| Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services | USENIX Security '24 | Wil Gibbs, Arvind S Raj, Jayakrishna Menon Vadayath, Hui Jun Tay, Justin Miller, Akshay Ajayan, Zion Leonahenahe Basque, Audrey Dutcher, Fangzhou Dong, Xavier Maso, Giovanni Vigna, Christopher Kruegel, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang |
| ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization | USENIX Security '24 | Zheng Yu, Ganxiang Yang, Xinyu Xing |
| Voodoo: Memory Tagging, Authenticated Encryption, and Error Correction through MAGIC | USENIX Security '24 | Lukas Lamster, Martin Unterguggenberger, David Schrammel, Stefan Mangard |
| Leakage-Abuse Attacks Against Structured Encryption for SQL | USENIX Security '24 | Alexander Hoover, Ruth Ng, Daren Khu, Yao'An Li, Joelle Lim, Derrick Ng, Jed Lim, Yiyang Song |
| OPTISAN: Using Multiple Spatial Error Defenses to Optimize Stack Memory Protection within a Budget | USENIX Security '24 | Rahul George, Mingming Chen, Kaiming Huang, Zhiyun Qian, Thomas La Porta, Trent Jaeger |
| π-Jack: Physical-World Adversarial Attack on Monocular Depth Estimation with Perspective Hijacking | USENIX Security '24 | Tianyue Zheng, Jingzhi Hu, Rui Tan, Yinqian Zhang, Ying He, Jun Luo |
| Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded Systems | USENIX Security '24 | Jiaxu Zhao, Yuekang Li, Yanyan Zou, Zhaohui Liang, Yang Xiao, Yeting Li, Bingwei Peng, Nanyu Zhong, Xinyi Wang, Wei Wang, Wei Huo |
| Privacy-Preserving Data Aggregation with Public Verifiability Against Internal Adversaries | USENIX Security '24 | Marco Palazzo, Florine W. Dekker, Alessandro Brighente, Mauro Conti, Zekeriya Erkin |
| SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation | USENIX Security '24 | Erin Avllazagaj, Yonghwi Kwon, Tudor Dumitraș |
| A Wolf in Sheep's Clothing: Practical Black-box Adversarial Attacks for Evading Learning-based Windows Malware Detection in the Wild | USENIX Security '24 | Xiang Ling, Zhiyu Wu, Bin Wang, Wei Deng, Jingzheng Wu, Shouling Ji, Tianyue Luo, Yanjun Wu |
| FVD-DPM: Fine-grained Vulnerability Detection via Conditional Diffusion Probabilistic Models | USENIX Security '24 | Miaomiao Shao, Yuxin Ding |
| POPSTAR: Lightweight Threshold Reporting with Reduced Leakage | USENIX Security '24 | Hanjun Li, Sela Navot, Stefano Tessaro |
| RADIUS/UDP Considered Harmful | USENIX Security '24 | Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, Adam Suhl |
| IoT Market Dynamics: An Analysis of Device Sales, Security and Privacy Signals, and their Interactions | USENIX Security '24 | Swaathi Vetrivel, Brennen Bouwmeester, Michel van Eeten, Carlos H. Gañán |
| On a Collision Course: Unveiling Wireless Attacks to the Aircraft Traffic Collision Avoidance System (TCAS) | USENIX Security '24 | Giacomo Longo, Martin Strohmeier, Enrico Russo, Alessio Merlo, Vincent Lenders |
| The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts | USENIX Security '24 | Konstantin Fischer, Ivana Trummová, Phillip Gajland, Yasemin Acar, Sascha Fahl, Angela Sasse |
| Splitting the Difference on Adversarial Training | USENIX Security '24 | Matan Levi, Aryeh Kontorovich |
| Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure | USENIX Security '24 | Yunyi Zhang, Mingming Zhang, Baojun Liu, Zhan Liu, Jia Zhang, Haixin Duan, Min Zhang, Fan Shi, Chengxi Xu |
| Lurking in the shadows: Unveiling Stealthy Backdoor Attacks against Personalized Federated Learning | USENIX Security '24 | Xiaoting Lyu, Yufei Han, Wei Wang, Jingkai Liu, Yongsheng Zhu, Guangquan Xu, Jiqiang Liu, Xiangliang Zhang |
| "You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards | USENIX Security '24 | Nicolas Huaman, Jacques Suray, Jan H. Klemmer, Marcel Fourné, Sabrina Klivan, Ivana Trummová, Yasemin Acar, Sascha Fahl |
| Breaking Espressif’s ESP32 V3: Program Counter Control with Computed Values using Fault Injection | WOOT '24 | Jeroen Delvaux, Cristofaro Mune, Mario Romero, Niek Timmers |
| Introduction to Procedural Debugging through Binary Libification | WOOT '24 | Jonathan Brossard |
| Reverse Engineering the Eufy Ecosystem: A Deep Dive into Security Vulnerabilities and Proprietary Protocols | WOOT '24 | Victor Goeman, Dairo de Ruck, Tom Cordemans, Jorn Lapon, Vincent Naessens |
| Attacking with Something That Does Not Exist: 'Proof of Non-Existence' Can Exhaust DNS Resolver CPU | WOOT '24 | Olivia Gruza, Elias Heftrig, Oliver Jacobsen, Haya Schulmann, Niklas Vogel, Michael Waidner |
| Not Quite Write: On the Effectiveness of Store-Only Bounds Checking | WOOT '24 | Adriaan Jacobs, Stijn Volckaert |
