USENIX Security是信息安全领域四大顶级学术会议之一，每年涵盖的安全领域也非常多，包含：二进制安全、固件安全、取证分析、Web安全、隐私保护、恶意分析等。今年更是涵盖了硬件保护、智能合约等新类别。USENIX Security '18共收到524篇论文， 共录取100篇论文（接收率为19.1%）。

Track 1：Security Impacting the Physical World（影响物理世界的安全性）

1、Fear the Reaper: Characterization and Fast Detection of Card Skimmers

害怕收割者：卡片撇取器的特征和快速检测

2、BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid

BlackIoT：高功率设备的物联网僵尸网络可能会扰乱电网

3、Skill Squatting Attacks on Amazon Alexa

亚马逊Alexa的技能蹲攻击

4、CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition

CommanderSong：实用对抗语音识别的系统方法

Track 2：Memory Defenses（内存防御）

1、ACES: Automatic Compartments for Embedded Systems

ACES：嵌入式系统的自动隔间

2、IMIX: In-Process Memory Isolation EXtension

IMIX：进程内存隔离扩展

3、HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security

HeapHopper：带来有界模型检查以实现安全性

4、Guarder: A Tunable Secure Allocator

Guarder：可调整的安全分配器

Track 3：Censorship and Web Privacy（审查和网络隐私）

1、Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies

Fp-Scanner：浏览器指纹不一致的隐私含义

2、Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies

谁打开饼干罐？ 第三方Cookie政策的综合评价

3、Effective Detection of Multimedia Protocol Tunneling using Machine Learning

利用机器学习有效检测多媒体协议隧道

4、Scalable Remote Measurement of Application-Layer Censorship

应用层审查的可扩展远程测量

Track 1：Understanding How Humans Authenticate(了解人类如何进行身份验证)

1、Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse

管理比记忆更好？ 研究管理者对密码强度和重用的影响

2、Forgetting of Passwords: Ecological Theory and Data

忘记密码：生态理论与数据

3、The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to Strength

大学中强密码的奖励和成本：将密码生命周期与力量联系起来

4、Rethinking Authentication and Access Control for the Home Internet of Things (IoT)

重新思考家庭物联网（IoT）的身份验证和访问控制

Track 2：Vulnerability Discovery（漏洞发现）

1、ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands within the Android Ecosystem

跨越注意：Android生态系统中AT命令的全面漏洞分析

2、Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems

魅力：促进移动系统设备驱动程序的动态分析

3、Inception: System-wide Security Testing of Real-World Embedded Systems Software

成立：真实世界嵌入式系统软件的系统范围安全测试

4、Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices

基于采集规则的引擎，用于发现物联网设备

Track 1：Web Applications（Web应用程序）

1、A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning

JavaScript和Node.js的时间感：一流的超时作为事件处理程序中毒的治疗方法

2、Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers

冻结Web：基于JavaScript的Web服务器中的ReDoS漏洞研究

3、NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications

NAVEX：动态Web应用程序的精确可扩展漏洞利用生成

4、Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks

Rampart：保护Web应用程序免受CPU耗尽的拒绝服务攻击

Track 2：Anonymity（匿名）

1、How do Tor users interact with onion services?

Tor用户如何与洋葱服务互动？

2、Towards Predicting Efficient and Anonymous Tor Circuits

预测高效和匿名的Tor电路

3、BurnBox: Self-Revocable Encryption in a World Of Compelled Access

BurnBox：强制访问世界中的自我可撤销加密

4、An Empirical Analysis of Anonymity in Zcash

Zcash中匿名性的实证分析

Track 1：Privacy in a Digital World（数字世界中的隐私）

1、Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes

揭开和量化Facebook对广告目的的敏感个人数据的利用

2、Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide?

健身追踪社交网络中的隐私保护分析 - 或者 - 你可以跑，但你可以隐藏吗？

3、AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning

AttriGuard：通过对抗性机器学习实现对属性推理攻击的实用防御

4、Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning

Polisis：使用深度学习自动分析和呈现隐私政策

Track 2：Attacks on Crypto & Crypto Libraries（对Crypto和Crypto库的攻击）

1、Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

Efail：使用Exfiltration通道打破S / MIME和OpenPGP电子邮件加密

2、The Dangers of Key Reuse - Practical Attacks on IPsec IKE

密钥重用的危险 - 对IPsec IKE的实际攻击

3、One&Done: A Single-Decryption EM-Based Attack on OpenSSL’s Constant-Time Blinded RSA

One＆Done：对OpenSSL的恒定时间盲区RSA进行基于EM的单解密攻击

4、DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries

数据 - 差分地址跟踪分析：在二进制中查找基于地址的侧通道

Track 1：Enterprise Security（企业安全）

1、The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level

纽约之战：企业级应用数字威胁建模的案例研究

2、SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection

SAQL：基于流的查询系统，用于实时异常系统行为检测

Track 2：Zero-Knowledge（零知识）

1、Practical Accountability of Secret Processes

秘密过程的实际问责制

2、DIZK: Distributing Zero Knowledge Proof Systems

DIZK：分发零知识证明系统

Track 3：Network Defenses（网络防御）

1、NetHide: Secure and Practical Network Topology Obfuscation

NetHide：安全实用的网络拓扑混淆

2、Towards a Secure Zero-rating Framework with Three Parties

建立三方安全零评级框架

Track 1：Fuzzing and Exploit Generation（模糊和开发生成）

1、MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation

MoonShine：使用痕量蒸馏优化OS Fuzzer种子选择

2、QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

QSYM：为混合模糊测试而量身定制的实用复杂执行引擎

3、Automatic Heap Layout Manipulation for Exploitation

利用自动堆布局操作

4、FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities

FUZE：为促进内核使用后免费漏洞的利用提供便利

Track 2：TLS and PKI

1、The Secure Socket API: TLS as an Operating System Service

安全套接字API：TLS作为操作系统服务

2、Return Of Bleichenbacher’s Oracle Threat (ROBOT)

Bleichenbacher甲骨文威胁（ROBOT）的回归

3、Bamboozling Certificate Authorities with BGP

使用BGP的Bamboozling证书颁发机构

4、The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI

破碎之盾：在Windows代码签名PKI中测量撤销效率

Track 3：Vulnerability Mitigations（漏洞缓解措施）

1、Debloating Software through Piece-Wise Compilation and Loading

通过Piece-Wise编译和加载去除软件

2、Precise and Accurate Patch Presence Test for Binaries

二进制的精确和准确的补丁存在测试

3、From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild

从补丁延迟到感染症状：使用风险概况及早发现在野外开发的漏洞

4、Understanding the Reproducibility of Crowd-reported Security Vulnerabilities

了解群体报告的安全漏洞的再现性

Track 1：Side Channels（侧通道）

1、Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think

恶意管理单元：为什么在软件中停止缓存攻击比你想象的更难

2、Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks

翻译泄漏缓冲区：使用TLB攻击击败缓存侧通道保护

3、Meltdown: Reading Kernel Memory from User Space

崩溃：从用户空间读取内核内存

4、Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution

Foreshadow：通过瞬态无序执行将密钥提取到英特尔SGX王国

Track 2：Cybercrime（网络犯罪）

1、Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets

即插即用？ 通过在线匿名市场衡量网络犯罪的商品化

2、Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces

阅读盗贼的行为：自动识别和理解网络犯罪市场的黑暗行为

3、Schrödinger’s RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem

Schrödinger的RAT：分析远程访问特洛伊木马生态系统中的利益相关者

4、The aftermath of a crypto-ransomware attack at a large academic institution

一个大型学术机构的加密勒索软件攻击的后果

Track 1：Web and Network Measurement（Web和网络测量）

1、We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS

我们仍然没有安全的跨域请求：CORS的实证研究

2、End-to-End Measurements of Email Spoofing Attacks

电子邮件欺骗攻击的端到端测量

3、Who Is Answering My Queries: Understanding and Characterizing Illegal Interception of DNS Resolution Path at ISP Level

谁在回答我的疑问：了解和描述ISP级别的非法拦截DNS解析路径

4、End Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks

最终用户获取机动：内容交付网络中重定向劫持的实证分析

Track 2：Malware（恶意软件）

1、SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics

SAD THUG：使用图形传输高价值信息的结构异常检测

2、FANCI : Feature-based Automated NXDomain Classification and Intelligence

FANCI：基于功能的自动NXDomain分类和智能

3、An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications

实际移动应用中Web资源操作的实证研究

4、Fast and Service-preserving Recovery from Malware Infections Using CRIU

使用CRIU从恶意软件感染恢复快速和服务

Track 1：Subverting Hardware Protections（颠覆硬件保护）

1、The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX

Guard的困境：针对英特尔SGX的高效代码重用攻击

2、A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping

一个糟糕的梦想：在你睡觉时颠覆可信平台模块

Track 2：More Malware

3、Tackling runtime-based obfuscation in Android with TIRO

使用TIRO解决Android中基于运行时的混淆问题

4、Discovering Vulnerabilities in Security-Focused Static Analysis Tools for Android using Systematic Mutation

使用系统变异发现针对安全性的Android静态分析工具中的漏洞

Track 3：Attacks on Systems That Learn（对学习系统的攻击）

1、With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning

伟大的训练带来了巨大的漏洞：对转移学习的实际攻击

2、When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks

机器学习什么时候失败？ 逃避和中毒攻击的广义可转移性

Track 1：Smart Contracts（智能合约）

1、teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts

teEther：啃着以太坊以自动利用智能合约

2、Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts

进入九头蛇：走向原则性的Bug赏金和利用漏洞的智能合约

3、Arbitrum: Scalable smart contracts

Arbitrum：可扩展的智能合约

4、Erays: Reverse Engineering Ethereum's Opaque Smart Contracts

Erays：逆向工程以太坊的不透明智能合约

Track 2：Executing in Untrusted Environments（在不受信任的环境中执行）

1、DelegaTEE: Brokered Delegation Using Trusted Execution Environments

DelegaTEE：使用可信执行环境进行代理授权

2、Simple Password-Hardened Encryption Services

简单的密码加密加密服务

3、Security Namespace: Making Linux Security Frameworks Available to Containers

安全命名空间：使Linux安全框架可用于容器

4、Shielding Software From Privileged Side-Channel Attacks

屏蔽来自特权侧信道攻击的软件

Track 3：Web Authentication（Web身份验证）

1、Vetting Single Sign-On SDK Implementations via Symbolic Reasoning

通过符号推理审核单点登录SDK实现

2、O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web

O单点签名，你在哪里？ 网上单点登录账号劫持与会话管理的实证分析

3、WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring

WPSE：通过浏览器端安全监控强化Web协议

4、Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer

机器人：利用计算机内部的不安全通信

Track 1：Wireless Attacks（无线攻击）

1、All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems

你所有的GPS都属于我们：走向道路导航系统的隐形操控

2、Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors

注入和交付：通过欺骗惯性传感器制造对驱动系统的隐式控制

3、Modeling and Analysis of a Hierarchy of Distance Bounding Attacks

一种距离边界攻击层次的建模与分析

4、Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secret

路径外TCP攻击：无线路由器如何危害您的秘密

Track 2：Neural Networks（神经网络）

1、Formal Security Analysis of Neural Networks using Symbolic Intervals

基于符号区间的神经网络形式安全性分析

2、Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring

把你的弱点转化为力量：通过Backdooring水印深度神经网络

3、A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation

A4NT：神经机器翻译的对抗训练的作者属性匿名

4、GAZELLE: A Low Latency Framework for Secure Neural Network Inference

GAZELLE：一种用于安全神经网络推理的低延迟框架

Track 3：Information Tracking（信息跟踪）

1、FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps

FlowCog：Android应用程序中信息流泄漏的上下文感知语义提取和分析

2、Sensitive Information Tracking in Commodity IoT

商品物联网中的敏感信息跟踪

3、Enabling Refinable Cross-host Attack Investigation with Efficient Data Flow Tagging and Tracking

通过高效的数据流标记和跟踪实现可修复的跨主机攻击调查

4、Dependence-Preserving Data Compaction for Scalable Forensic Analysis

可伸缩取证分析的依赖性保留数据压缩