


default search action
30th CCS 2024: Salt Lake City, UT, USA
- Bo Luo, Xiaojing Liao, Jun Xu, Engin Kirda, David Lie:
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, Salt Lake City, UT, USA, October 14-18, 2024. ACM 2024, ISBN 979-8-4007-0636-3
Keynote Talks
- Dan Boneh
:
Cryptography and Computer Security: A View From the Year 2100. 1 - Gene Tsudik
:
Staving off the IoT Armageddon. 2-3
Session 1-1: Verification, Secure Architectures, and Network Security
- Felix A. Wolf
, Peter Müller:
Verifiable Security Policies for Distributed Systems. 4-18 - Hans Winderix
, Marton Bognar
, Lesly-Ann Daniel
, Frank Piessens
:
Libra: Architectural Support For Principled, Secure And Efficient Balanced Execution On High-End Processors. 19-33 - Qiyuan Zhao
, George Pîrlea
, Karolina Grzeszkiewicz
, Seth Gilbert
, Ilya Sergey
:
Compositional Verification of Composite Byzantine Protocols. 34-48 - Jens Frieß
, Donika Mirdita
, Haya Schulmann
, Michael Waidner
:
Byzantine-Secure Relying Party for Resilient RPKI. 49-63
Session 1-2: HW & CPS: Microarchitectural Attacks and Side Channels
- Hyerean Jang
, Taehun Kim
, Youngjoo Shin
:
SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon. 64-78 - Luca Wilke
, Florian Sieck
, Thomas Eisenbarth
:
TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDX. 79-93 - Fabian Rauscher
, Daniel Gruss
:
Cross-Core Interrupt Detection: Exploiting User and Virtualized IPIs. 94-108 - Gal Horowitz
, Eyal Ronen
, Yuval Yarom
:
Spec-o-Scope: Cache Probing at Cache Speed. 109-123
Session 1-3: ML and Security: Machine Learning for Security
- Keane Lucas
, Weiran Lin
, Lujo Bauer
, Michael K. Reiter
, Mahmood Sharif
:
Training Robust ML-based Raw-Binary Malware Detectors in Hours, not Months. 124-138 - Mingqi Lv
, Hongzhe Gao
, Xuebo Qiu
, Tieming Chen
, Tiantian Zhu
, Jinyin Chen
, Shouling Ji
:
TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning. 139-152 - Tianfang Zhang
, Qiufan Ji
, Zhengkun Ye
, Md Mojibur Rahman Redoy Akanda
, Ahmed Tanvir Mahdad
, Cong Shi
, Yan Wang
, Nitesh Saxena
, Yingying Chen
:
SAFARI: Speech-Associated Facial Authentication for AR/VR Settings via Robust VIbration Signatures. 153-167 - Andy Zhou
, Xiaojun Xu
, Ramesh Raghunathan
, Alok Lal
, Xinze Guan
, Bin Yu
, Bo Li
:
KnowGraph: Knowledge-Enabled Anomaly Detection via Logical Reasoning on Graph Data. 168-182
Session 1-4: HW & CPS: (Micro)Architecture Security
- Stavros Volos
, Cédric Fournet, Jana Hofmann
, Boris Köpf
, Oleksii Oleksenko
:
Principled Microarchitectural Isolation on Cloud CPUs. 183-197 - Yongho Song
, Byeongsu Woo
, Youngkwang Han
, Brent ByungHoon Kang
:
Interstellar: Fully Partitioned and Efficient Security Monitoring Hardware Near a Processor Core for Protecting Systems against Attacks on Privileged Software. 198-212 - Katharina Ceesay-Seitz
, Flavien Solt
, Kaveh Razavi
:
μCFI: Formal Verification of Microarchitectural Control-flow Integrity. 213-227 - Rei Ueno
, Hiromichi Haneda
, Naofumi Homma
, Akiko Inoue
, Kazuhiko Minematsu
:
Crystalor: Recoverable Memory Encryption Mechanism with Optimized Metadata Structure. 228-242
Session 1-5: Privacy and Anonymity: Privacy in Federated ML
- Shuangqing Xu
, Yifeng Zheng
, Zhongyun Hua
:
Camel: Communication-Efficient and Maliciously Secure Federated Learning in the Shuffle Model of Differential Privacy. 243-257 - Bokang Zhang
, Yanglin Zhang
, Zhikun Zhang
, Jinglan Yang
, Lingying Huang
, Junfeng Wu
:
S2NeRF: Privacy-preserving Training Framework for NeRF. 258-272 - Johannes Liebenow
, Yara Schütt
, Tanya Braun
, Marcel Gehrke
, Florian Thaeter
, Esfandiar Mohammadi
:
$DPM: $ Clustering Sensitive Data through Separation. 273-287 - Thorsten Peinemann
, Moritz Kirschte
, Joshua Stock
, Carlos Cotrini
, Esfandiar Mohammadi
:
S-BDT: Distributed Differentially Private Boosted Decision Trees. 288-302
Session 1-6: Privacy and Anonymity: Differential Privacy I
- Junxu Liu
, Jian Lou
, Li Xiong
, Jinfei Liu
, Xiaofeng Meng
:
Cross-silo Federated Learning with Record-level Personalized Differential Privacy. 303-317 - Yucheng Fu
, Tianhao Wang
:
Benchmarking Secure Sampling Protocols for Differential Privacy. 318-332 - Yuting Liang
, Ke Yi
:
Smooth Sensitivity for Geo-Privacy. 333-347 - Jacob Imola
, Amrita Roy Chowdhury
, Kamalika Chaudhuri
:
Metric Differential Privacy at the User-Level via the Earth-Mover's Distance. 348-362
Session 1-7: Blockchains, Authentication, and Distributed Systems
- Lucianna Kiffer
, Joachim Neu
, Srivatsan Sridhar
, Aviv Zohar
, David Tse
:
Nakamoto Consensus under Bounded Processing Capacity. 363-377 - Sarisht Wadhwa
, Luca Zanolini
, Aditya Asgaonkar
, Francesco D'Amato
, Chengrui Fang
, Fan Zhang
, Kartik Nayak
:
Data Independent Order Policy Enforcement: Limitations and Solutions. 378-392 - Lukas Aumayr
, Zeta Avarikioti
, Matteo Maffei
, Subhra Mazumdar
:
Securing Lightning Channels against Rational Miners. 393-407 - Deepak Maram
, Mahimna Kelkar
, Ittay Eyal
:
Interactive Multi-Credential Authentication. 408-422
Session 2-1: Network Security: The Internet Infrastructure
- Xiyuan Zhao
, Xinhao Deng
, Qi Li
, Yunpeng Liu
, Zhuotao Liu
, Kun Sun
, Ke Xu
:
Towards Fine-Grained Webpage Fingerprinting at Scale. 423-436 - Abhishek Bhaskar
, Paul Pearce
:
Understanding Routing-Induced Censorship Changes Globally. 437-451 - Yuejia Liang
, Jianjun Chen
, Run Guo
, Kaiwen Shen
, Hui Jiang
, Man Hou
, Yue Yu
, Haixin Duan
:
Internet's Invisible Enemy: Detecting and Measuring Web Cache Poisoning in the Wild. 452-466 - Jiahe Zhang
, Jianjun Chen
, Qi Wang
, Hangyu Zhang
, Chuhan Wang
, Jianwei Zhuge
, Haixin Duan
:
Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors. 467-481 - Xiaofan Li
, Yacong Gu
, Chu Qiao
, Zhenkai Zhang
, Daiping Liu
, Lingyun Ying
, Haixin Duan
, Xing Gao
:
Toward Understanding the Security of Plugins in Continuous Integration Services. 482-496 - Elias Heftrig
, Haya Schulmann
, Niklas Vogel
, Michael Waidner
:
The Harder You Try, The Harder You Fail: The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNSSEC. 497-510
Session 2-2: Web Security I
- Penghui Li
, Mingxue Zhang
:
FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache. 511-524 - Zidong Zhang
, Qinsheng Hou
, Lingyun Ying
, Wenrui Diao
, Yacong Gu
, Rui Li
, Shanqing Guo
, Haixin Duan
:
MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs. 525-539 - Ronghai Yang
, Xianbo Wang
, Kaixuan Luo
, Xin Lei
, Ke Li
, Jiayuan Xin
, Wing Cheong Lau
:
SWIDE: A Semantic-aware Detection Engine for Successful Web Injection Attacks. 540-554 - Kailun Yan
, Xiaokuan Zhang
, Wenrui Diao
:
Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication. 555-569 - Changhua Luo
, Penghui Li
, Wei Meng
, Chao Zhang
:
Test Suites Guided Vulnerability Validation for Node.js Applications. 570-584 - Zhiyong Guo
, Mingqing Kang
, V. N. Venkatakrishnan
, Rigel Gjomemo
, Yinzhi Cao
:
ReactAppScan: Mining React Application Vulnerabilities via Component Graph. 585-599
Session 2-3: ML and Security: Machine Learning Attacks
- Hanbin Hong
, Xinyu Zhang
, Binghui Wang
, Zhongjie Ba
, Yuan Hong
:
Certifiable Black-Box Attacks with Randomized Adversarial Examples: Breaking Defenses with Provable Confidence. 600-614 - Jonathan Knauer
, Phillip Rieger
, Hossein Fereidooni
, Ahmad-Reza Sadeghi
:
Phantom: Untargeted Poisoning Attacks on Semi-Supervised Learning. 615-629 - Zheng Fang
, Tao Wang
, Lingchen Zhao
, Shenyi Zhang
, Bowen Li
, Yunjie Ge
, Qi Li
, Chao Shen
, Qian Wang
:
Zero-Query Adversarial Attack on Black-box Automatic Speech Recognition Systems. 630-644 - Oubo Ma
, Yuwen Pu
, Linkang Du
, Yang Dai
, Ruo Wang
, Xiaolei Liu
, Yingcai Wu
, Shouling Ji
:
SUB-PLAY: Adversarial Policies against Partially Observed Multi-Agent Reinforcement Learning Systems. 645-659 - Jiawen Shi
, Zenghui Yuan
, Yinuo Liu
, Yue Huang
, Pan Zhou
, Lichao Sun
, Neil Zhenqiang Gong
:
Optimization-based Prompt Injection Attack to LLM-as-a-Judge. 660-674 - Yifan Lu
, Wenxuan Li
, Mi Zhang
, Xudong Pan
, Min Yang
:
Neural Dehydration: Effective Erasure of Black-box Watermarks from DNNs with Limited Data. 675-689
Session 2-4: Software Security: Fuzzing I
- Lukas Bernhard
, Nico Schiller
, Moritz Schloegel
, Nils Bars
, Thorsten Holz
:
DarthShader: Fuzzing WebGPU Shader Translators & Compilers. 690-704 - Kelin Wang
, Mengda Chen
, Liang He
, Purui Su
, Yan Cai
, Jiongyi Chen
, Bin Zhang
, Chao Feng
, Chaojing Tang
:
OSmart: Whitebox Program Option Fuzzing. 705-719 - Ruijie Meng
, Gregory J. Duck
, Abhik Roychoudhury
:
Program Environment Fuzzing. 720-734 - Dawei Wang
, Geng Zhou
, Li Chen
, Dan Li
, Yukai Miao
:
ProphetFuzz: Fully Automated Prediction and Fuzzing of High-Risk Option Combinations with Only Documentation via Large Language Model. 735-749 - Nils Bars
, Moritz Schloegel
, Nico Schiller
, Lukas Bernhard
, Thorsten Holz
:
No Peer, no Cry: Network Application Fuzzing via Fault Injection. 750-764 - Dongdong She
, Adam Storek
, Yuchong Xie
, Seoyoung Kweon
, Prashast Srivastava
, Suman Jana
:
FOX: Coverage-guided Fuzzing as Online Stochastic Control. 765-779
Session 2-5: Applied Crypto: MPC I
- Ruiyang Li
, Yiteng Sun
, Chun Guo
, François-Xavier Standaert, Weijia Wang
, Xiao Wang
:
Leakage-Resilient Circuit Garbling. 780-794 - Shuaishuai Li
, Cong Zhang
, Dongdai Lin
:
Secure Multiparty Computation with Lazy Sharing. 795-809 - Zhicong Huang
, Wen-jie Lu
, Yuchen Wang
, Cheng Hong
, Tao Wei
, Wenguang Chen
:
Coral: Maliciously Secure Computation Framework for Packed and Mixed Circuits. 810-824 - Yun Li
, Daniel Escudero
, Yufei Duan
, Zhicong Huang
, Cheng Hong
, Chao Zhang
, Yifan Song
:
Sublinear Distributed Product Checks on Replicated Secret-Shared Data over Z2k Without Ring Extensions. 825-839 - Stefan Dziembowski, Sebastian Faust, Tomasz Lizurej, Marcin Mielniczuk:
Secret Sharing with Snitching. 840-853 - Peizhao Zhou
, Xiaojie Guo
, Pinzhi Chen
, Tong Li
, Siyi Lv
, Zheli Liu
:
Shortcut: Making MPC-based Collaborative Analytics Efficient on Dynamic Databases. 854-868
Session 2-6: Applied Crypto: Zero Knowledge Proofs I
- Aarushi Goel
, Mathias Hall-Andersen
, Gabriel Kaptchuk
:
Dora: A Simple Approach to Zero-Knowledge for RAM Programs. 869-883 - Chaya Ganesh
, Vineet Nair
, Ashish Sharma
:
Dual Polynomial Commitment Schemes and Applications to Commit-and-Prove SNARKs. 884-898 - Zhikang Xie
, Mengling Liu
, Haiyang Xue
, Man Ho Au
, Robert H. Deng
, Siu-Ming Yiu
:
Direct Range Proofs for Paillier Cryptosystem and Their Applications. 899-913 - Mingxun Zhou
, Giulia Fanti
, Elaine Shi
:
Conan: Distributed Proofs of Compliance for Anonymous Data Collection. 914-928 - Michael Rosenberg
, Tushar Mopuri
, Hossein Hafezi
, Ian Miers
, Pratyush Mishra
:
Hekaton: Horizontally-Scalable zkSNARKs Via Proof Aggregation. 929-940 - Renas Bacho
, Christoph Lenzen
, Julian Loss
, Simon Ochsenreither
, Dimitrios Papachristoudis
:
GRandLine: Adaptively Secure DKG and Randomness Beacon with (Log-)Quadratic Communication Complexity. 941-955
Session 2-7: Blockchain & Distributed Systems: Blockchain Attacks
- Cong Wu
, Jing Chen
, Ziming Zhao
, Kun He
, Guowen Xu
, Yueming Wu
, Haijun Wang
, Hongwei Li
, Yang Liu
, Yang Xiang
:
TokenScout: Early Detection of Ethereum Scam Tokens via Temporal Graph Learning. 956-970 - Zihao Li
, Xinghao Peng
, Zheyuan He
, Xiapu Luo
, Ting Chen
:
fAmulet: Finding Finalization Failure Bugs in Polygon zkRollup. 971-985 - Shixuan Guan
, Kai Li
:
Characterizing Ethereum Address Poisoning Attack. 986-1000 - Hongbo Wen
, Hanzhi Liu
, Jiaxin Song
, Yanju Chen
, Wenbo Guo
, Yu Feng
:
FORAY: Towards Effective Attack Synthesis against Deep Logical Vulnerabilities in DeFi Protocols. 1001-1015 - Feng Luo
, Huangkun Lin
, Zihao Li
, Xiapu Luo
, Ruijie Luo
, Zheyuan He
, Shuwei Song
, Ting Chen
, Wenxuan Luo
:
Towards Automatic Discovery of Denial of Service Weaknesses in Blockchain Resource Models. 1016-1030 - Dimitris Karakostas
, Aggelos Kiayias
, Thomas Zacharias
:
Blockchain Bribing Attacks and the Efficacy of Counterincentives. 1031-1045
Session 3-1: Formal Methods and Programming Languages I
- Cas Cremers
, Alexander Dax
, Niklas Medinger
:
Keeping Up with the KEMs: Stronger Security Notions for KEMs and Automated Analysis of KEM-based Protocols. 1046-1060 - Jérémy Thibault, Roberto Blanco
, Dongjae Lee
, Sven Argo
, Arthur Azevedo de Amorim
, Aïna Linn Georges, Catalin Hritcu
, Andrew Tolmach
:
SECOMP: Formally Secure Compilation of Compartmentalized C Programs. 1061-1075 - Gilles Barthe
, Marcel Böhme, Sunjay Cauligi
, Chitchanok Chuengsatiansup
, Daniel Genkin
, Marco Guarnieri
, David Mateos Romero
, Peter Schwabe
, David Wu
, Yuval Yarom
:
Testing Side-channel Security of Cryptographic Implementations against Future Microarchitectures. 1076-1090 - Davide Davoli
, Martin Avanzini
, Tamara Rezk
:
On Kernel's Safety in the Spectre Era (And KASLR is Formally Dead). 1091-1105 - Mário S. Alvim, Natasha Fernandes
, Annabelle McIver
, Gabriel H. Nunes
:
The Privacy-Utility Trade-off in the Topics API. 1106-1120 - Stella Lau
, Thomas Bourgeat
, Clément Pit-Claudel, Adam Chlipala
:
Specification and Verification of Strong Timing Isolation of Hardware Enclaves. 1121-1135
Session 3-2: ML and Security: Large Language Models
- Zhixuan Chu
, Yan Wang
, Longfei Li
, Zhibo Wang
, Zhan Qin
, Kui Ren
:
A Causal Explainable Guardrails for Large Language Models. 1136-1150 - Jialin Wu
, Jiangyi Deng
, Shengyuan Pang
, Yanjiao Chen
, Jiayang Xu
, Xinfeng Li
, Wenyuan Xu
:
Legilimens: Practical and Unified Content Moderation for Large Language Model Services. 1151-1165 - Zhongjie Ba
, Jieming Zhong
, Jiachen Lei
, Peng Cheng
, Qinglong Wang
, Zhan Qin
, Zhibo Wang
, Kui Ren
:
SurrogatePrompt: Bypassing the Safety Filter of Text-to-Image Models via Substitution. 1166-1180 - Peiran Wang
, Qiyu Li
, Longxuan Yu
, Ziyao Wang
, Ang Li
, Haojian Jin
:
Moderator: Moderating Text-to-Image Diffusion Models through Fine-grained Context-based Policies. 1181-1195 - Kunsheng Tang
, Wenbo Zhou
, Jie Zhang
, Aishan Liu
, Gelei Deng
, Shuai Li
, Peigui Qi
, Weiming Zhang
, Tianwei Zhang
, Nenghai Yu
:
GenderCARE: A Comprehensive Framework for Assessing and Reducing Gender Bias in Large Language Models. 1196-1210 - Wenxin Ding
, Cathy Y. Li
, Shawn Shan
, Ben Y. Zhao
, Hai-Tao Zheng
:
Understanding Implosion in Text-to-Image Generative Models. 1211-1225
Session 3-3: ML and Security: Inference Attacks
- Yu He
, Boheng Li
, Yao Wang
, Mengda Yang
, Juan Wang
, Hongxin Hu
, Xingyu Zhao
:
Is Difficulty Calibration All We Need? Towards More Practical Membership Inference Attacks. 1226-1240 - Jie Zhu
, Jirong Zha
, Ding Li
, Leye Wang
:
A Unified Membership Inference Method for Visual Self-supervised Encoder via Part-aware Capability. 1241-1255 - Qiankun Zhang
, Di Yuan
, Boyu Zhang
, Bin Yuan
, Bingqian Du
:
Membership Inference Attacks against Vision Transformers: Mosaic MixUp Training to the Defense. 1256-1270 - Michael Aerni
, Jie Zhang
, Florian Tramèr
:
Evaluations of Machine Learning Privacy Defenses are Misleading. 1271-1284 - Xiaoyi Chen
, Siyuan Tang
, Rui Zhu
, Shijun Yan
, Lei Jin
, Zihao Wang
, Liya Su
, Zhikun Zhang
, Xiaofeng Wang
, Haixu Tang
:
The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks. 1285-1299 - Zonghao Huang
, Neil Zhenqiang Gong
, Michael K. Reiter
:
A General Framework for Data-Use Auditing of ML Models. 1300-1314
Session 3-4: Software Security: Memory Safety and Error Detection
- Shuangpeng Bai
, Zhechang Zhang
, Hong Hu
:
CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel. 1315-1329 - Kaiming Huang
, Mathias Payer
, Zhiyun Qian
, Jack Sampson
, Gang Tan
, Trent Jaeger
:
Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects. 1330-1344 - Marius Momeu
, Simon Schnückel, Kai Angnis
, Michalis Polychronakis
, Vasileios P. Kemerlis
:
Safeslab: Mitigating Use-After-Free Vulnerabilities via Memory Protection Keys. 1345-1359 - Lorenzo Binosi
, Gregorio Barzasi
, Michele Carminati
, Stefano Zanero
, Mario Polino
:
The Illusion of Randomness: An Empirical Analysis of Address Space Layout Randomization Implementations. 1360-1374 - Ruizhe Wang
, Meng Xu
, N. Asokan
:
SeMalloc: Semantics-Informed Memory Allocator. 1375-1389 - Enriquillo Valdez
, Salman Ahmed
, Zhongshu Gu
, Christophe de Dinechin
, Pau-Chen Cheng
, Hani Jamjoom
:
Crossing Shifted Moats: Replacing Old Bridges with New Tunnels to Confidential Containers. 1390-1404
Session 3-5: Applied Crypto: Private Information Retrieval & Private Set operations
- Ming Luo
, Feng-Hao Liu
, Han Wang
:
Faster FHE-Based Single-Server Private Information Retrieval. 1405-1419 - Ling Ren
, Muhammad Haris Mughees
, I Sun
:
Simple and Practical Amortized Sublinear Private Information Retrieval using Dummy Subsets. 1420-1433 - Cong Zhang
, Yu Chen
, Weiran Liu
, Liqiang Peng
, Meng Hao
, Anyu Wang
, Xiaoyun Wang
:
Unbalanced Private Set Union with Reduced Computation and Communication. 1434-1447 - Ben Fisch
, Arthur Lazzaretti
, Zeyu Liu
, Charalampos Papamanthou
:
ThorPIR: Single Server PIR via Homomorphic Thorp Shuffles. 1448-1462 - Alexander Burton
, Samir Jordan Menon
, David J. Wu
:
Respire: High-Rate PIR for Databases with Small Records. 1463-1477 - Yunqing Sun
, Jonathan Katz
, Mariana Raykova
, Phillipp Schoppmann
, Xiao Wang
:
Actively Secure Private Set Intersection in the Client-Server Setting. 1478-1492
Session 3-6: Applied Crypto: Signatures, Proofs, Integrity Schemes
- Nikhil Vanjani
, Pratik Soni
, Sri Aravinda Krishnan Thyagarajan
:
Functional Adaptor Signatures: Beyond All-or-Nothing Blockchain-based Payments. 1493-1507 - Ioanna Karantaidou
, Omar Renawi
, Foteini Baldimtsi
, Nikolaos Kamarinakis
, Jonathan Katz
, Julian Loss
:
Blind Multisignatures for Anonymous Tokens with Decentralized Issuance. 1508-1522 - Sven Argo
, Tim Güneysu, Corentin Jeudy
, Georg Land
, Adeline Roux-Langlois
, Olivier Sanders
:
Practical Post-Quantum Signatures for Privacy. 1523-1537 - Charalampos Papamanthou
, Shravan Srinivasan
, Nicolas Gailly
, Ismael Hishon-Rezaizadeh
, Andrus Salumets
, Stjepan Golemac
:
Reckle Trees: Updatable Merkle Batch Proofs with Applications. 1538-1551 - Sara Wrótniak, Hemi Leibowitz
, Ewa Syta
, Amir Herzberg
:
Provable Security for PKI Schemes. 1552-1566 - Brian Koziel
, S. Dov Gordon
, Craig Gentry
:
Fast Two-party Threshold ECDSA with Proactive Security. 1567-1580