USENIX Security是信息安全领域四大顶级学术会议之一,每年涵盖的安全领域也非常多,包含:二进制安全、固件安全、取证分析、Web安全、隐私保护、恶意分析等。今年更是涵盖了硬件保护、智能合约等新类别。USENIX Security '18共收到524篇论文, 共录取100篇论文(接收率为19.1%)。
Track 1:Security Impacting the Physical World(影响物理世界的安全性)
1、Fear the Reaper: Characterization and Fast Detection of Card Skimmers
害怕收割者:卡片撇取器的特征和快速检测
2、BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid
BlackIoT:高功率设备的物联网僵尸网络可能会扰乱电网
3、Skill Squatting Attacks on Amazon Alexa
亚马逊Alexa的技能蹲攻击
4、CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition
CommanderSong:实用对抗语音识别的系统方法
Track 2:Memory Defenses(内存防御)
1、ACES: Automatic Compartments for Embedded Systems
ACES:嵌入式系统的自动隔间
2、IMIX: In-Process Memory Isolation EXtension
IMIX:进程内存隔离扩展
3、HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security
HeapHopper:带来有界模型检查以实现安全性
4、Guarder: A Tunable Secure Allocator
Guarder:可调整的安全分配器
Track 3:Censorship and Web Privacy(审查和网络隐私)
1、Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies
Fp-Scanner:浏览器指纹不一致的隐私含义
2、Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies
谁打开饼干罐? 第三方Cookie政策的综合评价
3、Effective Detection of Multimedia Protocol Tunneling using Machine Learning
利用机器学习有效检测多媒体协议隧道
4、Scalable Remote Measurement of Application-Layer Censorship
应用层审查的可扩展远程测量
Track 1:Understanding How Humans Authenticate(了解人类如何进行身份验证)
1、Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse
管理比记忆更好? 研究管理者对密码强度和重用的影响
2、Forgetting of Passwords: Ecological Theory and Data
忘记密码:生态理论与数据
3、The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to Strength
大学中强密码的奖励和成本:将密码生命周期与力量联系起来
4、Rethinking Authentication and Access Control for the Home Internet of Things (IoT)
重新思考家庭物联网(IoT)的身份验证和访问控制
Track 2:Vulnerability Discovery(漏洞发现)
1、ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands within the Android Ecosystem
跨越注意:Android生态系统中AT命令的全面漏洞分析
2、Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems
魅力:促进移动系统设备驱动程序的动态分析
3、Inception: System-wide Security Testing of Real-World Embedded Systems Software
成立:真实世界嵌入式系统软件的系统范围安全测试
4、Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices
基于采集规则的引擎,用于发现物联网设备
Track 1:Web Applications(Web应用程序)
1、A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning
JavaScript和Node.js的时间感:一流的超时作为事件处理程序中毒的治疗方法
2、Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers
冻结Web:基于JavaScript的Web服务器中的ReDoS漏洞研究
3、NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications
NAVEX:动态Web应用程序的精确可扩展漏洞利用生成
4、Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks
Rampart:保护Web应用程序免受CPU耗尽的拒绝服务攻击
Track 2:Anonymity(匿名)
1、How do Tor users interact with onion services?
Tor用户如何与洋葱服务互动?
2、Towards Predicting Efficient and Anonymous Tor Circuits
预测高效和匿名的Tor电路
3、BurnBox: Self-Revocable Encryption in a World Of Compelled Access
BurnBox:强制访问世界中的自我可撤销加密
4、An Empirical Analysis of Anonymity in Zcash
Zcash中匿名性的实证分析
Track 1:Privacy in a Digital World(数字世界中的隐私)
1、Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes
揭开和量化Facebook对广告目的的敏感个人数据的利用
2、Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide?
健身追踪社交网络中的隐私保护分析 - 或者 - 你可以跑,但你可以隐藏吗?
3、AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning
AttriGuard:通过对抗性机器学习实现对属性推理攻击的实用防御
4、Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning
Polisis:使用深度学习自动分析和呈现隐私政策
Track 2:Attacks on Crypto & Crypto Libraries(对Crypto和Crypto库的攻击)
1、Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
Efail:使用Exfiltration通道打破S / MIME和OpenPGP电子邮件加密
2、The Dangers of Key Reuse - Practical Attacks on IPsec IKE
密钥重用的危险 - 对IPsec IKE的实际攻击
3、One&Done: A Single-Decryption EM-Based Attack on OpenSSL’s Constant-Time Blinded RSA
One&Done:对OpenSSL的恒定时间盲区RSA进行基于EM的单解密攻击
4、DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries
数据 - 差分地址跟踪分析:在二进制中查找基于地址的侧通道
Track 1:Enterprise Security(企业安全)
1、The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level
纽约之战:企业级应用数字威胁建模的案例研究
2、SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection
SAQL:基于流的查询系统,用于实时异常系统行为检测
Track 2:Zero-Knowledge(零知识)
1、Practical Accountability of Secret Processes
秘密过程的实际问责制
2、DIZK: Distributing Zero Knowledge Proof Systems
DIZK:分发零知识证明系统
Track 3:Network Defenses(网络防御)
1、NetHide: Secure and Practical Network Topology Obfuscation
NetHide:安全实用的网络拓扑混淆
2、Towards a Secure Zero-rating Framework with Three Parties
建立三方安全零评级框架
Track 1:Fuzzing and Exploit Generation(模糊和开发生成)
1、MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
MoonShine:使用痕量蒸馏优化OS Fuzzer种子选择
2、QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
QSYM:为混合模糊测试而量身定制的实用复杂执行引擎
3、Automatic Heap Layout Manipulation for Exploitation
利用自动堆布局操作
4、FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities
FUZE:为促进内核使用后免费漏洞的利用提供便利
Track 2:TLS and PKI
1、The Secure Socket API: TLS as an Operating System Service
安全套接字API:TLS作为操作系统服务
2、Return Of Bleichenbacher’s Oracle Threat (ROBOT)
Bleichenbacher甲骨文威胁(ROBOT)的回归
3、Bamboozling Certificate Authorities with BGP
使用BGP的Bamboozling证书颁发机构
4、The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI
破碎之盾:在Windows代码签名PKI中测量撤销效率
Track 3:Vulnerability Mitigations(漏洞缓解措施)
1、Debloating Software through Piece-Wise Compilation and Loading
通过Piece-Wise编译和加载去除软件
2、Precise and Accurate Patch Presence Test for Binaries
二进制的精确和准确的补丁存在测试
3、From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild
从补丁延迟到感染症状:使用风险概况及早发现在野外开发的漏洞
4、Understanding the Reproducibility of Crowd-reported Security Vulnerabilities
了解群体报告的安全漏洞的再现性
Track 1:Side Channels(侧通道)
1、Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think
恶意管理单元:为什么在软件中停止缓存攻击比你想象的更难
2、Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks
翻译泄漏缓冲区:使用TLB攻击击败缓存侧通道保护
3、Meltdown: Reading Kernel Memory from User Space
崩溃:从用户空间读取内核内存
4、Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
Foreshadow:通过瞬态无序执行将密钥提取到英特尔SGX王国
Track 2:Cybercrime(网络犯罪)
1、Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets
即插即用? 通过在线匿名市场衡量网络犯罪的商品化
2、Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces
阅读盗贼的行为:自动识别和理解网络犯罪市场的黑暗行为
3、Schrödinger’s RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem
Schrödinger的RAT:分析远程访问特洛伊木马生态系统中的利益相关者
4、The aftermath of a crypto-ransomware attack at a large academic institution
一个大型学术机构的加密勒索软件攻击的后果
Track 1:Web and Network Measurement(Web和网络测量)
1、We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS
我们仍然没有安全的跨域请求:CORS的实证研究
2、End-to-End Measurements of Email Spoofing Attacks
电子邮件欺骗攻击的端到端测量
3、Who Is Answering My Queries: Understanding and Characterizing Illegal Interception of DNS Resolution Path at ISP Level
谁在回答我的疑问:了解和描述ISP级别的非法拦截DNS解析路径
4、End Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks
最终用户获取机动:内容交付网络中重定向劫持的实证分析
Track 2:Malware(恶意软件)
1、SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics
SAD THUG:使用图形传输高价值信息的结构异常检测
2、FANCI : Feature-based Automated NXDomain Classification and Intelligence
FANCI:基于功能的自动NXDomain分类和智能
3、An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications
实际移动应用中Web资源操作的实证研究
4、Fast and Service-preserving Recovery from Malware Infections Using CRIU
使用CRIU从恶意软件感染恢复快速和服务
Track 1:Subverting Hardware Protections(颠覆硬件保护)
1、The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX
Guard的困境:针对英特尔SGX的高效代码重用攻击
2、A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping
一个糟糕的梦想:在你睡觉时颠覆可信平台模块
Track 2:More Malware
3、Tackling runtime-based obfuscation in Android with TIRO
使用TIRO解决Android中基于运行时的混淆问题
4、Discovering Vulnerabilities in Security-Focused Static Analysis Tools for Android using Systematic Mutation
使用系统变异发现针对安全性的Android静态分析工具中的漏洞
Track 3:Attacks on Systems That Learn(对学习系统的攻击)
1、With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning
伟大的训练带来了巨大的漏洞:对转移学习的实际攻击
2、When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks
机器学习什么时候失败? 逃避和中毒攻击的广义可转移性
Track 1:Smart Contracts(智能合约)
1、teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts
teEther:啃着以太坊以自动利用智能合约
2、Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts
进入九头蛇:走向原则性的Bug赏金和利用漏洞的智能合约
3、Arbitrum: Scalable smart contracts
Arbitrum:可扩展的智能合约
4、Erays: Reverse Engineering Ethereum's Opaque Smart Contracts
Erays:逆向工程以太坊的不透明智能合约
Track 2:Executing in Untrusted Environments(在不受信任的环境中执行)
1、DelegaTEE: Brokered Delegation Using Trusted Execution Environments
DelegaTEE:使用可信执行环境进行代理授权
2、Simple Password-Hardened Encryption Services
简单的密码加密加密服务
3、Security Namespace: Making Linux Security Frameworks Available to Containers
安全命名空间:使Linux安全框架可用于容器
4、Shielding Software From Privileged Side-Channel Attacks
屏蔽来自特权侧信道攻击的软件
Track 3:Web Authentication(Web身份验证)
1、Vetting Single Sign-On SDK Implementations via Symbolic Reasoning
通过符号推理审核单点登录SDK实现
2、O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web
O单点签名,你在哪里? 网上单点登录账号劫持与会话管理的实证分析
3、WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring
WPSE:通过浏览器端安全监控强化Web协议
4、Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer
机器人:利用计算机内部的不安全通信
Track 1:Wireless Attacks(无线攻击)
1、All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems
你所有的GPS都属于我们:走向道路导航系统的隐形操控
2、Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors
注入和交付:通过欺骗惯性传感器制造对驱动系统的隐式控制
3、Modeling and Analysis of a Hierarchy of Distance Bounding Attacks
一种距离边界攻击层次的建模与分析
4、Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secret
路径外TCP攻击:无线路由器如何危害您的秘密
Track 2:Neural Networks(神经网络)
1、Formal Security Analysis of Neural Networks using Symbolic Intervals
基于符号区间的神经网络形式安全性分析
2、Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring
把你的弱点转化为力量:通过Backdooring水印深度神经网络
3、A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation
A4NT:神经机器翻译的对抗训练的作者属性匿名
4、GAZELLE: A Low Latency Framework for Secure Neural Network Inference
GAZELLE:一种用于安全神经网络推理的低延迟框架
Track 3:Information Tracking(信息跟踪)
1、FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps
FlowCog:Android应用程序中信息流泄漏的上下文感知语义提取和分析
2、Sensitive Information Tracking in Commodity IoT
商品物联网中的敏感信息跟踪
3、Enabling Refinable Cross-host Attack Investigation with Efficient Data Flow Tagging and Tracking
通过高效的数据流标记和跟踪实现可修复的跨主机攻击调查
4、Dependence-Preserving Data Compaction for Scalable Forensic Analysis
可伸缩取证分析的依赖性保留数据压缩
网友评论