Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023. ACM 2023
1 ASMesh: Anonymous and Secure Messaging in Mesh Networks Using Stronger, Anonymous Double Ratchet. ASMesh:使用更强大的匿名双向棘轮在网状网络中进行匿名和安全的消息传递。
2 Lattice-Based Blind Signatures: Short, Efficient, and Round-Optimal. 基于格的盲签名:简短、高效且轮次最优。
3 Aggregate Signatures with Versatile Randomization and Issuer-Hiding Multi-Authority Anonymous Credentials. 聚合签名与多功能随机化和隐藏发行人的多权威匿名凭证。
4 Concurrent Security of Anonymous Credentials Light, Revisited. 重新审视匿名凭证轻的并发安全性。
5 Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance. 解码恶意软件分类中机器学习的秘密:深入研究数据集、特征提取和模型性能。
6 Privacy Leakage via Speech-induced Vibrations on Room Objects through Remote Sensing based on Phased-MIMO. 基于相控MIMO的远程传感通过房间物体上的语音诱导振动泄露隐私。
7 Efficient Query-Based Attack against ML-Based Android Malware Detection under Zero Knowledge Setting. 在零知识设置下对基于ML的Android恶意软件检测的高效查询攻击。
8 Your Battery Is a Blast! Safeguarding Against Counterfeit Batteries with Authentication. 你的电池是爆炸性的!通过认证防范伪造电池。
9 TxPhishScope: Towards Detecting and Understanding Transaction-based Phishing on Ethereum. TxPhishScope:朝着检测和理解基于以太坊的交易型钓鱼攻击迈进。
10 Uncle Maker: (Time)Stamping Out The Competition in Ethereum. Uncle Maker:在以太坊中淘汰竞争对手(时间戳)。
11 How Hard is Takeover in DPoS Blockchains? Understanding the Security of Coin-based Voting Governance. DPoS区块链的接管有多难?理解基于币的投票治理的安全性。
12 Demystifying DeFi MEV Activities in Flashbots Bundle. 揭秘Flashbots包中的DeFi MEV活动。
13 Marketing to Children Through Online Targeted Advertising: Targeting Mechanisms and Legal Aspects. 通过在线定向广告向儿童营销:定位机制和法律方面。
14 Pakistani Teens and Privacy - How Gender Disparities, Religion and Family Values Impact the Privacy Design Space. 巴基斯坦青少年和隐私 - 性别差异、宗教和家庭价值观如何影响隐私设计空间。
15 Comprehension from Chaos: Towards Informed Consent for Private Computation. 从混乱中理解:朝着私有计算的知情同意迈进。
16 Privacy in the Age of Neurotechnology: Investigating Public Attitudes towards Brain Data Collection and Use. 神经技术时代的隐私:调查公众对脑数据收集和使用的态度。
17 Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping. 无需黑客攻击的密码窃取:Wi-Fi启用的实用按键监听。
18 Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel. 通过电磁侧信道从屏内指纹传感器中恢复指纹。
19 Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations. 光学密码分析:从电源LED灯波动中恢复加密密钥。
20 The Danger of Minimum Exposures: Understanding Cross-App Information Leaks on iOS through Multi-Side-Channel Learning. 最小曝光的危险:通过多侧信道学习理解iOS上的跨应用信息泄露。
21 Silence is not Golden:Disrupting the Load Balancing of Authoritative DNS Servers. 沉默非金:干扰权威DNS服务器的负载均衡。
22 TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers. TsuKing:将DNS解析器和查询协调成强大的DoS放大器。
23 Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. 黑暗之下:对野外秘密挖矿池(滥)用的系统研究。
24 Travelling the Hypervisor and SSD: A Tag-Based Approach Against Crypto Ransomware with Fine-Grained Data Recovery. 遍历超级管理程序和SSD:一种基于标签的对抗加密勒索软件的方法,具有细粒度数据恢复。
25 Threshold Signatures from Inner Product Argument: Succinct, Weighted, and Multi-threshold. 内积论证的阈值签名:简洁、加权和多阈值。
26 Post Quantum Fuzzy Stealth Signatures and Applications. 后量子模糊隐形签名及其应用。
27 Chipmunk: Better Synchronized Multi-Signatures from Lattices. Chipmunk:来自格的更好同步多签名。
28 AIM: Symmetric Primitive for Shorter Signatures with Stronger Security. AIM:对称原语,用于更短的签名和更强的安全性。
29 FINER: Enhancing State-of-the-art Classifiers with Feature Attribution to Facilitate Security Analysis. FINER:通过特征归因增强最先进的分类器以促进安全分析。
30 Good-looking but Lacking Faithfulness: Understanding Local Explanation Methods through Trend-based Testing. 看起来不错但缺乏忠实度:通过基于趋势的测试理解本地解释方法。
31 FaceReader: Unobtrusively Mining Vital Signs and Vital Sign Embedded Sensitive Info via AR/VR Motion Sensors. FaceReader:通过AR/VR运动传感器无侵入式挖掘生命体征和嵌入式敏感信息。
32 AntiFake: Using Adversarial Audio to Prevent Unauthorized Speech Synthesis. AntiFake:使用对抗性音频防止未授权的语音合成。
33 Themis: Fast, Strong Order-Fairness in Byzantine Consensus. Themis:在拜占庭共识中实现快速、强大的顺序公平。
34 Towards Practical Sleepy BFT. 朝向实用的睡眠BFT。
35 ParBFT: Faster Asynchronous BFT Consensus with a Parallel Optimistic Path. ParBFT:具有并行乐观路径的更快异步BFT共识。
36 Abraxas: Throughput-Efficient Hybrid Asynchronous Consensus. Abraxas:吞吐量高效的混合异步共识。
37 Ou: Automating the Parallelization of Zero-Knowledge Protocols. Ou:自动并行化零知识协议。
38 Black Ostrich: Web Application Scanning with String Solvers. Black Ostrich:使用字符串求解器的Web应用扫描。
39 Comparse: Provably Secure Formats for Cryptographic Protocols. Comparse:可证明安全的密码协议格式。
40 Exploration of Power Side-Channel Vulnerabilities in Quantum Computer Controllers. 探索量子计算机控制器中功率侧信道漏洞。
41 Securing NISQ Quantum Computer Reset Operations Against Higher Energy State Attacks. 保护NISQ量子计算机重置操作免受高能态攻击。
42 Watch This Space: Securing Satellite Communication through Resilient Transmitter Fingerprinting. 注意这个空间:通过弹性发射机指纹识别保护卫星通信。
43 Protecting HRP UWB Ranging System Against Distance Reduction Attacks. 保护HRP UWB测距系统免受距离缩减攻击。
44 BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses. BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses. BLUFFS:蓝牙前向和未来保密性攻击及其防御。
45 When Free Tier Becomes Free to Enter: A Non-Intrusive Way to Identify Security Cameras with no Cloud Subscription. 当免费层变得免费进入时:一种非侵入式识别无需云订阅的安全摄像头的方法。
46 Formal Analysis of Access Control Mechanism of 5G Core Network. 5G核心网络访问控制机制的形式分析。
47 IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis. IoTFlow:通过静态移动配套应用分析大规模推断IoT设备行为。
48 Homomorphic Multiple Precision Multiplication for CKKS and Reduced Modulus Consumption. CKKS和减少模数消耗的同态多精度乘法。
49 PELTA - Shielding Multiparty-FHE against Malicious Adversaries. PELTA - 对抗恶意对手的多方全同态加密(FHE)防护。
50 Asymptotically Faster Multi-Key Homomorphic Encryption from Homomorphic Gadget Decomposition. 来自同态小工具分解的渐进式更快多密钥同态加密。
51 FPT: A Fixed-Point Accelerator for Torus Fully Homomorphic Encryption. FPT:环面全同态加密的定点加速器。
52 Stolen Risks of Models with Security Properties. 具有安全属性的模型的被盗风险。
53 Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information. Narcissus:一种实用的干净标签后门攻击,信息有限。
54 Stateful Defenses for Machine Learning Models Are Not Yet Secure Against Black-box Attacks. 针对机器学习模型的有状态防御尚未能抵御黑盒攻击。
55 Attack Some while Protecting Others: Selective Attack Strategies for Attacking and Protecting Multiple Concepts. 攻击某些同时保护其他:攻击和保护多个概念的选择性攻击策略。
56 FIN: Practical Signature-Free Asynchronous Common Subset in Constant Time. FIN:常数时间内的实用无签名异步公共子集。
57 Analyzing the Real-World Security of the Algorand Blockchain. 分析Algorand区块链的现实世界安全性。
58 Fait Accompli Committee Selection: Improving the Size-Security Tradeoff of Stake-Based Committees. Fait Accompli委员会选择:改善基于股份的委员会的规模-安全权衡。
59 LedgerLocks: A Security Framework for Blockchain Protocols Based on Adaptor Signatures. LedgerLocks:基于适配器签名的区块链协议安全框架。
60 Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures. Capacity:用于现代ARM架构的加密强制的进程内能力。
61 Cryptographically Enforced Memory Safety. 加密强制的内存安全。
62 Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM Applications. 整理你的内存:WASM应用的高效域基内存隔离。
63 PANIC: PAN-assisted Intra-process Memory Isolation on ARM. PANIC:ARM上的PAN辅助进程内存隔离。
64 Security Verification of Low-Trust Architectures. 低信任架构的安全验证。
65 TunneLs for Bootlegging: Fully Reverse-Engineering GPU TLBs for Challenging Isolation Guarantees of NVIDIA MIG. TunneLs for Bootlegging:完全逆向工程GPU TLBs,挑战NVIDIA MIG的隔离保证。
66 FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers. FetchBench:系统识别和表征专有预取器。
67 Combined Private Circuits - Combined Security Refurbished. 组合私有电路 - 组合安全翻新。
68 Point Cloud Analysis for ML-Based Malicious Traffic Detection: Reducing Majorities of False Positive Alarms. 基于ML的恶意流量检测的点云分析:减少大多数误报警报。
69 Learning from Limited Heterogeneous Training Data: Meta-Learning for Unsupervised Zero-Day Web Attack Detection across Web Domains. 从有限的异构训练数据学习:跨Web域的无监督零日Web攻击检测的元学习。
70 Realistic Website Fingerprinting By Augmenting Network Traces. 通过增强网络追踪进行现实网站指纹识别。
71 Transformer-based Model for Multi-tab Website Fingerprinting Attack. 基于变压器模型的多标签网站指纹识别攻击。
72 Efficient Registration-Based Encryption. 高效的基于注册的加密。
73 Efficient Set Membership Encryption and Applications. 高效的集合成员加密及其应用。
74 Realizing Flexible Broadcast Encryption: How to Broadcast to a Public-Key Directory. 实现灵活的广播加密:如何向公钥目录广播。
75 Post-Quantum Multi-Recipient Public Key Encryption. 后量子多接收者公钥加密。
76 Prediction Privacy in Distributed Multi-Exit Neural Networks: Vulnerabilities and Solutions. 分布式多出口神经网络中的预测隐私:漏洞与解决方案。
77 Unforgeability in Stochastic Gradient Descent. 随机梯度下降中的不可伪造性。
78 Devil in Disguise: Breaching Graph Neural Networks Privacy through Infiltration. 伪装中的魔鬼:通过渗透侵犯图神经网络隐私。
79 Evading Watermark based Detection of AI-Generated Content. 规避基于水印的AI生成内容检测。
80 Phoenix: Detect and Locate Resilience Issues in Blockchain via Context-Sensitive Chaos. Phoenix:通过上下文敏感的混沌检测和定位区块链中的韧性问题。
81 Fuzz on the Beach: Fuzzing Solana Smart Contracts. 海滩上的Fuzz:Fuzzing Solana智能合约。
82 Lanturn: Measuring Economic Security of Smart Contracts Through Adaptive Learning. Lanturn:通过自适应学习测量智能合约的经济安全性。
83 Riggs: Decentralized Sealed-Bid Auctions. Riggs:去中心化的密封投标拍卖。
84 DSFuzz: Detecting Deep State Bugs with Dependent State Exploration. DSFuzz:通过依赖状态探索检测深层状态漏洞。
85 Profile-guided System Optimizations for Accelerated Greybox Fuzzing. 面向配置文件的系统优化以加速灰盒Fuzzing。
86 NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic. NestFuzz:通过全面理解输入处理逻辑增强Fuzzing。
87 Lifting Network Protocol Implementation to Precise Format Specification with Security Applications. 将网络协议实现提升到具有安全应用的精确格式规范。
88 MicPro: Microphone-based Voice Privacy Protection. MicPro:基于麦克风的语音隐私保护。
89 TileMask: A Passive-Reflection-based Attack against mmWave Radar Object Detection in Autonomous Driving. TileMask:一种基于被动反射的攻击,针对自动驾驶中的毫米波雷达物体检测。
90 SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems. SHERLOC:嵌入式系统上的安全和全面控制流违规检测。
91 Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence. Caveat (IoT) Emptor:朝向IoT设备存在的透明度。
92 CryptoBap: A Binary Analysis Platform for Cryptographic Protocols. CryptoBap:用于密码协议的二进制分析平台。
93 A Generic Methodology for the Modular Verification of Security Protocol Implementations. 安全协议实现的模块化验证的通用方法论。
94 Provably Unlinkable Smart Card-based Payments. 可证明不可关联的智能卡支付。
95 CheckMate: Automated Game-Theoretic Security Reasoning. CheckMate:自动化博弈论安全推理。
96 Recursion over Public-Coin Interactive Proof Systems; Faster Hash Verification. 公共硬币交互式证明系统上的递归;更快的哈希验证。
97 Modular Sumcheck Proofs with Applications to Machine Learning and Image Processing. 带有机器学习和图像处理应用的模块化求和检验证明。
98 Batchman and Robin: Batched and Non-batched Branching for Interactive ZK. Batchman and Robin:交互式零知识的批处理和非批处理分支。
99 Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions. 基于格假设的可验证混合网和投票的分布式解密。
100 Turning Privacy-preserving Mechanisms against Federated Learning. 将隐私保护机制用于联邦学习。
101 SmartFL: Enabling Utility-Driven Data Marketplace with a Robust and Verifiable Federated Learning Architecture. SmartFL:通过稳健且可验证的联邦学习架构启用以效用为驱动的数据市场。
102 Unraveling the Connections between Privacy and Certified Robustness in Federated Learning Against Poisoning Attacks. 揭示联邦学习中隐私与认证鲁棒性之间的联系,以防御投毒攻击。
103 MESAS: Poisoning Defense for Federated Learning Resilient against Adaptive Attackers. MESAS:针对适应性攻击者的联邦学习投毒防御。
104 Accio: Variable-Amount, Optimized-Unlinkable and NIZK-Free Off-Chain Payments via Hubs. Accio:通过中心的变量金额、优化的不可关联和无需零知识证明的链下支付。
105 CryptoConcurrency: (Almost) Consensusless Asset Transfer with Shared Accounts. CryptoConcurrency:带有共享账户的(几乎)无需共识的资产转移。
106 TrustBoost: Boosting Trust among Interoperable Blockchains. TrustBoost:增强可互操作区块链之间的信任。
107 Interchain Timestamping for Mesh Security. 网状安全的链间时间戳。
108 Hopper: Interpretative Fuzzing for Libraries. Hopper:库的解释性Fuzzing。
109 Greybox Fuzzing of Distributed Systems. 分布式系统的灰盒Fuzzing。
110 SyzDirect: Directed Greybox Fuzzing for Linux Kernel. SyzDirect:针对Linux内核的有向灰盒Fuzzing。
111 PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing. PyRTFuzz:通过两级协作Fuzzing检测Python运行时中的漏洞。
112 FITS: Matching Camera Fingerprints Subject to Software Noise Pollution. FITS:匹配受软件噪声污染影响的相机指纹。
113 LeakyOhm: Secret Bits Extraction using Impedance Analysis. LeakyOhm:使用阻抗分析提取秘密位。
114 A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries. 加密库中侧信道漏洞检测自动化工具的系统评估。
115 A Thorough Evaluation of RAMBAM. RAMBAM的彻底评估。
116 A Novel Analysis of Utility in Privacy Pipelines, Using Kronecker Products and Quantitative Information Flow. 使用克罗内克积和定量信息流对隐私管道中的效用进行新颖分析。
117 Tainted Secure Multi-Execution to Restrict Attacker Influence. 污染的安全多执行以限制攻击者影响。
118 Assume but Verify: Deductive Verification of Leaked Information in Concurrent Applications. 假设但验证:并发应用中泄露信息的演绎验证。
119 Deciding Differential Privacy of Online Algorithms with Multiple Variables. 决定具有多个变量的在线算法的差分隐私。
120 FlexiRand: Output Private (Distributed) VRFs and Application to Blockchains. FlexiRand:输出私有(分布式)可验证随机函数及其在区块链上的应用。
121 Adaptively Secure (Aggregatable) PVSS and Application to Distributed Randomness Beacons. 自适应安全(可聚合)公开可验证的秘密共享及其在分布式随机信标上的应用。
122 Short Privacy-Preserving Proofs of Liabilities. 短的隐私保护债务证明。
123 The Locality of Memory Checking. 内存检查的局部性。
124 Stealing the Decoding Algorithms of Language Models. 窃取语言模型的解码算法。
125 Verifiable Learning for Robust Tree Ensembles. 可验证学习以提高树集成的鲁棒性。
126 Large Language Models for Code: Security Hardening and Adversarial Testing. 用于代码的大型语言模型:安全加固和对抗性测试。
127 Experimenting with Zero-Knowledge Proofs of Training. 实验训练的零知识证明。
128 Group and Attack: Auditing Differential Privacy. 分组和攻击:审计差分隐私。
129 Interactive Proofs For Differentially Private Counting. 用于差分隐私计数的交互式证明。
130 Concentrated Geo-Privacy. 集中的地理隐私。
131 Concurrent Composition for Interactive Differential Privacy with Adaptive Privacy-Loss Parameters. 具有自适应隐私损失参数的交互式差分隐私的并发组合。
132 SysXCHG: Refining Privilege with Adaptive System Call Filters. SysXCHG:使用自适应系统调用过滤器细化权限。
133 SysPart: Automated Temporal System Call Filtering for Binaries. SysPart:二进制文件的自动化时间系统调用过滤。
134 Hacksaw: Hardware-Centric Kernel Debloating via Device Inventory and Dependency Analysis. Hacksaw:通过设备清单和依赖分析进行以硬件为中心的内核瘦身。
135 KRover: A Symbolic Execution Engine for Dynamic Kernel Analysis. KRover:用于动态内核分析的符号执行引擎。
136 Gotcha! I Know What You Are Doing on the FPGA Cloud: Fingerprinting Co-Located Cloud FPGA Accelerators via Measuring Communication Links. Gotcha! 我知道你在FPGA云上做什么:通过测量通信链接对位于同一位置的云FPGA加速器进行指纹识别。
137 iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices. iLeakage:基于浏览器的无定时器推测执行攻击,针对苹果设备。
138 Declassiflow: A Static Analysis for Modeling Non-Speculative Knowledge to Relax Speculative Execution Security Measures. Declassiflow:用于建模非推测性知识的静态分析,以放松推测执行安全措施。
139 SpecVerilog: Adapting Information Flow Control for Secure Speculation. SpecVerilog:适配信息流控制以实现安全推测。
140 Formalizing, Verifying and Applying ISA Security Guarantees as Universal Contracts. 将ISA安全保证形式化、验证并作为通用合同应用。
141 Boosting the Performance of High-Assurance Cryptography: Parallel Execution and Optimizing Memory Access in Formally-Verified Line-Point Zero-Knowledge. 提升高保证加密性能:在形式验证的线点零知识中并行执行和优化内存访问。
142 Galápagos: Developing Verified Low Level Cryptography on Heterogeneous Hardwares. 加拉帕戈斯:在异构硬件上开发经过验证的低级加密技术。
143 Specification and Verification of Side-channel Security for Open-source Processors via Leakage Contracts. 通过泄露合同为开源处理器规范和验证侧信道安全。
144 Grotto: Screaming fast (2+1)-PC or ℤ2n via (2, 2)-DPFs. Grotto:通过(2, 2)-DPFs实现极快的(2+1)-PC或ℤ2n。
145 Scalable Multiparty Garbling. 可扩展的多方混淆。
146 Linear Communication in Malicious Majority MPC. 在恶意多数MPC中的线性通信。
147 Efficient Multiparty Probabilistic Threshold Private Set Intersection. 高效的多方概率阈值私有集合交集。
148 Vulnerability Intelligence Alignment via Masked Graph Attention Networks. 通过掩码图注意力网络的漏洞情报对齐。
149 In Search of netUnicorn: A Data-Collection Platform to Develop Generalizable ML Models for Network Security Problems. 寻找netUnicorn:一个数据收集平台,用于开发可泛化的ML模型以解决网络安全问题。
150 MDTD: A Multi-Domain Trojan Detector for Deep Neural Networks. MDTD:深度神经网络的多域特洛伊检测器。
151 ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search. ProvG-Searcher:一种高效的溯源图搜索的图表示学习方法。
152 Securely Sampling Discrete Gaussian Noise for Multi-Party Differential Privacy. 为多方差分隐私安全采样离散高斯噪声。
153 Detecting Violations of Differential Privacy for Quantum Algorithms. 检测量子算法的差分隐私违规。
154 Amplification by Shuffling without Shuffling. 无需混洗即可通过混洗放大。
155 HELiKs: HE Linear Algebra Kernels for Secure Inference. HELiKs:用于安全推理的同态加密线性代数内核。
156 SkillScanner: Detecting Policy-Violating Voice Applications Through Static Analysis at the Development Phase. SkillScanner:在开发阶段通过静态分析检测违反政策的语音应用程序。
157 Protecting Intellectual Property of Large Language Model-Based Code Generation APIs via Watermarks. 通过水印保护基于大型语言模型的代码生成API的知识产权。
158 Simplifying Mixed Boolean-Arithmetic Obfuscation by Program Synthesis and Term Rewriting. 通过程序合成和项重写简化混合布尔-算术混淆。
159 Enhancing OSS Patch Backporting with Semantics. 通过语义增强OSS补丁回溯。
160 Evaluating the Security Posture of Real-World FIDO2 Deployments. 评估现实世界中FIDO2部署的安全状况。
161 Are we there yet? An Industrial Viewpoint on Provenance-based Endpoint Detection and Response Tools. 我们到了吗?基于溯源的端点检测和响应工具的工业视角。
162 Don't Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs. 不要泄露你的密钥:理解、测量和利用小程序中的AppSecret泄露。
163 The Effectiveness of Security Interventions on GitHub. GitHub上安全干预的有效性。
164 CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation. CoCo:通过覆盖引导的并发抽象解释实现高效的浏览器扩展漏洞检测。
165 Finding All Cross-Site Needles in the DOM Stack: A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers. 在DOM栈中找到所有跨站针:一种用于Web浏览器中自动XS-Leak检测的全面方法。
166 Uncovering and Exploiting Hidden APIs in Mobile Super Apps. 揭露和利用移动超级应用中的隐藏API。
167 A Good Fishman Knows All the Angles: A Critical Evaluation of Google's Phishing Page Classifier. 好的渔夫了解所有角度:对谷歌钓鱼页面分类器的关键评估。
168 Improved Distributed RSA Key Generation Using the Miller-Rabin Test. 使用米勒-拉宾测试改进的分布式RSA密钥生成。
169 Towards Generic MPC Compilers via Variable Instruction Set Architectures (VISAs). 通过可变指令集架构(VISAs)实现通用MPC编译器。
170 COMBINE: COMpilation and Backend-INdependent vEctorization for Multi-Party Computation. COMBINE:多方计算的编译和后端独立向量化。
171 Let's Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation. 让我们开始吧,伊布!适用于IoT至云安全计算的友好且适宜的AEAD模式族。
172 On the Security of KZG Commitment for VSS. 论VSS的KZG承诺的安全性。
173 Targeted Attack Synthesis for Smart Grid Vulnerability Analysis. 针对智能电网漏洞分析的定向攻击合成。
174 Secure and Timely GPU Execution in Cyber-physical Systems. 网络物理系统中的安全及时GPU执行。
175 SalsaPicante: A Machine Learning Attack on LWE with Binary Secrets. SalsaPicante:针对具有二进制秘密的LWE的机器学习攻击。
176 DPMLBench: Holistic Evaluation of Differentially Private Machine Learning. DPMLBench:差分隐私机器学习的全面评估。
177 Geometry of Sensitivity: Twice Sampling and Hybrid Clipping in Differential Privacy with Optimal Gaussian Noise and Application to Deep Learning. 敏感度的几何:在具有最优高斯噪声的差分隐私中进行两次采样和混合裁剪及其在深度学习中的应用。
178 Blink: Link Local Differential Privacy in Graph Neural Networks via Bayesian Estimation. Blink:通过贝叶斯估计在图神经网络中实现局部差分隐私。
179 DP-Forward: Fine-tuning and Inference on Language Models with Differential Privacy in Forward Pass. DP-Forward:在前向传播中使用差分隐私对语言模型进行微调和推理。
180 Whole-Program Control-Flow Path Attestation. 整个程序控制流路径认证。
181 Improving Security Tasks Using Compiler Provenance Information Recovered At the Binary-Level. 使用在二进制级别恢复的编译器来源信息改善安全任务。
182 SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution. SymGX:通过静态符号执行检测SGX应用程序的跨边界指针漏洞。
183 TypeSqueezer: When Static Recovery of Function Signatures for Binary Executables Meets Dynamic Analysis. TypeSqueezer:静态恢复二进制可执行文件的函数签名遇到动态分析时。
184 "Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication. "让他们每周都改变它!":在线开发者关于可用和安全认证的建议的定性探索。
185 Sharing Communities: The Good, the Bad, and the Ugly. 共享社区:好的、坏的和丑陋的。
186 Alert Alchemy: SOC Workflows and Decisions in the Management of NIDS Rules. 警报炼金术:在NIDS规则管理中SOC工作流程和决策。
187 Do Users Write More Insecure Code with AI Assistants? 用户使用AI助手编写的代码是否更不安全?
188 HODOR: Shrinking Attack Surface on Node.js via System Call Limitation. HODOR:通过系统调用限制缩小Node.js的攻击面。
189 ADEM: An Authentic Digital EMblem. ADEM:一个真实的数字徽章。
190 Is Modeling Access Control Worth It? 建模访问控制是否值得?
191 Fine-Grained Data-Centric Content Protection Policy for Web Applications. 面向Web应用的细粒度数据中心内容保护策略。
192 On the Security of Rate-limited Privacy Pass. 论限速隐私通行证的安全性。
193 Passive SSH Key Compromise via Lattices. 通过格对SSH密钥的被动妥协。
194 Stealth Key Exchange and Confined Access to the Record Protocol Data in TLS 1.3. TLS 1.3中的隐蔽密钥交换和对记录协议数据的限制访问。
195 ELEKTRA: Efficient Lightweight multi-dEvice Key TRAnsparency. ELEKTRA:高效轻量级多设备密钥透明性。
196 HE3DB: An Efficient and Elastic Encrypted Database Via Arithmetic-And-Logic Fully Homomorphic Encryption. HE3DB:通过算术和逻辑全同态加密的高效弹性加密数据库。
197 Level Up: Private Non-Interactive Decision Tree Evaluation using Levelled Homomorphic Encryption. 升级:使用分层同态加密的私有非交互式决策树评估。
198 Fast Unbalanced Private Set Union from Fully Homomorphic Encryption. 来自全同态加密的快速非平衡私有集合并集。
199 Efficient Multiplicative-to-Additive Function from Joye-Libert Cryptosystem and Its Application to Threshold ECDSA. 来自Joye-Libert密码系统的高效乘法到加法函数及其在阈值ECDSA中的应用。
200 Splice: Efficiently Removing a User's Data from In-memory Application State. Splice:高效地从内存中的应用状态中移除用户数据。
201 Leakage-Abuse Attacks Against Forward and Backward Private Searchable Symmetric Encryption. 针对前向和后向私有可搜索对称加密的泄露滥用攻击。
202 Using Range-Revocable Pseudonyms to Provide Backward Unlinkability in the Edge. 使用范围可撤销的假名在边缘提供向后不可关联性。
203 Shufflecake: Plausible Deniability for Multiple Hidden Filesystems on Linux. Shufflecake:Linux上多个隐藏文件系统的合理否认性。
204 Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications. 占领整个集群:通过第三方应用的过度权限攻击Kubernetes。
205 Lost along the Way: Understanding and Mitigating Path-Misresolution Threats to Container Isolation. 一路丢失:理解和减轻路径解析错误对容器隔离的威胁。
206 PackGenome: Automatically Generating Robust YARA Rules for Accurate Malware Packer Detection. PackGenome:自动生成健壮的YARA规则以准确检测恶意软件打包器。
207 RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections. RetSpill:点燃用户控制的数据以消除Linux内核保护。
208 Measuring Website Password Creation Policies At Scale. 大规模测量网站密码创建策略。
209 "I just stopped using one and started using the other": Motivations, Techniques, and Challenges When Switching Password Managers. "我刚停用一个就开始使用另一个":切换密码管理器的动机、技术和挑战。
210 "We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. "我们已为您禁用MFA":多因素认证恢复部署的安全性和可用性评估。
211 Uncovering Impact of Mental Models towards Adoption of Multi-device Crypto-Wallets. 揭示心理模型对采用多设备加密钱包的影响。
212 You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements. 你称这为考古学吗?评估网页存档以实现可复现的网络安全测量。
213 Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage. 网络犯罪比特币收入估计:量化方法论和覆盖范围的影响。
214 Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications. 魔盒:Web上JavaScript打包的实证研究及其安全含义。
215 Understanding and Detecting Abused Image Hosting Modules as Malicious Services. 理解和检测滥用的图像托管模块作为恶意服务。
216 Faster Constant-time Evaluation of the Kronecker Symbol with Application to Elliptic Curve Hashing. 更快的常数时间克罗内克符号评估及其在椭圆曲线哈希中的应用。
217 Verifiable Verification in Cryptographic Protocols. 密码协议中的可验证验证。
218 Compact Frequency Estimators in Adversarial Environments. 敌对环境中的紧凑频率估计器。
219 ACABELLA: Automated (Crypt)analysis of Attribute-Based Encryption Leveraging Linear Algebra. ACABELLA:利用线性代数的属性基加密的自动(密码)分析。
220 Ramen: Souper Fast Three-Party Computation for RAM Programs. Ramen:RAM程序的超快三方计算。
221 Secure Statistical Analysis on Multiple Datasets: Join and Group-By. 多数据集上的安全统计分析:连接和分组。
222 FutORAMa: A Concretely Efficient Hierarchical Oblivious RAM. FutORAMa:一个具体高效的分层遗忘RAM。
223 Waks-On/Waks-Off: Fast Oblivious Offline/Online Shuffling and Sorting with Waksman Networks. Waks-On/Waks-Off:使用Waksman网络的快速遗忘离线/在线混洗和排序。
224 General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications. 通用数据保护运行时:对现有应用强制执行透明的GDPR合规性。
225 Control, Confidentiality, and the Right to be Forgotten. 控制、保密性和被遗忘的权利。
226 PolicyChecker: Analyzing the GDPR Completeness of Mobile Apps' Privacy Policies. PolicyChecker:分析移动应用隐私政策的GDPR完整性。
227 Speranza: Usable, Privacy-friendly Software Signing. Speranza:可用的、隐私友好的软件签名。
228 Unsafe Diffusion: On the Generation of Unsafe Images and Hateful Memes From Text-To-Image Models. 不安全扩散:关于从文本到图像模型生成不安全图片和仇恨表情的研究。
229 DE-FAKE: Detection and Attribution of Fake Images Generated by Text-to-Image Generation Models. DE-FAKE:检测和归因由文本到图像生成模型产生的假图像。
230 "Get in Researchers; We're Measuring Reproducibility": A Reproducibility Study of Machine Learning Papers in Tier 1 Security Conferences. "研究人员进来;我们在测量可重复性":一项针对一级安全会议中机器学习论文的可重复性研究。
231 Unhelpful Assumptions in Software Security Research. 软件安全研究中的不实用假设。
232 Read Between the Lines: Detecting Tracking JavaScript with Bytecode Classification. 行间阅读:通过字节码分类检测跟踪JavaScript。
233 CookieGraph: Understanding and Detecting First-Party Tracking Cookies. CookieGraph:理解和检测第一方跟踪Cookie。
234 AdCPG: Classifying JavaScript Code Property Graphs with Explanations for Ad and Tracker Blocking. AdCPG:用于广告和跟踪器阻止的解释性JavaScript代码属性图分类。
235 Poster: Using CodeQL to Detect Malware in npm. 海报:使用CodeQL检测npm中的恶意软件。
236 Poster: Data Minimization by Construction for Trigger-Action Applications. 海报:通过构造实现触发-动作应用的数据最小化。
237 Poster: Verifiable Encodings for Maliciously-Secure Homomorphic Encryption Evaluation. 海报:用于恶意安全同态加密评估的可验证编码。
238 Poster: Circumventing the GFW with TLS Record Fragmentation. 海报:通过TLS记录片段化绕过GFW。
239 Poster: Generating Experiences for Autonomous Network Defense. 海报:生成自主网络防御的经验。
240 Poster: From Hashes to Ashes - A Comparison of Transcription Services. 海报:从哈希到灰烬 - 转录服务的比较。
241 Poster: Mujaz: A Summarization-based Approach for Normalized Vulnerability Description. 海报:Mujaz:基于摘要的规范化漏洞描述方法。
242 Poster: Boosting Adversarial Robustness by Adversarial Pre-training. 海报:通过对抗性预训练增强对抗性鲁棒性。
243 Poster: Vulcan - Repurposing Accessibility Features for Behavior-based Intrusion Detection Dataset Generation. 海报:Vulcan - 重新利用辅助功能特性生成基于行为的入侵检测数据集。
244 Poster: Computing the Persistent Homology of Encrypted Data. 海报:计算加密数据的持久同调。
245 Poster: Attestor - Simple Proof-of-Storage-Time. 海报:Attestor - 简单的存储时间证明。
246 Poster: Query-efficient Black-box Attack for Image Forgery Localization via Reinforcement Learning. 海报:通过强化学习进行图像伪造定位的查询高效黑盒攻击。
247 Poster: Membership Inference Attacks via Contrastive Learning. 海报:通过对比学习进行成员推理攻击。
248 Poster: Ethics of Computer Security and Privacy Research - Trends and Standards from a Data Perspective. 海报:从数据视角看计算机安全与隐私研究的伦理 - 趋势与标准。
249 Poster: RPAL-Recovering Malware Classifiers from Data Poisoning using Active Learning. 海报:使用主动学习从数据投毒中恢复恶意软件分类器 - RPAL。
250 Poster: Combining Fuzzing with Concolic Execution for IoT Firmware Testing. 海报:结合Fuzzing和符号执行进行IoT固件测试。
251 Poster: Efficient AES-GCM Decryption Under Homomorphic Encryption. 海报:在同态加密下的高效AES-GCM解密。
252 Poster: Multi-target & Multi-trigger Backdoor Attacks on Graph Neural Networks. 海报:针对图神经网络的多目标与多触发器后门攻击。
253 Poster: Longitudinal Analysis of DoS Attacks. 海报:DoS攻击的纵向分析。
254 Poster: The Risk of Insufficient Isolation of Database Transactions in Web Applications. 海报:Web应用中数据库事务隔离不足的风险。
255 Poster: Privacy Risks from Misconfigured Android Content Providers. 海报:由于配置错误的Android内容提供者引起的隐私风险。
256 Poster: Bridging Trust Gaps: Data Usage Transparency in Federated Data Ecosystems. 海报:桥接信任差距:联邦数据生态系统中的数据使用透明性。
257 Poster: Panacea - Stateless and Non-Interactive Oblivious RAM. 海报:万能药 - 无状态且非交互式的遗忘RAM。
258 Poster: Backdoor Attack on Extreme Learning Machines. 海报:针对极限学习机的后门攻击。
259 Poster: Accountable Processing of Reported Street Problems. 海报:对报告的街道问题的负责任处理。
260 Poster: WIP: Account ZK-Rollups from Sumcheck Arguments. 海报:工作进行中:从求和检查论证到账户ZK-Rollups。
261 Poster: Signer Discretion is Advised: On the Insecurity of Vitalik's Threshold Hash-based Signatures. 海报:建议签名者谨慎:关于Vitalik的阈值哈希基签名的不安全性。
262 Poster: Longitudinal Measurement of the Adoption Dynamics in Apple's Privacy Label Ecosystem. 海报:苹果隐私标签生态系统采用动态的纵向测量。
263 Poster: Towards a Dataset for the Discrimination between Warranted and Unwarranted Emails. 海报:朝向区分有理和无理电子邮件的数据集。
264 Poster: Cybersecurity Usage in the Wild: A look at Deployment Challenges in Intrusion Detection and Alert Handling. 海报:野外的网络安全使用:入侵检测和警报处理中的部署挑战。
265 Poster: Towards Lightweight TEE-Assisted MPC. 海报:朝向轻量级TEE辅助的多方计算。
266 Poster: Fooling XAI with Explanation-Aware Backdoors. 海报:使用解释感知后门愚弄XAI。
267 Poster: Metadata-private Messaging without Coordination. 海报:无需协调的元数据私密消息。
268 Poster: Control-Flow Integrity in Low-end Embedded Devices. 海报:低端嵌入式设备中的控制流完整性。
269 Poster: Generic Multidimensional Linear Cryptanalysis of Feistel Ciphers. 海报:费斯妥密码的通用多维线性密码分析。
270 Poster: Secure and Differentially Private kth Ranked Element. 海报:安全且具有差分隐私的第k个排名元素。
271 Poster: Towards Practical Brainwave-based User Authentication. 海报:朝向基于脑波的实用用户认证。
272 Poster: A Privacy-Preserving Smart Contract Vulnerability Detection Framework for Permissioned Blockchain. 海报:一种用于许可区块链的隐私保护智能合约漏洞检测框架。
273 Poster: The Unknown Unknown: Cybersecurity Threats of Shadow IT in Higher Education. 海报:未知的未知:高等教育中影子IT的网络安全威胁。
274 Poster: Detecting Adversarial Examples Hidden under Watermark Perturbation via Usable Information Theory. 海报:通过可用信息论检测隐藏在水印扰动下的对抗样本。
275 Poster: Unveiling the Impact of Patch Placement: Adversarial Patch Attacks on Monocular Depth Estimation. 海报:揭示补丁放置的影响:针对单眼深度估计的对抗性补丁攻击。
276 Poster: Verifiable Data Valuation with Strong Fairness in Horizontal Federated Learning. 海报:在横向联邦学习中具有强公平性的可验证数据估值。
277 WPES '23: 22nd Workshop on Privacy in the Electronic Society. WPES '23:第22届电子社会隐私研讨会。
278 CPSIoTSec'23: Fifth Workshop on CPS & IoT Security and Privacy. CPSIoTSec'23:第五届CPS与IoT安全与隐私研讨会。
279 WAHC '23: 11th Workshop on Encrypted Computing & Applied Homomorphic Cryptography. WAHC '23:第11届加密计算与应用同态加密研讨会。
280 MTD '23: 10th ACM Workshop on Moving Target Defense. MTD '23:第10届ACM动态目标防御研讨会。
281 SaTS'23: The 1st ACM Workshop on Secure and Trustworthy Superapps. SaTS'23:第1届ACM安全与可信超级应用研讨会。
282 CCSW '23: Cloud Computing Security Workshop. CCSW '23:云计算安全研讨会。
283 PLAS: The 18th Workshop on Programming Languages and Analysis for Security. PLAS:第18届安全编程语言与分析研讨会。
284 DeFi '23: Workshop on Decentralized Finance and Security. DeFi '23:去中心化金融与安全研讨会。
285 ARTMAN '23: First Workshop on Recent Advances in Resilient and Trustworthy ML Systems in Autonomous Networks. ARTMAN '23:自主网络中韧性与可信机器学习系统最新进展的第一次研讨会。
286 ASHES '23: Workshop on Attacks and Solutions in Hardware Security. ASHES '23:硬件安全攻击与解决方案研讨会。
287 AISec '23: 16th ACM Workshop on Artificial Intelligence and Security. AISec '23:第16届ACM人工智能与安全研讨会。
288 Tutorial-HEPack4ML '23: Advanced HE Packing Methods with Applications to ML. 教程-HEPack4ML '23:高级同态加密打包方法及其在机器学习中的应用。
289 SCORED '23: Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses. SCORED '23:软件供应链攻击研究与生态防御研讨会。
290 Demo: Certified Robustness on Toolformer. 演示:Toolformer上的认证鲁棒性。
291 Demo: Data Minimization and Informed Consent in Administrative Forms. 演示:行政表格中的数据最小化和知情同意。
292 Demo: Image Disguising for Scalable GPU-accelerated Confidential Deep Learning. 演示:可扩展GPU加速的保密深度学习中的图像伪装。