国际安全领域顶会NDSS 2023录稿整理 (下)

NDSS是网络和系统安全领域的四大顶级国际学术会议（BIG4）之一，第三十届会议于2023年2月27日到3月3日，在美国圣迭戈举办。本文将接着整理剩余论文，并对论文进行分类，感兴趣的小伙伴可以访问论文链接，进一步研究。

Web Application Security

• A Security Study about Electron Applications and a Programming Methodology to Tame DOM Functionalities

https://www.ndss-symposium.org/ndss-paper/a-security-study-about-electron-applications-and-a-programming-methodology-to-tame-dom-functionalities/

• Accountable Javascript Code Delivery

https://www.ndss-symposium.org/ndss-paper/accountable-javascript-code-delivery/

• Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software

https://www.ndss-symposium.org/ndss-paper/assessing-the-impact-of-interface-vulnerabilities-in-compartmentalized-software/

• CHKPLUG: Checking GDPR Compliance of WordPress Plugins via Cross-language Code Property Graph

https://www.ndss-symposium.org/ndss-paper/chkplug-checking-gdpr-compliance-of-wordpress-plugins-via-cross-language-code-property-graph/

• DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing

https://www.ndss-symposium.org/ndss-paper/diffcsp-finding-browser-bugs-in-content-security-policy-enforcement-through-differential-testing/

• ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning

https://www.ndss-symposium.org/ndss-paper/rescan-a-middleware-framework-for-realistic-and-robust-black-box-web-application-scanning/

• SynthDB: Synthesizing Database via Program Analysis for Security Testing of Web Applications

https://www.ndss-symposium.org/ndss-paper/synthdb-synthesizing-database-via-program-analysis-for-security-testing-of-web-applications/

IoT and Embedded System Security

• Access Your Tesla without Your Awareness: Compromising Keyless Entry System of Model 3

https://www.ndss-symposium.org/ndss-paper/access-your-tesla-without-your-awareness-compromising-keyless-entry-system-of-model-3/

• Drone Security and the Mysterious Case of DJI's DroneID

https://www.ndss-symposium.org/ndss-paper/drone-security-and-the-mysterious-case-of-djis-droneid/

• EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems

https://www.ndss-symposium.org/ndss-paper/edgetdc-on-the-security-of-time-difference-of-arrival-measurements-in-can-bus-systems/

• MetaWave: Attacking mmWave Sensing with Meta-material-enhanced Tags

https://www.ndss-symposium.org/ndss-paper/metawave-attacking-mmwave-sensing-with-meta-material-enhanced-tags/

• Paralyzing Drones via EMI Signal Injection on Sensory Communication Channels

https://www.ndss-symposium.org/ndss-paper/paralyzing-drones-via-emi-signal-injection-on-sensory-communication-channels/

• Preventing SIM Box Fraud Using Device Model Fingerprinting

https://www.ndss-symposium.org/ndss-paper/preventing-sim-box-fraud-using-device-model-fingerprinting/

• Un-Rocking Drones: Foundations of Acoustic Injection Attacks and Recovery Thereof

https://www.ndss-symposium.org/ndss-paper/un-rocking-drones-foundations-of-acoustic-injection-attacks-and-recovery-thereof/

Machine Learning and AI Security

• Adversarial Robustness for Tabular Data through Cost and Utility Awareness

https://www.ndss-symposium.org/ndss-paper/adversarial-robustness-for-tabular-data-through-cost-and-utility-awareness/

• Attacks as Defenses: Designing Robust Audio CAPTCHAs Using Attacks on Automatic Speech Recognition Systems

https://www.ndss-symposium.org/ndss-paper/attacks-as-defenses-designing-robust-audio-captchas-using-attacks-on-automatic-speech-recognition-systems/

• Backdoor Attacks Against Dataset Distillation

https://www.ndss-symposium.org/ndss-paper/backdoor-attacks-against-dataset-distillation/

• BARS: Local Robustness Certification for Deep Learning based Traffic Analysis Systems

https://www.ndss-symposium.org/ndss-paper/bars-local-robustness-certification-for-deep-learning-based-traffic-analysis-systems/

• BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense

https://www.ndss-symposium.org/ndss-paper/beagle-forensics-of-deep-learning-backdoor-attack-for-better-defense/

• FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities

https://www.ndss-symposium.org/ndss-paper/fuzzilli-fuzzing-for-javascript-jit-compiler-vulnerabilities/

• Him of Many Faces: Characterizing Billion-scale Adversarial and Benign Browser Fingerprints on Commercial Websites

https://www.ndss-symposium.org/ndss-paper/him-of-many-faces-characterizing-billion-scale-adversarial-and-benign-browser-fingerprints-on-commercial-websites/

• LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols

https://www.ndss-symposium.org/ndss-paper/loki-state-aware-fuzzing-framework-for-the-implementation-of-blockchain-consensus-protocols/

• OBSan: An Out-Of-Bound Sanitizer to Harden DNN Executables

https://www.ndss-symposium.org/ndss-paper/obsan-an-out-of-bound-sanitizer-to-harden-dnn-executables/

• RAI2: Responsible Identity Audit Governing the Artificial Intelligence

https://www.ndss-symposium.org/ndss-paper/rai2-responsible-identity-audit-governing-the-artificial-intelligence/

• Sometimes, You Aren’t What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems

https://www.ndss-symposium.org/ndss-paper/sometimes-you-arent-what-you-do-mimicry-attacks-against-provenance-graph-host-intrusion-detection-systems/

• VulHawk: Cross-architecture Vulnerability Detection with Entropy-based Binary Code Search

https://www.ndss-symposium.org/ndss-paper/vulhawk-cross-architecture-vulnerability-detection-with-entropy-based-binary-code-search/

Cryptography and Privacy

• Copy-on-Flip: Hardening ECC Memory Against Rowhammer Attacks

https://www.ndss-symposium.org/ndss-paper/copy-on-flip-hardening-ecc-memory-against-rowhammer-attacks/

• Cryptographic Oracle-based Conditional Payments

https://www.ndss-symposium.org/ndss-paper/cryptographic-oracle-based-conditional-payments/

• DOITRUST: Dissecting On-chain Compromised Internet Domains via Graph Learning

https://www.ndss-symposium.org/ndss-paper/doitrust-dissecting-on-chain-compromised-internet-domains-via-graph-learning/

• No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions

https://www.ndss-symposium.org/ndss-paper/no-grammar-no-problem-towards-fuzzing-the-linux-kernel-without-system-call-descriptions/

• Privacy-Preserving Database Fingerprinting

https://www.ndss-symposium.org/ndss-paper/privacy-preserving-database-fingerprinting/

• ProbFlow : Using Probabilistic Programming in Anonymous Communication Networks

https://www.ndss-symposium.org/ndss-paper/probflow-using-probabilistic-programming-in-anonymous-communication-networks/

• The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption

https://www.ndss-symposium.org/ndss-paper/the-power-of-bamboo-on-the-post-compromise-security-for-searchable-symmetric-encryption/

Miscellaneous Security Topics

• Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation

https://www.ndss-symposium.org/ndss-paper/anomaly-detection-in-the-open-world-normality-shift-detection-explanation-and-adaptation/

• BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects

https://www.ndss-symposium.org/ndss-paper/blockscope-detecting-and-investigating-propagated-vulnerabilities-in-forked-blockchain-projects/

• Breaking and Fixing Virtual Channels: Domino Attack and Donner

https://www.ndss-symposium.org/ndss-paper/breaking-and-fixing-virtual-channels-domino-attack-and-donner/

• Do Not Give a Dog Bread Every Time He Wags His Tail: Stealing Passwords through Content Queries (CONQUER) Attacks

https://www.ndss-symposium.org/ndss-paper/do-not-give-a-dog-bread-every-time-he-wags-his-tail-stealing-passwords-through-content-queries-conquer-attacks/

• Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams

https://www.ndss-symposium.org/ndss-paper/double-and-nothing-understanding-and-detecting-cryptocurrency-giveaway-scams/

• Fine-Grained Trackability in Protocol Executions

https://www.ndss-symposium.org/ndss-paper/fine-grained-trackability-in-protocol-executions/

• Focusing on Pinocchio's Nose: A Gradients Scrutinizer to Thwart Split-Learning Hijacking Attacks Using Intrinsic Attributes

https://www.ndss-symposium.org/ndss-paper/focusing-on-pinocchios-nose-a-gradients-scrutinizer-to-thwart-split-learning-hijacking-attacks-using-intrinsic-attributes/

• Folk Models of Misinformation on Social Media

https://www.ndss-symposium.org/ndss-paper/folk-models-of-misinformation-on-social-media/

• He-HTLC: Revisiting Incentives in HTLC

https://www.ndss-symposium.org/ndss-paper/he-htlc-revisiting-incentives-in-htlc/

• HeteroScore: Evaluating and Mitigating Cloud Security Threats Brought by Heterogeneity

https://www.ndss-symposium.org/ndss-paper/heteroscore-evaluating-and-mitigating-cloud-security-threats-brought-by-heterogeneity/

• How to Count Bots in Longitudinal Datasets of IP Addresses

https://www.ndss-symposium.org/ndss-paper/how-to-count-bots-in-longitudinal-datasets-of-ip-addresses/

• I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape

https://www.ndss-symposium.org/ndss-paper/i-still-know-what-you-watched-last-sunday-privacy-of-the-hbbtv-protocol-in-the-european-smart-tv-landscape/

• InfoMasker: Preventing Eavesdropping Using Phoneme-Based Noise

https://www.ndss-symposium.org/ndss-paper/infomasker-preventing-eavesdropping-using-phoneme-based-noise/

• Navigating Murky Waters: Automated Browser Feature Testing for Uncovering Tracking Vectors

https://www.ndss-symposium.org/ndss-paper/navigating-murky-waters-automated-browser-feature-testing-for-uncovering-tracking-vectors/

• OBI: a multi-path oblivious RAM for forward-and-backward-secure searchable encryption

https://www.ndss-symposium.org/ndss-paper/obi-a-multi-path-oblivious-ram-for-forward-and-backward-secure-searchable-encryption/

• OptRand: Optimistically Responsive Reconfigurable Distributed Randomness

https://www.ndss-symposium.org/ndss-paper/optrand-optimistically-responsive-reconfigurable-distributed-randomness/

• Parakeet: Practical Key Transparency for End-to-End Encrypted Messaging

https://www.ndss-symposium.org/ndss-paper/parakeet-practical-key-transparency-for-end-to-end-encrypted-messaging/

• Partitioning Ethereum without Eclipsing It

https://www.ndss-symposium.org/ndss-paper/partitioning-ethereum-without-eclipsing-it/

• REaaS: Enabling Adversarially Robust Downstream Classifiers via Robust Encoder as a Service

https://www.ndss-symposium.org/ndss-paper/reaas-enabling-adversarially-robust-downstream-classifiers-via-robust-encoder-as-a-service/

• Real Threshold ECDSA

https://www.ndss-symposium.org/ndss-paper/real-threshold-ecdsa/

• REDsec: Running Encrypted Discretized Neural Networks in Seconds

https://www.ndss-symposium.org/ndss-paper/redsec-running-encrypted-discretized-neural-networks-in-seconds/

• RR: A Fault Model for Efficient TEE Replication

https://www.ndss-symposium.org/ndss-paper/rr-a-fault-model-for-efficient-tee-replication/

• SoundLock: A Novel User Authentication Scheme for VR Devices Using Auditory-Pupillary Response

https://www.ndss-symposium.org/ndss-paper/soundlock-a-novel-user-authentication-scheme-for-vr-devices-using-auditory-pupillary-response/

• StealthyIMU: Stealing Permission-protected Private Information From Smartphone Voice Assistant Using Zero-Permission Sensors

https://www.ndss-symposium.org/ndss-paper/stealthyimu-stealing-permission-protected-private-information-from-smartphone-voice-assistant-using-zero-permission-sensors/

• Thwarting Smartphone SMS Attacks at the Radio Interface Layer

https://www.ndss-symposium.org/ndss-paper/thwarting-smartphone-sms-attacks-at-the-radio-interface-layer/

阅读有难度？用 ChatPDF！详情点击：ChatPDF来了，你还在为读不懂论文发愁么？