S&P 2023

44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. 第44届IEEE安全与隐私研讨会,SP 2023,美国加利福尼亚州旧金山,2023年5月21-25日。

1 Space Odyssey: An Experimental Software Security Analysis of Satellites. 太空奥德赛:对卫星的实验性软件安全分析。

2 Scaphy: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsical. Scaphy:通过关联SCADA和物理行为检测现代ICS攻击。

3 Shedding Light on Inconsistencies in Grid Cybersecurity: Disconnects and Recommendations. 揭示电网网络安全中的不一致性:断开和建议。

4 Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations. 红队对抗蓝队:跨四代现代CMOS技术的现实世界硬件木马检测案例研究。

5 SoK: Distributed Randomness Beacons. SoK:分布式随机性信标。

6 WeRLman: To Tackle Whale (Transactions), Go Deep (RL). WeRLman:处理大额(交易),深入(强化学习)。

7 Three Birds with One Stone: Efficient Partitioning Attacks on Interdependent Cryptocurrency Networks. 一石三鸟:对相互依赖的加密货币网络的高效分割攻击。

8 Bitcoin-Enhanced Proof-of-Stake Security: Possibilities and Impossibilities. 比特币增强的权益证明安全性:可能性与不可能性。

9 MEGA: Malleable Encryption Goes Awry. MEGA:可变加密出错。

10 DBREACH: Stealing from Databases Using Compression Side Channels. DBREACH:利用压缩侧信道从数据库中窃取数据。

11 Weak Fiat-Shamir Attacks on Modern Proof Systems. 针对现代证明系统的弱Fiat-Shamir攻击。

12 Attitudes towards Client-Side Scanning for CSAM, Terrorism, Drug Trafficking, Drug Use and Tax Evasion in Germany. 德国对客户端扫描CSAM、恐怖主义、毒品贩运、吸毒和逃税的态度。

13 Deep perceptual hashing algorithms with hidden dual purpose: when client-side scanning does facial recognition. 具有隐藏双重目的的深度感知哈希算法:当客户端扫描进行面部识别时。

14 Public Verification for Private Hash Matching. 私有哈希匹配的公共验证。

15 Is Cryptographic Deniability Sufficient? Non-Expert Perceptions of Deniability in Secure Messaging. 密码否认性是否足够?非专家对安全消息传递中否认性的看法。

16 On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive Learning. 通过多模态对比学习的(仇恨)模因演化。

17 Lambretta: Learning to Rank for Twitter Soft Moderation. Lambretta:学习对Twitter软性调节进行排序。

18 SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning. SoK:让隐私游戏开始!机器学习中数据推断隐私的统一处理。

19 Analyzing Leakage of Personally Identifiable Information in Language Models. 分析语言模型中个人识别信息的泄露。

20 Accuracy-Privacy Trade-off in Deep Ensemble: A Membership Inference Perspective. 深度集成中的准确性-隐私权衡:一个成员推断视角。

21 D-DAE: Defense-Penetrating Model Extraction Attacks. D-DAE:穿透防御的模型提取攻击。

22 SNAP: Efficient Extraction of Private Properties withPoisoning. SNAP:通过投毒高效提取私有属性。

23 On the (In)security of Peer-to-Peer Decentralized Machine Learning. 关于点对点去中心化机器学习的(不)安全性。

24 Vectorized Batch Private Information Retrieval. 向量化批量私有信息检索。

25 RoFL: Robustness of Secure Federated Learning. RoFL:安全联邦学习的鲁棒性。

26 Flamingo: Multi-Round Single-Server Secure Aggregation with Applications to Private Federated Learning. Flamingo:多轮单服务器安全聚合及其在私有联邦学习中的应用。

27 SoK: Cryptographic Neural-Network Computation. SoK:加密神经网络计算。

28 FLUTE: Fast and Secure Lookup Table Evaluations. FLUTE:快速安全的查找表评估。

29 Bicoptor: Two-round Secure Three-party Non-linear Computation without Preprocessing for Privacy-preserving Machine Learning. Bicoptor:无需预处理的两轮安全三方非线性计算,用于隐私保护机器学习。

30 Investigating the Password Policy Practices of Website Administrators. 调查网站管理员的密码策略实践。

31 "In Eighty Percent of the Cases, I Select the Password for Them": Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya. "在八成情况下,我为他们选择密码":肯尼亚网吧的安全与隐私挑战、建议和机会。

32 Towards a Rigorous Statistical Analysis of Empirical Password Datasets. 向着实证密码数据集的严格统计分析。

33 Confident Monte Carlo: Rigorous Analysis of Guessing Curves for Probabilistic Password Models. 确信蒙特卡罗:概率密码模型的猜测曲线的严格分析。

34 Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid Distribution. 不是又一个数字ID:保护隐私的人道主义援助分发。

35 Disguising Attacks with Explanation-Aware Backdoors. 用解释感知的后门伪装攻击。

36 AI-Guardian: Defeating Adversarial Attacks using Backdoors. AI-Guardian:使用后门击败对抗性攻击。

37 Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers. 拼图:选择性后门攻击以颠覆恶意软件分类器。

38 BayBFed: Bayesian Backdoor Defense for Federated Learning. BayBFed:联邦学习的贝叶斯后门防御。

39 Redeem Myself: Purifying Backdoors in Deep Learning Models using Self Attention Distillation. 自我救赎:使用自注意力蒸馏净化深度学习模型中的后门。

40 Threshold BBS+ Signatures for Distributed Anonymous Credential Issuance. 分布式匿名凭证发行的阈值BBS+签名。

41 zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure. zk-creds:来自zkSNARKs和现有身份基础设施的灵活匿名凭证。

42 Private Access Control for Function Secret Sharing. 函数秘密分享的私有访问控制。

43 MPCAuth: Multi-factor Authentication for Distributed-trust Systems. MPCAuth:分布式信任系统的多因素认证。

44 Silph: A Framework for Scalable and Accurate Generation of Hybrid MPC Protocols. Silph:一个用于可扩展和准确生成混合MPC协议的框架。

45 SoK: Anti-Facial Recognition Technology. SoK:反面部识别技术。

46 Spoofing Real-world Face Authentication Systems through Optical Synthesis. 通过光学合成欺骗真实世界的面部认证系统。

47 ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes. ImU:具有自然风格变化的面部识别系统的物理模仿攻击。

48 DepthFake: Spoofing 3D Face Authentication with a 2D Photo. DepthFake:使用2D照片欺骗3D面部认证。

49 Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective. 从系统角度理解移动应用中跨侧面部验证系统的(不)安全性。

50 Breaking Security-Critical Voice Authentication. 破坏安全关键的声音认证。

51 SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses. SoK:高效网站指纹防御的关键评估。

52 Fashion Faux Pas: Implicit Stylistic Fingerprints for Bypassing Browsers' Anti-Fingerprinting Defenses. 时尚失误:绕过浏览器反指纹防御的隐式风格指纹。

53 Robust Multi-tab Website Fingerprinting Attacks in the Wild. 野外的稳健多标签网站指纹攻击。

54 Only Pay for What You Leak: Leveraging Sandboxes for a Minimally Invasive Browser Fingerprinting Defense. 只为你泄露的信息付费:利用沙盒进行最小侵入性的浏览器指纹防御。

55 It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses. 是时候(DOM)大打出手了:攻击技术、普遍性和防御。

56 Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability. 扩展JavaScript抽象解释以检测和利用Node.js污点式漏洞。

57 Sound Verification of Security Protocols: From Design to Interoperable Implementations. 安全协议的可靠验证:从设计到互操作实现。

58 Typing High-Speed Cryptography against Spectre v1. 对抗Spectre v1的高速密码输入。

59 Less is more: refinement proofs for probabilistic proofs. 少即是多:概率证明的精炼证明。

60 Owl: Compositional Verification of Security Protocols via an Information-Flow Type System. Owl:通过信息流类型系统对安全协议的组合验证。

61 AUC: Accountable Universal Composability. AUC:有责任的通用组合性。

62 High-Order Masking of Lattice Signatures in Quasilinear Time. 准线性时间的格签名的高阶掩码。

63 Practical Timing Side-Channel Attacks on Memory Compression. 内存压缩的实用时序侧信道攻击。

64 TEEzz: Fuzzing Trusted Applications on COTS Android Devices. TEEzz:在商用Android设备上对可信应用进行模糊测试。

65 Half&Half: Demystifying Intel's Directional Branch Predictors for Fast, Secure Partitioned Execution. Half&Half:揭秘英特尔的方向分支预测器,实现快速、安全的分区执行。

66 Half&Half: Demystifying Intel's Directional Branch Predictors for Fast, Secure Partitioned Execution. Half&Half:揭秘英特尔的方向分支预测器,实现快速、安全的分区执行(重复)。

67 Improving Developers' Understanding of Regex Denial of Service Tools through Anti-Patterns and Fix Strategies. 通过反模式和修复策略提高开发人员对正则表达式拒绝服务工具的理解。

68 Practical Program Modularization with Type-Based Dependence Analysis. 基于类型依赖分析的实用程序模块化。

69 WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches. WarpAttack:通过编译器引入的双重获取绕过CFI。

70 SoK: Certified Robustness for Deep Neural Networks. SoK:深度神经网络的认证鲁棒性。

71 RAB: Provable Robustness Against Backdoor Attacks. RAB:可证明的针对后门攻击的鲁棒性。

72 ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic Masking. ObjectSeeker:通过补丁不可知掩码实现可认证的抵抗补丁隐藏攻击的鲁棒对象检测。

73 PublicCheck: Public Integrity Verification for Services of Run-time Deep Models. PublicCheck:运行时深度模型服务的公共完整性验证。

74 FedRecover: Recovering from Poisoning Attacks in Federated Learning using Historical Information. FedRecover:使用历史信息在联邦学习中从投毒攻击中恢复。

75 On The Empirical Effectiveness of Unrealistic Adversarial Hardening Against Realistic Adversarial Attacks. 关于不切实际的对抗性加固对抗现实对抗性攻击的实证有效性。

76 Rethinking Searchable Symmetric Encryption. 重新思考可搜索的对称加密。

77 Private Collaborative Data Cleaning via Non-Equi PSI. 通过非等价PSI的私密协作数据清理。

78 Private Collaborative Data Cleaning via Non-Equi PSI. 通过非等价PSI的私密协作数据清理。

79 SPHINCS+C: Compressing SPHINCS+ With (Almost) No Cost. SPHINCS+C:(几乎)无成本压缩SPHINCS+。

80 Threshold Signatures in the Multiverse. 多元宇宙中的阈值签名。

81 FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation. FIDO2, CTAP 2.1和WebAuthn 2:可证明的安全性和后量子实例化。

82 Token meets Wallet: Formalizing Privacy and Revocation for FIDO2. 令牌遇见钱包:为FIDO2正式化隐私和撤销。

83 SoK: Taxonomy of Attacks on Open-Source Software Supply Chains. SoK:对开源软件供应链攻击的分类学。

84 It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. 就像用牙线清洁牙齿一样:关于可复制构建在软件供应链安全中的重要性和挑战。

85 "Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain. "总是回馈":关于开源供应链安全挑战的定性研究。

86 Continuous Intrusion: Characterizing the Security of Continuous Integration Services. 持续入侵:描述持续集成服务的安全性。

87 Investigating Package Related Security Threats in Software Registries. 调查软件注册表中与包相关的安全威胁。

88 ShadowNet: A Secure and Efficient On-device Model Inference System for Convolutional Neural Networks. ShadowNet:一个安全高效的卷积神经网络设备上模型推理系统。

89 Deepfake Text Detection: Limitations and Opportunities. 深度伪造文本检测:限制和机会。

90 StyleFool: Fooling Video Classification Systems via Style Transfer. StyleFool:通过风格转换欺骗视频分类系统。

91 GeeSolver: A Generic, Efficient, and Effortless Solver with Self-Supervised Learning for Breaking Text Captchas. GeeSolver:一个通用、高效、轻松的自监督学习求解器,用于破解文本验证码。

92 TrojanModel: A Practical Trojan Attack against Automatic Speech Recognition Systems. TrojanModel:针对自动语音识别系统的实用特洛伊攻击。

93 REGA: Scalable Rowhammer Mitigation with Refresh-Generating Activations. REGA:通过刷新生成激活的可扩展Rowhammer缓解。

94 CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer. CSI:Rowhammer - 针对Rowhammer的加密安全性和完整性。

95 Jolt: Recovering TLS Signing Keys via Rowhammer Faults. Jolt:通过Rowhammer故障恢复TLS签名密钥。

96 Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testing. 与幽灵捉迷藏:通过随机测试高效发现推测性信息泄露。

97 Spectre Declassified: Reading from the Right Place at the Wrong Time. Spectre解密:在错误的时间从正确的地方读取。

98 Volttack: Control IoT Devices by Manipulating Power Supply Voltage. Volttack:通过操纵电源电压控制物联网设备。

99 Inducing Wireless Chargers to Voice Out for Inaudible Command Attacks. 诱使无线充电器为听不见的命令攻击发声。

100 mmSpoof: Resilient Spoofing of Automotive Millimeter-wave Radars using Reflect Array. mmSpoof:使用反射阵列对汽车毫米波雷达的弹性欺骗。

101 PLA-LiDAR: Physical Laser Attacks against LiDAR-based 3D Object Detection in Autonomous Vehicle. PLA-LiDAR:针对自动驾驶车辆中基于LiDAR的3D物体检测的物理激光攻击。

102 mmEcho: A mmWave-based Acoustic Eavesdropping Method. mmEcho:一种基于毫米波的声学窃听方法。

103 Side Eye: Characterizing the Limits of POV Acoustic Eavesdropping from Smartphone Cameras with Rolling Shutters and Movable Lenses. Side Eye:描述了具有滚动快门和可移动镜头的智能手机摄像头POV声学窃听的限制。

104 3DFed: Adaptive and Extensible Framework for Covert Backdoor Attack in Federated Learning. 3DFed:用于联邦学习中隐蔽后门攻击的自适应和可扩展框架。

105 Scalable and Privacy-Preserving Federated Principal Component Analysis. 可扩展和隐私保护的联邦主成分分析。

106 Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential Privacy. 私密、高效、准确:使用差分隐私保护由多方学习训练的模型。

107 Spectral-DP: Differentially Private Deep Learning through Spectral Perturbation and Filtering. Spectral-DP:通过光谱扰动和过滤实现的差分隐私深度学习。

108 ELSA: Secure Aggregation for Federated Learning with Malicious Actors. ELSA:面对恶意行为者的联邦学习安全聚合。

109 No One Drinks From the Firehose: How Organizations Filter and Prioritize Vulnerability Information. 没有人从消防栓饮水:组织如何过滤和优先考虑漏洞信息。

110 Vulnerability Discovery for All: Experiences of Marginalization in Vulnerability Discovery. 面向所有人的漏洞发现:在漏洞发现中的边缘化经历。

111 "We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startups. "我们是一家彻底的创业公司":关于土耳其软件初创公司安全与隐私开发实践的质性访谈研究。

112 "How technical do you get? I'm an English teacher": Teaching and Learning Cybersecurity and AI Ethics in High School. "你的技术水平如何?我是一名英语老师":在高中教授和学习网络安全和AI伦理。

113 Skilled or Gullible? Gender Stereotypes Related to Computer Security and Privacy. 熟练还是易受骗?与计算机安全和隐私相关的性别刻板印象。

114 Everybody's Got ML, Tell Me What Else You Have: Practitioners' Perception of ML-Based Security Tools and Explanations. 每个人都在用机器学习,请告诉我你还有什么:从业者对基于ML的安全工具及其解释的看法。

115 Precise Detection of Kernel Data Races with Probabilistic Lockset Analysis. 使用概率锁集分析精确检测内核数据竞争。

116 SegFuzz: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing. SegFuzz:通过模糊测试对线程交织进行分段,以发现内核并发错误。

117 AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities. AEM:促进Linux内核漏洞跨版本可利用性评估。

118 AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities. AEM:促进Linux内核漏洞跨版本可利用性评估(重复)。

119 When Top-down Meets Bottom-up: Detecting and Exploiting Use-After-Cleanup Bugs in Linux Kernel. 自上而下遇见自下而上:检测和利用Linux内核中的使用后清理错误。

120 RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing. RSFuzzer:使用混合模糊测试在UEFI固件中发现深层SMI处理程序漏洞。

121 A Theory to Instruct Differentially-Private Learning via Clipping Bias Reduction. 通过削减偏差减少指导差分隐私学习的理论。

122 Continual Observation under User-level Differential Privacy. 用户级差分隐私下的持续观察。

123 Locally Differentially Private Frequency Estimation Based on Convolution Framework. 基于卷积框架的局部差分隐私频率估计。

124 Telepath: A Minecraft-based Covert Communication System. Telepath:基于Minecraft的隐秘通信系统。

125 Discop: Provably Secure Steganography in Practice Based on "Distribution Copies". Discop:基于"分布拷贝"的可证明安全的实用隐写术。

126 SQUIP: Exploiting the Scheduler Queue Contention Side Channel. SQUIP:利用调度队列争用侧信道。

127 Scatter and Split Securely: Defeating Cache Contention and Occupancy Attacks. 安全分散和分割:击败缓存争用和占用攻击。

128 DevIOus: Device-Driven Side-Channel Attacks on the IOMMU. DevIOus:针对IOMMU的设备驱动侧信道攻击。

129 DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data. DVFS频繁泄露秘密:超越SIKE、密码学和仅CPU数据的Hertzbleed攻击。

130 A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs. 安全RISC:对硬件RISC-V CPU的微架构攻击。

131 Examining Zero-Shot Vulnerability Repair with Large Language Models. 用大型语言模型检测零次射击漏洞修复。

132 Examining Zero-Shot Vulnerability Repair with Large Language Models. 用大型语言模型检测零次射击漏洞修复(重复)。

133 Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive Learning. Callee:通过迁移和对比学习恢复二进制文件的调用图。

134 XFL: Naming Functions in Binaries with Extreme Multi-label Learning. XFL:使用极端多标签学习为二进制文件中的函数命名。

135 D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling. D-ARM:通过轻量级超集指令解释和图建模拆解ARM二进制文件。

136 GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics. GraphSPD:基于图的安全补丁检测,具有丰富的代码语义。

137 Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation. 通过原理性的漏洞建模和利用生成进行有效的ReDoS检测。

138 SoK: Decentralized Finance (DeFi) Attacks. SoK:去中心化金融(DeFi)攻击。

139 BlindHub: Bitcoin-Compatible Privacy-Preserving Payment Channel Hubs Supporting Variable Amounts. BlindHub:支持可变金额的比特币兼容的隐私保护支付通道中心。

140 Optimistic Fast Confirmation While Tolerating Malicious Majority in Blockchains. 在区块链中容忍恶意多数情况下的乐观快速确认。

141 Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts. Clockwork Finance:智能合约中经济安全的自动化分析。

142 Tyr: Finding Consensus Failure Bugs in Blockchain System with Behaviour Divergent Model. Tyr:使用行为分歧模型在区块链系统中找到共识失败的错误。

143 Leaking Arbitrarily Many Secrets: Any-out-of-Many Proofs and Applications to RingCT Protocols. 泄露任意多个秘密:任意多证明及其在RingCT协议中的应用。

144 Could you clean up the Internet with a Pit of Tar? Investigating tarpit feasibility on Internet worms. 你能用一个沥青坑清理互联网吗?调查互联网蠕虫的沥青坑可行性。

145 Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale. 超越网络钓鱼:大规模检测欺诈性电子商务网站。

146 Limits of I/O Based Ransomware Detection: An Imitation Based Attack. 基于I/O的勒索软件检测的限制:一种基于模仿的攻击。

147 From Grim Reality to Practical Solution: Malware Classification in Real-World Noise. 从严峻现实到实际解决方案:在真实世界噪音中的恶意软件分类。

148 SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions. SoK:历史是一个广阔的早期警告系统:审计系统入侵的来源。

149 Collaborative Ad Transparency: Promises and Limitations. 协作广告透明度:承诺与限制。

150 Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities. 向你的巫师抛出一个错误:应用灰盒覆盖引导的突变模糊测试来检测SQL和命令注入漏洞。

151 UTopia: Automatic Generation of Fuzz Driver using Unit Tests. UTopia:使用单元测试自动生成模糊测试驱动程序。

152 SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration. SelectFuzz:高效的有向模糊测试,具有选择性路径探索。

153 Finding Specification Blind Spots via Fuzz Testing. 通过模糊测试找到规范盲点。

154 ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing. ODDFuzz:通过结构感知的有向灰盒模糊测试发现Java反序列化漏洞。

155 The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web. 泄露的网络:自动发现浏览器和网络中的跨站点信息泄露。

156 WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms. WebSpec:朝向机器检查的浏览器安全机制分析。

157 Detection of Inconsistencies in Privacy Practices of Browser Extensions. 浏览器扩展隐私实践中不一致性的检测。

158 TeSec: Accurate Server-side Attack Investigation for Web Applications. TeSec:Web应用的精确服务器端攻击调查。

159 RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks. RuleKeeper:适用于Web框架的GDPR意识个人数据合规。

160 Characterizing Everyday Misuse of Smart Home Devices. 描述智能家居设备的日常误用。

161 "It's up to the Consumer to be Smart": Understanding the Security and Privacy Attitudes of Smart Home Users on Reddit. "聪明与否取决于消费者":理解Reddit上智能家居用户的安全与隐私态度。

162 User Perceptions and Experiences with Smart Home Updates. 用户对智能家居更新的感知和经验。

163 Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments. 为视觉障碍人士设计和评估包容性电子邮件安全指示器。

164 When and Why Do People Want Ad Targeting Explanations? Evidence from a Four-Week, Mixed-Methods Field Study. 人们何时以及为什么想要广告定向解释?来自四周混合方法实地研究的证据。

165 SecureCells: A Secure Compartmentalized Architecture. SecureCells:一个安全的分区架构。

166 WaVe: a verifiably secure WebAssembly sandboxing runtime. WaVe:一个可验证安全的WebAssembly沙箱运行时。

167 μSwitch: Fast Kernel Context Isolation with Implicit Context Switches. μSwitch:通过隐式上下文切换实现快速内核上下文隔离。

168 Control Flow and Pointer Integrity Enforcement in a Secure Tagged Architecture. 在安全标记架构中执行控制流和指针完整性强制。

169 EC: Embedded Systems Compartmentalization via Intra-Kernel Isolation. EC:通过内核内隔离实现嵌入式系统的分区。

170 Low-Cost Privilege Separation with Compile Time Compartmentalization for Embedded Systems. 嵌入式系统的低成本特权分离与编译时分区。

171 One Key to Rule Them All: Secure Group Pairing for Heterogeneous IoT Devices. 一键掌控一切:异构物联网设备的安全群组配对。

172 Optimistic Access Control for the Smart Home. 智能家居的乐观访问控制。

173 Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards. 受保护还是多孔:IoT保护措施威胁检测能力的比较分析。

174 LazyTAP: On-Demand Data Minimization for Trigger-Action Applications. LazyTAP:触发-动作应用的按需数据最小化。

175 Blue's Clues: Practical Discovery of Non-Discoverable Bluetooth Devices. 蓝色线索:非可发现蓝牙设备的实践发现。

176 DeHiREC: Detecting Hidden Voice Recorders via ADC Electromagnetic Radiation. DeHiREC:通过ADC电磁辐射检测隐藏的语音录音机。

177 IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation. IPvSeeYou:利用IPv6中泄露的标识符进行街道级地理定位。

178 From 5G Sniffing to Harvesting Leakages of Privacy-Preserving Messengers. 从5G嗅探到收集保护隐私的通讯应用的泄露信息。

179 Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects. 没有恶意AP的中间人攻击:当WPA遇到ICMP重定向。

180 Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable Switches. Mew:在可编程交换机上启用大规模和动态的链接泛洪防御。

181 PCSPOOF: Compromising the Safety of Time-Triggered Ethernet. PCSPOOF:危及时钟触发以太网的安全。

182 BLEDiff: Scalable and Property-Agnostic Noncompliance Checking for BLE Implementations. BLEDiff:可扩展且属性不可知的BLE实现的不合规检查。

183 ViDeZZo: Dependency-aware Virtual Device Fuzzing. ViDeZZo:依赖感知的虚拟设备模糊测试。

184 DevFuzz: Automatic Device Model-Guided Device Driver Fuzzing. DevFuzz:自动设备模型引导的设备驱动程序模糊测试。

185 SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers. SyzDescribe:原理性的、自动的、静态的为内核驱动程序生成系统调用描述。

186 QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries. QueryX:对反编译代码的符号查询,用于在商品级二进制文件中查找漏洞。

187 Pyfet: Forensically Equivalent Transformation for Python Binary Decompilation. Pyfet:用于Python二进制反编译的法医等效转换。

188 Adaptive Risk-Limiting Comparison Audits. 自适应风险限制比较审计。

189 Blue Is the New Black (Market): Privacy Leaks and Re-Victimization from Police-Auctioned Cellphones. 蓝色是新的黑市:警察拍卖手机的隐私泄露和二次受害。

190 No Privacy in the Electronics Repair Industry. 电子维修行业中没有隐私。

191 How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices. 物联网的再利用如何威胁您的敏感数据:探索二手物联网设备中的用户数据处理。

192 Privacy Leakage via Unrestricted Motion-Position Sensors in the Age of Virtual Reality: A Study of Snooping Typed Input on Virtual Keyboards. 在虚拟现实时代通过不受限的运动-位置传感器泄露隐私:一项关于在虚拟键盘上偷窥键入输入的研究。

193 Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels. 通过无接触无线充电侧信道揭示智能手机上的用户互动。

194 MagBackdoor: Beware of Your Loudspeaker as A Backdoor For Magnetic Injection Attacks. MagBackdoor:警惕你的扬声器成为磁注入攻击的后门。

195 Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing. 私人侦探:通过视频会议中眼镜反射进行文本屏幕窥视的限制。

196 Low-effort VR Headset User Authentication Using Head-reverberated Sounds with Replay Resistance. 使用具有重放抵抗的头部回声声音的低努力VR头戴式用户认证。

197 Perceptions of Distributed Ledger Technology Key Management - An Interview Study with Finance Professionals. 分布式账本技术关键管理的认知 - 与金融专业人士的访谈研究。

相关推荐
小菜日记^_^1 个月前
BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense(论文阅读)
论文阅读·人工智能·深度学习·sp·ai安全·backdoor 后门攻击·安全四大
机器学习之心2 个月前
数据转换 | Matlab基于SP符号递归图(Symbolic recurrence plots)一维数据转二维图像方法
sp·一维数据转二维图像·符号递归图
追梦的鱼儿3 个月前
Android之SharedPreferences(SP)
android·数据存储·sp
此星光明8 个月前
GEE数据集——汉森全球森林变化数据集Hansen Global Forest Change v1.11 (2000-2023)
云计算·数据集·gee·2023·森林·全球·损失
岁月标记9 个月前
ACSAC 2023
2023·acsac
岁月标记9 个月前
CCS 2023
2023·ccs
ladymorgana9 个月前
JetBrains全家桶激活,分享 CLion 2024 激活的方案
jetbrains·2023·clion·2024·激活方法·3.2·3.4
ladymorgana9 个月前
2024 PhpStorm激活,分享几个PhpStorm激活的方案
phpstorm·2023·2024·激活方法·3.2·3.4
ladymorgana9 个月前
2024 RubyMine 激活,分享几个RubyMine 激活的方案
2023·rubymine·2024·激活方法·3.2·3.4