Editor's Picks
Best Talks at 33rd USENIX Security Symposium
Hand-picked from in-depth reviewer verdicts — the top 12 talks from this conference. Skip the noise, find the signal.
-
1
"I chose to fight, be brave, and to deal with it": Threat Experiences and Security Practices of Pakistani Content Creators
Lea Gröber, Waleed Arshad, Shanza, Angelica Goetzen, Elissa M. Redmiles, Maryam Mustafa, Katharina Krombholz
This compelling talk, "I chose to fight, be brave, and to deal with it": Threat Experiences and Security Practices of Pakistani Content Creators," delivered at USENIX Security '24, sheds critical light on the severe and often life-threatening challenges faced by content…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
2
INSIGHT: Attacking Industry-Adopted Learning Resilient Logic Locking Techniques Using Explainable Graph Neural Network
Lakshmi Likhitha Mankali, Ozgur Sinanoglu, Satwik Patnaik
In an era defined by a globalized IC supply chain, hardware security vulnerabilities have become a paramount concern, particularly **Hardware IP piracy**. This talk, presented by Lakshmi Likhitha Mankali, Ozgur Sinanoglu, and Satwik Patnaik, delves into the critical challenge…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
3
Lotto: Secure Participant Selection against Adversarial Servers in Federated Learning
Zhifeng Jiang, Peng Ye, Shiqi He, Wei Wang, Ruichuan Chen, Bo Li
The talk "Lotto: Secure Participant Selection against Adversarial Servers in Federated Learning" introduces a pioneering framework designed to fortify the privacy and security of Federated Learning (FL) against a significant, previously unaddressed vulnerability: the malicious…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
4
Diffie-Hellman Picture Show: Key Exchange Stories from Commercial VoWiFi Deployments
Gabriel K. Gegenhuber, Florian Holzbauer, Philipp É. Frenzel, Edgar Weippl, Adrian Dabrowski
This talk, "Diffie-Hellman Picture Show," presented by Gabriel K. Gegenhuber from the University of Vienna, delves into the critical security landscape of Voice over Wi-Fi (VoWiFi), also known as Wi-Fi Calling. VoWiFi has become a preferred channel for mobile operators due to…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
5
InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2
Sander Wiebing
In the realm of modern CPU architecture, speculative execution vulnerabilities like Spectre continue to pose a significant threat to system security. This talk, "InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2," presented by Sander…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
6
Towards Privacy-Preserving Social-Media SDKs on Android
Haoran Lu
In an era where mobile applications are increasingly reliant on third-party libraries, the security and privacy implications of these dependencies have become a critical concern. Haoran Lu's talk, "Towards Privacy-Preserving Social-Media SDKs on Android," addresses a…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
7
Racing for TLS Certificate Validation: A Hijacker's Guide to the Android TLS Galaxy
Sajjad Pourali, Xiufen Yu, Lianying Zhao, Mohammad Mannan, Amr Youssef
The security of mobile application communication hinges critically on the proper validation of **TLS certificates** presented by servers. While prior research has extensively documented vulnerabilities related to improper certificate validation in Android applications, a…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
8
SoK: The Good, The Bad, and The Unbalanced: Measuring Structural Limitations of Deepfake Media Datasets
Seth Layton
In an era where synthetic media, or **deepfakes**, are becoming increasingly sophisticated and prevalent, the security community faces a critical challenge in accurately detecting them. This talk, "SoK: The Good, The Bad, and The Unbalanced: Measuring Structural Limitations of…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
9
Can I Hear Your Face? Pervasive Attack on Voice Authentication Systems with a Single Face Image
Nan Jiang, Jun Han
This talk introduces "Voice," a groundbreaking generative model that demonstrates a pervasive new attack vector against voice authentication systems. Traditionally, deepfake attacks on voice authentication require high-quality voice recordings of the victim, which are often…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
10
CacheWarp: Software-based Fault Injection using Selective State Reset
Ruiyi Zhang, Youheng Lü, Andreas Kogler, Michael Schwarz
In a groundbreaking presentation at USENIX Security '24, Ruiyi Zhang and Youheng Lü unveiled **CacheWarp**, a novel software-based fault injection attack that fundamentally compromises the integrity guarantees of AMD's Secure Encrypted Virtualization-Secure Nested Paging…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
11
MOAT: Towards Safe BPF Kernel Extension
Hongyi Lu, Shuai Wang, Yechang Wu, Wanning He, Fengwei Zhang
The talk "MOAT: Towards Safe BPF Kernel Extension" by Hongyi Lu and colleagues from SASC and HK addresses a critical security challenge within the rapidly expanding **extended Berkeley Packet Filter (eBPF)** ecosystem. eBPF, a powerful **kernel virtual machine** that allows…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
12
LanDscAPe: Exploring LDAP Weaknesses and Data Leaks at Internet Scale
Jonas Kaspereit, Gurur Öndarö, Gustavo Luvizotto Cesar, Simon Ebbers, Fabian Ising, Christoph Saatjohann, Mattijs Jonker, Ralph Holz, Sebastian Schinzel
This talk, presented by Jonas Kaspereit and a team of researchers from FH Münster and other institutions, unveils the findings of a groundbreaking, internet-wide study into the security posture of Lightweight Directory Access Protocol (**LDAP**) servers. Titled "LanDscAPe," the…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★