Usenix 2022 夏季论文简单分类
最近发现Usenix 2022夏季的paper已经出了,所以扫扫看有没有有趣的文章,对文章进行了简单的分类。基于个人知识分类,可能分类不是那么准确。也可以等usenix 2022上了dblp看官方的分类。
文章目录
- 二进制
- fuzz
- 软件安全
- 物联网
- 声音相关
- 侧信道
- 可信计算
- 内核
- 云安全
- 嵌入式设备
- AI模型安全
- 驾驶系统
- 移动安全
- LTE(通信安全?)
- 密码学
- 网络安全
- Web安全
- 隐私
- 未分类
二进制
DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly
https://www.usenix.org/conference/usenixsecurity22/presentation/yu-sheng
分类:深度学习应用在反汇编
Debloating Address Sanitizer
https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-yuchen
ASan的性能优化
RE-Mind: a First Look Inside the Mind of a Reverse Engineer
https://www.usenix.org/conference/usenixsecurity22/presentation/mantovani
调研二进制逆向工程师是如何分析汇编代码,做逆向任务的。
Augmenting Decompiler Output with Learned Variable Names and Types
https://www.usenix.org/conference/usenixsecurity22/presentation/chen-qibin
反汇编,基于机器学习的方法
fuzz
Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
https://www.usenix.org/conference/usenixsecurity22/presentation/scharnowski
固件fuzz
Morphuzz: Bending (Input) Space to Fuzz Virtual Devices
https://www.usenix.org/conference/usenixsecurity22/presentation/bulekov
对虚拟设备进行fuzz
Regulator: Dynamic Analysis to Detect ReDoS
https://www.usenix.org/conference/usenixsecurity22/presentation/mclaughlin
用fuzz去发现正则表达式引起的拒绝服务漏洞
软件安全
Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths
https://www.usenix.org/conference/usenixsecurity22/presentation/zhou-shunfan
能够探索状态依赖的分支的符号执行
How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes
https://www.usenix.org/conference/usenixsecurity22/presentation/alexopoulos
研究开源软件中的漏洞存在的时长
Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits
https://www.usenix.org/conference/usenixsecurity22/presentation/suciu
漏洞利用性评估
物联网
Lumos: Identifying and Localizing Diverse Hidden IoT Devices in an Unfamiliar Environment
https://www.usenix.org/conference/usenixsecurity22/presentation/sharma-rahul
分类:在陌生环境发现隐藏的IoT设备
Practical Data Access Minimization in Trigger-Action Platforms
https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yunang
物联网平台的数据风险问题
ProFactory: Improving IoT Security via Formalized Protocol Customization
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-fei
IoT应用的协议漏洞
声音相关
Towards More Robust Keyword Spotting for Voice Assistants
https://www.usenix.org/conference/usenixsecurity22/presentation/ahmed
语音助手的防御
“OK, Siri” or “Hey, Google”: Evaluating Voiceprint Distinctiveness via Content-based PROLE Score
https://www.usenix.org/conference/usenixsecurity22/presentation/he-ruiwen
关于声纹独特性的研究
Your Microphone Array Retains Your Identity: A Robust Voice Liveness Detection System for Smart Speakers
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/meng
分类:物联网安全,关于耳机
Lamphone: Passive Sound Recovery from a Desk Lamp’s Light Bulb Vibrations
https://www.usenix.org/conference/usenixsecurity22/presentation/nassi
通过灯泡进行窃听
SkillDetective: Automated Policy-Violation Detection of Voice Assistant Applications in the Wild
https://www.usenix.org/conference/usenixsecurity22/presentation/young
语音助手的隐私违反检测
侧信道
SecSMT: Securing SMT Processors against Contention-Based Covert Channels
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/taram
简介:分析了高性能协同多线程处理器里的基于竞争的安全漏洞
Rapid Prototyping for Microarchitectural Attacks
https://www.usenix.org/conference/usenixsecurity22/presentation/easdon
如何快速构造微体系结构攻击
Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring
https://www.usenix.org/conference/usenixsecurity22/presentation/han
针对侧信道防御的一种新攻击
AMD Prefetch Attacks through Power and Time
https://www.usenix.org/conference/usenixsecurity22/presentation/lipp
分类:AMD的CPU也存在侧信道问题
Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX
https://www.usenix.org/conference/usenixsecurity22/presentation/giner
针对LVI攻击(熔断幽灵那类)的防御
Rendering Contention Channel Made Practical in Web Browsers
https://www.usenix.org/conference/usenixsecurity22/presentation/wu
浏览器渲染的侧信道攻击
Automated Side Channel Analysis of Media Software with Manifold Learning
https://www.usenix.org/conference/usenixsecurity22/presentation/yuan
用AI的学习方法去侧信道分析,然后重现机密的媒体输入
Lend Me Your Ear: Passive Remote Physical Side Channels on PCs
https://www.usenix.org/conference/usenixsecurity22/presentation/genkin
PC机远程物理侧信道,比如PC机上的耳机
HyperDegrade: From GHz to MHz Effective CPU Frequencies
https://www.usenix.org/conference/usenixsecurity22/presentation/aldaya
用性能降级技术来抵御侧信道攻击
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
不用碰屏幕,就可以实现针对屏幕的攻击
Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand
https://www.usenix.org/conference/usenixsecurity22/presentation/cardaioli
用深度学习发现在ATM输入密码的手势特征,还原你的银行卡密码
可信计算
Elasticlave: An Efficient Memory Model for Enclaves
https://www.usenix.org/conference/usenixsecurity22/presentation/yu-jason
允许共享的TEE内存模型
SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX
https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yuan
限制不可信enclave的行为
内核
Midas: Systematic Kernel TOCTTOU Protection
https://www.usenix.org/conference/usenixsecurity22/presentation/bhattacharyya
分类:内核安全,double-fetch bug
LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution
https://www.usenix.org/conference/usenixsecurity22/presentation/liu-jian
用符号执行检测内核里的引用计数器的非法使用
SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
https://www.usenix.org/conference/usenixsecurity22/presentation/zou
确定内核漏洞的风险性
云安全
Jenny: Securing Syscalls for PKU-based Memory Isolation Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/schrammel
分类:PKU内存隔离系统里的系统调用过滤问题(PKU是云系统的一种隔离机制)
Exploring the Unchartered Space of Container Registry Typosquatting
https://www.usenix.org/conference/usenixsecurity22/presentation/liu-guannan
docker 容器安全
Bedrock: Programmable Network Support for Secure RDMA Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/xing
云数据中心的防御,侧重于做Remote direct memory access (RDMA)
嵌入式设备
PISTIS: Trusted Computing Architecture for Low-end Embedded Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/grisafi
可信体系结构,低档嵌入式系统
RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices
https://www.usenix.org/conference/usenixsecurity22/presentation/he-yi
对嵌入式设备自动打上热补丁
Holistic Control-Flow Protection on Real-Time Embedded Systems with Kage
https://www.usenix.org/conference/usenixsecurity22/presentation/du
保护基于微控制器的嵌入式系统的控制流
AI模型安全
ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models
https://www.usenix.org/conference/usenixsecurity22/presentation/liu-yugeng
分类:机器学习模型的Inference Attack
On the Security Risks of AutoML
https://www.usenix.org/conference/usenixsecurity22/presentation/pang
对神经搜索方法潜在的安全性做了研究
Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side Channel
https://www.usenix.org/conference/usenixsecurity22/presentation/maia
神经网络的侧信道攻击
Inference Attacks Against Graph Neural Networks
https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-zhikun
图神经网络的推断攻击(Inference Attack)
SIMC: ML Inference Secure Against Malicious Clients at Semi-Honest Cost
https://www.usenix.org/conference/usenixsecurity22/presentation/chandran
机器学习模型推断攻击的防御
Label Inference Attacks Against Vertical Federated Learning
https://www.usenix.org/conference/usenixsecurity22/presentation/fu
垂直联邦学习的标签推断攻击(Label Inference Attacks)
驾驶系统
DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/zhou-ce
分类:自动驾驶系统的安全问题
Rolling Colors: Adversarial Laser Exploits against Traffic Light Recognition
https://www.usenix.org/conference/usenixsecurity22/presentation/yan
在交通灯图片上注入彩色条纹,使得自动驾驶系统识别红绿灯出错
Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols
https://www.usenix.org/conference/usenixsecurity22/presentation/yu-le
对驾驶系统的协议进行自动化逆向
SAID: State-aware Defense Against Injection Attacks on In-vehicle Network
https://www.usenix.org/conference/usenixsecurity22/presentation/xue
驾驶系统的注入攻击防御
移动安全
A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned
https://www.usenix.org/conference/usenixsecurity22/presentation/shen
分类:恶意APP的综述
FReD: Identifying File Re-Delegation in Android System Services
https://www.usenix.org/conference/usenixsecurity22/presentation/gorski
安卓系统服务的安全、静态分析
A Large-scale Investigation into Geodifferences in Mobile Apps
https://www.usenix.org/conference/usenixsecurity22/presentation/kumar
移动APP地理差异的研究(地理差异可以用来墙的)
FOAP: Fine-Grained Open-World Android App Fingerprinting
https://www.usenix.org/conference/usenixsecurity22/presentation/li-jianfeng
细粒度的开源安卓APP指纹技术
LTE(通信安全?)
LTrack: Stealthy Tracking of Mobile Phones in LTE
https://www.usenix.org/conference/usenixsecurity22/presentation/kotuliak
对LTE攻击,能够获取到设备的位置
Watching the Watchers: Practical Video Identification Attack in LTE Networks
https://www.usenix.org/conference/usenixsecurity22/presentation/bae
视频识别攻击,可以知道受害者在看什么视频。
DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices
https://www.usenix.org/conference/usenixsecurity22/presentation/park-cheoljun
LTE设备的negative testing框架
密码学
OpenSSLNTRU: Faster post-quantum TLS key exchange
https://www.usenix.org/conference/usenixsecurity22/presentation/bernstein
后量子密码学相关
Polynomial Commitment with a One-to-Many Prover and Applications
https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-jiaheng
密码学相关
Post-Quantum Cryptography with Contemporary Co-Processors: Beyond Kronecker, Schönhage-Strassen & Nussbaumer
https://www.usenix.org/conference/usenixsecurity22/presentation/bos
后量子密码、IoT设备
Orca: Blocklisting in Sender-Anonymous Messaging
https://www.usenix.org/conference/usenixsecurity22/presentation/tyagi
设计了匿名发送系统的协议
How to Abuse and Fix Authenticated Encryption Without Key Commitment
https://www.usenix.org/conference/usenixsecurity22/presentation/albertini
密码学、认证相关
Omnes pro uno: Practical Multi-Writer Encrypted Database
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-jiafan
密码学相关
网络安全
Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope
https://www.usenix.org/conference/usenixsecurity22/presentation/hiesgen
网络扫描
Total Eclipse of the Heart – Disrupting the InterPlanetary File System
https://www.usenix.org/conference/usenixsecurity22/presentation/prunster
P2P方案InterPlanetary File System的一个攻击
Under the Hood of DANE Mismanagement in SMTP
https://www.usenix.org/conference/usenixsecurity22/presentation/lee
DNS、网络安全相关
MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties
https://www.usenix.org/conference/usenixsecurity22/presentation/chen-guoxing
远程认证机制
Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning
https://www.usenix.org/conference/usenixsecurity22/presentation/jain
端到端的加密系统(比如邮箱平台用的)的安全性问题
99% False Positives: A Qualitative Study of SOC Analysts’ Perspectives on Security Alarms
https://www.usenix.org/conference/usenixsecurity22/presentation/alahmadi
从安全运营分析者角度对安全警告的定性研究(99%都是误报)
Web安全
Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World
https://www.usenix.org/conference/usenixsecurity22/presentation/cherubin
web 指纹攻击
Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces
https://www.usenix.org/conference/usenixsecurity22/presentation/kasturi
wordpress 的恶意插件研究
Web Cache Deception Escalates!
https://www.usenix.org/conference/usenixsecurity22/presentation/mirheidari
web 安全
Mining Node.js Vulnerabilities via Object Dependence Graph and Query
https://www.usenix.org/conference/usenixsecurity22/presentation/li-song
挖掘node.js的漏洞
When Sally Met Trackers: Web Tracking From the Users’ Perspective
https://www.usenix.org/conference/usenixsecurity22/presentation/dambra
web相关
FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities
https://www.usenix.org/conference/usenixsecurity22/presentation/park-sunnyeo
PHP对象注入漏洞的自动化利用
隐私
An Audit of Facebook’s Political Ad Policy Enforcement
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/lepochat
简介:对Facebook的处理政治广告的策略进行了审计。结果发现Facebook现在的策略很不精确等等。
Increasing Adversarial Uncertainty to Scale Private Similarity Testing
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/hua
简介:社交平台会对用户发布的东西进行内容审查,避免发布一些奇怪的东西。这篇文章就是讲如何检测出这些奇怪的东西。
“How Do You Not Lose Friends?”: Synthesizing a Design Space of Social Controls for Securing Shared Digital Resources Via Participatory Design Jams
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/moju-igbene
简介:数字资源(银行账号,协作文档)经常在一个小群体里共享。然而这个资源的安全和隐私控制做得很差。一个原因就是安全和隐私控制的设计空间很不明确。这篇文章就是要去明确这个设计空间。
OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR
https://www.usenix.org/conference/usenixsecurity22/presentation/trimananda
分类:VR应用的隐私泄露问题
PrivGuard: Privacy Regulation Compliance Made Easier
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-lun
分类:隐私计算
Understanding and Improving Usability of Data Dashboards for Simplified Privacy Control of Voice Assistant Data
https://www.usenix.org/conference/usenixsecurity22/presentation/sharma-vandit
分类:隐私权限控制、语音助手
Caring about Sharing: User Perceptions of Multiparty Data Sharing
https://www.usenix.org/conference/usenixsecurity22/presentation/kacsmar
隐私策略
“I feel invaded, annoyed, anxious and I may protect myself”: Individuals’ Feelings about Online Tracking and their Protective Behaviour across Gender and Country
https://www.usenix.org/conference/usenixsecurity22/presentation/coopamootoo
隐私相关
Security and Privacy Perceptions of Third-Party Application Access for Google Accounts
https://www.usenix.org/conference/usenixsecurity22/presentation/balash
隐私计算,第三方应用权限
Synthetic Data – Anonymisation Groundhog Day
https://www.usenix.org/conference/usenixsecurity22/presentation/stadler
合成数据、匿名化技术的量化评估
Empirical Understanding of Deletion Privacy: Experiences, Expectations, and Measures
https://www.usenix.org/conference/usenixsecurity22/presentation/minaei
隐私,综述类文章
Secure Poisson Regression
https://www.usenix.org/conference/usenixsecurity22/presentation/kelkar
泊松回归计算更安全,有点像隐私计算那类
Automating Cookie Consent and GDPR Violation Detection
https://www.usenix.org/conference/usenixsecurity22/presentation/bollinger
隐私问题
Incremental Offline/Online PIR
https://www.usenix.org/conference/usenixsecurity22/presentation/ma
隐私计算
WebGraph: Capturing Advertising and Tracking Information Flows for Robust Blocking
https://www.usenix.org/conference/usenixsecurity22/presentation/siby
隐私保护。截断广告和追踪的信息流。
未分类
Back-Propagating System Dependency Impact for Attack Investigation
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/fang
简介:对系统日志的分析
Aardvark: An Asynchronous Authenticated Dictionary with Applications to Account-based Cryptocurrencies
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/leung
分类:加密数字货币
Helping hands: Measuring the impact of a large threat intelligence sharing community
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/bouwman
简介:对共享社区的数据的安全性做了评估。比如COVID-19 Cyber Threat Coalition。文章主要对这几个问题做了探讨。第一,一定范围的协作能不能让数据有更好的覆盖率?第二,将这些数据公开有没有在现实生活中起到作用?
VerLoc: Verifiable Localization in Decentralized Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/kohls
确定去中心化系统的节点位置
Stick It to The Man: Correcting for Non-Cooperative Behavior of Subjects in Experiments on Social Networks
https://www.usenix.org/conference/usenixsecurity22/presentation/clary
社交网络
Behind the Tube: Exploitative Monetization of Content on YouTube
https://www.usenix.org/conference/usenixsecurity22/presentation/chu
探索Youtube这种网站上内容变现的利用方式
Dos and Don’ts of Machine Learning in Computer Security
https://www.usenix.org/conference/usenixsecurity22/presentation/arp
机器学习用在计算机安全领域会有什么问题?如何解决?
Usenix 2022 夏季论文简单分类相关推荐
- CVPR 2022 论文/代码分类汇总!持续更新中!
关注公众号,发现CV技术之美 CVPR 2022 的论文官方还没有完全公布,但有作者陆续公布出来一些.为方便大家跟进论文,了解最新技术,CV君在Github建了一个仓库,对已经出来的论文(目前是340 ...
- 何恺明时隔2年再发一作论文:为视觉大模型开路,“CVPR 2022最佳论文候选预定”...
点击上方"视学算法",选择加"星标"或"置顶" 重磅干货,第一时间送达 杨净 明敏 雷刚 发自 凹非寺 量子位 报道 | 公众号 QbitA ...
- 激光SLAM论文简单导读--LOAM、VLOAM、LeGO-LOAM、LIO-SAM、LVI-SAM、LIMO、LIC-FUSION、TVL-SLAM、R2LIVE、R3LIVE
激光SLAM论文简单导读--LOAM.VLOAM.LeGO-LOAM.LIO-SAM.LVI-SAM.LIMO.LIC-FUSION.TVL-SLAM.R2LIVE.R3LIVE 时间线 开篇巨作LO ...
- DCGAN 论文简单解读
DCGAN的全称是Deep Convolution Generative Adversarial Networks(深度卷积生成对抗网络).是2014年Ian J.Goodfellow 的那篇开创性的 ...
- 【系统分析师之路】2022上论文写作历年真题
[系统分析师之路]2022上论文写作历年真题 [系统分析师之路]2022上论文写作历年真题写 [系统分析师之路]2022上论文写作历年真题 2022上论文写作历年真题第一题(75分) 2022上论文写 ...
- 机器学习分类_机器学习之简单分类模型
本文主要探讨了机器学习算法中一些比较容易理解的分类算法,包括二次判别分析QDA,线性判别分析LDA,朴素贝叶斯Naive Bayes,以及逻辑回归Logistic Regression,还会给出在ir ...
- ICLR 2022最佳论文解读
微信公众号"圆圆的算法笔记",持续更新NLP.CV.搜推广干货笔记和业内前沿工作解读~ 后台回复"交流"加入"圆圆的算法笔记"交流群:回复& ...
- 25篇经典机器学习论文的分类
25篇经典机器学习论文的分类 前言 放假当咸鱼的时候学校要求阅读论文文献,老板找了25篇比较经典的模式识别与机器学习相关的论文要求阅读,作为对人工智能一无所知且前半生学术生涯全贡献给通信的半路出家和尚 ...
- python3 23.keras使用交叉熵代价函数进行MNIST数据集简单分类 学习笔记
文章目录 前言 一.交叉熵代价函数简介 二.交叉熵代价函数使用 前言 计算机视觉系列之学习笔记主要是本人进行学习人工智能(计算机视觉方向)的代码整理.本系列所有代码是用python3编写,在平台Ana ...
最新文章
- VoLTE前世今生...说清楚VoIP、VoLTE、CSFB、VoWiFi、SIP、IMS那些事
- Win32 汇编子过程总结
- JS学习记录(BOM部分)
- 排版人员 快速排版_选择排版前应了解的事项
- vue 使用 el-image图片无法显示
- 【附源码】为了帮助程序员谈恋爱,我做了这个APP
- mysql suoyin 和锁_mysql 索引和锁
- OJ、ACM提交常见错误类型
- CentOS 7 上搭建nginx 1.6
- 网游服务器通信架构设计
- 谁说不能用 Python开发企业应用?
- 接口测试 python+PyCharm 环境搭建
- 浅谈Vue 中的 computed 和 methods 的使用
- Linux笔记1 修改主机名、ip以及指DNS
- 零基础如何入门学习原画?速收藏
- Sketch56.1汉化
- 为游戏多开做准备,降低游戏的CPU
- 计算机怎么清理CAD,怎么完全卸载cad
- ContextCapture系列教程(三):大疆精灵4RTK版无人机POS数据提取、处理(处理后勉强达到免相控要求)
- 永恒的风控:大宗商品贸易融资背后的核心风险该如何规避?
热门文章
- 苹果手机怎么清除缓存_手机里的文件如何彻底删除?教你清除缓存的方法
- 活动报名 | 加州大学圣地亚哥分校商静波:如何通过极弱监督来完成海量文本的结构化?...
- rono在oracle的作用_细节见真章,OPPO Reno多项品质测试,这才是最真实表现
- 4K动态视频壁纸「Dynamic Wallpaper」
- wordpress外贸跨境电商独立站WooCommerce插件安装教程
- spss数据处理--数据检查
- HTML的无序(ul)、有序(ol)、定义(dl)列表标签
- C语言程序设计 设计用函数实现模块化程序设计
- 南方航空java面试_面试经验 南航面试经历分享
- 多旋翼无人机组合导航系统-多源信息融合算法附Matlab代码