Items where Year is 2023

(2023) Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems. (In Press)

(2023) VENOMAVE: Targeted Poisoning Against Speech Recognition.

(2023) Computing Square Colorings on Bounded-Treewidth and Planar Graphs. (In Press)

(2023) SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes.

(2023) “Would You Give the Same Priority to the Bank and a Game? I Do Not!” Exploring Credential Management Strategies and Obstacles during Password Manager Setup.

(2023) Distributed Maximal Matching and Maximal Independent Set on Hypergraphs. (Submitted)

(2023) On the Node-Averaged Complexity of Locally Checkable Problems on Trees. (Submitted)

(2023) Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge.

(2023) The Network Zoo: a multilingual package for the inference and analysis of gene regulatory networks.

(2023) Second-Order Hyperproperties.

(2023) Checking and Sketching Causes on Temporal Sequences. (Submitted)

(2023) SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript.

(2023) FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation. (In Press)

(2023) Extended Hell(o): A Comprehensive Large-Scale Study on Email Confidentiality and Integrity Mechanisms in the Wild.

(2023) On the effectiveness of partial variance reduction in federated learning with heterogeneous data.

(2023) CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode.

(2023) Anomaly-based Filtering of Application-Layer DDoS Against DNS Authoritatives. (Submitted)

(2023) ResolFuzz: Differential Fuzzing of DNS Resolvers.

(2023) FieldFuzz: In Situ Blackbox Fuzzing of Proprietary Industrial Automation Runtimes via the Network.

(2023) TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors.

(2023) Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses.

(2023) Subverting Telegram's End-to-End Encryption.

(2023) nl2spec: Interactively Translating Unstructured Natural Language to Temporal Logics with Large Language Models.

(2023) Iterative Circuit Repair Against Formal Specifications.

(2023) Automated Analysis of Protocols that use Authenticated Encryption: How Subtle AEAD Differences can impact Protocol Security. (Submitted)

(2023) Formal Analysis of SPDM: Security Protocol and Data Model version 1.2.

(2023) Formal Analysis of Session-Handling in Secure Messaging: Lifting Security from Sessions to Conversations. (Submitted)

(2023) Compositional High-Quality Synthesis. (In Press)

(2023) Get Your Cyber-Physical Tests Done! Data-Driven Vulnerability Assessment of Robotic Vehicle.

(2023) Empirical Research Methods in Usable Privacy and Security.

(2023) An EPTAS for Budgeted Matching and Budgeted Matroid Intersection via Representative Sets. (In Press)

(2023) An EPTAS for Budgeted Matroid Independent Set. (In Press)

(2023) Semantic Debugging. (In Press)

(2023) Semantic Debugging. (In Press)

(2023) Private Collection Matching Protocols. (In Press)

(2023) Fuzzing Embedded Systems Using Debug Interfaces. (In Press)

(2023) White-box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems.

(2023) Accountable Javascript Code Delivery.

(2023) Why I Can't Authenticate --- Understanding the Low Adoption of Authentication Ceremonies with Autoethnography.

(2023) Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon.

(2023) Logics and Algorithms for Hyperproperties.

(2023) Automata-Based Software Model Checking of Hyperproperties.

(2023) Counterfactuals Modulo Temporal Logics.

(2023) Inferring Symbolic Automata.

(2023) Tight Complexity Bounds for Counting Generalized Dominating Sets in Bounded-Treewidth Graphs. (In Press)

(2023) It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security.

(2023) Why Random Pruning Is All We Need to Start Sparse.

(2023) MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research. (In Press)

(2023) Investigating Verification Behavior and Perceptions of Visual Digital Certificates.

(2023) A Rowhammer Reproduction Study Using the Blacksmith Fuzzer.

(2023) A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs.

(2023) A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites.

(2023) To Cloud or not to Cloud: A Qualitative Study on Self-Hosters’ Motivation, Operation, and Security Mindset.

(2023) Revisiting the Indifferentiability of the Sum of Permutations. (Submitted)

(2023) Perceptions of Distributed Ledger Technology Key Management - An Interview Study with Finance Professionals.

(2023) You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements.

(2023) Rai-Choo! Evolving Blind Signatures to the Next Level.

(2023) Token meets Wallet: Formalizing Privacy and Revocation for FIDO2.

(2023) A Psychometric Scale to Measure Individuals’ Value of Other People’s Privacy (VOPP).

(2023) Taming Large Bounds in Synthesis from Bounded-Liveness Specifications. (In Press)

(2023) It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses. (Submitted)

(2023) Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels.

(2023) Revisiting Gradient Clipping: Stochastic bias and tight convergence guarantees.

(2023) Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secrets in Source Code Repositories.

(2023) Robust Routing Made Easy: Reinforcing Networks Against Non-Benign Faults.

(2023) UnGANable: Defending Against GAN-based Face Manipulation.

(2023) Learning Program Models from Generated Inputs.

(2023) Special Properties of Gradient Descent with Large Learning Rates.

(2023) Automated Security Analysis of Exposure Notification Systems. (In Press)

(2023) Hardware-Software Codesign for Mitigating Spectre.

(2023) Location-independent GNSS Relay Attacks: A Lazy Attacker’s Guide to Bypassing Navigation Message Authentication.

(2023) Pakistani Teens and Privacy - How Gender Disparities, Religion and Family Values Impact the Privacy Design Space.

(2023) CryptoBap: A Binary Analysis Platform for Cryptographic Protocols.

(2023) Revisiting Neural Program Smoothing for Fuzzing. (In Press)

(2023) Different Researchers, Different Results? Analyzing the Influence of Researcher Experience and Data Type During Qualitative Analysis of an Interview and Survey Study on Security Advice.

(2023) Chopsticks: Fork-Free Two-Round Multi-Signatures from Non-Interactive Assumptions.

(2023) Lattice-based Authenticated Key Exchange with Tight Security.

(2023) On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive Learning.

(2023) Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications.

(2023) SEAL: Capability-Based Access Control for Data-Analytic Scenarios. (In Press)

(2023) The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web.

(2023) EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems.

(2023) Drone Security and the Mysterious Case of DJI's DroneID.

(2023) FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers. (In Press)

(2023) FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs (Extended Version).

(2023) Practical Timing Side-Channel Attacks on Memory Compression.

(2023) Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js.

(2023) From Input to Failure: Explaining Program Behavior via Cause-Effect Chains. (In Press)

(2023) Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages.

(2023) Hammulator: Simulate Now - Exploit Later.

(2023) Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites.

(2023) Comparing Large-Scale Privacy and Security Notifications. (In Press)

(2023) Blind Concealment from Reconstruction-based Attack Detectors for Industrial Control Systems via Backdoor Attacks.

(2023) Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid Distribution. (In Press)

(2023) PrivTrace: Differentially Private Trajectory Synthesis by Adaptive Markov Model.

(2023) Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks.

(2023) Reviving Meltdown 3a.

(2023) "Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain.

(2023) DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing.

(2023) Space Odyssey: An Experimental Software Security Analysis of Satellites.

(2023) Pseudo Label-Guided Model Inversion Attack via Conditional Generative Adversarial Network.

(2023) (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels.