/dailyPaper

每日论文推荐

Primary LanguageHTML

G.O.S.S.I.P 学术论文推荐 2021

https://github.com/GoSSIP-SJTU/dailyPaper/

  • 2021-01-04: HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs @ CCS 2019
  • 2021-01-05: Examining Mirai's Battle over the Internet of Things @ CCS 2020
  • 2021-01-06: CogniCryptGEN: generating code for the secure usage of crypto APIs @ CGO 2020
  • 2021-01-07: "It's the Company, the Government, You and I": User Perceptions of Responsibility for Smart Home Privacy and Security @ USENIX Security 2021
  • 2021-01-08: Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code @ USENIX Security 2021
  • 2021-01-12: Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning @ NDSS 2021
  • 2021-01-13: Zipper Stack: Shadow Stacks Without Shadow @ ESORICS 2020
  • 2021-01-14: AndroEvolve: Automated Update for Android Deprecated-API Usages
  • 2021-01-15: TEEREX: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves @ USENIX Security 2020
  • 2021-01-18: Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints @ USENIX Security 2020
  • 2021-01-19: Peek-a-Boo: I see your smart home activities, even encrypted! @ Wisec 2020
  • 2021-01-20: To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media @ NDSS 2021
  • 2021-01-21: RusTEE: Developing Memory-Safe ARM TrustZone Applications @ ACSAC 2020
  • 2021-01-22: Reining in the Web’s Inconsistencies with Site Policy @ NDSS 2021
  • 2021-01-25: Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries @ CCS 2020
  • 2021-01-26: IOTSAFE: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery @ NDSS 2021
  • 2021-01-27: The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures @ CCS 2020
  • 2021-01-28: The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts
  • 2021-01-29: Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct TestCases @ NDSS 2021
  • 2021-02-01: RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization @ IEEE S&P 2020
  • 2021-02-02: DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices @ IEEE S&P 2021
  • 2021-02-03: Tales of FAVICONS and Caches: Persistent Tracking in Modern Browsers @ NDSS 2021
  • 2021-02-04: Preventing and Detecting State Inference Attacks on Android @ NDSS 2021
  • 2021-02-05: Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI @ NDSS 2021
  • 2021-02-18: OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary @ IEEE S&P 2021
  • 2021-02-19: The Tangled Genealogy of IoT Malware @ ACSAC 2020
  • 2021-02-22: POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming @ NDSS 2021
  • 2021-02-23 ~ 2021-02-25: NDSS 2021 参会小记
  • 2021-02-26: Who’s Debugging the Debuggers? Exposing Debug Information Bugs in Optimized Binaries @ ASPLOS 2021
  • 2021-03-01: SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web @ NDSS 2021
  • 2021-03-02: What’s in an Exploit? An Empirical Analysis of Reflected Server XSS Exploitation Techniques @ RAID 2020
  • 2021-03-03: Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual Machine @ ACSAC 2020
  • 2021-03-04: Mitigating Data Leakage by Protecting Memory-resident Sensitive Data @ ACSAC 2019
  • 2021-03-05: Demystifying Diehard Android Apps @ ASE 2020
  • 2021-03-08: Security Study of Service Worker Cross-Site Scripting @ ACSAC 2020
  • 2021-03-09: Assessing the Impact of Script Gadgets on CSP at Scale @ ASIA CCS 2020
  • 2021-03-10: ATVHUNTER: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Applications @ ICSE 2021
  • 2021-03-11: Too Quiet in the Library: An Empirical Study of Security Updates in Android Apps’ Native Code @ ICSE 2021
  • 2021-03-12: You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFi @ USENIX Security 2020
  • 2021-03-15: A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web @ USENIX Security 2020
  • 2021-03-16: SpecuSym: Speculative Symbolic Execution for Cache Timing Leak Detection @ ICSE 2020
  • 2021-03-17: Automated Third-Party Library Detection for Android Applications: Are We There Yet? @ ICSE 2021
  • 2021-03-18: Undo Workarounds for Kernel Bugs @ USENIX Security 2021
  • 2021-03-19: Defense Mechanisms Against DDoS Attacks in a Cloud Computing Environment: State-of-the-Art and Research Challenges @ IEEE Communications Surveys & Tutorials 2019
  • 2021-03-22: KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel @ NDSS 2021
  • 2021-03-23: An Investigation of the Android Kernel Patch Ecosystem @ USENIX Security 2021
  • 2021-03-24: NETPLIER: Probabilistic Network Protocol Reverse Engineering from Message Traces @ NDSS 2021
  • 2021-03-25: Cali: Compiler-Assisted Library Isolation @ AsiaCCS 2021
  • 2021-03-29: SinkFinder: Harvesting Hundreds of Unknown Interesting Function Pairs with Just One Seed @ FSE 2020
  • 2021-03-30: Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps @ USENIX Security 2019
  • 2021-03-31: On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices @ NDSS 2021
  • 2021-04-01: Careful Who You Trust: Studying the Pitfalls of Cross-Origin Communication @ AsiaCCS 2021
  • 2021-04-02: Unleashing the Hidden Power of Compiler Optimization on Binary Code Difference: An Empirical Study @ PLDI 2021
  • 2021-04-06: JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals @ USENIX Security 2021
  • 2021-04-07: What’s in a Name? Exploring CA Certificate Control @ USENIX Security 2021
  • 2021-04-08: TxSpector: Uncovering Attacks in Ethereum from Transactions @ USENIX Security 2020
  • 2021-04-09: Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing @ USENIX Security 2021
  • 2021-04-12: On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution @ WWW 2021
  • 2021-04-13: EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts @ USENIX Security 2021
  • 2021-04-14: You Are Who You Appear to Be @ CCS 2019
  • 2021-04-15: FIRestarter: Practical Software Crash Recovery with Targeted Library-level Fault Injection @ DSN 2021
  • 2021-04-16: Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation @ DSN 2021
  • 2021-04-19: TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet @ WWW 2021
  • 2021-04-20: SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems @ IEEE S&P 2021
  • 2021-04-21: Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi @ USENIX Security 2021
  • 2021-04-22: RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks @ USENIX Security 2020
  • 2021-04-23: Obfuscation-Resilient Executable Payload Extraction From Packed Malware @ USENIX Security 2021
  • 2021-04-26: Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems @ USENIX Security 2021
  • 2021-04-27: Home, SafeHome: Smart Home Reliability with Visibility and Atomicity @ EuroSys 2021
  • 2021-04-28: IMGDroid: Detecting Image Loading Defects in Android Applications @ ICSE 2021
  • 2021-04-29: Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer @ USENIX Security 2020
  • 2021-04-30: Understanding and Detecting Disordered Error Handling with Precise Function Pairing @ USENIX Security 2021
  • 2021-05-06: Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases @ arXiv
  • 2021-05-07: Experiences Deploying Multi-Vantage-Point Domain Validation at Let’s Encrypt @ USENIX Security 2020
  • 2021-05-08: ConDySTA: Context-Aware Dynamic Supplement toStatic Taint Analysis @ IEEE S&P 2021
  • 2021-05-10: Understanding Android VoIP Security: A System-Level Vulnerability Assessment @ DIMVA 2020
  • 2021-05-11: ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems @ USENIX Security 2021
  • 2021-05-12: Assessing Browser-level Defense against IDN-based Phishing @ USENIX Security 2021
  • 2021-05-13: Unikraft: Fast, Specialized Unikernels the Easy Way @ EuroSys 2021
  • 2021-05-14: REVEALER: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities @ IEEE S&P 2021
  • 2021-05-17: Abusing Hidden Properties to Attack the Node.js Ecosystem @ USENIX Security 2021
  • 2021-05-18: Detecting and Understanding JavaScript Global Identifier Conflicts on the Web @ FSE 2020
  • 2021-05-19: HyDiff: Hybrid Differential Software Analysis @ ICSE 2020
  • 2021-05-20: CubicleOS: A Library OS with Software Componentisation for Practical Isolation @ ASPLOS 2021
  • 2021-05-21: Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks @ IEEE S&P 2021
  • 2021-05-24 ~ 2021-05-27: IEEE S&P 2021 参会小记
  • 2021-05-28: DPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUIC @ ACSAC 2020
  • 2021-05-31: Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited @ USENIX Security 2021
  • 2021-06-01: PyCG: Practical Call Graph Generation in Python @ ICSE 2021
  • 2021-06-02: One Engine to Fuzz ’em All: Generic Language Processor Testing with Semantic Validation @ IEEE S&P 2021
  • 2021-06-03: Scalable Memory Protection in the PENGLAI Enclave @ OSDI 2021
  • 2021-06-04: Towards a Lightweight, Hybrid Approach for Detecting DOM XSS Vulnerabilities with Machine Learning @ WWW 2021
  • 2021-06-07: Linking Bluetooth LE & Classic and Implications for Privacy-Preserving Bluetooth-Based Protocols @ IEEE S&P 2021
  • 2021-06-08: Slimium: Debloating the Chromium Browser with Feature Subsetting @ CCS 2020
  • 2021-06-09: Looking Back! Using Early Versions of Android Apps as Attack Vectors @ TDSC 2021
  • 2021-06-10: Parema: An Unpacking Framework for Demystifying VM-Based Android Packers @ ISSTA 2021
  • 2021-06-11: JShrink: In-Depth Investigation into Debloating Modern Java Applications @ FSE 2020
  • 2021-06-15: Security Analysis of Mobile Device-to-Device Network Applications @ IEEE Internet of Things Journal 2018
  • 2021-06-16: If It’s Not Secure, It Should Not Compile: Preventing DOM-Based XSS in Large-Scale Web Development with API Hardening @ ICSE 2021
  • 2021-06-17: Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2 @ Eurocrypt 2021
  • 2021-06-18: Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings @ IEEE S&P 2021