最近发现Usenix 2022夏季的paper已经出了,所以扫扫看有没有有趣的文章,对文章进行了简单的分类。基于个人知识分类,可能分类不是那么准确。也可以等usenix 2022上了dblp看官方的分类。
二进制
DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly
https://www.usenix.org/conference/usenixsecurity22/presentation/yu-sheng
分类:深度学习应用在反汇编
Debloating Address Sanitizer
https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-yuchen
ASan的性能优化
RE-Mind: a First Look Inside the Mind of a Reverse Engineer
https://www.usenix.org/conference/usenixsecurity22/presentation/mantovani
调研二进制逆向工程师是如何分析汇编代码,做逆向任务的。
Augmenting Decompiler Output with Learned Variable Names and Types
https://www.usenix.org/conference/usenixsecurity22/presentation/chen-qibin
反汇编,基于机器学习的方法
fuzz
Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
https://www.usenix.org/conference/usenixsecurity22/presentation/scharnowski
固件fuzz
Morphuzz: Bending (Input) Space to Fuzz Virtual Devices
https://www.usenix.org/conference/usenixsecurity22/presentation/bulekov
对虚拟设备进行fuzz
Regulator: Dynamic Analysis to Detect ReDoS
https://www.usenix.org/conference/usenixsecurity22/presentation/mclaughlin
用fuzz去发现正则表达式引起的拒绝服务漏洞
软件安全
Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths
https://www.usenix.org/conference/usenixsecurity22/presentation/zhou-shunfan
能够探索状态依赖的分支的符号执行
How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes
https://www.usenix.org/conference/usenixsecurity22/presentation/alexopoulos
研究开源软件中的漏洞存在的时长
Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits
https://www.usenix.org/conference/usenixsecurity22/presentation/suciu
漏洞利用性评估
物联网
Lumos: Identifying and Localizing Diverse Hidden IoT Devices in an Unfamiliar Environment
https://www.usenix.org/conference/usenixsecurity22/presentation/sharma-rahul
分类:在陌生环境发现隐藏的IoT设备
Practical Data Access Minimization in Trigger-Action Platforms
https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yunang
物联网平台的数据风险问题
ProFactory: Improving IoT Security via Formalized Protocol Customization
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-fei
IoT应用的协议漏洞
声音相关
Towards More Robust Keyword Spotting for Voice Assistants
https://www.usenix.org/conference/usenixsecurity22/presentation/ahmed
语音助手的防御
“OK, Siri” or “Hey, Google”: Evaluating Voiceprint Distinctiveness via Content-based PROLE Score
https://www.usenix.org/conference/usenixsecurity22/presentation/he-ruiwen
关于声纹独特性的研究
Your Microphone Array Retains Your Identity: A Robust Voice Liveness Detection System for Smart Speakers
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/meng
分类:物联网安全,关于耳机
Lamphone: Passive Sound Recovery from a Desk Lamp’s Light Bulb Vibrations
https://www.usenix.org/conference/usenixsecurity22/presentation/nassi
通过灯泡进行窃听
SkillDetective: Automated Policy-Violation Detection of Voice Assistant Applications in the Wild
https://www.usenix.org/conference/usenixsecurity22/presentation/young
语音助手的隐私违反检测
侧信道
SecSMT: Securing SMT Processors against Contention-Based Covert Channels
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/taram
简介:分析了高性能协同多线程处理器里的基于竞争的安全漏洞
Rapid Prototyping for Microarchitectural Attacks
https://www.usenix.org/conference/usenixsecurity22/presentation/easdon
如何快速构造微体系结构攻击
Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring
https://www.usenix.org/conference/usenixsecurity22/presentation/han
针对侧信道防御的一种新攻击
AMD Prefetch Attacks through Power and Time
https://www.usenix.org/conference/usenixsecurity22/presentation/lipp
分类:AMD的CPU也存在侧信道问题
Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX
https://www.usenix.org/conference/usenixsecurity22/presentation/giner
针对LVI攻击(熔断幽灵那类)的防御
Rendering Contention Channel Made Practical in Web Browsers
https://www.usenix.org/conference/usenixsecurity22/presentation/wu
浏览器渲染的侧信道攻击
Automated Side Channel Analysis of Media Software with Manifold Learning
https://www.usenix.org/conference/usenixsecurity22/presentation/yuan
用AI的学习方法去侧信道分析,然后重现机密的媒体输入
Lend Me Your Ear: Passive Remote Physical Side Channels on PCs
https://www.usenix.org/conference/usenixsecurity22/presentation/genkin
PC机远程物理侧信道,比如PC机上的耳机
HyperDegrade: From GHz to MHz Effective CPU Frequencies
https://www.usenix.org/conference/usenixsecurity22/presentation/aldaya
用性能降级技术来抵御侧信道攻击
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
不用碰屏幕,就可以实现针对屏幕的攻击
Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand
https://www.usenix.org/conference/usenixsecurity22/presentation/cardaioli
用深度学习发现在ATM输入密码的手势特征,还原你的银行卡密码
可信计算
Elasticlave: An Efficient Memory Model for Enclaves
https://www.usenix.org/conference/usenixsecurity22/presentation/yu-jason
允许共享的TEE内存模型
SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX
https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yuan
限制不可信enclave的行为
Midas: Systematic Kernel TOCTTOU Protection
https://www.usenix.org/conference/usenixsecurity22/presentation/bhattacharyya
分类:内核安全,double-fetch bug
LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution
https://www.usenix.org/conference/usenixsecurity22/presentation/liu-jian
用符号执行检测内核里的引用计数器的非法使用
SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
https://www.usenix.org/conference/usenixsecurity22/presentation/zou
确定内核漏洞的风险性
云安全
Jenny: Securing Syscalls for PKU-based Memory Isolation Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/schrammel
分类:PKU内存隔离系统里的系统调用过滤问题(PKU是云系统的一种隔离机制)
Exploring the Unchartered Space of Container Registry Typosquatting
https://www.usenix.org/conference/usenixsecurity22/presentation/liu-guannan
docker 容器安全
Bedrock: Programmable Network Support for Secure RDMA Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/xing
云数据中心的防御,侧重于做Remote direct memory access (RDMA)
嵌入式设备
PISTIS: Trusted Computing Architecture for Low-end Embedded Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/grisafi
可信体系结构,低档嵌入式系统
RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices
https://www.usenix.org/conference/usenixsecurity22/presentation/he-yi
对嵌入式设备自动打上热补丁
Holistic Control-Flow Protection on Real-Time Embedded Systems with Kage
https://www.usenix.org/conference/usenixsecurity22/presentation/du
保护基于微控制器的嵌入式系统的控制流
AI模型安全
ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models
https://www.usenix.org/conference/usenixsecurity22/presentation/liu-yugeng
分类:机器学习模型的Inference Attack
On the Security Risks of AutoML
https://www.usenix.org/conference/usenixsecurity22/presentation/pang
对神经搜索方法潜在的安全性做了研究
Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side Channel
https://www.usenix.org/conference/usenixsecurity22/presentation/maia
神经网络的侧信道攻击
Inference Attacks Against Graph Neural Networks
https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-zhikun
图神经网络的推断攻击(Inference Attack)
SIMC: ML Inference Secure Against Malicious Clients at Semi-Honest Cost
https://www.usenix.org/conference/usenixsecurity22/presentation/chandran
机器学习模型推断攻击的防御
Label Inference Attacks Against Vertical Federated Learning
https://www.usenix.org/conference/usenixsecurity22/presentation/fu
垂直联邦学习的标签推断攻击(Label Inference Attacks)
驾驶系统
DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/zhou-ce
分类:自动驾驶系统的安全问题
Rolling Colors: Adversarial Laser Exploits against Traffic Light Recognition
https://www.usenix.org/conference/usenixsecurity22/presentation/yan
在交通灯图片上注入彩色条纹,使得自动驾驶系统识别红绿灯出错
Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols
https://www.usenix.org/conference/usenixsecurity22/presentation/yu-le
对驾驶系统的协议进行自动化逆向
SAID: State-aware Defense Against Injection Attacks on In-vehicle Network
https://www.usenix.org/conference/usenixsecurity22/presentation/xue
驾驶系统的注入攻击防御
移动安全
A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned
https://www.usenix.org/conference/usenixsecurity22/presentation/shen
分类:恶意APP的综述
FReD: Identifying File Re-Delegation in Android System Services
https://www.usenix.org/conference/usenixsecurity22/presentation/gorski
安卓系统服务的安全、静态分析
A Large-scale Investigation into Geodifferences in Mobile Apps
https://www.usenix.org/conference/usenixsecurity22/presentation/kumar
移动APP地理差异的研究(地理差异可以用来墙的)
FOAP: Fine-Grained Open-World Android App Fingerprinting
https://www.usenix.org/conference/usenixsecurity22/presentation/li-jianfeng
细粒度的开源安卓APP指纹技术
LTE(通信安全?)
LTrack: Stealthy Tracking of Mobile Phones in LTE
https://www.usenix.org/conference/usenixsecurity22/presentation/kotuliak
对LTE攻击,能够获取到设备的位置
Watching the Watchers: Practical Video Identification Attack in LTE Networks
https://www.usenix.org/conference/usenixsecurity22/presentation/bae
视频识别攻击,可以知道受害者在看什么视频。
DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices
https://www.usenix.org/conference/usenixsecurity22/presentation/park-cheoljun
LTE设备的negative testing框架
密码学
OpenSSLNTRU: Faster post-quantum TLS key exchange
https://www.usenix.org/conference/usenixsecurity22/presentation/bernstein
后量子密码学相关
Polynomial Commitment with a One-to-Many Prover and Applications
https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-jiaheng
密码学相关
Post-Quantum Cryptography with Contemporary Co-Processors: Beyond Kronecker, Schönhage-Strassen & Nussbaumer
https://www.usenix.org/conference/usenixsecurity22/presentation/bos
后量子密码、IoT设备
Orca: Blocklisting in Sender-Anonymous Messaging
https://www.usenix.org/conference/usenixsecurity22/presentation/tyagi
设计了匿名发送系统的协议
How to Abuse and Fix Authenticated Encryption Without Key Commitment
https://www.usenix.org/conference/usenixsecurity22/presentation/albertini
密码学、认证相关
Omnes pro uno: Practical Multi-Writer Encrypted Database
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-jiafan
密码学相关
网络安全
Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope
https://www.usenix.org/conference/usenixsecurity22/presentation/hiesgen
网络扫描
Total Eclipse of the Heart – Disrupting the InterPlanetary File System
https://www.usenix.org/conference/usenixsecurity22/presentation/prunster
P2P方案InterPlanetary File System的一个攻击
Under the Hood of DANE Mismanagement in SMTP
https://www.usenix.org/conference/usenixsecurity22/presentation/lee
DNS、网络安全相关
MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties
https://www.usenix.org/conference/usenixsecurity22/presentation/chen-guoxing
远程认证机制
Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning
https://www.usenix.org/conference/usenixsecurity22/presentation/jain
端到端的加密系统(比如邮箱平台用的)的安全性问题
99% False Positives: A Qualitative Study of SOC Analysts’ Perspectives on Security Alarms
https://www.usenix.org/conference/usenixsecurity22/presentation/alahmadi
从安全运营分析者角度对安全警告的定性研究(99%都是误报)
Web安全
Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World
https://www.usenix.org/conference/usenixsecurity22/presentation/cherubin
web 指纹攻击
Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces
https://www.usenix.org/conference/usenixsecurity22/presentation/kasturi
wordpress 的恶意插件研究
Web Cache Deception Escalates!
https://www.usenix.org/conference/usenixsecurity22/presentation/mirheidari
web 安全
Mining Node.js Vulnerabilities via Object Dependence Graph and Query
https://www.usenix.org/conference/usenixsecurity22/presentation/li-song
挖掘node.js的漏洞
When Sally Met Trackers: Web Tracking From the Users’ Perspective
https://www.usenix.org/conference/usenixsecurity22/presentation/dambra
web相关
FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities
https://www.usenix.org/conference/usenixsecurity22/presentation/park-sunnyeo
PHP对象注入漏洞的自动化利用
An Audit of Facebook’s Political Ad Policy Enforcement
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/lepochat
简介:对Facebook的处理政治广告的策略进行了审计。结果发现Facebook现在的策略很不精确等等。
Increasing Adversarial Uncertainty to Scale Private Similarity Testing
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/hua
简介:社交平台会对用户发布的东西进行内容审查,避免发布一些奇怪的东西。这篇文章就是讲如何检测出这些奇怪的东西。
“How Do You Not Lose Friends?”: Synthesizing a Design Space of Social Controls for Securing Shared Digital Resources Via Participatory Design Jams
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/moju-igbene
简介:数字资源(银行账号,协作文档)经常在一个小群体里共享。然而这个资源的安全和隐私控制做得很差。一个原因就是安全和隐私控制的设计空间很不明确。这篇文章就是要去明确这个设计空间。
OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR
https://www.usenix.org/conference/usenixsecurity22/presentation/trimananda
分类:VR应用的隐私泄露问题
PrivGuard: Privacy Regulation Compliance Made Easier
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-lun
分类:隐私计算
Understanding and Improving Usability of Data Dashboards for Simplified Privacy Control of Voice Assistant Data
https://www.usenix.org/conference/usenixsecurity22/presentation/sharma-vandit
分类:隐私权限控制、语音助手
Caring about Sharing: User Perceptions of Multiparty Data Sharing
https://www.usenix.org/conference/usenixsecurity22/presentation/kacsmar
隐私策略
“I feel invaded, annoyed, anxious and I may protect myself”: Individuals’ Feelings about Online Tracking and their Protective Behaviour across Gender and Country
https://www.usenix.org/conference/usenixsecurity22/presentation/coopamootoo
隐私相关
Security and Privacy Perceptions of Third-Party Application Access for Google Accounts
https://www.usenix.org/conference/usenixsecurity22/presentation/balash
隐私计算,第三方应用权限
Synthetic Data – Anonymisation Groundhog Day
https://www.usenix.org/conference/usenixsecurity22/presentation/stadler
合成数据、匿名化技术的量化评估
Empirical Understanding of Deletion Privacy: Experiences, Expectations, and Measures
https://www.usenix.org/conference/usenixsecurity22/presentation/minaei
隐私,综述类文章
Secure Poisson Regression
https://www.usenix.org/conference/usenixsecurity22/presentation/kelkar
泊松回归计算更安全,有点像隐私计算那类
Automating Cookie Consent and GDPR Violation Detection
https://www.usenix.org/conference/usenixsecurity22/presentation/bollinger
隐私问题
Incremental Offline/Online PIR
https://www.usenix.org/conference/usenixsecurity22/presentation/ma
隐私计算
WebGraph: Capturing Advertising and Tracking Information Flows for Robust Blocking
https://www.usenix.org/conference/usenixsecurity22/presentation/siby
隐私保护。截断广告和追踪的信息流。
未分类
Back-Propagating System Dependency Impact for Attack Investigation
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/fang
简介:对系统日志的分析
Aardvark: An Asynchronous Authenticated Dictionary with Applications to Account-based Cryptocurrencies
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/leung
分类:加密数字货币
Helping hands: Measuring the impact of a large threat intelligence sharing community
链接:https://www.usenix.org/conference/usenixsecurity22/presentation/bouwman
简介:对共享社区的数据的安全性做了评估。比如COVID-19 Cyber Threat Coalition。文章主要对这几个问题做了探讨。第一,一定范围的协作能不能让数据有更好的覆盖率?第二,将这些数据公开有没有在现实生活中起到作用?
VerLoc: Verifiable Localization in Decentralized Systems
https://www.usenix.org/conference/usenixsecurity22/presentation/kohls
确定去中心化系统的节点位置
Stick It to The Man: Correcting for Non-Cooperative Behavior of Subjects in Experiments on Social Networks
https://www.usenix.org/conference/usenixsecurity22/presentation/clary
社交网络
Behind the Tube: Exploitative Monetization of Content on YouTube
https://www.usenix.org/conference/usenixsecurity22/presentation/chu
探索Youtube这种网站上内容变现的利用方式
Dos and Don’ts of Machine Learning in Computer Security
https://www.usenix.org/conference/usenixsecurity22/presentation/arp
机器学习用在计算机安全领域会有什么问题?如何解决?
Original: https://blog.csdn.net/u013648063/article/details/122527985
Author: 破落之实
Title: Usenix 2022 夏季论文简单分类
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/662671/
转载文章受原作者版权保护。转载请注明原作者出处!