ACSAC 2021 论文录用列表

Annual Computer Security Applications Conference（ACSAC）会议关注计算机应用安全领域的研究工作，与DSN, ESORICS和RAID并称为网络与信息安全领域的“四小安全顶级会议”（简称四小），代表着国际网络与信息安全学术研究的最高水平。ACSAC 2021年共收到论文326篇(2020:300, 2019:266, 2018:299)，录取80篇(2020:70, 2019:60, 2018:60)，录用率为24.5%(2020:23.33%, 2019:22.56%, 2018:20.1%)，所有录用论文标题如下：

Technical Papers 1A: Machine Learning Security 1

• Stealing Machine Learning Models: Attacks and Countermeasures for Generative Adversarial Networks

Hailong Hu; Jun Pang

• The Many-faced God: Attacking Face Verification System with Embedding and Image Recovery

Mingtian Tan; Zhe Zhou; Zhou Li

• Two Souls in an Adversarial Image: Towards Universal Adversarial Example Detection using Multi-view Inconsistency

Sohaib Kiani; Sana Awan; Chao Lan; Fengjun Li; Bo Luo

• Efficient, Private and Robust Federated Learning

Meng Hao; Hongwei Li; Guowen Xu; Hanxiao Chen; Tianwei Zhang

• Morphence: Moving Target Defense Against Adversarial Examples

Abderrahmen Amich; Birhanu Eshete

Technical Papers 1A: Machine Learning Security 1

• Stealing Machine Learning Models: Attacks and Countermeasures for Generative Adversarial Networks

Hailong Hu; Jun Pang

• The Many-faced God: Attacking Face Verification System with Embedding and Image Recovery

Mingtian Tan; Zhe Zhou; Zhou Li

• Two Souls in an Adversarial Image: Towards Universal Adversarial Example Detection using Multi-view Inconsistency

Sohaib Kiani; Sana Awan; Chao Lan; Fengjun Li; Bo Luo

• Efficient, Private and Robust Federated Learning

Meng Hao; Hongwei Li; Guowen Xu; Hanxiao Chen; Tianwei Zhang

• Morphence: Moving Target Defense Against Adversarial Examples

Abderrahmen Amich; Birhanu Eshete

Technical Papers 5A: Machine Learning Security 2

• Eluding ML-based Adblockers With Actionable Adversarial Examples

Shitong Zhu; Zhongjie Wang; Xun Chen; Shasha Li; Keyu Man; Umar Iqbal; Zhiyun Qian; Kevin Chan; Srikanth Krishnamurthy; Zubair Shafiq

• BadNL: Backdoor Attacks against NLP models with Semantic-preserving Improvements

Xiaoyi Chen; Ahmed Salem; Dingfan Chen; Michael Backes; Shiqing Ma; Qingni Shen; Zhonghai Wu; Yang Zhang

• MISA: Online Defense of Trojaned Models using Misattributions

Panagiota Kiourti; Wenchao Li; Karan Sikka; Anirban Roy; Susmit Jha

• Detecting Audio Adversarial Examples with Logit Noising

Namgyu Park; Sangwoo Ji; Jong Kim

• Can We Leverage Predictive Uncertainty to Detect Dataset Shift and Adversarial Examples in Android Malware Detection?

Deqiang Li; Tian Qiu; Shuo Chen; Qianmu Li; Shouhuai Xu

Technical Papers 2A: Software Security 1

• Program Obfuscation via ABI Debiasing

David Demicco; Rukayat Erinfolami; Aravind Prakash

• A Look Back on a Function Identification Problem

Hyungjoon Koo; Soyeon Park; Taesoo Kim

• SoftMark: Software Watermarking via a Binary Function Relocation

Honggoo Kang; Yonghwi Kwon; Sangjin Lee; Hyungjoon Koo

• Dynamic Taint Analysis versus Obfuscated Self-Checking

Sebastian Banescu; Samuel Valenzuela; Marius Guggenmos; Mohsen Ahmadvand; Alexander Pretschner

• Dicos: Discovering Insecure Code Snippets from Stack Overflow Posts by Leveraging User Discussions

Hyunji Hong; Seunghoon Woo; Heejo Lee

Technical Papers 7A: Software Security 2

• RUPAIR: Towards Automatic Buffer Overflow Detection and Rectification for Rust

Baojian Hua; Wanrong Ouyang; Chengman Jiang; Qiliang Fan; Zhizhong Pan

• Keeping Safe Rust Safe with Galeed

Elijah Rivera; Samuel Mergendahl; Howard Shrobe; Hamed Okhravi; Nathan Burow

• DistAppGaurd: Distributed Application Behaviour Profiling in Cloud-Based Environment

mohammadmahdi ghorbani; Fereydoun Farrahi Moghaddam; Mengyuan Zhang; Makan Pourzandi; Kim Khoa Nguyen; Mohamed Cheriet

• ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing

Dongliang Fang; Zhanwei Song; Le Guan; Puzhuo Liu; Anni Peng; Kai Cheng; Yaowen Zheng; Peng Liu; Hongsong Zhu; Limin Sun

• argXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Cortex-M Binaries

Pallavi Sivakumaran; Jorge Blasco

Technical Papers 2B: Privacy and Anonymity

• ARID: Anonymous Remote IDentification of Unmanned Aerial Vehicles

Pietro Tedeschi; Savio Sciancalepore; Roberto Di Pietro

• Sipster: Settling IOU Privately and Quickly with Smart Meters

Sherman S. M. Chow; Ming Li; Yongjun Zhao; Wenqiang Jin

• TEEKAP: Self-Expiring Data Capsule using Trusted Execution Environment

Mingyuan Gao; Hung Dang; Ee-Chien Chang

• BAPM: Block Attention Profiling Model for Multi-tab Website Fingerprinting Attacks on Tor

Zhong Guan; Gang Xiong; Gaopeng Gou; Zhen Li; Mingxin Cui; Chang Liu

• Try before You Buy: Privacy-preserving Data Evaluation on Cloud-based Machine Learning Data Marketplace

Qiyang Song; Jiahao Cao; Kun Sun; Qi Li; Ke Xu

Technical Papers 3A: Distributed systems

• VIA: Analyzing Device Interfaces of Protected Virtual Machines

Felicitas Hetzelt; Martin Radev; Robert Buhren; Mathias Morbitzer; Jean-Pierre Seifert

• Rocky: Replicating Block Devices for Tamper and Failure Resistant Edge-based Virtualized Desktop Infrastructure

Beom Heyn Kim; Hyoungshick Kim

• On Detecting Growing-Up Behaviors of Malicious Accounts in Privacy-Centric Mobile Social Networks

Zijie Yang; Binghui Wang; Haoran Li; Dong Yuan; Zhuotao Liu; Neil Gong; Chang Liu; Qi Li; Xiao Liang; Shaofeng Hu

• ReCFA: Resilient Control-Flow Attestation

Yumei Zhang; Xinzhi Liu; Cong Sun; Dongrui Zeng; Gang Tan; Xiao Kan; Siqi Ma

• Practical Attestation for Edge Devices Running Compute Heavy Machine Learning Applications

Ismi Abidi; Vireshwar Kumar; Rijurekha Sen

Technical Papers 3B: Usability and Human-Centric Aspects of Security

• Is Visualization Enough? Evaluating the Efficacy of MUD-Visualizer in Enabling Ease of Deployment for Manufacturer Usage Description (MUD)

Vafa Andalibi; Jayati Dev; DongInn Kim; Eliot Lear; L. Jean Camp

• A Cross-role and Bi-national Analysis on Security Efforts and Constraints of Software Development Projects

Fumihiro Kanei; Ayako Akiyama Hasegawa; Eitaro Shioji; Mitsuaki Akiyama

• An Efficient Man-Machine Recognition Method Based On Mouse Trajectory Feature De-redundancy

Xiaofeng Lu; Zhenhan Feng; Jupeng Xia

• OPay: an Orientation-based Contactless Payment Solution Against Passive Attacks

Mahshid Mehr Nezhd; Feng Hao

• What’s in a Cyber Threat Intelligence sharing platform? A mixed-methods user experience investigation of MISP

Borce Stojkovski; Gabriele  LENZINI; Vincent KOENIG; Salvador RIVAS

Technical Papers 4A: CPS and IoT

• They See Me Rollin\’: Inherent Vulnerability of the Rolling Shutter in CMOS Image Sensors

Sebastian Köhler; Giulio Lovisotto; Simon Birnbach; Richard Baker; Ivan Martinovic

• Evaluating the Effectiveness of Protection Jamming Devices in Mitigating Smart Speaker Eavesdropping Attacks Using Gaussian White Noise

Payton Walker; Nitesh Saxena

• S2-CAN: Sufficiently Secure Controller Area Network

Mert D. Pesé; Jay W. Schauer; Junhui Li; Kang G. Shin

• Crypto-Chain: A Relay Resilience Framework for Smart Vehicles

Abubakar Sadiq Sani; Dong Yuan; Elisa Bertino; Zhao Yang Dong

• Advanced System Resiliency Based on Virtualization Techniques for IoT Devices

Jonas Röckl; Mykolai Protsenko; Monika Huber; Tilo Müller; Felix C. Freiling

Technical Papers 4A: CPS and IoT

• They See Me Rollin\’: Inherent Vulnerability of the Rolling Shutter in CMOS Image Sensors

Sebastian Köhler; Giulio Lovisotto; Simon Birnbach; Richard Baker; Ivan Martinovic

• Evaluating the Effectiveness of Protection Jamming Devices in Mitigating Smart Speaker Eavesdropping Attacks Using Gaussian White Noise

Payton Walker; Nitesh Saxena

• S2-CAN: Sufficiently Secure Controller Area Network

Mert D. Pesé; Jay W. Schauer; Junhui Li; Kang G. Shin

• Crypto-Chain: A Relay Resilience Framework for Smart Vehicles

Abubakar Sadiq Sani; Dong Yuan; Elisa Bertino; Zhao Yang Dong

• Advanced System Resiliency Based on Virtualization Techniques for IoT Devices

Jonas Röckl; Mykolai Protsenko; Monika Huber; Tilo Müller; Felix C. Freiling

Technical Papers 5B: Hardware and Architecture

• TLB Poisoning Attacks on AMD Secure Encrypted Virtualization

Mengyuan Li; Yinqian Zhang; Huibo Wang; Kang Li; Yueqiang Cheng

• Reinhardt: Real-time Reconfigurable Hardware Architecture for Regular Expression Matching in DPI

Taejune Park; Jaehyun Nam; Seung Ho Na; Jaewoong Chung; Seungwon Shin

• Understanding the Threats of Trojaned Quantized Neural Network in Model Supply Chains

Xudong Pan; Mi Zhang; Yifan Yan; Min Yang

• FlexFilt: Towards Flexible Instruction Filtering for Security

Leila Delshadtehrani; Sadullah Canakci; William Blair; Manuel Egele; Ajay Joshi

• RingRAM: A Unified Hardware Security Primitive for IoT Devices that Gets Better with Age

Michael Moukarzel; Matthew Hicks

Technical Papers 6A: Malware and Novel Attacks

• SODA: A System for Cyber Deception Orchestration and Automation

Md Sajidul Islam Sajid; Jinpeng Wei; Basel Abdeen; Ehab Al-Shaer; Md Mazharul Islam; Walter Diong; Latifur Khan

• Reproducible and Adaptable Log Data Generation for Sound Cybersecurity Experiments

Rafael Uetz; Christian Hemminghaus; Louis Hackländer; Philipp Schlipper; Martin Henze

• Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Duy-Phuc Pham; Damien Marion; Matthieu Mastio; Annelie Heuser

• CommanderGabble: A Universal Attack Against ASR Systems Leveraging Fast Speech

Zhaohe (John) Zhang; Edwin Yang; Song Fang

• Physical Logic Bombs in 3D Printers via Emerging 4D Techniques

Tuan Le; Sriharsha Etigowni; Sizhuang Liang; Xirui Peng; Jerry Qi; Mehdi Javanmard; Saman Zonouz; Raheem Beyah

Technical Papers 6A: Malware and Novel Attacks

• SODA: A System for Cyber Deception Orchestration and Automation

Md Sajidul Islam Sajid; Jinpeng Wei; Basel Abdeen; Ehab Al-Shaer; Md Mazharul Islam; Walter Diong; Latifur Khan

• Reproducible and Adaptable Log Data Generation for Sound Cybersecurity Experiments

Rafael Uetz; Christian Hemminghaus; Louis Hackländer; Philipp Schlipper; Martin Henze

• Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Duy-Phuc Pham; Damien Marion; Matthieu Mastio; Annelie Heuser

• CommanderGabble: A Universal Attack Against ASR Systems Leveraging Fast Speech

Zhaohe (John) Zhang; Edwin Yang; Song Fang

• Physical Logic Bombs in 3D Printers via Emerging 4D Techniques

Tuan Le; Sriharsha Etigowni; Sizhuang Liang; Xirui Peng; Jerry Qi; Mehdi Javanmard; Saman Zonouz; Raheem Beyah

Technical Papers 7B: Wireless Security

• On Key Reinstallation Attacks over 4G LTE Network: Feasibility and Negative Impact

Muhammad Taqi Raza; Yunqi Guo; Songwu Lu; Fatima Muhammad Anwar

• Security of Multicarrier Time-of-Flight Ranging

Patrick Leu; Martin Kotuliak; Marc Roeschlin; Srdjan Capkun

• Don’t hand it Over: Vulnerabilities in the Handover Procedure of Cellular Telecommunications

Evangelos Bitsikas; Christina Pöpper

• Time to Rethink the Design of Qi Standard? Security and Privacy Vulnerability Analysis of Qi Wireless Charging

Yi Wu; Zhuohang Li; Nicholas Van Nostrand; Jian Liu

• Detecting and Characterizing SMS Spearphising Attacks

Mingxuan Liu; Yiming Zhang; Baojun Liu; Zhou Li; Haixin Duan; Donghong Sun

Technical Papers 8A: Mobile and Smart Apps

• Characterizing Improper Input Validation Vulnerabilities of Mobile Crowdsourcing Services

Sojhal Ismail Khan; Dominika C Woszczyk; Chengzeng You; Soteris Demetriou; Muhammad Naveed

• Towards Stalkerware Detection with Precise Warnings

Yufei Han; Kevin Alejandro Roundy; Acar Tamersoy

• Repack Me If You Can: An Anti-Repackaging Solution based on Android Virtualization

Antonio Ruggia; Eleonora Losiouk; Luca Verderame; Mauro Conti; Alessio Merlo

• Westworld: Fuzzing-Assisted Remote Dynamic Symbolic Execution of Smart Apps on IoT Cloud Platforms

Lannan Luo; Qiang Zeng; Bokai Yang; Fei Zuo; Junzhe Wang

• The Emperor\’s New Autofill Framework: A Security Analysis of Autofill on iOS and Android

Sean Oesch; Anuj Gautam; Scott Ruoti

Technical Papers 8A: Mobile and Smart Apps

• Characterizing Improper Input Validation Vulnerabilities of Mobile Crowdsourcing Services

Sojhal Ismail Khan; Dominika C Woszczyk; Chengzeng You; Soteris Demetriou; Muhammad Naveed

• Towards Stalkerware Detection with Precise Warnings

Yufei Han; Kevin Alejandro Roundy; Acar Tamersoy

• Repack Me If You Can: An Anti-Repackaging Solution based on Android Virtualization

Antonio Ruggia; Eleonora Losiouk; Luca Verderame; Mauro Conti; Alessio Merlo

• Westworld: Fuzzing-Assisted Remote Dynamic Symbolic Execution of Smart Apps on IoT Cloud Platforms

Lannan Luo; Qiang Zeng; Bokai Yang; Fei Zuo; Junzhe Wang

• The Emperor\’s New Autofill Framework: A Security Analysis of Autofill on iOS and Android

Sean Oesch; Anuj Gautam; Scott Ruoti