USENIX Security '22 Poster Session

Accepted Posters

The following posters will be presented at the USENIX Security ’22 Poster Session and Happy Hour on Wednesday, August 10, from 6:00 pm–7:30 pm.

CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel
Mengyuan Li, The Ohio State University; Yinqian Zhang, Southern University of Science and Technology; Huibo Wang and Kang Li, Baidu Security; Yueqiang Chen, NIO Security Research

Temporal System Call Specialization for Attack Surface Reduction
Seyedhamed Ghavamnia, Stony Brook University; Tapti Palit, Purdue University; Shachee Mishra, IBM Research; Michalis Polychronakis, Stony Brook University

Share First, Ask Later (or Never?) Studying Violations of GDPR's Explicit Consent in Android Apps
Trung Tin Nguyen, Michael Backes, Ninja Marnau, and Ben Stock, CISPA Helmholtz Center for Information Security

SEApp: Bringing Mandatory Access Control to Android Apps
Matthew Rossi and Dario Facchinetti, Università degli Studi di Bergamo; Enrico Bacis, Google; Marco Rosa, SAP Security Research; Stefano Paraboschi, Università degli Studi di Bergamo

Camel: Cryptographic Audits for Collaborative Machine Learning
Hidde Lycklama, Nicolas Küchler, Emanuel Opel, Lukas Burkhalter, and Anwar Hithnawi, ETH Zurich

The Privacy Management Layer
Nicolas Küchler, Emanuel Opel, Hidde Lycklama, Lukas Burkhalter, and Anwar Hithnawi, ETH Zurich

TXSPETOR: Uncovering Attacks in Ethereum from Transactions
Mengya Zhang, The Ohio State University; Xiaokuan Zhang, Georgia Institute of Technology; Yinqian Zhang, Southern University of Science and Technology; Zhiqiang Lin, The Ohio State University

U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild
Marius Musch and Martin Johns, TU Braunschweig

Hardening WASI using Landlock LSM
Marco Abbadini, Dario Facchinetti, Gianluca Oldani, Stefano Paraboschi, and Matthew Rossi, Università degli Studi di Bergamo

LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks
Jianliang Wu and Ruoyu Wu, Purdue University; Daniele Antonioli, EPFL & EURECOM; Mathias Payer, EPFL; Nils Ole Tippenhauer, CISPA Helmholtz Center for Information Security; Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi, Purdue University

PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking
Chong Xiang, Princeton University; Arjun Nitin Bhagoji, University of Chicago; Vikash Sehwag and Prateek Mittal, Princeton University

Developing a Psychometric Scale to Measure One's Valuation of Other People's Privacy
Rakibul Hasan, Arizona State University University; Rudolf Siegel, Rebecca Weil, and Katharina Krombholz, CISPA

Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT
Haohuang Wen, Ohio State University; Alfred Chen, UC Irvine; Zhiqiang Lin, Ohio State University

CACTI: Captcha Avoidance via Client-side TEE Integration
Yoshimichi Nakatsuka and Ercan Ozturk, University of California, Irvine; Andrew Paverd, Microsoft Research & Microsoft Security Response Center; Gene Tsudik, UCI

Stars Can Tell: A Robust Method to Defend against GPS Spoofing Attacks using Off-the-shelf Chipset
Shinan Liu, University of Chicago; Xiang Cheng and Hanchao Yang, Virginia Tech; Yuanchao Shu, Microsoft; Xiaoran Weng, University of Electronic Science and Technology of China; Ping Guo, City University of Hong Kong; Kexiong (Curtis) Zeng, Facebook; Gang Wang, University of Illinois at Urbana-Champaign; Yaling Yang, Virginia Tech

Data Recovery from “Scrubbed” NAND Flash Storage: Need for Analog Sanitization
Biswajit Ray, University of Alabama in Huntsville

Ghost Riding: A Queueing Approach for Vehicular Traffic Networks Sybil Attacks
Jhonatan Tavori and Hanoch Levy, Tel Aviv University

Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
Kaiwen Shen, Chuhan Wang, and Minglei Guo, Tsinghua University; Xiaofeng Zheng, Tsinghua University; Qi An Xin Technology Research Institute; Chaoyi Lu and Baojun Liu, Tsinghua University; Yuxuan Zhao, North China Institute of Computing Technology; Shuang Hao, University of Texas at Dallas; Haixin Duan, Tsinghua University; Qi An Xin Technology Research Institute; Qingfeng Pan, Coremail technology co. ltd; Min Yang, Fudan University

Osiris: Automated Discovery of Microarchitectural Side Channels
Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, and Christian Rossow, CISPA Helmholtz Center for Information Security

Does Compliance Enforcement Work?: Evaluation of Certified Mobile-IoT Apps
Prianka Mandal, Amit Seal Ami, and Adwait Nadkarni, William & Mary

A Longitudinal and Comprehensive Study of the DANE Ecosystem in Email
Hyeonmin Lee, Seoul National University; Aniketh Girish, IMDEA Networks / Universidad Carlos III de Madrid; Roland van Rijswijk-Deij, University of Twente & NLnet Labs; Taekyoung "Ted" Kwon, Seoul National University; Taejoong Chung, Virginia Tech

Poseidon: A New Hash Function for Zero-Knowledge Proof Systems
Lorenzo Grassi, Radboud University Nijmegen; Dmitry Khovratovich, Ethereum Foundation and Dusk Network; Christian Rechberger, Graz University of Technology; Arnab Roy, University of Klagenfurt; Markus Schofnegger, Graz University of Technology

Silhouette: Efficient Protected Shadow Stacks for Embedded Systems
Jie Zhou, University of Rochester; Yufei Du, University of North Carolina at Chapel Hill; Zhuojia Shen, University of Rochester; Lele Ma, College of William and Mary; John Criswell, University of Rochester; Robert J. Walls, Worcester Polytechnic Institute

Kalεido: Real-Time Privacy Control for Eye-Tracking Systems
Jingjie Li, University of Wisconsin-Madison; Amrita Roy Chowdhury, University of California, San Diego; Kassem Fawaz and Younghyun Kim, University of Wisconsin-Madison

Privacy Preserving Traceable Logistics on Public Blockchain
Jongho Kim and Junhee Lee, Hanyang University; Jihye Kim, Kookmin University; Hyunok Oh, Hanyang University

Understanding Mistakes Developers Make: Qualitative Analysis from Build It, Break It, Fix It
Kelsey Fulton, University of Maryland; Daniel Votipka, Tufts University; James Parker, Galois, Inc; Michael Hicks, Matthew Hou, and Michelle Mazurek, University of Maryland

Abusing Hidden Properties to Attack the Node.js Ecosystem
Feng Xiao, Georgia Institute of Technology; Jianwei Huang, Texas A&M University; Yichang Xiong, Independent Researcher; GuangLiang Yang, Georgia Institute of Technology; Hong Hu, Pennsylvania State University; Guofei Gu, Texas A&M; Wenke Lee, Georgia Institute of Technology

SandTrap: Securing JavaScript-driven Trigger-Action Platforms
Mohammad M. Ahmadpanah, Chalmers University of Technology; Daniel Hedin, Chalmers University of Technology, Mälardalen University; Musard Balliu, KTH Royal Institute of Technology; Lars Eric Olsson and Andrei Sabelfeld, Chalmers University of Technology

We Exfiltrate Your Data at Video Rates, by Vibrating Your Sprinkler Pipes
Anku Adhikari, University of Illinois Urbana-Champaign; Samuel Guo, Carnegie Mellon University; Paris Smaragdis and Marianne Winslett, University of Illinois Urbana-Champaign

Adapting Security Warnings to Counter Disinformation
Ben Kaiser, Princeton University; Jerry Wei; Eli Lucherini, Kevin Lee, and Jonathan Mayer, Princeton University; J. Nathan Matias, Cornell University

Light Commands: Laser-Based Audio Injection on Voice-Controllable Systems
Takeshi Sugawara, The University of Electro-Communications; Benjamin Cyr, University of Michigan; Sara Rampazzi, University of Florida; Daniel Genkin, Georgia Tech; Kevin Fu, University of Michigan

Stealthy Tracking of Autonomous Vehicles with Cache Side Channels
Mulong Luo, Andrew Myers, and Edward Suh, Cornell University

Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks
Yue Zhang, The Ohio State University; Jian Weng, Jinan University; Rajib Dey, University of Central Florida; Yier Jin, University of Florida; Zhiqiang Lin, Ohio State University; Xinwen Fu, University of Central Florida

Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service
Zhibo “Eric” Sun, Drexel University; Adam Oest, PayPal, Inc.; Penghui Zhang, Arizona State University; Carlos Rubio-Medrano, Texas A&M University - Corpus Christi; Tiffany Bao and Ruoyu "Fish" Wang, Arizona State University; Ziming Zhao, Rochester Institute of Technology; Yan Shoshitaishvili, Adam Doupe, and Gail-Joon Ahn, Arizona State University

Towards (Re)constructing Attack Flow from Threat Report
Shota Fujii, Hitachi, Ltd./Okayama University; Nobutaka Kawaguchi and Tomohiro Shigemoto, Hitachi, Ltd.; Toshihiro Yamauchi, Okayama University

Identifying Harmful Media in End-to-End Encrypted Communication: Efficient Private Membership Computation
Anunay Kulshrestha and Jonathan Mayer, Princeton University

Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections
Tom Van Goethem, imec-DistriNet, KU Leuven; Christina Pöpper, New York University Abu Dhabi; Wouter Joosen, imec-DistriNet, KU Leuven; Mathy Vanhoef, New York University Abu Dhabi and KU Leuven

Minerva– An Efficient Risk-Limiting Ballot Polling Audit
Filip Zagorski; Poorvi Vora, The George Washington University; Neal McBurnett, Sarah Morin, and Grant MCClearn

Efficiency Analysis of Audit Log Reduction Techniques
Muhammad Adil Inam and Adam Bates, University of Illinois at Urbana-Champaign

Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations
Milad Nasr, Alireza Bahramali, and Amir Houmansadr, University of Massachusetts Amherst

EIFFeL: Ensuring Integrity for Federated Learning
Amrita Roy Chowdhury, UW-Madison; Chuan Guo, Meta AI; Somesh Jha, UW-Madison; Laurens van der Maaten, Meta AI

ExpRace: Exploiting Kernel Races through Raising Interrupts
Yoochan Lee, Seoul National University; Changwoo Min, Virginia Tech; Byoungyoung Lee, Seoul National University

An Investigation of the Android Kernel Patch Ecosystem
Zheng Zhang, Hang Zhang, and Zhiyun Qian, UC Riverside; Billy Lau, Google Inc.

Privacy and Integrity Preserving Computations with CRISP
Sylvain Chatel, Apostolos Pyrgelis, Juan Ramon Troncoso Pastoriza, and Jean-Pierre Hubaux, EPFL

Blind Backdoors in Deep Learning Models
Eugene Bagdasaryan and Vitaly Shmatikov, Cornell Tech

Evaluating Perception Attacks on Prediction and Planning of Autonomous Vehicles
Yanmao Man, University of Arizona; Raymond Muller, Purdue University; Ming Li, University of Arizona, Tucson; Z. Berkay Celik, Purdue University; Ryan Gerdes, Virginia Tech

Deep-Dup: An Adversarial Weight Duplication Attack Framework to Crush Deep Neural Network in Multi-Tenant FPGA
Adnan Siraj Rakin, Arizona State University; Yukui Luo and Xiaolin Xu, Northeastern University; Deliang Fan, Arizona State University

A Formal Foundation for Recoverability
Paul Crews, Google, Stanford University