| Engineering Ethics into the NIST Privacy Framework | PEPR '20 | R. Jason Cronk |
| Taking Responsibility for Someone Else's Code: Studying the Privacy Behaviors of Mobile Apps at Scale | PEPR '20 | Serge Egelman |
| When Engineers and Lawyers Talk: Right-Sizing Your Data Protection Risk Profile | PEPR '20 | Rafae Bhatti |
| AURORA: Statistical Crash Analysis for Automated Root Cause Explanation | USENIX Security '20 | Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, Thorsten Holz |
| Shim Shimmeny: Evaluating the Security and Privacy Contributions of Link Shimming in the Modern Web | USENIX Security '20 | Frank Li |
| Everything Old is New Again: Binary Security of WebAssembly | USENIX Security '20 | Daniel Lehmann, Johannes Kinder, Michael Pradel |
| SmartVerif: Push the Limit of Automation Capability of Verifying Security Protocols by Dynamic Strategies | USENIX Security '20 | Yan Xiong, Cheng Su, Wenchao Huang, Fuyou Miao, Wansen Wang, Hengyi Ouyang |
| BigMAC: Fine-Grained Policy Analysis of Android Firmware | USENIX Security '20 | Grant Hernandez, Dave (Jing) Tian, Anurag Swarnim Yadav, Byron J. Williams, Kevin R.B. Butler |
| PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists | USENIX Security '20 | Adam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, Adam Doupé |
| See No Evil: Phishing for Permissions with False Transparency | USENIX Security '20 | Güliz Seray Tuncay, Jingyu Qian, Carl A. Gunter |
| A different cup of TI? The added value of commercial threat intelligence | USENIX Security '20 | Xander Bouwman, Harm Griffioen, Jelle Egbers, Christian Doerr, Bram Klievink, Michel van Eeten |
| HybCache: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments | USENIX Security '20 | Ghada Dessouky, Tommaso Frassetto, Ahmad-Reza Sadeghi |
| TPM-FAIL: TPM meets Timing and Lattice Attacks | USENIX Security '20 | Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, Nadia Heninger |
| CopyCat: Controlled Instruction-Level Attacks on Enclaves | USENIX Security '20 | Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, Berk Sunar |
| Civet: An Efficient Java Partitioning Framework for Hardware Enclaves | USENIX Security '20 | Chia-Che Tsai, Jeongseok Son, Bhushan Jain, John McAvey, Raluca Ada Popa, Donald E. Porter |
| An Off-Chip Attack on Hardware Enclaves via the Memory Bus | USENIX Security '20 | Dayeol Lee, Dongha Jung, Ian T. Fang, Chia-Che Tsai, Raluca Ada Popa |
| BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof | USENIX Security '20 | Shweta Shinde, Shengyi Wang, Pinghai Yuan, Aquinas Hobor, Abhik Roychoudhury, Prateek Saxena |
| EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet | USENIX Security '20 | Markus Legner, Tobias Klenze, Marc Wyss, Christoph Sprenger, Adrian Perrig |
| ShadowMove: A Stealthy Lateral Movement Strategy | USENIX Security '20 | Amirreza Niakanlahiji, Jinpeng Wei, Md Rabbi Alam, Qingyang Wang, Bei-Tseng Chu |
| Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices | USENIX Security '20 | Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, Zhiyun Qian |
| Programmable In-Network Security for Context-aware BYOD Policies | USENIX Security '20 | Qiao Kang, Lei Xue, Adam Morrison, Yuxin Tang, Ang Chen, Xiapu Luo |
| Cached and Confused: Web Cache Deception in the Wild | USENIX Security '20 | Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, William Robertson |
| Zero-delay Lightweight Defenses against Website Fingerprinting | USENIX Security '20 | Jiajun Gong, Tao Wang |
| Horizontal Privilege Escalation in Trusted Applications | USENIX Security '20 | Darius Suciu, Stephen McLaughlin, Laurent Simon, Radu Sion |
| TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves | USENIX Security '20 | Tobias Cloosters, Michael Rodler, Lucas Davi |
