Items where Year is 2023

Conference or Workshop Item (A Paper)

(2023) Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems. (In Press)

(2023) VENOMAVE: Targeted Poisoning Against Speech Recognition.

(2023) Computing Square Colorings on Bounded-Treewidth and Planar Graphs. (In Press)

(2023) SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes.

(2023) “Would You Give the Same Priority to the Bank and a Game? I Do Not!” Exploring Credential Management Strategies and Obstacles during Password Manager Setup.

(2023) “We’ve Disabled MFA for You”: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. (In Press)

(2023) Distributed Maximal Matching and Maximal Independent Set on Hypergraphs. (Submitted)

(2023) On the Node-Averaged Complexity of Locally Checkable Problems on Trees. (Submitted)

(2023) Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge.

(2023) Second-Order Hyperproperties.

(2023) Checking and Sketching Causes on Temporal Sequences. (Submitted)

(2023) SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript.

(2023) FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation. (In Press)

(2023) Extended Hell(o): A Comprehensive Large-Scale Study on Email Confidentiality and Integrity Mechanisms in the Wild.

(2023) On the effectiveness of partial variance reduction in federated learning with heterogeneous data.

(2023) CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode.

(2023) Anomaly-based Filtering of Application-Layer DDoS Against DNS Authoritatives. (Submitted)

(2023) ResolFuzz: Differential Fuzzing of DNS Resolvers.

(2023) FieldFuzz: In Situ Blackbox Fuzzing of Proprietary Industrial Automation Runtimes via the Network.

(2023) TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors.

(2023) Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses.

(2023) nl2spec: Interactively Translating Unstructured Natural Language to Temporal Logics with Large Language Models.

(2023) Iterative Circuit Repair Against Formal Specifications.

(2023) Automated Analysis of Protocols that use Authenticated Encryption: How Subtle AEAD Differences can impact Protocol Security. (Submitted)

(2023) Formal Analysis of SPDM: Security Protocol and Data Model version 1.2.

(2023) Formal Analysis of Session-Handling in Secure Messaging: Lifting Security from Sessions to Conversations. (Submitted)

(2023) Compositional High-Quality Synthesis. (In Press)

(2023) Get Your Cyber-Physical Tests Done! Data-Driven Vulnerability Assessment of Robotic Vehicle.

(2023) An EPTAS for Budgeted Matching and Budgeted Matroid Intersection via Representative Sets. (In Press)

(2023) An EPTAS for Budgeted Matroid Independent Set. (In Press)

(2023) Semantic Debugging. (In Press)

(2023) Semantic Debugging. (In Press)

(2023) Fuzzing Embedded Systems Using Debug Interfaces. (In Press)

(2023) White-box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems.

(2023) Accountable Javascript Code Delivery.

(2023) Why I Can't Authenticate --- Understanding the Low Adoption of Authentication Ceremonies with Autoethnography.

(2023) Automata-Based Software Model Checking of Hyperproperties.

(2023) Counterfactuals Modulo Temporal Logics.

(2023) Tight Complexity Bounds for Counting Generalized Dominating Sets in Bounded-Treewidth Graphs. (In Press)

(2023) It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security.

(2023) Why Random Pruning Is All We Need to Start Sparse.

(2023) MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research. (In Press)

(2023) Investigating Verification Behavior and Perceptions of Visual Digital Certificates.

(2023) A Rowhammer Reproduction Study Using the Blacksmith Fuzzer.

(2023) A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs.

(2023) A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites.

(2023) To Cloud or not to Cloud: A Qualitative Study on Self-Hosters’ Motivation, Operation, and Security Mindset.

(2023) Revisiting the Indifferentiability of the Sum of Permutations. (Submitted)

(2023) Perceptions of Distributed Ledger Technology Key Management - An Interview Study with Finance Professionals.

(2023) You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements.

(2023) Rai-Choo! Evolving Blind Signatures to the Next Level.

(2023) Token meets Wallet: Formalizing Privacy and Revocation for FIDO2.

(2023) A Psychometric Scale to Measure Individuals’ Value of Other People’s Privacy (VOPP).

(2023) Taming Large Bounds in Synthesis from Bounded-Liveness Specifications. (In Press)

(2023) Cloud Watching: Understanding Attacks Against Cloud-Hosted Services.

(2023) Adaptive SGD with Polyak stepsize and Line-search: Robust Convergence and Variance Reduction.

(2023) It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses. (Submitted)

(2023) Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels.

(2023) Revisiting Gradient Clipping: Stochastic bias and tight convergence guarantees.

(2023) Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secrets in Source Code Repositories.

(2023) UnGANable: Defending Against GAN-based Face Manipulation.

(2023) Certifiers Make Neural Networks Vulnerable to Availability Attacks. (In Press)

(2023) Learning Program Models from Generated Inputs.

(2023) Special Properties of Gradient Descent with Large Learning Rates.

(2023) Automated Security Analysis of Exposure Notification Systems. (In Press)

(2023) Hardware-Software Codesign for Mitigating Spectre.

(2023) Location-independent GNSS Relay Attacks: A Lazy Attacker’s Guide to Bypassing Navigation Message Authentication.

(2023) Pakistani Teens and Privacy - How Gender Disparities, Religion and Family Values Impact the Privacy Design Space.

(2023) CryptoBap: A Binary Analysis Platform for Cryptographic Protocols.

(2023) Revisiting Neural Program Smoothing for Fuzzing. (In Press)

(2023) Different Researchers, Different Results? Analyzing the Influence of Researcher Experience and Data Type During Qualitative Analysis of an Interview and Survey Study on Security Advice.

(2023) Chopsticks: Fork-Free Two-Round Multi-Signatures from Non-Interactive Assumptions.

(2023) Lattice-based Authenticated Key Exchange with Tight Security.

(2023) On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive Learning.

(2023) Unsafe Diffusion: On the Generation of Unsafe Images and Hateful Memes From Text-To-Image Models. (Submitted)

(2023) Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications.

(2023) SEAL: Capability-Based Access Control for Data-Analytic Scenarios. (In Press)

(2023) The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web.

(2023) EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems.

(2023) Drone Security and the Mysterious Case of DJI's DroneID.

(2023) FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers.

(2023) Practical Timing Side-Channel Attacks on Memory Compression.

(2023) Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js.

(2023) Poster: From Hashes to Ashes – A Comparison of Transcription Services.

(2023) From Input to Failure: Explaining Program Behavior via Cause-Effect Chains. (In Press)

(2023) Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages.

(2023) From Attachments to SEO: Click Here to Learn More about Clickbait PDFs! (In Press)

(2023) Hammulator: Simulate Now - Exploit Later.

(2023) Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites.

(2023) Comparing Large-Scale Privacy and Security Notifications. (In Press)

(2023) Blind Concealment from Reconstruction-based Attack Detectors for Industrial Control Systems via Backdoor Attacks.

(2023) Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid Distribution. (In Press)

(2023) PrivTrace: Differentially Private Trajectory Synthesis by Adaptive Markov Model.

(2023) Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks.

(2023) Reviving Meltdown 3a.

(2023) "Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain.

(2023) DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing.

(2023) Space Odyssey: An Experimental Software Security Analysis of Satellites.

(2023) Pseudo Label-Guided Model Inversion Attack via Conditional Generative Adversarial Network.

(2023) (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels.

Article

(2023) The Network Zoo: a multilingual package for the inference and analysis of gene regulatory networks.

(2023) Subverting Telegram's End-to-End Encryption.

(2023) Private Collection Matching Protocols. (In Press)

(2023) Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon.

(2023) Logics and Algorithms for Hyperproperties.

(2023) Inferring Symbolic Automata.

(2023) Stochastic distributed learning with gradient quantization and double-variance reduction.

(2023) Robust Routing Made Easy: Reinforcing Networks Against Non-Benign Faults.

Book Section

(2023) Empirical Research Methods in Usable Privacy and Security.

Monograph

(2023) FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs (Extended Version).