August 31 – Detailed Program

RETRACT: Expressive Designated Verifier Anonymous Credentials

Practical Verifiable & Privacy-Preserving Double Auctions

Efficient Implementation of a Post-Quantum Anonymous Credential Protocol

Characterizing the MasterPrint threat on Android devices with capacitive sensors

Characterizing the Use of Code Obfuscation in Malicious and Benign Android Apps

SoK: Modeling Explainability in Security Analytics for Interpretability, Trustworthiness, and Usability

Universal Remote Attestation for Cloud and Edge Platforms

Automated Side-Channel Attacks using Black-Box Neural Architecture Search

Long-Term Analysis of the Dependability of Cloud-based NISQ Quantum Computers

SoK: A Systematic Review of TEE Usage for Developing Trusted Applications

You Only Get One-Shot: Eavesdropping Input Images to Neural Network by Spying SoC-FPGA Internal Bus

A hybrid anonymization pipeline to improve the privacy-utility balance in sensitive datasets for ML purposes

Evaluating Statistical Disclosure Attacks and Countermeasures for Anonymous Voice Calls

k-Anonymity on Metagenomic Features in Microbiome Databases

Mitigating Intersection Attacks in Anonymous Microblogging

Actions Speak Louder Than Passwords: Dynamic Identity for Machine-to-Machine Communication

Beware the Doppelgänger: Attacks against Adaptive Thresholds in Facial Recognition Systems

Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities

Rogue key and impersonation attacks on FIDO2: From theory to practice

Adoption of Information Security Practices in Large-Scale Agile Software Development: A Case Study in the Finance Industry

A Practical Attack on the TLSH Similarity Digest Scheme

Linux-based IoT Benchmark Generator For Firmware Security Analysis Tools

SoK: Practical Detection of Software Supply Chain Attacks

A2P2 - An Android Application Patching Pipeline Based On Generic Changesets

Florian Draschbacher (Graz University of Technology and Secure Information Technology Center Austria, Austria)

Enabling Efficient Threshold Signature Computation via Java Card API

Antonín Dufka and Petr Švenda (Masaryk University, Czechia)

Nakula: Coercion Resistant Data Storage against Time-Limited Adversary

Hayyu Imanda and Kasper Rasmussen (University of Oxford, United Kingdom)

STIXnet: A Novel and Modular Solution for Extracting All STIX Objects in CTI Reports

Francesco Marchiori, Mauro Conti (University of Padova, Italy) and Nino Vincenzo Verde (Leonardo S.p.A., Italy)

Formal Security Analysis of Vehicle Diagnostic Protocols

Modeling Tor Network Growth by Extrapolating Consensus Data

Real-Time Defensive Strategy Selection via Deep Reinforcement Learning

The Effect of Length on Key Fingerprint Verification Security and Usability

An Exploratory Study on the Use of Threat Intelligence Sharing Platforms in Germany, Austria and Switzerland

Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-experts

Digital Twin-Enhanced Incident Response for Cyber-Physical Systems 

Dizzy: Large-Scale Crawling and Analysis of Onion Services

We are thrilled to announce that the ARES 2023 Conference will host its first-ever Women* Session! This new event will bring together women* from the realms of technology, research, and cybersecurity to share their experiences, insights, and visions.

The ARES Women* Session provides a space for exchanging ideas, building connections, and empowering the presence of women* in an industry continuously striving for diversity and inclusivity.

Note: By 'Women*', we refer to all individuals who identify as women or define themselves as female. The session is open to all who identify and perceive themselves in this way.

ARES Keynote - Data security and privacy in emerging scenarios

The rapid advancements in Information and Communication Technologies (ICTs) have been greatly changing our society, with clear societal and economic benefits. Mobile technology, Cloud, Big Data, Internet of things, services and technologies that are becoming more and more pervasive and conveniently accessible, towards to the realization of a ‘smart’ society’. At the heart of this evolution is the ability to collect, analyze, process and share an ever-increasing amount of data, to extract knowledge for offering personalized and advanced services.

A major concern, and potential obstacle, towards the full realization of such evolution is represented by security and privacy issues. As a matter of fact, the (actual or perceived) loss of control over data and potential compromise of their confidentiality can have a strong detrimental impact on the realization of an open framework for enabling collection, processing, and sharing of data, typically stored or processed by external cloud services. In this talk, I will illustrate some security and privacy issues arising in emerging scenarios, focusing in particular on the problem of managing data while guaranteeing confidentiality and integrity of data stored or processed by external providers.

more...