Default Cover Image

Default Cover Image

2022 IEEE Symposium on Security and Privacy (SP)

May 22 2022 to May 26 2022

San Francisco, CA, USA

ISBN: 978-1-6654-1316-9

Table of Contents

pp. 1-1

pp. 3-3

pp. 4-4

Table of Contents

pp. 5-5

Message from the Program Chairs

pp. 6-6

Organizing Committee

pp. 7-7

PATA: Fuzzing with Path Aware Taint Analysis

pp. 1-17

by Jie Liang, Mingzhe Wang, Chijin Zhou, Zhiyong Wu, Yu Jiang, Jianzhong Liu, Zhe Liu, Jiaguang Sun

JIGSAW: Efficient and Scalable Path Constraints Fuzzing

pp. 18-35

by Ju Chen, Jinghan Wang, Chengyu Song, Heng Yin

BEACON: Directed Grey-Box Fuzzing with Provable Path Pruning

pp. 36-50

by Heqing Huang, Yiyuan Guo, Qingkai Shi, Peisen Yao, Rongxin Wu, Charles Zhang

Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents

pp. 51-68

by Maria Leonor Pacheco, Max von Hippel, Ben Weintraub, Dan Goldwasser, Cristina Nita-Rotaru

ProVerif with Lemmas, Induction, Fast Subsumption, and Much More

pp. 69-86

by Bruno Blanchet, Vincent Cheval, Véronique Cortier

Four Attacks and a Proof for Telegram

pp. 87-106

by Martin R. Albrecht, Lenka Mareková, Kenneth G. Paterson, Igors Stepanovs

Noise: A Library of Verified High-Performance Secure Channel Protocol Implementations

pp. 107-124

by Son Ho, Jonathan Protzenko, Abhishek Bichhawat, Karthikeyan Bhargavan

A Logic and an Interactive Prover for the Computational Post-Quantum Security of Protocols

pp. 125-141

by Cas Cremers, Caroline Fontaine, Charlie Jacomme

IronMask: Versatile Verification of Masking Security

pp. 142-160

by Sonia Belaïd, Darius Mercadier, Matthieu Rivain, Abdul Rahman Taleb

SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds

pp. 161-178

by Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, Giovanni Vigna

ZeeStar: Private Smart Contracts by Homomorphic Encryption and Zero-knowledge Proofs

pp. 179-197

by Samuel Steffen, Benjamin Bichsel, Roger Baumgartner, Martin Vechev

Quantifying Blockchain Extractable Value: How dark is the forest?

pp. 198-214

by Kaihua Qin, Liyi Zhou, Arthur Gervais

A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification

pp. 215-234

by Quoc Huy Do, Pedram Hosseyni, Ralf Küsters, Guido Schmitz, Nils Wenzler, Tim Würtele

Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks

pp. 235-248

by Hernán Ponce-de-Leon, Johannes Kinder

TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems

pp. 249-266

by Mustafa Abdallah, Daniel Woods, Parinaz Naghizadeh, Issa Khalil, Timothy Cason, Shreyas Sundaram, Saurabh Bagchi

SoK: Authentication in Augmented and Virtual Reality

pp. 267-284

by Sophie Stephenson, Bijeeta Pal, Stephen Fan, Earlence Fernandes, Yuhang Zhao, Rahul Chatterjee

Delay Wreaks Havoc on Your Smart Home: Delay-based Automation Interference Attacks

pp. 285-302

by Haotian Chi, Chenglong Fu, Qiang Zeng, Xiaojiang Du

Peekaboo: A Hub-Based Approach to Enable Transparency in Data Processing within Smart Homes

pp. 303-320

by Haojian Jin, Gram Liu, David Hwang, Swarun Kumar, Yuvraj Agarwal, Jason I. Hong

vSGX: Virtualizing SGX Enclaves on AMD SEV

pp. 321-336

by Shixuan Zhao, Mengyuan Li, Yinqian Zhangyz, Zhiqiang Lin

A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP

pp. 337-351

by Mengyuan Li, Luca Wilke, Jan Wichelmann, Thomas Eisenbarth, Radu Teodorescu, Yinqian Zhang

RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone

pp. 352-369

by Jinwen Wang, Ao Li, Haoran Li, Chenyang Lu, Ning Zhang

A Secret-Free Hypervisor: Rethinking Isolation in the Age of Speculative Vulnerabilities

pp. 370-385

by Hongyan Xia, David Zhang, Wei Liu, Istvan Haller, Bruce Sherwin, David Chisnall

Smile: Secure Memory Introspection for Live Enclave

pp. 386-401

by Lei Zhou, Xuhua Ding, Fengwei Zhang

Statistical Quantification of Differential Privacy: A Local Approach

pp. 402-421

by Önder Askin, Tim Kutta, Holger Dette

Locally Differentially Private Sparse Vector Aggregation

pp. 422-439

by Mingxun Zhou, Tianhao Wang, T-H. Hubert Chan, Giulia Fanti, Elaine Shi

Differentially Private Histograms in the Shuffle Model from Fake Users

pp. 440-457

by Albert Cheu, Maxim Zhilyaev

Differential Privacy and Swapping: Examining De-Identification’s Impact on Minority Representation and Privacy Preservation in the U.S. Census

pp. 457-472

by Miranda Christ, Sarah Radway, Steven M. Bellovin

Are We There Yet? Timing and Floating-Point Attacks on Differential Privacy Systems

pp. 473-488

by Jiankai Jin, Eleanor McMurtry, Benjamin I. P. Rubinstein, Olga Ohrimenko

SHADEWATCHER: Recommendation-guided Cyber Threat Analysis using System Audit Records

pp. 489-506

by Jun Zengy, Xiang Wang, Jiahao Liu, Yinfang Chen, Zhenkai Liang, Tat-Seng Chua, Zheng Leong Chua

SIRAJ: A Unified Framework for Aggregation of Malicious Entity Detectors

pp. 507-521

by Saravanan Thirumuruganathan, Mohamed Nabeel, Euijin Choo, Issa Khalil, Ting Yu

DEEPCASE: Semi-Supervised Contextual Analysis of Security Events

pp. 522-539

by Thijs van Ede, Hojjat Aghakhani, Noah Spahn, Riccardo Bortolameotti, Marco Cova, Andrea Continella, Maarten van Steen, Andreas Peter, Christopher Kruegel, Giovanni Vigna

DEPCOMM: Graph Summarization on System Audit Logs for Attack Investigation

pp. 540-557

by Zhiqiang Xu, Pengcheng Fang, Changlin Liu, Xusheng Xiao, Yu Wen, Dan Meng

Measuring and Mitigating the Risk of IP Reuse on Public Clouds

pp. 558-575

by Eric Pauley, Ryan Sheatsley, Blaine Hoak, Quinn Burke, Yohan Beugin, Patrick McDaniel

SecFloat: Accurate Floating-Point meets Secure 2-Party Computation

pp. 576-595

by Deevashwer Rathee, Anwesh Bhattacharya, Rahul Sharma, Divya Gupta, Nishanth Chandran, Aseem Rastogi

Multi-Server Verifiable Computation of Low-Degree Polynomials

pp. 596-613

by Liang Feng Zhang, Huaxiong Wang

Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques

pp. 614-631

by Amit Seal Ami, Nathan Cooper, Kaushal Kafle, Kevin Moran, Denys Poshyvanyk, Adwait Nadkarni

“They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks

pp. 632-649

by Jan Jancar, Marcel Fourné, Daniel De Almeida Braga, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, Yasemin Acar

Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK

pp. 650-665

by Xuancheng Jin, Xuangan Xiao, Songlin Jia, Wang Gao, Dawu Gu, Hang Zhang, Siqi Ma, Zhiyun Qian, Juanru Li

SoK: Practical Foundations for Software Spectre Defenses

pp. 666-680

by Sunjay Cauligi, Craig Disselkoen, Daniel Moghimi, Gilles Barthe, Deian Stefan

SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks

pp. 681-698

by Youssef Tobah, Andrew Kwong, Ingab Kang, Daniel Genkin, Kang G. Shin

Spook.js: Attacking Chrome Strict Site Isolation via Speculative Execution

pp. 699-715

by Ayush Agarwal, Sioli O’Connell, Jason Kim, Shaked Yehezkel, Daniel Genkin, Eyal Ronen, Yuval Yarom

BLACKSMITH: Scalable Rowhammering in the Frequency Domain

pp. 716-734

by Patrick Jattke, Victor Van Der Veen, Pietro Frigo, Stijn Gunter, Kaveh Razavi

ProTRR: Principled yet Optimal In-DRAM Target Row Refresh

pp. 735-753

by Michele Marazzi, Patrick Jattke, Flavien Solt, Kaveh Razavi

Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions

pp. 754-768

by Hammond Pearce, Baleegh Ahmad, Benjamin Tan, Brendan Dolan-Gavitt, Ramesh Karri

Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures

pp. 769-786

by Eugene Bagdasaryan, Vitaly Shmatikov

SoK: How Robust is Image Classification Deep Neural Network Watermarking?

pp. 787-804

by Nils Lukas, Edward Jiang, Xinda Li, Florian Kerschbaum

Transcending TRANSCEND: Revisiting Malware Classification in the Presence of Concept Drift

pp. 805-823

by Federico Barbero, Feargus Pendlebury, Fabio Pierazzi, Lorenzo Cavallaro

Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models

pp. 824-841

by Jialuo Chen, Jingyi Wang, Tinglan Peng, Youcheng Sun, Peng Cheng, Shouling Ji, Xingjun Ma, Bo Li, Dawn Song

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study

pp. 842-859

by Daniele Lain, Kari Kostiainen, Srdjan Čapkun

27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University

pp. 860-875

by Christian Stransky, Oliver Wiese, Volker Roth, Yasemin Acar, Sascha Fahl

Investigating Influencer VPN Ads on YouTube

pp. 876-892

by Omer Akgul, Richard Roberts, Moses Namara, Dave Levin, Michelle L. Mazurek

How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study

pp. 893-910

by Marco Gutfleisch, Jan H. Klemmer, Niklas Busch, Yasemin Acar, M. Angela Sasse, Sascha Fahl

Private Approximate Nearest Neighbor Search with Sublinear Communication

pp. 911-929

by Sacha Servan-Schreiber, Simon Langowski, Srinivas Devadas

SPIRAL: Fast, High-Rate Single-Server PIR via FHE Composition

pp. 930-947

by Samir Jordan Menon, David J. Wu

SNARKBlock: Federated Anonymous Blocklisting from Hidden Common Input Aggregate Proofs

pp. 948-965

by Michael Rosenberg, Mary Maller, Ian Miers

How to Attack and Generate Honeywords

pp. 966-983

by Ding Wang, Yunkai Zou, Qiying Dong, Yuanming Song, Xinyi Huang

WIGHT: Wired Ghost Touch Attack on Capacitive Touchscreens

pp. 984-1001

by Yan Jiang, Xiaoyu Ji, Kai Wang, Chen Yan, Richard Mitev, Ahmad-Reza Sadeghi, Wenyuan Xu

Time-Print: Authenticating USB Flash Drives with Novel Timing Fingerprints

pp. 1002-1017

by Patrick Cronin, Xing Gao, Haining Wang, Chase Cotton

Device Fingerprinting with Peripheral Timestamps

pp. 1018-1033

by John V. Monaco

PCR-Auth: Solving Authentication Puzzle Challenge with Encoded Palm Contact Response

pp. 1034-1048

by Long Huang, Chen Wang

Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation

pp. 1049-1065

by Alyssa Milburn, Erik Van Der Kouwe, Cristiano Giuffrida

SYMBEXCEL: Automated Analysis and Understanding of Malicious Excel 4.0 Macros

pp. 1066-1081

by Nicola Ruaro, Fabio Pagani, Stefano Ortolani, Christopher Kruegel, Giovanni Vigna

HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images

pp. 1082-1099

by Fabio Gritti, Fabio Pagani, Ilya Grishchenko, Lukas Dresel, Nilo Redini, Christopher Kruegel, Giovanni Vigna

SoK: Demystifying Binary Lifters Through the Lens of Downstream Applications

pp. 1100-1119

by Zhibo Liu, Yuanyuan Yuan, Shuai Wang, Yuyan Bao

Property Inference from Poisoning

pp. 1120-1137

by Saeed Mahloujifar, Esha Ghosh, Melissa Chase

Reconstructing Training Data with Informed Adversaries

pp. 1138-1156

by Borja Balle, Giovanni Cherubin, Jamie Hayes

DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories

pp. 1157-1174

by Adnan Siraj Rakin, Md Hafizul Islam Chowdhuryy, Fan Yao, Deliang Fan

Model Stealing Attacks Against Inductive Graph Neural Networks

pp. 1175-1192

by Yun Shen, Xinlei He, Yufei Han, Yang Zhang

Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security

pp. 1193-1210

by Giovanni Camurati, Aurélien Francillon

mmSpy: Spying Phone Calls using mmWave Radars

pp. 1211-1228

by Suryoday Basak, Mahanth Gowda

Attacks on Wireless Coexistence: Exploiting Cross-Technology Performance Features for Inter-Chip Privilege Escalation

pp. 1229-1245

by Jiska Classen, Francesco Gringoli, Michael Hermann, Matthias Hollick

Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices

pp. 1246-1262

by Haoqi Shan, Boyi Zhang, Zihao Zhan, Dean Sullivan, Shuo Wang, Yier Jin

Using Throughput-Centric Byzantine Broadcast to Tolerate Malicious Majority in Blockchains

pp. 1263-1280

by Ruomu Hou, Haifeng Yu, Prateek Saxena

MatRiCT⁺: More Efficient Post-Quantum Private Blockchain Payments

pp. 1281-1298

by Muhammed F. Esgin, Ron Steinfeld, Raymond K. Zhao

Universal Atomic Swaps: Secure Exchange of Coins Across All Blockchains

pp. 1299-1316

by Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Pedro Moreno-Sanchez

Foundations of Dynamic BFT

pp. 1317-1334

by Sisi Duan, Haibin Zhang

COBRA: Dynamic Proactive Secret Sharing for Confidential BFT Services

pp. 1335-1353

by Robin Vassantlal, Eduardo Alchieri, Bernardo Ferreira, Alysson Bessani

Back to the Drawing Board: A Critical Evaluation of Poisoning Attacks on Production Federated Learning

pp. 1354-1371

by Virat Shejwalkar, Amir Houmansadr, Peter Kairouz, Daniel Ramage

Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security

pp. 1372-1389

by Guanhong Tao, Yingqi Liu, Guangyu Shen, Qiuling Xu, Shengwei An, Zhuo Zhang, Xiangyu Zhang

Universal 3-Dimensional Perturbations for Black-Box Attacks on Video Recognition Systems

pp. 1390-1407

by Shangyu Xie, Han Wang, Yu Kong, Yuan Hong

“Adversarial Examples” for Proof-of-Learning

pp. 1408-1422

by Rui Zhang, Jian Liu, Yuan Ding, Zhibo Wang, Qingbiao Wu, Kui Ren

Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings

pp. 1423-1439

by Yuhao Mao, Chong Fu, Saizhuo Wang, Shouling Ji, Xuhong Zhang, Zhenguang Liu, Jun Zhou, Alex X. Liu, Raheem Beyah, Ting Wang

Graphics Peeping Unit: Exploiting EM Side-Channel Information of GPUs to Eavesdrop on Your Neighbors

pp. 1440-1457

by Zihao Zhan, Zhenkai Zhang, Sisheng Liang, Fan Yao, Xenofon Koutsoukos

Adversarial Prefetch: New Cross-Core Cache Side Channel Attacks

pp. 1458-1473

by Yanan Guo, Andrew Zigerelli, Youtao Zhang, Jun Yang

Finding and Exploiting CPU Features using MSR Templating

pp. 1474-1490

by Andreas Kogler, Daniel Weber, Martin Haubenwallner, Moritz Lipp, Daniel Gruss, Michael Schwarz

Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest

pp. 1491-1505

by Jose Rodrigo Sanchez Vicarte, Michael Flanders, Riccardo Paccagnella, Grant Garrett-Grossman, Adam Morrison, Christopher W. Fletcher, David Kohlbrenner

MeshUp: Stateless Cache Side-channel Attack on CPU Mesh

pp. 1506-1524

by Junpeng Wan, Yanxiang Bi, Zhe Zhou, Zhou Li

Timing-Based Browsing Privacy Vulnerabilities Via Site Isolation

pp. 1525-1539

by Zihao Jin, Ziqiao Kong, Shuo Chen, Haixin Duan

WTAGRAPH: Web Tracking and Advertising Detection using Graph Neural Networks

pp. 1540-1557

by Zhiju Yang, Weiping Pei, Monchu Chen, Chuan Yue

Surakav: Generating Realistic Traces for a Strong Website Fingerprinting Defense

pp. 1558-1573

by Jiajun Gong, Wuqi Zhang, Charles Zhang, Tao Wang

Wobfuscator: Obfuscating JavaScript Malware via Opportunistic Translation to WebAssembly

pp. 1574-1589

by Alan Romano, Daniel Lehmann, Michael Pradel, Weihang Wang

The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies

pp. 1590-1607

by Soheil Khodayari, Giancarlo Pellegrino

IRQDebloat: Reducing Driver Attack Surface in Embedded Devices

pp. 1608-1622

by Zhenghao Hu, Brendan Dolan-Gavitt

Finding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis

pp. 1623-1637

by Jiawei Yin, Menghao Li, Wei Wu, Dandan Sun, Jianhua Zhou, Wei Huo, Jingling Xue

Showing 100 out of 154

Load More