Mining for Security
for Security Tags Usable Security Web
Attack Detection for Cyber-Physical Systems
Attack Detection for Cyber-Physical Systems Summary Attack Detection for Cyber-Physical Systems Tags Secure Connected and Mobile Systems Chapter Date publishe...
Auditing Empirical Privacy Protection for Adaptations of Large Language Models
Auditing Empirical Privacy Protection for Adaptations of Large Language Models Summary A recent position paper (Tramer et al., ICML'24) challenges the common a...
The (Un)usual Suspects – Studying Reasons for Lacking Updates in WordPress
targets for adversaries, with the vulnerabilities in the code posing serious risks to website visitors, hosters, operators, and the wider online public. Despit...
Universal Gradient Methods for Stochastic Convex Optimization
Universal Gradient Methods for Stochastic Convex Optimization Summary We develop universal gradient methods for Stochastic Convex Optimization (SCO). Our algo...
Stabilized Proximal Point Methods for Federated Optimization
Stabilized Proximal Point Methods for Federated Optimization Summary In developing efficient optimization algorithms, it is crucial to account for communicati...
XAVIER: Grammar-Based Testing for XML Injection Attacks
XAVIER: Grammar-Based Testing for XML Injection Attacks Summary Web services are essential for online interactions, supporting critical tasks like banking and...
Secure Noise Sampling for Differentially Private Collaborative Learning
Secure Noise Sampling for Differentially Private Collaborative Learning Summary Differentially private stochastic gradient descent (DP-SGD) trains machine lear...
Efficient and Privacy-Preserving Soft Prompt Transfer for LLMs
Efficient and Privacy-Preserving Soft Prompt Transfer for LLMs Summary Prompting has become a dominant paradigm for adapting large language models (LLMs). Whi...
Exploiting Similarity for Computation and Communication-Efficient Decentralized Optimization
Exploiting Similarity for Computation and Communication-Efficient Decentralized Optimization Summary Reducing communication complexity is critical for efficie...
POST: A Framework for Privacy of Soft-prompt Transfer
POST: A Framework for Privacy of Soft-prompt Transfer Summary Prompting has emerged as a dominant learning paradigm for adapting large language models (LLMs)....
Do Parameters Reveal More than Loss for Membership Inference?
Do Parameters Reveal More than Loss for Membership Inference? Summary Membership inference attacks aim to infer whether an individual record was used to train...
SEAL: Capability-Based Access Control for Data-Analytic Scenarios
SEAL: Capability-Based Access Control for Data-Analytic Scenarios Summary Data science is the basis for various disciplines in the Big-Data era. Due to the hi...
On the Feasibility of CubeSats Application Sandboxing for Space Missions
On the Feasibility of CubeSats Application Sandboxing for Space Missions Summary This paper details our journey in designing and selecting a suitable applicati...
Integrating Vision‐Language Models for Accelerated High‐Throughput Nutrition Screening
Integrating Vision‐Language Models for Accelerated High‐Throughput Nutrition Screening Summary Addressing the critical need for swift and precise nutritional...
Batch normalization is sufficient for universal function approximation in CNNs.
Batch normalization is sufficient for universal function approximation in CNNs. Summary Normalization techniques, for which Batch Normalization (BN) is a popu...
On Practical Realization of Evasion Attacks for Industrial Control Systems
On Practical Realization of Evasion Attacks for Industrial Control Systems Summary In recent years, a number of evasion attacks for Industrial Control Systems...
White-box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems
White-box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems Summary Anomaly detection for cyber-physical systems is an effective method...
MargCTGAN: A “Marginally” Better CTGAN for the Low Sample Regime
MargCTGAN: A “Marginally” Better CTGAN for the Low Sample Regime Summary The potential of realistic and useful synthetic data is significant. However, current...
Understanding How Users Prepare for and React to Smartphone Theft
Understanding How Users Prepare for and React to Smartphone Theft Summary Smartphone theft is common, yet little research explores how users prepare for or re...
Exploring Authentication for Security-Sensitive Tasks on Smart Home Voice Assistants
Exploring Authentication for Security-Sensitive Tasks on Smart Home Voice Assistants Summary Smart home assistants such as Amazon Alexa and Google Home are pri...
Universality of AdaGrad Stepsizes for Stochastic Optimization: Inexact Oracle, Acceleration and Variance Reduction
Universality of AdaGrad Stepsizes for Stochastic Optimization: Inexact Oracle, Acceleration and Variance Reduction Summary We present adaptive gradient methods...
LEO-Range: Physical Layer Design for Secure Ranging with Low Earth Orbiting Satellites
LEO-Range: Physical Layer Design for Secure Ranging with Low Earth Orbiting Satellites Summary We propose LEO-Range, a novel physical layer design for secure...
Tests4Py: A Benchmark for System Testing
Tests4Py: A Benchmark for System Testing Summary Benchmarks are among the main drivers of progress in software engineering research. However, many current benc...
CausalGraph2LLM: Evaluating LLMs for Causal Queries
CausalGraph2LLM: Evaluating LLMs for Causal Queries Summary - Tags Trustworthy Information Processing Conference Paper NeurIPS-Workshop (NeurIPS-W) Date publis...
Pruning neural network models for gene regulatory dynamics using data and domain knowledge
Pruning neural network models for gene regulatory dynamics using data and domain knowledge Summary The practical utility of machine learning models in the scie...
CausalGraph2LLM: Evaluating LLMs for Causal Queries
CausalGraph2LLM: Evaluating LLMs for Causal Queries Summary Causality is essential in scientific research, enabling researchers to interpret true relationships...
Robustness Certification for Point Cloud Models
Robustness Certification for Point Cloud Models Summary The use of deep 3D point cloud models in safety-critical applications, such as autonomous driving, dict...
Distributed Quantum Advantage for Local Problems
Distributed Quantum Advantage for Local Problems Summary We present the first local problem that shows a super-constant separation between the classical random...
Efficient Streaming Algorithms for Graphlet Sampling
Efficient Streaming Algorithms for Graphlet Sampling Summary Given a graph $G$ and a positive integer $k$, the Graphlet Sampling problem asks to sample a conne...
SoK: Prudent Evaluation Practices for Fuzzing
SoK: Prudent Evaluation Practices for Fuzzing Summary Fuzzing has proven to be a highly effective approach to uncover software bugs over the past decade. After...
SoK: Prudent Evaluation Practices for Fuzzing.
SoK: Prudent Evaluation Practices for Fuzzing. Summary Fuzzing has proven to be a highly effective approach to uncover software bugs over the past decade. Afte...
Sufficient Invariant Learning for Distribution Shift
Sufficient Invariant Learning for Distribution Shift Summary Learning robust models under distribution shifts between training and test datasets is a fundament...
FixKit: A Program Repair Collection for Python
FixKit: A Program Repair Collection for Python Summary In recent years automatic program repair has gained much attention in the research community. Generally,...
Differentially Private Prototypes for Imbalanced Transfer Learning
Differentially Private Prototypes for Imbalanced Transfer Learning Summary Machine learning (ML) models have been shown to leak private information from their...
SFLKit: A Workbench for Statistical Fault Localization
SFLKit: A Workbench for Statistical Fault Localization Summary Statistical fault localization aims at detecting execution features that correlate with failures...
Information flow control for comparative privacy analyses
Information flow control for comparative privacy analyses Summary The prevalence of web tracking and its key characteristics have been extensively investigated...
data-privacy-policy-social-media
interact and communicate with Facebook users, other interested persons and our customers who visit our Facebook Page. The processing of users' personal data ta...
Adaptive Hierarchical Certification for Segmentation using Randomized Smoothing
Adaptive Hierarchical Certification for Segmentation using Randomized Smoothing Summary Common certification methods operate on a flat pre-defined set of fine-...
Taming the Linux Memory Allocator for Rapid Prototyping
Taming the Linux Memory Allocator for Rapid Prototyping Summary Microarchitectural attacks pose an increasing threat to system security. They enable attackers...
Decoupled SGDA for Games with Intermittent Strategy Communication
Decoupled SGDA for Games with Intermittent Strategy Communication Summary We focus on reducing communication overhead in multiplayer games, where frequently ex...
Dimension-Free Parameterized Approximation Schemes for Hybrid Clustering
Dimension-Free Parameterized Approximation Schemes for Hybrid Clustering Summary Hybrid k-Clustering is a model of clustering that generalizes two of the most...
Exploring the Potential of LLMs for Code Deobfuscation
Exploring the Potential of LLMs for Code Deobfuscation Summary Code obfuscation alters software code to conceal its logic while retaining functionality, aiding...
Biologically informed NeuralODEs for genome-wide regulatory dynamics
Biologically informed NeuralODEs for genome-wide regulatory dynamics Summary Background Gene regulatory network (GRN) models that are formulated as ordinary di...
KeyVisor – A Lightweight ISA Extension for Protected Key Handles with CPU-enforced Usage Policies
KeyVisor – A Lightweight ISA Extension for Protected Key Handles with CPU-enforced Usage Policies Summary The confidentiality of cryptographic keys is essentia...
Down to earth! Guidelines for DGA-based Malware Detection
ones to assumptions about experiments and deployment of the detection systems. We then revisit if these assumptions hold, showing that most DGA detection approa...
Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software Contributors
Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software Contributors Summary To increase open-source software sup...
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning Summary Web application scanners are popular and effective black-box testing tools, automating th...
Precise Parameter Localization for Textual Generation in Diffusion Models
Precise Parameter Localization for Textual Generation in Diffusion Models Summary Novel diffusion models (DMs) can synthesize photo-realistic images with integ...
Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform Analyses
Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform Analyses Summary For years, researchers have been...
Performant ASR Models for Medical Entities in Accented Speech
Performant ASR Models for Medical Entities in Accented Speech Summary Recent strides in automatic speech recognition (ASR) have accelerated their application i...
Let Me Do It For You: On the Feasibility of Inter-Satellite Friendly Jamming
Let Me Do It For You: On the Feasibility of Inter-Satellite Friendly Jamming Summary Unexpected cost reductions in recent years have significantly lowered the...
The World Wide recipe: A community-centred framework for fine-grained data collection and regional bias operationalisation
The World Wide recipe: A community-centred framework for fine-grained data collection and regional bias operationalisation Summary We introduce the World Wide...
A Qualitative Study of Adoption Barriers and Challenges for Passwordless Authentication in German Public Administrations
A Qualitative Study of Adoption Barriers and Challenges for Passwordless Authentication in German Public Administrations Summary Public administrations provide...
A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service.
A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service. Summary Recovery codes are a popular backup mec...
Balancing Diversity and Risk in LLM Sampling: How to Select Your Method and Parameter for Open-Ended Text Generation
Balancing Diversity and Risk in LLM Sampling: How to Select Your Method and Parameter for Open-Ended Text Generation Summary Sampling-based decoding strategies...
Open LLMs are Necessary for Private Adaptations and Outperform their Closed Alternatives
Open LLMs are Necessary for Private Adaptations and Outperform their Closed Alternatives Summary While open Large Language Models (LLMs) have made significant...
SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript
SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript Summary Npm is the largest software ecosystem in the world, offering millions of...
Competing for Attention: An Interview Study with Participants of Cryptography Competitions
Competing for Attention: An Interview Study with Participants of Cryptography Competitions Summary Cryptography competitions often contribute to the developmen...
CHARON: Polyglot Code Analysis for Detecting Vulnerabilities in Scripting Languages Native Extensions
CHARON: Polyglot Code Analysis for Detecting Vulnerabilities in Scripting Languages Native Extensions Summary Scripting languages like Python or JavaScript are...
Spectral Preconditioning for Gradient Methods on Graded Non-convex Functions
Spectral Preconditioning for Gradient Methods on Graded Non-convex Functions Summary The performance of optimization methods is often tied to the spectrum of t...
Exploring the Design Space for Security Warnings in Immersive Environments
Exploring the Design Space for Security Warnings in Immersive Environments Summary More and more immersive environments support third-party applications, leadi...
Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities.
Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities. Summary Server-side web applications are still predominantly implemented in the...
Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv
Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv Summary Spectre-BTB, also known as Spectre Variant 2, is often considered the most...
Context-Aware Reasoning On Parametric Knowledge for Inferring Causal Variables
Context-Aware Reasoning On Parametric Knowledge for Inferring Causal Variables Summary Scientific discovery catalyzes human intellectual advances, driven by th...
By the Numbers: Towards Standard Evaluation Metrics for Programmable Logic Controllers' Defenses
By the Numbers: Towards Standard Evaluation Metrics for Programmable Logic Controllers' Defenses Summary Our modern society relies on important utility infrast...
Count Corruptions, Not Users: Improved Tightness for Signatures, Encryption and Authenticated Key Exchange
Count Corruptions, Not Users: Improved Tightness for Signatures, Encryption and Authenticated Key Exchange Summary In the multi-user with corruptions (muc) set...
From Graph Properties to Graph Parameters: Tight Bounds for Counting on Small Subgraphs
From Graph Properties to Graph Parameters: Tight Bounds for Counting on Small Subgraphs Summary A graph property is a function Φ that maps every graph to {0, 1...
AfriSpeech-200: Pan-African Accented Speech Dataset for Clinical and General Domain ASR
AfriSpeech-200: Pan-African Accented Speech Dataset for Clinical and General Domain ASR Summary Africa has a very poor doctor-to-patient ratio. At very busy cl...
Measuring User Perception for Detecting Unexpected Access to Sensitive Resource in Mobile Apps
Measuring User Perception for Detecting Unexpected Access to Sensitive Resource in Mobile Apps Summary Understanding users' perception of app behaviors is an i...
Transparent TSN for Agnostic End-hosts via P4-based Traffic Characterization at Switches
Transparent TSN for Agnostic End-hosts via P4-based Traffic Characterization at Switches Summary Mission-critical networks currently face a transition from leg...
Generated Distributions Are All You Need for Membership Inference Attacks Against Generative Models
Generated Distributions Are All You Need for Membership Inference Attacks Against Generative Models Summary Generative models have demonstrated revolutionary s...
FullCert: Deterministic End-to-End Certification for Training and Inference of Neural Networks
FullCert: Deterministic End-to-End Certification for Training and Inference of Neural Networks Summary Modern machine learning models are sensitive to the mani...
(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels
(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels Summary In the last years, there has been a rapid increase in micro...
Formal Methods for Autonomous Systems
Economics Elliptic curves isogenies Embedded Security Exploratory Data Analysis Factoring Formal Methods Formal Verification forschungstexte-de Fuzzing Hash fun...
Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting
Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting Summary In an attempt to combat user tracking, both privacy-...
The Limits and Potentials of Local SGD for Distributed Heterogeneous Learning with Intermittent Communication
The Limits and Potentials of Local SGD for Distributed Heterogeneous Learning with Intermittent Communication Summary Local SGD is a popular optimization metho...
The Concrete Security of Two-Party Computation: Simple Definitions, and Tight Proofs for PSI and OPRFs
The Concrete Security of Two-Party Computation: Simple Definitions, and Tight Proofs for PSI and OPRFs Summary This paper initiates a concrete-security treatme...
SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements
SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements Summary Web crawlers are tools widely used in we...
Adversarial mimicry attacks against image splicing forensics: An approach for jointly hiding manipulations and creating false detections
Adversarial mimicry attacks against image splicing forensics: An approach for jointly hiding manipulations and creating false detections Summary The term “mimi...
“It’s time. Time for digital security.”: An End User Study on Actionable Security and Privacy Advice
“It’s time. Time for digital security.”: An End User Study on Actionable Security and Privacy Advice Summary Digital security advice is the focus of much resea...
Home CISPA Helmholtz Center for Information Security
Meyer/TUM Federal Chancellor Friedrich Merz and Minister President of Saarland Anke Rehlinger visited CISPA, where both gained insights into cybersecurity resea...
Sascha Fahl's research group at CISPA Helmholtz Center for Information Security
Security Authors Juliane Schmüser Ivana Trummová Nicolas Huaman Sascha Fahl Full Paper Visit Detail Page 2025-08-15 “That’s my perspective from 30 years of doi...
Lixom: Protecting Encryption Keys with Execute-Only Memory
Keys with Execute-Only Memory Summary The confidentiality of cryptographic secrets is crucial for the security of modern computing systems. However, ensuring t...
Do Compilers Break Constant-time Guarantees?
Compilers Break Constant-time Guarantees? Summary Side-channel attacks are a significant concern for the im- plementation of cryptographic algorithms. Data-obl...
Summer School 2022
where he currently is an Assistant Professor. From May 12th, 2011 to November 12th, 2011, he visited the University of Tuebingen (Germany), and worked on the se...
Summer School 2023
themselves. Asokan is a Fellow of both ACM and IEEE. For more information about Asokan’s work, visit his website at https://asokan.org/asokan/ or follow him o...
SoK: A Literature and Engineering Review of Regular Expression Denial of Service (ReDoS)
been no systematization of knowledge to delineate the state of the art and identify opportunities for further research. In this paper, we describe the existing...
TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors
strengths. In this paper, we propose TALUS , a general design and a set of three main requirements for a secure symbiosis between TEEs and cryptographic coproc...
AfriNames: Most ASR models "butcher" African Names.
Summary Useful conversational agents must accurately capture named entities to minimize error for downstream tasks, for example, asking a voice assistant to p...
SimSCOOD: Systematic Analysis of Out-of-Distribution Generalization in Fine-tuned Source Code Models
in Fine-tuned Source Code Models Summary Large code datasets have become increasingly accessible for pre-training source code models. However, for the fine-tu...
On Pairing-Free Blind Signature Schemes in the Algebraic Group Model
of concurrent (i.e., arbitrarily interleaved) signing sessions per public key. In this work, we revisit the security of two pairing-free blind signature schemes...
Fast Coloring Despite Congested Relays.
Coloring Despite Congested Relays. Summary We provide a O(log6logn)-round randomized algorithm for distance-2 coloring in CONGEST with Δ2+1 colors. For Δ≫poly...
xiao_zhang
(ICCV) Tags Trustworthy Information Processing Authors Subrat Kishore Dutta Xiao Zhang Full Paper Visit Detail Page 2025-10-13 DivTrackee versus DynTracker: Pr...
stich
(ICML) Tags Authors Yuki Takezawa Xiaowen Jiang Anton Rodomanov Sebastian Stich Full Paper Visit Detail Page 2025-07-14 Decoupled SGDA for Games with Intermit...
vreeken
Trustworthy Information Processing Authors Sascha Xu Joscha Cüppers Jilles Vreeken Full Paper Visit Detail Page 2025-04-11 Federated Binary Matrix Factorizatio...
Why Aren’t We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication
FIDO2 Passwordless Authentication Summary When adopted by the W3C in 2019, the FIDO2 standard for passwordless authentication was touted as a replacement for...
dziedzic
Processing Authors Jan Dubiński Antoni Kowalczuk Franziska Boenisch Adam Dziedzic Full Paper Visit Detail Page 2025-06-01 Unlocking Post-hoc Dataset Inference...
boenisch
Processing Authors Jan Dubiński Antoni Kowalczuk Franziska Boenisch Adam Dziedzic Full Paper Visit Detail Page 2025-06-01 Unlocking Post-hoc Dataset Inference...
riepel
Foundations and Cryptography Authors M Bellare R Ranjan Doreen Riepel A Aldakheel Full Paper Visit Detail Page 2024-12-11 Count Corruptions, Not Users: Improve...
singh
Coppola Arslan Mumtaz Giovanni Camurati Harshad Sathaye Mridula Singh Srdjan Capkun Full Paper Visit Detail Page Year 2024 2024-07-27 Domain Generalisation via...
Golla - CISPA
(CCS) Tags Empirical & Behavioral Security Authors Jonas Hielscher Maximilian Golla Full Paper Visit Detail Page 2025-08-13 Understanding How Users Prepare...
pradel
Adithya Srinivas Parthasarathy Nikos Vasilakis Michael Pradel Cristian-Alexandru Staicu Full Paper Visit Detail Page Year 2021 2021-11-12 Preventing Dynamic Li...
Shaping Test Inputs in Grammar-Based Fuzzing
Shaping Test Inputs in Grammar-Based Fuzzing Summary Fuzzing is an essential method for finding vulnerabilities. Conventional fuzzing looks across a wide input...
Nothing but Regrets — Privacy-Preserving Federated Causal Discovery
Federated Causal Discovery Summary In critical applications, causal models are the prime choice for their trustworthiness and explainability. If data is inhere...
A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites
Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites Summary Heuristics for user experience state that users will transfer their expec...
Certifiers Make Neural Networks Vulnerable to Availability Attacks
it is vital to implement fallback strategies when AI predictions cannot be trusted. Certifiers for neural networks are a reliable way to check the robustness o...
schoenherr
for Computational Linguistics (ACL) Tags Authors Devansh Srivastav Xiao Zhang Full Paper Visit Detail Page 2025-07-11 Exploring the Potential of LLMs for Cod...
Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns
such as OpenAI’s ChatGPT and GitHub Copilot, the software industry quickly utilized these tools for software development tasks, e.g., generating code or consul...
CDI: Copyrighted Data Identification in Diffusion Models
in Diffusion Models Summary Diffusion Models (DMs) benefit from large and diverse datasets for their training. Since this data is often scraped from the Intern...
Usable Authentication in Virtual Reality: Exploring the Usability of PINs and Gestures
popular with its ability to offer new forms of interaction, user interface, and immersion not only for recreation but also for work, therapy, arts, or educati...
Optimizing (L0,L1)-Smooth Functions by Gradient Methods
Optimizing (L0,L1)-Smooth Functions by Gradient Methods Summary WWe study gradient methods for solving an optimization problem with an (L0,L1)-smooth objective...
How Transparent is Usable Privacy and Security Research? A Meta-Study on Current Research Transparency Practices
reporting is crucial to understanding and assessing research, its results and validity, and for fostering replication. While other research fields investigated...
Research Group Dániel Marx at CISPA
Tags Algorithmic Foundations and Cryptography Authors Ameet Gadekar Tanmay Inamdar Full Paper Visit Detail Page 2025-02-24 Residue Domination in Bounded-Treewi...
Nils Ole Tippenhauer
Authors Pranav Shetty Ankush Meshram Markus Karch Christian Haas Nils Ole Tippenhauer Full Paper Visit Detail Page 2025-07-14 GDMA: Fully Automated DMA Rehosti...
Research Group Ali Abbasi at CISPA
Addison Crump Meng Wang Florian Bauckholt Keno Hassler Ali Abbasi Thorsten Holz Full Paper Visit Detail Page 2025-02 -26 A Comprehensive Memory Safety Analysis...
The Power of Words: A Comprehensive Analysis of Rationales and Their Effects on Users’ Permission Decisions
of Rationales and Their Effects on Users’ Permission Decisions Summary Rationales offer a method for app developers to convey their permission needs to users....
The Call Graph Chronicles: Unleashing the Power Within.
The Call Graph Chronicles: Unleashing the Power Within. Summary Call graph generation is critical for program understanding and analysis, but achieving both ac...
On the Effectiveness of Prompt Stealing Attacks on In-The-Wild Prompts
Stealing Attacks on In-The-Wild Prompts Summary Large Language Models (LLMs) have increased demand for high-quality prompts, now considered valuable commoditie...
PREDICTING TIME-VARYING METABOLIC DYNAMICS USING STRUCTURED NEURAL ODE PROCESSES
omic data integration through mathematical simulation and has become an indispensable cornerstone for understanding cellular metabolism. Traditional analysis t...
Engineering a Formally Verified Automated Bug Finder
technique executing programs with symbolic instead of concrete inputs. This principle allows for exploring many program paths at once. Despite its wide adoptio...
Towards Biologically Plausible and Private Gene Expression Data Generation
Differential Privacy (DP) are becoming increasingly prominent in the creation of synthetic data for downstream applications. Existing literature, however, prim...
Engineering a Formally Verified Automated Bug Finder.
technique executing programs with symbolic instead of concrete inputs. This principle allows for exploring many program paths at once. Despite its wide adoptio...
Engineering a Formally Verified Automated Bug Finder
technique executing programs with symbolic instead of concrete inputs. This principle allows for exploring many program paths at once. Despite its wide adoptio...
A Binary-level Thread Sanitizer or Why Sanitizing on the Binary Level is Hard.
Dynamic software testing methods, such as fuzzing, have become a popular and effective method for detecting many types of faults in programs. While most resear...
CodeLMSec Benchmark: Systematically Evaluating and Finding Security Vulnerabilities in Black-Box Code Language Models
Security Vulnerabilities in Black-Box Code Language Models Summary Large language models (LLMs) for automatic code generation have achieved breakthroughs in se...
Confusing Value with Enumeration: Studying the Use of CVEs in Academia
in Academia Summary Common Vulnerabilities and Exposures (CVE) IDs serve as unique identifiers for security-relevant bugs, facilitating clear communication and...
zhang
Symposium (USENIX-Security) Tags Authors Yixin Wu Ziqing Yang Michael Backes Yang Zhang Full Paper Visit Detail Page 2025-08-13 On the Proactive Generation of...
Backes
Minxing Zhang Hongwei Li Wenbo Jiang Hanxiao Chen Xiangyu Yue Michael Backes Xiao Zhang Full Paper Visit Detail Page 2025-08-14 Synthetic Artifact Auditing: Tr...
Drone Security and the Mysterious Case of DJI's DroneID
aerial video photography, promise to reform the logistics industry, and are already used for humanitarian rescue operations and during armed conflicts. Contras...
Learning Counterfactually Invariant Predictors.
Invariant Predictors. Summary Notions of counterfactual invariance (CI) have proven essential for predictors that are fair, robust, and generalizable in the re...
Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge
Knowledge Summary Today’s digital communication relies on complex protocols and specifications for exchanging structured messages and data. Communication natur...
Synthetic Artifact Auditing: Tracing LLM-Generated Synthetic Data Usage in Downstream Applications
models (LLMs) have facilitated the generation of high-quality, cost-effective synthetic data for developing downstream models and conducting statistical analys...
Non-Western Perspectives on Web Inclusivity: A Study of Accessibility Practices in the Global South.
faces unique challenges in achieving digital inclusion due to a heavy reliance on mobile devices for internet access and the prevalence of slow or unreliable n...
"You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards.
Cryptographic Standards. Summary Implementing cryptographic standards is a critical process for the cryptographic ecosystem. Cryptographic standards aim to sup...
Non-Western Perspectives on Web Inclusivity: A Study of Accessibility Practices in the Global South
faces unique challenges in achieving digital inclusion due to a heavy reliance on mobile devices for internet access and the prevalence of slow or unreliable n...
Efficient Model-Stealing Attacks Against Inductive Graph Neural Networks
Graph Neural Networks Summary Graph Neural Networks (GNNs) are recognized as potent tools for processing real-world data organized in graph structures. Especia...
Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories.
of Handling Secret Information in Source Code Repositories. Summary Version control systems for source code, such as Git, are key tools in modern software deve...
SPACETIME: Causal Discovery from Non-Stationary Time Series
complicated by changing causal relationships over time and across environments. Climate patterns, for example, shift over time with recurring seasonal trends,...
“Perfect is the Enemy of Good”: The CISO’s Role in Enterprise Security as a Business Enabler
Security as a Business Enabler Summary Chief Information Security Officers (CISOs) are responsible for setting and executing organizations’ information securit...
How Blind and Low-Vision Users Manage Their Passwords
Their Passwords Summary Managing passwords securely and conveniently is still an open problem for many users. Existing research has examined users' password ma...
Generated Graph Detection.
Generated Graph Detection. Summary Graph generative models become increasingly effective for data distribution approximation and data augmentation. While they...
Approximating δ-Covering
Approximating δ-Covering Summary delta-Covering, for some covering range delta>0, is a continuous facility location problem on undirected graphs where a...
brandt
Foundations and Cryptography Authors Yann Bourreau Sebastian Brandt Alexandre Nolin Full Paper Visit Detail Page 2025-06-23 Distributed Quantum Advantage for...
SoK: On the Offensive Potential of AI
Artificial Intelligence (AI). Unfortunately, more and more evidence shows that AI is also used for offensive purposes. Prior works have revealed various exampl...
Adaptive SGD with Polyak stepsize and Line-search: Robust Convergence and Variance Reduction
Summary The recently proposed stochastic Polyak stepsize (SPS) and stochastic linesearch (SLS) for SGD have shown remarkable effectiveness when training overpa...
Trust Me If You Can – How Usable Is Trusted Types In Practice?
deal with sensitive information such as credit card data, making those applications a prime target for adversaries, e.g., through Cross-Site Scripting (XSS) at...
Towards Faster Decentralized Stochastic Optimization with Communication Compression
efficiency has garnered significant attention as it is considered the main bottleneck for large-scale decentralized Machine Learning applications in distribute...
Personalized Fuzzing: A Case Study with the FANDANGO Fuzzer on a GNSS Module (Short Paper)
with the FANDANGO Fuzzer on a GNSS Module (Short Paper) Summary Fuzzing is a widely used technique for uncovering vulnerabilities in software systems, but trad...
ShadowLoad: Injecting State into Hardware Prefetchers
State into Hardware Prefetchers Summary Hardware prefetchers are an optimization in modern CPUs for predicting memory accesses and preemptively loading the cor...
Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse
their well-known security problems, passwords are still the incumbent authentication method for virtually all online services. To remedy the situation, users a...
How Execution Features Relate to Failures: An Empirical Study and Diagnosis Approach.
is a fundamental aspect of debugging, aiming to identify code regions likely responsible for failures. Traditional techniques primarily correlate statement exe...
Who’s Breaking the Rules? Studying Conformance to the HTTP Specifications and its Security Impact
HTTP is everywhere, and a consistent interpretation of the protocol’s specification is essential for interoperability and security. In 2022, after more than 30...
Mask in the Mirror: Implicit Sparsification
Sparsification Summary Continuous sparsification strategies are among the most effective methods for reducing the inference costs and memory demands of large-s...
FANDANGO: Evolving Language-Based Testing
input specifications (languages) to generate arbitrarily large and diverse sets of valid inputs for a program under test. Modern language-based test generators...
Less is More: Boosting Coverage of Web Crawling through Adversarial Multi-Armed Bandit
Coverage of Web Crawling through Adversarial Multi-Armed Bandit Summary Crawlers are critical for ensuring the dependability and security of web applications b...
What Are the Rules? Discovering Constraints from Data
Constraints from Data Summary Constraint programming and AI planning are powerful tools for solving assignment, optimization, and scheduling problems. They req...
Head(er)s Up! Detecting Security Header Inconsistencies in Browsers
in Browsers Summary In the modern Web, security headers are of the utmost importance for websites to provide protection against various attacks, such as Cross-...
FANDANGO: Evolving Language-Based Testing
input specifications (languages) to generate arbitrarily large and diverse sets of valid inputs for a program under test. Modern language-based test generators...
Perceptions of Distributed Ledger Technology Key Management - An Interview Study with Finance Professionals
using distributed ledger technology (DLT). Previous work has primarily focused on key management for single-user scenarios on Bitcoin. Over the last decade, DL...
Schematic Program Proofs with Abstract Execution
Abstract Execution, a static verification framework based on symbolic execution and dynamic frames for proving properties of schematic programs. Since a schema...
Decentralized Distributed Graph Coloring: Cluster Graphs
is fundamental to distributed computing. We give the first sub-logarithmic distributed algorithm for coloring cluster graphs. These graphs are obtained from th...
On the Privacy Risks of Cell-Based NAS Architectures
studies on neural architecture search (NAS) mainly focus on efficiently and effectively searching for network architectures with better performance. Little pro...
Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication
A Comparative Usability Study of FIDO2 Passwordless Authentication Summary The newest contender for succeeding passwords as the incumbent web authentication sc...
Games and Beyond: Analyzing the Bullet Chats of Esports Livestreaming
Games and Beyond: Analyzing the Bullet Chats of Esports Livestreaming Summary Esports, short for electronic sports, is a form of competition using video games...
Testing Apps With Real-World Inputs
Summary To test mobile apps, one requires realistic and coherent test inputs. The Link approach for Web testing has shown that knowledge bases such as DBPedia...
Towards Optimal Deterministic LOCAL Algorithms on Trees
Towards Optimal Deterministic LOCAL Algorithms on Trees Summary While obtaining optimal algorithms for the most important problems in the LOCAL model has been...
Permission Rationales in the Web Ecosystem: An Exploration of Rationale Text and Design Patterns
Text and Design Patterns Summary Modern web applications use features like camera and geolocation for personalized experiences, requiring user permission via b...
Hypothesizing Missing Causal Variables with LLMs
Hypothesizing Missing Causal Variables with LLMs Summary Scientific discovery is a catalyst for human intellectual advances, driven by the cycle of hypothesis...
Differentially Private Federated Learning with Time-Adaptive Privacy Spending
Spending Summary Federated learning (FL) with differential privacy (DP) provides a framework for collaborative machine learning, enabling clients to train a sh...
FlowChronicle: Synthetic Network Flow Generation through Pattern Set Mining
through Pattern Set Mining Summary Network traffic datasets are regularly criticized, notably for the lack of realism and diversity in their attack or benign t...
Tightly-Secure Group Key Exchange with Perfect Forward Secrecy
Group Key Exchange with Perfect Forward Secrecy Summary In this work, we present a new paradigm for constructing Group Authenticated Key Exchange (GAKE). This...
CacheWarp: Software-based Fault Injection using Selective State Reset
Summary AMD SEV is a trusted-execution environment (TEE), providing confidentiality and integrity for virtual machines (VMs). With AMD SEV, it is possible to s...
Recognizing H-Graphs - Beyond Circular-Arc Graphs
H-Graphs - Beyond Circular-Arc Graphs Summary In 1992 Biró, Hujter and Tuza introduced, for every fixed connected graph H, the class of H-graphs, defined as th...
Residue Domination in Bounded-Treewidth Graphs
Residue Domination in Bounded-Treewidth Graphs Summary For the vertex selection problem (σ,ρ)-DomSet one is given two fixed sets σ and ρ of integers and the ta...
“That’s my perspective from 30 years of doing this”: An Interview Study on Practices, Experiences, and Challenges of Updating Cryptographic Code
Code Summary Keeping cryptographic code up to date and free of vulnerabilities is critical for overall software security. Updating algorithms (e.g., SHA-1 to S...
Jit-Picking: Differential Fuzzing of JavaScript Engines
engines that power websites and even full applications on the Web are driven by the need for an increasingly fast and snappy user experience. These engines use...
Decompositions into two linear forests of bounded lengths
Decompositions into two linear forests of bounded lengths Summary For some k∈𝕫≥0U{∞}, we call a linear forest k-bounded if each of its components has at most k...
Make a Graph Singly Connected by Edge Orientations
a Graph Singly Connected by Edge Orientations Summary A directed graph D is singly connected if for every ordered pair of vertices (s, t), there is at most one...
Open Access Alert: Studying the Privacy Risks in Android WebView’s Web Permission Enforcement
on WebViews to display web pages. While browsers handle permissions through user prompts for each visited site, WebViews require developers to manage web permi...
Multicut Problems in Embedded Graphs: The Dependency of Complexity on the Demand Pattern
Graphs: The Dependency of Complexity on the Demand Pattern Summary The Multicut problem asks for a minimum cut separating certain pairs of vertices: formally,...
Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns
Role of Support Infrastructure in Clickbait PDF Campaigns Summary Clickbait PDFs, an entry point for multiple Web attacks, are distributed via SEO poisoning an...
burkholz
Reddy Abbavaram Abhinav Kumar Saketh Bachu Vineeth N Balasubramanian Amit Sharma Full Paper Visit Detail Page 2025-01-22 GNNs Getting ComFy: Community and Feat...
Research Group Katharina Krombholz at CISPA
Security Authors Alexander Ponticello Filipo Sharevski Simon Anell Katharina Krombholz Full Paper Visit Detail Page 2025-08-13 AirTag-Facilitated Stalking Prot...
muandet
Authors Taero Kim Subeen Park Sungjun Lim Yonghan Jung Krikamol Muandet Kyungwoo Song Full Paper Visit Detail Page Year 2024 2024-07-27 Domain Generalisation v...
AFLrustrust: A LibAFL-based AFL++ prototype
first attempt at rewriting the widely used fuzzer AFL++ as a frontend of LibAFL, our new framework for fuzzers development. This prototype, AFLrustrust as it i...
On orientations maximizing total arc-connectivity
On orientations maximizing total arc-connectivity Summary For a given digraph D and distinct u,ν ⊆ V(D), we denote by λD (u, ν) the local arc-connectivity from...
SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications
in PHP Applications Summary Server-side requests (SSR) are a potent and important tool for modern web applications, as they enable features such as link previe...
Coloring Fast with Broadcasts
Coloring Fast with Broadcasts Summary We present an O(log3 log n)-round distributed algorithm for the (Δ + 1)-coloring problem, where each node broadcasts only...
Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development
Practices and Challenges in Game Development Summary The video game market is one of the biggest for software products. Video game development has progressed i...
Unique NIZKs and Steganography Detection
zero-knowledge (NIZK) proofs tend to be randomized and there are many possible proofs for any fixed NP statement. Can we have NIZKs with only a single $\emph{u...
CookieGuard: Characterizing and Isolating the First-Party Cookie Jar
being phased out or restricted by major browsers, first-party cookies are increasingly being used for web tracking. Prior work has shown that third-party scrip...
CISPA Summer School
SUMMER SCHOOL Our Summer School offers an intensive learning experience for students and early-career professionals in cybersecurity and artificial intelligenc...
Fass - CISPA
Tags Empirical & Behavioral Security Authors Pouneh Nikkhah Bahrami Aurore Fass Zubair Shafiq Visit Detail Page 2025-10-02 It’s not Easy: Applying Supervis...
The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web
pipeline, we conduct the largest to-date study on XS-Leak prevalence in the wild by performing visit inference and a newly proposed variant cookie acceptance i...
sasy
Foundations and Cryptography Authors Yeoh Wei Zhu Lucjan Hanzlik Oliver Valta Full Paper Visit Detail
schwarz
and Defenses Authors Fabian Thomas Daniel Moghimi Michael Torres Michael Schwarz Full Paper Visit Detail Page 2025-10-13 RISCover: Automatic Discovery of User-...
Secure Connected and Mobile Systems
Ole Tippenhauer Tagged Publications Tags Algorithmic Foundations and Cryptography Trustworthy Information Processing Reliable Security Guarantees Threat Detecti...
