IEEE Symposium on Security and Privacy(简称 S&P)是信息安全领域四大顶级学术会议之一。S&P 2018包含机器学习、隐私保护、边信道、加密数据的搜索、用户行为分析、编程语言、网络系统、程序分析、Web、认证、加密、设备等方面的安全论文,共收到549篇论文, 共录取63篇论文(接收率为11.47%)。
Session #1: Machine Learning(机器学习)
1、AI2: Safety and Robustness Certification of Neural Networks with Abstract Interpretation
AI2:具有抽象解释的神经网络的安全性和鲁棒性证明
2、Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning
操纵机器学习:回归学习的中毒攻击与对策
3、Stealing Hyperparameters in Machine Learning
在机器学习中窃取超参数
4、A Machine Learning Approach to Prevent Malicious Calls over Telephony Networks
一种防止电话网络恶意呼叫的机器学习方法
5、Surveylance: Automatically Detecting Online Survey Scams
Surveylance:自动检测在线调查诈骗
Session #2: Privacy(隐私保护)
1、Privacy Risks with Facebook's PII-Based Targeting: Auditing a Data Broker's Advertising Interface
Facebook基于PII的定位的隐私风险:审计数据代理的广告界面
2、Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two
匿名三难:强烈的匿名性,低带宽开销,低延迟 - 选择两个
3、Locally Differentially Private Frequent Itemset Mining
本地差异私有频繁项集挖掘
4、EyeTell: Video-Assisted Touchscreen Keystroke Inference from Eye Movements
EyeTell:眼动的视频辅助触摸屏按键推理
5、Understanding Linux Malware
了解Linux恶意软件
Session #3: Side Channels(边信道)
1、Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races
在Hyperspace(超空间)中竞争:在SGX上使用受控数据竞争关闭超线程侧通道
2、Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU
Grand Pwning Unit:利用GPU加速微架构攻击
3、SoK: Keylogging Side Channels
SoK:键盘记录侧通道
4、FPGA-Based Remote Power Side-Channel Attacks
基于FPGA的远程电源侧通道攻击
5、Another Flip in the Wall of Rowhammer Defenses
罗哈默防御墙上的另一个翻转
Session #4: Computing on Hidden Data(加密数据的搜索)
1、EnclaveDB: A Secure Database Using SGX
EnclaveDB:使用SGX的安全数据库
2、Oblix: An Efficient Oblivious Search Index
Oblix:一个有效的不经意的搜索索引
3、Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage
利用范围查询泄漏改进加密数据的重建攻击
4、Bulletproofs: Short Proofs for Confidential Transactions and More
防弹:机密交易的简短证明等
5、FuturesMEX: Secure, Distributed Futures Market Exchange
FuturesMEX:安全的分布式期货市场交易所
6、Implementing Conjunction Obfuscation Under Entropic Ring LWE
在熵环LWE下实现连词混淆
Session #5: Understanding Users(用户行为分析)
1、Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes
黑客与测试人员:软件漏洞发现过程的比较
2、Towards Security and Privacy for Multi-user Augmented Reality: Foundations with End Users
迈向多用户增强现实的安全和隐私:最终用户的基础
3、Computer Security and Privacy for Refugees in the United States
美国难民的计算机安全和隐私
4、On Enforcing the Digital Immunity of a Large Humanitarian Organization
论加强大型人道主义组织的数字免疫
5、The Spyware Used in Intimate Partner Violence
用于亲密伴侣暴力的间谍软件
Session #6: Programming Languages(编程语言)
1、Compiler-Assisted Code Randomization
编译器辅助代码随机化
2、Protecting the Stack with Metadata Policies and Tagged Hardware
使用元数据策略和标记硬件保护堆栈
3、Impossibility of Precise and Sound Termination-Sensitive Security Enforcements
无法实现精确和完善的终端敏感安全措施
4、Static Evaluation of Noninterference Using Approximate Model Counting
基于近似模型计数的无干扰静态评估
5、DEEPSEC: Deciding Equivalence Properties in Security Protocols Theory and Practice
DEEPSEC:确定安全协议中的等价性质理论与实践
Session #7: Networked Systems(网络系统)
1、Distance-Bounding Protocols: Verification Without Time and Location
距离边界协议:没有时间和位置的验证
2、Sonar: Detecting SS7 Redirection Attacks with Audio-Based Distance Bounding
声纳:利用基于音频的距离边界检测SS7重定向攻击
3、OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding
OmniLedger:通过分片实现安全,横向扩展,分散式分类帐
4、Routing Around Congestion: Defeating DDoS Attacks and Adverse Network Conditions via Reactive BGP Routing
路由拥塞:通过反向BGP路由击败DDoS攻击和不利网络条件
5、Tracking Ransomware End-to-end
跟踪勒索软件端到端
Session #8: Program Analysis(程序分析)
1、The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
公民开发者的崛起:评估在线应用程序生成器的安全影响
2、Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System
从突变体中学习:使用代码突变来学习和监控网络物理系统的不变量
3、Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels
OS内核中双重错误的精确可扩展检测
4、CollAFL: Path Sensitive Fuzzing
CollAFL:路径敏感模糊测试
5、T-Fuzz: Fuzzing by Program Transformation
T-Fuzz:通过程序转换进行模糊测试
6、Angora: Efficient Fuzzing by Principled Search
安哥拉:原则搜索的高效模糊测试
Session #9: Web
1、FP-STALKER: Tracking Browser Fingerprint Evolutions
FP-STALKER:跟踪浏览器指纹演变
2、Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications
在支持混合邮件消息的移动应用程序中研究和减少原始剥离漏洞
3、Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities
移动应用程序Web API侦察:Web到移动的不一致和漏洞
4、Enumerating Active IPv6 Hosts for Large-Scale Security Scans via DNSSEC-Signed Reverse Zones
通过DNSSEC签名的反向区域枚举用于大规模安全扫描的活动IPv6主机
5、Tracking Certificate Misissuance in the Wild
跟踪野外证书失误
6、A Formal Treatment of Accountable Proxying Over TLS
TLS责任代理的正式处理
Session #10: Authentication(认证)
1、Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks
安全设备引导没有秘密抵抗信号操纵攻击
2、Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing Using Different Sensor Types
你觉得我听到了什么吗? 使用不同的传感器类型启用自治物联网设备配对
3、On the Economics of Offline Password Cracking
论离线密码破解的经济学
4、A Tale of Two Studies: The Best and Worst of YubiKey Usability
两个研究的故事:YubiKey可用性的最佳和最差
5、When Your Fitness Tracker Betrays You: Quantifying the Predictability of Biometric Features Across Contexts
当您的健身追踪器背叛您时:量化跨上下文的生物特征的可预测性
Session #11: Cryptography(加密)
1、vRAM: Faster Verifiable RAM with Program-Independent Preprocessing
vRAM:更快速的可验证RAM,具有独立于程序的预处理功能
2、Doubly-Efficient zkSNARKs Without Trusted Setup
没有可信设置的双效ZkSNARK
3、xJsnark: A Framework for Efficient Verifiable Computation
xJsnark:高效可验证计算的框架
4、PIR with Compressed Queries and Amortized Query Processing
具有压缩查询和分期查询处理的PIR
5、Secure Two-party Threshold ECDSA from ECDSA Assumptions
从ECDSA假设中确保双方门限ECDSA
Session #12: Devices(设备)
1、Speechless: Analyzing the Threat to Speech Privacy from Smartphone Motion Sensors
无语:从智能手机运动传感器分析对语音隐私的威胁
2、Crowd-GPS-Sec: Leveraging Crowdsourcing to Detect and Localize GPS Spoofing Attacks
Crowd-GPS-Sec:利用众包来检测和定位GPS欺骗攻击
3、SoK: "Plug & Pray" Today – Understanding USB Insecurity in Versions 1 Through C
SoK:今天“即插即用” - 了解版本1到C中的USB不安全性
4、Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems
蓝色注意:故意声学干扰如何破坏硬盘驱动器和操作系统中的可用性和完整性
5、The Cards Aren't Alright: Detecting Counterfeit Gift Cards Using Encoding Jitter
卡片不行:使用编码抖动检测伪造礼品卡
网友评论