USENIX Security '22 has three submission deadlines. Prepublication versions of the accepted papers from the fall submission deadline are available below. The full program will be available soon.
Security at the End of the Tunnel: The Anatomy of VPN Mental Models Among Experts and Non-Experts in a Corporate Context
Veroniek Binkhorst, Technical University of Delft; Tobias Fiebig, Max-Planck-Institut für Informatik and Technical University of Delft; Katharina Krombholz, CISPA Helmholtz Center for Information Security; Wolter Pieters, Radboud University; Katsiaryna Labunets, Utrecht University
GAROTA: Generalized Active Root-Of-Trust Architecture (for Tiny Embedded Devices)
Esmerald Aliaj, University of California, Irvine; Ivan De Oliveira Nunes, Rochester Institute of Technology; Gene Tsudik, University of California, Irvine
A Large-scale and Longitudinal Measurement Study of DKIM Deployment
Chuhan Wang, Kaiwen Shen, and Minglei Guo, Tsinghua University; Yuxuan Zhao, North China Institute of Computing Technology; Mingming Zhang, Jianjun Chen, and Baojun Liu, Tsinghua University; Xiaofeng Zheng and Haixin Duan, Tsinghua University and Qi An Xin Technology Research Institute; Yanzhong Lin and Qingfeng Pan, Coremail Technology Co. Ltd
Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones
Masoud Mehrabi Koushki, Yue Huang, Julia Rubin, and Konstantin Beznosov, University of British Columbia
Cheetah: Lean and Fast Secure Two-Party Deep Neural Network Inference
Zhicong Huang, Wen-jie Lu, Cheng Hong, and Jiansheng Ding, Alibaba Group
Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach
Ruofan Liu, Yun Lin, Xianglin Yang, and Siang Hwee Ng, National University of Singapore; Dinil Mon Divakaran, Trustwave; Jin Song Dong, National University of Singapore
Electronic Monitoring Smartphone Apps: An Analysis of Risks from Technical, Human-Centered, and Legal Perspectives
Kentrell Owens, University of Washington; Anita Alem, Harvard Law School; Franziska Roesner and Tadayoshi Kohno, University of Washington
ppSAT: Towards Two-Party Private SAT Solving
Ning Luo, Samuel Judson, Timos Antonopoulos, and Ruzica Piskac, Yale University; Xiao Wang, Northwestern University
"Like Lesbians Walking the Perimeter": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice
Christine Geeng and Mike Harris, University of Washington; Elissa Redmiles, Max Planck Institute for Software Systems; Franziska Roesner, University of Washington
CamShield: Securing Smart Cameras through Physical Replication and Isolation
Zhiwei Wang, Yihui Yan, and Yueli Yan, ShanghaiTech University; Huangxun Chen, Huawei Theory Lab; Zhice Yang, ShanghaiTech University
PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image Classifier
Chong Xiang, Saeed Mahloujifar, and Prateek Mittal, Princeton University
Phish in Sheep's Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting
Xu Lin, Panagiotis Ilia, Saumya Solanki, and Jason Polakis, University of Illinois at Chicago
FreeWill: Automatically Diagnosing Use-after-free Bugs via Reference Miscounting Detection on Binaries
Liang He, TCA, Institute of Software, Chinese Academy of Sciences; Hong Hu, Pennsylvania State University; Purui Su, TCA / SKLCS, Institute of Software, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences; Yan Cai, SKLCS, Institute of Software, Chinese Academy of Sciences; Zhenkai Liang, National University of Singapore
ReZone: Disarming TrustZone with TEE Privilege Reduction
David Cerdeira and José Martins, Centro ALGORITMI, Universidade do Minho; Nuno Santos, INESC-ID / Instituto Superior Técnico, Universidade de Lisboa; Sandro Pinto, Centro ALGORITMI, Universidade do Minho
Double Trouble: Combined Heterogeneous Attacks on Non-Inclusive Cache Hierarchies
Antoon Purnal, Furkan Turan, and Ingrid Verbauwhede, imec-COSIC, KU Leuven
The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions
Konstantinos Solomos, Panagiotis Ilia, and Soroush Karami, University of Illinois at Chicago; Nick Nikiforakis, Stony Brook University; Jason Polakis, University of Illinois at Chicago
MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference
Cheolwoo Myung, Gwangmu Lee, and Byoungyoung Lee, Seoul National University
Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis
Xudong Pan, Mi Zhang, Yifan Yan, Jiaming Zhu, and Min Yang, Fudan University
SARA: Secure Android Remote Authorization
Abdullah Imran, Habiba Farrukh, Muhammad Ibrahim, Z. Berkay Celik, and Antonio Bianchi, Purdue University
Counting in Regexes Considered Harmful: Exposing ReDoS Vulnerability of Nonbacktracking Matchers
Lenka Turoňová, Lukáš Holík, Ivan Homoliak, and Ondřej Lengál, Faculty of Information Technology, Brno University of Technology; Margus Veanes, Microsoft Research Redmond; Tomáš Vojnar, Faculty of Information Technology, Brno University of Technology
SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier
Lukas Petzi, Ala Eddine Ben Yahya, and Alexandra Dmitrienko, University of Würzburg; Gene Tsudik, UC Irvine; Thomas Prantl and Samuel Kounev, University of Würzburg
Poisoning Attacks to Local Differential Privacy Protocols for Key-Value Data
Yongji Wu, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong, Duke University
Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs
Jayakrishna Vadayath, Arizona State University; Moritz Eckert, EURECOM; Kyle Zeng, Arizona State University; Nicolaas Weideman, University of Southern California; Gokulkrishna Praveen Menon, Arizona State University; Yanick Fratantonio, Cisco Systems Inc.; Davide Balzarotti, EURECOM; Adam Doupé, Tiffany Bao, and Ruoyu Wang, Arizona State University; Christophe Hauser, University of Southern California; Yan Shoshitaishvili, Arizona State University
Breaking Bridgefy, again: Adopting libsignal is not enough
Martin R. Albrecht, Information Security Group, Royal Holloway, University of London; Raphael Eikenberg and Kenneth G. Paterson, Applied Cryptography Group, ETH Zurich
"The Same PIN, Just Longer": On the (In)Security of Upgrading PINs from 4 to 6 Digits
Collins W. Munyendo, The George Washington University; Philipp Markert, Ruhr University Bochum; Alexandra Nisenoff, University of Chicago; Miles Grant and Elena Korkes, The George Washington University; Blase Ur, University of Chicago; Adam J. Aviv, The George Washington University
Networks of Care: Tech Abuse Advocates' Digital Security Practices
Julia Slupska, University of Oxford; Angelika Strohmayer, Northumbria University
Khaleesi: Breaker of Advertising and Tracking Request Chains
Umar Iqbal, University of Washington; Charlie Wolfe, University of Iowa; Charles Nguyen, University of California, Davis; Steven Englehardt, DuckDuckGo; Zubair Shafiq, University of California, Davis
DeepPhish: Understanding User Trust Towards Artificially Generated Profiles in Online Social Networks
Jaron Mink, Licheng Luo, and Natã M. Barbosa, University of Illinois at Urbana-Champaign; Olivia Figueira, Santa Clara University; Yang Wang and Gang Wang, University of Illinois at Urbana-Champaign
TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering
Andrei Tatar, Vrije Universiteit, Amsterdam; Daniël Trujillo, Vrije Universiteit, Amsterdam, and ETH Zurich; Cristiano Giuffrida and Herbert Bos, Vrije Universiteit, Amsterdam
Building an Open, Robust, and Stable Voting-Based Domain Top List
Qinge Xie, Georgia Institute of Technology; Shujun Tang, QI-ANXIN Technology Research Institute; Xiaofeng Zheng, QI-ANXIN Technology Research Institute and Tsinghua University; Qingran Lin, QI-ANXIN Technology Research Institute; Baojun Liu, Tsinghua University; Haixin Duan, QI-ANXIN Technology Research Institute and Tsinghua University; Frank Li, Georgia Institute of Technology
Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks
Andreas Kogler and Daniel Gruss, Graz University of Technology; Michael Schwarz, CISPA Helmholtz Center for Information Security
Attacks on Deidentification's Defenses
Aloni Cohen, University of Chicago
Distinguished Paper Award Winner
In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authentication
Sungbae Yoo, Jinbum Park, Seolheui Kim, and Yeji Kim, Samsung Research; Taesoo Kim, Samsung Research and Georgia Institute of Technology
Unleash the Simulacrum: Shifting Browser Realities for Robust Extension-Fingerprinting Prevention
Soroush Karami, University of Illinois at Chicago; Faezeh Kalantari, Mehrnoosh Zaeifi, Xavier J. Maso, and Erik Trickel, Arizona State University; Panagiotis Ilia, University of Illinois at Chicago; Yan Shoshitaishvili and Adam Doupé, Arizona State University; Jason Polakis, University of Illinois at Chicago
Anycast Agility: Network Playbooks to Fight DDoS
A S M Rizvi, USC/ISI; Leandro Bertholdo, University of Twente; João Ceron, SIDN Labs; John Heidemann, USC/ISI
PolyCruise: A Cross-Language Dynamic Information Flow Analysis
Wen Li, Washington State University, Pullman; Jiang Ming, University of Texas at Arlington; Xiapu Luo, The Hong Kong Polytechnic University; Haipeng Cai, Washington State University, Pullman
Communication-Efficient Triangle Counting under Local Differential Privacy
Jacob Imola, UC San Diego; Takao Murakami, AIST; Kamalika Chaudhuri, UC San Diego
Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change Requests
Yi Chen and Di Tang, Indiana University Bloomington; Yepeng Yao, {CAS-KLONAT, BKLONSPT}, Institute of Information Engineering, CAS, and School of Cyber Security, University of Chinese Academy of Sciences; Mingming Zha and XiaoFeng Wang, Indiana University Bloomington; Xiaozhong Liu, Worcester Polytechnic Institute; Haixu Tang and Dongfang Zhao, Indiana University Bloomington
Hyperproofs: Aggregating and Maintaining Proofs in Vector Commitments
Shravan Srinivasan, University of Maryland; Alexander Chepurnoy, Ergo Platform; Charalampos Papamanthou, Yale University; Alin Tomescu, VMware Research; Yupeng Zhang, Texas A&M University
Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission
Asuman Senol, imec-COSIC, KU Leuven; Gunes Acar, Radboud University; Mathias Humbert, University of Lausanne; Frederik Zuiderveen Borgesius, Radboud University
Using Trātṛ to tame Adversarial Synchronization
Yuvraj Patel, Chenhao Ye, Akshat Sinha, Abigail Matthews, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, and Michael M. Swift, University of Wisconsin–Madison
Security Analysis of Camera-LiDAR Fusion Against Black-Box Attacks on Autonomous Vehicles
R. Spencer Hallyburton and Yupei Liu, Duke University; Yulong Cao and Z. Morley Mao, University of Michigan; Miroslav Pajic, Duke University
Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB Ranging
Patrick Leu and Giovanni Camurati, ETH Zurich; Alexander Heinrich, TU Darmstadt; Marc Roeschlin and Claudio Anliker, ETH Zurich; Matthias Hollick, TU Darmstadt; Srdjan Capkun, ETH Zurich; Jiska Classen, TU Darmstadt
Transferring Adversarial Robustness Through Robust Representation Matching
Pratik Vaishnavi, Stony Brook University; Kevin Eykholt, IBM; Amir Rahmati, Stony Brook University
Provably-Safe Multilingual Software Sandboxing using WebAssembly
Jay Bosamiya, Wen Shih Lim, and Bryan Parno, Carnegie Mellon University
Distinguished Paper Award Winner and Second Prize Winner (tie) of the 2022 Internet Defense Prize
ALASTOR: Reconstructing the Provenance of Serverless Intrusions
Pubali Datta, University of Illinois at Urbana-Champaign; Isaac Polinsky, North Carolina State University; Muhammad Adil Inam and Adam Bates, University of Illinois at Urbana-Champaign; William Enck, North Carolina State University
Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era
Changjiang Li, Pennsylvania State University and Zhejiang University; Li Wang, Shandong University; Shouling Ji and Xuhong Zhang, Zhejiang University; Zhaohan Xi, Pennsylvania State University; Shanqing Guo, Shandong University; Ting Wang, Pennsylvania State University
On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning
Anvith Thudi, Hengrui Jia, Ilia Shumailov, and Nicolas Papernot, University of Toronto and Vector Institute
Might I Get Pwned: A Second Generation Compromised Credential Checking Service
Bijeeta Pal, Cornell University; Mazharul Islam, University of Wisconsin–Madison; Marina Sanusi Bohuk, Cornell University; Nick Sullivan, Luke Valenta, Tara Whalen, and Christopher Wood, Cloudflare; Thomas Ristenpart, Cornell Tech; Rahul Chatterjee, University of Wisconsin–Madison
Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture
Xinyu Tang, Saeed Mahloujifar, and Liwei Song, Princeton University; Virat Shejwalkar, Milad Nasr, and Amir Houmansadr, University of Massachusetts Amherst; Prateek Mittal, Princeton University
OS-Aware Vulnerability Prioritization via Differential Severity Analysis
Qiushi Wu, University of Minnesota; Yue Xiao and Xiaojing Liao, Indiana University Bloomington; Kangjie Lu, University of Minnesota
Efficient Representation of Numerical Optimization Problems for SNARKs
Sebastian Angel, University of Pennsylvania and Microsoft Research; Andrew J. Blumberg, Columbia University; Eleftherios Ioannidis and Jess Woods, University of Pennsylvania
Efficient Differentially Private Secure Aggregation for Federated Learning via Hardness of Learning with Errors
Timothy Stevens, Christian Skalka, and Christelle Vincent, University of Vermont; John Ring, MassMutual; Samuel Clark, Raytheon; Joseph Near, University of Vermont
OpenVPN is Open to VPN Fingerprinting
Diwen Xue, Reethika Ramesh, and Arham Jain, University of Michigan; Michalis Kallitsis, Merit Network, Inc.; J. Alex Halderman, University of Michigan; Jedidiah R. Crandall, Arizona State University/Breakpointing Bad; Roya Ensafi, University of Michigan
Distinguished Paper Award Winner and First Prize Winner of the 2022 Internet Defense Prize
Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches
Youkun Shi, Yuan Zhang, Tianhan Luo, and Xiangyu Mao, Fudan University; Yinzhi Cao, Johns Hopkins University; Ziwen Wang, Yudi Zhao, Zongan Huang, and Min Yang, Fudan University
MaDIoT 2.0: Modern High-Wattage IoT Botnet Attacks and Defenses
Tohid Shekari, Georgia Institute of Technology; Alvaro A. Cardenas, University of California, Santa Cruz; Raheem Beyah, Georgia Institute of Technology
Physical-Layer Attacks Against Pulse Width Modulation-Controlled Actuators
Gökçen Yılmaz Dayanıklı, Qualcomm; Sourav Sinha, Virginia Tech; Devaprakash Muniraj, IIT Madras; Ryan M. Gerdes and Mazen Farhood, Virginia Tech; Mani Mina, Iowa State University
Who Are You (I Really Wanna Know)? Detecting Audio DeepFakes Through Vocal Tract Reconstruction
Logan Blue, Kevin Warren, Hadi Abdullah, Cassidy Gibson, Luis Vargas, Jessica O'Dell, Kevin Butler, and Patrick Traynor, University of Florida
Shuffle-based Private Set Union: Faster and More Secure
Yanxue Jia and Shi-Feng Sun, Shanghai Jiao Tong University; Hong-Sheng Zhou, Virginia Commonwealth University; Jiajun Du and Dawu Gu, Shanghai Jiao Tong University
Pacer: Comprehensive Network Side-Channel Mitigation in the Cloud
Aastha Mehta, University of British Columbia (UBC); Mohamed Alzayat, Roberta De Viti, Björn B. Brandenburg, Peter Druschel, and Deepak Garg, Max Planck Institute for Software Systems (MPI-SWS)
Zero-Knowledge Middleboxes
Paul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, and Michael Walfish, NYU
TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities
Rahul Kande, Addison Crump, and Garrett Persyn, Texas A&M University; Patrick Jauernig and Ahmad-Reza Sadeghi, Technische Universität Darmstadt; Aakash Tyagi and Jeyavijayan Rajendran, Texas A&M University
Private Signaling
Varun Madathil and Alessandra Scafuro, North Carolina State University; István András Seres, Eötvös Loránd University; Omer Shlomovits and Denis Varlakov, ZenGo X
Distinguished Paper Award Winner
Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida, Vrije Universiteit Amsterdam
Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability
Kyle Zeng, Arizona State University; Yueqi Chen, Pennsylvania State University; Haehyun Cho, Arizona State University and Soongsil University; Xinyu Xing, Pennsylvania State University; Adam Doupé, Yan Shoshitaishvili, and Tiffany Bao, Arizona State University
Are Your Sensitive Attributes Private? Novel Model Inversion Attribute Inference Attacks on Classification Models
Shagufta Mehnaz; The Pennsylvania State University; Sayanton V. Dibbo and Ehsanul Kabir, Dartmouth College; Ninghui Li and Elisa Bertino, Purdue University
Stalloris: RPKI Downgrade Attack
Tomas Hlavacek and Philipp Jeitner, Fraunhofer Institute for Secure Information Technology SIT and National Research Center for Applied Cybersecurity ATHENE; Donika Mirdita, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Technische Universität Darmstadt; Haya Shulman, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Goethe-Universität Frankfurt; Michael Waidner, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Technische Universität Darmstadt
V'CER: Efficient Certificate Validation in Constrained Networks
David Koisser and Patrick Jauernig, Technical University Darmstadt; Gene Tsudik, University of California, Irvine; Ahmad-Reza Sadeghi, Technical University Darmstadt
Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk, Ruhr University Bochum
Identity Confusion in WebView-based Mobile App-in-app Ecosystems
Lei Zhang, Zhibo Zhang, and Ancong Liu, Fudan University; Yinzhi Cao, Johns Hopkins University; Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, and Min Yang, Fudan University
Distinguished Paper Award Winner
How Machine Learning Is Solving the Binary Function Similarity Problem
Andrea Marcelli, Mariano Graziano, Xabier Ugarte-Pedrero, and Yanick Fratantonio, Cisco Systems, Inc.; Mohamad Mansouri and Davide Balzarotti, EURECOM
FLAME: Taming Backdoors in Federated Learning
Thien Duc Nguyen and Phillip Rieger, Technical University of Darmstadt; Huili Chen, University of California San Diego; Hossein Yalame, Helen Möllering, and Hossein Fereidooni, Technical University of Darmstadt; Samuel Marchal, Aalto University and F-Secure; Markus Miettinen, Technical University of Darmstadt; Azalia Mirhoseini, Google; Shaza Zeitouni, Technical University of Darmstadt; Farinaz Koushanfar, University of California San Diego; Ahmad-Reza Sadeghi and Thomas Schneider, Technical University of Darmstadt