USENIX Security '20 has four submission deadlines. Prepublication versions of the accepted papers from the summer submission deadline are available below. The full program will be available in May 2020.
Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
Daniel Votipka, Kelsey R. Fulton, James Parker, Matthew Hou, Michelle L. Mazurek, and Michael Hicks, University of Maryland
Distinguished Paper Award Winner
Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations
Samuel Weiser, David Schrammel, and Lukas Bodner, Graz University of Technology; Raphael Spreitzer, SGS Digital Trust Services
(Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization
Zeyu Mi, Dingji Li, Haibo Chen, Binyu Zang, and Haibing Guan, Shanghai Key Laboratory for Scalable Computing Systems, School of Software, Shanghai Jiao Tong University
An Off-Chip Attack on Hardware Enclaves via the Memory Bus
Dayeol Lee, UC Berkeley; Dongha Jung, SK Hynix; Ian T. Fang, UC Berkeley; Chia-Che Tsai, Texas A&M University; Raluca Ada Popa, UC Berkeley
Void: A fast and light voice liveness detection system
Muhammad Ejaz Ahmed, Data61, CSIRO; Il-Youp Kwak, Chung-Ang University; Jun Ho Huh and Iljoo Kim, Samsung Research; Taekkyung Oh, KAIST and Sungkyunkwan University; Hyoungshick Kim, Sungkyunkwan University
SmartVerif: Push the Limit of Automation Capability of Verifying Security Protocols by Dynamic Strategies
Yan Xiong, Cheng Su, Wenchao Huang, Fuyou Miao, Wansen Wang, and Hengyi Ouyang, University of Science and Technology of China
An Observational Investigation of Reverse Engineers’ Processes
Daniel Votipka and Seth Rabin, University of Maryland; Kristopher Micinski, Syracuse University; Jeffrey S. Foster, Tufts University; Michelle L. Mazurek, University of Maryland
Cached and Confused: Web Cache Deception in the Wild
Seyed Ali Mirheidari, University of Trento; Sajjad Arshad, Northeastern University; Kaan Onarlioglu, Akamai Technologies; Bruno Crispo, University of Trento, KU Leuven; Engin Kirda and William Robertson, Northeastern University
Security Analysis of Unified Payments Interface and Payment Apps in India
Renuka Kumar, University of Michigan; Sreesh Kishore; Hao Lu and Atul Prakash, University of Michigan
ShadowMove: A Stealthy Lateral Movement Strategy
Amirreza Niakanlahiji, University of Illinois Springfield; Jinpeng Wei and Md Rabbi Alam, UNC Charlotte; Qingyang Wang, Louisiana State University; Bei-Tseng Chu, UNC Charlotte
PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation
Lee Harrison and Hayawardh Vijayakumar, Samsung Knox, Samsung Research America; Rohan Padhye and Koushik Sen, EECS Department, University of California, Berkeley; Michael Grace, Samsung Knox, Samsung Research America
McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers
Daniel J. Bernstein, University of Illinois at Chicago, Ruhr University Bochum; Tanja Lange, Eindhoven University of Technology
SAVIOR: Securing Autonomous Vehicles with Robust Physical Invariants
Raul Quinonez, University of Texas at Dallas; Jairo Giraldo, University of Utah; Luis Salazar, University of California, Santa Cruz; Erick Bauman, University of Texas at Dallas; Alvaro Cardenas, University of California, Santa Cruz; Zhiqiang Lin, Ohio State University
Local Model Poisoning Attacks to Byzantine-Robust Federated Learning
Minghong Fang, Iowa State University; Xiaoyu Cao, Jinyuan Jia, and Neil Gong, Duke University
Zero-delay Lightweight Defenses against Website Fingerprinting
Jiajun Gong and Tao Wang, Hong Kong University of Science and Technology
Devil’s Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices
Yuxuan Chen, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Department of Computer Science, Florida Institute of Technology; Xuejing Yuan, Jiangshan Zhang, and Yue Zhao, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Shengzhi Zhang, Department of Computer Science, Metropolitan College, Boston University, USA; Kai Chen, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; XiaoFeng Wang, School of Informatics and Computing, Indiana University Bloomington
HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
Abraham A Clements, Sandia National Laboratories; Eric Gustafson, UC Santa Barbara and Sandia National Laboratories; Tobias Scharnowski, Ruhr-Universität Bochum; Paul Grosen, UC Santa Barbara; David Fritz, Sandia National Laboratories; Christopher Kruegel and Giovanni Vigna, UC Santa Barbara; Saurabh Bagchi, Purdue University; Mathias Payer, EPFL
Estonian Electronic Identity Card: Security Flaws in Key Management
Arnis Parsovs, Software Technology and Applications Competence Center and University of Tartu
PCKV: Locally Differentially Private Correlated Key-Value Data Collection with Optimized Utility
Xiaolan Gu and Ming Li, University of Arizona; Yueqiang Cheng, Baidu X-Lab; Li Xiong, Emory University; Yang Cao, Kyoto University
Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT
Haohuang Wen, Ohio State University; Qi Alfred Chen, University of California, Irvine; Zhiqiang Lin, Ohio State University
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning
Ahmed Salem, CISPA Helmholtz Center for Information Security; Apratim Bhattacharya, Max Planck Institute for Informatics; Michael Backes, Mario Fritz, and Yang Zhang, CISPA Helmholtz Center for Information Security
Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck
Benjamin Andow, IBM T.J. Watson Research Center; Samin Yaseer Mahmud, Justin Whitaker, William Enck, and Bradley Reaves, North Carolina State University; Kapil Singh, IBM T.J. Watson Research Center; Serge Egelman, U.C. Berkeley; ICSI; AppCensus Inc.
Exploring Connections Between Active Learning and Model Extraction
Varun Chandrasekaran, University of Wisconsin-Madison; Kamalika Chaudhuri, University of California San Diego; Irene Giacomelli, Protocol Labs; Somesh Jha, University of Wisconsin-Madison; Songbai Yan, University of California San Diego
Achieving Keyless CDNs with Conclaves
Stephen Herwig, University of Maryland; Christina Garman, Purdue University; Dave Levin, University of Maryland
On Training Robust PDF Malware Classifiers
Yizheng Chen, Shiqi Wang, Dongdong She, and Suman Jana, Columbia University
Programmable In-Network Security for Context-aware BYOD Policies
Qiao Kang, Rice University; Lei Xue, The Hong Kong Polytechnic University; Adam Morrison, Yuxin Tang, and Ang Chen, Rice University; Xiapu Luo, The Hong Kong Polytechnic University
FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning
Peiyuan Zong, Tao Lv, Dawei Wang, Zizhuang Deng, Ruigang Liang, and Kai Chen, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
Data Recovery from “Scrubbed” NAND Flash Storage: Need for Analog Sanitization
Md Mehedi Hasan and Biswajit Ray, The University of Alabama in Huntsville
Pixel: Multi-signatures for Consensus
Manu Drijvers, DFINITY; Sergey Gorbunov, Algorand and University of Waterloo; Gregory Neven, DFINITY; Hoeteck Wee, Algorand and CNRS, ENS, PSL
Secure parallel computation on national scale volumes of data
Sahar Mazloom and Phi Hung Le, George Mason University; Samuel Ranellucci, Unbound Tech; S. Dov Gordon, George Mason University
Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries
Fnu Suya, Jianfeng Chi, David Evans, and Yuan Tian, University of Virginia
BScout: Direct Whole Patch Presence Test for Java Executables
Jiarun Dai, Yuan Zhang, Zheyue Jiang, Yingtian Zhou, and Junyan Chen, Fudan University; Xinyu Xing, Pennsylvania State University; Xiaohan Zhang, Xin Tan, Min Yang, and Zhemin Yang, Fudan University
BigMAC: Fine-Grained Policy Analysis of Android Firmware
Grant Hernandez, University of Florida; Dave (Jing) Tian, Purdue University; Anurag Swarnim Yadav, Byron J. Williams, and Kevin R.B. Butler, University of Florida