最近发现Usenix 2022夏季的paper已经出了，所以扫扫看有没有有趣的文章，对文章进行了简单的分类。基于个人知识分类，可能分类不是那么准确。也可以等usenix 2022上了dblp看官方的分类。

二进制

DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly

https://www.usenix.org/conference/usenixsecurity22/presentation/yu-sheng

分类：深度学习应用在反汇编

Debloating Address Sanitizer

https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-yuchen

ASan的性能优化

RE-Mind: a First Look Inside the Mind of a Reverse Engineer

https://www.usenix.org/conference/usenixsecurity22/presentation/mantovani

调研二进制逆向工程师是如何分析汇编代码，做逆向任务的。

Augmenting Decompiler Output with Learned Variable Names and Types

https://www.usenix.org/conference/usenixsecurity22/presentation/chen-qibin

反汇编，基于机器学习的方法

fuzz

Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing

https://www.usenix.org/conference/usenixsecurity22/presentation/scharnowski

固件fuzz

Morphuzz: Bending (Input) Space to Fuzz Virtual Devices

https://www.usenix.org/conference/usenixsecurity22/presentation/bulekov

对虚拟设备进行fuzz

Regulator: Dynamic Analysis to Detect ReDoS

https://www.usenix.org/conference/usenixsecurity22/presentation/mclaughlin

用fuzz去发现正则表达式引起的拒绝服务漏洞

软件安全

Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths

https://www.usenix.org/conference/usenixsecurity22/presentation/zhou-shunfan

能够探索状态依赖的分支的符号执行

How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes

https://www.usenix.org/conference/usenixsecurity22/presentation/alexopoulos

研究开源软件中的漏洞存在的时长

Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits

https://www.usenix.org/conference/usenixsecurity22/presentation/suciu

漏洞利用性评估

物联网

Lumos: Identifying and Localizing Diverse Hidden IoT Devices in an Unfamiliar Environment

https://www.usenix.org/conference/usenixsecurity22/presentation/sharma-rahul

分类：在陌生环境发现隐藏的IoT设备

Practical Data Access Minimization in Trigger-Action Platforms

https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yunang

物联网平台的数据风险问题

ProFactory: Improving IoT Security via Formalized Protocol Customization

https://www.usenix.org/conference/usenixsecurity22/presentation/wang-fei

IoT应用的协议漏洞

声音相关

Towards More Robust Keyword Spotting for Voice Assistants

https://www.usenix.org/conference/usenixsecurity22/presentation/ahmed

语音助手的防御

“OK, Siri” or “Hey, Google”: Evaluating Voiceprint Distinctiveness via Content-based PROLE Score

https://www.usenix.org/conference/usenixsecurity22/presentation/he-ruiwen

关于声纹独特性的研究

Your Microphone Array Retains Your Identity: A Robust Voice Liveness Detection System for Smart Speakers

链接：https://www.usenix.org/conference/usenixsecurity22/presentation/meng

分类：物联网安全，关于耳机

Lamphone: Passive Sound Recovery from a Desk Lamp’s Light Bulb Vibrations

https://www.usenix.org/conference/usenixsecurity22/presentation/nassi

通过灯泡进行窃听

SkillDetective: Automated Policy-Violation Detection of Voice Assistant Applications in the Wild

https://www.usenix.org/conference/usenixsecurity22/presentation/young

语音助手的隐私违反检测

侧信道

SecSMT: Securing SMT Processors against Contention-Based Covert Channels

链接：https://www.usenix.org/conference/usenixsecurity22/presentation/taram

简介：分析了高性能协同多线程处理器里的基于竞争的安全漏洞

Rapid Prototyping for Microarchitectural Attacks

https://www.usenix.org/conference/usenixsecurity22/presentation/easdon

如何快速构造微体系结构攻击

Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring

https://www.usenix.org/conference/usenixsecurity22/presentation/han

针对侧信道防御的一种新攻击

AMD Prefetch Attacks through Power and Time

https://www.usenix.org/conference/usenixsecurity22/presentation/lipp

分类：AMD的CPU也存在侧信道问题

Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX

https://www.usenix.org/conference/usenixsecurity22/presentation/giner

针对LVI攻击（熔断幽灵那类）的防御

Rendering Contention Channel Made Practical in Web Browsers

https://www.usenix.org/conference/usenixsecurity22/presentation/wu

浏览器渲染的侧信道攻击

Automated Side Channel Analysis of Media Software with Manifold Learning

https://www.usenix.org/conference/usenixsecurity22/presentation/yuan

用AI的学习方法去侧信道分析，然后重现机密的媒体输入

Lend Me Your Ear: Passive Remote Physical Side Channels on PCs

https://www.usenix.org/conference/usenixsecurity22/presentation/genkin

PC机远程物理侧信道，比如PC机上的耳机

HyperDegrade: From GHz to MHz Effective CPU Frequencies

https://www.usenix.org/conference/usenixsecurity22/presentation/aldaya

用性能降级技术来抵御侧信道攻击

GhostTouch: Targeted Attacks on Touchscreens without Physical Touch

https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai

不用碰屏幕，就可以实现针对屏幕的攻击

Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand

https://www.usenix.org/conference/usenixsecurity22/presentation/cardaioli

用深度学习发现在ATM输入密码的手势特征，还原你的银行卡密码

可信计算

Elasticlave: An Efficient Memory Model for Enclaves

https://www.usenix.org/conference/usenixsecurity22/presentation/yu-jason

允许共享的TEE内存模型

SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX

https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yuan

限制不可信enclave的行为

内核

Midas: Systematic Kernel TOCTTOU Protection

https://www.usenix.org/conference/usenixsecurity22/presentation/bhattacharyya

分类：内核安全，double-fetch bug

LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution

https://www.usenix.org/conference/usenixsecurity22/presentation/liu-jian

用符号执行检测内核里的引用计数器的非法使用

SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel

https://www.usenix.org/conference/usenixsecurity22/presentation/zou

确定内核漏洞的风险性

云安全

Jenny: Securing Syscalls for PKU-based Memory Isolation Systems

https://www.usenix.org/conference/usenixsecurity22/presentation/schrammel

分类：PKU内存隔离系统里的系统调用过滤问题（PKU是云系统的一种隔离机制）

Exploring the Unchartered Space of Container Registry Typosquatting

https://www.usenix.org/conference/usenixsecurity22/presentation/liu-guannan

docker 容器安全

Bedrock: Programmable Network Support for Secure RDMA Systems

https://www.usenix.org/conference/usenixsecurity22/presentation/xing

云数据中心的防御，侧重于做Remote direct memory access （RDMA）

嵌入式设备

PISTIS: Trusted Computing Architecture for Low-end Embedded Systems

https://www.usenix.org/conference/usenixsecurity22/presentation/grisafi

可信体系结构，低档嵌入式系统

RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices

https://www.usenix.org/conference/usenixsecurity22/presentation/he-yi

对嵌入式设备自动打上热补丁

Holistic Control-Flow Protection on Real-Time Embedded Systems with Kage

https://www.usenix.org/conference/usenixsecurity22/presentation/du

保护基于微控制器的嵌入式系统的控制流

AI模型安全

ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models

https://www.usenix.org/conference/usenixsecurity22/presentation/liu-yugeng

分类：机器学习模型的Inference Attack

On the Security Risks of AutoML

https://www.usenix.org/conference/usenixsecurity22/presentation/pang

对神经搜索方法潜在的安全性做了研究

Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side Channel

https://www.usenix.org/conference/usenixsecurity22/presentation/maia

神经网络的侧信道攻击

Inference Attacks Against Graph Neural Networks

https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-zhikun

图神经网络的推断攻击(Inference Attack)

SIMC: ML Inference Secure Against Malicious Clients at Semi-Honest Cost

https://www.usenix.org/conference/usenixsecurity22/presentation/chandran

机器学习模型推断攻击的防御

Label Inference Attacks Against Vertical Federated Learning

https://www.usenix.org/conference/usenixsecurity22/presentation/fu

垂直联邦学习的标签推断攻击（Label Inference Attacks）

驾驶系统

DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems

https://www.usenix.org/conference/usenixsecurity22/presentation/zhou-ce

分类：自动驾驶系统的安全问题

Rolling Colors: Adversarial Laser Exploits against Traffic Light Recognition

https://www.usenix.org/conference/usenixsecurity22/presentation/yan

在交通灯图片上注入彩色条纹，使得自动驾驶系统识别红绿灯出错

Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols

https://www.usenix.org/conference/usenixsecurity22/presentation/yu-le

对驾驶系统的协议进行自动化逆向

SAID: State-aware Defense Against Injection Attacks on In-vehicle Network

https://www.usenix.org/conference/usenixsecurity22/presentation/xue

驾驶系统的注入攻击防御

移动安全

A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned

https://www.usenix.org/conference/usenixsecurity22/presentation/shen

分类：恶意APP的综述

FReD: Identifying File Re-Delegation in Android System Services

https://www.usenix.org/conference/usenixsecurity22/presentation/gorski

安卓系统服务的安全、静态分析

A Large-scale Investigation into Geodifferences in Mobile Apps

https://www.usenix.org/conference/usenixsecurity22/presentation/kumar

移动APP地理差异的研究（地理差异可以用来墙的）

FOAP: Fine-Grained Open-World Android App Fingerprinting

https://www.usenix.org/conference/usenixsecurity22/presentation/li-jianfeng

细粒度的开源安卓APP指纹技术

LTE（通信安全？）

LTrack: Stealthy Tracking of Mobile Phones in LTE

https://www.usenix.org/conference/usenixsecurity22/presentation/kotuliak

对LTE攻击，能够获取到设备的位置

Watching the Watchers: Practical Video Identification Attack in LTE Networks

https://www.usenix.org/conference/usenixsecurity22/presentation/bae

视频识别攻击，可以知道受害者在看什么视频。

DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices

https://www.usenix.org/conference/usenixsecurity22/presentation/park-cheoljun

LTE设备的negative testing框架

密码学

OpenSSLNTRU: Faster post-quantum TLS key exchange

https://www.usenix.org/conference/usenixsecurity22/presentation/bernstein

后量子密码学相关

Polynomial Commitment with a One-to-Many Prover and Applications

https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-jiaheng

密码学相关

Post-Quantum Cryptography with Contemporary Co-Processors: Beyond Kronecker, Schönhage-Strassen & Nussbaumer

https://www.usenix.org/conference/usenixsecurity22/presentation/bos

后量子密码、IoT设备

Orca: Blocklisting in Sender-Anonymous Messaging

https://www.usenix.org/conference/usenixsecurity22/presentation/tyagi

设计了匿名发送系统的协议

How to Abuse and Fix Authenticated Encryption Without Key Commitment

https://www.usenix.org/conference/usenixsecurity22/presentation/albertini

密码学、认证相关

Omnes pro uno: Practical Multi-Writer Encrypted Database

https://www.usenix.org/conference/usenixsecurity22/presentation/wang-jiafan

密码学相关

网络安全

Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope

https://www.usenix.org/conference/usenixsecurity22/presentation/hiesgen

网络扫描

Total Eclipse of the Heart – Disrupting the InterPlanetary File System

https://www.usenix.org/conference/usenixsecurity22/presentation/prunster

P2P方案InterPlanetary File System的一个攻击

Under the Hood of DANE Mismanagement in SMTP

https://www.usenix.org/conference/usenixsecurity22/presentation/lee

DNS、网络安全相关

MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties

https://www.usenix.org/conference/usenixsecurity22/presentation/chen-guoxing

远程认证机制

Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning

https://www.usenix.org/conference/usenixsecurity22/presentation/jain

端到端的加密系统（比如邮箱平台用的）的安全性问题

99% False Positives: A Qualitative Study of SOC Analysts’ Perspectives on Security Alarms

https://www.usenix.org/conference/usenixsecurity22/presentation/alahmadi

从安全运营分析者角度对安全警告的定性研究（99%都是误报）

Web安全

Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World

https://www.usenix.org/conference/usenixsecurity22/presentation/cherubin

web 指纹攻击

Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces

https://www.usenix.org/conference/usenixsecurity22/presentation/kasturi

wordpress 的恶意插件研究

Web Cache Deception Escalates!

https://www.usenix.org/conference/usenixsecurity22/presentation/mirheidari

web 安全

Mining Node.js Vulnerabilities via Object Dependence Graph and Query

https://www.usenix.org/conference/usenixsecurity22/presentation/li-song

挖掘node.js的漏洞

When Sally Met Trackers: Web Tracking From the Users’ Perspective

https://www.usenix.org/conference/usenixsecurity22/presentation/dambra

web相关

FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities

https://www.usenix.org/conference/usenixsecurity22/presentation/park-sunnyeo

PHP对象注入漏洞的自动化利用

隐私

An Audit of Facebook’s Political Ad Policy Enforcement

链接：https://www.usenix.org/conference/usenixsecurity22/presentation/lepochat

简介：对Facebook的处理政治广告的策略进行了审计。结果发现Facebook现在的策略很不精确等等。

Increasing Adversarial Uncertainty to Scale Private Similarity Testing

链接：https://www.usenix.org/conference/usenixsecurity22/presentation/hua

简介：社交平台会对用户发布的东西进行内容审查，避免发布一些奇怪的东西。这篇文章就是讲如何检测出这些奇怪的东西。

“How Do You Not Lose Friends?”: Synthesizing a Design Space of Social Controls for Securing Shared Digital Resources Via Participatory Design Jams

链接：https://www.usenix.org/conference/usenixsecurity22/presentation/moju-igbene

简介：数字资源（银行账号，协作文档）经常在一个小群体里共享。然而这个资源的安全和隐私控制做得很差。一个原因就是安全和隐私控制的设计空间很不明确。这篇文章就是要去明确这个设计空间。

OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR

https://www.usenix.org/conference/usenixsecurity22/presentation/trimananda

分类：VR应用的隐私泄露问题

PrivGuard: Privacy Regulation Compliance Made Easier

https://www.usenix.org/conference/usenixsecurity22/presentation/wang-lun

分类：隐私计算

Understanding and Improving Usability of Data Dashboards for Simplified Privacy Control of Voice Assistant Data

https://www.usenix.org/conference/usenixsecurity22/presentation/sharma-vandit

分类：隐私权限控制、语音助手

Caring about Sharing: User Perceptions of Multiparty Data Sharing

https://www.usenix.org/conference/usenixsecurity22/presentation/kacsmar

隐私策略

“I feel invaded, annoyed, anxious and I may protect myself”: Individuals’ Feelings about Online Tracking and their Protective Behaviour across Gender and Country

https://www.usenix.org/conference/usenixsecurity22/presentation/coopamootoo

隐私相关

Security and Privacy Perceptions of Third-Party Application Access for Google Accounts

https://www.usenix.org/conference/usenixsecurity22/presentation/balash

隐私计算，第三方应用权限

Synthetic Data – Anonymisation Groundhog Day

https://www.usenix.org/conference/usenixsecurity22/presentation/stadler

合成数据、匿名化技术的量化评估

Empirical Understanding of Deletion Privacy: Experiences, Expectations, and Measures

https://www.usenix.org/conference/usenixsecurity22/presentation/minaei

隐私，综述类文章

Secure Poisson Regression

https://www.usenix.org/conference/usenixsecurity22/presentation/kelkar

泊松回归计算更安全，有点像隐私计算那类

Automating Cookie Consent and GDPR Violation Detection

https://www.usenix.org/conference/usenixsecurity22/presentation/bollinger

隐私问题

Incremental Offline/Online PIR

https://www.usenix.org/conference/usenixsecurity22/presentation/ma

隐私计算

WebGraph: Capturing Advertising and Tracking Information Flows for Robust Blocking

https://www.usenix.org/conference/usenixsecurity22/presentation/siby

隐私保护。截断广告和追踪的信息流。

未分类

Back-Propagating System Dependency Impact for Attack Investigation

链接：https://www.usenix.org/conference/usenixsecurity22/presentation/fang

简介：对系统日志的分析

Aardvark: An Asynchronous Authenticated Dictionary with Applications to Account-based Cryptocurrencies

链接：https://www.usenix.org/conference/usenixsecurity22/presentation/leung

分类：加密数字货币

Helping hands: Measuring the impact of a large threat intelligence sharing community

链接：https://www.usenix.org/conference/usenixsecurity22/presentation/bouwman

简介：对共享社区的数据的安全性做了评估。比如COVID-19 Cyber Threat Coalition。文章主要对这几个问题做了探讨。第一，一定范围的协作能不能让数据有更好的覆盖率？第二，将这些数据公开有没有在现实生活中起到作用？

VerLoc: Verifiable Localization in Decentralized Systems

https://www.usenix.org/conference/usenixsecurity22/presentation/kohls

确定去中心化系统的节点位置

Stick It to The Man: Correcting for Non-Cooperative Behavior of Subjects in Experiments on Social Networks

https://www.usenix.org/conference/usenixsecurity22/presentation/clary

社交网络

Behind the Tube: Exploitative Monetization of Content on YouTube

https://www.usenix.org/conference/usenixsecurity22/presentation/chu

探索Youtube这种网站上内容变现的利用方式

Dos and Don’ts of Machine Learning in Computer Security

https://www.usenix.org/conference/usenixsecurity22/presentation/arp

机器学习用在计算机安全领域会有什么问题？如何解决？

Usenix 2022 夏季论文简单分类相关推荐

1. CVPR 2022 论文/代码分类汇总！持续更新中！

   关注公众号,发现CV技术之美 CVPR 2022 的论文官方还没有完全公布,但有作者陆续公布出来一些.为方便大家跟进论文,了解最新技术,CV君在Github建了一个仓库,对已经出来的论文(目前是340 ...

2. 何恺明时隔2年再发一作论文：为视觉大模型开路，“CVPR 2022最佳论文候选预定”...

   点击上方"视学算法",选择加"星标"或"置顶" 重磅干货,第一时间送达 杨净 明敏 雷刚 发自 凹非寺 量子位 报道 | 公众号 QbitA ...

3. 激光SLAM论文简单导读--LOAM、VLOAM、LeGO-LOAM、LIO-SAM、LVI-SAM、LIMO、LIC-FUSION、TVL-SLAM、R2LIVE、R3LIVE

   激光SLAM论文简单导读--LOAM.VLOAM.LeGO-LOAM.LIO-SAM.LVI-SAM.LIMO.LIC-FUSION.TVL-SLAM.R2LIVE.R3LIVE 时间线 开篇巨作LO ...

4. DCGAN 论文简单解读

   DCGAN的全称是Deep Convolution Generative Adversarial Networks(深度卷积生成对抗网络).是2014年Ian J.Goodfellow 的那篇开创性的 ...

5. 【系统分析师之路】2022上论文写作历年真题

   [系统分析师之路]2022上论文写作历年真题 [系统分析师之路]2022上论文写作历年真题写 [系统分析师之路]2022上论文写作历年真题 2022上论文写作历年真题第一题(75分) 2022上论文写 ...

6. 机器学习分类_机器学习之简单分类模型

   本文主要探讨了机器学习算法中一些比较容易理解的分类算法,包括二次判别分析QDA,线性判别分析LDA,朴素贝叶斯Naive Bayes,以及逻辑回归Logistic Regression,还会给出在ir ...

7. ICLR 2022最佳论文解读

   微信公众号"圆圆的算法笔记",持续更新NLP.CV.搜推广干货笔记和业内前沿工作解读~ 后台回复"交流"加入"圆圆的算法笔记"交流群:回复& ...

8. 25篇经典机器学习论文的分类

   25篇经典机器学习论文的分类 前言 放假当咸鱼的时候学校要求阅读论文文献,老板找了25篇比较经典的模式识别与机器学习相关的论文要求阅读,作为对人工智能一无所知且前半生学术生涯全贡献给通信的半路出家和尚 ...

9. python3 23.keras使用交叉熵代价函数进行MNIST数据集简单分类 学习笔记

   文章目录 前言 一.交叉熵代价函数简介 二.交叉熵代价函数使用 前言 计算机视觉系列之学习笔记主要是本人进行学习人工智能(计算机视觉方向)的代码整理.本系列所有代码是用python3编写,在平台Ana ...

最新文章

1. VoLTE前世今生...说清楚VoIP、VoLTE、CSFB、VoWiFi、SIP、IMS那些事
2. Win32 汇编子过程总结
3. JS学习记录（BOM部分）
4. 排版人员 快速排版_选择排版前应了解的事项
5. vue 使用 el-image图片无法显示
6. 【附源码】为了帮助程序员谈恋爱，我做了这个APP
7. mysql suoyin 和锁_mysql 索引和锁
8. OJ、ACM提交常见错误类型
9. CentOS 7 上搭建nginx 1.6
10. 网游服务器通信架构设计
11. 谁说不能用 Python开发企业应用？
12. 接口测试 python+PyCharm 环境搭建
13. 浅谈Vue 中的 computed 和 methods 的使用
14. Linux笔记1 修改主机名、ip以及指DNS
15. 零基础如何入门学习原画？速收藏
16. Sketch56.1汉化
17. 为游戏多开做准备，降低游戏的CPU
18. 计算机怎么清理CAD,怎么完全卸载cad
19. ContextCapture系列教程（三）：大疆精灵4RTK版无人机POS数据提取、处理（处理后勉强达到免相控要求）
20. 永恒的风控：大宗商品贸易融资背后的核心风险该如何规避？

热门文章

1. 苹果手机怎么清除缓存_手机里的文件如何彻底删除？教你清除缓存的方法
2. 活动报名 | 加州大学圣地亚哥分校商静波：如何通过极弱监督来完成海量文本的结构化？...
3. rono在oracle的作用_细节见真章,OPPO Reno多项品质测试,这才是最真实表现
4. 4K动态视频壁纸「Dynamic Wallpaper」
5. wordpress外贸跨境电商独立站WooCommerce插件安装教程
6. spss数据处理－－数据检查
7. HTML的无序（ul）、有序（ol）、定义（dl）列表标签
8. C语言程序设计 设计用函数实现模块化程序设计
9. 南方航空java面试_面试经验 南航面试经历分享
10. 多旋翼无人机组合导航系统-多源信息融合算法附Matlab代码