Skip to content

This repo collects the best papers from top 4 computer security conferences, including IEEE S&P, ACM CCS, USENIX Security, and NDSS.

Notifications You must be signed in to change notification settings

prncoprs/best-papers-in-computer-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 

Repository files navigation

Best Papers from Top Computer Security Conferences

This repo is inpired by the Awesome Best Papers. However, the Awesome Best Papers does not include the computer security fields. So, I collect the best papers from top 4 computer security conferences, including IEEE S&P, ACM CCS, USENIX Security, and NDSS.

All the data are collected manully. If you find any errors, please feel free to contribute to this repo. Also, you are welcome to add papers from other computer security conferences.

Future Work

  1. Add link to each paper.
  2. Add other awards, such as best student paper award, best practical award.
  3. Add best papers from other computer security conferences.

IEEE S&P

Best Paper Awards

Year Paper
2024 BENZENE: A Practical Root Cause Analysis System with an Under-Constrained State Mutation
Younggi Park (Korea University), Hwiwon Lee (Korea University), Jinho Jung (Ministry of National Defense), Hyungjoon Koo (Sungkyunkwan University), Huy Kang Kim (Korea University)
Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities
Julia Wunder (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Andreas Kurtz (Heilbronn University of Applied Sciences), Christian Eichenmüller (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Freya Gassmann (Rheinland-Pfälzische Technische Universität Kaiserslautern-Landau (RPTU)), Zinaida Benenson (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU))
"False negative - that one is going to kill you." - Understanding Industry Perspectives of Static Analysis based Security Testing
Amit Seal Ami (William & Mary), Kevin Moran (University of Central Florida), Denys Poshyvanyk (William & Mary), Adwait Nadkarni (William & Mary)
The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web
Soheil Khodayari (CISPA Helmholtz Center for Information Security), Thomas Barber (SAP Security Research), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security)
SoK: Prudent Evaluation Practices for Fuzzing
Moritz Schloegel (CISPA Helmholtz Center for Information Security), Nils Bars (CISPA Helmholtz Center for Information Security), Nico Schiller (CISPA Helmholtz Center for Information Security), Lukas Bernhard (CISPA Helmholtz Center for Information Security), Tobias Scharnowski (CISPA Helmholtz Center for Information Security), Addison Crump (CISPA Helmholtz Center for Information Security), Arash Ale Ebrahim (CISPA Helmholtz Center for Information Security), Nicolai Bissantz (Ruhr University Bochum), Marius Muench (University of Birmingham), Thorsten Holz (CISPA Helmholtz Center for Information Security)
SoK: Unintended Interactions among Machine Learning Defenses and Risks
Vasisht Duddu (University of Waterloo), Sebastian Szyller (Intel Labs), N. Asokan (University of Waterloo, Aalto University)
From Virtual Touch to Tesla Command: Unlocking Unauthenticated Control Chains From Smart Glasses for Vehicle Takeover
Xingli Zhang (University of Louisiana at Lafayette), Yazhou Tu (University of Louisiana at Lafayette), Yan Long (University of Michigan), Liqun Shan (University of Louisiana at Lafayette), Mohamed A Elsaadani (University of Louisiana at Lafayette), Kevin Fu (Northeastern University), Zhiqiang Lin (Ohio State University), Xiali Hei (University of Louisiana at Lafayette)
From Chatbots to Phishbots?: Phishing Scam Generation in Commercial Large Language Models
Sayak Saha Roy (University of Texas at Arlington), Poojitha Thota (University of Texas at Arlington), Krishna Vamsi Naragam (University of Texas at Arlington), Shirin Nilizadeh (University of Texas at Arlington)
WESEE: Using Malicious #VC Interrupts to Break AMD SEV-SNP
Benedict Schlüter (ETH Zurich), Supraja Sridhara (ETH Zurich), Andrin Bertschi (ETH Zurich), Shweta Shinde (ETH Zurich)

2023 MEGA: Malleable Encryption Goes Awry
Matilda Backendal (ETH Zurich), Miro Haller (ETH Zurich), Kenneth Paterson (ETH Zurich)
Practically-exploitable Cryptographic Vulnerabilities in Matrix
Martin R. Albrecht (Royal Holloway, University of London), Sofía Celi (Brave Software), Benjamin Dowling (University of Sheffield), Daniel Jones (Royal Holloway, University of London)
Weak Fiat-Shamir Attacks on Modern Proof Systems
Quang Dao (Carnegie Mellon University), Jim Miller (Trail of Bits), Opal Wright (Trail of Bits), Paul Grubbs (University of Michigan)
Typing High-Speed Cryptography against Spectre v1
Basavesh Ammanaghatta Shivakumar (MPI-SP), Gilles Barthe (MPI-SP and IMDEA Software Institute), Benjamin Grégoire (Inria and Université Côte d'Azur), Vincent Laporte (Inria Nancy), Tiago Oliviera (MPI-SP), Swarn Priya (Inria and Université Côte d'Azur), Peter Schwabe (MPI-SP & Radboud University), Lucas Tabary-Maujean (ENS Paris-Saclay)
Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations
Endres Puschner (Max Planck Institute for Security and Privacy), Thorben Moos (UCLouvain), Christian Kison (Bundeskriminalamt), Steffen Becker (Ruhr University Bochum & Max Planck Institute for Security and Privacy), Amir Moradi (Ruhr University Bochum), Christof Paar (Max Planck Institute for Security and Privacy)
It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
Soheil Khodayari (CISPA Helmholtz Center for Information Security), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security)
The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web
Jannis Rautenstrauch (CISPA Helmholtz Center for Information Security), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security), Ben Stock (CISPA Helmholtz Center for Information Security)
WaVe: a verifiably secure WebAssembly sandboxing runtime
Evan Johnson (University of California San Diego), Evan Laufer (Stanford University) , Zijie Zhao (University of Illinois Urbana-Champaign), Shravan Narayan (University of California San Diego) , Stefan Savage (University of California San Diego) , Deian Stefan (University of California San Diego), Fraser Brown (Carnegie Mellon University)
Characterizing Everyday Misuse of Smart Home Devices
Phoebe Moh (University of Maryland), Pubali Datta (University of Illinois Urbana-Champaign) Noel Warford (University of Maryland), Adam Bates (University of Illinois Urbana-Champaign), Nathan Malkin (University of Maryland), Michelle L. Mazurek (University of Maryland)
Not Yet Another Digital ID: Privacy-preserving Humanitarian Aid Distribution
Boya Wang (EPFL), Wouter Lueks (CISPA Helmholtz Center for Information Security), Justinas Sukaitis (ICRC), Vincent Graf Narbel (ICRC), Carmela Troncoso (EPFL)
“In Eighty Percent of the Cases, I Select the Password for Them”: Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya
Collins W. Munyendo (The George Washington University), Yasemin Acar (The George Washington University), Adam J. Aviv (The George Washington University)
Space Odyssey: An Experimental Software Security Analysis of Satellites
Johannes Willbold (Ruhr-Universität Bochum), Moritz Schloegel (Ruhr-Universität Bochum) Manuel Vögele (Ruhr-Universität Bochum), Maximilian Gerhardt (Ruhr-Universität Bochum), Thorsten Holz (CISPA Helmholtz Center for Information Security), Ali Abbasi (CISPA Helmholtz Center for Information Security)
2022 Four Attacks and a Proof for Telegram
Martin R. Albrecht (Royal Holloway, University of London), Lenka Mareková (Royal Holloway, University of London), Kenneth G. Paterson (ETH Zurich), Igors Stepanovs (ETH Zurich)
Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions
Hammond Pearce, Baleegh Ahmad, Benjamin Tan, Brendan Dolan-Gavitt, Ramesh Karri (NYU Tandon School of Engineering)
Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices
Haoqi Shan (University of Florida), Boyi Zhang (University of Florida), Zihao Zhan (University of Florida), Dean Sullivan (University of New Hampshire), Shuo Wang (University of Florida), Yier Jin (University of Florida)
Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects
Dominik Wermke (CISPA), Noah Woehler (CISPA), Jan H. Klemmer (Leibniz University Hannover), Marcel Fourné (MPI-SP), Yasemin Acar (George Washington University), Sascha Fahl (CISPA, Leibniz University Hannover)
2021 Compositional Security for Reentrant Applications
Ethan Cecchetti (Cornell University), Siqiu Yao (Cornell University), Haobin Ni (Cornell University), Andrew C. Myers (Cornell University)
Hardware-Software Contracts for Secure Speculation
Marco Guarnieri (IMDEA Software Institute), Boris Köpf (Microsoft Research), Jan Reineke (Saarland University), and Pepe Vila (IMDEA Software Institute)
2020 TRRespass: Exploiting the Many Sides of Target Row Refresh
Pietro Frigo (Vrije Universiteit Amsterdam), Emanuele Vannacci (Vrije Universiteit Amsterdam), Hasan Hassan (ETH Zürich), Victor van der Veen (Qualcomm Technologies, Inc.), Onur Mutlu (ETH Zürich), Cristiano Giuffrida (Vrije Universiteit Amsterdam), Herbert Bos (Vrije Universiteit Amsterdam), Kaveh Razavi (Vrije Universiteit Amsterdam)
2019 Spectre Attacks: Exploiting Speculative Execution
Paul Kocher (Independent (www.paulkocher.com)), Jann Horn (Google Project Zero), Anders Fogh (G DATA Advanced Analytics), Daniel Genkin (University of Pennsylvania and University of Maryland), Daniel Gruss (Graz University of Technology), Werner Haas (Cyberus Technology), Mike Hamburg (Rambus, Cryptography Research Division), Moritz Lipp (Graz University of Technology), Stefan Mangard (Graz University of Technology), Thomas Prescher (Cyberus Technology), Michael Schwarz (Graz University of Technology), Yuval Yarom (University of Adelaide and Data61)
2018 DEEPSEC: Deciding Equivalence Properties in Security Protocols -- Theory and Practice
Vincent Cheval (Inria Nancy & Loria), Steve Kremer (Inria Nancy & Loria), Itsaka Rakotonirina (Inria Nancy & Loria)
On Enforcing the Digital Immunity of a Large Humanitarian Organization
Stevens Le Blond (École Polytechnique Fédérale de Lausanne), Alejandro Cuevas (École Polytechnique Fédérale de Lausanne), Juan Ramón Troncoso-Pastoriza (École Polytechnique Fédérale de Lausanne), Philipp Jovanovic (École Polytechnique Fédérale de Lausanne), Bryan Ford (École Polytechnique Fédérale de Lausanne), Jean-Pierre Hubaux (École Polytechnique Fédérale de Lausanne)
2017 Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate
Karthikeyan Bhargavan (INRIA), Bruno Blanchet (INRIA), and Nadim Kobeissi (INRIA)
2016 A2: Analog Malicious Hardware
Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, and Dennis Sylvester (University of Michigan)
2015 A Messy State of the Union: Taming the Composite State Machines of TLS
Benjamin Beurdouche (INRIA), Karthikeyan Bhargavan (INRIA), Antoine Delignat-Lavaud (INRIA), Cédric Fournet (Microsoft Research), Markulf Kohlweiss (Microsoft Research), Alfredo Pironti (INRIA), Pierre-Yves Strub (IMDEA), Jean Karim Zinzindohoue (INRIA)
Riposte: An Anonymous Messaging System Handling Millions of Users
Henry Corrigan-Gibbs (Stanford University), Dan Boneh (Stanford University), David Mazières (Stanford University)
2014 Secure Multiparty Computations on Bitcoin
Marcin Andrychowicz (University of Warsaw) , Stefan Dziembowski (University of Warsaw and Sapienza University of Rome) , Daniel Malinowski, and Łukasz Mazurek (University of Warsaw)
2013 Pinocchio: Nearly Practical Verifiable Computation
Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova

ACM CCS

Best Paper Awards

Year Paper
2022 Victory by KO: Attacking OpenPGP Using Key Overwriting
Kenny Paterson, Lara Bruseghini, Daniel Huigens
Proving UNSAT in Zero Knowledge
Ning Luo, Timos Antonopoulos, William Harris, Ruzica Piskac, Eran Tromer, Xiao Wang
Automatic Detection of Speculative Execution Combinations
Xaver Fabian, Marco Patrignani, Marco Guarnieri
Zapper: Smart Contracts with Data and Identity Privacy
Samuel Steffen, Benjamin Bichsel, Martin Vechev
STAR: Secret Sharing for Private Threshold Aggregation Reporting
Alex Davidson, Peter Snyder, E. B. Quirk, Joseph Genereux, Hamed Haddadi, Benjamin Livshits
2021 XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
Lukas Knittel; Christian Mainka (Ruhr University Bochum); Marcus Niemietz (Niederrhein University of Applied Sciences); Dominik Trevor Noß Jörg Schwenk (Ruhr University Bochum)
One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization
Robert Buhren; Hans-Niklas Jacob; Thilo Krachenfels (Technische UniversitätBerlin - SECT); Jean-Pierre Seifert (Technische Universität Berlin - SECT & Fraunhofer SIT)
On the Renyi Differential Privacy of the Shuffle Model
Antonious M. Girgis; Deepesh Data; Suhas Diggavi (University of California Los Angeles); Ananda Theertha Suresh; Peter Kairouz (Google Research)
On the (In)Security of ElGamal in OpenPGP
Luca De Feo; Bertram Poettering; Alessandro Sorniotti (IBM Research Europe - Zurich)
V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing
Gaoning Pan (Zhejiang University & Ant Group); Xingwei Lin (Ant Group); Xuhong Zhang (Zhejiang University & Binjiang Institute of Zhejiang University); Yongkang Jia (Zhejiang University); Shouling Ji (Zhejiang University & Binjiang Institute of Zhejiang University); Chunming Wu (Zhejiang University); Xinlei Ying (Ant Group); Jiashui Wang (Ant Group); Yanjun Wu (Institute of Software, Chinese Academy of Sciences)
2020 DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels
Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan
2019 Where Does It Go? Refining Indirect-Call Targets with Multi-layer Type Analysis
Kangjie Lu and Hong Hu
2018 LEMNA: Explaining Deep Learning based Security Applications
Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, Xinyu Xing
Toward Detecting Violations of Differential Privacy
Ding Ding, Yuxin Wang, Guanhong Wang, Danfeng Zhang, Daniel Kifer
2017 Scaling ORAM for Secure Computation
Jack Doerner, Abhi Shelat
Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation
Shay Gueron, Yehuda Lindell
DolphinAttack: Inaudible Voice Commands
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation
Xiao Wang, Samuel Ranellucci, Jonathan Katz
A Formal Foundation for Secure Remote Execution of Enclaves
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia
2016 A Surfeit of SSH Cipher Suites
Martin R. Albrecht, Jean Paul Degabriele, Torben Brandt Hansen and Kenneth G. Paterson
A Systematic Analysis of the Juniper Dual EC Incident
Stephen Checkoway, Jacob Mankiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham
High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority
Toshinori Araki, Jun Furukawa, Yehuda Lindell, Ariel Nof and Kazuma Ohara
2015 Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice
David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Mathew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin Vandersloot, Eric Wustrow, Santiago Zanella-Béquelin, and Paul Zimmerman
Guitar: Piecing Together Android App GUIs From Memory Images
Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang and Dongyan Xu
Automated Analysis And Synthesis Of Authenticated Encryption Schemes
Viet Tung Hoang, Jonathan Katz and Alex J. Malozemoff
2014 Private-by-Design Advertising Meets the Real World Alexey Reznichenko and Paul Francis
Alexey Reznichenko and Paul Francis
Code Reuse Attacks in PHP: Automated POP Chain Generation
Johannes Dahse, Nikolai Krein and Thorsten Holz
Multi-ciphersuite security of the Secure Shell (SSH) protocol
Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk and Douglas Stebila
2013 FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis
Adam Waksman and Matthew Suozzo
Path ORAM: An Extremely Simple Oblivious RAM Protocol
Emil Stefanov, Christopher Fletcher, Ling Ren, and Xiangyao Yu
**Security Analysis of Integrated Circuit Camouflaging **
eyavijayan Rajendran and Michael Sam

USENIX Security

Best Paper Awards

Year Paper
2023 Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations
Tadayoshi Kohno, University of Washington; Yasemin Acar, Paderborn University and George Washington University; Wulf Loh, Universität Tübingen
Glaze: Protecting Artists from Style Mimicry by Text-to-Image Models
Shawn Shan, University of Chicago; Jenna Cryan, University of Chicago; Emily Wenger, University of Chicago; Haitao Zheng, University of Chicago; Rana Hanocka, University of Chicago; Ben Y. Zhao, University of Chicago
An Efficient Design of Intelligent Network Data Plane
Guangmeng Zhou, Tsinghua University; Zhuotao Liu, Tsinghua University and Zhongguancun Laboratory; Chuanpu Fu, Tsinghua University; Qi Li, Tsinghua University and Zhongguancun Laboratory; Ke Xu, Tsinghua University and Zhongguancun Laboratory
Don’t be Dense: Efficient Keyword PIR for Sparse Databases
Sarvar Patel, Google; Joon Young Seo, Google; Kevin Yeo, Google and Columbia University
TreeSync: Authenticated Group Management for Messaging Layer Security
Théophile Wallez, Inria Paris; Jonathan Protzenko, Microsoft Research; Benjamin Beurdouche, Mozilla; Karthikeyan Bhargavan, Inria Paris
Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses
Vincent Cheval, Inria Paris; Cas Cremers, CISPA Helmholtz Center for Information Security; Alexander Dax, CISPA Helmholtz Center for Information Security and Saarland University; Lucca Hirschi, Université de Lorraine, Inria, CNRS, France; Charlie Jacomme, Inria Paris; Steve Kremer, Université de Lorraine, LORIA, Inria Nancy Grand-Est
Bug Hunters’ Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem
Omer Akgul, University of Maryland; Taha Eghtesad, Pennsylvania State University; Amit Elazari, University of California, Berkeley; Omprakash Gnawali, University of Houston; Jens Grossklags, Technical University of Munich; Michelle L. Mazurek, University of Maryland; Daniel Votipka, Tufts University; Aron Laszka, Pennsylvania State University
Examining Power Dynamics and User Privacy in Smart Technology Use Among Jordanian Households
Wael Albayaydh, University of Oxford; Ivan Flechais, University of Oxford
Tight Auditing of Differentially Private Machine Learning
Milad Nasr, Google DeepMind; Jamie Hayes, Google DeepMind; Thomas Steinke, Google DeepMind; Borja Balle, DeepMind; Florian Tramèr, ETH Zurich; Matthew Jagielski, Google DeepMind; Nicholas Carlini, Google DeepMind; Andreas Terzis, Google DeepMind
Automated Analysis of Protocols that use Authenticated Encryption: How Subtle AEAD Differences can impact Protocol Security
Cas Cremers, CISPA Helmholtz Center for Information Security; Alexander Dax, CISPA Helmholtz Center for Information Security and Saarland University; Charlie Jacomme, Inria Paris; Mang Zhao, CISPA Helmholtz Center for Information Security and Saarland University
Account Security Interfaces: Important, Unintuitive, and Untrustworthy
Alaa Daffalla, Cornell University; Marina Bohuk, Cornell University; Nicola Dell, Jacobs Institute Cornell Tech; Rosanna Bellini, Cornell University; Thomas Ristenpart, Cornell Tech
A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords
Alexandra Nisenoff, University of Chicago and Carnegie Mellon University; Maximilian Golla, University of Chicago / Max Planck Institute for Security and Privacy; Miranda Wei, University of Chicago / University of Washington; Juliette Hainline, University of Chicago; Hayley Szymanek, University of Chicago; Annika Braun, University of Chicago; Annika Hildebrandt, University of Chicago; Blair Christensen, University of Chicago; David Langenberg, University of Chicago; Blase Ur, University of Chicago
Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge
Nils Bars, CISPA Helmholtz Center for Information Security; Moritz Schloegel, CISPA Helmholtz Center for Information Security; Tobias Scharnowski, CISPA Helmholtz Center for Information Security; Nico Schiller, Ruhr-Universität Bochum; Thorsten Holz, CISPA Helmholtz Center for Information Security
Remote Direct Memory Introspection
Hongyi Liu, Rice University; Jiarong Xing, Rice University; Yibo Huang, Rice University; Danyang Zhuo, Duke University; Srinivas Devadas, Massachusetts Institute of Technology; Ang Chen, Rice University
A Bug's Life: Analyzing the Lifecycle and Mitigation Process of Content Security Policy Bugs
Gertjan Franken, imec-DistriNet, KU Leuven; Tom Van Goethem, imec-DistriNet, KU Leuven; Lieven Desmet, imec-DistriNet, KU Leuven; Wouter Joosen, imec-DistriNet, KU Leuven
BotScreen: Trust Everybody, but Cut the Aimbots Yourself
Minyeop Choi, KAIST; Gihyuk Ko, Cyber Security Research Center at KAIST and Carnegie Mellon University; Sang Kil Cha, KAIST
2022 Dos and Don'ts of Machine Learning in Computer Security
Daniel Arp, Technische Universität Berlin; Erwin Quiring, Technische Universität Braunschweig; Feargus Pendlebury, King's College London and Royal Holloway, University of London and The Alan Turing Institute; Alexander Warnecke, Technische Universität Braunschweig; Fabio Pierazzi, King's College London; Christian Wressnegger, KASTEL Security Research Labs and Karlsruhe Institute of Technology; Lorenzo Cavallaro, University College London; Konrad Rieck, Technische Universität Braunschweig
OpenVPN is Open to VPN Fingerprinting
Diwen Xue, University of Michigan; Reethika Ramesh, University of Michigan; Arham Jain, University of Michigan; Michalis Kallitsis, Merit Network, Inc.; J. Alex Halderman, University of Michigan; Jedidiah R. Crandall, Arizona State University/Breakpointing Bad; Roya Ensafi, University of Michigan
FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing
Zenong Zhang, University of Texas at Dallas; Zach Patterson, University of Texas at Dallas; Michael Hicks, University of Maryland and Amazon; Shiyi Wei, University of Texas at Dallas
Attacks on Deidentification's Defenses
Aloni Cohen, University of Chicago
Augmenting Decompiler Output with Learned Variable Names and Types
Qibin Chen, Carnegie Mellon University; Jeremy Lacomis, Carnegie Mellon University; Edward J. Schwartz, Carnegie Mellon University Software Engineering Institute; Claire Le Goues, Carnegie Mellon University; Graham Neubig, Carnegie Mellon University; Bogdan Vasilescu, Carnegie Mellon University
The Antrim County 2020 Election Incident: An Independent Forensic Investigation
J. Alex Halderman, University of Michigan
Identity Confusion in WebView-based Mobile App-in-app Ecosystems
Lei Zhang, Fudan University; Zhibo Zhang, Fudan University; Ancong Liu, Fudan University; Yinzhi Cao, Johns Hopkins University; Xiaohan Zhang, Fudan University; Yanjun Chen, Fudan University; Yuan Zhang, Fudan University; Guangliang Yang, Fudan University; Min Yang, Fudan University
Provably-Safe Multilingual Software Sandboxing using WebAssembly
Jay Bosamiya, Carnegie Mellon University; Wen Shih Lim, Carnegie Mellon University; Bryan Parno, Carnegie Mellon University
An Audit of Facebook's Political Ad Policy Enforcement
Victor Le Pochat, imec-DistriNet, KU Leuven; Laura Edelson, New York University; Tom Van Goethem, imec-DistriNet, KU Leuven; Wouter Joosen, imec-DistriNet, KU Leuven; Damon McCoy, New York University; Tobias Lauinger, New York University
Private Signaling
Varun Madathil, North Carolina State University; Alessandra Scafuro, North Carolina State University; István András Seres, Eötvös Loránd University; Omer Shlomovits, ZenGo X; Denis Varlakov, ZenGo X
Faster Yet Safer: Logging System Via Fixed-Key Blockcipher
Viet Tung Hoang, Florida State University; Cong Wu, Florida State University; Xin Yuan, Florida State University
Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World
Giovanni Cherubin, Alan Turing Institute; Rob Jansen, U.S. Naval Research Laboratory; Carmela Troncoso, EPFL SPRING Lab
2021 Poisoning the Unlabeled Dataset of Semi-Supervised Learning
Nicholas Carlini, Google
You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion
Roei Schuster, Tel Aviv University and Cornell Tech; Congzheng Song, Cornell University; Eran Tromer, Tel Aviv University and Columbia University; Vitaly Shmatikov, Cornell Tech
Why wouldn't someone think of democracy as a target?: Security practices & challenges of people involved with U.S. political campaigns
Sunny Consolvo, Google; Patrick Gage Kelley, Google; Tara Matthews, Google; Kurt Thomas, Google; Lee Dunn, Google; Elie Bursztein, Google
An Analysis of Speculative Type Confusion Vulnerabilities in the Wild
Ofek Kirzner, Tel Aviv University; Adam Morrison, Tel Aviv University
Weaponizing Middleboxes for TCP Reflected Amplification
Kevin Bock, University of Maryland; Abdulrahman Alaraj, University of Colorado Boulder; Yair Fax, University of Maryland; Kyle Hurley, University of Maryland; Eric Wustrow, University of Colorado Boulder; Dave Levin, University of Maryland
Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks
Hany Ragab, Vrije Universiteit Amsterdam; Enrico Barberis, Vrije Universiteit Amsterdam; Herbert Bos, VU Amsterdam; Cristiano Giuffrida, VU Amsterdam
It's stressful having all these phones: Investigating Sex Workers' Safety Goals, Risks, and Practices Online
Allison McDonald, University of Michigan; Catherine Barwulor, Clemson University; Michelle L. Mazurek, University of Maryland; Florian Schaub, University of Michigan; Elissa M. Redmiles, Max Planck Institute for Software Systems
2020 Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale
Adam Oest, Arizona State University; Penghui Zhang, Arizona State University; Brad Wardman, PayPal; Eric Nunes, PayPal; Jakub Burgis, PayPal; Ali Zand, Google; Kurt Thomas, Google; Adam Doupé, Arizona State University; Gail-Joon Ahn, Arizona State University, Samsung Research
Retrofitting Fine Grain Isolation in the Firefox Renderer
Shravan Narayan, UC San Diego; Craig Disselkoen, UC San Diego; Tal Garfinkel, Stanford University; Nathan Froyd, Mozilla; Eric Rahm, Mozilla; Sorin Lerner, UC San Diego; Hovav Shacham, UT Austin; Deian Stefan, UC San Diego
Pancake: Frequency Smoothing for Encrypted Data Stores
Paul Grubbs, Cornell Tech; Anurag Khandelwal, Yale University; Marie-Sarah Lacharité, Royal Holloway, University of London; Lloyd Brown, University of California, Berkeley; Lucy Li, Cornell Tech; Rachit Agarwal, Cornell University; Thomas Ristenpart, Cornell Tech
Composition Kills: A Case Study of Email Sender Authentication
Jianjun Chen, International Computer Science Institute; Vern Paxson, University of California Berkeley and International Computer Science Institute; Jian Jiang, Shape Security
The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums
Emily Tseng, Cornell University; Rosanna Bellini, Open Lab, Newcastle University; Nora McDonald, University of Maryland, Baltimore County; Matan Danos, Weizmann Institute of Science; Rachel Greenstadt, New York University; Damon McCoy, New York University; Nicola Dell, Cornell Tech; Thomas Ristenpart, Cornell Tech
Symbolic execution with SymCC: Don't interpret, compile!
Sebastian Poeplau, EURECOM; Aurélien Francillon, EURECOM
The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs
Maik Ender, Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany; Amir Moradi, Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany; Christof Paar, Max Planck Institute for Cyber Security and Privacy and Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany
Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis
Sathvik Prasad, North Carolina State University; Elijah Bouma-Sims, North Carolina State University; Athishay Kiran Mylappan, North Carolina State University; Bradley Reaves, North Carolina State University
Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
Daniel Votipka, University of Maryland; Kelsey R. Fulton, University of Maryland; James Parker, University of Maryland; Matthew Hou, University of Maryland; Michelle L. Mazurek, University of Maryland; Michael Hicks, University of Maryland
Datalog Disassembly
Antonio Flores-Montoya, GrammaTech Inc.; Eric Schulte, GrammaTech Inc.
A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web
Elissa M. Redmiles, University of Maryland; Noel Warford, University of Maryland; Amritha Jayanti, University of Maryland; Aravind Koneru, University of Maryland; Sean Kross, University of California, San Diego; Miraida Morales, Rutgers University; Rock Stevens, University of Maryland; Michelle L. Mazurek, University of Maryland
2019 Computer Security and Privacy in the Interactions Between Victim Service Providers and Human Trafficking Survivors
Christine Chen, University of Washington; Nicola Dell, Cornell Tech; Franziska Roesner, University of Washington
Users Really Do Answer Telephone Scams
Huahong Tu, University of Maryland; Adam Doupé, Arizona State University; Ziming Zhao, Rochester Institute of Technology; Gail-Joon Ahn, Arizona State University and Samsung Research
Detecting and Characterizing Lateral Phishing at Scale
Grant Ho, UC Berkeley and Barracuda Networks; Asaf Cidon, Barracuda Networks and Columbia University; Lior Gavish, Barracuda Networks; Marco Schweighauser, Barracuda Networks; Vern Paxson, UC Berkeley and ICSI; Stefan Savage, UC San Diego; Geoffrey M. Voelker, UC San Diego; David Wagner, UC Berkeley
ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
Anjo Vahldiek-Oberwagner, Max Planck Institute for Software Systems, Saarland Informatics Campus; Eslam Elnikety, Max Planck Institute for Software Systems, Saarland Informatics Campus; Nuno O. Duarte, Max Planck Institute for Software Systems, Saarland Informatics Campus; Michael Sammler, Max Planck Institute for Software Systems, Saarland Informatics Campus; Peter Druschel, Max Planck Institute for Software Systems, Saarland Informatics Campus; Deepak Garg, Max Planck Institute for Software Systems, Saarland Informatics Campus
50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System
Joel Reardon, University of Calgary / AppCensus Inc.; Álvaro Feal, IMDEA Networks Institute / Universidad Carlos III Madrid; Primal Wijesekera, U.C. Berkeley / ICSI; Amit Elazari Bar On, U.C. Berkeley; Narseo Vallina-Rodriguez, IMDEA Networks Institute / ICSI / AppCensus Inc.; Serge Egelman, U.C. Berkeley / ICSI / AppCensus Inc.
Protecting accounts from credential stuffing with password breach alerting
Kurt Thomas, Google; Jennifer Pullman, Google; Kevin Yeo, Google; Ananth Raghunathan, Google; Patrick Gage Kelley, Google; Luca Invernizzi, Google; Borbala Benko, Google; Tadek Pietraszek, Google; Sarvar Patel, Google; Dan Boneh, Stanford; Elie Bursztein, Google
2018 Fear the Reaper: Characterization and Fast Detection of Card Skimmers
Nolen Scaife, University of Florida; Christian Peeters, University of Florida; Patrick Traynor, University of Florida
Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies
Gertjan Franken, imec-Distrinet, KU Leuven; Tom Van Goethem, imec-Distrinet, KU Leuven; Wouter Joosen, imec-Distrinet, KU Leuven
The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level
Rock Stevens, University of Maryland; Daniel Votipka, University of Maryland; Elissa M. Redmiles, University of Maryland; Colin Ahern, NYC Cyber Command; Patrick Sweeney, Wake Forest University; Michelle L. Mazurek, University of Maryland
NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications
Abeer Alhuzali, University of Illinois at Chicago; Rigel Gjomemo, University of Illinois at Chicago; Birhanu Eshete, University of Illinois at Chicago; V.N. Venkatakrishnan, University of Illinois at Chicago
QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
Insu Yun, Georgia Institute of Technology; Sangho Lee, Georgia Institute of Technology; Meng Xu, Georgia Institute of Technology; Yeongjin Jang, Oregon State University; Taesoo Kim, Georgia Institute of Technology
2017 CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
Adrian Tang, Columbia University; Simha Sethumadhavan, Columbia University; Salvatore Stolfo, Columbia University
A Longitudinal, End-to-End View of the DNSSEC Ecosystem
Taejoong Chung, Northeastern University; Roland van Rijswijk-Deij, University of Twente and SURFnet bv; Balakrishnan Chandrasekaran, TU Berlin; David Choffnes, Northeastern University; Dave Levin, University of Maryland; Bruce M. Maggs, Duke University and Akamai Technologies; Alan Mislove, Northeastern University; Christo Wilson, Northeastern University
Loophole: Timing Attacks on Shared Event Loops in Chrome
Pepe Vila, IMDEA Software Institute & Technical University of Madrid (UPM); Boris Köpf, IMDEA Software Institute
Detecting Credential Spearphishing in Enterprise Settings
Grant Ho, UC Berkeley; Aashish Sharma, The Lawrence Berkeley National Labratory; Mobin Javed, UC Berkeley; Vern Paxson, UC Berkeley and ICSI; David Wagner, UC Berkeley
MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning
Shiqing Ma, Purdue University; Juan Zhai, Nanjing University; Fei Wang, Purdue University; Kyu Hyung Lee, University of Georgia; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue University
Vale: Verifying High-Performance Cryptographic Assembly Code
Barry Bond, Microsoft Research; Chris Hawblitzel, Microsoft Research; Manos Kapritsos, University of Michigan; K. Rustan M. Leino, Microsoft Research; Jacob R. Lorch, Microsoft Research; Bryan Parno, Carnegie Mellon University; Ashay Rane, The University of Texas at Austin; Srinath Setty, Microsoft Research; Laure Thompson, Cornell University
2016 The Million-Key Question—Investigating the Origins of RSA Public Keys
Petr Švenda, Masaryk University; Matúš Nemec, Masaryk University; Peter Sekan, Masaryk University; Rudolf Kvašňovský, Masaryk University; David Formánek, Masaryk University; David Komárek, Masaryk University; Vashek Matyáš, Masaryk University
ZKBoo: Faster Zero-Knowledge for Boolean Circuits
Irene Giacomelli, Aarhus University; Jesper Madsen, Aarhus University; Claudio Orlandi, Aarhus University
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
William Melicher, Carnegie Mellon University; Blase Ur, Carnegie Mellon University; Sean M. Segreti, Carnegie Mellon University; Saranga Komanduri, Carnegie Mellon University; Lujo Bauer, Carnegie Mellon University; Nicolas Christin, Carnegie Mellon University; Lorrie Faith Cranor, Carnegie Mellon University
2015 Under-Constrained Symbolic Execution: Correctness Checking for Real Code
David A. Ramos, Stanford University; Dawson Engler, Stanford University
All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS
Mathy Vanhoef, Katholieke Universiteit Leuven; Frank Piessens, Katholieke Universiteit Leuven
2014 Automatically Detecting Vulnerable Websites Before They Turn Malicious
Kyle Soska, Carnegie Mellon University; Nicolas Christin, Carnegie Mellon University
DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse
Brendan Saltaformaggio, Purdue University; Zhongshu Gu, Purdue University; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue University
Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing
Matthew Fredrikson, University of Wisconsin—Madison; Eric Lantz, University of Wisconsin—Madison; Somesh Jha, University of WisconsinMadison; Simon Lin, Marshfield Clinic Research Foundation; David Page, University of Wisconsin—Madison; Thomas Ristenpart, University of Wisconsin—Madison
2013 Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation
Frank Imeson, University of Waterloo; Ariq Emtenan, University of Waterloo; Siddharth Garg, University of Waterloo; Mahesh Tripunitara, University of Waterloo
Control Flow Integrity for COTS Binaries
Mingwei Zhang, Stony Brook University; R. Sekar, Stony Brook University
2012 Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider
Ariel J. Feldman, Princeton University; Aaron Blankstein, Princeton University; Michael J. Freedman, Princeton University; Edward W. Felten, Princeton University
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
Nadia Heninger, University of California, San Diego; Zakir Durumeric, University of Michigan; Eric Wustrow, University of Michigan; J. Alex Halderman, University of Michigan

NDSS

Distinguished Paper Award

Year Paper
2024 Like, Comment, Get Scammed: Characterizing Comment Scams on Media Platforms
Xigao Li (Stony Brook University), Amir Rahmati (Stony Brook University), Nick Nikiforakis (Stony Brook University)
UntrustIDE: Exploiting Weaknesses in VS Code Extensions
Elizabeth Lin (North Carolina State University), Igibek Koishybayev (North Carolina State University), Trevor Dunlap (North Carolina State University), William Enck (North Carolina State University), Alexandros Kapravelos (North Carolina State University)
Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality
Shiqing Luo (George Mason University), Anh Nguyen (George Mason University), Hafsa Farooq (Georgia State University), Kun Sun (George Mason University), Zhisheng Yan (George Mason University)
LMSanitator: Defending Prompt-Tuning Against Task-Agnostic Backdoors
Chengkun Wei (Zhejiang University), Wenlong Meng (Zhejiang University), Zhikun Zhang (CISPA Helmholtz Center for Information Security and Stanford University), Min Chen (CISPA Helmholtz Center for Information Security), Minghu Zhao (Zhejiang University), Wenjing Fang (Ant Group), Lei Wang (Ant Group), Zihui Zhang (Zhejiang University), Wenzhi Chen (Zhejiang University)
2023 Your Router is My Prober: Measuring IPv6 Networks via ICMP Rate Limiting Side Channels
Long Pan (Tsinghua University), Jiahai Yang (Tsinghua University), Lin He (Tsinghua University), Zhiliang Wang (Tsinghua University), Leyao Nie (Tsinghua University), Guanglei Song (Tsinghua University), Yaozhong Liu (Tsinghua University)
DARWIN: Survival of the Fittest Fuzzing Mutators
Patrick Jauernig (Technical University of Darmstadt), Domagoj Jakobovic (University of Zagreb, Croatia), Stjepan Picek (Radboud University and TU Delft), Emmanuel Stapf (Technical University of Darmstadt), Ahmad-Reza Sadeghi (Technical University of Darmstadt)
2022 Preventing Kernel Hacks with HAKCs
Derrick McKee (Purdue University), Yianni Giannaris (MIT CSAIL), Carolina Ortega (MIT CSAIL), Howard Shrobe (MIT CSAIL), Mathias Payer (EPFL), Hamed Okhravi (MIT Lincoln Laboratory), Nathan Burow (MIT Lincoln Laboratory)
2021 Awakening the Web’s Sleeper Agents: Misusing Service Workers for Privacy Leakage
Soroush Karami, Panagiotis Ilia, Jason Polakis (University of Illinois at Chicago)
2020 Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites
Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori
2019 MBeacon: Privacy-Preserving Beacons for DNA Methylation Data
Inken Hagestedt (CISPA Helmholtz Center for Information Security), Yang Zhang (CISPA Helmholtz Center for Information Security), Mathias Humbert (Swiss Data Science Center, ETH Zurich/EPFL), Pascal Berrang (CISPA Helmholtz Center for Information Security), Haixu Tang (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington), Michael Backes (CISPA Helmholtz Center for Information Security)
Establishing Software Root of Trust Unconditionally
Virgil D. Gligor (Carnegie Mellon University), Maverick S. L. Woo (Carnegie Mellon University)
Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs
Eihal Alowaisheq (Indiana University, King Saud University), Peng Wang (Indiana University), Sumayah Alrwais (King Saud University), Xiaojing Liao (Indiana University), XiaoFeng Wang (Indiana University), Tasneem Alowaisheq (Indiana University, King Saud University), Xianghang Mi (Indiana University), Siyuan Tang (Indiana University), Baojun Liu (Tsinghua University)
Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai
Orcun Cetin (Delft University of Technology), Carlos Ganan (Delft University of Technology), Lisette Altena (Delft University of Technology), Takahiro Kasama (National Institute of Information and Communications Technology), Daisuke Inoue (National Institute of Information and Communications Technology), Kazuki Tamiya (Yokohama National University), Ying Tie (Yokohama National University), Katsunari Yoshioka (Yokohama National University), Michel van Eeten (Delft University of Technology)
2018 Knock Knock, Who’s There? Membership Inference on Aggregate Location Data
Apostolos Pyrgelis (UCL), Carmela Troncoso (EPFL), and Emiliano De Cristofaro (UCL)
Resolving the Predicament of Android Custom Permissions
Güliz Seray Tuncay, Soteris Demetriou, Karan Ganju, and Carl Gunter (UIUC)
2017 Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
Najmeh Miramirkhani, Oleksii Starov, Nick Nikiforakis
Ramblr: Making Reassembly Great Again
Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna

About

This repo collects the best papers from top 4 computer security conferences, including IEEE S&P, ACM CCS, USENIX Security, and NDSS.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published