This repo is inpired by the Awesome Best Papers. However, the Awesome Best Papers does not include the computer security fields. So, I collect the best papers from top 4 computer security conferences, including IEEE S&P, ACM CCS, USENIX Security, and NDSS.
All the data are collected manully. If you find any errors, please feel free to contribute to this repo. Also, you are welcome to add papers from other computer security conferences.
- Add link to each paper.
- Add other awards, such as best student paper award, best practical award.
- Add best papers from other computer security conferences.
| Year | Paper |
|---|---|
| 2024 | BENZENE: A Practical Root Cause Analysis System with an Under-Constrained State Mutation Younggi Park (Korea University), Hwiwon Lee (Korea University), Jinho Jung (Ministry of National Defense), Hyungjoon Koo (Sungkyunkwan University), Huy Kang Kim (Korea University) Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Julia Wunder (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Andreas Kurtz (Heilbronn University of Applied Sciences), Christian Eichenmüller (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Freya Gassmann (Rheinland-Pfälzische Technische Universität Kaiserslautern-Landau (RPTU)), Zinaida Benenson (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)) "False negative - that one is going to kill you." - Understanding Industry Perspectives of Static Analysis based Security Testing Amit Seal Ami (William & Mary), Kevin Moran (University of Central Florida), Denys Poshyvanyk (William & Mary), Adwait Nadkarni (William & Mary) The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web Soheil Khodayari (CISPA Helmholtz Center for Information Security), Thomas Barber (SAP Security Research), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security) SoK: Prudent Evaluation Practices for Fuzzing Moritz Schloegel (CISPA Helmholtz Center for Information Security), Nils Bars (CISPA Helmholtz Center for Information Security), Nico Schiller (CISPA Helmholtz Center for Information Security), Lukas Bernhard (CISPA Helmholtz Center for Information Security), Tobias Scharnowski (CISPA Helmholtz Center for Information Security), Addison Crump (CISPA Helmholtz Center for Information Security), Arash Ale Ebrahim (CISPA Helmholtz Center for Information Security), Nicolai Bissantz (Ruhr University Bochum), Marius Muench (University of Birmingham), Thorsten Holz (CISPA Helmholtz Center for Information Security) SoK: Unintended Interactions among Machine Learning Defenses and Risks Vasisht Duddu (University of Waterloo), Sebastian Szyller (Intel Labs), N. Asokan (University of Waterloo, Aalto University) From Virtual Touch to Tesla Command: Unlocking Unauthenticated Control Chains From Smart Glasses for Vehicle Takeover Xingli Zhang (University of Louisiana at Lafayette), Yazhou Tu (University of Louisiana at Lafayette), Yan Long (University of Michigan), Liqun Shan (University of Louisiana at Lafayette), Mohamed A Elsaadani (University of Louisiana at Lafayette), Kevin Fu (Northeastern University), Zhiqiang Lin (Ohio State University), Xiali Hei (University of Louisiana at Lafayette) From Chatbots to Phishbots?: Phishing Scam Generation in Commercial Large Language Models Sayak Saha Roy (University of Texas at Arlington), Poojitha Thota (University of Texas at Arlington), Krishna Vamsi Naragam (University of Texas at Arlington), Shirin Nilizadeh (University of Texas at Arlington) WESEE: Using Malicious #VC Interrupts to Break AMD SEV-SNP Benedict Schlüter (ETH Zurich), Supraja Sridhara (ETH Zurich), Andrin Bertschi (ETH Zurich), Shweta Shinde (ETH Zurich) |
| 2023 | MEGA: Malleable Encryption Goes Awry Matilda Backendal (ETH Zurich), Miro Haller (ETH Zurich), Kenneth Paterson (ETH Zurich) Practically-exploitable Cryptographic Vulnerabilities in Matrix Martin R. Albrecht (Royal Holloway, University of London), Sofía Celi (Brave Software), Benjamin Dowling (University of Sheffield), Daniel Jones (Royal Holloway, University of London) Weak Fiat-Shamir Attacks on Modern Proof Systems Quang Dao (Carnegie Mellon University), Jim Miller (Trail of Bits), Opal Wright (Trail of Bits), Paul Grubbs (University of Michigan) Typing High-Speed Cryptography against Spectre v1 Basavesh Ammanaghatta Shivakumar (MPI-SP), Gilles Barthe (MPI-SP and IMDEA Software Institute), Benjamin Grégoire (Inria and Université Côte d'Azur), Vincent Laporte (Inria Nancy), Tiago Oliviera (MPI-SP), Swarn Priya (Inria and Université Côte d'Azur), Peter Schwabe (MPI-SP & Radboud University), Lucas Tabary-Maujean (ENS Paris-Saclay) Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations Endres Puschner (Max Planck Institute for Security and Privacy), Thorben Moos (UCLouvain), Christian Kison (Bundeskriminalamt), Steffen Becker (Ruhr University Bochum & Max Planck Institute for Security and Privacy), Amir Moradi (Ruhr University Bochum), Christof Paar (Max Planck Institute for Security and Privacy) It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses Soheil Khodayari (CISPA Helmholtz Center for Information Security), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security) The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web Jannis Rautenstrauch (CISPA Helmholtz Center for Information Security), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security), Ben Stock (CISPA Helmholtz Center for Information Security) WaVe: a verifiably secure WebAssembly sandboxing runtime Evan Johnson (University of California San Diego), Evan Laufer (Stanford University) , Zijie Zhao (University of Illinois Urbana-Champaign), Shravan Narayan (University of California San Diego) , Stefan Savage (University of California San Diego) , Deian Stefan (University of California San Diego), Fraser Brown (Carnegie Mellon University) Characterizing Everyday Misuse of Smart Home Devices Phoebe Moh (University of Maryland), Pubali Datta (University of Illinois Urbana-Champaign) Noel Warford (University of Maryland), Adam Bates (University of Illinois Urbana-Champaign), Nathan Malkin (University of Maryland), Michelle L. Mazurek (University of Maryland) Not Yet Another Digital ID: Privacy-preserving Humanitarian Aid Distribution Boya Wang (EPFL), Wouter Lueks (CISPA Helmholtz Center for Information Security), Justinas Sukaitis (ICRC), Vincent Graf Narbel (ICRC), Carmela Troncoso (EPFL) “In Eighty Percent of the Cases, I Select the Password for Them”: Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya Collins W. Munyendo (The George Washington University), Yasemin Acar (The George Washington University), Adam J. Aviv (The George Washington University) Space Odyssey: An Experimental Software Security Analysis of Satellites Johannes Willbold (Ruhr-Universität Bochum), Moritz Schloegel (Ruhr-Universität Bochum) Manuel Vögele (Ruhr-Universität Bochum), Maximilian Gerhardt (Ruhr-Universität Bochum), Thorsten Holz (CISPA Helmholtz Center for Information Security), Ali Abbasi (CISPA Helmholtz Center for Information Security) |
| 2022 | Four Attacks and a Proof for Telegram Martin R. Albrecht (Royal Holloway, University of London), Lenka Mareková (Royal Holloway, University of London), Kenneth G. Paterson (ETH Zurich), Igors Stepanovs (ETH Zurich) Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions Hammond Pearce, Baleegh Ahmad, Benjamin Tan, Brendan Dolan-Gavitt, Ramesh Karri (NYU Tandon School of Engineering) Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices Haoqi Shan (University of Florida), Boyi Zhang (University of Florida), Zihao Zhan (University of Florida), Dean Sullivan (University of New Hampshire), Shuo Wang (University of Florida), Yier Jin (University of Florida) Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects Dominik Wermke (CISPA), Noah Woehler (CISPA), Jan H. Klemmer (Leibniz University Hannover), Marcel Fourné (MPI-SP), Yasemin Acar (George Washington University), Sascha Fahl (CISPA, Leibniz University Hannover) |
| 2021 | Compositional Security for Reentrant Applications Ethan Cecchetti (Cornell University), Siqiu Yao (Cornell University), Haobin Ni (Cornell University), Andrew C. Myers (Cornell University) Hardware-Software Contracts for Secure Speculation Marco Guarnieri (IMDEA Software Institute), Boris Köpf (Microsoft Research), Jan Reineke (Saarland University), and Pepe Vila (IMDEA Software Institute) |
| 2020 | TRRespass: Exploiting the Many Sides of Target Row Refresh Pietro Frigo (Vrije Universiteit Amsterdam), Emanuele Vannacci (Vrije Universiteit Amsterdam), Hasan Hassan (ETH Zürich), Victor van der Veen (Qualcomm Technologies, Inc.), Onur Mutlu (ETH Zürich), Cristiano Giuffrida (Vrije Universiteit Amsterdam), Herbert Bos (Vrije Universiteit Amsterdam), Kaveh Razavi (Vrije Universiteit Amsterdam) |
| 2019 | Spectre Attacks: Exploiting Speculative Execution Paul Kocher (Independent (www.paulkocher.com)), Jann Horn (Google Project Zero), Anders Fogh (G DATA Advanced Analytics), Daniel Genkin (University of Pennsylvania and University of Maryland), Daniel Gruss (Graz University of Technology), Werner Haas (Cyberus Technology), Mike Hamburg (Rambus, Cryptography Research Division), Moritz Lipp (Graz University of Technology), Stefan Mangard (Graz University of Technology), Thomas Prescher (Cyberus Technology), Michael Schwarz (Graz University of Technology), Yuval Yarom (University of Adelaide and Data61) |
| 2018 | DEEPSEC: Deciding Equivalence Properties in Security Protocols -- Theory and Practice Vincent Cheval (Inria Nancy & Loria), Steve Kremer (Inria Nancy & Loria), Itsaka Rakotonirina (Inria Nancy & Loria) On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond (École Polytechnique Fédérale de Lausanne), Alejandro Cuevas (École Polytechnique Fédérale de Lausanne), Juan Ramón Troncoso-Pastoriza (École Polytechnique Fédérale de Lausanne), Philipp Jovanovic (École Polytechnique Fédérale de Lausanne), Bryan Ford (École Polytechnique Fédérale de Lausanne), Jean-Pierre Hubaux (École Polytechnique Fédérale de Lausanne) |
| 2017 | Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate Karthikeyan Bhargavan (INRIA), Bruno Blanchet (INRIA), and Nadim Kobeissi (INRIA) |
| 2016 | A2: Analog Malicious Hardware Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, and Dennis Sylvester (University of Michigan) |
| 2015 | A Messy State of the Union: Taming the Composite State Machines of TLS Benjamin Beurdouche (INRIA), Karthikeyan Bhargavan (INRIA), Antoine Delignat-Lavaud (INRIA), Cédric Fournet (Microsoft Research), Markulf Kohlweiss (Microsoft Research), Alfredo Pironti (INRIA), Pierre-Yves Strub (IMDEA), Jean Karim Zinzindohoue (INRIA) Riposte: An Anonymous Messaging System Handling Millions of Users Henry Corrigan-Gibbs (Stanford University), Dan Boneh (Stanford University), David Mazières (Stanford University) |
| 2014 | Secure Multiparty Computations on Bitcoin Marcin Andrychowicz (University of Warsaw) , Stefan Dziembowski (University of Warsaw and Sapienza University of Rome) , Daniel Malinowski, and Łukasz Mazurek (University of Warsaw) |
| 2013 | Pinocchio: Nearly Practical Verifiable Computation Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova |
| Year | Paper |
|---|---|
| 2022 | Victory by KO: Attacking OpenPGP Using Key Overwriting Kenny Paterson, Lara Bruseghini, Daniel Huigens Proving UNSAT in Zero Knowledge Ning Luo, Timos Antonopoulos, William Harris, Ruzica Piskac, Eran Tromer, Xiao Wang Automatic Detection of Speculative Execution Combinations Xaver Fabian, Marco Patrignani, Marco Guarnieri Zapper: Smart Contracts with Data and Identity Privacy Samuel Steffen, Benjamin Bichsel, Martin Vechev STAR: Secret Sharing for Private Threshold Aggregation Reporting Alex Davidson, Peter Snyder, E. B. Quirk, Joseph Genereux, Hamed Haddadi, Benjamin Livshits |
| 2021 | XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers Lukas Knittel; Christian Mainka (Ruhr University Bochum); Marcus Niemietz (Niederrhein University of Applied Sciences); Dominik Trevor Noß Jörg Schwenk (Ruhr University Bochum) One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization Robert Buhren; Hans-Niklas Jacob; Thilo Krachenfels (Technische UniversitätBerlin - SECT); Jean-Pierre Seifert (Technische Universität Berlin - SECT & Fraunhofer SIT) On the Renyi Differential Privacy of the Shuffle Model Antonious M. Girgis; Deepesh Data; Suhas Diggavi (University of California Los Angeles); Ananda Theertha Suresh; Peter Kairouz (Google Research) On the (In)Security of ElGamal in OpenPGP Luca De Feo; Bertram Poettering; Alessandro Sorniotti (IBM Research Europe - Zurich) V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing Gaoning Pan (Zhejiang University & Ant Group); Xingwei Lin (Ant Group); Xuhong Zhang (Zhejiang University & Binjiang Institute of Zhejiang University); Yongkang Jia (Zhejiang University); Shouling Ji (Zhejiang University & Binjiang Institute of Zhejiang University); Chunming Wu (Zhejiang University); Xinlei Ying (Ant Group); Jiashui Wang (Ant Group); Yanjun Wu (Institute of Software, Chinese Academy of Sciences) |
| 2020 | DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan |
| 2019 | Where Does It Go? Refining Indirect-Call Targets with Multi-layer Type Analysis Kangjie Lu and Hong Hu |
| 2018 | LEMNA: Explaining Deep Learning based Security Applications Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, Xinyu Xing Toward Detecting Violations of Differential Privacy Ding Ding, Yuxin Wang, Guanhong Wang, Danfeng Zhang, Daniel Kifer |
| 2017 | Scaling ORAM for Secure Computation Jack Doerner, Abhi Shelat Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation Shay Gueron, Yehuda Lindell DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation Xiao Wang, Samuel Ranellucci, Jonathan Katz A Formal Foundation for Secure Remote Execution of Enclaves Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia |
| 2016 | A Surfeit of SSH Cipher Suites Martin R. Albrecht, Jean Paul Degabriele, Torben Brandt Hansen and Kenneth G. Paterson A Systematic Analysis of the Juniper Dual EC Incident Stephen Checkoway, Jacob Mankiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority Toshinori Araki, Jun Furukawa, Yehuda Lindell, Ariel Nof and Kazuma Ohara |
| 2015 | Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Mathew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin Vandersloot, Eric Wustrow, Santiago Zanella-Béquelin, and Paul Zimmerman Guitar: Piecing Together Android App GUIs From Memory Images Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang and Dongyan Xu Automated Analysis And Synthesis Of Authenticated Encryption Schemes Viet Tung Hoang, Jonathan Katz and Alex J. Malozemoff |
| 2014 | Private-by-Design Advertising Meets the Real World Alexey Reznichenko and Paul Francis Alexey Reznichenko and Paul Francis Code Reuse Attacks in PHP: Automated POP Chain Generation Johannes Dahse, Nikolai Krein and Thorsten Holz Multi-ciphersuite security of the Secure Shell (SSH) protocol Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk and Douglas Stebila |
| 2013 | FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis Adam Waksman and Matthew Suozzo Path ORAM: An Extremely Simple Oblivious RAM Protocol Emil Stefanov, Christopher Fletcher, Ling Ren, and Xiangyao Yu **Security Analysis of Integrated Circuit Camouflaging ** eyavijayan Rajendran and Michael Sam |
| Year | Paper |
|---|---|
| 2023 | Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations Tadayoshi Kohno, University of Washington; Yasemin Acar, Paderborn University and George Washington University; Wulf Loh, Universität Tübingen Glaze: Protecting Artists from Style Mimicry by Text-to-Image Models Shawn Shan, University of Chicago; Jenna Cryan, University of Chicago; Emily Wenger, University of Chicago; Haitao Zheng, University of Chicago; Rana Hanocka, University of Chicago; Ben Y. Zhao, University of Chicago An Efficient Design of Intelligent Network Data Plane Guangmeng Zhou, Tsinghua University; Zhuotao Liu, Tsinghua University and Zhongguancun Laboratory; Chuanpu Fu, Tsinghua University; Qi Li, Tsinghua University and Zhongguancun Laboratory; Ke Xu, Tsinghua University and Zhongguancun Laboratory Don’t be Dense: Efficient Keyword PIR for Sparse Databases Sarvar Patel, Google; Joon Young Seo, Google; Kevin Yeo, Google and Columbia University TreeSync: Authenticated Group Management for Messaging Layer Security Théophile Wallez, Inria Paris; Jonathan Protzenko, Microsoft Research; Benjamin Beurdouche, Mozilla; Karthikeyan Bhargavan, Inria Paris Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses Vincent Cheval, Inria Paris; Cas Cremers, CISPA Helmholtz Center for Information Security; Alexander Dax, CISPA Helmholtz Center for Information Security and Saarland University; Lucca Hirschi, Université de Lorraine, Inria, CNRS, France; Charlie Jacomme, Inria Paris; Steve Kremer, Université de Lorraine, LORIA, Inria Nancy Grand-Est Bug Hunters’ Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem Omer Akgul, University of Maryland; Taha Eghtesad, Pennsylvania State University; Amit Elazari, University of California, Berkeley; Omprakash Gnawali, University of Houston; Jens Grossklags, Technical University of Munich; Michelle L. Mazurek, University of Maryland; Daniel Votipka, Tufts University; Aron Laszka, Pennsylvania State University Examining Power Dynamics and User Privacy in Smart Technology Use Among Jordanian Households Wael Albayaydh, University of Oxford; Ivan Flechais, University of Oxford Tight Auditing of Differentially Private Machine Learning Milad Nasr, Google DeepMind; Jamie Hayes, Google DeepMind; Thomas Steinke, Google DeepMind; Borja Balle, DeepMind; Florian Tramèr, ETH Zurich; Matthew Jagielski, Google DeepMind; Nicholas Carlini, Google DeepMind; Andreas Terzis, Google DeepMind Automated Analysis of Protocols that use Authenticated Encryption: How Subtle AEAD Differences can impact Protocol Security Cas Cremers, CISPA Helmholtz Center for Information Security; Alexander Dax, CISPA Helmholtz Center for Information Security and Saarland University; Charlie Jacomme, Inria Paris; Mang Zhao, CISPA Helmholtz Center for Information Security and Saarland University Account Security Interfaces: Important, Unintuitive, and Untrustworthy Alaa Daffalla, Cornell University; Marina Bohuk, Cornell University; Nicola Dell, Jacobs Institute Cornell Tech; Rosanna Bellini, Cornell University; Thomas Ristenpart, Cornell Tech A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords Alexandra Nisenoff, University of Chicago and Carnegie Mellon University; Maximilian Golla, University of Chicago / Max Planck Institute for Security and Privacy; Miranda Wei, University of Chicago / University of Washington; Juliette Hainline, University of Chicago; Hayley Szymanek, University of Chicago; Annika Braun, University of Chicago; Annika Hildebrandt, University of Chicago; Blair Christensen, University of Chicago; David Langenberg, University of Chicago; Blase Ur, University of Chicago Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge Nils Bars, CISPA Helmholtz Center for Information Security; Moritz Schloegel, CISPA Helmholtz Center for Information Security; Tobias Scharnowski, CISPA Helmholtz Center for Information Security; Nico Schiller, Ruhr-Universität Bochum; Thorsten Holz, CISPA Helmholtz Center for Information Security Remote Direct Memory Introspection Hongyi Liu, Rice University; Jiarong Xing, Rice University; Yibo Huang, Rice University; Danyang Zhuo, Duke University; Srinivas Devadas, Massachusetts Institute of Technology; Ang Chen, Rice University A Bug's Life: Analyzing the Lifecycle and Mitigation Process of Content Security Policy Bugs Gertjan Franken, imec-DistriNet, KU Leuven; Tom Van Goethem, imec-DistriNet, KU Leuven; Lieven Desmet, imec-DistriNet, KU Leuven; Wouter Joosen, imec-DistriNet, KU Leuven BotScreen: Trust Everybody, but Cut the Aimbots Yourself Minyeop Choi, KAIST; Gihyuk Ko, Cyber Security Research Center at KAIST and Carnegie Mellon University; Sang Kil Cha, KAIST |
| 2022 | Dos and Don'ts of Machine Learning in Computer Security Daniel Arp, Technische Universität Berlin; Erwin Quiring, Technische Universität Braunschweig; Feargus Pendlebury, King's College London and Royal Holloway, University of London and The Alan Turing Institute; Alexander Warnecke, Technische Universität Braunschweig; Fabio Pierazzi, King's College London; Christian Wressnegger, KASTEL Security Research Labs and Karlsruhe Institute of Technology; Lorenzo Cavallaro, University College London; Konrad Rieck, Technische Universität Braunschweig OpenVPN is Open to VPN Fingerprinting Diwen Xue, University of Michigan; Reethika Ramesh, University of Michigan; Arham Jain, University of Michigan; Michalis Kallitsis, Merit Network, Inc.; J. Alex Halderman, University of Michigan; Jedidiah R. Crandall, Arizona State University/Breakpointing Bad; Roya Ensafi, University of Michigan FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing Zenong Zhang, University of Texas at Dallas; Zach Patterson, University of Texas at Dallas; Michael Hicks, University of Maryland and Amazon; Shiyi Wei, University of Texas at Dallas Attacks on Deidentification's Defenses Aloni Cohen, University of Chicago Augmenting Decompiler Output with Learned Variable Names and Types Qibin Chen, Carnegie Mellon University; Jeremy Lacomis, Carnegie Mellon University; Edward J. Schwartz, Carnegie Mellon University Software Engineering Institute; Claire Le Goues, Carnegie Mellon University; Graham Neubig, Carnegie Mellon University; Bogdan Vasilescu, Carnegie Mellon University The Antrim County 2020 Election Incident: An Independent Forensic Investigation J. Alex Halderman, University of Michigan Identity Confusion in WebView-based Mobile App-in-app Ecosystems Lei Zhang, Fudan University; Zhibo Zhang, Fudan University; Ancong Liu, Fudan University; Yinzhi Cao, Johns Hopkins University; Xiaohan Zhang, Fudan University; Yanjun Chen, Fudan University; Yuan Zhang, Fudan University; Guangliang Yang, Fudan University; Min Yang, Fudan University Provably-Safe Multilingual Software Sandboxing using WebAssembly Jay Bosamiya, Carnegie Mellon University; Wen Shih Lim, Carnegie Mellon University; Bryan Parno, Carnegie Mellon University An Audit of Facebook's Political Ad Policy Enforcement Victor Le Pochat, imec-DistriNet, KU Leuven; Laura Edelson, New York University; Tom Van Goethem, imec-DistriNet, KU Leuven; Wouter Joosen, imec-DistriNet, KU Leuven; Damon McCoy, New York University; Tobias Lauinger, New York University Private Signaling Varun Madathil, North Carolina State University; Alessandra Scafuro, North Carolina State University; István András Seres, Eötvös Loránd University; Omer Shlomovits, ZenGo X; Denis Varlakov, ZenGo X Faster Yet Safer: Logging System Via Fixed-Key Blockcipher Viet Tung Hoang, Florida State University; Cong Wu, Florida State University; Xin Yuan, Florida State University Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World Giovanni Cherubin, Alan Turing Institute; Rob Jansen, U.S. Naval Research Laboratory; Carmela Troncoso, EPFL SPRING Lab |
| 2021 | Poisoning the Unlabeled Dataset of Semi-Supervised Learning Nicholas Carlini, Google You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion Roei Schuster, Tel Aviv University and Cornell Tech; Congzheng Song, Cornell University; Eran Tromer, Tel Aviv University and Columbia University; Vitaly Shmatikov, Cornell Tech Why wouldn't someone think of democracy as a target?: Security practices & challenges of people involved with U.S. political campaigns Sunny Consolvo, Google; Patrick Gage Kelley, Google; Tara Matthews, Google; Kurt Thomas, Google; Lee Dunn, Google; Elie Bursztein, Google An Analysis of Speculative Type Confusion Vulnerabilities in the Wild Ofek Kirzner, Tel Aviv University; Adam Morrison, Tel Aviv University Weaponizing Middleboxes for TCP Reflected Amplification Kevin Bock, University of Maryland; Abdulrahman Alaraj, University of Colorado Boulder; Yair Fax, University of Maryland; Kyle Hurley, University of Maryland; Eric Wustrow, University of Colorado Boulder; Dave Levin, University of Maryland Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks Hany Ragab, Vrije Universiteit Amsterdam; Enrico Barberis, Vrije Universiteit Amsterdam; Herbert Bos, VU Amsterdam; Cristiano Giuffrida, VU Amsterdam It's stressful having all these phones: Investigating Sex Workers' Safety Goals, Risks, and Practices Online Allison McDonald, University of Michigan; Catherine Barwulor, Clemson University; Michelle L. Mazurek, University of Maryland; Florian Schaub, University of Michigan; Elissa M. Redmiles, Max Planck Institute for Software Systems |
| 2020 | Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale Adam Oest, Arizona State University; Penghui Zhang, Arizona State University; Brad Wardman, PayPal; Eric Nunes, PayPal; Jakub Burgis, PayPal; Ali Zand, Google; Kurt Thomas, Google; Adam Doupé, Arizona State University; Gail-Joon Ahn, Arizona State University, Samsung Research Retrofitting Fine Grain Isolation in the Firefox Renderer Shravan Narayan, UC San Diego; Craig Disselkoen, UC San Diego; Tal Garfinkel, Stanford University; Nathan Froyd, Mozilla; Eric Rahm, Mozilla; Sorin Lerner, UC San Diego; Hovav Shacham, UT Austin; Deian Stefan, UC San Diego Pancake: Frequency Smoothing for Encrypted Data Stores Paul Grubbs, Cornell Tech; Anurag Khandelwal, Yale University; Marie-Sarah Lacharité, Royal Holloway, University of London; Lloyd Brown, University of California, Berkeley; Lucy Li, Cornell Tech; Rachit Agarwal, Cornell University; Thomas Ristenpart, Cornell Tech Composition Kills: A Case Study of Email Sender Authentication Jianjun Chen, International Computer Science Institute; Vern Paxson, University of California Berkeley and International Computer Science Institute; Jian Jiang, Shape Security The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums Emily Tseng, Cornell University; Rosanna Bellini, Open Lab, Newcastle University; Nora McDonald, University of Maryland, Baltimore County; Matan Danos, Weizmann Institute of Science; Rachel Greenstadt, New York University; Damon McCoy, New York University; Nicola Dell, Cornell Tech; Thomas Ristenpart, Cornell Tech Symbolic execution with SymCC: Don't interpret, compile! Sebastian Poeplau, EURECOM; Aurélien Francillon, EURECOM The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs Maik Ender, Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany; Amir Moradi, Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany; Christof Paar, Max Planck Institute for Cyber Security and Privacy and Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis Sathvik Prasad, North Carolina State University; Elijah Bouma-Sims, North Carolina State University; Athishay Kiran Mylappan, North Carolina State University; Bradley Reaves, North Carolina State University Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It Daniel Votipka, University of Maryland; Kelsey R. Fulton, University of Maryland; James Parker, University of Maryland; Matthew Hou, University of Maryland; Michelle L. Mazurek, University of Maryland; Michael Hicks, University of Maryland Datalog Disassembly Antonio Flores-Montoya, GrammaTech Inc.; Eric Schulte, GrammaTech Inc. A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web Elissa M. Redmiles, University of Maryland; Noel Warford, University of Maryland; Amritha Jayanti, University of Maryland; Aravind Koneru, University of Maryland; Sean Kross, University of California, San Diego; Miraida Morales, Rutgers University; Rock Stevens, University of Maryland; Michelle L. Mazurek, University of Maryland |
| 2019 | Computer Security and Privacy in the Interactions Between Victim Service Providers and Human Trafficking Survivors Christine Chen, University of Washington; Nicola Dell, Cornell Tech; Franziska Roesner, University of Washington Users Really Do Answer Telephone Scams Huahong Tu, University of Maryland; Adam Doupé, Arizona State University; Ziming Zhao, Rochester Institute of Technology; Gail-Joon Ahn, Arizona State University and Samsung Research Detecting and Characterizing Lateral Phishing at Scale Grant Ho, UC Berkeley and Barracuda Networks; Asaf Cidon, Barracuda Networks and Columbia University; Lior Gavish, Barracuda Networks; Marco Schweighauser, Barracuda Networks; Vern Paxson, UC Berkeley and ICSI; Stefan Savage, UC San Diego; Geoffrey M. Voelker, UC San Diego; David Wagner, UC Berkeley ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK) Anjo Vahldiek-Oberwagner, Max Planck Institute for Software Systems, Saarland Informatics Campus; Eslam Elnikety, Max Planck Institute for Software Systems, Saarland Informatics Campus; Nuno O. Duarte, Max Planck Institute for Software Systems, Saarland Informatics Campus; Michael Sammler, Max Planck Institute for Software Systems, Saarland Informatics Campus; Peter Druschel, Max Planck Institute for Software Systems, Saarland Informatics Campus; Deepak Garg, Max Planck Institute for Software Systems, Saarland Informatics Campus 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System Joel Reardon, University of Calgary / AppCensus Inc.; Álvaro Feal, IMDEA Networks Institute / Universidad Carlos III Madrid; Primal Wijesekera, U.C. Berkeley / ICSI; Amit Elazari Bar On, U.C. Berkeley; Narseo Vallina-Rodriguez, IMDEA Networks Institute / ICSI / AppCensus Inc.; Serge Egelman, U.C. Berkeley / ICSI / AppCensus Inc. Protecting accounts from credential stuffing with password breach alerting Kurt Thomas, Google; Jennifer Pullman, Google; Kevin Yeo, Google; Ananth Raghunathan, Google; Patrick Gage Kelley, Google; Luca Invernizzi, Google; Borbala Benko, Google; Tadek Pietraszek, Google; Sarvar Patel, Google; Dan Boneh, Stanford; Elie Bursztein, Google |
| 2018 | Fear the Reaper: Characterization and Fast Detection of Card Skimmers Nolen Scaife, University of Florida; Christian Peeters, University of Florida; Patrick Traynor, University of Florida Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies Gertjan Franken, imec-Distrinet, KU Leuven; Tom Van Goethem, imec-Distrinet, KU Leuven; Wouter Joosen, imec-Distrinet, KU Leuven The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level Rock Stevens, University of Maryland; Daniel Votipka, University of Maryland; Elissa M. Redmiles, University of Maryland; Colin Ahern, NYC Cyber Command; Patrick Sweeney, Wake Forest University; Michelle L. Mazurek, University of Maryland NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications Abeer Alhuzali, University of Illinois at Chicago; Rigel Gjomemo, University of Illinois at Chicago; Birhanu Eshete, University of Illinois at Chicago; V.N. Venkatakrishnan, University of Illinois at Chicago QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing Insu Yun, Georgia Institute of Technology; Sangho Lee, Georgia Institute of Technology; Meng Xu, Georgia Institute of Technology; Yeongjin Jang, Oregon State University; Taesoo Kim, Georgia Institute of Technology |
| 2017 | CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management Adrian Tang, Columbia University; Simha Sethumadhavan, Columbia University; Salvatore Stolfo, Columbia University A Longitudinal, End-to-End View of the DNSSEC Ecosystem Taejoong Chung, Northeastern University; Roland van Rijswijk-Deij, University of Twente and SURFnet bv; Balakrishnan Chandrasekaran, TU Berlin; David Choffnes, Northeastern University; Dave Levin, University of Maryland; Bruce M. Maggs, Duke University and Akamai Technologies; Alan Mislove, Northeastern University; Christo Wilson, Northeastern University Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila, IMDEA Software Institute & Technical University of Madrid (UPM); Boris Köpf, IMDEA Software Institute Detecting Credential Spearphishing in Enterprise Settings Grant Ho, UC Berkeley; Aashish Sharma, The Lawrence Berkeley National Labratory; Mobin Javed, UC Berkeley; Vern Paxson, UC Berkeley and ICSI; David Wagner, UC Berkeley MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning Shiqing Ma, Purdue University; Juan Zhai, Nanjing University; Fei Wang, Purdue University; Kyu Hyung Lee, University of Georgia; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue University Vale: Verifying High-Performance Cryptographic Assembly Code Barry Bond, Microsoft Research; Chris Hawblitzel, Microsoft Research; Manos Kapritsos, University of Michigan; K. Rustan M. Leino, Microsoft Research; Jacob R. Lorch, Microsoft Research; Bryan Parno, Carnegie Mellon University; Ashay Rane, The University of Texas at Austin; Srinath Setty, Microsoft Research; Laure Thompson, Cornell University |
| 2016 | The Million-Key Question—Investigating the Origins of RSA Public Keys Petr Švenda, Masaryk University; Matúš Nemec, Masaryk University; Peter Sekan, Masaryk University; Rudolf Kvašňovský, Masaryk University; David Formánek, Masaryk University; David Komárek, Masaryk University; Vashek Matyáš, Masaryk University ZKBoo: Faster Zero-Knowledge for Boolean Circuits Irene Giacomelli, Aarhus University; Jesper Madsen, Aarhus University; Claudio Orlandi, Aarhus University Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks William Melicher, Carnegie Mellon University; Blase Ur, Carnegie Mellon University; Sean M. Segreti, Carnegie Mellon University; Saranga Komanduri, Carnegie Mellon University; Lujo Bauer, Carnegie Mellon University; Nicolas Christin, Carnegie Mellon University; Lorrie Faith Cranor, Carnegie Mellon University |
| 2015 | Under-Constrained Symbolic Execution: Correctness Checking for Real Code David A. Ramos, Stanford University; Dawson Engler, Stanford University All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS Mathy Vanhoef, Katholieke Universiteit Leuven; Frank Piessens, Katholieke Universiteit Leuven |
| 2014 | Automatically Detecting Vulnerable Websites Before They Turn Malicious Kyle Soska, Carnegie Mellon University; Nicolas Christin, Carnegie Mellon University DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse Brendan Saltaformaggio, Purdue University; Zhongshu Gu, Purdue University; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue University Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing Matthew Fredrikson, University of Wisconsin—Madison; Eric Lantz, University of Wisconsin—Madison; Somesh Jha, University of WisconsinMadison; Simon Lin, Marshfield Clinic Research Foundation; David Page, University of Wisconsin—Madison; Thomas Ristenpart, University of Wisconsin—Madison |
| 2013 | Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation Frank Imeson, University of Waterloo; Ariq Emtenan, University of Waterloo; Siddharth Garg, University of Waterloo; Mahesh Tripunitara, University of Waterloo Control Flow Integrity for COTS Binaries Mingwei Zhang, Stony Brook University; R. Sekar, Stony Brook University |
| 2012 | Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel J. Feldman, Princeton University; Aaron Blankstein, Princeton University; Michael J. Freedman, Princeton University; Edward W. Felten, Princeton University Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices Nadia Heninger, University of California, San Diego; Zakir Durumeric, University of Michigan; Eric Wustrow, University of Michigan; J. Alex Halderman, University of Michigan |
| Year | Paper |
|---|---|
| 2024 | Like, Comment, Get Scammed: Characterizing Comment Scams on Media Platforms Xigao Li (Stony Brook University), Amir Rahmati (Stony Brook University), Nick Nikiforakis (Stony Brook University) UntrustIDE: Exploiting Weaknesses in VS Code Extensions Elizabeth Lin (North Carolina State University), Igibek Koishybayev (North Carolina State University), Trevor Dunlap (North Carolina State University), William Enck (North Carolina State University), Alexandros Kapravelos (North Carolina State University) Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality Shiqing Luo (George Mason University), Anh Nguyen (George Mason University), Hafsa Farooq (Georgia State University), Kun Sun (George Mason University), Zhisheng Yan (George Mason University) LMSanitator: Defending Prompt-Tuning Against Task-Agnostic Backdoors Chengkun Wei (Zhejiang University), Wenlong Meng (Zhejiang University), Zhikun Zhang (CISPA Helmholtz Center for Information Security and Stanford University), Min Chen (CISPA Helmholtz Center for Information Security), Minghu Zhao (Zhejiang University), Wenjing Fang (Ant Group), Lei Wang (Ant Group), Zihui Zhang (Zhejiang University), Wenzhi Chen (Zhejiang University) |
| 2023 | Your Router is My Prober: Measuring IPv6 Networks via ICMP Rate Limiting Side Channels Long Pan (Tsinghua University), Jiahai Yang (Tsinghua University), Lin He (Tsinghua University), Zhiliang Wang (Tsinghua University), Leyao Nie (Tsinghua University), Guanglei Song (Tsinghua University), Yaozhong Liu (Tsinghua University) DARWIN: Survival of the Fittest Fuzzing Mutators Patrick Jauernig (Technical University of Darmstadt), Domagoj Jakobovic (University of Zagreb, Croatia), Stjepan Picek (Radboud University and TU Delft), Emmanuel Stapf (Technical University of Darmstadt), Ahmad-Reza Sadeghi (Technical University of Darmstadt) |
| 2022 | Preventing Kernel Hacks with HAKCs Derrick McKee (Purdue University), Yianni Giannaris (MIT CSAIL), Carolina Ortega (MIT CSAIL), Howard Shrobe (MIT CSAIL), Mathias Payer (EPFL), Hamed Okhravi (MIT Lincoln Laboratory), Nathan Burow (MIT Lincoln Laboratory) |
| 2021 | Awakening the Web’s Sleeper Agents: Misusing Service Workers for Privacy Leakage Soroush Karami, Panagiotis Ilia, Jason Polakis (University of Illinois at Chicago) |
| 2020 | Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori |
| 2019 | MBeacon: Privacy-Preserving Beacons for DNA Methylation Data Inken Hagestedt (CISPA Helmholtz Center for Information Security), Yang Zhang (CISPA Helmholtz Center for Information Security), Mathias Humbert (Swiss Data Science Center, ETH Zurich/EPFL), Pascal Berrang (CISPA Helmholtz Center for Information Security), Haixu Tang (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington), Michael Backes (CISPA Helmholtz Center for Information Security) Establishing Software Root of Trust Unconditionally Virgil D. Gligor (Carnegie Mellon University), Maverick S. L. Woo (Carnegie Mellon University) Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs Eihal Alowaisheq (Indiana University, King Saud University), Peng Wang (Indiana University), Sumayah Alrwais (King Saud University), Xiaojing Liao (Indiana University), XiaoFeng Wang (Indiana University), Tasneem Alowaisheq (Indiana University, King Saud University), Xianghang Mi (Indiana University), Siyuan Tang (Indiana University), Baojun Liu (Tsinghua University) Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai Orcun Cetin (Delft University of Technology), Carlos Ganan (Delft University of Technology), Lisette Altena (Delft University of Technology), Takahiro Kasama (National Institute of Information and Communications Technology), Daisuke Inoue (National Institute of Information and Communications Technology), Kazuki Tamiya (Yokohama National University), Ying Tie (Yokohama National University), Katsunari Yoshioka (Yokohama National University), Michel van Eeten (Delft University of Technology) |
| 2018 | Knock Knock, Who’s There? Membership Inference on Aggregate Location Data Apostolos Pyrgelis (UCL), Carmela Troncoso (EPFL), and Emiliano De Cristofaro (UCL) Resolving the Predicament of Android Custom Permissions Güliz Seray Tuncay, Soteris Demetriou, Karan Ganju, and Carl Gunter (UIUC) |
| 2017 | Dial One for Scam: A Large-Scale Analysis of Technical Support Scams Najmeh Miramirkhani, Oleksii Starov, Nick Nikiforakis Ramblr: Making Reassembly Great Again Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna |