Monday 22 February 2021 | |||
| 07:00-07:20 | Monday Welcome and Opening Remarks | ||
| 07:20-08:20 | Monday Keynote | ||
| 08:20-08:40 | Break | ||
| 08:40-10:20 | Session 1A: Network Security
S80 - Peerlock: Flexsealing BGP F302 - A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers? F330 - OblivSketch: Oblivious Network Measurement as a Cloud Service F438 - ROV++: Improved Deployable Defense against BGP Hijacking F552 - Trust the Crowd: Wireless Witnessing to Detect Attacks on ADS-B-Based Air-Traffic Surveillance |
Session 1B: Program Analysis 1
S55 - Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages S109 - Processing Dangerous Paths – On Security and Privacy of the Portable Document Format S112 - XDA: Accurate, Robust Disassembly with Transfer Learning F117 - Shadow Attacks: Hiding and Replacing Content in Signed PDFs F461 - KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel |
Session 1C: Privacy
20F199 - Designing a Better Browser for Tor with BLAST S104 - Awakening the Web's Sleeper Agents: Misusing Service Workers for Privacy Leakage S159 - All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers F180 - Improving Signal's Sealed Sender F202 - Tales of Favicons and Caches: Persistent Tracking in Modern Browsers |
| 10:20-10:40 | Break | ||
| 10:40-12:00 | Session 2A: Network Policies
S91 - Reining in the Web's Inconsistencies with Site Policy S134 - From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR F343 - Understanding the Growth and Security Considerations of ECS F378 - Mondrian: Comprehensive Inter-domain Network Zoning Architecture |
Session 2B: Program Analysis 2
S106 - Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework F118 - SymQEMU: Compilation-based symbolic execution for binaries F327 - TASE: Reducing Latency of Symbolic Execution with Transactional Memory F386 - Refining Indirect Call Targets at the Binary Level |
Session 2C: Crypto
S41 - Obfuscated Access and Search Patterns in Searchable Encryption S62 - More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes S116 - Forward and Backward Private Conjunctive Searchable Symmetric Encryption F162 - Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy |
Tuesday 23 February 2021 | |||
| 07:00-07:10 | Tuesday Welcome | ||
| 07:10-08:10 | Tuesday Keynote | ||
| 08:10-08:30 | Break | ||
| 08:30-10:10 | Session 3A: Web Security
S63 - Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks S139 - Deceptive Deletions for Protecting Withdrawn Posts on Social Media Platforms F28 - Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI F322 - To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media F550 - SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web |
Session 3B: Mobile Security
S161 - The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud F8 - Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks F76 - Understanding Worldwide Private Information Collection on Android F212 - On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices F479 - Preventing and Detecting State Inference Attacks on Android |
Session 3C: Blockchains
S108 - As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service F116 - RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness F164 - LaKSA: A Probabilistic Proof-of-Stake Protocol F188 - SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning F294 - Bitcontracts: Supporting Smart Contracts in Legacy Blockchains |
| 10:10-10:30 | Break | ||
| 10:30-12:10 | Session 4A: Network Protocols
F74 - QPEP: An Actionable Approach to Secure and Performant Broadband From Geostationary Orbit F363 - A Formal Analysis of the FIDO UAF Protocol F390 - PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification F401 - The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol F531 - NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces |
Session 4B: Side-channels and Speculation
20F86 - PhantomCache: Obfuscating Cache Conflicts with Localized Randomization S21 - Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel S137 - Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers F286 - Hunting the Haunter — Efficient Relational Symbolic Execution for Spectre with Haunted RelSE F466 - SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets |
Session 4C: Malware and Cyber-crime
20F329 - UISCOPE: Accurate, Instrumentation-free, Deterministic and Visible Attack Investigation F51 - Understanding and Detecting International Revenue Share Fraud F126 - Differential Training: A Generic Framework to Reduce Label Noises for Android Malware Detection F444 - MINOS: A Lightweight Real-Time Cryptojacking Detection System F475 - Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes |
Wednesday 24 February 2021 | |||
| 07:00-07:20 | Wednesday Welcome, Awards | ||
| 07:20-07:30 | Break | ||
| 07:30-08:50 | Session 5A: "Smart" Home
S111 - Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem F368 - IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery F464 - PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection F551 - EarArray: Defending against DolphinAttack via Acoustic Attenuation |
Session 5B: Software Defenses
20F449 - SODA: A Generic Online Detection Framework for Smart Contracts S126 - POP and PUSH: Demystifying and Defending against (Mach) Port-oriented Programming F78 - Доверя́й, но проверя́й: SFI safety for native-compiled Wasm F416 - Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning |
Session 5C: Machine Learning
S166 - Let’s Stride Blindfolded in a Forest: Sublinear Multi-Client Decision Trees Evaluation F293 - Practical Blind Membership Inference Attack via Differential Comparisons F351 - GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks F403 - FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data |
| 08:50-09:10 | Break | ||
| 09:10-10:30 | Session 6A: Fuzzing
F96 - PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles F224 - Favocado: Fuzzing Binding Code of JavaScript Engines Using Semantically Correct Test Cases F334 - WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning F486 - Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing |
Session 6B: Embedded Security
S13 - Evading Voltage-Based Intrusion Detection on Automotive CAN F159 - HERA: Hotpatching of Embedded Real-time Applications F308 - From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware F365 - BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols |
Session 6C: Federated Learning and Poisoning attacks
F119 - POSEIDON: Privacy-Preserving Federated Neural Network Learning F434 - FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping F498 - Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning F525 - Data Poisoning Attacks to Deep Learning Based Recommender Systems |
| 10:30-10:50 | Break | ||
| 10:50-12:10 | Session 7A: Forensics and Audits
S128 - C$^2$SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis F445 - ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation F549 - WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics |
Session 7B: Trusted Computing
S56 - DOVE: A Data-Oblivious Virtual Environment F57 - CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs F328 - Emilia: Catching Iago in Legacy Code |
Session 7C: Machine Learning Applications
F55 - CV-Inspector: Towards Automating Detection of Adblock Circumvention F67 - FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications F100 - PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps F260 - Towards Understanding and Detecting Cyberbullying in Real-world Images |
| 12:30-12:50 | Closing Remarks | ||