IEEE European Symposium on Security and Privacy

IEEE EuroS&P 2022 - Topics

Topics are based on selections by the authors. The same paper may be listed under multiple topics.

Access control

SAUSAGE: Security Analysis of Unix domain Socket Usage in Android (Mounir Elgharabawy, Blas Kojusner, Mohammad Mannan, Kevin R. B. Butler, Byron Williams, Amr Youssef) [Paper] [Artifact]
Transparent DIFC: Harnessing Innate Application Event Logging for Fine-Grained Decentralized Information Flow Control (Jason Liu, Anant Kandikuppa, Adam Bates) [Artifact]

Adversarial Machine Learning

aaeCAPTCHA: The Design and Implementation of Audio Adversarial CAPTCHA (Md Imran Hossen, Xiali Hei) [Paper] [Artifact]
Captcha me if you can: Imitation Games with Reinforcement Learning (Ilias Tsingenopoulos, Davy Preuveneers, Lieven Desmet, Wouter Joosen) [Artifact]
Dynamic Backdoor Attacks Against Machine Learning Models (Ahmed Salem, Rui Wen, Michael Backes, Shiqing Ma, Yang Zhang) [Paper] [Artifact]
GRAPHITE: Generating Automatic Physical Examples for Machine-Learning Attacks on Computer Vision Systems (Ryan Feng, Neal Mangaokar, Jiefeng Chen, Earlence Fernandes, Somesh Jha, Atul Prakash) [Paper] [Artifact]
Towards Fair and Robust Classification (Haipei Sun, Kun Wu, Ting Wang, Wendy Hui Wang) [Artifact]
TrojanZoo: Towards Unified, Holistic, and Practical Evaluation of Neural Backdoors (Ren Pang, Zheng Zhang, Xiangshan Gao, Zhaohan Xi, Shouling Ji, Peng Cheng, Xiapu Luo, Ting Wang) [Paper] [Artifact]

Application security

Fuzzing with Data Dependency Information (Alessandro Mantovani, Andrea Fioraldi, Davide Balzarotti) [Paper] [Artifact]
HARM: Hardware-assisted Continuous Re-randomization for Microcontrollers (Jiameng Shi, Le Guan, Wenqiang Li, Dayou Zhang, Ping Chen, Ning Zhang) [Artifact]
Lightweight, Multi-Stage, Compiler-Assisted Application Specialization (Mohannad Alhanahnah, Rithik Jain, Vaibhav Rastogi, Somesh Jha, Thomas Reps) [Paper] [Artifact]
xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64 (Lukas Bernhard, Michael Rodler, Thorsten Holz, Lucas Davi) [Paper] [Artifact]

Attacks on systems

DNN Model Architecture Fingerprinting Attack on CPU-GPU Edge Devices (Kartik Patwari, Syed Mahbub Hafiz, Han Wang, Houman Homayoun, Zubair Shafiq, Chen-Nee Chuah) [Artifact]
HyperLogLog: Exponentially Bad in Adversarial Settings (Kenneth G. Paterson, Mathilde Raynal) [Paper] [Artifact]
LockedDown: Exploiting Contention on Host-GPU PCIe Bus for Fun and Profit (Mert Side, Fan Yao, Zhenkai Zhang) [Artifact]
SAUSAGE: Security Analysis of Unix domain Socket Usage in Android (Mounir Elgharabawy, Blas Kojusner, Mohammad Mannan, Kevin R. B. Butler, Byron Williams, Amr Youssef) [Paper] [Artifact]
Signature Correction Attack on Dilithium Signature Scheme (Saad Islam, Koksal Mus, Richa Singh, Patrick Schaumont, Berk Sunar) [Paper] [Artifact]
SoK: Cryptanalysis of Encrypted Search with LEAKER - A framework for LEakage AttacK Evaluation on Real-world data (Seny Kamara, Abdelkarim Kati, Tarik Moataz, Thomas Schneider, Amos Treiber, Michael Yonli) [Paper] [Artifact]
Transformer-based Extraction of Deep Image Models (Verena Battis, Alexander Penner) [Artifact]
xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64 (Lukas Bernhard, Michael Rodler, Thorsten Holz, Lucas Davi) [Paper] [Artifact]

Authentication

Lethe: Practical Data Breach Detection with Zero Persistent Secret State (Antreas Dionysiou, Elias Athanasopoulos) [Artifact]
SoK: Oblivious Pseudorandom Functions (Sílvia Casacuberta, Julia Hesse, Anja Lehmann) [Paper]
WatchAuth: User Authentication and Intent Recognition in Mobile Payments using a Smartwatch (Jack Sturgess, Simon Eberz, Ivo Sluganovic, Ivan Martinovic) [Artifact]

Blockchain and Cryptocurrency

Cross Chain Atomic Swaps in the Absence of Time via Attribute Verifiable Timed Commitments (Yacov Manevich, Adi Akavia) [Artifact]
SoK: Privacy-Preserving Computing in the Blockchain Era (Ghada Almashaqbeh, Ravital Solomon) [Paper]

Cryptographic approaches to to security and privacy

CostCO: An automatic cost modeling framework for secure multi-party computation (Vivian Fang, Lloyd Brown, William Lin, Wenting Zheng, Aurojit Panda, Raluca Ada Popa) [Artifact]
Cross Chain Atomic Swaps in the Absence of Time via Attribute Verifiable Timed Commitments (Yacov Manevich, Adi Akavia) [Artifact]
EZEE: Epoch Parallel Zero Knowledge for ANSI C (Yibin Yang, David Heath, Vladimir Kolesnikov, David Devecsery)
HyperLogLog: Exponentially Bad in Adversarial Settings (Kenneth G. Paterson, Mathilde Raynal) [Paper] [Artifact]
Signature Correction Attack on Dilithium Signature Scheme (Saad Islam, Koksal Mus, Richa Singh, Patrick Schaumont, Berk Sunar) [Paper] [Artifact]
SoK: Cryptanalysis of Encrypted Search with LEAKER - A framework for LEakage AttacK Evaluation on Real-world data (Seny Kamara, Abdelkarim Kati, Tarik Moataz, Thomas Schneider, Amos Treiber, Michael Yonli) [Paper] [Artifact]
SoK: Oblivious Pseudorandom Functions (Sílvia Casacuberta, Julia Hesse, Anja Lehmann) [Paper]
SoK: Privacy-Preserving Computing in the Blockchain Era (Ghada Almashaqbeh, Ravital Solomon) [Paper]
We Can Make Mistakes: Fault-tolerant Forward Private Verifiable Dynamic Searchable Symmetric Encryption (Dandan Yuan, Shujie Cui, Giovanni Russello) [Paper] [Artifact]

Distributed systems security

HyperLogLog: Exponentially Bad in Adversarial Settings (Kenneth G. Paterson, Mathilde Raynal) [Paper] [Artifact]

Formal methods

Compositional Information Flow Monitoring for Reactive Programs (McKenna McCall, Abhishek Bichhawat, Limin Jia) [Paper] [Artifact]

Hardware security

DNN Model Architecture Fingerprinting Attack on CPU-GPU Edge Devices (Kartik Patwari, Syed Mahbub Hafiz, Han Wang, Houman Homayoun, Zubair Shafiq, Chen-Nee Chuah) [Artifact]
LockedDown: Exploiting Contention on Host-GPU PCIe Bus for Fun and Profit (Mert Side, Fan Yao, Zhenkai Zhang) [Artifact]
Signature Correction Attack on Dilithium Signature Scheme (Saad Islam, Koksal Mus, Richa Singh, Patrick Schaumont, Berk Sunar) [Paper] [Artifact]

Intrusion detection

SIERRA: Ranking Anomalous Activities in Enterprise Networks (Jehyun Lee, Farren Tang, Phyo May Thet, Desmond Yeoh, Mitch Rybczynski, Dinil Mon Divakaran) [Paper]
SoK: The Impact of Unlabelled Data in Cyberthreat Detection (Giovanni Apruzzese, Pavel Laskov, Aliya Tastemirova) [Artifact]

IoT security

Difficult for Thee, But Not for Me: Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware (Elsa Rodríguez, Max Fukkink, Simon Parkin, Michel van Eeten, Carlos Gañán) [Paper]
DNN Model Architecture Fingerprinting Attack on CPU-GPU Edge Devices (Kartik Patwari, Syed Mahbub Hafiz, Han Wang, Houman Homayoun, Zubair Shafiq, Chen-Nee Chuah) [Artifact]
HARM: Hardware-assisted Continuous Re-randomization for Microcontrollers (Jiameng Shi, Le Guan, Wenqiang Li, Dayou Zhang, Ping Chen, Ning Zhang) [Artifact]
Investigating Graph Embedding Methods for Cross-Platform Binary Code Similarity Detection (Victor Cochard, Damian Pfammatter, Chi Thang Duong, Mathias Humbert) [Artifact]
Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers (Huikai Xu, Miao Yu, Yanhao Wang, Yue Liu, Qinsheng Hou, Zhenbang Ma, Haixin Duan, Jianwei Zhuge, Baojun Liu) [Artifact]
WatchAuth: User Authentication and Intent Recognition in Mobile Payments using a Smartwatch (Jack Sturgess, Simon Eberz, Ivo Sluganovic, Ivan Martinovic) [Artifact]

Language-based security and privacy

Compositional Information Flow Monitoring for Reactive Programs (McKenna McCall, Abhishek Bichhawat, Limin Jia) [Paper] [Artifact]
Dynamic Policies Revisited (Amir M. Ahmadian, Musard Balliu) [Paper] [Artifact]

Machine learning applications to security and privacy

aaeCAPTCHA: The Design and Implementation of Audio Adversarial CAPTCHA (Md Imran Hossen, Xiali Hei) [Paper] [Artifact]
Captcha me if you can: Imitation Games with Reinforcement Learning (Ilias Tsingenopoulos, Davy Preuveneers, Lieven Desmet, Wouter Joosen) [Artifact]
DNN Model Architecture Fingerprinting Attack on CPU-GPU Edge Devices (Kartik Patwari, Syed Mahbub Hafiz, Han Wang, Houman Homayoun, Zubair Shafiq, Chen-Nee Chuah) [Artifact]
ILLUMINATI: Towards Explaining Graph Neural Networks for Cybersecurity Analysis (Haoyu He, Yuede Ji, H. Howie Huang) [Artifact]
Investigating Graph Embedding Methods for Cross-Platform Binary Code Similarity Detection (Victor Cochard, Damian Pfammatter, Chi Thang Duong, Mathias Humbert) [Artifact]
Modelling Direct Messaging Networks with Multiple Recipients for Cyber Deception (Kristen Moore, Cody Christopher, David Liebowitz, Nepal Surya, Renee Selvey) [Paper] [Artifact]
SIERRA: Ranking Anomalous Activities in Enterprise Networks (Jehyun Lee, Farren Tang, Phyo May Thet, Desmond Yeoh, Mitch Rybczynski, Dinil Mon Divakaran) [Paper]
SoK: The Impact of Unlabelled Data in Cyberthreat Detection (Giovanni Apruzzese, Pavel Laskov, Aliya Tastemirova) [Artifact]
Transformer-based Extraction of Deep Image Models (Verena Battis, Alexander Penner) [Artifact]
Unrolling SGD: Understanding Factors Influencing Machine Unlearning (Anvith Thudi, Gabriel Deza, Varun Chandrasekaran, Nicolas Papernot) [Paper] [Artifact]

Machine learning privacy issues and methods

Transformer-based Extraction of Deep Image Models (Verena Battis, Alexander Penner) [Artifact]
Unrolling SGD: Understanding Factors Influencing Machine Unlearning (Anvith Thudi, Gabriel Deza, Varun Chandrasekaran, Nicolas Papernot) [Paper] [Artifact]

Malware

Difficult for Thee, But Not for Me: Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware (Elsa Rodríguez, Max Fukkink, Simon Parkin, Michel van Eeten, Carlos Gañán) [Paper]

Measurement studies

Laser Meager Listener: A Scientific Exploration of Laser-based Speech Eavesdropping in Commercial User Space (Payton Walker, Nitesh Saxena) [Artifact]
SoK: All or Nothing - A Postmortem of Solutions to the Third-Party Script Inclusion Permission Model and a Path Forward (Steven Sprecher, Christoph Kerschbaumer, Engin Kirda) [Artifact]

Mobile security

SAUSAGE: Security Analysis of Unix domain Socket Usage in Android (Mounir Elgharabawy, Blas Kojusner, Mohammad Mannan, Kevin R. B. Butler, Byron Williams, Amr Youssef) [Paper] [Artifact]
WatchAuth: User Authentication and Intent Recognition in Mobile Payments using a Smartwatch (Jack Sturgess, Simon Eberz, Ivo Sluganovic, Ivan Martinovic) [Artifact]

Network security

Hide and Seek: Revisiting DNS-based User Tracking (Deliang Chang, Joann Qiongna Chen, Zhou Li, Xing Li) [Artifact]
HyperLogLog: Exponentially Bad in Adversarial Settings (Kenneth G. Paterson, Mathilde Raynal) [Paper] [Artifact]
SIERRA: Ranking Anomalous Activities in Enterprise Networks (Jehyun Lee, Farren Tang, Phyo May Thet, Desmond Yeoh, Mitch Rybczynski, Dinil Mon Divakaran) [Paper]

Privacy metrics

KGP Meter: Communicating Kin Genomic Privacy to the Masses (Mathias Humbert, Didier Dupertuis, Mauro Cherubini, Kévin Huguenin) [Paper] [Artifact]

Privacy-enhancing technologies

Hide and Seek: Revisiting DNS-based User Tracking (Deliang Chang, Joann Qiongna Chen, Zhou Li, Xing Li) [Artifact]
SoK: All or Nothing - A Postmortem of Solutions to the Third-Party Script Inclusion Permission Model and a Path Forward (Steven Sprecher, Christoph Kerschbaumer, Engin Kirda) [Artifact]
SoK: Cryptanalysis of Encrypted Search with LEAKER - A framework for LEakage AttacK Evaluation on Real-world data (Seny Kamara, Abdelkarim Kati, Tarik Moataz, Thomas Schneider, Amos Treiber, Michael Yonli) [Paper] [Artifact]
SoK: Oblivious Pseudorandom Functions (Sílvia Casacuberta, Julia Hesse, Anja Lehmann) [Paper]

Protocol security

HyperLogLog: Exponentially Bad in Adversarial Settings (Kenneth G. Paterson, Mathilde Raynal) [Paper] [Artifact]
Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers (Huikai Xu, Miao Yu, Yanhao Wang, Yue Liu, Qinsheng Hou, Zhenbang Ma, Haixin Duan, Jianwei Zhuge, Baojun Liu) [Artifact]

Secure information flow

Compositional Information Flow Monitoring for Reactive Programs (McKenna McCall, Abhishek Bichhawat, Limin Jia) [Paper] [Artifact]
Dynamic Policies Revisited (Amir M. Ahmadian, Musard Balliu) [Paper] [Artifact]
SoK: All or Nothing - A Postmortem of Solutions to the Third-Party Script Inclusion Permission Model and a Path Forward (Steven Sprecher, Christoph Kerschbaumer, Engin Kirda) [Artifact]
Transparent DIFC: Harnessing Innate Application Event Logging for Fine-Grained Decentralized Information Flow Control (Jason Liu, Anant Kandikuppa, Adam Bates) [Artifact]

Security and privacy policies

SoK: All or Nothing - A Postmortem of Solutions to the Third-Party Script Inclusion Permission Model and a Path Forward (Steven Sprecher, Christoph Kerschbaumer, Engin Kirda) [Artifact]

Security architectures

xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64 (Lukas Bernhard, Michael Rodler, Thorsten Holz, Lucas Davi) [Paper] [Artifact]

System security

HARM: Hardware-assisted Continuous Re-randomization for Microcontrollers (Jiameng Shi, Le Guan, Wenqiang Li, Dayou Zhang, Ping Chen, Ning Zhang) [Artifact]
LockedDown: Exploiting Contention on Host-GPU PCIe Bus for Fun and Profit (Mert Side, Fan Yao, Zhenkai Zhang) [Artifact]
SAUSAGE: Security Analysis of Unix domain Socket Usage in Android (Mounir Elgharabawy, Blas Kojusner, Mohammad Mannan, Kevin R. B. Butler, Byron Williams, Amr Youssef) [Paper] [Artifact]
SoK: Workerounds - Categorizing Service Worker Attacks and Mitigations (Karthika Subramani, Jordan Jueckstock, Alexandros Kapravelos, Roberto Perdisci) [Artifact]
Transparent DIFC: Harnessing Innate Application Event Logging for Fine-Grained Decentralized Information Flow Control (Jason Liu, Anant Kandikuppa, Adam Bates) [Artifact]
WatchAuth: User Authentication and Intent Recognition in Mobile Payments using a Smartwatch (Jack Sturgess, Simon Eberz, Ivo Sluganovic, Ivan Martinovic) [Artifact]
xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64 (Lukas Bernhard, Michael Rodler, Thorsten Holz, Lucas Davi) [Paper] [Artifact]

Usability

Difficult for Thee, But Not for Me: Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware (Elsa Rodríguez, Max Fukkink, Simon Parkin, Michel van Eeten, Carlos Gañán) [Paper]

Web privacy

SoK: All or Nothing - A Postmortem of Solutions to the Third-Party Script Inclusion Permission Model and a Path Forward (Steven Sprecher, Christoph Kerschbaumer, Engin Kirda) [Artifact]
SoK: Oblivious Pseudorandom Functions (Sílvia Casacuberta, Julia Hesse, Anja Lehmann) [Paper]

Web security

aaeCAPTCHA: The Design and Implementation of Audio Adversarial CAPTCHA (Md Imran Hossen, Xiali Hei) [Paper] [Artifact]
Captcha me if you can: Imitation Games with Reinforcement Learning (Ilias Tsingenopoulos, Davy Preuveneers, Lieven Desmet, Wouter Joosen) [Artifact]
Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions (David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock, Martin Johns) [Artifact]
Lethe: Practical Data Breach Detection with Zero Persistent Secret State (Antreas Dionysiou, Elias Athanasopoulos) [Artifact]
SoK: All or Nothing - A Postmortem of Solutions to the Third-Party Script Inclusion Permission Model and a Path Forward (Steven Sprecher, Christoph Kerschbaumer, Engin Kirda) [Artifact]
SoK: Oblivious Pseudorandom Functions (Sílvia Casacuberta, Julia Hesse, Anja Lehmann) [Paper]