USENIX Security '24 | Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services | Wil Gibbs, Arvind S Raj, Jayakrishna Menon Vadayath, Hui Jun Tay, Justin Miller, Akshay Ajayan, Zion Leonahenahe Basque, Audrey Dutcher, Fangzhou Dong, Xavier Maso, Giovanni Vigna, Christopher Kruegel, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang |
USENIX Security '24 | Towards More Practical Threat Models in Artificial Intelligence Security | Kathrin Grosse, Lukas Bieringer, Tarek R. Besold, Alexandre M. Alahi |
USENIX Security '24 | Unbalanced Circuit-PSI from Oblivious Key-Value Retrieval | Meng Hao, Weiran Liu, Liqiang Peng, Hongwei Li, Cong Zhang, Hanxiao Chen, Tianwei Zhang |
USENIX Security '24 | RECORD: A RECeption-Only Region Determination Attack on LEO Satellite Users | Eric Jedermann, Martin Strohmeier, Vincent Lenders, Jens Schmitt |
USENIX Security '24 | MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning | Zian Jia, Yun Xiong, Yuhong Nan, Yao Zhang, Jinjing Zhao, Mi Wen |
USENIX Security '24 | Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting | Robin Kirchner, Jonas Möller, Marius Musch, David Klein, Konrad Rieck, Martin Johns |
USENIX Security '24 | ClearStamp: A Human-Visible and Robust Model-Ownership Proof based on Transposed Model Training | Torsten Krauß, Jasper Stang, Alexandra Dmitrienko |
USENIX Security '24 | Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication | Leona Lassak, Elleen Pan, Blase Ur, Maximilian Golla |
USENIX Security '24 | "I Don't Know If We're Doing Good. I Don't Know If We're Doing Bad": Investigating How Practitioners Scope, Motivate, and Conduct Privacy Work When Developing AI Products | Hao-Ping (Hank) Lee, Lan Gao, Stephanie Yang, Jodi Forlizzi, Sauvik Das |
USENIX Security '24 | A Friend's Eye is A Good Mirror: Synthesizing MCU Peripheral Models from Peripheral Drivers | Chongqing Lei, Zhen Ling, Yue Zhang, Yan Yang, Junzhou Luo, Xinwen Fu |
USENIX Security '24 | CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks | Ziyu Lin, Zhiwei Lin, Ximeng Liu, Jianjun Chen, Run Guo, Cheng Chen, Shaodong Xiao |
USENIX Security '24 | EaTVul: ChatGPT-based Evasion Attack Against Software Vulnerability Detection | Shigang Liu, Di Cao, Junae Kim, Tamas Abraham, Paul Montague, Seyit Camtepe, Jun Zhang, Yang Xiang |
USENIX Security '24 | False Claims against Model Ownership Resolution | Jian Liu, Rui Zhang, Sebastian Szyller, Kui Ren, N. Asokan |
USENIX Security '24 | Being Transparent is Merely the Beginning: Enforcing Purpose Limitation with Polynomial Approximation | Shuofeng Liu, Zihan Wang, Minhui Xue, Long Wang, Yuanchao Zhang, Guangdong Bai |
USENIX Security '24 | SoK: Security of Programmable Logic Controllers | Efrén López-Morales, Ulysse Planta, Carlos Rubio-Medrano, Ali Abbasi, Alvaro A. Cardenas |
USENIX Security '24 | "Belt and suspenders" or "just red tape"?: Investigating Early Artifacts and User Perceptions of IoT App Security Certification | Prianka Mandal, Amit Seal Ami, Victor Olaiya, Sayyed Hadi Razmjo, Adwait Nadkarni |
USENIX Security '24 | SHiFT: Semi-hosted Fuzz Testing for Embedded Applications | Alejandro Mera, Changming Liu, Ruimin Sun, Engin Kirda, Long Lu |
USENIX Security '24 | Key Recovery Attacks on Approximate Homomorphic Encryption with Non-Worst-Case Noise Flooding Countermeasures | Qian Guo, Denis Nabokov, Elias Suvanto, Thomas Johansson |
USENIX Security '24 | SoK: All You Need to Know About On-Device ML Model Extraction - The Gap Between Research and Practice | Tushar Nayan, Qiming Guo, Mohammed Al Duniawi, Marcus Botacin, Selcuk Uluagac, Ruimin Sun |
USENIX Security '24 | Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS | Eric Olsson, Benjamin Eriksson, Adam Doupé, Andrei Sabelfeld |
USENIX Security '24 | A NEW HOPE: Contextual Privacy Policies for Mobile Applications and An Approach Toward Automated Generation | Shidong Pan, Zhen Tao, Thong Hoang, Dawen Zhang, Tianshi Li, Zhenchang Xing, Xiwei Xu, Mark Staples, Thierry Rakotoarivelo, David Lo |
USENIX Security '24 | Is It a Trap? A Large-scale Empirical Study And Comprehensive Assessment of Online Automated Privacy Policy Generators for Mobile Apps | Shidong Pan, Dawen Zhang, Mark Staples, Zhenchang Xing, Jieshan Chen, Xiwei Xu, Thong Hoang |
USENIX Security '24 | GhostRace: Exploiting and Mitigating Speculative Race Conditions | Hany Ragab, Andrea Mambretti, Anil Kurmus, Cristiano Giuffrida |
USENIX Security '24 | "I just hated it and I want my money back": Data-driven Understanding of Mobile VPN Service Switching Preferences in The Wild | Rohit Raj, Mridul Newar, Mainack Mondal |
USENIX Security '24 | Trust Me If You Can – How Usable Is Trusted Types In Practice? | Sebastian Roth, Lea Gröber, Philipp Baus, Katharina Krombholz, Ben Stock |