└── README.md
/README.md:
--------------------------------------------------------------------------------
1 | :newspaper: Welcome a reading list for cyber-physical systems (CPS) security.
2 | Index
3 | 1. Robotic vehicles (RVs) :airplane:
4 | 2. Industrial control systems (ICSs) :factory:
5 | 3. Autonomous vehicles (AVs) :red_car:
6 | 4. Satellites :satellite:
7 | 5. Other research topics related to CPS
8 |
9 | # 1. Research papers related to robotic vehicles :airplane:
10 |
11 | ## 1-1) SoK/Survey
12 | - SoK: A Minimalist Approach to Formalizing Analog Sensor Security, S&P'20.
13 | - SoK: Security and Privacy in the Age of Commercial Drones, S&P'21.
14 | - SoK: Rethinking Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View, Euro S&P'23.
15 | - A Survey on Security and Privacy Issues of UAVs, Computer Networks'23.
16 |
17 |
18 | ## 1-2) Electromagnetic field injection (EMI) attacks
19 | - Introduction to the special issue on high-power electromagnetics (HPEM) and intentional electromagnetic interference (IEMI), IEEE Transactions on electromagnetic compatibility, 2004.
20 | - Detection of Electromagnetic Signal Injection Attacks on Actuator Systems, RAID'22.
21 | - Wireless manipulation of serial communication, AsiaCCS'22.
22 | - Physical-Layer Attacks Against PulseWidth Modulation-Controlled Actuators, USENIX security'22.
23 | - Signal Injection Attacks against CCD Image Sensors, AsiaCCS'22
24 | - Paralyzing Drones via EMI Signal Injection on Sensory Communication Channels, NDSS'23.
25 | - GlitchHiker: Uncovering Vulnerabilities of Image Signal Transmission with IEMI, USENIX Security'23
26 | - EM Eye: Characterizing Electromagnetic Side-channel Eavesdropping on Embedded Cameras, NDSS'24 (paper)
27 | - GhostType: The Limits of Using Contactless Electromagnetic Interference to Inject Phantom Keys into Analog Circuits of Keyboards, NDSS'24 (paper)
28 | - Sound of Interference: Electromagnetic Eavesdropping Attack on Digital Microphones Using Pulse Density Modulation, USENIX Security'25 (paper)
29 |
30 |
31 | ### 1-2-1) Countermeasures against EMI attacks
32 | - Electromagnetic interference, Electronics Computer Technology, 2011. (EMI filters such as L-C, Pi, T filters)
33 | - Ghost talk: Mitigating EMI signal injection attacks against analog sensors, S&P'13. (Shielding and differential signaling)
34 | - Pycra: Physical challenge-response authentication for active sensors under spoofing attacks, CCS'15. (Low-pass filter)
35 | - Electromagnetic Signal Injection Attacks on Differential Signaling, arXiv, 2022. (Differential signaling)
36 | - Wireless manipulation of serial communication, AsiaCCS'22. (Twisted pair and coaxial cables)
37 |
38 | ### 1-2-2) Tools
39 | - Electromagnetic Field Simulator
40 |
41 |
42 | ## 1-3) mmWave
43 | - DiskSpy: Exploring a Long-Range Covert-Channel Attack via mmWave Sensing of μm-level HDD Vibrations, USENIX Security'25 (paper)
44 |
45 |
46 | ## 1-4) GPS/GNSS spoofing
47 | - All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems, USENIX security'18.
48 | - Crowd-GPS-Sec: Leveraging Crowdsourcing to Detect and Localize GPS Spoofing Attacks, S&P'18.
49 | - Cryptography Is Not Enough: Real-time Location Spoofing of Authenticated GNSS Signals, arxiv.
50 | - SemperFi: Anti-spoofing GPS Receiver for UAVs, NDSS'22.
51 | - Cryptography Is Not Enough: Relay Attacks on Authenticated GNSS Signals, arXiv (2022).
52 | - Galileo-SDR-SIM: An Open-Source Tool for Generating Galileo Satellite Signals, ION GNSS+ 2023.
53 |
54 |
55 | ## 1-5) Radio attacks
56 | - On the Implications of Spoofing and Jamming Aviation Datalink Applications, ACSAC'22 (paper)
57 | - MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles, USENIX Security'24.
58 |
59 |
60 | ## 1-6) Optical flow spoofing
61 | - Controlling UAVs with Sensor Input Spoofing Attacks, WOOT'16.
62 |
63 |
64 | ## 1-7) Sound noise on gyroscope
65 | - Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors, USENIX security'15.
66 | - WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks, EuroS&P'17.
67 | - SONIC GUN TO SMART DEVICES YOUR DEVICES LOSE CONTROL UNDER ULTRASOUND/SOUND, BlackHat'17.
68 | - Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors, USENIX Security'18.
69 | - Un-Rocking Drones: Foundations of Acoustic Injection Attacks and Recovery Thereof, NDSS'23.
70 | - TimeTravel: Real-time Timing Drift Attack on System Time Using Acoustic Waves, USENIX Security'25 (paper)
71 |
72 |
73 | ## 1-8) Depth camera spoofing
74 | - DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems, USENIX security'22.
75 |
76 |
77 | ## 1-9) Laser injection
78 | - Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems, USENIX security'20.
79 |
80 |
81 | ## 1-10) Sensor spoofing simulation
82 | - Poster: Automated Discovery of Sensor Spoofing Attacks on Robotic Vehicles, CCS'22.
83 |
84 |
85 | ## 1-11) RV swarm
86 | - Swarmbug: Debugging Configuration Bugs in Swarm Robotics, FSE'21.
87 | - Vision-based Drone Flocking in Outdoor Environments, IEEE Robotics and Automation Letters'21.
88 | - SWARMFLAWFINDER: Discovering and Exploiting Logic Flaws of Swarm Algorithms, S&P'22.
89 | - Privacy-Preserving Trajectory Matching on Autonomous Unmanned Aerial Vehicles, ACSAC'22.
90 | - SUAVE: An Exemplar for Self-Adaptive Underwater Vehicles, SEAMS'23.
91 | - Self-Adaptive Mechanisms for Misconfigurations in Small Uncrewed Aerial Systems, SEAMS'23.
92 | - SwarmFuzz: Discovering GPS Spoofing Attacks in Drone Swarms, DSN'23.
93 | - Lightweight Privacy-Preserving Proximity Discovery for Remotely-Controlled Drones, ACSAC'23
94 | - Automated Discovery of Semantic Attacks in Multi-Robot Navigation Systems, USENIX Security'25 (paper)
95 |
96 | ## 1-12) ROS
97 | - PhysFrame: Type Checking Physical Frames of Reference for Robotic Systems, FSE'21.
98 | - RoboFuzz: Fuzzing Robotic Systems over Robot Operating System (ROS) for Finding Correctness Bugs, FSE'22.
99 | - On the (In)Security of Secure ROS2, CCS'22.
100 | - Decentralized Information-Flow Control for ROS2, NDSS'24 (paper)
101 |
102 |
103 | ## 1-13) Forensic
104 | - From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAY, USENIX security'20.
105 | - RVPLAYER: Robotic Vehicle Forensics by Replay with What-if Reasoning, NDSS'22.
106 |
107 |
108 | ## 1-14) Memory attack detection, recovery, and prevention
109 | - Protecting baremetal embedded systems with privilege overlays, S&P'17.
110 | - Securing real-time microcontroller systems through customized memory view switching, NDSS'18.
111 | - ACES: Automatic compartments for embedded systems, USENIX security'18.
112 |
113 |
114 | ## 1-15) Physical attack detection, recovery, and prevention
115 | - Sensor CON-Fusion: Defeating Kalman Filter in Signal Injection Attack, AsiaCCS'18.
116 | - NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems, AsiaCCS'18.
117 | - Detecting Attacks Against Robotic Vehicles: A Control Invariant Approach, CCS'18.
118 | - SAVIOR: Securing Autonomous Vehicles with Robust Physical Invariants, USENIX security'20.
119 | - M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles, USENIX security'21.
120 | - Replay-based Recovery for Autonomous Robotic Vehicles from Sensor Deception Attacks, arxiv.
121 | - Software Availability Protection in Cyber-Physical Systems, USENIX Security'25 (paper)
122 |
123 |
124 | ## 1-16) Discovering bugs
125 | - RVFuzzer: Finding Input Validation Bugs in Robotic Vehicles through Control-Guided Testing, USENIX Security'19.
126 | - Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles, CCS'20.
127 | - PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles, NDSS'21.
128 | - Control Parameters Considered Harmful: Detecting Range Specification Bugs in Drone Configuration Modules via Learning-Guided Search, ICSE'22.
129 | - PatchVerif: Discovering Faulty Patches in Robotic Vehicles, USENIX Security'23.
130 | - Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual Devices, NDSS'25 (paper)
131 |
132 |
133 | ## 1-17) Patching bugs
134 | - PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles, S&P'22.
135 | - PATCHAGENT: A Practical Program Repair Agent Mimicking Human Expertise, USENIX Security'25 (paper)
136 | - Logs In, Patches Out: Automated Vulnerability Repair via Tree-of-Thought LLM Analysis, USENIX Security'25 (paper)
137 | - SoK: Automated Vulnerability Repair: Methods, Tools, and Assessments, USENIX Security'25 (paper)
138 | - SoK: Towards Effective Automated Vulnerability Repair, USENIX Security'25 (paper)
139 | - APPATCH: Automated Adaptive Prompting Large Language Models for Real-World Software Vulnerability Patching, USENIX Security'25 (paper)
140 | - DISPATCH: Unraveling Security Patches from Entangled Code Changes, USENIX Security'25 (paper)
141 | - Attacker Control and Bug Prioritization, USENIX Security'25 (paper)
142 |
143 |
144 | ## 1-18) Privacy
145 | - Privaros: A framework for privacy-compliant delivery drones, CCS'20.
146 |
147 |
148 | ## 1-19) Control theory
149 | - Learning to Fly—a Gym Environment with PyBullet Physics for Reinforcement Learning of Multi-agent Quadcopter Control, IROS'21.
150 |
151 |
152 | # 2. Research papers related to industrial control system (ICS) :factory:
153 |
154 | ## 2-1) SoK
155 | - SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses, Euro S&P'21
156 |
157 |
158 | ## 2-2) Anomaly detection with machine learning-based methods
159 | - Anomaly detection for a water treatment system using unsupervised machine learning, ICDMW'17
160 | - Anomaly Detection in ICS based on Data-history Analysis, EICC'20
161 | - Time Series Anomaly Detection for Cyber-physical Systems via Neural System Identification and Bayesian Filtering, KDD'21
162 | - Log-Based Anomaly Detection With Robust Feature Extraction and Online Learning, T-IFS 2021
163 | - AttkFinder: Discovering Attack Vectors in PLC Programs using Information Flow Analysis, IEEE TRANSACTIONS ON MOBILE COMPUTING 2022
164 | - Attributions for ML-based ICS Anomaly Detection: From Theory to Practice, NDSS'24 (paper)
165 |
166 |
167 | ## 2-3) Anomaly detection with program analysis
168 | - A trusted safety verifier for process controller code, NDSS'14
169 | - AttkFinder: Discovering Attack Vectors in PLC Programs using Information Flow Analysis, RAID'21
170 | - SCAPHY: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsical, S&P'23
171 |
172 |
173 | ## 2-4) Anomaly detection with side channels
174 | - Anomoly Detection for PLC Based on Magnetic Side Channel, EI2'20
175 |
176 |
177 | ## 2-5) Invariant-based (a.k.a. policy-based) methods
178 | - Blocking unsafe behaviors in control systems through static and dynamic policy enforcement, DAC'15
179 | - A systematic framework to generate invariants for anomaly detection in industrial control systems, NDSS'19
180 | - PLC-Sleuth: Detecting and Localizing PLC Intrusions Using Control Invariants, RAID'20
181 | - Control Behavior Integrity for Distributed Cyber-Physical Systems, ICCPS'20
182 | - Detecting and localizing PLC intrusions using control invariants, IEEE Internet of Things Journal, 2022
183 | - Exploiting the Temporal Behavior of State Transitions for Intrusion Detection in ICS/SCADA, IEEE Access 2022
184 | - Anomaly Detection based on Robust Spatial-temporal Modeling for Industrial Control Systems, MASS 2022
185 |
186 |
187 | ## 2-6) Formal method
188 | - A Temporal Logic for Programmable Logic Controllers, Automatic Control and Computer Sciences 2021
189 |
190 |
191 | ## 2-7) Discovering and patching bugs and vulnerabilities
192 | - Towards automated safety vetting of PLC code in real-world plants, S&P'19
193 | - Detecting Insecure Code Patterns in Industrial Robot Programs, ASIACCS'20
194 | - ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications, USENIX Security'21
195 | - Empirical Study of PLC Authentication Protocols in Industrial Control Systems, SPW'21
196 | - Automated Runtime Mitigation for Misconfiguration Vulnerabilities in Industrial Control Systems, RAID'22
197 | - ICSPatch: Automated Vulnerability Localization and Non-Intrusive Hotpatching in Industrial Control Systems using Data Dependence Graphs, USENIX Security'23
198 | - ICSQuartz: Scan Cycle-Aware and Vendor-Agnostic Fuzzing for Industrial Control Systems, NDSS'25 (paper)
199 |
200 |
201 | ## 2-8) Attacks
202 | - Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems, ACSAC'20
203 | - PowerRadio: Manipulate Sensor Measurement via Power GND Radiation, NDSS'25 (paper)
204 | - ReThink: Reveal the Threat of Electromagnetic Interference on Power Inverters, NDSS'25 (paper)
205 | - LightAntenna: Characterizing the Limits of Fluorescent Lamp-Induced Electromagnetic Interference, NDSS'25 (paper)
206 | - EMIRIS: Eavesdropping on Iris Information via Electromagnetic Side Channel, NDSS'25 (paper)
207 |
208 |
209 | ## 2-9) Reverse engineering
210 | - SePanner: Analyzing Semantics of Controller Variables in Industrial Control Systems based on Network Traffic, ACSAC'23
211 |
212 |
213 | # 3. Research papers related to autonomous vehicles :red_car:
214 | ## 3-1) SoK/Survey
215 | - SoK: On the Semantic AI Security in Autonomous Driving, arxiv 2022.
216 |
217 | ## 3-2) Discovering bugs
218 | - Av-fuzzer: Finding safety violations in autonomous driving systems, ISSRE'20.
219 | - A Comprehensive Study of Autonomous Vehicle Bugs, ICSE'20.
220 | - Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT, USENIX Security'20.
221 | - Automated Discovery of Denial-of-Service Vulnerabilities in Connected Vehicle Protocols, USENIX Security'21.
222 | - Drivefuzz: Discovering autonomous driving bugs through driving quality-guided fuzzing, CCS'22.
223 | - Too Afraid to Drive: Systematic Discovery of Semantic DoS Vulnerability in Autonomous Driving Planning under Physical-World Attacks, NDSS'22.
224 | - Doppelganger Test Generation for Revealing Bugs in Autonomous Driving Software, ICSE'23.
225 | - Discovering Adversarial Driving Maneuvers against Autonomous Vehicles, USENIX security'23.
226 |
227 |
228 | ## 3-3) Physical attacks
229 | - Drift with Devil: Security of Multi-Sensor Fusion based Localization in High-Level Autonomous Driving under GPS Spoofing, USENIX Security'20.
230 | - Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor Attack and Countermeasures, USENIX Security'20.
231 | - Invisible in both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks, S&P'21.
232 | - Dirty Road Can Attack: Security of Deep Learning based Automated Lane Centering under Physical-World Adversarial Attack, USENIX Security'21.
233 | - You Can't See Me: Physical Removal Attacks on LiDAR-based Autonomous Vehicles Driving Frameworks, USENIX Security'23.
234 | - LiDAR Spoofing Meets the New-Gen: Capability Improvements, Broken Assumptions, and New Attack Strategies, NDSS'24 (paper)
235 | - Invisible Reflections: Leveraging Infrared Laser Reflections to Target Traffic Sign Perception, NDSS'24 (paper)
236 | - MadRadar: A Black-Box Physical Layer Attack Framework on mmWave Automotive FMCW Radars, NDSS'24 (paper)
237 | - PhantomLiDAR: Cross-modality Signal Injection Attacks against LiDAR, NDSS'25.
238 | - GhostShot: Manipulating the Image of CCD Cameras with Electromagnetic Interference, NDSS'25 (paper)
239 | - On the Realism of LiDAR Spoofing Attacks against Autonomous Driving Vehicle at High Speed and Long Distance, NDSS'25 (paper)
240 | - Revisiting Physical-World Adversarial Attack on Traffic Sign Recognition: A Commercial Systems Perspective, NDSS'25 (paper)
241 | - L-HAWK: A Controllable Physical Adversarial Patch Against a Long-Distance Target, NDSS'25 (paper)
242 | - The Ghost Navigator: Revisiting the Hidden Vulnerability of Localization in Autonomous Driving, USENIX Security'25 (paper)
243 | - Invisible but Detected: Physical Adversarial Shadow Attack and Defense on LiDAR Object Detection, USENIX Security'25 (paper)
244 | - From Threat to Trust: Exploiting Attention Mechanisms for Attacks and Defenses in Cooperative Perception, USENIX Security'25 (paper)
245 | - ControlLoc: Physical-World Hijacking Attack on Camera-based Perception in Autonomous Driving, CCS'25.
246 |
247 |
248 | ## 3-4) Preventing or mitigating physical attacks
249 | - Exorcising "Wraith": Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks, USENIX Security'23.
250 | - Interventional Root Cause Analysis of Failures in Multi-Sensor Fusion Perception Systems, NDSS'25 (paper)
251 | - RollingEvidence: Autoregressive Video Evidence via Rolling Shutter Effect, USENIX Security'25 (paper)
252 |
253 |
254 | ## 3-5) Forensic
255 | - Interventional Root Cause Analysis of Failures in Multi-Sensor Fusion Perception Systems, NDSS'25.
256 |
257 |
258 | ## 3-6) Privacy
259 | - Understand Users' Privacy Perception and Decision of V2X Communication in Connected Autonomous Vehicles, USENIX Security'23.
260 |
261 |
262 | ## 3-7) Driving with large language models
263 | - LanguageMPC: Large Language Models as Decision Makers for Autonomous Driving, arxiv 2023.
264 | - Empowering Autonomous Driving with Large Language Models: A Safety Perspective, arxiv 2023.
265 |
266 |
267 | ## 3-8) Predicting object classes and bounding boxes
268 | - You only look once: Unified, real-time object detection, arxiv 2015.
269 | - SSD: single shot multibox detector, ECCV 2016.
270 | - End-to-end object detection with transformers, ECCV 2020.
271 |
272 |
273 | ## 3-9) EV charging
274 | - Current Affairs: A Security Measurement Study of CCS EV Charging Deployments, USENIX Security'25 (paper)
275 |
276 | # 4. Research papers related to satellites :satellite:
277 | ## 4-1) Discovering bugs or vulnerabilities
278 | - Space Odyssey: An Experimental Software Security Analysis of Satellites, IEEE S&P'23.
279 | - SoK: Space Infrastructures Vulnerabilities, Attacks and Defenses, IEEE S&P'25.
280 |
281 | ## 4-2) Attacks
282 | - Time-varying Bottleneck Links in LEO Satellite Networks: Identification, Exploits, and Countermeasures, NDSS'25 (paper)
283 | - Starshields for iOS: Navigating the Security Cosmos in Satellite Communication, NDSS'25 (paper)
284 | - Space RadSim: Binary-Agnostic Fault Injection to Evaluate Cosmic Radiation Impact on Exploit Mitigation Techniques in Space, IEEE S&P'25.
285 | - Mind the Location Leakage in LEO Direct-to-Cell Satellite Networks, IEEE S&P'25.
286 |
287 | ## 4-3) Preventing attacks
288 | - Watch This Space: Securing Satellite Communication through Resilient Transmitter Fingerprinting, CCS'23.
289 |
290 | ## 4-4) Honeypot
291 | - HoneySat: A Network-based Satellite Honeypot Framework, arxiv, 2025 (paper)
292 |
293 | # 5. Other research topics related to CPS
294 | ## 5-1) Hotpatching
295 | - HERA: Hotpatching of Embedded Real-time Applications, NDSS'21.
296 | - RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices, USENIX Security'22.
297 | - Kintsugi: Secure Hotpatching for Code-Shadowing Real-Time Embedded Systems, USENIX Security'25 (paper)
298 |
299 | ## 5-2) Verifying/Testing correctness of CPS
300 | - VeriFast: A powerful, sound, predictable, fast verifier for C and Java, NASA formal methods symposium 2011.
301 | - VulShield: Protecting Vulnerable Code Before Deploying Patches, NDSS'25 (paper)
302 | - Enhancing Security in Third-Party Library Reuse - Comprehensive Detection of 1-day Vulnerability through Code Patch Analysis, NDSS'25 (paper)
303 | - JBomAudit: Assessing the Landscape, Compliance, and Security Implications of Java SBOMs, NDSS'25 (paper)
304 | - Be Careful of What You Embed: Demystifying OLE Vulnerabilities, NDSS'25 (paper)
305 | - From Large to Mammoth: A Comparative Evaluation of Large Language Models in Vulnerability Detection, NDSS'25 (paper)
306 | - GenHuzz: An Efficient Generative Hardware Fuzzer, USENIX Security'25 (paper)
307 |
308 | ## 5-3) Adversarial attacks against CPS
309 | - Learning-Based Vulnerability Analysis of Cyber-Physical Systems, ICCPS'22.
310 | - Stealthy attacks formalized as STL formulas for Falsification of CPS Security, HSCC'23
311 | - Vulnerability Analysis for Safe Reinforcement Learning in Cyber-Physical Systems, ICCPS'24.
312 |
313 | ## 5-4) Honeypots
314 | - HoneyDrone: A medium-interaction unmanned aerial vehicle honeypot, NOMS'18.
315 | - Honeyplc: A next-generation honeypot for industrial control systems, CCS'20.
316 | - ICSPOT: A high-interaction honeypot for industrial control systems, ISNCC'22.
317 | - HoneyICS: A high-interaction physics-aware honeynet for industrial control systems, ARES'23.
318 | - Conpot (https://github.com/mushorg/conpot)
319 |
320 | ## 5-5) Binary analysis
321 | - VeriBin: Adaptive Verification of Patches at the Binary Level, NDSS'25 (paper)
322 | - Beyond Classification: Inferring Function Names in Stripped Binaries via Domain Adapted LLMs, NDSS'25 (paper)
323 | - BinEnhance: An Enhancement Framework Based on External Environment Semantics for Binary Code Search, NDSS'25 (paper)
324 | - Unleashing the Power of Generative Model in Recovering Variable Names from Stripped Binary, NDSS'25 (paper)
325 |
326 | ## 5-6) WiFi and Bluetooth security
327 | - Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack, NDSS'25 (paper)
328 | - CHAOS: Exploiting Station Time Synchronization in 802.11 Networks, NDSS'25 (paper)
329 | - Lend Me Your Beam: Privacy Implications of Plaintext Beamforming Feedback in WiFi, NDSS'25 (paper)
330 | - Rediscovering Method Confusion in Proposed Security Fixes for Bluetooth, NDSS'25 (paper)
331 |
332 | ## 5-7) RUST
333 | - Translating C To Rust: Lessons from a User Study, NDSS'25 (paper)
334 |
335 | ## 5-8) Supply chain attacks/Open-source software security
336 | - SoK: A Security Architect's View of Printed Circuit Board Attacks, USENIX Security'25 (paper)
337 | - A Mixed-Methods Study of Open-Source Software Maintainers On Vulnerability Management and Platform Security Features, USENIX Security'25 (paper)
338 | - "Threat modeling is very formal, it's very technical, and also very hard to do correctly": Investigating Threat Modeling Practices in Open-Source Software Projects, USENIX Security'25 (paper)
339 | - "I wasn't sure if this is indeed a security risk": Data-driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source npm Packages, USENIX Security'25 (paper)
340 | - Context Matters: Qualitative Insights into Developers' Approaches and Challenges with Software Composition Analysis, USENIX Security'25 (paper)
341 | - Expert Insights into Advanced Persistent Threats: Analysis, Attribution, and Challenges, USENIX Security'25 (paper)
342 | - Patching Up: Stakeholder Experiences of Security Updates for Connected Medical Devices, USENIX Security'25 (paper)
343 | - ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains, USENIX Security'25 (paper)
344 | - Unveiling Security Vulnerabilities in Git Large File Storage Protocol, IEEE S&P'25
345 | - Speedrunning the Maze: Meeting Regulatory Patching Deadlines in a Large Enterprise Environment, IEEE S&P'25
346 | - A Deep Dive Into How Open-Source Project Maintainers Review and Resolve Bug Bounty Reports, IEEE S&P'25
347 | - Study Club, Labor Union or Start-Up? Characterizing Teams and Collaboration in the Bug Bounty Ecosystem, IEEE S&P'25
348 | - Codebreaker: Dynamic Extraction Attacks on Code Language Models, IEEE S&P'25
349 | - Make a Feint to the East While Attacking in the West: Blinding LLM-Based Code Auditors with Flashboom Attacks, IEEE S&P'25
350 |
--------------------------------------------------------------------------------