Five CySec Papers Presented at USENIX Security 2025
USENIX is not just a conference — it’s the world’s premier forum where cutting-edge security research meets real-world impact. Following last year’s strong showing with two presentations, our researchers have built on their success: at the 34th USENIX Security Symposium, held in Seattle, five papers from CySec and collaborators were presented, covering a diverse range of topics from blockchain technologies and payment channels to mobile security, video privacy, and advanced persistent threats
In their work Let’s Move2EVM, Lorenzo Benetollo, Andreas Lackner, Matteo Maffei, and Markus Scherer tackled the challenge of preserving the strong safety guarantees of the Move programming language when contracts are executed outside of their native environment, specifically on the Ethereum Virtual Machine. By designing a novel compiler with an inlined reference monitor, they ensured that core rules such as linear semantics and borrow-checking can still be enforced at runtime. Their evaluation demonstrated that the security benefits come with only modest performance overhead, making the approach a practical way of securing smart contracts in adversarial environments.
Security on mobile devices was the focus of TapTrap: Animation-Driven Tapjacking on Android by Philipp Beer, Marco Squarcina, Martina Lindorfer, and Sebastian Roth (University of Bayreuth). Their research uncovered a new form of attack that exploits user interface animations to bypass Android’s permission system, a method that remains effective even on the latest Android version. A large-scale analysis of nearly 100,000 apps revealed that more than three-quarters are vulnerable to this threat. The impact of the discovery is underlined by the assignment of two CVEs, showing that the findings are not only theoretical but highly relevant to the security of millions of users worldwide.
Another pressing problem in blockchain infrastructure was addressed by Zeta Avarikioti, Yuheng Wang, and Yuyi Wang (CRRC Zhuzhou Institute & Tengen Intelligence Institute) in their paper Thunderdome: Timelock-Free Rationally-Secure Virtual Channels. Current payment channel networks are prone to timelock and censoring attacks, creating risks for users. The authors introduced Thunderdome, the first timelock-free network that leverages rational, non-trusted wardens to ensure security even in adversarial settings. Their proof-of-concept deployment on Ethereum demonstrated not only feasibility but also low transaction costs, showing that secure and scalable payment channels can be achieved without timelocks.
The human and organizational side of cybersecurity came into focus with Expert Insights into Advanced Persistent Threats (APTs): Analysis, Attribution, and Challenges, authored by Aakanksha Saha and Martina Lindorfer in collaboration with James Mattei and Daniel Votipka (Tufts University), Jorge Blasco (Universidad Politécnica de Madrid), and Lorenzo Cavallaro (University College London). Through in-depth interviews with security professionals, the study uncovered how experts approach the attribution of highly sophisticated attacks. Instead of focusing on identifying the exact attacker, practitioners prioritize understanding tactics, techniques, and motivations. The study revealed major challenges in handling diverse data and collaborating effectively, and the authors put forward recommendations that bridge the gap between academic methods and the realities faced by practitioners.
Finally, the paper Seeing Through: Analyzing and Attacking Virtual Backgrounds in Video Calls by Daniel Arp, Felix Weissberg, Thorsten Eisenhofer, and Konrad Rieck (BIFOLD & TU Berlin), Jan Malte Hilgefort, Steve Grogorick, and Martin Eisemann (TU Braunschweig) exposed the privacy risks of widely used virtual backgrounds in video conferencing platforms such as Zoom and Google Meet. Their reconstruction attack was able to recover significantly more leaked information than previous methods, demonstrating that private environments of call participants remain vulnerable despite the intended protections. This finding calls into question the adequacy of current virtual background technologies in safeguarding user privacy.
Taken together, these five contributions highlight CySec’s strength in addressing security challenges from multiple angles: designing safer foundations for blockchain, uncovering new attack vectors on mobile devices, building more resilient financial infrastructures, understanding the realities of advanced threat attribution, and exposing privacy gaps in everyday communication tools. The results not only advance academic knowledge but also have tangible implications for the security of digital technologies used by millions worldwide.
