| 07:30-08:30 | |
| 08:30-09:00 | | (Amphitheater 204) ACSAC Conference Welcome: Guofei Gu, Conference Chair SLIDES
PC Chair Opening Remarks and Distinguished Paper Awards: Roberto Perdisci and Martina Lindorfer, Program Co-Chairs; and AE Chair Opening Remarks and Distinguished Paper with Artifacts Awards: Adwait Nadkarni and Xiaojing Liao, AE Co-Chairs SLIDES
SWSIS Scholarship Program, Gabriela Ciocarlie, ACSA Senior Fellow SLIDES |
|
| 09:00-10:00 | |
| 10:00-10:30 | |
| 10:30-12:00 | | Amphitheater 204 | Classroom 202 | Classroom 203 | | Session Chair: Daniel Faigin, The Aerospace Corporation Panelists:
Michael Clifford, Toyota InfoTech Labs
Paula DeWitte, Texas A&M University
Elizabeth Scruggs, The Aerospace Corportation
Nicole Carlson, John Muir Health |
Session Chair: Giorgio Giacinto, University of Cagliari, ItalyPhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain NamesTakashi Koide, NTT Security (Japan) KK; Naoki Fukushi, NTT Security (Japan) KK; Hiroki Nakano, NTT Security (Japan) KK; Daiki Chiba, NTT Security (Japan) KKFrom Attachments to SEO: Click Here to Learn More about Clickbait PDFs!Giada Stivala, CISPA Helmholtz Center for Information Security; Sahar Abdelnabi, CISPA Helmholtz Center for Information Security; Andrea Mengascini, CISPA Helmholtz Center for Information Security; Mariano Graziano, Cisco Talos; Mario Fritz, CISPA Helmholtz Center for Information Security; Giancarlo Pellegrino, CISPA Helmholtz Center for Information SecurityScamdog Millionaire: Detecting E-commerce Scams in the WildPlaton Kotzias, Norton Research Group; Kevin Roundy, Norton Research Group; Michalis Pachilakis, Norton Research Group; Iskander Sanchez-Rola, Norton Research Group; Leyla Bilge, Norton Research GroupWhen Push Comes to Shove: Empirical Analysis of Web Push Implementations in the WildAlberto Carboneri, University of Illinois Chicago; Mohammad Ghasemisharif, University of Illinois Chicago; Soroush Karami, Paypal, Inc.; Jason Polakis, University of Illinois Chicago |
Session Chair: Kevin Borgolte, Ruhr University Bochum Triereme: Speeding up hybrid fuzzing through efficient query schedulingElia Geretto, Vrije Universiteit Amsterdam; Julius Hohnerlein, Vrije Universiteit Amsterdam; Cristiano Giuffrida, Vrije Universiteit Amsterdam; Herbert Bos, Vrije Universiteit Amsterdam; Erik van der Kouwe, Vrije Universiteit Amsterdam; Klaus v. Gleissenthall, Vrije Universiteit AmsterdamOn the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPIPiergiorgio Ladisa, SAP Security Research, Université de Rennes 1, INRIA/IRISA; Serena Elisa Ponta, SAP Security Research; Nicola Ronzoni, SAP Security Research; Matias Martinez, Universitat Politècnica de Catalunya-BarcelonaTech; Olivier Barais, Univ. Rennes, Inria, CNRS, IRISAArtemis: Defanging Software Supply Chain Attacks in Multi-repository Update SystemsMarina Moore, New York University; Trishank Kuppusamy, Datadog; Justin Cappos, New York UniversityANDetect: A Third-party Ad Network Libraries Detection Framework for Android ApplicationsXinyu Liu, Institute of Information Engineering, CAS; Ze Jin, Institute of Information Engineering, CAS; Jiaxi Liu, Institute of Information Engineering, CAS; Wei Liu, Institute of Information Engineering, CAS; Xiaoxi Wang, Institute of Information Engineering, CAS; Qixu Liu, Institute of Information Engineering, CAS |
|
| 12:00-13:30 | |
| 13:30-15:00 | | Amphitheater 204 | Classroom 202 | Classroom 203 | | Session Chair: Dennis Moreau, IntelTemplate Engines: A Methodology for Assessing Server-Side Code Execution VulnerabilitiesLorenzo Pisu, University of Cagliari; Giorgio Giacinto, University of CagliariGenerative AI: A Security Case Study for Regulated Financial Service OrganizationsDennis Moreau, Intel |
Session Chair: Adwait Nadkarni, William & MaryDelegation of TLS Authentication to CDNs using Revocable Delegated CredentialsDaegeun Yoon, ETRI, KAIST; Taejoong Chung, Virginia Tech; Yongdae Kim, KAISTDomain and Website Attribution beyond WHOISSilvia Sebastián, IMDEA Software Institute; Raluca-Georgia Diugan, IMDEA Software Institute; Juan Caballero, IMDEA Software Institute; Iskander Sanchez-Rola, Norton Research Group; Leyla Bilge, Norton Research GroupFS3: Few-Shot and Self-Supervised Framework for Efficient Intrusion Detection in Internet of Things NetworksAyesha S. Dina, Florida Polytechnic University; A. B. Siddique, University of Kentucky; D. Manivannan, University of KentuckyAn Empirical Analysis of Enterprise-Wide Mandatory Password UpdatesAriana Mirian, University of California, San Diego; Grant Ho, University of California, San Diego; Stefan Savage, University of California, San Diego; Geoffrey M. Voelker, University of California, San Diego |
Session Chair: Omar Alrawi, Georgia TechSealClub: Computer-aided Paper Document AuthenticationMartín Ochoa, Zurich University of Applied Sciences; Hernán Vanegas, Universidad Nacional de Colombia; Jorge Toro-Pozo, SIX Digital Exchange; David Basin, ETH ZürichLightweight Privacy-Preserving Proximity Discovery for Remotely-Controlled DronesPietro Tedeschi, Technology Innovation Institute (TII); Savio Sciancalepore, Technische Universiteit Eindhoven (TU/e); Roberto Di Pietro, King Abdullah University of Science and Technology - CEMSE - RC3Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against ThreatsPhilipp Pütz, Technical University of Darmstadt; Richard Mitev, Technical University of Darmstadt; Markus Miettinen, Technical University of Darmstadt; Ahmad-Reza Sadeghi, Technical University of DarmstadtA Tagging Solution to Discover IoT Devices in ApartmentsBerkay Kaplan, University of Illinois at Urbana Champaign; Jingyu Qian, University of Illinois at Urbana Champaign; Israel J Lopez-Toledo, University of Illinois at Urbana Champaign; Carl Gunter, University of Illinois at Urbana Champaign |
|
| 15:00-15:30 | |
| 15:30-17:00 | | Amphitheater 204 | Classroom 202 | Classroom 203 | | Session Chair: Daniel Faigin, The Aerospace Corporation Panelists:
Martin Stanley, Cybersecurity and Infrastructure Security Agency
Bill Newhouse, National Institute of Standards and Technology
Cliff Wang, National Science Foundation
Chester Maciag, Department of Defense, OUSD(R&E) |
Session Chair: Chia-Che Tsai, Texas A&M UniversityHades: Practical Decentralized Identity with Full Accountability and Fine-grained Sybil-resistanceKe Wang, Peking University; Jianbo Gao, Peking University; Qiao Wang, Peking University; Jiashuo Zhang, Peking University; Yue Li, Peking University; Zhi Guan, Peking University; Zhong Chen, Peking UniversityLog2Policy: An Approach to Generate Fine-Grained Access Control Rules for Microservices from ScratchShaowen Xu, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Qihang Zhou, Institute of Information Engineering, Chinese Academy of Sciences; Heqing Huang, Institute of Information Engineering, Chinese Academy of Sciences; Xiaoqi Jia, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Haichao Du, Institute of Information Engineering, Chinese Academy of Sciences; Yang Chen, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Yamin Xie, Institute of Information Engineering, Chinese Academy of SciencesThe Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics PlatformsFahad Shaon, Data Security Technologies; Sazzadur Rahaman, The University of Arizona; Murat Kantarcioglu, Data Security TechnologiesOAuth 2.0 Redirect URI Validation Falls ShortTommaso Innocenti, Northeastern University; Matteo Golinelli, University of Trento; Kaan Onarlioglu, Akamai Technologies; Ali Mirheidari, Independent Researcher; Bruno Crispo, University of Trento; Engin Kirda, Northeastern University |
Session Chair: Savio Sciancalepore, Technische Universiteit EindhovenSecure and Lightweight Over-the-Air Software Update Distribution for Connected VehiclesChristian Plappert, Fraunhofer SIT | ATHENE; Andreas FuchsSecure and Lightweight ECU Attestations for Resilient Over-the-Air Updates in Connected VehiclesChristian Plappert, Fraunhofer SIT | ATHENE; Andreas FuchsDetection of Anomalies in Electric Vehicle Charging SessionsDustin Kern, Darmstadt University of Applied Sciences; Christoph Krauß, Darmstadt University of Applied Sciences; Matthias Hollick, Technical University of DarmstadtSePanner: Analyzing Semantics of Controller Variables in Industrial Control Systems based on Network TrafficJie Meng, College of Control Science and Engineering, Zhejiang University; Zeyu Yang, College of Control Science and Engineering, Zhejiang University; Zhenyong Zhang, the State Key Laboratory of Public Big Data and the College of Computer Science and Technology, Guizhou University, Guiyang 550025, China; Yangyang Geng, Information Engineering University; Ruilong Deng, College of Control Science and Engineering, Zhejiang University; Peng Cheng, College of Control Science and Engineering, Zhejiang University; Jiming Chen, College of Control Science and Engineering, Zhejiang University; Jianying Zhou, Singapore University of Technology and Design |
|
| 18:00-21:00 | | (Tejas) |
|
| 07:30-08:30 | |
| 08:30-09:00 | | (Amphitheater 204)Session Chair: William Robertson, Northeastern University SLIDES, VIDEO |
|
| 09:00-10:00 | | (Amphitheater 204)Session Chair: Guofei Gu & Roberto Perdisci SLIDES |
|
| 10:00-10:30 | |
| 10:30-12:00 | | Amphitheater 204 | Classroom 202 | Classroom 203 | | Session Chair: Tomas Vagoun, NCO and NITRD Panelists:
Cliff Wang, National Science Foundation
Matt Scholl, National Institute of Standards and Technology
Glenn Lilly, NSA
|
Session Chair: Hongxin Hu, University at BuffaloFraudLens: Graph Structural Learning for Bitcoin Illicit Activity IdentificationJack Nicholls, University College Dublin; Aditya Kuppa, University College Dublin; Nhien-An Le-Khac, University College DublinPoisoning Network Flow ClassifiersGiorgio Severi, Northeastern University; Simona Boboila, Northeastern University; Alina Oprea, Northeastern University; John Holodnak, MIT Lincoln Laboratory; Kendra Kratkiewicz, MIT Lincoln Laboratory; Jason Matterer, STRTGC: Transaction Graph Contrast Network for Ethereum Phishing Scam DetectionSijia Li, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Gaopeng Gou, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Chang Liu, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Gang Xiong, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Zhen Li, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Junchao Xiao, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Xinyu Xing, Northwestern University |
Session Chair: Chung Hwan Kim, University of Texas at DallasContinuous Authentication Using Human-Induced Electric PotentialSrinivasan Murali, The University of Texas at Arlington; Wenqiang Jin, Hunan University; Vighnesh Sivaraman, The University of Texas at Arlington; Huadi Zhu, The University of Texas at Arlington; Tianxi Ji, Texas Tech University; Pan Li, Case Western Reserve University; Ming Li, The University of Texas at ArlingtonCross Body Signal Pairing (CBSP): A Key Generation Protocol for Pairing Wearable Devices with Different ModalitiesJafar Pourbemany, Cleveland State University; Ye Zhu, Cleveland State UniversityThe Day-After-Tomorrow: On the Performance of Radio Fingerprinting over Time SaeifAlhazbi, Hamad Bin Khalifa University; Savio Sciancalepore, Technische Universiteit Eindhoven (TU/e); Gabriele Oligeri, Hamad Bin Khalifa UniversityEnhanced In-air Signature Verification via Hand Skeleton Tracking to Defeat Robot-level ReplaysZeyu Deng, Louisiana State University; Long Huang, Louisiana State University; Chen Wang, Louisiana State University |
|
| 12:00-13:30 | |
| 13:00-13:30 | |
| 13:30-15:00 | | Amphitheater 204 | Classroom 202 | Classroom 203 | | Session Chair: Kevin Roundy, Andromeda SecurityWorking Towards Least Privilege in the CloudKevin Roundy, Andromeda SecurityBeyond the XBOM: A Holistic Approach to Cyber Supply Chain RiskMunish Walther-Puri, Exiger |
Session Chair: Guofei Gu, Texas A&M UniversitySecure Softmax/Sigmoid for Machine-learning ComputationYu Zheng, The Chinese University of Hong Kong; Qizhi Zhang, Ant Group; Sijun Tan, UC Berkeley; Yuxiang Peng, Northeastern University; Lichun Li, Ant Group; Sherman S.M. Chow, The Chinese University of Hong Kong; Shan Yin, Ant GroupLink Membership Inference Attacks against Unsupervised Graph Representation LearningXiuling Wang, Stevens Institute of Technology; Wendy Hui Wang, Stevens Institute of TechnologyFLARE: Fingerprinting Deep Reinforcement Learning Agents using Universal Adversarial MasksBuse Gul Atli Tekgul, Nokia Bell Labs & Aalto University; N. Asokan, University of Waterloo & Aalto University |
Session Chair: Marcus Botacin, Texas A&M UniversityPrioritizing Remediation of Enterprise Hosts by Malware Execution RiskAndrew Chi, Cisco Systems; Blake Anderson, Cisco Systems; Michael K. Reiter, Duke UniversityGlobal Analysis with Aggregation-based Beaconing Detection across Large Campus NetworksYizhe Zhang, University of Virginia; Hongying Dong, University of Virginia; Alastair Nottingham, University of Virginia; Molly Buchanan, University of Virginia; Donald E. Brown, University of Virginia; Yixin Sun, University of VirginiaPSP-Mal: Evading Malware Detection via Prioritized Experience-based Reinforcement Learning with Shapley PriorDazhi Zhan, Army Engineering University of PLA; Wei Bai, Army Engineering University of PLA; Xin Liu, Army Engineering University of PLA; Yue Hu, National University of Defense Technology; Lei Zhang, Academy of Military Sciences; Shize Guo, Army Engineering University of PLA; Zhisong Pan, Army Engineering University of PLABinary Sight-Seeing: Accelerating Reverse Engineering via Point-of-Interest-BeaconsAugust See, Universität Hamburg; Maximilian Gehring, TU Darmstadt; Mathias Fischer, Universität Hamburg; Shankar Karuppayah, National Advanced IPv6 Centre, Universiti Sains Malaysia |
|
| 15:00-15:30 | |
| 15:30-17:00 | | Amphitheater 204 | Classroom 202 | Classroom 203 | | Session Chair: Dr. Kimberly King, The Aerospace Corporation Panelists:
Harriet Farlow, Mileva Security Labs
Daniel Garrie Esq., Law & Forensics LLC
Dr. Jade Stewart, NIAP
Dr. Michael Clifford, Toyota InfoTech Labs |
Session Chair: Roberto Perdisci, University of Georgia and Georgia TechDeepContract: Controllable Authorization of Deep Learning ModelsXirong Zhuang, University of Science and Technology of China; Lan Zhang, University of Science and Technology of China; Chen Tang, University of Science and Technology of China; Huiqi Liu, University of Science and Technology of China; Bin Wang, Tencent YouTu Lab; Yan Zheng, Tencent YouTu Lab; Bo Ren, Tencent YouTu LabSecure MLaaS with Temper: Trusted and Efficient Model Partitioning and Enclave ReuseFabing Li, Xi'an Jiaotong University; Institute for Interdisciplinary Information Core Technology, Xi’an; Xiang Li, Tsinghua university; Mingyu Gao, Tsinghua university; Shanghai Artificial Intelligence Lab; Institute for Interdisciplinary Information Core Technology, Xi’anABFL: A Blockchain-enabled Robust Framework for Secure and Trustworthy Federated LearningBo Cui, Inner Mongolia University; Tianyu Mei, Inner Mongolia UniversityFLEDGE: Ledger-based Federated Learning Resilient to Inference and Backdoor AttacksJorge Castillo, The University of Texas Rio Grande Valley; Phillip Rieger, Technical University of Darmstadt; Hossein Fereidooni, KOBIL GmbH; Qian Chen, The University of Texas at San Antonio; Ahmad Sadeghi, Technical University of Darmstadt |
Session Chair: Yonghwi Kwon, University of VirginiaDOPE: DOmain Protection Enforcement with PKSLukas Maar, Graz University of Technology; Martin Schwarzl, Independent Researcher; Fabian Rauscher, Graz University of Technology; Daniel Gruss, Graz University of Technology; Stefan Mangard, Graz University of TechnologyRandCompile: Removing Forensic Gadgets from the Linux Kernel to Combat its AnalysisFabian Franzen, Technical University of Munich; Andreas Chris Wilhelmer, Technical University of Munich; Jens Grossklags, Technical University of MunichAttack of the Knights:Non Uniform Cache Side Channel AttackFarabi Mahmud, Texas A&M University; Sungkeun Kim, Texas A&M University; Harpreet Singh Chawla, Texas A&M University; EJ Kim, Texas A&M University; Chia-Che Tsai, Texas A&M University; Abdullah Muzahid, Texas A&M UniversityPAVUDI: Patch-based Vulnerability Discovery using Machine LearningTom Ganz, SAP SE; Erik Imgrund, SAP SE; Martin Härterich, SAP SE; Konrad Rieck, Technische Universität Berlin |
|
| 17:15-18:15 | | (Amphitheater 204)Session Chair: Daniel Faigin and David Balenson SLIDES |
|
| 18:30-20:00 | |
| 07:30-08:30 | |
| 08:30-10:00 | | Amphitheater 204 | Classroom 202 | Classroom 203 | | Session Chair: Kevin Butler, University of Florida Panelists:
Taslima Akter, University of California Irvine
Filipo Sharevski, DePaul University
Aziz Zeidieh, University of Illinois Urbana-Champaign
Karen Renaud, University of Strathclyde
|
Session Chair: Martina Lindorfer, TU WeinRemote Attestation with Constrained DisclosureMichael Eckel, Fraunhofer SIT | ATHENE; Dominik Roy George, Eindhoven University of Technology; Björn Grohmann, gematik GmbH; Christoph Krauß, Darmstadt University of Applied SciencesRemote Attestation of Confidential VMs Using Ephemeral vTPMsVikram Narayanan, University of Utah; Claudio Carvalho, IBM Research; Angelo Ruocco, IBM Research; Gheorghe Almasi, IBM Research; James Bottomley, IBM Research; Mengmei Ye, IBM Research; Tobin Feldman-Fitzthum, IBM Research; Daniele Buono, IBM Research; Hubertus Franke, IBM Research; Anton Burtsev, University of UtahNo Forking Way: Detecting Cloning Attacks on Intel SGX ApplicationsSamira Briongos, NEC Laboratories Europe; Ghassan Karame, Ruhr University Bochum (RUB); Claudio Soriente, NEC Laboratories Europe; Annika Wilde, Ruhr University Bochum (RUB)Detecting Weak Keys in Manufacturing Certificates: A Case StudyAndrew Chi, Cisco Systems; Brandon Enright, Cisco Systems; David McGrew, Cisco Systems |
Session Chair: Robert H'obbes' Zakon, Zakon GroupOn the Detection of Image-Scaling Attacks in Machine LearningErwin Quiring, ICSI, Ruhr University Bochum; Andreas Müller, Ruhr University Bochum; Konrad Rieck, TU BerlinA First Look at Toxicity Injection Attacks on Open-domain ChatbotsConnor Weeks, Virginia Tech; Aravind Cheruvu, Virginia Tech; Sifat Muhammad Abdullah, Virginia Tech; Shravya Kanchi, Virginia Tech; Daphne Yao, Virginia Tech; Bimal Viswanath, Virginia TechDeepTaster: Adversarial Perturbation-Based Fingerprinting to Identify Proprietary Dataset Use in Deep Neural NetworksSeonhye Park, Sungkyunkwan University; Alsharif Abuadbba, CSIRO's Data61, Australia; Shuo Wang, CSIRO's Data61, Australia; Kristen Moore, CSIRO's Data61, Australia; Yansong Gao, CSIRO's Data61, Australia; Hyoungshick Kim, Sungkyunkwan University, South Korea; Surya Nepal, CSIRO's Data61, Australia |
|
| 10:00-10:30 | |
| 10:30-11:30 | | Classroom 202 | Classroom 203 | | Session Chair: David Balenson, USC Information Sciences InstituteDifferentially Private Resource AllocationJoann Qiongna Chen, University of California, Irvine; Tianhao Wang, University of Virginia; Zhikun Zhang, CISPA Helmholtz Center for Information Security; Yang Zhang, CISPA Helmholtz Center for Information Security; Somesh Jha, University of Wisconsin; Zhou Li, University of California, IrvineMitigating Membership Inference Attacks by Weighted SmoothingMINGTIAN TAN, The University of Virginia; Xiaofei Xie, Singapore Management University; Jun Sun, Singapore Management University; Tianhao Wang, The University of VirginiaMostree: Malicious Secure Private Decision Tree Evaluation with Sublinear CommunicationJianli Bai, University of Auckland; Xiangfu Song, National University of Singapore; Xiaowu Zhang, CloudWalk Technology; Qifan Wang, University of Auckland; Shujie Cui, Monash University; Ee-Chien Chang, National University of Singapore; Giovanni Russello, University of Auckland |
Session Chair: Xiaojing Liao, Indiana University BloomingtonCan Large Language Models Provide Security & Privacy Advice? Measuring the Ability of LLMs to Refute MisconceptionsYufan Chen, Purdue University; Arjun Arunasalam, Purdue University; Z. Berkay Celik, Purdue UniversityDefWeb: Defending User Privacy against Cache-based Website Fingerprinting Attacks with Intelligent Noise InjectionSeonghun Son, Iowa State University; Debopriya Roy Dipta, Iowa State University; Berk Gulmezoglu, Iowa State UniversityProtecting Your Voice from Speech Synthesis AttacksZihao Liu, Iowa State University; Yan Zhang, Iowa State University; Chenglin Miao, Iowa State University |
|
| 11:35-12:00 | | (Amphitheater 204)Session Chair: Robert H'obbes' Zakon, Zakon Group Don't leave early -- attend our closing plenary to learn about next year's conference and participate in our prize giveaway! |
|
| 12:30-17:00 | |