34th USENIX Security Symposium (USENIX Security '25)

August 13-15, 2025 · Seattle, Washington · 438 talks

The 34th USENIX Security Symposium, a premier academic venue for cutting-edge security and privacy research.

→ See editor’s top picks at 34th USENIX Security Symposium (USENIX Security '25)

• Analyzing the AI Nudification Application Ecosystem — Cassidy Gibson
• Easy As Child's Play: An Empirical Study on Age Verification of Adult-Oriented Android Apps — Yifan Yao
• Abusability of Automation Apps in Intimate Partner Violence — Shirley Zhang

  This talk, presented by Shirley Zhang at USENIX Security, unveils a critical and often overlooked vector for intimate partner violence (IPV): the weaponization of readily available mobile automation…

• Malicious LLM-Based Conversational AI Makes Users Reveal Personal Information — Xiao Zhan

  This presentation by Xiao Zhan, delivered at USENIX Security, unveils a critical and emerging threat vector in the realm of artificial intelligence: **malicious conversational AI (CAI) agents**…

• An Industry Interview Study of Software Signing for Supply Chain Security — Kelechi G. Kalu

  Kelechi G. Kalu, a third-year PhD student at Purdue University, presented a seminal industry interview study on the practical implementation of software signing for supply chain security. This…

• Voluntary Investment, Mandatory Minimums, or Cyber Insurance: What Minimizes Losses? — Adam Hastings
• A First Look at Governments' Enterprise Security Guidance — Kimberly Ruth

  In an increasingly complex and interconnected digital landscape, organizations of all sizes frequently seek authoritative guidance on best practices for cybersecurity. Governments, often perceived…

• SoK: Can Synthetic Images Replace Real Data? A Survey of Utility and Privacy of Synthetic Image Generation — Yunsung Chung
• Characterizing and Detecting Propaganda-Spreading Accounts on Telegram — Klim Kireev
• GradEscape: A Gradient-Based Evader Against AI-Generated Text Detectors — Wenlong Meng
• Provably Robust Multi-bit Watermarking for AI-generated Text — Wenjie Qu
• HateBench: Benchmarking Hate Speech Detectors on LLM-Generated Content and Hate Campaigns — Xinyue Shen
• EmbedX: Embedding-Based Cross-Trigger Backdoor Attack Against Large Language Models — Nan Yan

  The rapid advancements in large language models (LLMs) such as GPT-4, LLaMA, and GPT-2 have revolutionized numerous natural language processing (NLP) tasks, from machine translation to question…

• Mind the Inconspicuous: Revealing the Hidden Weakness in Aligned LLMs' Refusal Boundaries — Jiahao Yu
• Game of Arrows: On the (In-)Security of Weight Obfuscation for On-Device TEE-Shielded LLM Partition Algorithms — Pengli Wang
• LLMmap: Fingerprinting for Large Language Models — Dario Pasquini
• Refusal Is Not an Option: Unlearning Safety Alignment of Large Language Models — Minkyoo Song
• Activation Approximations Can Incur Safety Vulnerabilities in Aligned LLMs: Comprehensive Analysis and Defense — Jiawen Zhang
• Narrowbeer: A Practical Replay Attack Against the Widevine DRM — Florian Roudot
• Lancet: A Formalization Framework for Crash and Exploit Pathology — Qinrun Dai
• Synthesis of Code-Reuse Attacks from p-code Programs — Mark DenHoed
• Sound and Efficient Generation of Data-Oriented Exploits via Programming Language Synthesis — Yuxi Ling
• My ZIP isn't your ZIP: Identifying and Exploiting Semantic Gaps Between ZIP Parsers — Yufan You

  In this compelling talk from USENIX Security, Yufan You presented groundbreaking research on **semantic gaps** in **ZIP file format** parsing, revealing a widespread and critical vulnerability…

• Tady: A Neural Disassembler without Structural Constraint Violations — Siliang Qin
• SoK: Towards a Unified Approach to Applied Replicability for Computer Security — Daniel Olszewski
• LLMxCPG: Context-Aware Vulnerability Detection Through Code Property Graph-Guided Large Language Models — Ahmed Lekssays
• X.509DoS: Exploiting and Detecting Denial-of-Service Vulnerabilities in Cryptographic Libraries using Crafted X.509 Certificates — Bing Shi

  In the realm of cybersecurity research, a significant amount of attention is typically directed towards vulnerabilities that compromise the **confidentiality** or **integrity** of data. However, the…

• Cyber-Physical Deception Through Coordinated IoT Honeypots — Chongqi Guan
• AutoLabel: Automated Fine-Grained Log Labeling for Cyber Attack Dataset Generation — Yihao Peng

  In the rapidly evolving landscape of cybersecurity, the ability to accurately detect and respond to sophisticated attacks hinges on the quality and availability of training data for security models…

• CoVault: Secure, Scalable Analytics of Personal Data — Roberta De Viti
• EvilEDR: Repurposing EDR as an Offensive Tool — Kotaiba Alachkar
• TAPAS: An Efficient Online APT Detection with Task-guided Process Provenance Graph Segmentation and Analysis — Bo Zhang
• Nothing is Unreachable: Automated Synthesis of Robust Code-Reuse Gadget Chains for Arbitrary Exploitation Primitives — Nicolas Bailluet
• BlueGuard: Accelerated Host and Guest Introspection Using DPUs — Meni Orenbach
• RollingEvidence: Autoregressive Video Evidence via Rolling Shutter Effect — Feng Qian

  In an era increasingly defined by sophisticated AI-driven manipulations, the integrity of video evidence has become a critical concern. The "RollingEvidence" system, presented by Feng Qian from Ant…

• From Constraints to Cracks: Constraint Semantic Inconsistencies as Vulnerability Beacons for Embedded Systems — Jiaxu Zhao

  In the rapidly expanding landscape of connected devices, embedded systems form the backbone of countless IoT and network infrastructures. However, as these systems grow in complexity, the prevalence…

• IRBlock: A Large-Scale Measurement Study of the Great Firewall of Iran — Jonas Tai
• Email Spoofing with SMTP Smuggling: How the Shared Email Infrastructures Magnify this Vulnerability — Chuhan Wang
• The Silent Danger in HTTP: Identifying HTTP Desync Vulnerabilities with Gray-box Testing — Keran Mu
• Censorship Evasion with Unidentified Protocol Generation — Ryan Wails
• Exposing and Circumventing SNI-based QUIC Censorship of the Great Firewall of China — Ali Zohaib
• Ares: Comprehensive Path Hijacking Detection via Routing Tree — Yinxiang Tao

  In an era where the internet underpins global communication and commerce, the integrity of its foundational routing protocols is paramount. Border Gateway Protocol (BGP) hijacking represents a…

• Trust but Verify: An Assessment of Vulnerability Tagging Services — Szu-Chun Huang
• Watch Out Your TV Box: Reversing and Blocking a P2P-based Illegal Streaming Ecosystem — Jungun Ahn
• Catch-22: Uncovering Compromised Hosts using SSH Public Keys — Cristian Munteanu

  In the realm of cybersecurity, the Secure Shell (SSH) protocol stands as a cornerstone for secure remote access and administration. However, its widespread adoption across over 40 million machines…

• USD: NSFW Content Detection for Text-to-Image Models via Scene Graph — Yuyang Zhang
• Exposing the Guardrails: Reverse-Engineering and Jailbreaking Safety Filters in DALL·E Text-to-Image Pipelines — Corban Villa
• On the Proactive Generation of Unsafe Images From Text-To-Image Models Using Benign Prompts — Yixin Wu
• Neural Invisibility Cloak: Concealing Adversary in Images via Compromised AI-driven Image Signal Processing — Wenjun Zhu
• Bridging the Gap in Vision Language Models in Identifying Unsafe Concepts Across Modalities — Yiting Qu
• Backdooring Bias (B^2) into Stable Diffusion Models — Ali Naseh
• Watch the Watchers! On the Security Risks of Robustness-Enhancing Diffusion Models — Changjiang Li
• Pretender: Universal Active Defense against Diffusion Finetuning Attacks — Zekun Sun
• Self-interpreting Adversarial Images — Tingwei Zhang

  In an era where large language models (LLMs) are rapidly becoming primary interpreters of information across various modalities, the integrity of their interpretations is paramount. This talk…

• TORCHLIGHT: Shedding LIGHT on Real-World Attacks on Cloudless IoT Devices Concealed within the Tor Network — Yumingzhi Pan

  The internet of things (IoT) has rapidly expanded, bringing convenience but also a vast attack surface. While many IoT devices rely on cloud services, a significant category, termed **cloudless IoT…

• CloudFlow: Identifying Security-sensitive Data Flows in Serverless Applications — Giuseppe Raffa

  In this presentation, Giuseppe Raffa introduces **CloudFlow**, a novel framework designed to statically detect security-sensitive data flows within serverless applications. As enterprises…

• Serverless Functions Made Confidential and Efficient with Split Containers — Jiacheng Shi

  This talk introduces **Kofunk**, a novel **split container architecture** designed to make serverless functions both confidential and efficient when leveraging **Confidential Virtual Machines…

• Exploring and Exploiting the Resource Isolation Attack Surface of WebAssembly Containers — Zhaofeng Yu
• Transparent Attested DNS for Confidential Computing Services — Antoine Delignat-Lavaud
• Dorami: Privilege Separating Security Monitor on RISC-V TEEs — Mark Kuhne
• TLBlur: Compiler-Assisted Automated Hardening against Controlled Channels on Off-the-Shelf Intel SGX Platforms — Daan Vanoverloop
• TETD: Trusted Execution in Trust Domains — Zhanbo Wang
• TDXploit: Novel Techniques for Single-Stepping and Cache Attacks on Intel TDX — Fabian Rauscher
• Auspex: Unveiling Inconsistency Bugs of Transaction Fee Mechanism in Blockchain — Zheyuan He
• Blockchain Address Poisoning — Taro Tsuchiya
• Available Attestation: Towards a Reorg-Resilient Solution for Ethereum Proof-of-Stake — Mingfei Zhang
• Approve Once, Regret Forever: On the Exploitation of Ethereum's Approve-TransferFrom Ecosystem — Nicola Ruaro
• Voting-Bloc Entropy: A New Metric for DAO Decentralization — Andres Fabrega
• Deanonymizing Ethereum Validators: The P2P Network Has a Privacy Issue — Lioba Heimbach
• Let's Move2EVM — Lorenzo Benetollo
• Ghost Clusters: Evaluating Attribution of Illicit Services through Cryptocurrency Tracing — Kelvin Lubbertsen
• Surviving in Dark Forest: Towards Evading the Attacks from Front-Running Bots in Application Layer — Zuchao Ma

  This talk, "Surviving in Dark Forest: Towards Evading the Attacks from Front-Running Bots in Application Layer," delves into the critical challenge of **front-running attacks** within blockchain…

• SoK: Inaccessible & Insecure: An Exposition of Authentication Challenges Faced by Blind and Visually Impaired Users in State-of-the-Art Academic Proposals — Md Mojibur Rahman Redoy Akanda

  This talk, presented by Md Mojibur Rahman Redoy Akanda from Texas A&M University, along with co-author Amanda Lacy and supervisor Nitar Sakenna, delves into a critical yet often overlooked area of…

• Scanned and Scammed: Insecurity by ObsQRity? Measuring User Susceptibility and Awareness of QR Code-Based Attacks — Marvin Kowalewski
• URL Inspection Tasks: Helping Users Detect Phishing Links in Emails — Daniele Lain
• Digital Security Perceptions and Practices Around the World: A WEIRD versus Non-WEIRD Comparison — Franziska Herbert
• SoK: Come Together – Unifying Security, Information Theory, and Cognition for a Mixed Reality Deception Attack Ontology & Analysis Framework — Ali Teymourian
• Am I Infected? Lessons from Operating a Large-Scale IoT Security Diagnostic Service — Takayuki Sasaki
• AirTag-Facilitated Stalking Protection: Evaluating Unwanted Tracking Notifications and Tracker Locating Features — Dañiel Gerhardt

  This talk, presented by Dañiel Gerhardt at USENIX Security, addresses the critical issue of Bluetooth location trackers, specifically Apple AirTags, being misused for stalking. While these small…

• PrivaCI in VR: Exploring Perceptions and Acceptability of Data Sharing in Virtual Reality Through Contextual Integrity — Emiram Kablo
• Shadowed Realities: An Investigation of UI Attacks in WebXR — Chandrika Mukherjee

  In an increasingly immersive digital landscape, Extended Reality (XR) technologies are rapidly expanding their footprint across diverse sectors, from retail and healthcare to education and…

• Unlocking the Power of Differentially Private Zeroth-order Optimization for Fine-tuning LLMs — Ergute Bao
• Membership Inference Attacks Against Vision-Language Models — Yuke Hu
• Towards Label-Only Membership Inference Attack against Pre-trained Large Language Models — Yu He
• Depth Gives a False Sense of Privacy: LLM Internal States Inversion — Tian Dong
• I Know What You Said: Unveiling Hardware Cache Side-Channels in Local Large Language Model Inference — Zibo Gao

  This talk, presented by Zibo Gao at USENIX Security, introduces a groundbreaking **cache side-channel attack** targeting on-device inference of **Large Language Models (LLMs)**. The research…

• Evaluating LLM-based Personal Information Extraction and Countermeasures — Yupei Liu
• Synthetic Artifact Auditing: Tracing LLM-Generated Synthetic Data Usage in Downstream Applications — Yixin Wu
• Data-Free Model-Related Attacks: Unleashing the Potential of Generative AI — Dayong Ye
• When LLMs Go Online: The Emerging Threat of Web-Enabled LLMs — Hanna Kim
• Enabling Low-Cost Secure Computing on Untrusted In-Memory Architectures — Sahar Ghoflsaz Ghinani

  In an era where data processing demands are skyrocketing, **Processing-in-Memory (PIM)** architectures have emerged as a promising solution to overcome the traditional CPU-memory bottleneck. By…

• AidFuzzer: Adaptive Interrupt-Driven Firmware Fuzzing via Run-Time State Recognition — Jianqiang Wang
• GenHuzz: An Efficient Generative Hardware Fuzzer — Lichao Wu
• Software Availability Protection in Cyber-Physical Systems — Ao Li
• GDMA: Fully Automated DMA Rehosting via Iterative Type Overlays — Tobias Scharnowski
• Kintsugi: Secure Hotpatching for Code-Shadowing Real-Time Embedded Systems — Philipp Mackensen
• Security Implications of Malicious G-Codes in 3D Printing — Jost Rossel
• Secure Information Embedding in Forensic 3D Fingerprinting — Canran Wang
• SoK: A Security Architect's View of Printed Circuit Board Attacks — Jacob Harrison
• Dumbo-MPC: Efficient Fully Asynchronous MPC with Optimal Resilience — Yuan Su

  This talk introduces **Dumbo-MPC**, a novel framework for **Secure Multi-Party Computation (MPC)** designed to achieve both high efficiency and optimal resilience in fully asynchronous network…

• FABLE: Batched Evaluation on Confidential Lookup Tables in 2PC — Zhengyuan Su

  The FABLE protocol, presented by Zhengyuan Su, addresses a critical challenge in secure multi-party computation (2PC): efficiently evaluating confidential lookup tables while maintaining data…

• MAESTRO: Multi-Party AES Using Lookup Tables — Hiraku Morita
• Efficient 2PC for Constant Round Secure Equality Testing and Comparison — Tianpei Lu
• Efficient Multi-Party Private Set Union Without Non-Collusion Assumptions — Minglang Dong
• Scalable Collaborative zk-SNARK and Its Application to Fully Distributed Proof Delegation — Xuanming Liu
• zkGPT: An Efficient Non-interactive Zero-knowledge Proof Framework for LLM Inference — Wenjie Qu
• DFS: Delegation-friendly zkSNARK and Private Delegation of Provers — Yuncong Hu
• SoK: Understanding zk-SNARKs: The Gap Between Research and Practice — Junkai Liang

  This talk, presented by Junkai Liang at USENIX Security, delves into a "Systematization of Knowledge" (SoK) regarding **Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs)**…

• A Mixed-Methods Study of Open-Source Software Maintainers On Vulnerability Management and Platform Security Features — Jessy Ayala
• "Threat modeling is very formal, it's very technical, and also very hard to do correctly": Investigating Threat Modeling Practices in Open-Source Software Projects — Harjot Kaur
• "I wasn't sure if this is indeed a security risk": Data-driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source npm Packages — Rajdeep Ghosh
• Context Matters: Qualitative Insights into Developers' Approaches and Challenges with Software Composition Analysis — Elizabeth Lin
• Expert Insights into Advanced Persistent Threats: Analysis, Attribution, and Challenges — Aakanksha Saha
• How Researchers De-Identify Data in Practice — Wentao Guo
• A limited technical background is sufficient for attack-defense tree acceptability — Nathan Daniel Schiele
• "It's not my responsibility to write them": An Empirical Study of Software Product Managers and Security Requirements — Houda Naji
• Patching Up: Stakeholder Experiences of Security Updates for Connected Medical Devices — Lorenz Kustosch
• PRSA: Prompt Stealing Attacks against Real-World Prompt Services — Yong Yang
• Cross-Modal Prompt Inversion: Unifying Threats to Text and Image Generative AI Models — Dayong Ye
• Prompt Obfuscation for Large Language Models — David Pape
• TwinBreak: Jailbreaking LLM Security Alignments based on Twin Prompts — Torsten Krauß
• Exploiting Task-Level Vulnerabilities: An Automatic Jailbreak Attack and Defense Benchmarking for LLMs — Lan Zhang
• StruQ: Defending Against Prompt Injection with Structured Queries — Sizhe Chen
• PAPILLON: Efficient and Stealthy Fuzz Testing-Powered Jailbreaks for LLMs — Xueluan Gong
• Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack — Mark Russinovich
• SelfDefend: LLMs Can Defend Themselves against Jailbreaking in a Practical Manner — Xunguang Wang

  This article delves into "SelfDefend," an innovative framework designed to protect Large Language Models (LLMs) from **jailbreak attacks**. Presented by Xunguang Wang from HKUS, the talk introduces…

• SoK: So, You Think You Know All About Secure Randomized Caches? — Anubhav Bhatla

  In this USENIX Security talk, Anubhav Bhatla presents a comprehensive "Systemization of Knowledge" (SoK) study on **secure randomized caches**. The talk delves into the intricate design space of…

• TEEcorrelate: An Information-Preserving Defense against Performance-Counter Attacks on TEEs — Hannes Weissteiner
• Systematic Evaluation of Randomized Cache Designs against Cache Occupancy — Anirban Chakraborty

  This talk, presented by Anirban Chakraborty from the Max Planck Institute for Security and Privacy, delves into a comprehensive evaluation of randomized cache designs, focusing on both their…

• Exploiting Inaccurate Branch History in Side-Channel Attacks — Yuhui Zhu

  In this compelling talk from USENIX Security, Yuhui Zhu of the Santana School of Advanced Studies presents a groundbreaking analysis of modern processor **Branch Prediction Units (BPUs)**, revealing…

• Phantom Trails: Practical Pre-Silicon Discovery of Transient Data Leaks — Alvise de Faveri Tron
• Place Protections at the Right Place: Targeted Hardening for Cryptographic Code against Spectre v1 — Yiming Zhu
• Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection — Matej Bölcskei

  In the realm of CPU security and reliability, hardware fuzzing has emerged as an indispensable technique for uncovering subtle yet critical design flaws. While numerous scientific publications…

• FLOP: Breaking the Apple M3 CPU via False Load Output Predictions — Jason Kim
• Branch Privilege Injection: Compromising Spectre v2 Hardware Mitigations by Exploiting Branch Predictor Race Conditions — Sandro Rüegge

  This talk, presented by Sandro Rüegge, delves into a critical vulnerability discovered in Intel processors that undermines hardware mitigations designed to protect against **Spectre v2** (Branch…

• GraphAce: Secure Two-Party Graph Analysis Achieving Communication Efficiency — Jiping Yu

  In an increasingly data-driven world, the ability to analyze vast datasets is paramount for extracting insights, detecting anomalies, and making informed decisions. However, a significant challenge…

• Breaking the Layer Barrier: Remodeling Private Transformer Inference with Hybrid CKKS and MPC — Tianshi Xu

  This talk, presented by Tianshi Xu from Peking University, introduces a novel framework named BB (presumably "Breaking the Barrier") that significantly advances the field of **private transformer…

• HawkEye: Statically and Accurately Profiling the Communication Cost of Models in Multi-party Learning — Wenqiang Ruan
• Privacy Audit as Bits Transmission: (Im)possibilities for Audit by One Run — Zihang Xiang
• General-Purpose f-DP Estimation and Auditing in a Black-Box Setting — Önder Askin

  This talk, presented by Önder Askin from the University of Bochum, introduces novel methods for estimating and auditing **f-differential privacy (f-DP)** in a **black-box setting**. f-DP is a…

• FastLloyd: Federated, Accurate, Secure, and Tunable k-Means Clustering with Differential Privacy — Abdulrahman Diaa
• Addressing Sensitivity Distinction in Local Differential Privacy: A General Utility-Optimized Framework — Xingyu He
• Further Study on Frequency Estimation under Local Differential Privacy — Huiyu Fang
• Beyond Statistical Estimation: Differentially Private Individual Computation via Shuffling — Shaowei Wang
• Stack Overflow Meets Replication: Security Research Amid Evolving Code Snippets — Alfusainey Jallow

  In "Stack Overflow Meets Replication: Security Research Amid Evolving Code Snippets," Alfusainey Jallow presents a critical meta-analysis of how security research leveraging Stack Overflow data has…

• "I'm regretting that I hit run": In-situ Assessment of Potential Malware — Brandon Lit
• Beyond Exploit Scanning: A Functional Change-Driven Approach to Remote Software Version Identification — Jinsong Chen
• "I'm trying to learn…and I'm shooting myself in the foot": Beginners' Struggles When Solving Binary Exploitation Exercises — James Mattei
• Confusing Value with Enumeration: Studying the Use of CVEs in Academia — Moritz Schloegel

  This article delves into a critical examination of how **Common Vulnerabilities and Exposures (CVE)** identifiers are perceived and utilized within the academic security research community…

• "That's my perspective from 30 years of doing this": An Interview Study on Practices, Experiences, and Challenges of Updating Cryptographic Code — Alexander Krause

  Alexander Krause from SISPA presented a seminal study at USENIX Security, delving into the critical yet often overlooked domain of cryptographic code updates. Titled "That's my perspective from 30…

• "I have no idea how to make it safer": Studying Security and Privacy Mindsets of Browser Extension Developers — Shubham Agarwal
• Precise and Effective Gadget Chain Mining through Deserialization Guided Call Graph Construction — Yiheng Zhang
• Mitigating Injection Attacks against E2EE Applications via View-Based Partitioning — Andrés Fábrega
• Boosting Gradient Leakage Attacks: Data Reconstruction in Realistic FL Settings — Mingyuan Fan
• Refiner: Data Refining against Gradient Leakage Attacks in Federated Learning — Mingyuan Fan
• Aion: Robust and Efficient Multi-Round Single-Mask Secure Aggregation Against Malicious Participants — Yizhong Liu
• SoK: On Gradient Leakage in Federated Learning — Jiacheng Du
• DP-BREM: Differentially-Private and Byzantine-Robust Federated Learning with Client Momentum — Xiaolan Gu

  Federated Learning (FL) has emerged as a crucial paradigm for collaborative machine learning, enabling multiple parties to train a shared model without direct data exchange. While FL inherently…

• SLOTHE : Lazy Approximation of Non-Arithmetic Neural Network Functions over Encrypted Data — Kevin Nam
• Sharpness-Aware Initialization: Improving Differentially Private Machine Learning from First Principles — Zihao Wang
• Task-Oriented Training Data Privacy Protection for Cloud-based Model Training — Zhiqiang Wang
• From Risk to Resilience: Towards Assessing and Mitigating the Risk of Data Reconstruction Attacks in Federated Learning — Xiangrui Xu
• Demystifying the (In)Security of QR Code-based Login in Real-world Deployments — Xin Zhang

  The proliferation of QR code-based login systems across a myriad of digital platforms, from social media and e-commerce to cloud storage and gaming, has revolutionized user convenience. By simply…

• Doubly Dangerous: Evading Phishing Reporting Systems by Leveraging Email Tracking Techniques — Anish Chand
• Evaluating the Effectiveness and Robustness of Visual Similarity-based Phishing Detection Models — Fujiao Ji
• Universal Cross-app Attacks: Exploiting and Securing OAuth 2.0 in Integration Platforms — Kaixuan Luo

  This talk, presented by Kaixuan Luo, a PhD candidate at the Chinese University of Hong Kong, delves into a critical security vulnerability within the rapidly expanding ecosystem of **integration…

• Predictive Response Optimization: Using Reinforcement Learning to Fight Online Social Network Abuse — Garrett Wilson

  In the realm of online social networks, the battle against abuse is a perpetual arms race. Traditional approaches have largely focused on the *detection* of malicious activities, often grappling…

• Hercules Droidot and the murder on the JNI Express — Luca Di Bartolomeo
• No Way to Sign Out? Unpacking Non-Compliance with Google Play's App Account Deletion Requirements — Jingwen Yan
• Lost in the Mists of Time: Expirations in DNS Footprints of Mobile Apps — Johnny So
• TapTrap: Animation-Driven Tapjacking on Android — Philipp Beer

  This talk introduces **TapTrap**, a novel and highly stealthy tapjacking attack vector on Android that leverages custom activity entry animations to manipulate user input. Presented by Philipp Beer…

• BulletCT: Towards More Scalable Ring Confidential Transactions With Transparent Setup — Nan Wang

  This article delves into **BulletCT**, a novel Ring Confidential Transaction (RingCT) scheme presented by Nan Wang, a research scientist at Cesaro Stata 61, during the USENIX Security conference…

• PolySys: an Algebraic Leakage Attack Engine — Zachary Espiritu
• Distributional Private Information Retrieval — Ryan Lehmkuhl
• Practical Keyword Private Information Retrieval from Key-to-Index Mappings — Meng Hao
• SEAF: Secure Evaluation on Activation Functions with Dynamic Precision for Secure Two-Party Inference — Hao Guo
• Fast Enhanced Private Set Union in the Balanced and Unbalanced Scenarios — Binbin Tu
• BEAT-MEV: Epochless Approach to Batched Threshold Encryption for MEV Prevention — Jan Bormet
• Practical Mempool Privacy via One-time Setup Batched Threshold Encryption — Arka Rai Choudhuri
• DeepFold: Efficient Multilinear Polynomial Commitment from Reed-Solomon Code and Its Application to Zero-knowledge Proofs — Yanpei Guo
• Your Shield is My Sword: A Persistent Denial-of-Service Attack via the Reuse of Unvalidated Caches in DNSSEC Validation — Shuhan Zhang

  In an era where digital security is paramount, the Domain Name System Security Extensions (DNSSEC) stands as a critical bulwark against DNS cache poisoning, a prevalent attack vector that can…

• POPS: From History to Mitigation of DNS Cache Poisoning Attacks — Yehuda Afek

  The internet's foundational Domain Name System (DNS) remains a critical yet vulnerable component, with **DNS cache poisoning attacks** posing a persistent threat to user security. This talk…

• DNS FLaRE: A Flush-Reload Attack on DNS Forwarders — Gilad Moav

  The talk "DNS FLaRE: A Flush-Reload Attack on DNS Forwarders" unveils a sophisticated side-channel attack that leverages the timing characteristics of DNS forwarder caches to infer sensitive user…

• Lemon: Network-Wide DDoS Detection with Routing-Oblivious Per-Flow Measurement — Wenhao Wu
• Assessing the Aftermath: the Effects of a Global Takedown against DDoS-for-hire Services — Anh V. Vu
• BGP Vortex: Update Message Floods Can Create Internet Instabilities — Felix Stöger

  The Border Gateway Protocol (BGP) forms the foundational routing fabric of the internet, orchestrating how data traverses autonomous systems (ASes) globally. For decades, the stability and…

• ImpROV: Measurement and Practical Mitigation of Collateral Damage in RPKI Route Origin Validation — Weitong Li
• SoK: An Introspective Analysis of RPKI Security — Donika Mirdita
• Onions Got Puzzled: On the Challenges of Mitigating Denial-of-Service Problems in Tor Onion Services — Jinseo Lee

  This talk, presented by Jinseo Lee from KAIST, delves into the persistent and evolving challenge of **Denial-of-Service (DoS)** attacks against **Tor Onion Services**. While Tor is renowned for…

• We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs — Joseph Spracklen
• Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink — Yining Wang
• "I Cannot Write This Because It Violates Our Content Policy": Understanding Content Moderation Policies and User Experiences in Generative AI Products — Lan Gao
• Are CAPTCHAs Still Bot-hard? Generalized Visual CAPTCHA Solving with Agentic Vision Language Model — Xiwen Teoh
• Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents — Fengyu Liu
• Machine Against the RAG: Jamming Retrieval-Augmented Generation with Blocker Documents — Avital Shafran
• Topic-FlipRAG: Topic-Orientated Adversarial Opinion Manipulation Attacks to Retrieval-Augmented Generation Models — Yuyang Gong
• PoisonedRAG: Knowledge Corruption Attacks to Retrieval-Augmented Generation of Large Language Models — Wei Zou
• TracLLM: A Generic Framework for Attributing Long Context LLMs — Yanting Wang
• Sound of Interference: Electromagnetic Eavesdropping Attack on Digital Microphones Using Pulse Density Modulation — Arifu Onishi
• TimeTravel: Real-time Timing Drift Attack on System Time Using Acoustic Waves — Jianshuo Liu

  In a groundbreaking presentation at USENIX Security, Jianshuo Liu unveiled "TimeTravel," a novel physical vulnerability that allows malicious actors to manipulate a device's internal system time…

• DiskSpy: Exploring a Long-Range Covert-Channel Attack via mmWave Sensing of μm-level HDD Vibrations — Weiye Xu
• HubBub: Contention-Based Side-Channel Attacks on USB Hubs — Junpeng Wan

  The "HubBub" talk at USENIX Security unveils a novel class of side-channel attacks that exploit hardware contention within Universal Serial Bus (USB) hubs. Presented by Junpeng Wan from Purdue…

• Lost in Translation: Enabling Confused Deputy Attacks on EDA Software with TransFuzz — Flavien Solt

  In the realm of hardware security, ensuring the integrity and functionality of integrated circuits is paramount. This talk, "Lost in Translation: Enabling Confused Deputy Attacks on EDA Software…

• Automated Discovery of Semantic Attacks in Multi-Robot Navigation Systems — Doguhan Yeke
• The Ghost Navigator: Revisiting the Hidden Vulnerability of Localization in Autonomous Driving — Junqi Zhang
• NeuroScope: Reverse Engineering Deep Neural Network on Edge Devices using Dynamic Analysis — Ruoyu Wu
• BarraCUDA: Edge GPUs do Leak DNN Weights — Peter Horvath
• CollisionRepair: First-Aid and Automated Patching for Storage Collision Vulnerabilities in Smart Contracts — Yu Pan
• On the Atomicity and Efficiency of Blockchain Payment Channels — Di Wu
• Parallelizing Universal Atomic Swaps for Multi-Chain Cryptocurrency Exchanges — Danlei Xiao
• Automated Soundness and Completeness Vetting of Polygon zkEVM — Xinghao Peng
• Does Finality Gadget Finalize Your Block? A Case Study of Binance Consensus — Rujia Li
• Following Devils' Footprint: Towards Real-time Detection of Price Manipulation Attacks — Bosi Zhang
• Recover from Excessive Faults in Partially-Synchronous BFT SMR — Tiantian Gong
• TockOwl: Asynchronous Consensus with Fault and Network Adaptability — Minghang Li
• Thunderdome: Timelock-Free Rationally-Secure Virtual Channels — Zeta Avarikioti

  This talk introduces Thunderdome, a novel **virtual channel** protocol designed to enhance the scalability of **blockchain** platforms, specifically addressing the limitations of existing **Layer 2…

• The Doom of Device Drivers: Your Android Device (Most Likely) has N-Day Kernel Vulnerabilities — Lukas Maar
• NASS: Fuzzing All Native Android System Services with Interface Awareness and Coverage — Philipp Mao
• Ariadne: Navigating through the Labyrinth of Data-Driven Customization Inconsistencies in Android — Parjanya Vyas

  The Android ecosystem, characterized by its open-source nature, allows device manufacturers (OEMs) to extensively customize the core operating system (OS) to differentiate their products. While this…

• Harness: Transparent and Lightweight Protection of Vehicle Control on Untrusted Android Automotive Operating System — Haochen Gong

  Modern vehicles increasingly integrate sophisticated infotainment systems, with Android Automotive OS (AOS) emerging as a prominent platform due to its rich functionality, including touchscreen…

• Scoop: Mitigation of Recapture Attacks on Provenance-Based Media Authentication — Yuxin (Myles) Liu

  In an era dominated by rapidly spreading digital information and the proliferation of sophisticated generative AI, distinguishing authentic content from fabricated material has become an…

• Chimera: Creating Digitally Signed Fake Photos by Fooling Image Recapture and Deepfake Detectors — Seongbin Park
• Principled and Automated Approach for Investigating AR/VR Attacks — Muhammad Shoaib
• Tracking You from a Thousand Miles Away! Turning a Bluetooth Device into an Apple AirTag Without Root Privileges — Junming Chen

  This talk, presented by Junming Chen at USENIX Security, unveils a critical security vulnerability within Apple's widely used Find My network. The research, dubbed "Android," demonstrates how nearly…

• ChoiceJacking: Compromising Mobile Devices through Malicious Chargers like a Decade ago — Florian Draschbacher
• PATCHAGENT: A Practical Program Repair Agent Mimicking Human Expertise — Zheng Yu
• Logs In, Patches Out: Automated Vulnerability Repair via Tree-of-Thought LLM Analysis — Youngjoon Kim
• SoK: Automated Vulnerability Repair: Methods, Tools, and Assessments — Yiwei Hu
• SoK: Towards Effective Automated Vulnerability Repair — Ying Li
• VULCANBOOST: Boosting ReDoS Fixes through Symbolic Representation and Feature Normalization — Yeting Li
• APPATCH: Automated Adaptive Prompting Large Language Models for Real-World Software Vulnerability Patching — Yu Nong
• RangeSanitizer: Detecting Memory Errors with Efficient Range Checks — Floris Gorter
• DISPATCH: Unraveling Security Patches from Entangled Code Changes — Shiyu Sun
• Attacker Control and Bug Prioritization — Guilhem Lacombe
• VoiceWukong: Benchmarking Deepfake Voice Detection — Ziwei Yan
• SafeSpeech: Robust and Universal Voice Protection Against Malicious Speech Synthesis — Zhisheng Zhang
• AUDIO WATERMARK: Dynamic and Harmless Watermark for Black-box Voice Dataset Copyright Protection — Hanqing Guo
• SoK: Automated TTP Extraction from CTI Reports – Are We There Yet? — Marvin Büchel

  In the rapidly evolving landscape of cyber security, the ability to rapidly understand and respond to new threats is paramount. Cyber Threat Intelligence (CTI) reports, meticulously crafted by…

• Whispering Under the Eaves: Protecting User Privacy Against Commercial and LLM-powered Automatic Speech Recognition Systems — Weifei Jin
• AudioMarkNet: Audio Watermarking for Deepfake Speech Detection — Wei Zong
• SoK: Efficiency Robustness of Dynamic Deep Learning Systems — Ravishka Rathnasuriya

  This article delves into the critical and emerging field of **efficiency robustness** in **dynamic deep learning (DDL) systems**, based on the USENIX Security talk by Ravishka Rathnasuriya from the…

• From Meme to Threat: On the Hateful Meme Understanding and Induced Hateful Content Generation in Open-Source Vision Language Models — Yihan Ma
• When Translators Refuse to Translate: A Novel Attack to Speech Translation Systems — Haolin Wu
• MalGuard: Towards Real-Time, Accurate, and Actionable Detection of Malicious Packages in PyPI Ecosystem — Xingan Gao
• VAPD: An Anomaly Detection Model for PDF Malware Forensics with Adversarial Robustness — Side Liu
• NOKEScam: Understanding and Rectifying Non-Sense Keywords Spear Scam in Search Engines — Mingxuan Liu
• The Ransomware Decade: The Creation of a Fine-Grained Dataset and a Longitudinal Study — Armin Sarabi
• High Stakes, Low Certainty: Evaluating the Efficacy of High-Level Indicators of Compromise in Ransomware Attribution — Max van der Horst
• DarkGram: A Large-Scale Analysis of Cybercriminal Activity Channels on Telegram — Sayak Saha Roy
• "Please don't send that bot anything": A Mixed-methods Study of Personal Impersonation Attacks Targeting Digital Payments on Social Media — Hoang Dai Nguyen

  In an era where digital transactions are increasingly interwoven with social media interactions, a novel and insidious form of social engineering has emerged, termed **PROSPER** (Payment Re-routing…

• 'Hey mum, I dropped my phone down the toilet': Investigating Hi Mum and Dad SMS Scams in the United Kingdom — Sharad Agarwal

  This talk, presented by Sharad Agarwal, a final-year PhD candidate at UCL, delves into the pervasive and financially devastating "Hi Mum, I dropped my phone down the toilet" SMS scams prevalent in…

• Fighting Fire with Fire: Continuous Attack for Adversarial Android Malware Detection — Yinyuan Zhang
• Hobbit: Space-Efficient zkSNARK with Optimal Prover Time — Christodoulos Pappas
• A Tale of Two Worlds, a Formal Story of WireGuard Hybridization — Pascal Lafourcade
• Improved Secure Two-party Computation from a Geometric Perspective — Hao Guo
• Secure Caches for Compartmentalized Software — Kerem Arıkan

  In the pursuit of more secure and robust software, the shift from monolithic applications to **compartmentalized software** has been a significant architectural evolution. This talk, presented by…

• zk-promises: Anonymous Moderation, Reputation, and Blocking from Anonymous Credentials with Callbacks — Maurice Shih
• A Formal Analysis of Apple's iMessage PQ3 Protocol — Felix Linker

  In 2024, Apple introduced iMessage PQ3, a significant evolution of its messaging protocol, heralded as the "new state-of-the-art in quantum secure messaging at scale." This talk, presented by Felix…

• Towards Practical, End-to-End Formally Verified X.509 Certificate Validators with Verdict — Zhengyao Lin
• PICACHV: Formally Verified Data Use Policy Enforcement for Secure Data Analytics — Haobin Hiroki Chen
• OwlC: Compiling Security Protocols to Verified, Secure, High-Performance Libraries — Pratap Singh

  Cryptographic protocols form the bedrock of digital security, underpinning everything from secure web traffic (TLS) to private messaging (Signal) and secure network access (WireGuard). Despite their…

• On the Virtues of Information Security in the UK Climate Movement — Mikaela Brough
• Tracking the Takes and Trajectories of English-Language News Narratives across Trustworthy and Worrisome Websites — Hans W. A. Hanley
• "No, I Can't Be a Security Personnel on Your Phone": Security and Privacy Threats From Sharing Infrastructure in Rural Ghana — Emmanuel Tweneboah
• Regulating Smart Device Support Periods: User Expectations and the European Cyber Resilience Act — Lorenz Kustosch
• Characterizing the MrDeepFakes Sexual Deepfake Marketplace — Catherine Han
• Vulnerability of Text-Matching in ML/AI Conference Reviewer Assignments to Collusions — Jhih-Yi (Janet) Hsieh

  The integrity of the peer-review process is a cornerstone of scientific advancement, especially in rapidly evolving fields like Artificial Intelligence and Machine Learning. As these conferences…

• Dormant: Defending against Pose-driven Human Image Animation — Jiachen Zhou
• The Conspiracy Money Machine: Uncovering Telegram's Conspiracy Channels and their Profit Model — Vincenzo Imperati
• SoK: Machine Learning for Misinformation Detection — Madelyne Xiao
• LLFuzz: An Over-the-Air Dynamic Testing Framework for Cellular Baseband Lower Layers — Tuan Dinh Hoang

  This talk introduces LLFuzz, an innovative over-the-air dynamic testing framework designed to uncover memory corruption vulnerabilities within the lower layers of cellular basebands. Presented by…

• Preventing Artificially Inflated SMS Attacks through Large-Scale Traffic Inspection — Jun Ho Huh
• GLaDoS: Location-aware Denial-of-Service of Cellular Networks — Simon Erni
• AKMA+: Security and Privacy-Enhanced and Standard-Compatible AKMA for 5G Communication — Yang Yang
• A Thorough Security Analysis of BLE Proximity Tracking Protocols — Xiaofeng Liu
• Gotta Detect 'Em All: Fake Base Station and Multi-Step Attack Detection in Cellular Networks — Kazi Samin Mubasshir

  In an era where cellular connectivity is ubiquitous, the foundational security assumption that devices connect to legitimate network infrastructure is increasingly challenged. This talk, "Gotta…

• SNI5GECT: A Practical Approach to Inject aNRchy into 5G NR — Shijie Luo

  The talk "SNI5GECT: A Practical Approach to Inject aNRchy into 5G NR" introduces a novel framework designed to passively sniff and actively inject messages into 5G New Radio (NR) communications…

• CoreCrisis: Threat-Guided and Context-Aware Iterative Learning and Fuzzing of 5G Core Networks — Yilu Dong
• eSIMplicity or eSIMplification? Privacy and Security Risks in the eSIM Ecosystem — Maryam Motallebighomi

  The proliferation of **eSIM (embedded Subscriber Identity Module)** technology is rapidly transforming how devices connect to cellular networks, offering unparalleled convenience and flexibility…

• Disparate Privacy Vulnerability: Targeted Attribute Inference Attacks and Defenses — Ehsanul Kabir
• Enhanced Label-Only Membership Inference Attacks with Fewer Queries — Hao Li

  This talk, presented by Hao Li at USENIX Security, introduces a novel approach to **Label-Only Membership Inference Attacks (MIA)**, significantly reducing the number of queries required while…

• For Human Ears Only: Preventing Automated Monitoring on Voice Data — Irtaza Shahid
• Towards a Re-evaluation of Data Forging Attacks in Practice — Mohamed Suliman
• Free Record-Level Privacy Risk Evaluation Through Artifact-Based Methods — Joseph Pollock
• Rectifying Privacy and Efficacy Measurements in Machine Unlearning: A New Inference Attack Perspective — Nima Naderloui

  This talk, presented by Nima Naderloui, addresses critical flaws in the current evaluation frameworks for **machine unlearning** algorithms. While the field has seen an "explosion" of inexact…

• Phantom: Privacy-Preserving Deep Neural Network Model Obfuscation in Heterogeneous TEE and GPU System — Juyang Bai
• LOHEN: Layer-wise Optimizations for Neural Network Inferences over Encrypted Data with High Performance or Accuracy — Kevin Nam
• SoK: Data Reconstruction Attacks Against Machine Learning Models: Definition, Metrics, and Benchmark — Rui Wen

  This talk, presented by Kyo from Syspar and authored by Rui Wen, delves into the critical and evolving field of **data reconstruction attacks** against machine learning (ML) models. As machine…

• McSee: Evaluating Advanced Rowhammer Attacks and Defenses via Automated DRAM Traffic Analysis — Patrick Jattke

  Patrick Jattke's presentation at USENIX Security unveils **McSee**, a novel platform designed for the automated analysis of **DRAM** (Dynamic Random-Access Memory) traffic. The talk delves into the…

• Not so Refreshing: Attacking GPUs using RFM Rowhammer Mitigation — Ravan Nazaraliyev
• Posthammer: Pervasive Browser-based Rowhammer Attacks with Postponed Refresh Commands — Finn de Ridder

  The "Posthammer" talk at USENIX Security unveiled a sophisticated and highly effective browser-based Rowhammer attack that significantly expands the attack surface for this persistent memory…

• ECC.fail: Mounting Rowhammer Attacks on DDR4 Servers with ECC Memory — Nureddin Kamadan

  The "ECC.fail" talk presented at USENIX Security unveils a groundbreaking **Rowhammer** attack targeting DDR4 servers equipped with **Error Correction Code (ECC)** memory. Historically, ECC memory…

• Relocate-Vote: Using Sparsity Information to Exploit Ciphertext Side-Channels — Yuqin Yan
• GPUHammer: Rowhammer Attacks on GPU Memories are Practical — Chris S. Lin

  The talk "GPUHammer: Rowhammer Attacks on GPU Memories are Practical" presents a groundbreaking study demonstrating the first practical **Rowhammer** attacks specifically targeting Graphics…

• SCASE: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution — Daniel Weber
• Shadows in Cipher Spaces: Exploiting Tweak Repetition in Hardware Memory Encryption — Wei Peng
• Breaking the Blindfold: Deep Learning-based Blind Side-channel Analysis — Azade Rezaeezade
• Evaluating Privacy Policies under Modern Privacy Laws At Scale: An LLM-Based Automated Approach — Qinge Xie
• Navigating Cookie Consent Violations Across the Globe — Brian Tang
• Websites' Global Privacy Control Compliance at Scale and over Time — Katherine Hausladen

  In an era dominated by the "data for content" business model, where users often exchange personal information for access to online services, the right to opt out of data sharing and sales has become…

• Privacy Law Enforcement Under Centralized Governance: A Qualitative Analysis of Four Years' Special Privacy Rectification Campaigns — Tao Jing
• A Stakeholder-Based Framework to Highlight Tensions when Implementing Privacy Features — Julia Netter
• Who Pays Whom? Anonymous EMV-Compliant Contactless Payments — Charles Olivier-Anclin
• Atkscopes: Multiresolution Adversarial Perturbation as a Unified Attack on Perceptual Hashing and Beyond — Yushu Zhang
• SpeechGuard: Recoverable and Customizable Speech Privacy Protection — Jingmiao Zhang

  In an era where speech data permeates nearly every aspect of daily life – from voice assistants and online meetings to social media and smart cars – the imperative for robust privacy protection has…

• Shimmer: a Provably Secure Steganography Based on Entropy Collecting Mechanism — Minhao Bai
• How Transparent is Usable Privacy and Security Research? A Meta-Study on Current Research Transparency Practices — Jan H. Klemmer
• Understanding How Users Prepare for and React to Smartphone Theft — Divyanshu Bhardwaj

  Divyanshu Bhardwaj's talk at USENIX Security, titled "Understanding How Users Prepare for and React to Smartphone Theft," delves into the critically underexplored yet increasingly common and…

• Exploring User Security and Privacy Attitudes and Concerns Toward the Use of General-Purpose LLM Chatbots for Mental Health — Jabari Kwesi
• Investigating the Impact of Online Community Involvement on Safety Practices and Perceived Risks Among People Who Use Drugs — Jiliang Li
• Privacy Solution or Menace? Investigating Perceptions of Radio-Frequency Sensing — Maximiliane Windl
• Navigating Security and Privacy Threats in Homeless Service Provision — Yuxi Wu
• Security and Privacy Advice for UPI Users in India — Deepthi Mungara

  India's **Unified Payments Interface (UPI)** stands as a monumental success in digital finance, connecting millions of users from street vendors to online shoppers. Facilitating transactions from a…

• "Helps me Take the Post With a Grain of Salt:" Soft Moderation Effects on Accuracy Perceptions and Sharing Intentions of Inauthentic Political Content on X — Filipo Sharevski
• As Advertised? Understanding the Impact of Influencer VPN Ads — Omer Akgul
• Fuzzing the PHP Interpreter via Dataflow Fusion — Yuancheng Jiang

  This talk, "Fuzzing the PHP Interpreter via Dataflow Fusion," presented by Yuancheng Jiang at USENIX Security, introduces a novel and highly effective fuzzing methodology designed to uncover…

• Waltzz: WebAssembly Runtime Fuzzing with Stack-Invariant Transformation — Lingming Zhang

  This talk introduces **Waltzz**, a novel, domain-specific fuzzer meticulously designed for WebAssembly (Wasm) runtimes. Presented by Lingming Zhang from Zhejiang University, Waltzz addresses the…

• MBFuzzer: A Multi-Party Protocol Fuzzer for MQTT Brokers — Xiangpu Song
• ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains — Peng Deng
• IDFuzz: Intelligent Directed Grey-box Fuzzing — Yiyang Chen

  This talk introduces **IDFuzz**, an innovative approach to **intelligent directed grey-box fuzzing**. Presented by Yiyang Chen, a PhD student from Chinua University, the work addresses a significant…

• Robust, Efficient, and Widely Available Greybox Fuzzing for COTS Binaries with System Call Pattern Feedback — Jifan Xiao
• BLuEMan: A Stateful Simulation-based Fuzzing Framework for Open-Source RTOS Bluetooth Low Energy Protocol Stacks — Wei-Che Kao

  This talk introduces BLuEMan, a novel stateful, simulation-based fuzzing framework specifically designed to identify vulnerabilities in open-source Bluetooth Low Energy (BLE) protocol stack…

• ELFuzz: Efficient Input Generation via LLM-driven Synthesis Over Fuzzer Space — Chuyang Chen

  This talk introduces **ELFuzz**, a novel evolutionary approach designed to efficiently generate high-quality seed test cases for mutation-based fuzzing. Presented by Chuyang Chen, a PhD student at…

• Hybrid Language Processor Fuzzing via LLM-Based Constraint Solving — Yupeng Yang
• Rowhammer-Based Trojan Injection: One Bit Flip Is Sufficient for Backdooring DNNs — Xiang Li

  This talk, presented by Xiang Li from George Mason University, unveils a groundbreaking attack named "OneFlip," demonstrating that a single bit flip is sufficient to inject a stealthy backdoor into…

• From Purity to Peril: Backdooring Merged Models From "Harmless" Benign Components — Lijin Wang

  In an era defined by the escalating scale of artificial intelligence models, particularly **Large Language Models (LLMs)**, the traditional paradigm of training models from scratch has become…

• Revisiting Training-Inference Trigger Intensity in Backdoor Attacks — Chenhao Lin
• Persistent Backdoor Attacks in Continual Learning — Zhen Guo
• Data Duplication: A Novel Multi-Purpose Attack Paradigm in Machine Unlearning — Dayong Ye
• DeBackdoor: A Deductive Framework for Detecting Backdoor Attacks on Deep Models with Limited Data — Dorde Popovic
• SoK: Gradient Inversion Attacks in Federated Learning — Vincenzo Carletti

  This talk presents a comprehensive Systematization of Knowledge (SoK) regarding **gradient inversion attacks (GIAs)** within **federated learning (FL)** environments. Delivered by Joseph Varela from…

• PoiSAFL: Scalable Poisoning Attack Framework to Byzantine-resilient Semi-asynchronous Federated Learning — Xiaoyi Pang
• Towards Lifecycle Unlearning Commitment Management: Measuring Sample-level Unlearning Completeness — Cheng-Long Wang

  In the rapidly evolving landscape of artificial intelligence, the ability to train powerful machine learning models has become commonplace. However, an equally critical, yet often overlooked…

• Addressing the Address Books' (Interdependent) Privacy Issues — Kavous Salehzadeh Niksirat

  Kavous Salehzadeh Niksirat, from the Max Planck Institute for Security and Privacy, presented a critical examination of the often-overlooked privacy issues inherent in **digital address books…

• HyTrack: Resurrectable and Persistent Tracking Across Android Apps and the Web — Malte Wessels
• I Can Tell Your Secrets: Inferring Privacy Attributes from Mini-app Interaction History in Super-apps — Yifeng Cai
• Seeing Through: Analyzing and Attacking Virtual Backgrounds in Video Calls — Felix Weissberg
• Endangered Privacy: Large-Scale Monitoring of Video Streaming Services — Martin Björklund

  In a revealing presentation at USENIX Security, Martin Björklund unveiled groundbreaking research demonstrating that a sophisticated man-in-the-middle (MitM) eavesdropper can precisely identify the…

• Bots can Snoop: Uncovering and Mitigating Privacy Risks of Bots in Group Chats — Kai-Hsiang Chou

  This talk, presented by Kai-Hsiang Chou, delves into the often-overlooked privacy implications of integrating chatbots into group messaging platforms. Titled "Bots can Snoop: Uncovering and…

• EchoLLM: LLM-Augmented Acoustic Eavesdropping Attack on Bone Conduction Headphones with mmWave Radar — Xin Yao

  The proliferation of bone conduction headphones, lauded for their open-ear design and suitability for active lifestyles, has inadvertently introduced a novel and significant privacy vulnerability…

• DiffLoc: WiFi Hidden Camera Localization Based on Electromagnetic Diffraction — Xiang Zhang
• Double-Edged Shield: On the Fingerprintability of Customized Ad Blockers — Saiid El Hajj Chehade

  This talk, "Double-Edged Shield: On the Fingerprintability of Customized Ad Blockers," presented by Saiid El Hajj Chehade from EPFL, MPI, and CISPA, uncovers a critical and often overlooked…

• Encrypted Access Logging for Online Accounts: Device Attributions without Device Tracking — Carolina Ortega Pérez

  In an era where digital accounts permeate every aspect of life, ensuring their security and detecting compromise is paramount. This talk, presented by Carolina Ortega Pérez from Cornell Tech…

• Exploring How to Authenticate Application Messages in MLS: More Efficient, Post-Quantum, and Anonymous Blocklistable — Keitaro Hashimoto
• How to Compare Bandwidth Constrained Two-Party Secure Messaging Protocols: A Quest for A More Efficient and Secure Post-Quantum Protocol — Benedikt Auerbach
• S/MINE: Collecting and Analyzing S/MIME Certificates at Scale — Gurur Öndarö
• Achilles: A Formal Framework of Leaking Secrets from Signature Schemes via Rowhammer — Junkai Liang

  In the realm of digital security, **signature schemes** serve as fundamental cryptographic building blocks, underpinning the integrity and authenticity of virtually every networked interaction. From…

• Bundled Authenticated Key Exchange: A Concrete Treatment of Signal's Handshake Protocol and Post-Quantum Security — Keitaro Hashimoto
• Comprehensive Deniability Analysis of Signal Handshake Protocols: X3DH, PQXDH to Fully Post-Quantum with Deniable Ring Signatures — Shuichi Katsumata
• SparSamp: Efficient Provably Secure Steganography Based on Sparse Sampling — Yaofei Wang
• A Framework for Designing Provably Secure Steganography — Guorui Liao
• REVDECODE: Enhancing Binary Function Matching with Context-Aware Graph Representations and Relevance Decoding — Tongwei Ren

  Binary function matching is a foundational problem in reverse engineering, critical for tasks such as identifying known libraries in embedded firmware, isolating vulnerable functions, and…

• BLens: Contrastive Captioning of Binary Functions using Ensemble Embedding — Tristan Benoit

  In the realm of reverse engineering, analyzing stripped binaries presents a formidable challenge. Without symbolic information, functions are often assigned generic, meaningless names, forcing…

• TRex: Practical Type Reconstruction for Binary Code — Jay Bosamiya

  In the intricate world of reverse engineering, understanding the behavior of compiled binary code is a monumental task, often hampered by the loss of high-level information during the compilation…

• Vest: Verified, Secure, High-Performance Parsing and Serialization for Rust — Yi Cai

  Binary formats are the backbone of modern computing, underpinning everything from common document types like PDF and ZIP to executable formats like Linux ELF and WebAssembly, and critically…

• LEMIX: Enabling Testing of Embedded Applications as Linux Applications — Sai Ritvik Tanksalkar
• TYPEPULSE: Detecting Type Confusion Bugs in Rust Programs — Hung-Mao Chen
• From Alarms to Real Bugs: Multi-target Multi-step Directed Greybox Fuzzing for Static Analysis Result Verification — Andrew Bao
• Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators — Kunpeng Zhang
• Pig in a Poke: Automatically Detecting and Exploiting Link Following Vulnerabilities in Windows File Operations — Bocheng Xiang

  This talk, "Pig in a Poke," presented by Bocheng Xiang (Bin) from FA University, delves into the critical and pervasive issue of **link following (LF) vulnerabilities** in Windows file operations…

• GNSS-WASP: GNSS Wide Area SPoofing — Christopher Tibaldo
• LEO-Range: Physical Layer Design for Secure Ranging with Low Earth Orbiting Satellites — Daniele Coppola
• A Comprehensive Formal Security Analysis of OPC UA — Vincent Diemunsch

  This talk presents a rigorous formal security analysis of **OPC Unified Architecture (OPC UA)**, a critical industrial control system (ICS) protocol. Delivered by Vincent Diemunsch from the French…

• Towards Internet-Based State Learning of TLS State Machines — Marcel Maehren
• Misty Registry: An Empirical Study of Flawed Domain Registry Operation — Mingming Zhang
• Haunted by Legacy: Discovering and Exploiting Vulnerable Tunnelling Hosts — Angelos Beitis
• GeCos Replacing Experts: Generalizable and Comprehensible Industrial Intrusion Detection — Konrad Wolsing
• ORTHRUS: Achieving High Quality of Attribution in Provenance-based Intrusion Detection Systems — Baoxiang Jiang

  In an era of escalating cyber threats, **system provenance** has emerged as a critical technique for advanced intrusion detection. This talk, presented by Baoxiang Jiang from Shan University…

• Sometimes Simpler is Better: A Comprehensive Analysis of State-of-the-Art Provenance-Based Intrusion Detection Systems — Tristan Bilot

  In the ever-evolving landscape of cybersecurity, detecting sophisticated attacks requires robust and intelligent systems. Provenance-based Intrusion Detection Systems (PIDS) have emerged as a…

• CAMP in the Odyssey: Provably Robust Reinforcement Learning with Certified Radius Maximization — Derui Wang

  Deep Reinforcement Learning (DRL) agents are increasingly deployed in high-stakes environments, from autonomous vehicles to critical infrastructure control. However, the inherent vulnerability of…

• Towards Understanding and Enhancing Security of Proof-of-Training for DNN Model Ownership Verification — Yijia Chang
• AGNNCert: Defending Graph Neural Networks against Arbitrary Perturbations with Deterministic Certification — Jiate Li
• LightShed: Defeating Perturbation-based Image Copyright Protections — Hanna Foerster
• Robustifying ML-powered Network Classifiers with PANTS — Minhao Jin
• THEMIS: Towards Practical Intellectual Property Protection for Post-Deployment On-Device Deep Learning Models — Yujin Huang
• A Crack in the Bark: Leveraging Public Knowledge to Remove Tree-Ring Watermarks — Junhua Lin

  The rapid advancement of generative artificial intelligence (AI), particularly in image generation, has ushered in an era where distinguishing between authentic and AI-generated content is…

• CertTA: Certified Robustness Made Practical for Learning-Based Traffic Analysis — Jinzhu Yan
• Invisible but Detected: Physical Adversarial Shadow Attack and Defense on LiDAR Object Detection — Ryunosuke Kobayashi
• From Threat to Trust: Exploiting Attention Mechanisms for Attacks and Defenses in Cooperative Perception — Chenyi Wang
• Await() a Second: Evading Control Flow Integrity by Hijacking C++ Coroutines — Marcos Bajo
• System Register Hijacking: Compromising Kernel Integrity By Turning System Registers Against the System — Jennifer Miller
• When Good Kernel Defenses Go Bad: Reliable and Stable Kernel Exploits via Defense-Amplified TLB Side-Channel Leaks — Lukas Maar
• Approximation Enforced Execution of Untrusted Linux Kernel Extensions — Hao Sun
• EKC: A Portable and Extensible Kernel Compartment for De-Privileging Commodity OS — Jiaqin Yan
• The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks — Xinhui Shao

  This talk, presented by Xinhui Shao, unveils a novel and potent attack methodology dubbed **Kernel Object Masquerading (COM) attacks** against **ThreadX**, a widely deployed real-time operating…

• Finding Metadata Inconsistencies in Distributed File Systems via Cross-Node Operation Modeling — Fuchen Ma
• Save what must be saved: Secure context switching with Sailor — Neelu S. Kalani

  The talk "Save what must be saved: Secure context switching with Sailor," presented by Neelu S. Kalani from EPFL, addresses a fundamental yet persistently challenging problem in system security…

• Flexway O-Sort: Enclave-Friendly and Optimal Oblivious Sorting — Tianyao Gu
• Treebeard: A Scalable and Fault Tolerant ORAM Datastore — Amin Setayesh

  In the realm of data privacy, encryption has long been considered the gold standard for protecting sensitive information. However, this talk, "Treebeard: A Scalable and Fault Tolerant ORAM…

• Learning from Functionality Outputs: Private Join and Compute in the Real World — Francesca Falzon
• ALERT: Machine Learning-Enhanced Risk Estimation for Databases Supporting Encrypted Queries — Longxiang Wang

  The proliferation of cloud computing and outsourced data storage has led to an increased demand for secure data management solutions, even when data resides on untrusted third-party servers…

• Distributed Private Aggregation in Graph Neural Networks — Huanhuan Jia

  This article delves into the groundbreaking work presented by Huanhuan Jia titled "Distributed Private Aggregation in Graph Neural Networks." The talk introduces **Distributed Private Aggregation…

• Suda: An Efficient and Secure Unbalanced Data Alignment Framework for Vertical Privacy-Preserving Machine Learning — Lushan Song
• Assuring Certified Database Utility in Privacy-Preserving Database Fingerprinting — Mingyang Song
• Shechi: A Secure Distributed Computation Compiler Based on Multiparty Homomorphic Encryption — Haris Smajlović
• Private Set Intersection and other Set Operations in the Third Party Setting — Foo Yee Yeo
• Detecting Compromise of Passkey Storage on the Cloud — Mazharul Islam
• OneTouch: Effortless 2FA Scheme to Secure Fingerprint Authentication with Wearable OTP Token — Yihui Yan
• Practically Secure Honey Password Vaults: New Design and New Evaluation against Online Guessing — Haibo Cheng
• Password Guessing Using Large Language Models — Yunkai Zou
• A Framework for Abusability Analysis: The Case of Passkeys in Interpersonal Threat Models — Alaa Daffalla
• CertPHash: Towards Certified Perceptual Hashing via Robust Training — Yuchen Yang
• Phishing Attacks against Password Manager Browser Extensions — Claudio Anliker
• Red Bleed: A Pragmatic Near-Infrared Presentation Attack on Facial Biometric Authentication Systems — Bowen Hu

  In an era where facial recognition has become ubiquitous, securing these systems against sophisticated impersonation attempts is paramount. This talk, "Red Bleed: A Pragmatic Near-Infrared…

• Oblivious Digital Tokens — Mihael Liskij
• V-ORAM: A Versatile and Adaptive ORAM Framework with Service Transformation for Dynamic Workloads — Bo Zhang

  Oblivious RAM (ORAM) is a cryptographic primitive designed to protect against **access pattern attacks**, where an adversary observing the frequency and sequence of data requests can infer sensitive…

• AUTOVR: Automated UI Exploration for Detecting Sensitive Data Flow Exposures in Virtual Reality Apps — John Y. Kim
• Found in Translation: A Generative Language Modeling Approach to Memory Access Pattern Attacks — Grace Jia

  In the realm of confidential computing, where sensitive applications process data within hardware-protected environments, a new class of sophisticated side-channel attacks continues to emerge. This…

• More is Less: Extra Features in Contactless Payments Break Security — George Pavlides
• Current Affairs: A Security Measurement Study of CCS EV Charging Deployments — Marcell Szakály
• STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets — Sven Hebrok
• Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea — Taisic Yun
• Unsafe LLM-Based Search: Quantitative Analysis and Mitigation of Safety Risks in AI Web Search — Zeren Luo

  The advent of AI-powered web search marks a significant paradigm shift from traditional information retrieval, moving beyond pages of "blue links" to direct, synthesized solutions tailored to user…

• Generated Data with Fake Privacy: Hidden Dangers of Fine-tuning Large Language Models on Generated Data — Atilla Akkus
• Cloak, Honey, Trap: Proactive Defenses Against LLM Agents — Daniel Ayzenshteyn
• Big Help or Big Brother? Auditing Tracking, Profiling, and Personalization in Generative AI Assistants — Yash Vekaria
• SOFT: Selective Data Obfuscation for Protecting LLM Fine-tuning against Membership Inference Attacks — Kaiyuan Zhang

  This talk, presented by Kaiyuan Zhang, introduces SOFT, a novel defense mechanism designed to protect the privacy of large language models (LLMs) during the crucial fine-tuning phase. As LLMs become…

• Effective PII Extraction from LLMs through Augmented Few-Shot Learning — Shuai Cheng
• Private Investigator: Extracting Personally Identifiable Information from Large Language Models Using Optimized Prompts — Seongho Keum

  Large Language Models (LLMs) have revolutionized numerous fields, from translation and healthcare to code generation, by demonstrating unprecedented performance across a diverse range of tasks. This…

• PrivacyXray: Detecting Privacy Breaches in LLMs through Semantic Consistency and Probability Certainty — Jinwen He
• JBShield: Defending Large Language Models from Jailbreak Attacks through Activated Concept Analysis and Manipulation — Shenyi Zhang
• Web Execution Bundles: Reproducible, Accurate, and Archivable Web Measurements — Florian Hantke
• XSSky: Detecting XSS Vulnerabilities through Local Path-Persistent Fuzzing — Youkun Shi
• ZIPPER: Static Taint Analysis for PHP Applications with Precision and Efficiency — Xinyi Wang
• The DOMino Effect: Detecting and Exploiting DOM Clobbering Gadgets via Concolic Execution with Symbolic DOM — Zhengyu Liu
• FIXX: FInding eXploits from eXamples — Neil P Thimmaiah

  The talk "FIXX: FInding eXploits from eXamples," presented by Neil P Thimmaiah at the 34th USENIX Security Symposium, introduces a novel automated approach to identify undisclosed variants of known…

• Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers — Keke Lian
• Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection — Zihan Lin
• Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation — Xinyou Huang
• Efficient Batchable Secure Outsourced Computation: Depth-Aware Arithmetization of Common Primitives for BFV & BGV — Jelle Vos
• Arbitrary-Threshold Fully Homomorphic Encryption with Lower Complexity — Yijia Chang
• Leuvenshtein: Efficient FHE-based Edit Distance Computation with Single Bootstrap per Cell — Wouter Legiest
• Engorgio: An Arbitrary-Precision Unbounded-Size Hybrid Encrypted Database via Quantized Fully Homomorphic Encryption — Song Bian
• Qelect: Lattice-based Single Secret Leader Election Made Practical — Yunhao Wang
• GlitchFHE: Attacking Fully Homomorphic Encryption Using Fault Injection — Lakshmi Likhitha Mankali
• H2O2RAM: A High-Performance Hierarchical Doubly Oblivious RAM — Leqian Zheng

  In the realm of modern computing, particularly within cloud environments leveraging **Trusted Execution Environments (TEEs)**, the confidentiality of data is paramount. However, traditional security…

• OBLIVIATOR: OBLIVIous Parallel Joins and other OperATORs in Shared Memory Environments — Apostolos Mavrogiannakis
• Efficient Ranking, Order Statistics, and Sorting under CKKS — Federico Mazzone

  This talk, presented by Federico Mazzone from the University of Trento, introduces novel algorithms for efficiently performing ranking, order statistics, and sorting operations on encrypted data…