Browse Proceedings

Caches are an essential component in the performance-driven memory hierarchy of modern CPUs. However, they are also known to be vulnerable against a variety of timing side-channel attacks like Prime+Probe, Flush+Reload, and others. These allow ...

Trusted Execution Environments (TEEs) have long served as a prominent security measure for ensuring isolation and data privacy in cloud environments. However, their security foundations face challenges from numerous side-channel threats, ...

In recent years, many blockchain systems have progressively transitioned to proof-of-stake (PoS) consensus algorithms. These algorithms are not only more energy efficient than proof-of-work but are also well-studied and widely accepted within the ...

With the advancement of cyber technology, proactive security methods such as adversary emulation and leveraging Cyber Threat Intelligence (CTI) have become increasingly essential. Currently, some methods have achieved automatic mapping of ...

Embedded devices play critical roles in security and safety, demanding robust protection against fault injection attacks. Among the myriad of fault effects, the instruction skip fault model stands out due to its recurrent manifestation in silicon ...

Searchable symmetric encryption (SSE) schemes provide users with the ability to perform keyword searches on encrypted databases without the need for decryption. While this functionality is advantageous, it introduces the potential for inadvertent ...

The field of Automatic Exploit Generation (AEG) plays a pivotal role in the assessment of software vulnerabilities, automating the analysis for exploit creation. Although AEG systems are instrumental in probing for vulnerabilities, they often lack ...

In the era of Large Language Models (LLMs), developers establish content review conditions to comply with legal, policy, and societal requirements, aiming to prevent the generation of sensitive or restricted content due to considerations like ...

Video traffic is increasingly dominating the Internet, and most video platforms encrypt their transmissions to ensure content security and user privacy. However, attackers can still leverage traffic analysis methods to identify the being-watching ...

Distributed Denial-of-Service (DDoS) attacks continue to pose a significant threat to the Internet. While middlebox-based defenses offer high performance, they are costly and lack flexibility. Software-based defenses, on the other hand, provide ...

Cellular network users can be attacked through Rogue Base Stations (RBSes). 3G introduced network authentication as a mitigation. However, roaming partnerships between network operators allow requesting authentication vectors. This feature opens ...

Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks, although their generation suffers from poor scalability due to their combinatorial complexity. Current solutions ...

In recent years, a new research area called order-fairness has emerged within State Machine Replication (SMR). Its goal is to prevent malicious processes from reordering transactions, ensuring that the SMR output reflects the local orderings ...$\mathcal{}\mathrm{}$$\mathcal{}$

Trajectories, a specific type of mobility data, can be used for many useful data mining tasks. However, these trajectories also raises important privacy concerns due to their strong inference potential. In this work, we propose TUL-STEO, a novel ...

Vertical Federated Learning (VFL) focuses on handling vertically partitioned data over FL participants. Recent studies have discovered a significant vulnerability in VFL to backdoor attacks which specifically target the distinct characteristics of ...

In response to the rapidly evolving landscape of Information Technology (IT) and Operational Technology (OT) systems, automated vulnerability assessment is gaining prominence. While traditional scripted approaches are common, supervised and ...

Recent research has shown the viability of ransomware attacks on Ethereum Proof-of-Stake (PoS) validators, whereby an attacker that compromises a validator can threaten to perform slashable actions unless a ransom is paid. Given the size of ...

Federated learning is an emerging paradigm for distributed machine learning that enables clients to collaboratively train models while maintaining data privacy. However, this approach introduces vulnerabilities, notably the risk of backdoor ...

Given a fixed-size block, cryptographic block functions generate outputs by a sequence of bitwise operations. Block functions are widely used in the design of hash functions and stream ciphers. Their correct implementations hence are crucial to ...

We observe that server-aided message-locked encryption (MLE) and server-aided public key encryption with keyword search (PEKS) can be integrated into one cloud storage system to support both deduplication and keyword search over encrypted ...

Digital signatures guarantee long-term public verifiability and non-repudiation. However, in some applications, signatures can be stored by several actors and, later on (e.g., if leaked after an attack), those signatures could be adversarially ...

In this paper, we introduce a new framework for constructing linkable ring signatures (LRS). Our framework is based purely on signatures of knowledge (SoK) which allows one to issue signatures on behalf of any NP-statement using the corresponding ...$$

Fully Homomorphic Encryption (FHE) promises to secure our data on the untrusted cloud by allowing arbitrary computations on encrypted data. However, the malleability and flexibility provided by FHE schemes also open up arenas for integrity issues ...