COMRace:Detecting Data Race Vulnerabilities in COM Objects

Fangming Gu and Qingli Guo, Institute of Information Engineering, Chinese Academy of Sciences; Lian Li, Institute of Computing Technology, Chinese Academy of Sciences; Zhiniang Peng, Sangfor Technologies Inc; Shenzhen Institutes of Advanced Technology, Chinese Academy of Sciences; Wei Lin, Xiaobo Yang, and Xiaorui Gong, Institute of Information Engineering, Chinese Academy of Sciences

Half-Double: Hammering From the Next Row Over

Andreas Kogler and Jonas Juffinger, Graz University of Technology; Salman Qazi and Yoongu Kim, Google; Moritz Lipp, Graz University of Technology; Nicolas Boichat, Google; Eric Shiu, Rivos; Mattias Nissler, Google; Daniel Gruss, Graz University of Technology

Architecturally Leaking Data from the Microarchitecture

Pietro Borrello, Sapienza University of Rome; Andreas Kogler and Martin Schwarzl, Graz University of Technology; Moritz Lipp, AWS; Daniel Gruss, Graz University of Technology; Michael Schwarz, CISPA Helmholtz Center for Information Security

The Security Lottery: Measuring Client-Side Web Security Inconsistencies

Sebastian Roth, CISPA Helmholtz Center for Information Security; Stefano Calzavara, Università Ca' Foscari Venezia; Moritz Wilhelm, CISPA Helmholtz Center for Information Security; Alvise Rabitti, Università Ca' Foscari Venezia; Ben Stock, CISPA Helmholtz Center for Information Security

Stateful Greybox Fuzzing

Jinsheng Ba, National University of Singapore; Marcel Böhme, MPI-SP, Germany and Monash University; Zahra Mirzamomen, Monash University; Abhik Roychoudhury, National University of Singapore

XDRI Attacks - and - How to Enhance Resilience of Residential Routers

Philipp Jeitner, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE; Haya Shulman, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Goethe-Universität Frankfurt; Lucas Teichmann, Fraunhofer Institute for Secure Information Technology SIT; Michael Waidner, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Technische Universität Darmstadt

Characterizing the Security of Github CI Workflows

Igibek Koishybayev and Aleksandr Nahapetyan, North Carolina State University; Raima Zachariah, Independent Researcher; Siddharth Muralee, Purdue University; Brad Reaves and Alexandros Kapravelos, North Carolina State University; Aravind Machiry, Purdue University

QuORAM: A Quorum-Replicated Fault Tolerant ORAM Datastore

Sujaya Maiyya, University of California, Santa Barbara; Seif Ibrahim; Caitlin Scarberry; Amr El Abbadi and Divyakant Agrawal, University of California, Santa Barbara; Rachel Lin and Stefano Tessaro, University of Washington; Victor Zakhary, University of California, Santa Barbara

Gossamer: Securely Measuring Password-based Logins

Marina Sanusi, Cornell University; Mazharul Islam, University of Wisconsin-Madison; Syed Suleman Ahmad, Cloudflare; Michael Swift, University of Wisconsin-Madison; Thomas Ristenpart, Cornell Tech; Rahul Chatterjee, University of Wisconsin-Madison

Title TBA

Johannes Wikner and Kaveh Razavi, ETH Zurich

StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing

Bodong Zhao, Zheming Li, Shisong Qin, Zheyu Ma, and Ming Yuan, Institute for Network Science and Cyberspace of Tsinghua University; Wenyu Zhu, Department of Electronic Engineering of Tsinghua University; Zhihong Tian, Guangzhou University; Chao Zhang, Institute for Network Science and Cyberspace of Tsinghua University

RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix

Yeting Li and Yecheng Sun, Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences; Zhiwu Xu, Shenzhen University; Jialun Cao, Department of Computer Science and Engineering, The Hong Kong University of Science and Technology; Yuekang Li, Nanyang Technological University; Rongchen Li and Haiming Chen, State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences; Shing-Chi Cheung, Department of Computer Science and Engineering, The Hong Kong University of Science and Technology; Yang Liu, Nanyang Technological University