The reading group meets weekly on Wednesday, 10am during term time and is open to the public. We read both new papers and classics in the field of distributed systems and security. Occasionally, we also discuss pre-prints and critique work-in-progress papers. Papers are shared via the mailing list on Monday morning, giving everyone ample time to read them before the meeting.
| Date | Paper | Full Citation |
|---|---|---|
| 1st Jul 2025 | Breaking and fixing content-defined chunking iacr | Truong, K.T., Merz, S.P., Scarlata, M., GĂŒnther, F. and Paterson, K.G., 2025. Breaking and fixing content-defined chunking. Cryptology ePrint Archive. |
| 25th Jun 2025 | CoverDrop Implementation Paper | Hugenroth, D., Cutler, S., Kendrick, D., Savarese, M., Hunter-Green, Z., McMahon, P., Kalanaki, M., Vasile, D.A., Bejasa-Dimmock, S., Hoyland, L. and Beresford, A.R., 2025. CoverDrop White Paper (No. UCAM-CL-TR-999). University of Cambridge, Computer Laboratory. |
| 18th Jun 2025 | Sabot: Efficient and Strongly Anonymous Bootstrapping of Communication Channels iacr | Coijanovic, C., Hetz, L., Paterson, K.G. and Strufe, T., 2025. Sabot: Efficient and Strongly Anonymous Bootstrapping of Communication Channels. Cryptology ePrint Archive. |
| 11th Jun 2025 | Anix: Anonymous Blackout-Resistant Microblogging with Message Endorsing | Kamali, S. and Barradas, D., 2025. Anix: Anonymous Blackout-Resistant Microblogging with Message Endorsing. |
| 4th Jun 2025 | SoK: "Interoperability vs Security" Arguments: A Technical Framework arxiv | Landis, D., Bietti, E. and Park, S., 2025. SoK: "Interoperability vs Security" Arguments: A Technical Framework. arXiv preprint arXiv:2502.04538. |
| 28th May 2025 | You Have to Ignore the Dangers: User Perceptions of the Security and Privacy Benefits of WhatsApp Mods IEEE S&P | Munyendo, C.W., Owens, K., Strong, F., Wang, S., Aviv, A.J., Kohno, T. and Roesner, F., 2025, May. âYou Have to Ignore the Dangersâ: User Perceptions of the Security and Privacy Benefits of WhatsApp Mods. In 2025 IEEE Symposium on Security and Privacy (S&P) (pp. 4515-4533). IEEE. |
| 21st May 2025 | Nitriding: A tool kit for building scalable, networked, secure enclaves arxiv | Winter, P., Giles, R., Schafhuber, M. and Haddadi, H., 2022. Nitriding: A tool kit for building scalable, networked, secure enclaves. arXiv preprint arXiv:2206.04123. |
| 14th May 2025 | Flock: A Framework for Deploying On-Demand Distributed Trust | Kaviani, D., Tan, S., Kannan, P.G. and Popa, R.A., 2024. Flock: A Framework for Deploying On-Demand Distributed Trust. In 18th USENIX Symposium on Operating Systems Design and Implementation (OSDI 24) (pp. 721-743). |
| 7th May 2025 | T0RTT: Non-Interactive Immediate Forward-Secret Single-Pass Circuit Construction iacr | Lauer, S., Gellert, K., Merget, R., Handirk, T. and Schwenk, J., 2019. T0RTT: non-interactive immediate forward-secret single-pass circuit construction. Cryptology ePrint Archive. |
| 30th Apr 2025 | Janus: Fast Privacy-Preserving Data Provenance For TLS PETS | Lauinger, J., Ernstberger, J., Finkenzeller, A. and Steinhorst, S., 2025. Janus: Fast Privacy-Preserving Data Provenance For TLS. Proceedings on Privacy Enhancing Technologies. |
| Date | Paper | Full Citation |
|---|---|---|
| 12th Mar 2025 | Attestable Builds: Assembling Verifiable Artifacts on Untrusted Machines using Trusted Execution Environments arxiv | Hugenroth, D., Lins, M., Mayrhofer, R. and Beresford, A., 2025. Attestable builds: compiling verifiable binaries on untrusted systems using trusted execution environments. arXiv preprint arXiv:2505.02521. |
| 5th Mar 2025 | Turning a Bluetooth Device into an Apple AirTag Without Root Privileges | Chen, J., Ma, X., Luo, L. and Zeng, Q., Tracking You from a Thousand Miles Away! Turning a Bluetooth Device into an Apple AirTag Without Root Privileges. |
| 26th Feb 2025 | Architectural Neural Backdoors from First Principles IEEE S&P | Langford, H., Shumailov, I., Zhao, Y., Mullins, R. and Papernot, N., 2025, May. Architectural neural backdoors from first principles. In 2025 IEEE Symposium on Security and Privacy (S&P) (pp. 1657-1675). IEEE. |
| 19th Feb 2025 | It's TEEtime: A New Architecture Bringing Sovereignty to Smartphones arxiv | Groschupp, F., Kuhne, M., Schneider, M., Puddu, I., Shinde, S. and Capkun, S., 2022. It's TEEtime: A New Architecture Bringing Sovereignty to Smartphones. arXiv preprint arXiv:2211.05206. |
| 12th Feb 2025 | Granola: Low-Overhead Distributed Transaction Coordination | Cowling, J. and Liskov, B., 2012. Granola: low-overhead distributed transaction coordination. In 2012 USENIX Annual Technical Conference (USENIX ATC 12) (pp. 223-235). |
| 5th Feb 2025 | How To Think About End-To-End Encryption and AI: Training, Processing, Disclosure, and Consent arxiv | Knodel, M., FĂĄbrega, A., Ferrari, D., Leiken, J., Hou, B.L., Yen, D., de Alfaro, S., Cho, K. and Park, S., 2024. How To Think About End-To-End Encryption and AI: Training, Processing, Disclosure, and Consent. arXiv preprint arXiv:2412.20231. |
| 29th Jan 2025 | BadRAM: Practical Memory Aliasing Attacks on Trusted Execution Environments IEEE S&P | De Meulemeester, J., Wilke, L., Oswald, D., Eisenbarth, T., Verbauwhede, I. and Van Bulck, J., 2025, May. BadRAM: Practical memory aliasing attacks on trusted execution environments. In 2025 IEEE Symposium on Security and Privacy (S&P) (pp. 4117-4135). IEEE. |
| Date | Paper | Full Citation |
|---|---|---|
| 18th Dec 2024 | Machine Learning needs Better Randomness Standards: Randomised Smoothing and PRNG-based attacks USENIX Sec | Dahiya, P., Shumailov, I. and Anderson, R., 2024. Machine Learning needs Better Randomness Standards: Randomised Smoothing and PRNG-based attacks. In 33rd USENIX Security Symposium (USENIX Security 24) (pp. 3657-3674). |
| 11th Dec 2024 | Kintsugi: Decentralized E2EE Key Recovery | Ma, E., Kleppmann, M. 2025. Kintsugi: Decentralized E2EE Key Recovery. To be published in Security Protocols XXIX. |
| 4th Dec 2024 | Amigo: Secure Group Mesh Messaging in Realistic Protest Settings iacr | Inyangson, D., Radway, S., Jois, T.M., Fazio, N. and Mickens, J., 2024. Amigo: Secure Group Mesh Messaging in Realistic Protest Settings. Cryptology ePrint Archive. |
| 28th Nov 2024 | Machine learning with confidential computing: a systematization of knowledge | Mo, F., Tarkhani, Z. and Haddadi, H., 2024. Machine learning with confidential computing: A systematization of knowledge. ACM computing surveys, 56(11), pp.1-40. |
| 20th Nov 2024 | Unmasking the Security and Usability of Password Masking ACM CCS | Hu, Y., Alroomi, S., Sahin, S. and Li, F., 2024, December. Unmasking the Security and Usability of Password Masking. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (pp. 4241-4255). |
| 13th Nov 2024 | Rust for Embedded Systems: Current State, Challenges and Open Problems arxiv | Sharma, A., Sharma, S., Torres-Arias, S., & Machiry, A. (2023). Rust for embedded systems: current state, challenges and open problems (extended report). arXiv preprint arXiv:2311.05063. |
| 6th Nov 2024 | Sui Lutris: A blockchain combining broadcast and consensus ACM CCS | Blackshear, S., Chursin, A., Danezis, G., Kichidis, A., Kokoris-Kogias, L., Li, X., Logan, M., Menon, A., Nowacki, T., Sonnino, A. and Williams, B., 2024, December. Sui lutris: A blockchain combining broadcast and consensus. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (pp. 2606-2620). |
| 30th Oct 2024 | End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosystem ACM CCS | Hofmann, J. and Truong, K.T., 2024, December. End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosystem. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (pp. 3988-4001). |
| 23rd Oct 2024 | Skipped or non-public | |
| 16th Oct 2024 | Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned Hardware | Yao, Z., Seyed Talebi, S.M., Chen, M., Amiri Sani, A. and Anderson, T., 2023, June. Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned Hardware. In Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services (pp. 233-246). |
| 9th Oct 2024 | Non-Transferable Anonymous Tokens by Secret Binding ACM CCS | Durak, F.B., Marco, L., Talayhan, A. and Vaudenay, S., 2024, December. Non-Transferable Anonymous Tokens by Secret Binding. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (pp. 2460-2474). |
| 2nd Oct 2024 | Tor: From the dark web to the future of privacy. | Collier, B., 2024. Tor: From the dark web to the future of privacy. MIT Press. |
| Date | Paper | Full Citation |
|---|---|---|
| 10th Jul 2024 | All about Eve: Execute-Verify Replication for Multi-Core Servers | Kapritsos, M., Wang, Y., Quema, V., Clement, A., Alvisi, L. and Dahlin, M., 2012. All about Eve: execute-verify replication for multi-core servers. In 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12) (pp. 237-250). |
| 3rd Jul 2024 | Private Web Search with Tiptoe | Henzinger, A., Dauterman, E., Corrigan-Gibbs, H. and Zeldovich, N., 2023, October. Private web search with Tiptoe. In Proceedings of the 29th symposium on operating systems principles (pp. 396-416). |
| 26th Jun 2024 | TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution IEEE S&P | Kim, J., Park, J., Roh, S., Chung, J., Lee, Y., Kim, T. and Lee, B., 2025, May. TIKTAG: Breaking arm's memory tagging extension with speculative execution. In 2025 IEEE Symposium on Security and Privacy (S&P) (pp. 4063-4081). IEEE. |
| 19th Jun 2024 | MixMatch: Flow Matching for Mixnet Traffic PETS | Oldenburg, L., Juarez, M., RĂșa, E.A. and Diaz, C., 2024. Mixmatch: Flow matching for mixnet traffic. Proceedings on Privacy Enhancing Technologies, 2024(2), pp.276-294. |
| 12th Jun 2024 | Holepunch: Fast, Secure File Deletion with Crash Consistency IEEE S&P | Ratliff, Z., Goh, W., Wieland, A., Mickens, J. and Williams, R., 2024, May. Holepunch: Fast, Secure File Deletion with Crash Consistency. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 2705-2721). IEEE. |
| 5th Jun 2024 | A Tale of Two Industroyers: It was the season of Darkness IEEE S&P | Salazar, L., Castro, S.R., Lozano, J., Koneru, K., Zambon, E., Huang, B., Baldick, R., Krotofil, M., Rojas, A. and Cardenas, A.A., 2024, May. A tale of two Industroyers: It was the season of darkness. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 312-330). IEEE. |
| 29th May 2024 | Surveilling the Masses with Wi-Fi-Based Positioning Systems IEEE S&P | Rye, E. and Levin, D., 2024, May. Surveilling the Masses with Wi-Fi-Based Positioning Systems. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 2831-2846). IEEE. |
| 22nd May 2024 | Skipped or non-public | |
| 15th May 2024 | On SMS Phishing Tactics and Infrastructure IEEE S&P | Nahapetyan, A., Prasad, S., Childs, K., Oest, A., Ladwig, Y., Kapravelos, A. and Reaves, B., 2024, May. On sms phishing tactics and infrastructure. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 1-16). IEEE. |
| 8th May 2024 | Evaluations of Machine Learning Privacy Defenses are Misleading ACM CCS | Aerni, M., Zhang, J. and TramĂšr, F., 2024, December. Evaluations of machine learning privacy defenses are misleading. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (pp. 1271-1284). |
| 1st May 2024 | DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing IEEE S&P | Ammann, M., Hirschi, L. and Kremer, S., 2024, May. DY fuzzing: formal Dolev-Yao models meet cryptographic protocol fuzz testing. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 1481-1499). IEEE. |
| 24th Apr 2024 | PolySphinx: Extending the Sphinx Mix Format With Better Multicast Support IEEE S&P | Schadt, D., Coijanovic, C., Weis, C. and Strufe, T., 2024, May. PolySphinx: Extending the Sphinx Mix Format With Better Multicast Support. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 4386-4404). IEEE. |
| 17th Apr 2024 | Routing Attacks on Cryptocurrency Mining Pools IEEE S&P | Tran, M., von Arx, T. and Vanbever, L., 2024, May. Routing Attacks on Cryptocurrency Mining Pools. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 3805-3821). IEEE. |
| Date | Paper | Full Citation |
|---|---|---|
| 20th Mar 2024 | Nebula: A Privacy-First Platform for Data Backhaul IEEE S&P | Watson, J.L., Despres, T., Tan, A., Patil, S.G., Dutta, P. and Popa, R.A., 2024, May. Nebula: A Privacy-First Platform for Data Backhaul. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 3184-3202). IEEE. |
| 13th Mar 2024 | INVISILINE: Invisible Plausibly-Deniable Storage IEEE S&P | Pinjala, S.K., Carbunar, B., Chakraborti, A. and Sion, R., 2024, May. INVISILINE: Invisible plausibly-deniable storage. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 2722-2739). IEEE. |
| 6th Mar 2024 | Share with Care: Breaking E2EE in Nextcloud IEEE S&P | Albrecht, M.R., Backendal, M., Coppola, D. and Paterson, K.G., 2024, July. Share with care: Breaking E2EE in Nextcloud. In 2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P) (pp. 828-840). IEEE. |
| 28th Feb 2024 | Bluesky and the AT Protocol: Usable Decentralized Social Media | Kleppmann, M., Frazee, P., Gold, J., Graber, J., Holmgren, D., Ivy, D., Johnson, J., Newbold, B. and Volpert, J., 2024, December. Bluesky and the at protocol: Usable decentralized social media. In Proceedings of the ACM Conext-2024 Workshop on the Decentralization of the Internet (pp. 1-7). |
| 21st Feb 2024 | Don't Shoot the Messenger: Localization Prevention of Satellite Internet Users IEEE S&P | Koisser, D., Mitev, R., Chilese, M. and Sadeghi, A.R., 2024, May. Donât shoot the messenger: Localization prevention of satellite internet users. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 426-444). IEEE. |
| 14th Feb 2024 | Content Censorship in the InterPlanetary File System arxiv | Sridhar, S., Ascigil, O., Keizer, N., Genon, F., Pierre, S., Psaras, Y., RiviĂšre, E. and KrĂłl, M., 2023. Content censorship in the interplanetary file system. arXiv preprint arXiv:2307.12212. |
| 7th Feb 2024 | Skipped or non-public | |
| 31st Jan 2024 | On the Anonymity of Peer-To-Peer Network Anonymity Schemes Used by Cryptocurrencies arxiv | Sharma, P.K., Gosain, D. and Diaz, C., 2022. On the anonymity of peer-to-peer network anonymity schemes used by cryptocurrencies. arXiv preprint arXiv:2201.11860. |
| 24th Jan 2024 | Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains | Hutchins, E.M., Cloppert, M.J. and Amin, R.M., 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1(1), p.80. |
| 17th Jan 2024 | ADEM: An Authentic Digital EMblem ACM CCS | Linker, F. and Basin, D., 2023, November. ADEM: An authentic digital emblem. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 2815-2829). |
| 10th Jan 2024 | The Experts' Insights on the Peer Review Process of Evaluating Security Papers IEEE S&P | Soneji, A., Kokulu, F.B., Rubio-Medrano, C., Bao, T., Wang, R., Shoshitaishvili, Y. and DoupĂ©, A., 2022, May. âFlawed, but like democracy we donât have a better systemâ: The Expertsâ Insights on the Peer Review Process of Evaluating Security Papers. In 2022 IEEE Symposium on Security and Privacy (S&P) (pp. 1845-1862). IEEE. |
| Date | Paper | Full Citation |
|---|---|---|
| 13th Dec 2023 | Fin: Practical signature-free asynchronous common subset in constant time ACM CCS | Duan, S., Wang, X. and Zhang, H., 2023, November. Fin: Practical signature-free asynchronous common subset in constant time. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 815-829). |
| 6th Dec 2023 | SoK: Design, vulnerabilities, and security measures of cryptocurrency wallets arxiv | Erinle, Y., Kethepalli, Y., Feng, Y. and Xu, J., 2023. Sok: Design, vulnerabilities, and security measures of cryptocurrency wallets. arXiv preprint arXiv:2307.12874. |
| 30th Nov 2023 | How the Great Firewall of China detects and blocks fully encrypted traffic USENIX Sec | Wu, M., Sippe, J., Sivakumar, D., Burg, J., Anderson, P., Wang, X., Bock, K., Houmansadr, A., Levin, D. and Wustrow, E., 2023. How the Great Firewall of China detects and blocks fully encrypted traffic. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 2653-2670). |
| 23rd Nov 2023 | Passive SSH Key Compromise via Lattices ACM CCS | Ryan, K., He, K., Sullivan, G.A. and Heninger, N., 2023, November. Passive SSH key compromise via lattices. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 2886-2900). |
| 15th Nov 2023 | An analysis of pre-installed Android software | Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J. and Vallina-Rodriguez, N., 2020, May. An analysis of pre-installed android software. In 2020 IEEE symposium on security and privacy (S&P) (pp. 1039-1055). IEEE. |
| 8th Nov 2023 | CHERIoT: Complete Memory Safety for Embedded Devices | Amar, S., Chisnall, D., Chen, T., Filardo, N.W., Laurie, B., Liu, K., Norton, R., Moore, S.W., Tao, Y., Watson, R.N. and Xia, H., 2023, October. CHERIoT: Complete memory safety for embedded devices. In Proceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 641-653). |
| 1st Nov 2023 | Flamingo: Multi-Round Single-Server Secure Aggregation with Applications to Private Federated Learning IEEE S&P | Ma, Y., Woods, J., Angel, S., Polychroniadou, A. and Rabin, T., 2023, May. Flamingo: Multi-round single-server secure aggregation with applications to private federated learning. In 2023 IEEE Symposium on Security and Privacy (S&P) (pp. 477-496). IEEE. |
| 25th Oct 2023 | Cryptographic Capability Computing | LeMay, M., Rakshit, J., Deutsch, S., Durham, D.M., Ghosh, S., Nori, A., Gaur, J., Weiler, A., Sultana, S., Grewal, K. and Subramoney, S., 2021, October. Cryptographic capability computing. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 253-267). |
| 18th Oct 2023 | Hertzbleed 2 IEEE S&P | Wang, Y., Paccagnella, R., Wandke, A., Gang, Z., Garrett-Grossman, G., Fletcher, C.W., Kohlbrenner, D. and Shacham, H., 2023, May. DVFS frequently leaks secrets: Hertzbleed attacks beyond SIKE, cryptography, and CPU-only data. In 2023 IEEE Symposium on Security and Privacy (S&P) (pp. 2306-2320). IEEE. |
| 11th Oct 2023 | I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape NDSS | Tagliaro, C., Hahn, F., Sepe, R., Aceti, A. and Lindorfer, M., 2023. I still know what you watched last Sunday: Privacy of the HbbTV protocol in the European smart TV landscape. In 30th Annual Network and Distributed System Security, NDSS 2023. |
| 4th Oct 2023 | Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings USENIX Sec | Bitsikas, E., Schnitzler, T., Pöpper, C. and Ranganathan, A., 2023. Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 2151-2168). |
| 27th Sep 2023 | Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem USENIX Sec | Eldridge, H., Beck, G., Green, M., Heninger, N. and Jain, A., 2024. Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem. In 33rd USENIX Security Symposium (USENIX Security 24) (pp. 5431-5448). |
| 20th Sep 2023 | Skipped or non-public | |
| 13th Sep 2023 | BRUTEPRINT: Expose Smartphone Fingerprint Authentication to Brute-force Attack arxiv | Chen, Y. and He, Y., 2023. BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack. arXiv preprint arXiv:2305.10791. |
| 6th Sep 2023 | Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge USENIX Sec | Bars, N., Schloegel, M., Scharnowski, T., Schiller, N. and Holz, T., 2023. Fuzztruction: using fault injection-based fuzzing to leverage implicit domain knowledge. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 1847-1864). |
| Date | Paper | Full Citation |
|---|---|---|
| 28th Jun 2023 | Pool-Party: Exploiting Browser Resource Pools as Side-Channels for Web Tracking USENIX Sec | Snyder, P., Karami, S., Edelstein, A., Livshits, B. and Haddadi, H., 2023. Pool-Party: Exploiting browser resource pools for web tracking. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 7091-7105). |
| 21st Jun 2023 | CalvinFS: Consistent WAN Replication and Scalable Metadata Management for Distributed File Systems | Thomson, A. and Abadi, D.J., 2015. CalvinFS: Consistent WAN Replication and Scalable Metadata Management for Distributed File Systems. In 13th USENIX Conference on File and Storage Technologies (FAST 15) (pp. 1-14). |
| 14th Jun 2023 | Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid Distribution IEEE S&P | Wang, B., Lueks, W., Sukaitis, J., Narbel, V.G. and Troncoso, C., 2023, May. Not yet another digital ID: privacy-preserving humanitarian aid distribution. In 2023 IEEE Symposium on Security and Privacy (S&P) (pp. 645-663). IEEE. |
| 7th Jun 2023 | Deep perceptual hashing algorithms with hidden dual purpose: when client-side scanning does facial recognition IEEE S&P | Jain, S., CreĆŁu, A.M., Cully, A. and de Montjoye, Y.A., 2023, May. Deep perceptual hashing algorithms with hidden dual purpose: when client-side scanning does facial recognition. In 2023 IEEE Symposium on Security and Privacy (S&P) (pp. 234-252). IEEE. |
| 31st May 2023 | Eavesdropping risks of the DisplayPort video interface | Erdeljan, D., 2023. Eavesdropping risks of the displayport video interface. Doctoral dissertation, University of Cambridge (United Kingdom). |
| 24th May 2023 | Dissecting BFT Consensus: In Trusted Components we Trust! | Gupta, S., Rahnama, S., Pandey, S., Crooks, N. and Sadoghi, M., 2023, May. Dissecting bft consensus: In trusted components we trust!. In Proceedings of the Eighteenth European Conference on Computer Systems (pp. 521-539). |
| 17th May 2023 | Robust, privacy-preserving, transparent, and auditable on-device blocklisting arxiv | Thomas, K., Meiklejohn, S., Specter, M.A., Wang, X., LlorĂ , X., Somogyi, S. and Kleidermacher, D., 2023. Robust, privacy-preserving, transparent, and auditable on-device blocklisting. arXiv preprint arXiv:2304.02810. |
| 10th May 2023 | ModZoo: A Large-Scale Study of Modded Android Apps and their Markets arxiv | Saavedra, L.A., Dutta, H.S., Beresford, A.R. and Hutchings, A., 2024. ModZoo: A Large-Scale Study of Modded Android Apps and their Markets. arXiv preprint arXiv:2402.19180. |
| 3rd May 2023 | Space Odyssey: An Experimental Software Security Analysis of Satellites IEEE S&P | Willbold, J., Schloegel, M., Vögele, M., Gerhardt, M., Holz, T. and Abbasi, A., 2023, May. Space odyssey: An experimental software security analysis of satellites. In 2023 IEEE Symposium on Security and Privacy (S&P) (pp. 1-19). IEEE. |
| Date | Paper | Full Citation |
|---|---|---|
| 15th Mar 2023 | Many Roads Lead to Rome: How Packet Headers Influence DNS Censorship Measurement USENIX Sec | Bhaskar, A. and Pearce, P., 2022. Many Roads Lead To Rome: How Packet Headers Influence DNS Censorship Measurement. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 449-464). |
| 8th Mar 2023 | Is Cryptographic Deniability Sufficient? Non-Expert Perceptions of Deniability in Secure Messaging IEEE S&P | Reitinger, N., Malkin, N., Akgul, O., Mazurek, M.L. and Miers, I., 2023, May. Is Cryptographic Deniability SufficientÆ Non-Expert Perceptions of Deniability in Secure Messaging. In 2023 IEEE Symposium on Security and Privacy (S&P) (pp. 274-292). IEEE. |
| 1st Mar 2023 | Lessons learned from Threema USENIX Sec | Paterson, K.G., Scarlata, M. and Truong, K.T., 2023. Three lessons from threema: Analysis of a secure messenger. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 1289-1306). |
| 24th Feb 2023 | Laser-Induced Fault Injection on Smartphone Bypassing the Secure Boot | Vasselle, A., Thiebeauld, H., Maouhoub, Q., Morisset, A. and Ermeneux, S., 2018. Laser-induced fault injection on smartphone bypassing the secure boot-extended version. IEEE Transactions on Computers, 69(10), pp.1449-1459. |
| 17th Feb 2023 | Heads in the clouds: measuring the implications of universities migrating to public clouds | Fiebig, T., GĂŒrses, S., Gañån, C.H., Kotkamp, E., Kuipers, F., Lindorfer, M., Prisse, M. and Sari, T., 2023. Heads in the Clouds? Measuring Universities' Migration to Public Clouds: Implications for Privacy & Academic Freedom. In Proceedings on privacy enhancing technologies symposium (Vol. 2023, No. 2, pp. 117-150). |
| 8th Feb 2023 | Lessons Learned: Surveying the Practicality of Differential Privacy in the Industry arxiv | Garrido, G.M., Liu, X., Matthes, F. and Song, D., 2022. Lessons learned: Surveying the practicality of differential privacy in the industry. arXiv preprint arXiv:2211.03898. |
| 1st Feb 2023 | Skipped or non-public | |
| 25th Jan 2023 | Blind My - An Improved Cryptographic Protocol to Prevent Stalking in Apple's Find My Network PETS | Mayberry, T., Blass, E.O. and Fenske, E., 2023. Blind My-An Improved Cryptographic Protocol to Prevent Stalking in Apple's Find My Network. Proceedings on Privacy Enhancing Technologies. |
| 18th Jan 2023 | AirGuard - Protecting Android Users from Stalking Attacks by Apple Find My Devices | Heinrich, A., Bittner, N. and Hollick, M., 2022, May. AirGuard-protecting android users from stalking attacks by apple find my devices. In Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 26-38). |
| Date | Paper | Full Citation |
|---|---|---|
| 7th Dec 2022 | No Privacy in the Electronics Repair Industry IEEE S&P | Ceci, J., Stegman, J. and Khan, H., 2023, May. No privacy in the electronics repair industry. In 2023 IEEE Symposium on Security and Privacy (S&P) (pp. 3347-3364). IEEE. |
| 30th Nov 2022 | Skipped or non-public | |
| 23rd Nov 2022 | I know what you did on Venmo: Discovering privacy leaks in mobile social payments PETS | Tandon, R., Charnsethikul, P., Arora, I., Murthy, D. and Mirkovic, J., 2022. I know what you did on Venmo: Discovering privacy leaks in mobile social payments. Proceedings on Privacy Enhancing Technologies. |
| 16th Nov 2022 | Forward-secure 0-RTT goes live: implementation and performance analysis in QUIC | Dallmeier, F., Drees, J.P., Gellert, K., Handirk, T., Jager, T., Klauke, J., Nachtigall, S., Renzelmann, T. and Wolf, R., 2020. Forward-secure 0-RTT goes live: implementation and performance analysis in QUIC. In Cryptology and Network Security: 19th International Conference, CANS 2020, Vienna, Austria, December 14â16, 2020, Proceedings 19 (pp. 211-231). Springer International Publishing. |
| 9th Nov 2022 | SoK: Managing risks of linkage attacks on data privacy PETS | Powar, J. and Beresford, A.R., 2023. SoK: Managing risks of linkage attacks on data privacy. Proceedings on Privacy Enhancing Technologies. |
| 2nd Nov 2022 | SoK: Cryptographic Confidentiality of Data on Mobile Devices PETS | Zinkus, M., Jois, T.M. and Green, M., 2022. SoK: Cryptographic Confidentiality of Data on Mobile Devices. Proceedings on Privacy Enhancing Technologies, 1, pp.586-607. |
| 26th Oct 2022 | Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots USENIX Sec | Kondracki, B., So, J. and Nikiforakis, N., 2022. Uninvited guests: Analyzing the identity and behavior of certificate transparency bots. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 53-70). |
| 19th Oct 2022 | EL PASSO: Efficient and Lightweight Privacy-preserving Single Sign On PETS | Zhang, Z., KrĂłl, M., Sonnino, A., Zhang, L. and RiviĂšre, E., 2021. EL PASSO: Efficient and lightweight privacy-preserving single sign on. Proceedings on Privacy Enhancing Technologies. |
| 12th Oct 2022 | Practically-exploitable Cryptographic Vulnerabilities in Matrix IEEE S&P | Albrecht, M.R., Celi, S., Dowling, B. and Jones, D., 2023, May. Practically-exploitable cryptographic vulnerabilities in matrix. In 2023 IEEE Symposium on Security and Privacy (S&P) (pp. 164-181). IEEE. |
| 5th Oct 2022 | ATOM: Ad-network Tomography PETS | Musa, M.B. and Nithyanand, R., 2022. Atom: ad-network tomography. Proceedings on Privacy Enhancing Technologies. |
| Date | Paper | Full Citation |
|---|---|---|
| 29th Jun 2022 | On Enforcing the Digital Immunity of a Large Humanitarian Organization IEEE S&P | Le Blond, S., Cuevas, A., Troncoso-Pastoriza, J.R., Jovanovic, P., Ford, B. and Hubaux, J.P., 2018, May. On enforcing the digital immunity of a large humanitarian organization. In 2018 IEEE Symposium on Security and Privacy (S&P) (pp. 424-440). IEEE. |
| 22nd Jun 2022 | Mixnet optimization methods PETS | Guirat, I.B. and Diaz, C., 2022. Mixnet optimization methods. Proceedings on Privacy Enhancing Technologies. |
| 15th Jun 2022 | Dos and Don'ts of Machine Learning in Computer Security USENIX Sec | Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L. and Rieck, K., 2022. Dos and don'ts of machine learning in computer security. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 3971-3988). |
| 8th Jun 2022 | GhostTouch: Targeted Attacks on Touchscreens without Physical Touch USENIX Sec | Wang, K., Mitev, R., Yan, C., Ji, X., Sadeghi, A.R. and Xu, W., 2022. GhostTouch: Targeted attacks on touchscreens without physical touch. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 1543-1559). |
| 1st Jun 2022 | Your Echos are Heard: Tracking, Profiling, and Ad Targeting in the Amazon Smart Speaker Ecosystem arxiv | Iqbal, U., Bahrami, P.N., Trimananda, R., Cui, H., Gamero-Garrido, A., Dubois, D., Choffnes, D., Markopoulou, A., Roesner, F. and Shafiq, Z., 2022. Your echos are heard: Tracking, profiling, and ad targeting in the Amazon smart speaker ecosystem. arXiv preprint arXiv:2204.10920, pp.984-997. |
| 25th May 2022 | Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones | Classen, J., Heinrich, A., Reith, R. and Hollick, M., 2022, May. Evil never sleeps: When wireless malware stays on after turning off iPhones. In Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 146-156). |
| 18th May 2022 | Blocked or Broken? Automatically Detecting When Privacy Interventions Break Web Sites arxiv | Smith, M., Snyder, P., Haller, M., Livshits, B., Stefan, D. and Haddadi, H., 2022. Blocked or broken? Automatically detecting when privacy interventions break websites. arXiv preprint arXiv:2203.03528. |
| 11th May 2022 | SoK: SCT Auditing in Certificate Transparency arxiv | Meiklejohn, S., DeBlasio, J., O'Brien, D., Thompson, C., Yeo, K. and Stark, E., 2022. SoK: SCT auditing in certificate transparency. arXiv preprint arXiv:2203.01661. |
| 4th May 2022 | Breaking Bridgefy, again: Adopting libsignal is not enough USENIX Sec | Albrecht, M.R., Eikenberg, R. and Paterson, K.G., 2022. Breaking Bridgefy, again: Adopting libsignal is not enough. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 269-286). |
| 27th Apr 2022 | A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned USENIX Sec | Shen, Y., Vervier, P.A. and Stringhini, G., 2022. A large-scale temporal measurement of android malicious apps: Persistence, migration, and lessons learned. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 1167-1184). |
| Date | Paper | Full Citation |
|---|---|---|
| 23rd Mar 2022 | Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design USENIX Sec | Shakevsky, A., Ronen, E. and Wool, A., 2022. Trust dies in darkness: Shedding light on Samsung's TrustZone keymaster design. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 251-268). |
| 16th Mar 2022 | Orca: Blocklisting in Sender-Anonymous Messaging USENIX Sec | Tyagi, N., Len, J., Miers, I. and Ristenpart, T., 2022. Orca: Blocklisting in Sender-Anonymous messaging. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 2299-2316). |
| 9th Mar 2022 | Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem IEEE S&P | BlĂĄzquez, E., Pastrana, S., Feal, Ă., Gamba, J., Kotzias, P., Vallina-Rodriguez, N. and Tapiador, J., 2021, May. Trouble over-the-air: An analysis of FOTA apps in the android ecosystem. In 2021 IEEE Symposium on Security and Privacy (S&P) (pp. 1606-1622). IEEE. |
| 2nd Mar 2022 | Skipped or non-public | |
| 23rd Feb 2022 | Breaking LTE on Layer Two IEEE S&P | Rupprecht, D., Kohls, K., Holz, T. and Pöpper, C., 2019, May. Breaking LTE on layer two. In 2019 IEEE Symposium on Security and Privacy (S&P) (pp. 1121-1136). IEEE. |
| 16th Feb 2022 | Skipped or non-public | |
| 9th Feb 2022 | Tubes among us: Analog attack on automatic speaker identification USENIX Sec | Ahmed, S., Wani, Y., Shamsabadi, A.S., Yaghini, M., Shumailov, I., Papernot, N. and Fawaz, K., 2023. Tubes among us: Analog attack on automatic speaker identification. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 265-282). |
| 2nd Feb 2022 | VerLoc: Verifiable Localization in Decentralized Systems USENIX Sec | Kohls, K. and Diaz, C., 2022. VerLoc: verifiable localization in decentralized systems. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 2637-2654). |
| 26th Jan 2022 | Backchannel: A relationship-based digital identity system | Online article. |
| 19th Jan 2022 | Alpenhorn: Bootstrapping Secure Communication Without Leaking Metadata | Lazar, D. and Zeldovich, N., 2016. Alpenhorn: Bootstrapping secure communication without leaking metadata. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16) (pp. 571-586). |
| Date | Paper | Full Citation |
|---|---|---|
| 8th Dec 2021 | LAPD: Hidden Spy Camera Detection using Smartphone Time-of-Flight Sensors | Sami, S., Tan, S.R.X., Sun, B. and Han, J., 2021, November. LAPD: Hidden spy camera detection using smartphone time-of-flight sensors. In Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems (pp. 288-301). |
| 1st Dec 2021 | Trojan source: Invisible vulnerabilities USENIX Sec | Boucher, N. and Anderson, R., 2023. Trojan source: Invisible vulnerabilities. In 32nd USENIX security symposium (USENIX Security 23) (pp. 6507-6524). |
| 24th Nov 2021 | REDQUEEN: Fuzzing with Input-to-State Correspondence NDSS | Aschermann, C., Schumilo, S., Blazytko, T., Gawlik, R. and Holz, T., 2019, February. REDQUEEN: Fuzzing with Input-to-State Correspondence. In NDSS (Vol. 19, pp. 1-15). |
| 17th Nov 2021 | Collective Information Security in Large-Scale Urban Protests: the Case of Hong Kong USENIX Sec | Albrecht, M.R., Blasco, J., Jensen, R.B. and MarekovĂĄ, L., 2021. Collective information security in large-scale urban protests: the case of Hong Kong. In 30th USENIX Security Symposium (USENIX Security 21) (pp. 3363-3380). |
| 10th Nov 2021 | Bugs in our Pockets: The Risks of Client-Side Scanning | Abelson, H., Anderson, R., Bellovin, S.M., Benaloh, J., Blaze, M., Callas, J., Diffie, W., Landau, S., Neumann, P.G., Rivest, R.L. and Schiller, J.I., 2024. Bugs in our pockets: the risks of client-side scanning. Journal of Cybersecurity, 10(1) |
| 3rd Nov 2021 | PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop USENIX Sec | Heinrich A., Hollick M., Schneider T., Stute M., Weinert C., 2021 PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. In 30th USENIX Security Symposium (USENIX Security 21) (pp. 3577-3594). |
| 27th Oct 2021 | Towards More Robust Keyword Spotting for Voice Assistants USENIX Sec | Ahmed, S., Shumailov, I., Papernot, N. and Fawaz, K., 2022. Towards more robust keyword spotting for voice assistants. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 2655-2672). |
| 20th Oct 2021 | Towards Private On-Chain Algorithmic Trading arxiv | KocaoÄullar, C., Gervais, A. and Livshits, B., 2021. Towards private on-chain algorithmic trading. arXiv preprint arXiv:2109.11270. |
| 13th Oct 2021 | Encrypted Cloud Photo Storage Using Google Photos | Koh, J.S., Nieh, J. and Bellovin, S.M., 2021, June. Encrypted cloud photo storage using Google Photos. In Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services (pp. 136-149). |
| 6th Oct 2021 | Weaponizing Middleboxes for TCP Reflected Amplification USENIX Sec | Bock, K., Alaraj, A., Fax, Y., Hurley, K., Wustrow, E. and Levin, D., 2021. Weaponizing middleboxes for TCP reflected amplification. In 30th USENIX Security Symposium (USENIX Security 21) (pp. 3345-3361). |
The reading group organiser collect paper suggestions, manages the mailing list, and selects an interesting paper for each week. Until Easter 2021, the reading group was organised by Stan Jiexin Zhang. His reading group archive covers the terms Michaelmas 2017 until Easter 2020. We plan to eventually include that list here as well. Between Michaelmas 2021 and Easter 2025, the reading group was organised by Daniel Hugenroth. He also created this website. From Michaelmas 2025, the reading group will be organised by Alexandre Pauwels.
This page is maintained as a GitHub repository. If you find mistakes or links are broken, please raise a pull request with us. We try to update the link and citation to the published version of the paper whenever possible.
Last updated: 2025-07-01 15:33:51. Total papers: 118. This page respects the browser dark mode preference.