| Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities | USENIX Security '24 | Emre Güler, Sergej Schumilo, Moritz Schloegel, Nils Bars, Philipp Görz, Xinyi Xu, Cemal Kaygusuz, Thorsten Holz |
| FraudWhistler: A Resilient, Robust and Plug-and-play Adversarial Example Detection Method for Speaker Recognition | USENIX Security '24 | Kun Wang, Xiangyu Xu, Li Lu, Zhongjie Ba, Feng Lin, Kui Ren |
| Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps | USENIX Security '24 | Karel Dhondt, Victor Le Pochat, Yana Dimova, Wouter Joosen, Stijn Volckaert |
| Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting | USENIX Security '24 | Robin Kirchner, Jonas Möller, Marius Musch, David Klein, Konrad Rieck, Martin Johns |
| ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing | USENIX Security '24 | Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li |
| Ahoy SAILR! There is No Need to DREAM of C: A Compiler-Aware Structuring Algorithm for Binary Decompilation | USENIX Security '24 | Zion Leonahenahe Basque, Ati Priya Bajaj, Wil Gibbs, Jude O'Kain, Derron Miao, Tiffany Bao, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang |
| Racing on the Negative Force: Efficient Vulnerability Root-Cause Analysis through Reinforcement Learning on Counterexamples | USENIX Security '24 | Dandan Xu, Di Tang, Yi Chen, XiaoFeng Wang, Kai Chen, Haixu Tang, Longxing Li |
| WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web | USENIX Security '24 | Joey Allen, Zheng Yang, Feng Xiao, Matthew Landen, Roberto Perdisci, Wenke Lee |
| Unleashing the Power of Type-Based Call Graph Construction by Using Regional Pointer Information | USENIX Security '24 | Yuandao Cai, Yibo Jin, Charles Zhang |
| The Effect of Design Patterns on (Present and Future) Cookie Consent Decisions | USENIX Security '24 | Nataliia Bielova, Laura Litvine, Anysia Nguyen, Mariam Chammat, Vincent Toubiana, Estelle Hary |
| RECORD: A RECeption-Only Region Determination Attack on LEO Satellite Users | USENIX Security '24 | Eric Jedermann, Martin Strohmeier, Vincent Lenders, Jens Schmitt |
| A Taxonomy of C Decompiler Fidelity Issues | USENIX Security '24 | Luke Dramko, Jeremy Lacomis, Edward J. Schwartz, Bogdan Vasilescu, Claire Le Goues |
| CAMP: Compiler and Allocator-based Heap Memory Protection | USENIX Security '24 | Zhenpeng Lin, Zheng Yu, Ziyi Guo, Simone Campanoni, Peter Dinda, Xinyu Xing |
| "Belt and suspenders" or "just red tape"?: Investigating Early Artifacts and User Perceptions of IoT App Security Certification | USENIX Security '24 | Prianka Mandal, Amit Seal Ami, Victor Olaiya, Sayyed Hadi Razmjo, Adwait Nadkarni |
| Go Go Gadget Hammer: Flipping Nested Pointers for Arbitrary Data Leakage | USENIX Security '24 | Youssef Tobah, Andrew Kwong, Ingab Kang, Daniel Genkin, Kang G. Shin |
| FFXE: Dynamic Control Flow Graph Recovery for Embedded Firmware Binaries | USENIX Security '24 | Ryan Tsang, Asmita, Doreen Joseph, Soheil Salehi, Prasant Mohapatra, Houman Homayoun |
| Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities | USENIX Security '24 | Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, Ning Zhang |
| Opportunistic Data Flow Integrity for Real-time Cyber-physical Systems Using Worst Case Execution Time Reservation | USENIX Security '24 | Yujie Wang, Ao Li, Jinwen Wang, Sanjoy Baruah, Ning Zhang |
| MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning | USENIX Security '24 | Zian Jia, Yun Xiong, Yuhong Nan, Yao Zhang, Jinjing Zhao, Mi Wen |
| Security and Privacy Analysis of Samsung's Crowd-Sourced Bluetooth Location Tracking System | USENIX Security '24 | Tingfeng Yu, James Henderson, Alwen Tiu, Thomas Haines |
| SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes | USENIX Security '24 | Sophia Yoo, Xiaoqi Chen, Jennifer Rexford |
| When the User Is Inside the User Interface: An Empirical Study of UI Security Properties in Augmented Reality | USENIX Security '24 | Kaiming Cheng, Arkaprabha Bhattacharya, Michelle Lin, Jaewook Lee, Aroosh Kumar, Jeffery F. Tian, Tadayoshi Kohno, Franziska Roesner |
| ACAI: Protecting Accelerator Execution with Arm Confidential Computing Architecture | USENIX Security '24 | Supraja Sridhara, Andrin Bertschi, Benedict Schlüter, Mark Kuhne, Fabio Aliberti, Shweta Shinde |
| How WEIRD is Usable Privacy and Security Research? | USENIX Security '24 | Ayako A. Hasegawa, Daisuke Inoue, Mitsuaki Akiyama |
| "I Don't Know If We're Doing Good. I Don't Know If We're Doing Bad": Investigating How Practitioners Scope, Motivate, and Conduct Privacy Work When Developing AI Products | USENIX Security '24 | Hao-Ping (Hank) Lee, Lan Gao, Stephanie Yang, Jodi Forlizzi, Sauvik Das |
