Default Cover Image

Default Cover Image

2021 IEEE Symposium on Security and Privacy (SP)

May 24 2021 to May 27 2021

San Francisco, CA, USA

ISBN: 978-1-7281-8934-5

Table of Contents

pp. 1-1

[Title page iii]

pp. 3-3

[Copyright notice]

pp. 4-4

Table of Contents

pp. 5-20

Message from the General Chair

pp. 21-24

Message from the Program Chairs

pp. 25-26

Organizing Committee

pp. 27-28

Program Committee

pp. 29-31

Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS)

pp. 1-17

by James C. Davis, Francisco Servant, Dongyoon Lee

Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages

pp. 18-35

by Jian Xiang, Stephen Chong

When Function Signature Recovery Meets Compiler Optimization

pp. 36-52

by Yan Lin, Debin Gao

How Did That Get In My Phone? Unwanted App Distribution on Android Devices

pp. 53-69

by Platon Kotzias, Juan Caballero, Leyla Bilge

Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings

pp. 70-86

by Rui Li, Wenrui Diao, Zhou Li, Jianqi Du, Shanqing Guo

Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization

pp. 87-102

by Andrea Possemato, Simone Aonzo, Davide Balzarotti, Yanick Fratantonio

Detecting AI Trojans Using Meta Neural Analysis

pp. 103-120

by Xiaojun Xu, Qi Wang, Huichen Li, Nikita Borisov, Carl A. Gunter, Bo Li

Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

pp. 121-140

by Sahar Abdelnabi, Mario Fritz

Machine Unlearning

pp. 141-159

by Lucas Bourtoule, Varun Chandrasekaran, Christopher A. Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, Nicolas Papernot

Poltergeist: Acoustic Adversarial Machine Learning against Cameras and Computer Vision

pp. 160-175

by Xiaoyu Ji, Yushi Cheng, Yuepeng Zhang, Kai Wang, Chen Yan, Wenyuan Xu, Kevin Fu

Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks

pp. 176-194

by Yulong Cao, Ningfei Wang, Chaowei Xiao, Dawei Yang, Jin Fang, Ruigang Yang, Qi Alfred Chen, Mingyan Liu, Bo Li

CANNON: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

pp. 195-210

by Sekar Kulandaivel, Shalabh Jain, Jorge Guajardo, Vyas Sekar

SoK: Quantifying Cyber Risk

pp. 211-228

by Daniel W. Woods, Rainer Böhme

Self-Supervised Euphemism Detection and Identification for Content Moderation

pp. 229-246

by Wanzheng Zhu, Hongyu Gong, Rohan Bansal, Zachary Weinberg, Nicolas Christin, Giulia Fanti, Suma Bhat

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

pp. 247-267

by Kurt Thomas, Devdatta Akhawe, Michael Bailey, Dan Boneh, Elie Bursztein, Sunny Consolvo, Nicola Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, Gianluca Stringhini

Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement

pp. 268-284

by Karen Klein, Guillermo Pascual-Perez, Michael Walter, Chethan Kamath, Margarita Capretto, Miguel Cueto, Ilia Markov, Michelle Yeo, Joël Alwen, Krzysztof Pietrzak

Merkle²: A Low-Latency Transparency Log System

pp. 285-303

by Yuncong Hu, Kian Hooshmand, Harika Kalidhindi, Seung Jin Yang, Raluca Ada Popa

Post-quantum WireGuard

pp. 304-321

by Andreas Hülsing, Kai-Chun Ning, Peter Schwabe, Fiona Johanna Weber, Philip R. Zimmermann

Invisible Probe: Timing Attacks with PCIe Congestion Side-channel

pp. 322-338

by Mingtian Tan, Junpeng Wan, Zhe Zhou, Zhou Li

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

pp. 339-354

by Stephan van Schaik, Marina Minkin, Andrew Kwong, Daniel Genkin, Yuval Yarom

PLATYPUS: Software-based Power Side-Channel Attacks on x86

pp. 355-371

by Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, Daniel Gruss

Defensive Technology Use by Political Activists During the Sudanese Revolution

pp. 372-390

by Alaa Daffalla, Lucy Simko, Tadayoshi Kohno, Alexandru G. Bardas

DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers

pp. 391-409

by Benjamin Bichsel, Samuel Steffen, Ilija Bogunovic, Martin Vechev

Is Private Learning Possible with Instance Encoding?

pp. 410-427

by Nicholas Carlini, Samuel Deng, Sanjam Garg, Somesh Jha, Saeed Mahloujifar, Mohammad Mahmoody, Abhradeep Thakurta, Florian Tramèr

High-Frequency Trading on Decentralized On-Chain Exchanges

pp. 428-445

by Liyi Zhou, Kaihua Qin, Christof Ferreira Torres, Duc V Le, Arthur Gervais

Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma

pp. 446-465

by Joachim Neu, Ertem Nusret Tas, David Tse

Red Belly: A Secure, Fair and Scalable Open Blockchain

pp. 466-483

by Tyler Crain, Christopher Natoli, Vincent Gramoli

Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices

pp. 484-500

by Nilo Redini, Andrea Continella, Dipanjan Das, Giulio De Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna

Data Privacy in Trigger-Action Systems

pp. 501-518

by Yunang Chen, Amrita Roy Chowdhury, Ruizhe Wang, Andrei Sabelfeld, Rahul Chatterjee, Earlence Fernandes

Which Privacy and Security Attributes Most Impact Consumers’ Risk Perception and Willingness to Purchase IoT Devices?

pp. 519-536

by Pardis Emami-Naeini, Janarth Dheenadhayalan, Yuvraj Agarwal, Lorrie Faith Cranor

An Interactive Prover for Protocol Verification in the Computational Model

pp. 537-554

by David Baelde, Stéphanie Delaune, Charlie Jacomme, Adrien Koutsos, Solène Moreau

SmartPulse: Automated Checking of Temporal Properties in Smart Contracts

pp. 555-571

by Jon Stephens, Kostas Ferles, Benjamin Mariano, Shuvendu Lahiri, Isil Dillig

An I/O Separation Model for Formal Verification of Kernel Implementations

pp. 572-589

by Miao Yu, Virgil Gligor, Limin Jia

Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority

pp. 590-607

by Megan Chen, Carmit Hazay, Yuval Ishai, Yuriy Kashnikov, Daniele Micciancio, Tarik Riviere, Abhi Shelat, Muthu Venkitasubramaniam, Ruihan Wang

Refresh When You Wake Up: Proactive Threshold Wallets with Offline Devices

pp. 608-625

by Yashvanth Kondi, Bernardo Magri, Claudio Orlandi, Omer Shlomovits

Compact Certificates of Collective Knowledge

pp. 626-641

by Silvio Micali, Leonid Reyzin, Georgios Vlachos, Riad S. Wahby, Nickolai Zeldovich

One Engine to Fuzz ’em All: Generic Language Processor Testing with Semantic Validation

pp. 642-658

by Yongheng Chen, Rui Zhong, Hong Hu, Hangfan Zhang, Yupeng Yang, Dinghao Wu, Wenke Lee

StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

pp. 659-676

by Zhuo Zhang, Wei You, Guanhong Tao, Yousra Aafer, Xuwei Liu, Xiangyu Zhang

NtFuzz: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

pp. 677-693

by Jaeseung Choi, Kangsu Kim, Daejin Lee, Sang Kil Cha

Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems

pp. 694-711

by Guangke Chen, Sen Chenb, Lingling Fan, Xiaoning Du, Zhe Zhao, Fu Song, Yang Liu

Hear "No Evil", See "Kenansville": Efficient and Transferable Black-Box Attacks on Speech Recognition and Voice Identification Systems

pp. 712-729

by Hadi Abdullah, Muhammad Sajidur Rahman, Washington Garcia, Kevin Warren, Anurag Swarnim Yadav, Tom Shrimpton, Patrick Traynor

SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems

pp. 730-747

by Hadi Abdullah, Kevin Warren, Vincent Bindschaedler, Nicolas Papernot, Patrick Traynor

Cross-Domain Access Control Encryption: Arbitrary-policy, Constant-size, Efficient

pp. 748-761

by Xiuhua Wang, Sherman S. M. Chow

Lightweight Techniques for Private Heavy Hitters

pp. 762-776

by Dan Boneh, Elette Boyle, Henry Corrigan-Gibbs, Niv Gilboa, Yuval Ishai

SoK: Computer-Aided Cryptography

pp. 777-795

by Manuel Barbosa, Gilles Barthe, Karthik Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao, Bryan Parno

ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

pp. 796-812

by Xueling Zhang, Xiaoyin Wang, Rocky Slavin, Jianwei Niu

OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary

pp. 813-832

by Zhuo Zhang, Yapeng Ye, Wei You, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, Xiangyu Zhang

SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask

pp. 833-851

by Chengbin Pang, Ruotong Yu, Yaohui Chen, Eric Koskinen, Georgios Portokalidis, Bing Mao, Jun Xu

Learning Differentially Private Mechanisms

pp. 852-865

by Subhajit Roy, Justin Hsu, Aws Albarghouthi

Adversary Instantiation: Lower Bounds for Differentially Private Machine Learning

pp. 866-882

by Milad Nasr, Shuang Songi, Abhradeep Thakurta, Nicolas Papernot, Nicholas Carlin

Manipulation Attacks in Local Differential Privacy

pp. 883-900

by Albert Cheu, Adam Smith, Jonathan Ullman

Bitcoin-Compatible Virtual Channels

pp. 901-918

by Lukas Aumayr, Matteo Maffei, Oğuzhan Ersoy, Andreas Erwig, Sebastian Faust, Siavash Riahi, Kristina Hostáková, Pedro Moreno-Sanchez

On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols

pp. 919-936

by Liyi Zhou, Kaihua Qin, Antoine Cully, Benjamin Livshits, Arthur Gervais

Lockable Signatures for Blockchains: Scriptless Scripts for All Signatures

pp. 937-954

by Sri Aravinda Krishnan Thyagarajan, Giulio Malavolta

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

pp. 955-969

by Wei Song, Boya Li, Zihan Xue, Zhenzhen Li, Wenhao Wang, Peng Liu

Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time

pp. 970-986

by Timothy Trippel, Kang G. Shin, Kevin B. Bush, Matthew Hicks

Systematic Analysis of Randomization-based Protected Cache Architectures

pp. 987-1002

by Antoon Purnal, Lukas Giner, Daniel Gruss, Ingrid Verbauwhede

SiRnn: A Math Library for Secure RNN Inference

pp. 1003-1020

by Deevashwer Rathee, Mayank Rathee, Rahul Kranti Kiran Goli, Divya Gupta, Rahul Sharma, Nishanth Chandran, Aseem Rastogi

CryptGPU: Fast Privacy-Preserving Machine Learning on the GPU

pp. 1021-1038

by Sijun Tan, Brian Knott, Yuan Tian, David J. Wu

Proof-of-Learning: Definitions and Practice

pp. 1039-1056

by Hengrui Jia, Mohammad Yaghini, Christopher A. Choquette-Choo, Natalie Dullerud, Anvith Thudi, Varun Chandrasekaran, Nicolas Papernot

PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption

pp. 1057-1073

by Wen-jie Lu, Zhicong Huang, Cheng Hong, Yiping Ma, Hunter Qu

Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits

pp. 1074-1091

by Chenkai Weng, Kang Yang, Jonathan Katz, Xiao Wang

SoK: Fully Homomorphic Encryption Compilers

pp. 1092-1108

by Alexander Viand, Patrick Jattke, Anwar Hithnawi

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing

pp. 1109-1124

by Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn

Black Widow: Blackbox Data-driven Web Scanning

pp. 1125-1142

by Benjamin Eriksson, Giancarlo Pellegrino, Andrei Sabelfeld

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors

pp. 1143-1161

by Umar Iqbal, Steven Englehardt, Zubair Shafiq

A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer

pp. 1162-1178

by Antoine Delignat-Lavaud, Cédric Fournet, Bryan Parno, Jonathan Protzenko, Tahina Ramananandro, Jay Bosamiya, Joseph Lallemand, Itsaka Rakotonirina, Yi Zhou

Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)

pp. 1179-1196

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis

pp. 1197-1214

by Yi Chen, Yepeng Yao, XiaoFeng Wang, Dandan Xu, Chang Yue, Xiaozhong Liu, Kai Chen, Haixu Tang, Baoxu Liu

SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically

pp. 1215-1229

by Tai D. Nguyen, Long H. Pham, Jun Sun

MAD-HTLC: Because HTLC is Crazy-Cheap to Attack

pp. 1230-1248

by Itay Tsabary, Matan Yechieli, Alex Manuskin, Ittay Eyal

Compositional Security for Reentrant Applications

pp. 1249-1267

by Ethan Cecchetti, Siqiu Yao, Haobin Ni, Andrew C. Myers

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

pp. 1268-1285

by Daniel Votipka, Eric Zhang, Michelle L. Mazurek

DifuzzRTL: Differential Fuzz Testing to Find CPU Bugs

pp. 1286-1303

by Jaewon Hur, Suhwan Song, Dongup Kwon, Eunjin Baek, Jangwoo Kim, Byoungyoung Lee

When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient

pp. 1304-1317

by Cheng Shen, Tian Liu, Jun Huang, Rui Tan

Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols

pp. 1318-1331

by Norbert Ludant, Tien D. Vo-Huu, Sashank Narain, Guevara Noubir

Method Confusion Attack on Bluetooth Pairing

pp. 1332-1347

by Maximilian von Tschirschnitz, Ludwig Peuckert, Fabian Franzen, Jens Grossklags

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

pp. 1348-1366

by Deepak Maram, Harjasleen Malvai, Fan Zhang, Nerla Jean-Louis, Alexander Frolov, Tyler Kell, Tyrone Lobban, Christine Moy, Ari Juels, Andrew Miller

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites

pp. 1367-1381

by Nicolas Huaman, Sabrina Klivan, Marten Oltrogge, Yasemin Acar, Sascha Fahl

Improving Password Guessing via Representation Learning

pp. 1382-1399

by Dario Pasquini, Ankit Gangwal, Giuseppe Ateniese, Massimo Bernaschi, Mauro Conti

ARBITRAR: User-Guided API Misuse Detection

pp. 1400-1415

by Ziyang Li, Aravind Machiry, Binghong Chen, Mayur Naik, Ke Wang, Le Song

Compositional Non-Interference for Fine-Grained Concurrent Programs

pp. 1416-1433

by Dan Frumin, Robbert Krebbers, Lars Birkedal

SoK: Security and Privacy in the Age of Commercial Drones

pp. 1434-1451

by Ben Nassi, Ron Bitton, Ryusuke Masuoka, Asaf Shabtai, Yuval Elovici

A First Look at Zoombombing

pp. 1452-1467

by Chen Ling, Utkucan Balcı, Jeremy Blackburn, Gianluca Stringhini

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

pp. 1468-1484

by Yinxi Liu, Mingxue Zhang, Wei Meng

Breaking the Specification: PDF Certification

pp. 1485-1501

by Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jörg Schwenk

Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks

pp. 1502-1519

by Evgenios M. Kornaropoulos, Charalampos Papamanthou, Roberto Tamassia

A Decentralized and Encrypted National Gun Registry

pp. 1520-1537

by Seny Kamara, Tarik Moataz, Andrew Park, Lucy Qin

Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs

pp. 1538-1556

by David Heath, Yibin Yang, David Devecsery, Vladimir Kolesnikov

Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land

pp. 1557-1574

by Frederick Barr-Smith, Xabier Ugarte-Pedrero, Mariano Graziano, Riccardo Spolaor, Ivan Martinovic

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

pp. 1575-1588

by Zhihao Bai, Ke Wang, Hang Zhu, Yinzhi Cao, Xin Jin

Good Bot, Bad Bot: Characterizing Automated Browsing Activity

pp. 1589-1605

by Xigao Li, Babak Amin Azad, Amir Rahmati, Nick Nikiforakis

Showing 100 out of 124

Load More