Accepted Posters
The following posters will be presented at the USENIX Security ’22 Poster Session and Happy Hour on Wednesday, August 10, from 6:00 pm–7:30 pm.
CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel
Mengyuan Li, The Ohio State University; Yinqian Zhang, Southern University of Science and Technology; Huibo Wang and Kang Li, Baidu Security; Yueqiang Chen, NIO Security Research
Temporal System Call Specialization for Attack Surface Reduction
Seyedhamed Ghavamnia, Stony Brook University; Tapti Palit, Purdue University; Shachee Mishra, IBM Research; Michalis Polychronakis, Stony Brook University
Share First, Ask Later (or Never?) Studying Violations of GDPR's Explicit Consent in Android Apps
Trung Tin Nguyen, Michael Backes, Ninja Marnau, and Ben Stock, CISPA Helmholtz Center for Information Security
SEApp: Bringing Mandatory Access Control to Android Apps
Matthew Rossi and Dario Facchinetti, Università degli Studi di Bergamo; Enrico Bacis, Google; Marco Rosa, SAP Security Research; Stefano Paraboschi, Università degli Studi di Bergamo
Camel: Cryptographic Audits for Collaborative Machine Learning
Hidde Lycklama, Nicolas Küchler, Emanuel Opel, Lukas Burkhalter, and Anwar Hithnawi, ETH Zurich
The Privacy Management Layer
Nicolas Küchler, Emanuel Opel, Hidde Lycklama, Lukas Burkhalter, and Anwar Hithnawi, ETH Zurich
TXSPETOR: Uncovering Attacks in Ethereum from Transactions
Mengya Zhang, The Ohio State University; Xiaokuan Zhang, Georgia Institute of Technology; Yinqian Zhang, Southern University of Science and Technology; Zhiqiang Lin, The Ohio State University
U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild
Marius Musch and Martin Johns, TU Braunschweig
Hardening WASI using Landlock LSM
Marco Abbadini, Dario Facchinetti, Gianluca Oldani, Stefano Paraboschi, and Matthew Rossi, Università degli Studi di Bergamo
LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks
Jianliang Wu and Ruoyu Wu, Purdue University; Daniele Antonioli, EPFL & EURECOM; Mathias Payer, EPFL; Nils Ole Tippenhauer, CISPA Helmholtz Center for Information Security; Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi, Purdue University
PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking
Chong Xiang, Princeton University; Arjun Nitin Bhagoji, University of Chicago; Vikash Sehwag and Prateek Mittal, Princeton University
Developing a Psychometric Scale to Measure One's Valuation of Other People's Privacy
Rakibul Hasan, Arizona State University University; Rudolf Siegel, Rebecca Weil, and Katharina Krombholz, CISPA
Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT
Haohuang Wen, Ohio State University; Alfred Chen, UC Irvine; Zhiqiang Lin, Ohio State University
CACTI: Captcha Avoidance via Client-side TEE Integration
Yoshimichi Nakatsuka and Ercan Ozturk, University of California, Irvine; Andrew Paverd, Microsoft Research & Microsoft Security Response Center; Gene Tsudik, UCI
Stars Can Tell: A Robust Method to Defend against GPS Spoofing Attacks using Off-the-shelf Chipset
Shinan Liu, University of Chicago; Xiang Cheng and Hanchao Yang, Virginia Tech; Yuanchao Shu, Microsoft; Xiaoran Weng, University of Electronic Science and Technology of China; Ping Guo, City University of Hong Kong; Kexiong (Curtis) Zeng, Facebook; Gang Wang, University of Illinois at Urbana-Champaign; Yaling Yang, Virginia Tech
Data Recovery from “Scrubbed” NAND Flash Storage: Need for Analog Sanitization
Biswajit Ray, University of Alabama in Huntsville
Ghost Riding: A Queueing Approach for Vehicular Traffic Networks Sybil Attacks
Jhonatan Tavori and Hanoch Levy, Tel Aviv University
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
Kaiwen Shen, Chuhan Wang, and Minglei Guo, Tsinghua University; Xiaofeng Zheng, Tsinghua University; Qi An Xin Technology Research Institute; Chaoyi Lu and Baojun Liu, Tsinghua University; Yuxuan Zhao, North China Institute of Computing Technology; Shuang Hao, University of Texas at Dallas; Haixin Duan, Tsinghua University; Qi An Xin Technology Research Institute; Qingfeng Pan, Coremail technology co. ltd; Min Yang, Fudan University
Osiris: Automated Discovery of Microarchitectural Side Channels
Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, and Christian Rossow, CISPA Helmholtz Center for Information Security
Does Compliance Enforcement Work?: Evaluation of Certified Mobile-IoT Apps
Prianka Mandal, Amit Seal Ami, and Adwait Nadkarni, William & Mary
A Longitudinal and Comprehensive Study of the DANE Ecosystem in Email
Hyeonmin Lee, Seoul National University; Aniketh Girish, IMDEA Networks / Universidad Carlos III de Madrid; Roland van Rijswijk-Deij, University of Twente & NLnet Labs; Taekyoung "Ted" Kwon, Seoul National University; Taejoong Chung, Virginia Tech
Poseidon: A New Hash Function for Zero-Knowledge Proof Systems
Lorenzo Grassi, Radboud University Nijmegen; Dmitry Khovratovich, Ethereum Foundation and Dusk Network; Christian Rechberger, Graz University of Technology; Arnab Roy, University of Klagenfurt; Markus Schofnegger, Graz University of Technology
Silhouette: Efficient Protected Shadow Stacks for Embedded Systems
Jie Zhou, University of Rochester; Yufei Du, University of North Carolina at Chapel Hill; Zhuojia Shen, University of Rochester; Lele Ma, College of William and Mary; John Criswell, University of Rochester; Robert J. Walls, Worcester Polytechnic Institute
Kalεido: Real-Time Privacy Control for Eye-Tracking Systems
Jingjie Li, University of Wisconsin-Madison; Amrita Roy Chowdhury, University of California, San Diego; Kassem Fawaz and Younghyun Kim, University of Wisconsin-Madison
Privacy Preserving Traceable Logistics on Public Blockchain
Jongho Kim and Junhee Lee, Hanyang University; Jihye Kim, Kookmin University; Hyunok Oh, Hanyang University
Understanding Mistakes Developers Make: Qualitative Analysis from Build It, Break It, Fix It
Kelsey Fulton, University of Maryland; Daniel Votipka, Tufts University; James Parker, Galois, Inc; Michael Hicks, Matthew Hou, and Michelle Mazurek, University of Maryland
Abusing Hidden Properties to Attack the Node.js Ecosystem
Feng Xiao, Georgia Institute of Technology; Jianwei Huang, Texas A&M University; Yichang Xiong, Independent Researcher; GuangLiang Yang, Georgia Institute of Technology; Hong Hu, Pennsylvania State University; Guofei Gu, Texas A&M; Wenke Lee, Georgia Institute of Technology
SandTrap: Securing JavaScript-driven Trigger-Action Platforms
Mohammad M. Ahmadpanah, Chalmers University of Technology; Daniel Hedin, Chalmers University of Technology, Mälardalen University; Musard Balliu, KTH Royal Institute of Technology; Lars Eric Olsson and Andrei Sabelfeld, Chalmers University of Technology
We Exfiltrate Your Data at Video Rates, by Vibrating Your Sprinkler Pipes
Anku Adhikari, University of Illinois Urbana-Champaign; Samuel Guo, Carnegie Mellon University; Paris Smaragdis and Marianne Winslett, University of Illinois Urbana-Champaign
Adapting Security Warnings to Counter Disinformation
Ben Kaiser, Princeton University; Jerry Wei; Eli Lucherini, Kevin Lee, and Jonathan Mayer, Princeton University; J. Nathan Matias, Cornell University
Light Commands: Laser-Based Audio Injection on Voice-Controllable Systems
Takeshi Sugawara, The University of Electro-Communications; Benjamin Cyr, University of Michigan; Sara Rampazzi, University of Florida; Daniel Genkin, Georgia Tech; Kevin Fu, University of Michigan
Stealthy Tracking of Autonomous Vehicles with Cache Side Channels
Mulong Luo, Andrew Myers, and Edward Suh, Cornell University
Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks
Yue Zhang, The Ohio State University; Jian Weng, Jinan University; Rajib Dey, University of Central Florida; Yier Jin, University of Florida; Zhiqiang Lin, Ohio State University; Xinwen Fu, University of Central Florida
Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service
Zhibo “Eric” Sun, Drexel University; Adam Oest, PayPal, Inc.; Penghui Zhang, Arizona State University; Carlos Rubio-Medrano, Texas A&M University - Corpus Christi; Tiffany Bao and Ruoyu "Fish" Wang, Arizona State University; Ziming Zhao, Rochester Institute of Technology; Yan Shoshitaishvili, Adam Doupe, and Gail-Joon Ahn, Arizona State University
Towards (Re)constructing Attack Flow from Threat Report
Shota Fujii, Hitachi, Ltd./Okayama University; Nobutaka Kawaguchi and Tomohiro Shigemoto, Hitachi, Ltd.; Toshihiro Yamauchi, Okayama University
Identifying Harmful Media in End-to-End Encrypted Communication: Efficient Private Membership Computation
Anunay Kulshrestha and Jonathan Mayer, Princeton University
Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections
Tom Van Goethem, imec-DistriNet, KU Leuven; Christina Pöpper, New York University Abu Dhabi; Wouter Joosen, imec-DistriNet, KU Leuven; Mathy Vanhoef, New York University Abu Dhabi and KU Leuven
Minerva– An Efficient Risk-Limiting Ballot Polling Audit
Filip Zagorski; Poorvi Vora, The George Washington University; Neal McBurnett, Sarah Morin, and Grant MCClearn
Efficiency Analysis of Audit Log Reduction Techniques
Muhammad Adil Inam and Adam Bates, University of Illinois at Urbana-Champaign
Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations
Milad Nasr, Alireza Bahramali, and Amir Houmansadr, University of Massachusetts Amherst
EIFFeL: Ensuring Integrity for Federated Learning
Amrita Roy Chowdhury, UW-Madison; Chuan Guo, Meta AI; Somesh Jha, UW-Madison; Laurens van der Maaten, Meta AI
ExpRace: Exploiting Kernel Races through Raising Interrupts
Yoochan Lee, Seoul National University; Changwoo Min, Virginia Tech; Byoungyoung Lee, Seoul National University
An Investigation of the Android Kernel Patch Ecosystem
Zheng Zhang, Hang Zhang, and Zhiyun Qian, UC Riverside; Billy Lau, Google Inc.
Privacy and Integrity Preserving Computations with CRISP
Sylvain Chatel, Apostolos Pyrgelis, Juan Ramon Troncoso Pastoriza, and Jean-Pierre Hubaux, EPFL
Blind Backdoors in Deep Learning Models
Eugene Bagdasaryan and Vitaly Shmatikov, Cornell Tech
Evaluating Perception Attacks on Prediction and Planning of Autonomous Vehicles
Yanmao Man, University of Arizona; Raymond Muller, Purdue University; Ming Li, University of Arizona, Tucson; Z. Berkay Celik, Purdue University; Ryan Gerdes, Virginia Tech
Deep-Dup: An Adversarial Weight Duplication Attack Framework to Crush Deep Neural Network in Multi-Tenant FPGA
Adnan Siraj Rakin, Arizona State University; Yukui Luo and Xiaolin Xu, Northeastern University; Deliang Fan, Arizona State University
A Formal Foundation for Recoverability
Paul Crews, Google, Stanford University