CyLab faculty, students present research and organize events at NDSS Symposium 2026

Carnegie Mellon faculty and students will present on a wide range of topics at the 33rd Annual Network and Distributed System Security (NDSS) Symposium. Held at Wyndham San Diego Bayside from February 23rd through the 27th, the event fosters information exchange among researchers and practitioners of network and distributed system security.

Bringing together hundreds of security educators, researchers and practitioners from all over the world, the NDSS Symposium encourages and enables the Internet community to apply, deploy, and advance the state of available security technologies.

CyLab researchers are also helping to organize workshops that are co-located with NDSS in San Diego. Vasu Vikram, a software engineering Ph.D. student in the Software and Societal Systems Department, is co-hosting the 5th International Fuzzing Workshop (FUZZING), and CyLab faculty member Rohan Padhye is serving on the FUZZING 2026 Organizing Committee. Additionally, CyLab faculty member Limin Jia is Program Committee co-chair of the Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), and Alexandra Nisenoff, a Societal Computing Ph.D. student in the Software and Societal Systems Department, is serving on the MADWeb 2026 Program Committee.

Here, we've compiled a list of the papers co-authored by CyLab Security and Privacy Institute members that are being presented at the NDSS Symposium and co-located workshops.

Presented at the NDSS Symposium 2026

DOM-XSS Detection via Webpage Interaction Fuzzing and URL Component Synthesis

Nuno Sabino, Carnegie Mellon University; Instituto Superior Técnico, Universidade de Lisboa, and Instituto de Telecomunicações; Darion Cassel, Carnegie Mellon University; Rui Abreu, Universidade do Porto, INESC-ID; Pedro Adão, Instituto Superior Técnico, Universidade de Lisboa, and Instituto de Telecomunicações; Lujo Bauer and Limin Jia; Carnegie Mellon University

Abstract: DOM-based cross-site scripting (DOM-XSS) is a prevalent form of web vulnerability. Prior work on automated detection and confirmation of such vulnerabilities at scale has several limitations. First, prior work does not interact with the page and thus misses vulnerabilities in event handlers whose execution depends on user actions. Second, prior work does not find URL components, such as GET parameters and fragment values that, when instantiated with specific keys/values, execute more code paths. To address this, we introduce SWIPE, a DOM- XSS analysis infrastructure that uses fuzzing to generate user interactions to trigger event handlers and leverages dynamic symbolic execution (DSE) to automatically synthesize URL parameters and fragments. We run SWIPE on 44,480 URLs found in pages from the Tranco top 30,000 popular domains. Compared to prior work, SWIPE’s fuzzer finds 15% more vulnerabilities. Additionally, we find that a lack of parameters and fragments in URLs significantly hinders DOM-XSS detection, and show that SWIPE’s DSE engine can synthesize previously unseen URL parameters and fragments that trigger 20 new vulnerabilities.

Idioms: A Simple and Effective Framework for Turbo-Charging Local Neural Decompilation with Well-Defined Types

Luke Dramko, Claire Le Goues, and Edward J. Schwartz, Carnegie Mellon University

Abstract: Decompilers help reverse engineers analyze software at a higher level of abstraction than assembly code. Unfortunately, because compilation is lossy, traditional decompilers, which are deterministic, produce code that lacks many characteristics that make source code readable in the first place, such as variable and type names. Neural decompilers offer the exciting possibility of statistically filling in these details. Unfortunately, existing work in neural decompilation suffers from substantial limitations that preclude its use on real code, such as the inability to provide definitions for user-defined composite types. In this work, we introduce Idioms, a simple, generalizable, and effective neural decompilation approach that can finetune any LLM into a neural decompiler capable of generating the appropriate user-defined type definitions alongside the decompiled code, and a new dataset, Realtype, that includes substantially more complicated and realistic types than existing neural decompilation benchmarks. We show that our approach yields state-of-the-art results in neural decompilation. On the most challenging existing benchmark — Exebench -— our model achieves 54.4% accuracy vs. 46.3% for LLM4Decompile and 37.5% for Nova; on Realtype, our model performs at least 95% better.

PrivCode: When Code Generation Meets Differential Privacy

Zheng Liu and Chen Gong, University of Virginia; Terry Yue Zhuo, Monash University and CSIRO's Data61; Kecen Li, University of Virginia; Weichen Yu and Matt Fredrikson, Carnegie Mellon University; Tianhao Wang, University of Virginia

Abstract: Large language models (LLMs) have presented outstanding performance in code generation and completion. However, fine-tuning these models on private datasets can raise privacy and proprietary concerns, such as the leakage of sensitive personal information. Differentially private (DP) code generation provides theoretical guarantees for protecting sensitive code by generating synthetic datasets that preserve statistical properties while reducing privacy leakage concerns. However, DP code generation faces significant challenges due to the strict syntactic dependencies and the privacy-utility trade-off.

We propose PrivCode, the first DP synthesizer specifically designed for code datasets. It incorporates a two-stage framework to improve both privacy and utility. In the first stage, termed "privacy-sanitizing", PrivCode generates DP-compliant synthetic code by training models using DP-SGD while introducing syntactic information to preserve code structure. The second stage, termed "utility-boosting," fine-tunes a larger pre-trained LLM on the synthetic privacy-free code to mitigate the utility loss caused by DP, enhancing the utility of the generated code. Extensive experiments on four LLMs show that PrivCode generates higher-utility code across various testing tasks under four benchmarks. The experiments also confirm its ability to protect sensitive data under varying privacy budgets. We provide the replication package at the anonymous link.

Presented at the Symposium on Usable Security and Privacy (USEC) 2026

“I wanted to buy Robux but got scammed for 10 dollars in Bitcoin”: Emerging adults’ experiences with crypto assets as teens

Lily Klucinec, Ellie Young, Elijah Bouma-Sims, and Lorrie Faith Cranor, Carnegie Mellon University

Abstract: Prior work has shown that teenagers engage with crypto assets such as Bitcoin, NFTs, and cryptocurrency futures. However, no human subjects research has investigated teens’ interactions with these assets. Building on prior research by Bouma-Sims et al. studying teenagers on Reddit, we surveyed 143 emerging adults aged 18-20 about their most notable positive or negative experiences and harms they encountered while using crypto assets as minors. Our findings suggest that while minors were overwhelmingly motivated by profit and sometimes encouraged by family members to engage, crypto assets also filled a gap in internet payment systems, allowing minors to access digital goods without parental involvement. Engaging in crypto assets puts minors at risk for digital and financial harms they otherwise would not encounter, such as pump-and-dump scams and gambling losses. We discuss the difficulties of protecting minors from these harms in the greater landscape of crypto market regulation.

UsersFirst in Practice: Evaluating a User-Centric Threat Modeling Taxonomy for Privacy Notice and Choice

Alexandra Xinran Li, Carnegie Mellon University; Tian Wang and Yu-Ju Yang, University of Illinois Urbana-Champaign; Miguel Rivera-Lanas, Debeshi Ghosh, Hana Habib, Lorrie Cranor, and Norman Sadeh, Carnegie Mellon University

Abstract: Privacy regulations impose requirements on data collection and use, including obligations to disclose practices and provide choices free of deceptive patterns, emphasizing usercentric notice and choice delivery. The UsersFirst framework introduces a threat taxonomy to guide organizations in identifying where notices and choices fail to adequately support users. This paper presents an experiment evaluating its effectiveness. Twenty-six participants with privacy expertise analyzed usercentric threats in one of two scenarios, either with or without the taxonomy. Our results show that participants using the taxonomy identified significantly more relevant threats: over twice as many in one scenario and 50% more in the other. While the UsersFirst threat taxonomy helped privacy analysts more effectively identify areas where privacy notices and choice mechanisms fall short, we also identified areas for possible improvements to the taxonomy. Finally, we demonstrate an approach to assessing privacy threat analysis tools that may be useful to other researchers.

Presented at the Workshop on Attack Provenance, Reasoning, and Investigation for Security in the Monitored Environment (PRISM) 2026

Kick Bad Guys Out! Conditionally Activated Anomaly Detection in Federated Learning with Zero-Knowledge Proof Verification

Shanshan Han, University of California, Irvine; Wenxuan Wu, Texas A&M University; Baturalp Buyukates, University of Birmingham; Weizhao Jin, University of Southern California; Qifan Zhang, Palo Alto Networks; Yuhang Yao, Carnegie Mellon University; Salman Avestimehr, University of Southern California

Abstract: Federated Learning (FL) systems are susceptible to adversarial attacks, such as model poisoning attacks and backdoor attacks. Existing defense mechanisms face critical limitations in real-world deployments, such as relying on impractical assumptions (e.g., adversaries acknowledging the presence of attacks before attacking) or undermining accuracy in model training, even in benign scenarios. To address these challenges, we propose RedJasper, a two-staged anomaly detection method specifically designed for real-world FL deployments. It identifies suspicious activities in the first stage, then activates the second stage conditionally to further scrutinize the suspicious local models, employing the 3{\sigma} rule to identify real malicious local models and filtering them out from FL training. To ensure integrity and transparency within the FL system, RedJasper integrates zero-knowledge proofs, enabling clients to cryptographically verify the server's detection process without relying on the server's goodwill. RedJasper operates without unrealistic assumptions and avoids interfering with FL training in attack-free scenarios. It bridges the gap between theoretical advances in FL security and the practical demands of real-world deployment. Experimental results demonstrate that RedJasper consistently delivers performance comparable to benign cases, highlighting its effectiveness in identifying potential attacks and eliminating malicious models with high accuracy.