Titlebook: Computer Security – ESORICS 2022; 27th European Sympos Vijayalakshmi Atluri,Roberto Di Pietro,Weizhi Meng Conference proceedings 2022 The E

UNT

A Composable Security Treatment of ECVRF and Batch Verificationspair. These primitives enable fair and verifiable pseudorandom lotteries, essential in proof-of-stake blockchains such as Algorand and Cardano, and are being used to secure billions of dollars of capital. As a result, there is an ongoing IRTF effort to standardize VRFs, with a proposed ECVRF based o

存在主义

凹槽

A Tale of Two Models: Formal Verification of , via Tamarintivated by trade-offs in the characteristics of post-quantum algorithms. Prior proofs of security of . and its variant . have been hand-written proofs in the reductionist model under computational assumptions. In this paper, we present computer-verified symbolic analyses of . and . using two distinc

Intrepid

Browser-Based CPU Fingerprintingrecise knowledge about microarchitectural properties. While a native attacker can easily query many of these properties, the sandboxed environment in browsers prevents this. In this paper, we present six side-channel-related benchmarks that reveal CPU properties, such as cache sizes or cache associa

pineal-gland

Polymorphic Protocols at the Example of Mitigating Web Botsne games or social media. Bots impact the revenue of service providers and can damage society by spreading false information. While few bots are usually not a problem, a large number is. Thus, we focus on bots that directly use a service’s application protocol, as they are the most efficient and eas

gusher

Unlinkable Delegation of WebAuthn Credentialss on behalf of users. This introduces challenges when the account owner wants to delegate certain rights to a proxy user, such as to access their accounts or perform actions on their behalf, as delegation must not undermine the decentralisation, unlinkability, and attestation properties provided by

行乞

Large Scale Analysis of DoH Deployment on the Internetfrom monopolisation of surveillance to lost visibility by network administrators and security providers. More importantly, it is a novel security business. Software products and organisations depend on users choosing well-known and trusted DoH resolvers. However, there is no comprehensive study on t

Freeze

synovitis

Exploring the Characteristics and Security Risks of Emerging Emoji Domain Names), little has been done to understand its development status and security issues. In this paper, we identify 54,403 emoji domains from 1,366 TLD zone files and a large-scale passive DNS dataset. And then, we correlate them with auxiliary data sources like domain WHOIS records. It allowed us to condu

思考而得

CPU Port Contention Without SMTrawback of this channel is that it heavily relies on simultaneous multi-threading, which can be absent from some CPUs or simply disabled by the OS..In this paper, we present ., which does not require SMT. It exploits sub-optimal scheduling to execution ports for instruction-level parallelization. As