30th Annual Network and Distributed System Security Symposium, NDSS 2023, San Diego, California, USA, February 27 - March 3, 2023.
第30届年度网络与分布式系统安全研讨会,NDSS 2023,美国加利福尼亚州圣地亚哥,2023年2月27日至3月3日。
1. REaaS: Enabling Adversarially Robust Downstream Classifiers via Robust Encoder as a Service.
REaaS:通过鲁棒编码器作为服务实现对抗性鲁棒下游分类器的启用。
2. Brokenwire: Wireless Disruption of CCS Electric Vehicle Charging.
Brokenwire:对电动汽车充电的无线干扰。
3. BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense.
BEAGLE:深度学习后门攻击取证,以实现更好的防御。
4. StealthyIMU: Stealing Permission-protected Private Information From Smartphone Voice Assistant Using Zero-Permission Sensors.
StealthyIMU:使用零权限传感器从智能手机语音助手中窃取受权限保护的私人信息。
5. Attacks as Defenses: Designing Robust Audio CAPTCHAs Using Attacks on Automatic Speech Recognition Systems.
攻击作为防御:利用对自动语音识别系统的攻击设计鲁棒音频验证码。
6. Navigating Murky Waters: Automated Browser Feature Testing for Uncovering Tracking Vectors.
探索未知领域:自动化浏览器功能测试以揭示跟踪向量。
7. Breaking and Fixing Virtual Channels: Domino Attack and Donner.
破解和修复虚拟通道:多米诺攻击和唐纳。
8. OptRand: Optimistically Responsive Reconfigurable Distributed Randomness.
OptRand:乐观响应式可重构分布式随机性。
9. How to Count Bots in Longitudinal Datasets of IP Addresses.
如何在IP地址的纵向数据集中计算机器人。
10. Fine-Grained Trackability in Protocol Executions.
协议执行中的细粒度可追踪性。
11. No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions.
没有语法,没有问题:在没有系统调用描述的情况下对Linux内核进行模糊测试。
12. BinaryInferno: A Semantic-Driven Approach to Field Inference for Binary Message Formats.
BinaryInferno:一种面向语义的二进制消息格式字段推断方法。
13. RoVISQ: Reduction of Video Service Quality via Adversarial Attacks on Deep Learning-based Video Compression.
RoVISQ:通过对基于深度学习的视频压缩进行对抗性攻击来降低视频服务质量。
14. The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption.
竹子的力量:关于可搜索对称加密的后 compromise 安全性。
15. SynthDB: Synthesizing Database via Program Analysis for Security Testing of Web Applications.
SynthDB:通过程序分析合成数据库,用于Web应用的安全测试。
16. MetaWave: Attacking mmWave Sensing with Meta-material-enhanced Tags.
MetaWave:利用元材料增强标签攻击毫米波感知。
17. OBSan: An Out-Of-Bound Sanitizer to Harden DNN Executables.
OBSan:一种用于加固DNN可执行文件的越界消毒剂。
18. Securing Federated Sensitive Topic Classification against Poisoning Attacks.
防止毒化攻击的联邦敏感主题分类安全。
19. ProbFlow : Using Probabilistic Programming in Anonymous Communication Networks.
ProbFlow:在匿名通信网络中使用概率编程。
20. RR: A Fault Model for Efficient TEE Replication.
RR:用于高效TEE复制的故障模型。
21. Copy-on-Flip: Hardening ECC Memory Against Rowhammer Attacks.
Copy-on-Flip:加固ECC内存,抵御行锤攻击。
22. Fusion: Efficient and Secure Inference Resilient to Malicious Servers.
Fusion:对恶意服务器具有鲁棒性的高效安全推断。
23. RAI2: Responsible Identity Audit Governing the Artificial Intelligence.
RAI2:对人工智能进行负责任的身份审计管理。
24. ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning.
ReScan:用于逼真且鲁棒的黑盒Web应用扫描的中间件框架。
25. Let Me Unwind That For You: Exceptions to Backward-Edge Protection.
让我为你解释一下:反向边缘保护的例外情况。
26. Accountable Javascript Code Delivery.
负责任的JavaScript代码交付。
27. HeteroScore: Evaluating and Mitigating Cloud Security Threats Brought by Heterogeneity.
HeteroScore:评估和缓解由异构性带来的云安全威胁。
28. AuthentiSense: A Scalable Behavioral Biometrics Authentication Scheme using Few-Shot Learning for Mobile Platforms.
AuthentiSense:一种可扩展的行为生物特征认证方案,使用少拍学习用于移动平台。
29. Automata-Based Automated Detection of State Machine Bugs in Protocol Implementations.
基于自动机的协议实现中状态机漏洞的自动化检测。
30. REDsec: Running Encrypted Discretized Neural Networks in Seconds.
REDsec:在几秒钟内运行加密的离散神经网络。
31. POSE: Practical Off-chain Smart Contract Execution.
POSE:实用的链下智能合约执行。
32. Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis.
通过流交互图分析实时检测未知加密恶意流量。
33. Focusing on Pinocchio's Nose: A Gradients Scrutinizer to Thwart Split-Learning Hijacking Attacks Using Intrinsic Attributes.
焦点放在匹诺曹的鼻子上:一种梯度审查器,用于利用内在属性阻止分层学习劫持攻击。
34. QUICforge: Client-side Request Forgery in QUIC.
QUICforge:QUIC中的客户端请求伪造。
35. Private Certifier Intersection.
私人认证交集。
36. Sometimes, You Aren't What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems.
有时候,你不是你所做的事情:针对溯源图主机入侵检测系统的模仿攻击。
37. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities.
FUZZILLI:用于JavaScript JIT编译器漏洞的模糊测试。
38. MyTEE: Own the Trusted Execution Environment on Embedded Devices.
MyTEE:在嵌入式设备上拥有受信任的执行环境。
39. Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation.
在开放世界中的异常检测:检测、解释和适应正常性转移。
40. Partitioning Ethereum without Eclipsing It.
在不遮蔽的情况下对以太坊进行分区。
41. InfoMasker: Preventing Eavesdropping Using Phoneme-Based Noise.
InfoMasker:使用基于音素的噪音防止窃听。
42. Paralyzing Drones via EMI Signal Injection on Sensory Communication Channels.
通过对感觉通信通道进行EMI信号注入来使无人机瘫痪。
43. Extrapolating Formal Analysis to Uncover Attacks in Bluetooth Passkey Entry Pairing.
将形式分析推广到揭示蓝牙配对中的攻击。
44. DARWIN: Survival of the Fittest Fuzzing Mutators.
DARWIN:适者生存的模糊测试变异体。
45. Un-Rocking Drones: Foundations of Acoustic Injection Attacks and Recovery Thereof.
不翻滚的无人机:声学注入攻击及其恢复基础。
46. Privacy-Preserving Database Fingerprinting.
隐私保护数据库指纹识别。
47. A Security Study about Electron Applications and a Programming Methodology to Tame DOM Functionalities.
有关Electron应用程序的安全研究以及驯服DOM功能的编程方法论。
48. VICEROY: GDPR-/CCPA-compliant Enforcement of Verifiable Accountless Consumer Requests.
VICEROY:符合GDPR/CCPA的可验证的无账户消费者请求的执行。
49. Faster Secure Comparisons with Offline Phase for Efficient Private Set Intersection.
使用离线阶段加速安全比较,实现高效的私有集合交集。
50. A Robust Counting Sketch for Data Plane Intrusion Detection.
用于数据平面入侵检测的鲁棒计数草图。
51. Adversarial Robustness for Tabular Data through Cost and Utility Awareness.
通过成本和效用意识实现表格数据的对抗性鲁棒性。
52. Trellis: Robust and Scalable Metadata-private Anonymous Broadcast.
Trellis:鲁棒且可扩展的元数据私有匿名广播。
53. Efficient Dynamic Proof of Retrievability for Cold Storage.
用于冷存储的高效动态可检索性证明。
54. Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software.
评估分区软件中接口漏洞的影响。
55. Do Not Give a Dog Bread Every Time He Wags His Tail: Stealing Passwords through Content Queries (CONQUER) Attacks.
不要每次狗摇尾巴时都给它面包:通过内容查询(CONQUER)攻击窃取密码。
56. Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation.
幽灵域名重装:域名委派和撤销中的易受攻击的链接。
57. Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams.
双倍无:了解和检测加密货币赠送骗局。
58. Towards Automatic and Precise Heap Layout Manipulation for General-Purpose Programs.
通向通用程序的自动化和精确堆布局操作。
59. Backdoor Attacks Against Dataset Distillation.
针对数据集精馏的后门攻击。
60. VulHawk: Cross-architecture Vulnerability Detection with Entropy-based Binary Code Search.
VulHawk:基于熵的二进制代码搜索实现跨架构漏洞检测。
61. A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites.
对排名靠前的网站上两因素认证用户旅程的一致性进行系统研究。
62. LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols.
LOKI:用于实现区块链共识协议的状态感知模糊测试框架。
63. The "Beatrix" Resurrections: Robust Backdoor Detection via Gram Matrices.
“贝娄”复活:通过Gram矩阵实现鲁棒后门检测。
64. Cryptographic Oracle-based Conditional Payments.
基于密码学Oracle的有条件支付。
65. Parakeet: Practical Key Transparency for End-to-End Encrypted Messaging.
Parakeet:用于端到端加密消息的实用密钥透明性。
66. Post-GDPR Threat Hunting on Android Phones: Dissecting OS-level Safeguards of User-unresettable Identifiers.
在Android手机上进行GDPR后的威胁狩猎:解剖用户不可重置标识符的操作系统级保护。
67. Tactics, Threats & Targets: Modeling Disinformation and its Mitigation.
策略、威胁与目标:对信息错误进行建模及其缓解。
68. ChargePrint: A Framework for Internet-Scale Discovery and Security Analysis of EV Charging Management Systems.
ChargePrint:用于互联网规模的发现和安全分析的电动车充电管理系统框架。
69. Browser Permission Mechanisms Demystified.
浏览权限机制的解密。
70. Preventing SIM Box Fraud Using Device Model Fingerprinting.
使用设备模型指纹识别防止SIM盒欺诈。
71. An OS-agnostic Approach to Memory Forensics.
一种与操作系统无关的内存取证方法。
72. Evasion Attacks and Defenses on Smart Home Physical Event Verification.
智能家居物理事件验证中的回避攻击和防御。
73. Your Router is My Prober: Measuring IPv6 Networks via ICMP Rate Limiting Side Channels.
你的路由器是我的探测器:通过ICMP速率限制侧信道测量IPv6网络。
74. EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems.
EdgeTDC:CAN总线系统中到达时间差测量的安全性。
75. Drone Security and the Mysterious Case of DJI's DroneID.
无人机安全与大疆无人机ID的神秘案例。
76. Hope of Delivery: Extracting User Locations From Mobile Instant Messengers.
交付的希望:从移动即时通讯中提取用户位置。
77. Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning.
智能合约:利用深度迁移学习检测智能合约中的漏洞。
78. Folk Models of Misinformation on Social Media.
社交媒体上的误导性民间模型。
79. On the Anonymity of Peer-To-Peer Network Anonymity Schemes Used by Cryptocurrencies.
关于加密货币使用的点对点网络匿名方案的匿名性。
80. CHKPLUG: Checking GDPR Compliance of WordPress Plugins via Cross-language Code Property Graph.
CHKPLUG:通过跨语言代码属性图检查WordPress插件的GDPR合规性。
81. I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape.
我仍然知道你上周日看的是什么:欧洲智能电视领域的HbbTV协议隐私。
82. He-HTLC: Revisiting Incentives in HTLC.
He-HTLC:重审HTLC中的激励机制。
83. DOITRUST: Dissecting On-chain Compromised Internet Domains via Graph Learning.
DOITRUST:通过图学习解剖链上受损的互联网域名。
84. BARS: Local Robustness Certification for Deep Learning based Traffic Analysis Systems.
BARS:基于深度学习的流量分析系统的本地鲁棒性认证。
85. Machine Unlearning of Features and Labels.
特征和标签的机器遗忘。
86. Thwarting Smartphone SMS Attacks at the Radio Interface Layer.
在无线电接口层阻止智能手机短信攻击。
87. DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing.
DiffCSP:通过差分测试找到内容安全策略执行中的浏览器漏洞。
88. Real Threshold ECDSA.
真实阈值ECDSA。
89. OBI: a multi-path oblivious RAM for forward-and-backward-secure searchable encryption.
OBI:一种用于前向和后向安全可搜索加密的多路径遗忘式RAM。
90. Him of Many Faces: Characterizing Billion-scale Adversarial and Benign Browser Fingerprints on Commercial Websites.
多面神:对商业网站上十亿级对抗性和良性浏览器指纹进行表征。
91. Access Your Tesla without Your Awareness: Compromising Keyless Entry System of Model 3.
在不知情的情况下访问您的特斯拉:妥协Model 3的无钥匙进入系统。
92. BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects.
BlockScope:检测和调查分叉区块链项目中传播的漏洞。
93. PPA: Preference Profiling Attack Against Federated Learning.
PPA:针对联邦学习的偏好分析攻击。
94. SoundLock: A Novel User Authentication Scheme for VR Devices Using Auditory-Pupillary Response.
SoundLock:一种新颖的用户身份验证方案,利用听觉瞳孔反应用于VR设备。
——创建型模式)
)
---STL容器(vector、deque))
