Main Page
This is the home page for our security reading group, known as SECRIT (SECurity Reading Is Terrific). The group is run by Elisa Tsai (eltsai) and Jonah Rosenblum (jonaher). Security reading meets every (other) Tuesday from 12:30 PM to 1:30 PM in 3901 for this academic year, but we might move back to 3725 BBB (the stained-glass conference room) next year. Since learning went remote due to COVID-19, the group has been meeting biweekly in a hybrid mode.
The format of the security reading group is that everyone reads the paper beforehand and we have a roundtable discussion of a paper picked by a member over lunch. We also begin each meeting with a 10-minute discussion of current events pertaining to computer security.
If you would like to sign up to recommend a paper, you can do so on this spreadsheet
If you would like to receive announcements and reminders pertaining to this group, subscribe to the security-reading list at https://mcommunity.umich.edu/#group:security-reading .
If you noticed any problems on this page, please contact the SECRIT admins.
Papers We've Read
| Date | Paper |
|---|---|
| Nov 29, 2022 | SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks
Presenter: Jonah Rosenblum |
| Nov 8, 2022 | Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture
Invited guest: Xinyu Tang |
| Oct 27, 2022 | Sigstore: Software Signing for Everyone
Invited guest: Zachary Newman |
| Sep 27, 2022 | ditto: WAN Traffic Obfuscation at Line Rate
Roland Meier, Vincent Lenders, Laurent Vanbever |
| Sep 13, 2022 | Is this model mine? On stealing and defending Machine Learning models.
Invited guest: Adam Dziedzic |
| March 29, 2022 | Zero-Knowledge Middleboxes
Paul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, Michael Walfish |
| Feb 8, 2022 | Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison
Zhongjie Wang, Shitong Zhu, Keyu Man, Pengxiong Zhu, Yu Hao, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, Michael J. De Lucia |
| Nov 16, 2021 | Weaponizing Middleboxes for TCP Reflected Amplification
Kevin Bock, Abdulrahman Alaraj, Yair Fax, Kyle Hurley, Eric Wustrow, Dave Levin |
| Oct 5, 2021 | How Great is the Great Firewall? Measuring China’s DNS Censorship
Nguyen Phong Hoang, Arian Akhavan Niaki, Jakub Dalek, Jeffrey Knockel, Pellaeon Lin, Bill Marczak, Masashi Crete-Nishihata, Phillipa Gill, Michalis Polychronakis |
| Sep 21, 2021 | PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop
Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, and Christian Weinert, TU Darmstadt |
| Sep 14, 2021 | Hopper: Modeling and Detecting Lateral Movement
Grant Ho, Mayank Dhiman, Devdatta Akhawe,Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner |
| May 11, 2021 | Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time
Trippel, Timothy and Shin, Kang G and Bush, Kevin B and Hicks, Matthew |
| April 20, 2021 | All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
Hagen, Christoph and Weinert, Christian and Sendner, Christoph and Dmitrienko, Alexandra and Schneider, Thomas |
| April 6, 2021 | Awakening the Web’s Sleeper Agents: Misusing Service Workers for Privacy Leakage
Karami, Soroush and Ilia, Panagiotis and Polakis, Jason |
| March 23, 2021 | To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media
Kaleli, Beliz and Kondracki, Brian and Egele, Manuel and Nikiforakis, Nick and Stringhini, Gianluca |
| March 9, 2021 | SiegeBreaker: An SDN Based Practical Decoy Routing System
Sharma, Piyush Kumar and Gosain, Devashish and Sagar, Himanshu and Kumar, Chaitanya and Dogra, Aneesh and Naik, Vinayak and Acharya, HB and Chakravarty, Sambuddho |
| February 23, 2021 | Examining Mirai's Battle over the Internet of Things
Griffioen, Harm and Doerr, Christian |
| February 9, 2021 | Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill
Lin, Xu and Ilia, Panagiotis and Polakis, Jason |
| January 26, 2021 | Manipulative tactics are the norm in political emails
Mathur, Arunesh and Wang, Angelina and Schwemmer, Carsten and Hamin, Maia and Stewart, Brandon M and Narayanan, Arvind |
| December 1, 2020 | Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC
Barradas, Diogo and Santos, Nuno and Rodrigues, Luis and Nunes, Vitor |
| November 17, 2020 | DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels
Man, Keyu and Qian, Zhiyun and Wang, Zhongjie and Zheng, Xiaofeng and Huang, Youjun and Duan, Haixin |
| November 3, 2020 | Trufflehunter: Cache Snooping Rare Domains at Large Public DNS Resolvers
Randall, Audrey and Liu, Enze and Akiwate, Gautam and Padmanabhan, Ramakrishna and Voelker, Geoffrey M and Savage, Stefan and Schulman, Aaron |
| October 13, 2020 | Censored Planet: An Internet-wide, Longitudinal Censorship Observatory (Practice Talk)
Sundara Raman, Ram and Shenoy, Prerana and Kohls, Katharina and Ensafi, Roya |
| September 29, 2020 | Composition Kills: A Case Study of Email Sender Authentication
Chen, Jianjun and Paxson, Vern and Jiang, Jian |
| September 15, 2020 | The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects
Ramsauer, Ralf and Bulwahn, Lukas and Lohmann, Daniel and Mauerer, Wolfgang |
| September 1, 2020 | ShadowMove: A Stealthy Lateral Movement Strategy
Niakanlahiji, Amirreza and Wei, Jinpeng and Alam, Md Rabbi and Wang, Qingyang and Chu, Bei-Tseng |
| August 18, 2020 | iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Applications
Tang, Zhushou and Tang, Ke and Xue, Minhui and Tian, Yuan and Chen, Sen and Ikram, Muhammad and Wang, Tielei and Zhu, Haojin |
| August 4, 2020 | A Comparative Measurement Study of Web Tracking on Mobile and Desktop Environments
Yang, Zhiju and Yue, Chuan |
| June 23, 2020 | Flaw Label: Exploiting IPv6 Flow Label
Berger, Jonathan and Klein, Amit and Pinkas, Benny |
| June 9, 2020 | This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
Markert, Philipp and Bailey, Daniel V and Golla, Maximilian and Durmuth, Markus and AviG, Adam J |
| May 26, 2020 | Watching the Watchers: Nonce-based Inverse Surveillance to Remotely Detect Monitoring
Roberts, Laura M and Plonka, David |
| May 12, 2020 | Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps
Zhao, Qingchuan and Zuo, Chaoshun and Dolan-Gavitt, Brendan and Pellegrino, Giancarlo and Lin, Zhiqiang |
| April 7, 2020 | Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators
Sherman, Imani N and Bowers, Jasmine D and McNamara Jr, Keith and Gilbert, Juan E and Ruiz, Jaime and Traynor, Patrick |
| March 31, 2020 | Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites
Watanabe, Takuya and Shioji, Eitaro and Akiyama, Mitsuaki and Mori, Tatsuya |
| March 10, 2020 | BLAG: Improving the Accuracy of Blacklists
Ramanathan, Sivaramakrishnan and Mirkovic, Jelena and Yu, Minlan |
| March 3, 2020 | Cdn judo: Breaking the cdn dos protection with itself
Guo, Run and Li, Weizhong and Liu, Baojun and Hao, Shuang and Zhang, Jia and Duan, Haixin and Shen, Kaiwen and Chen, Jianjun and Liu, Ying |
| February 18, 2020 | Measuring the deployment of network censorship filters at global scale
Sundara Raman, Ram and Stoll, Adrian and Dalek, Jakub and Ramesh, Reethika and Scott, Will and Ensafi, Roya |
| February 4, 2020 | Session Resumption Protocols and Efficient Forward Security for TLS 1.3 0-RTT
Aviram, Nimrod and Gellert, Kai and Jager, Tibor |
| February 18, 2020 | Measuring the deployment of network censorship filters at global scale
Sundara Raman, Ram and Stoll, Adrian and Dalek, Jakub and Ramesh, Reethika and Scott, Will and Ensafi, Roya |
| January 28, 2020 | A better zip bomb
Fifield, David |
| January 28, 2020 | A better zip bomb
Fifield, David |
| January 21, 2020 | Encrypted DNS ⇒ Privacy? A Traffic Analysis Perspective
Siby, Sandra and Juarez, Marc and Diaz, Claudia and Vallina-Rodriguez, Narseo and Troncoso, Carmela |
| December 17, 2019 | Evaluating Login Challenges as a Defense Against Account Takeover
Doerfler, Periwinkle and Thomas, Kurt and Marincenko, Maija and Ranieri, Juri and Jiang, Yu and Moscicki, Angelika and McCoy, Damon |
| November 26, 2019 | Conjure: Summoning Proxies from Unused Address Space
Frolov, Sergey and Wampler, Jack and Tan, Sze Chuen and Halderman, J Alex and Borisov, Nikita and Wustrow, Eric |
| November 19, 2019 | Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices
Moghaddam, Hooman Mohajeri and Acar, Gunes and Burgess, Ben and Mathur, Arunesh and Huang, Danny Yuxing and Feamster, Nick and Felten, Edward W and Mittal, Prateek and Narayanan, Arvind |
| November 12, 2019 | Geneva: Evolving Censorship Evasion Strategies
Bock, Kevin and Hughey, George and Qiang, Xiao and Levin, Dave |
| November 5, 2019 | Fallout: Leaking Data on Meltdown-resistant CPUs
Minkin, Marina |
| October 29, 2019 | Principled Unearthing of TCP Side Channel Vulnerabilities
Cao, Yue and Wang, Zhongjie and Qian, Zhiyun and Song, Chengyu and Krishnamurthy, Srikanth V and Yu, Paul |
| October 15, 2019 | All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems
Zeng, Kexiong Curtis and Liu, Shinan and Shu, Yuanchao and Wang, Dong and Li, Haoyu and Dou, Yanzhi and Wang, Gang and Yang, Yaling |
| October 1, 2019 | “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale
Reyes, Irwin and Wijesekera, Primal and Reardon, Joel and On, Amit Elazari Bar and Razaghpanah, Abbas and Vallina-Rodriguez, Narseo and Egelman, Serge |
| September 17, 2019 | IODINE: Verifying Constant-Time Execution of Hardware
Gleissenthall, Klaus v and Kici, Rami Gokhan and Stefan, Deian and Jhala, Ranji |
| September 10, 2019 | Detecting and Characterizing Lateral Phishing at Scale
Ho, Grant and Cidon, Asaf and Gavish, Lior and Schweighauser, Marco and Paxson, Vern and Savage, Stefan and Voelker, Geoffrey M and Wagner, David |
| September 3, 2019 | ICLab: A Global, Longitudinal Internet Censorship Measurement Platform
Arian Akhavan Niaki and Shinyoung Cho and Zachary Weinberg and Nguyen Phong Hoang and Abbas Razaghpanah and Nicolas Christin and Phillipa Gill |
| August 27, 2019 | Privacy Engineering in the Automotive Domain (Guest Talk)
Frank Kargl |
| August 20, 2019 | TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro |
| August 13, 2019 | 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System
Joel Reardon, Álvaro Feal, Primal Wijesekera, Narseo Vallina-Rodriguez, and Serge Egelman |
| August 6, 2019 | I never signed up for this! Privacy implications of email tracking
Steven Englehardt, Jeffrey Han, and Arvind Narayanan |
| July 23, 2019 | Robust Website Fingerprinting Through the Cache Occupancy Channel
Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, and Yuval Yarom |
| July 16, 2019 | Spoofing OpenPGP and S/MIME Signatures in Emails
Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel,Juraj Somorovsky, and Jörg Schwenk |
| July 9, 2019 | Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs
Eihal Alowaisheq, Peng Wang, Sumayah Alrwais, Xiaojing Liao, XiaoFeng Wang, Tasneem Alowaisheq, Xianghang Mi, Siyuan Tang, Baojun Liu |
| June 25, 2019 | SoK: Towards the Science of Security and Privacy in Machine Learning
Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, and Michael Wellman |
| June 18, 2019 | SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks
Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk Gulmezoglu, Thomas Eisenbarth, Berk Sunar |
| June 4, 2019 | Computing Arbitrary Functions of Encrypted Data
Craig Gentry |
| May 14, 2019 | Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized Microphone
Andrew Kwong, Wenyuan Xu, Kevin Fu |
| May 7, 2019 | SPHINX: A Password Store that Perfectly Hides Passwords from Itself
Maliheh Shirvanian, Stanislaw Jarecki, Hugo Krawczyk, Nitesh Saxena |
| April 23, 2019 | Perfect is the Enemy of Good: Setting Realistic Goals for BGP Security
Yossi Gilad, Tomas Hlavacek, Amir Herzberg, Michael Schapira, Haya Shulman |
| April 2, 2019 | Port Contention for Fun and Profit
Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García, Nicola Tuveri |
| March 26, 2019 | maTLS: How to Make TLS middlebox-aware?
Hyunwoo Lee, Zach Smith, Junghwan Lim, Gyeongjae Choi, Selin Chun, Taejoong Chung, Ted "Taekyoung" Kwon |
| March 19, 2019 | ExSpectre: Hiding Malware in Speculative Execution
Jack Wampler, Ian Martiny, Eric Wustrow |
| March 12, 2019 | Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications
Yangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, Guofei Gu |
| February 26, 2019 | Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)
Carlo Meijer, Bernard van Gastel |
| February 19, 2019 | The Learning with Errors Problem
Oded Regev |
| February 12, 2019 | Nemesis
Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich |
| February 5, 2019 | Securing Self-Virtualizing Ethernet Devices
Igor Smolyar, Muli Ben-Yehuda, and Dan Tsafrir |
| January 29, 2019 | Investigating sources of PII used in Facebook’s targeted advertising
Giridhari Venkatadri, Elena Lucherini, Piotr Sapiezynski, Alan Mislove |
| January 22, 2019 | Introduction to Post-Quantum Cryptography
Daniel J. Bernstein |
| January 15, 2019 | Mobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy Efficiency
Mohammadkazem Taram, Ashish Venkat, Dean Tullsen |
| December 11, 2018 | Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU
Pietro Frigo, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi |
| November 27, 2018 | Hacking Blind
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazieres, Dan Boneh |
| November 20, 2018 | Predicting Impending Exposure to Malicious Content from User Behavior
Mahmood Sharif, Jumpei Urakawa, Nicolas Christin, Ayumu Kubota, Akira Yamada |
| November 13, 2018 | Translation HoMonit: Monitoring Smart Home Apps from Encrypted Traffic
Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, Haojin Zhu |
| November 6, 2018 | CEASER: Mitigating Conflict-Based Cache Attacks via Encrypted-Address and Remapping
Moinuddin K. Qureshi |
| October 30, 2018 | Pisces: Anonymous Communication Using Social Networks
Prateek Mittal, Matthew Wright, Nikita Borisov |
| October 9, 2018 | Backtracking System Intrusions at Enterprise Scale
Adam Bates |
| October 2, 2018 | FPGA-Based Remote Power Side-Channel Attacks
Mark Zhao, G. Edward Suh |
| September 25, 2018 | Stealthy Malware Traffic – Not as Innocent as It Looks
Xingsi Zhong, Yu Fu, Lu Yu, Richard Brooks, G. Kumar Venayagamoorthy |
| September 18, 2018 | Lawful Device Access without Mass Surveillance Risk: A Technical Design Discussion
Stefan Savage |
| September 11, 2018 | Hiding Intermittent Information Leakage with Architectural Support for Blinking
Alric Althoff, Joseph McMahan, Luis Vega, Scott Davidson, Timothy Sherwood, Michael B. Taylor, and Ryan Kastner |
| September 4, 2018 | Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, Raoul Strackx |
| August 28, 2018 | Translation Leak-aside Buffer: Defeating Cache Side-channel Protections
Ben Gras, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida |
| August 7, 2018 | Rethinking Access Control and Authentication for the Home Internet of Things (IoT)
Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Durmuth, Earlence Fernandes, Blase Ur |
| July 31, 2018 | Practical Accountability of Secret Processes
Jonathan Frankle, Sunoo Park, Daniel Shaar, Shafi Goldwasser, and Daniel Weitzner |
| July 24, 2018 | With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning
Bolun Wang, Yuanshun Yao, Bimal Viswanath, Haitao Zheng, Ben Y. Zhao |
| July 17, 2018 | Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016
Ada Lerner, Anna Kornfeld Simpson, Tadayoshi Kohno, and Franziska Roesner |
| July 10, 2018 | Privacy Pass: Bypassing Internet Challenges Anonymously
Alex Davidson, Ian Goldberg, Nick Sullivan, George Tankersley, and Filippo Valsorda |
| June 26, 2018 | An Empirical Analysis of Anonymity in Zcash
George Kappos, Haaroon Yousaf, Mary Maller, and Sarah Meiklejohn |
| June 19, 2018 | 2018 Verizon Data Breach Investigation Report |
| June 5, 2018 | The Spyware Used in Intimate Partner Violence
Rahul Chatterjee, Periwinkle Doerfler, Hadas Orgad, Sam Havron, Jackeline Palmer, Diana Freed, Karen Levy, Nicola Dell, Damon McCoy, Thomas Ristenpart |
| May 29, 2018 | Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk |
| May 22, 2018 | General Data Protection Regulation Discussion |
| May 15, 2018 | A Socratic method for validation of measurement-based networking research
Balachander Krishnamurthy, Walter Willinger, Phillipa Gill, Martin Arlitt |
| May 8, 2018 | Understanding Linux Malware
Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti |
| May 1, 2018 | What Did I Really Vote For? On the Usability of Verifiable E-Voting Schemes
Karola Marky, Oksana Kulyk, Karen Renaud, Melanie Volkamer |
| April 24, 2018 | Tracking Ransomware End-to-end
Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Kylie McRoberts, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Alex C. Snoeren, Damon McCoy |
| April 17, 2018 | Privacy Risks with Facebook’s PII-based Targeting: Auditing a Data Broker’s Advertising Interface
Giridhari Venkatadri, Athanasios Andreou, Yabing Liu, Alan Mislove, Krishna P. Gummadi, Patrick Loiseau, Oana Goga |
| April 10, 2018 | Inferring Internet Denial-of-Service Activity
David Moore, Geoffrey M. Voelker and Stefan Savage |
| April 3, 2018 | Tempest: Temporal Dynamics in Anonymity Systems
Ryan Wails, Yixin Sun, Aaron Johnson, Mung Chiang, and Prateek Mittal |
| March 27, 2018 | End-to-End Arguments in System Design
J.H. Saltzer, D.P. Reed, and D.D. Clark |
| March 20, 2018 | Unpacking Perceptions of Data-Driven Inferences Underlying Online Targeting and Personalization
Claire Dolin, Ben Weinshel, Shawn Shan, Chang Min Hahn, Euirim Choi, Michelle L. Mazurek, Blase Ur |
| March 13, 2018 | Why Johnny Doesn’t Use Two Factor A Two-Phase Usability Study of the FIDO U2F Security Key
Sanchari Das, Andrew Dingman, L Jean Camp |
| March 6, 2018 | The Rules of Engagement for Bug Bounty Programs
Aron Laszka, Mingyi Zhao, Akash Malbari, and Jens Grossklags |
| February 20, 2018 | A Computer Security and Privacy for Refugees in the United States
Lucy Simko, Ada Lerner, Samia Ibtasam, Franziska Roesnerand Tadayoshi Kohno |
| February 13, 2018 | Large-scale Analysis of Content Modification by Open HTTP Proxies
Giorgos Tsirantonakis, Panagiotis Ilia, Sotiris Ioannidis, Elias Athanasopoulos, Michalis Polychronakis |
| January 30, 2018 | When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries
Aylin Caliskan, Fabian Yamaguchi, Edwin Dauber, Richard Harang, Konrad Rieck, Rachel Greenstadt, and Arvind Narayanan |
| January 23, 2018 | POISED: Spotting Twitter Spam Off the Beaten Paths
Shirin Nilizadeh, François Labrèche, Alireza Sedighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna |
| January 16, 2018 | Tripwire: Inferring Internet Site Compromise
Joe DeBlasio, Stefan Savage, Geoffrey M. Voelker and Alex C. Snoeren |
| January 9, 2018 | Meltdown & Spectre
Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom |
| December 19, 2017 | Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem
Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, Phillipa Gill |
| December 12, 2017 | Economic Factors of Vulnerability Trade and Exploitation
Luca Allodi |
| December 5, 2017 | Inferring BGP Blackholing Activity in the Internet
Vasileios Giotsas, Georgios Smaragdakis, Christoph Dietzel, Philipp Richter, Anja Feldmann, Arthur Berger |
| November 28, 2017 | Exploring ADINT: Using Ad Targeting for Surveillance on a Budget — or — How Alice Can Buy Ads to Track Bob
Paul Vines, Franziska Roesner, and Tadayoshi Kohno |
| November 21, 2017 | Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing
Peter Snyder, Periwinkle Doerfler, Chris Kanich, Damon McCoy |
| November 14, 2017 | Ethical issues in research using datasets of illicit origin
Daniel R. Thomas, Sergio Pastrana, Alice Hutchings, Richard Clayton, Alastair R. Beresford |
| November 7, 2017 | The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas |
| October 31, 2017 | Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
Mathy Vanhoef, Frank Piessens |
| October 24, 2017 | Hacking in Darkness: Return-oriented Programming against Secure Enclaves
Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, Brent Byunghoon Kang |
| October 17, 2017 | The Web Centipede: Understanding How Web Communities Influence Each Other Through the Lens of Mainstream and Alternative News Sources
Savvas Zannettou, Tristan Caulfield, Emiliano De Cristofaro, Nicolas Kourtellis, Ilias Leontiadis, Michael Sirivianos, Gianluca Stringhini, and Jeremy Blackburn |
| October 10, 2017 | I never signed up for this! Privacy implications of email tracking
Steven Englehardt, Jeffrey Han, and Arvind Narayanan |
| October 3, 2017 | Where the Wild Warnings Are
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz |
| September 26, 2017 | Online Tracking: A 1-million-site Measurement and Analysis
Steven Englehardt, Arvind Narayanan |
| September 19, 2017 | MCMix: Anonymous Messaging via Secure Multiparty Computation
Nikolaos Alexopoulos, Aggelos Kiayias, Riivo Talviste, Thomas Zacharias |
| September 12, 2017 | Same-Origin Policy: Evaluation in Modern Browsers
Jörg Schwenk, Marcus Niemietz, and Christian Mainka |
| September 5, 2017 | SoK: Fraud In Telephony Networks
Merve Sahin, Aurelien Francillon, Payas Gupta, Mustaque Ahamad |
| August 29, 2017 | Reverse Engineering x86 Processor Microcode
Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Christof Paar, and Thorsten Holz |
| August 22, 2017 | Detecting Credential Spearphishing Attacks in Enterprise Settings
Grant Ho, Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner |
| August 15, 2017 | Cancelled for USENIX |
| August 8, 2017 | Characterizing the Nature and Dynamics of Tor Exit Blocking
Rachee Singh, Rishab Nithyanand, Sadia Afroz, Paul Pearce, Michael Carl Tschantz, Phillipa Gill, Vern Paxson |
| August 1, 2017 | Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers
Tobias Lauinger, Abdelberi Chaabane, Ahmet Salih Buyukkayhan, Kaan Onarlioglu, William Robertson |
| July 25, 2017 | Measuring HTTPS Adoption on the Web
Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, Parisa Tabriz |
| July 18, 2017 | A Longitudinal, End-to-End View of the DNSSEC Ecosystem
Taejoong Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson |
| July 11, 2017 | Certificate Transparency with Privacy
Saba Eskandarian, Eran Messeri, Joseph Bonneau, and Dan Boneh |
| June 27, 2017 | How to Learn Klingon Without a Dictionary: Detection and Measurement of Black Keywords Used by the Underground Economy
Hao Yang, Xiulin Ma, Kun Du, Zhou Li, Haixin Duan, Xiaodong Su, Guang Liu, Zhifeng Geng, and Jianping Wu |
| June 20, 2017 | Systematizing Decentralization and Privacy: Lessons from 15 years of research and deployments
Carmela Troncoso, George Danezis, Marios Isaakidis, and Harry Halpin |
| June 13, 2017 | Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate
Karthikeyan Bhargavan, Bruno Blanchet, Nadim Kobeissi |
| June 6, 2017 | SeaGlass: Enabling City-Wide IMSI-Catcher Detection
Peter Ney, Ian Smith, Gabriel Cadamuro, Tadayoshi Kohno |
| May 30, 2017 | Obstacles to the Adoption of Secure Communication Tools
Ruba Abu-Salma, Anastasia Danilova, M. Angela Sasse, Alena Naiakshina, Joseph Bonneau, Matthew Smith |
| May 23, 2017 | The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services
Iskander Sanchez-Rola, Davide Balzarotti, Igor Santos |
| May 16, 2017 | WannaCry Discussion |
| May 9, 2017 | How Public Is My Private Life? Privacy in Online Dating
Camille Cobb, Tadayoshi Kohno |
| May 2, 2017 | Social Engineering Attacks on Government Opponents: Target Perspectives
William R. Marczak, Vern Paxson |
| April 25, 2017 | The Future of Ad Blocking: An Analytical Framework and New Techniques
Grant Storey, Dillon Reisman, Jonathan Mayer, Arvind Narayanan |
| April 18, 2017 | To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild
Brown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh Dharmdasani, Haikuo Yin, Stevens Le Blondk, Damon McCoy, Kirill Levchenko |
| April 11, 2017 | SoK: Exploiting Network Printers
Jens Müller, Vladislav Mladenov, Juraj Somorovsky |
| March 28, 2017 | SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit
Cormac Herley, P.C. van Oorschot |
| March 21, 2017 | A Methodology Towards Reproducible Analyses of TLS Datasets
Olivier Levillain, Maxence Tury, Nicolas Vivet |
| March 14, 2017 | SSH over Robust Cache Covert Channels in the Cloud
Clementine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Kay Romer, Stefan Mangard |
| March 7, 2017 | Scaling Dynamic Searchable Encryption to Millions of Indexes By Improving Locality
Ian Miers, Payman Mohassel |
| February 21, 2017 | Uncovering Fake Base Stations at Scale in the Wild
Zhenhua Li, Weiwei Wang, Christo Wilson, Jian Chen, Chen Qian,Taeho Jung, Lan Zhang, Kebin Liu, Xiangyang Li, Yunhao Liu |
| February 14, 2017 | A Large-scale Analysis of the Mnemonic Password Advice
Johannes Kiesel, Benno Stein, Stefan Lucks |
| February 7, 2017 | Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
Najmeh Miramirkhani, Oleksii Starov, Nick Nikiforakis |
| January 31, 2017 | The Effect of DNS on Tor’s Anonymity
Benjamin Greschbach, Tobias Pulls,Laura M. Roberts, Philipp Winter, Nick Feamster |
| January 24, 2017 | Blocking-resistant Communication Through Domain Fronting
David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson |
| January 17, 2017 | Eclipse Attacks on Bitcoin’s Peer-to-Peer Network
Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg |
| January 3, 2017 | How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior
Elissa M. Redmiles, Sean Kross, Michelle L. Mazurek |
| December 20, 2016 | WireGuard: Next Generation Kernel Network Tunnel
Jason A. Donenfeld |
| November 29, 2016 | Should You Use the App for That?: Comparing the Privacy Implications of App- and Web-based Online Services
Christophe Leung, Jingjing Ren, David Choffnes, Christo Wilson |
| November 22, 2016 | Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement
Cecylia Bocovich, Ian Goldberg |
| November 15, 2016 | Shuffler: Fast and Deployable Continuous Code Re-Randomization
David Williams-King, Graham Gobieski, Kent Williams-King, James P. Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P. Kemerlis, Junfeng Yang, William Aiello |
| November 8, 2016 | STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System
Susan Bell, Josh Benaloh, Michael D. Byrne, Dana DeBeauvoir, Bryce Eakin, Gail Fisher, Philip Kortum, Neal McBurnett, Julian Montoya, Michelle Parker, Olivier Pereira, Philip B. Stark, Dan S. Wallach, Michael Winn |
| October 25, 2016 | Indiscreet Logs: Persistent Diffie-Hellman Backdoors in TLS
Kristen Dorey, Nicholas Chang-Fong, Aleksander Essex |
| October 18, 2016 | What Happens After You Are Pwnd: Understanding the Use of Leaked Webmail Credentials in the Wild
Jeremiah Onaolapo, Enrico Mariconti, and Gianluca Stringhini |
| October 11, 2016 | Measuring and Applying Invalid SSL Certificates: The Silent Majority
Taejoong Chung, Yabing Liu, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson |
| October 4, 2016 | A Comprehensive Measurement Study of Domain Generating Malware
Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader |
| September 27, 2016 | Making USB Great Again with usbfilter
Dave (Jing) Tian, Nolen Scaife, Adam Bates, Kevin R. B. Butler, and Patrick Traynor |
| September 20, 2016 | An Empirical Study of Textual Key-Fingerprint Representations
Sergej Dechand, Dominik Schürmann, Karoline Busse, Yasemin Acar, Sascha Fahl and Matthew Smith |
| September 13, 2016 | Lock It and Still Lose It—On the (In)Security of Automotive Remote Keyless Entry Systems
Flavio D. Garcia, David Oswald, Timo Kasper and Pierre Pavlidès, |
| September 6, 2016 | Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor |
| August 30, 2016 | The Million-Key Question—Investigating the Origins of RSA Public Keys
Petr Švenda, Matúš Nemec, Peter Sekan, Rudolf Kvašňovský, David Formánek, David Komárek, and Vashek Matyáš |
| August 23, 2016 | Post-quantum Key Exchange—A New Hope
Erdem Alkim, Léo Ducas, Thomas Pöppelmann, Peter Schwabe |
| August 9 & 16, 2016 | No paper. |
| August 2, 2016 | Riffle: An Efficient Communication System With Strong Anonymity
Albert Kwon, David Lazar, Srinivas Devadas, and Bryan Ford |
| July 19, 2016 | Access Denied! Contrasting Data Access in the United States and Ireland
Samuel Grogan and Aleecia M. McDonald |
| June 9, 2015 | Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks
Pierre-Antoine Vervier, Olivier Thonnard and Marc Dacier |
| June 2, 2015 | Why Wassenaar Arrangement's Definitions of Intrusion Software and Controlled Items Put Security Research and Defense At Risk And How To Fix It, What Is the U.S. Doing About Wassenaar, and Why Do We Need to Fight It?
Sergey Bratus, D J Capelis, Michael Locasto and Anna Shubina; Nate Cardozo and Eva Galperin |
| May 26, 2015 | Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google
Joseph Bonneau, Elie Bursztein, Ilan Caron, Rob Jackson and Mike Williamson |
| May 12, 2015 | Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos and Moheeb Abu Rajab |
| April 28, 2015 | FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen
US GAO |
| April 21, 2015 | Optimizing TLS for High–Bandwidth Applications in FreeBSD
Randall Stewart, John-Mark Gurney and Scott Long |
| April 14, 2015 | How Secure and Quick is QUIC? Provable Security and Performance Analyses
Robert Lychev, Samuel Jero, Alexandra Boldyreva, and Cristina Nita-Rotaru |
| April 7, 2015 | What the App is That? Deception and Countermeasures in the Android User Interface
Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel and Giovanni Vigna |
| March 31, 2015 | SoK: Secure Messaging
Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg and Matthew Smith |
| March 24, 2015 | Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface
Stephen Checkoway and Hovav Shacham |
| March 17, 2015 | A Messy State of the Union: Taming the Composite State Machines of TLS
Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub and Jean Karim Zinzindohoue |
| March 10, 2015 | Surreptitiously Weakening Cryptographic Systems
Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno and Thomas Ristenpart |
| February 24, 2015 | Code Reuse Attacks in PHP
Johannes Dahse, Nikolai Krein, and Thorsten Holz |
| February 17, 2015 | The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan and Claudia Diaz |
| February 10, 2015 | Internet of Things: Privacy and Security in Connected World
FTC Report |
| February 3, 2015 | Enhanced Certificate Transparency and End-to-end Encrypted Mail
Mark Ryan |
| January 27, 2015 | Information Leaks without Memory Disclosures
Jeff Seibert, Hamed Okhravi, and Eric Söderström |
| January 20, 2015 | DP5: A Private Presence Service
Nikita Borisov, George Danezis and Ian Goldberg |
| January 13, 2015 | The Emperor's New API's: On the (In)Secure Usage of New Client-Side Primitives
Steve Hanna, Eui Chul Richard Shin, Devdatta Akhawe, Arman Boehm, Prateek Saxena and Dawn Song |
| December 9, 2014 | Securing SSL Certificate Verification through Dynamic Linking
Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Dave Tian, Kevin R.B. Butler and Abdulrahman Alkhelaifi |
| December 2, 2014 | Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on The Internet
Steven M. Bellovin, Matt Blaze, Sandy Clark and Susan Landau |
| November 18, 2014 | On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records
Sambuddho Chakravarty, Marco V. Barbera, Georgios Portokalidis, Michalis Polychronakis and Angelos D. Keromytis |
| November 11, 2014 | Moving Targets: Security and Rapid-Release in Firefox
Sandy Clark, Michael Collis, Matt Blaze, and Jonathan M. Smith |
| October 28, 2014 | From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation
Frederico Araujo, Kevin W. Hamlen, Sebastian Biedermann, and Stefan Katzenbeisser |
| October 21, 2014 | Analaysis of SSL Certificate Reissues and Recocations in the Wake of Heartbleed
Liang Zhang, David Choffnes, Dave Levin, Tudor Dumitras, Alan Mislove, Aaron Schulman and Christo Wilson |
| October 7, 2014 | ROP is Still Dangerous - Breaking Modern Defenses
Nicholas Carlini and David Wagner |
| September 30, 2014 | From the Aether to the Ethernet – Attacking the Internet using Broadcast Digital Television
Yossef Oren and Angelos D. Keromytis |
| September 23, 2014 | On the Practical Exploitability of Dual EC in TLS Implementations
Stephen Checkoway, Matthew Fredrikson, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Ristenpart, Daniel J. Bernstein, Jake Maskiewicz and Hovav Shacham |
| September 16, 2014 | Exit from Hell? Reducing the Impact of Amplification DDoS Attacks
Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz |
| September 9, 2014 | Gyrophone: Recognizing Speech from Gyroscope Signals
Yan Michalevsky and Dan Boneh |
| August 26, 2014 | Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs
Daniel Genkin, Itamar Pipman, and Eran Tromer |
| August 19, 2014 | Hacking Blind
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazieres, and Dan Boneh |
| August 12, 2014 | RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 |
| August 5, 2014 | Spoiled Onions: Exposing Malicious Tor Exit Relays
Philipp Winter, Richard Köwer, Martin Mulazzani, Markus Huber, Sebastian Schrittwieser, Stefan Lindskog, and Edgar Weipp |
| July 29, 2014 | When Governments Hack Opponents: A Look at Actors and Technology
William R. Marczak, John Scott-Railton, Morgan Marquis-Boire, and Vern Paxson |
| July 22, 2014 | Framing Signals—A Return to Portable Shellcode
Erik Bosman and Herbert Bos |
| July 15, 2014 | Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings
Ajaya Neupane, Nitesh Saxena, Keya Kuruvilla, Michael Georgescu, and Rajesh Kana. |
| July 8, 2014 | When HTTPS Meets CDN: A Case of Authentication in Delegated Service
Liang, J., Jiang, J., Duan, H., Li, K., Wan, T., Wu, J. |
| July 1, 2014 | Nazca: Detecting Malware Distribution in Large-Scale Networks
Invernizzi, L., Lee, S. J., Miskovic, S., Mellia, M., Torres, R., Kruegel, C., Saha, S., Vigna, G. |
| June 24, 2014 | SNARKSs for C: Verifying Program Execution Succinctly and in Zero Knowledge
Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M. |
| June 17, 2014 | Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains
Mikens, J. |
| June 10, 2014 | Chip and Skim: Cloning EMV Cards with the Pre-Play Attack
Bond, M., Choudary, O., Murdoch, S., Skorobogatov, S., Anderson, R. |
| June 3, 2014 | Zerocash: Decentralized Anonymous Payments from Bitcoin
Ben-Sasson, E., Chiesa, A., Garma, C., Green, M., Miers, I., Tromer, E., Virza, M. |
| May 27, 2014 | Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS
Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Alfredo Pironti and Pierre-Yves Strub |
| May 20, 2014 | Analyzing Forged SSL Certificates in the Wild
Huang, L. S., Rice, A., Ellingsen, E., & Jackson, C. Analyzing Forged SSL Certificates in the Wild. |
| May 13, 2014 | mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations
Heiderich, M., Schwenk, J., Frosch, T., Magazinius, J., & Yang, E. Z. (2013, November). mXSS attacks: attacking well-secured web-applications by using innerHTML mutations. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (pp. 777-788). ACM. |
| May 6, 2014 | Towards Automatic Software Lineage Inference
Jang, J., Woo, M., & Brumley, D. (2013, August). Towards automatic software lineage inference. In Proceedings of the 22nd USENIX conference on Security (pp. 81-96). USENIX Association. |
| March 25, 2014 | On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency
Courtois, N. T., & Bahack, L. (2014). On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency. arXiv preprint arXiv:1402.1718. |
| March 18, 2014 | PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces
Templeman, R., Korayem, M., Crandall, D., & Kapadia, A. (2014). PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces. |
| March 11, 2014 | Copker: Computing with Private Keys without RAM
Guan, L., Lin, J., Luo, B., & Jing, J. (2014). Copker: Computing with Private Keys without RAM. |
| March 4, 2014 | Auditable Version Control Systems
Bo Chen, Reza Curtmola (New Jersey Institute of Technology) |
| February 25, 2014 | Toward Black-Box Detection of Logic Flaws in Web Applications
Giancarlo Pellegrino, Davide Balzarotti (EURECOM, France) |
| February 18, 2014 | ROPecker: A Generic and Practical Approach for Defending Against ROP Attacks
Yueqiang Cheng‡, Zongwei Zhou*, Miao Yu*, Xuhua Ding‡, Robert H. Deng‡ * Carnegie Mellon University ‡ Singapore Management University |
| February 11, 2014 | The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network
Rob Jansen* , Florian Tschorsch‡, Aaron Johnson* , Bjorn Scheuermann‡ * U.S. Naval Research Laboratory ‡ Humboldt University of Berlin, Germany |
| February 4, 2014 | Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares
Zaddach, J., Bruno, L., Francillon, A., & Balzarotti, D. (2010). AVATAR: A framework to support dynamic security analysis of embedded system's firmwares. IEEE Transactions on Software Engineering, 36(4). |
| January 28, 2014 | Botcoin: Monetizing Stolen Cycles
Huang, D. Y., Dharmdasani, H., Meiklejohn, S., Dave, V., Grier, C., McCoy, D., ... & Levchenko, K. (2014). Botcoin: monetizing stolen cycles. In Proceedings of NDSS (Vol. 2014). |
| January 21, 2014 | Model-Based Evaluation of GPS Spoofing Attacks on Power Grid Sensors
Akkaya, I., Lee, E. A., & Derler, P. (2013, May). Model-based evaluation of GPS spoofing attacks on power grid sensors. In Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES), 2013 Workshop on (pp. 1-6). IEEE. |
| January 7, 2014 | CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers
Antonio Nappa, Zhaoyan Xu, M. Zubair Rafique, Juan Caballero, Guofei Gu |
| Nov 26, 2013 | GOTCHA Password Hackers!
Jeremiah Blocki, Manuel Blum, Anupam Datta (Carnegie Mellon University) |
| Nov 19, 2013 | Ed Felton Discussion |
| Nov 12, 2013 | On the Security of RC4 in TLS
Nadhem AlFardan (University of London), Daniel J. Bernstein (University of Illinois at Chicago and Technische Universiteit Eindhoven), Kenneth G. Paterson, Bertram Poettering, Jacob C.N. Schuldt (University of London) |
| Nov 5, 2013 | SAuth: Protecting User Accounts from Password Database Leaks,
RFC 6749: The OAuth 2.0 Authorization Framework Georgios Kontaxis, Elias Athanasopoulos (Columbia University), Georgios Portokalidis (Stevens Inst. of Technology), Angelos D. Keromytis (Columbia University) |
| Oct 29, 2013 | Take This Personally: Pollution Attacks on Personalized Services
Xinyu Xing, Wei Meng, Dan Doozan (Georgia Institute of Technology), Alex C. Snoeren (University of California, San Diego), Nick Feamster, Wenke Lee (Georgia Institute of Technology) |
| Oct 22, 2013 | Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
Istvan Haller, Asia Slowinska (VU University Amsterdam), Matthias Neugschwandtner (Vienna University of Technology), Herbert Bos (VU University Amsterdam) |
| Oct 15, 2013 | |
| Oct 8, 2013 | Silk Road New York Trial Document, |
| Oct 1, 2013 | Stealthy Dopant-Level Hardware Trojans
Georg T. Becker (UMASS Amherst), Francesco Regazzoni (TU Delft and ALaRI, University of Lugano), Christof Paar (UMASS Amherst), Wayne P. Burleson (UMASS Amherst), CHES 2013. |
| Sep 24, 2013 | Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
Aaron Johnson (U.S. Naval Research Laboratory), Chris Wacek (Georgetown University), Rob Jansen (U.S. Naval Research Laboratory), Micah Sherr (Georgetown University), Paul Syverson (U.S. Naval Research Laboratory), CCS 2013 |
| Sep 17, 2013 | Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse
Kurt Thomas (UC Berkeley and Twitter), Damon McCoy (George Mason University), Chris Grier (UC Berkeley and International Computer Science Institute), Alek Kolcz (Twitter), Vern Paxson (UC Berkeley and International Computer Science Institute), USENIX 2013. |
| Sep 10, 2013 | Control Flow Integrity for COTS Binaries
Mingwei Zhang, R. Sekar (Stony Brook University), USENIX 2013. |
| Sep 3, 2013 | Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation
Frank Imeson, Ariq Emtenan, Siddharth Garg, Mahesh V. Tripunitara (University of Waterloo), USENIX 2013. |
| Aug 27, 2013 | |
| Aug 20, 2013 | |
| Aug 13, 2013 | |
| Aug 6, 2013 | |
| July 30, 2013 | Measuring the practical impact of DNSSEC Deployment
Wilson Lian (UC San Diego), Eric Rescorla (RTFM, Inc.), Hovav Shacham, Stefan Savage (UC San Diego), USENIX 2013. |
| July 16, 2013 | seL4: from General Purpose to a Proof of Information Flow Enforcement
Toby Murray, Daniel Matichuk, Matthew Brassil, Peter Gammie, Timothy Bourke, Sean Seefried, Corey Lewis, Xin Gao, Gerwin Klein (NICTA), IEEE S&P 2013. |
| July 9, 2013 | PRIVEXEC: Private Execution as an Operating System Service
Kaan Onarlioglu, Collin Mulliner, William Robertson and Engin Kirda (Northeastern), IEEE S&P 2013. |
| July 2, 2013 | ObliviStore: High Performance Oblivious Cloud Storage
Emil Stefanov (UC Berkeley), Elaine Shi (Maryland), IEEE S&P 2013. |
| June 25, 2013 | Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization
Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann (University of Luxembourg), IEEE S&P 2013. |
| June 18, 2013 | Breakthrough silicon scanning discovers backdoor in military chip
Sergei Skorobogatov (Cambridge), Christopher Woods (Quo Vadis Labs), CHES 2012. |
| June 11, 2013 | Hiding Information in Flash Memory
Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh (Cornell), IEEE S&P 2013. |
| June 4, 2013 | The Crossfire Attack
Min Suk Kang, Soo Bum Lee, Virgil D. Gligor (CMU), IEEE S&P 2013. |
| May 28, 2013 | Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization
Kevin Z. Snow, Fabian Monrose (University of North Carolina), Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Ahmad-Reza Sadeghi (CASED/Technische Universitat Darmstadt), IEEE S&P 2013. |
| May 21, 2013 | Honeywords: Making Password-Cracking Detectable
Ari Juels (RSA Labs), Ronald L. Rivest (MIT CSAIL). |
| May 14, 2013 | SoK: Eternal War in Memory
Laszlo Szekeres(Stony Brook University), Mathias Payerz, Tao Weiz, Dawn Song (UCB), IEEE S&P 2013. |
| May 7, 2013 | A Scanner Darkly: Protecting User Privacy From Perceptual Applications
Suman Jana (UT Austin), Arvind Narayanany (Princeton), Vitaly Shmatikov (UT Austin), IEEE S&P 2013. |
| Apr 30, 2013 | Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting
Nick Nikiforakis(1), Alexandros Kapravelosy(2), Wouter Joosen(1), Christopher Kruegely(2), Frank Piessens(1), Giovanni Vigna(2); (1) iMinds-DistriNet, (2) UCSB, IEEE S&P 2013. |
| Apr 23, 2013 | SkyNET: a 3G-enabled mobile attack drone and stealth botmaster
Theodore Reed, Joseph Geis, Sven Dietrich (Stevens Institute of Technology) USENIX WOOT'11. |
| Apr 16, 2013 | Zerocoin: Anonymous Distributed E-Cash from Bitcoin
Ian Miers, Christina Garman, Matthew Green, Aviel D. Rubin (Johns Hopkins) IEEE S&P 2013. |
| Apr 9, 2013 | Anon-Pass: Practical Anonymous Subscriptions
Michael Z. Lee, Alan M. Dunn, Brent Waters, Emmett Witchel (University of Texas at Austin), Jonathan Katz (University of Maryland) IEEE S&P 2013. |
| Apr 2, 2013 | I can be You: Questioning the use of Keystroke Dynamics as Biometrics
Tey Chee Meng, Payas Gupta, Debin Gao (Singapore Management University) NDSS 2013. |
| Mar 26, 2013 | SoK: Secure Data Deletion
Joel Reardon, David Basin, Srdjan Capkun (ETH Zurich) Oakland 2013. |
| Mar 19, 2013 | PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs
Damon McCoy (2), Andreas Pitsillidis (1), Grant Jordan (1), Nicholas Weaver (1,3), Christian Kreibich (1,3), Brian Krebs (4), Geoffrey M. Voelker (1), Stefan Savage (1), Kirill Levchenko (1). (1) UCSD, (2) George Mason, (3) International Computer Science Institute, (4) KrebsOnSecurity.com. USENIX Security 2012. |
| Mar 12, 2013 | Vanity, Cracks and Malware: Insights into the Anti-Copy Protection Ecosystem
Markus Kammerstetter, Christian Platzer, and Gilbert Wondracek (Vienna University of Technology) ACM CCS 2012. |
| Mar 5, 2013 | The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
Joseph Bonneau (University of Cambridge), Cormac Herley (Microsoft Research), Paul C. van Oorschot (Carleton University), Frank Stajanoy (University of Cambridge) IEEE S&P 2012. |
| Feb 26, 2013 | Hourglass Schemes: How to Prove that Cloud Files Are Encrypted
Marten van Dijk (1), Ari Juels (1), Alina Oprea (1), Ronald L. Rivest (2), Emil Stefanov (3), Nikos Triandopoulos (1). (1) RSA Laboratories, (2) MIT, (3) UC Berkeley. ACM CCS 2012. |
| Feb 19, 2013 | Going Bright: Wiretapping without Weakening Communications Infrastructure
Steven M. Bellovin (Columbia University), Matt Blaze (University of Pennsylvania), Sandy Clark (University of Pennsylvania), Susan Landau (Privacy Ink) IEEE S&P 2011. |
| Feb 12, 2013 | Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
Nadhem J. AlFardan and Kenneth G. Paterson (Royal Holloway, University of London) 2013. |
| Sep 26, 2012 | Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider
Ariel J. Feldman, Aaron Blankstein, Michael J. Freedman, and Edward W. Felten (Princeton University) USENIX Security 2012. |
| Sep 19, 2012 | Distinguishing Users with Capacitative Touch Communication
Tam Vu, Akash Baid, Simon Gao, Marco Gruteser, Richard Howard, Janne Lindqvist, Predrag Spasojevic and Jeffrey Walling (Rutgers University) MobiCom 2012. |
| Sep 12, 2012 | Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks
Hristo Bojinov (Stanford), Daniel Sanchez, Paul Reber (Northwestern), Dan Boneh (Stanford), and Patrick Lincoln (SRI) USENIX Security 2012. |
| Sep 5, 2012 | Memento: Learning Secrets from Process Footprints
Suman Jana and Vitaly Shmatikov. U. of Texas Austin. IEEE S&P 2012. |
| Aug 30, 2012 | On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces
Ivan Martinovic (1), Doug Davies (2), Mario Frank (2), Daniele Perito (2), Tomas Ros (3), Dawn Song (2). (1) University of Oxford, (2) UC Berkeley, (3) University of Geneva. USENIX Security 2012. |
| Aug 23, 2012 | Clickjacking: Attacks and Defenses
Lin-Shung Huang (1), Alex Moshchuk (2), Helen J. Wang (2), Stuart Schechter (2), and Collin Jackson (1). (1) CMU (2) MSR. USENIX Security 2012. |
| Jul 12, 2012 | Aurasium: Practical Policy Enforcement for Android Applications
Rubin Xu (1), Hassen Saidi (2), and Ross Anderson (1). (1) Cambridge (2) SRI International. USENIX Security 2012. |
| Jun 28, 2012 (Canceled) | Prudent Practices for Designing Malware Experiments: Status Quo and Outlook
Christian Rossow (1,4), Christian J. Dietrich (1), Chris Grier (3,2), Christian Kreibich (3,2), Vern Paxson (3,2), Norbert Pohlmann (1), Herbert Bos (4), and Maarten van Steen (4). (1) Institute for Internet Security, Gelsenkirchen (2) UC Berkeley (3) International Computer Science Institute, Berkeley (4) VU University Amsterdam, The Network Institute. IEEE S&P 2012. |
| Jun 14, 2012 | Using Replicated Execution for a More Secure and Reliable Web Browser
Hui Xue, Nathan Dautenhahn, Samuel T. King. UIUC. NDSS 2012. |
| Apr 17, 2012 | User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
Franziska Roesner (1), Tadayoshi Kohno (1), Alexander Moshchuk (2), Bryan Parno (2), Helen J. Wang (2), and Crispin Cowan (2). (1) University of Washington (2) MSR (3) Microsoft. IEEE S&P 2012. |
| Apr 10, 2012 | The Case for Prefetching and Prevalidating TLS Server Certificates
Emily Stark (1), Lin-Shung Huang (2), Dinesh Israni (2), Collin Jackson (2) and Dan Boneh (3). (1) MIT (2) CMU (3) Stanford. NDSS 2012. |
| Apr 3, 2012 | Ghost Domain Names: Revoked Yet Still Resolvable
Jian Jiang (1), Jinjin Liang (1), Kang Li (2), Jun Li (3), Haixin Duan (1), and Jianping Wu (1). (1) Tsinghua University (2) University of Georgia (3) University of Oregon. NDSS 2012. |
| Mar 27, 2012 | Persistent OSPF Attacks
Gabi Nakibly (1), Alex Kirshon (2), Dima Gonikman (2), and Dan Boneh (3). (1) Rafael (2) Technion – Israel Institute of Technology (3) Stanford. NDSS 2012. |
| Mar 20, 2012 | Host Fingerprinting and Tracking on the Web: Privacy and Security Implications
Ting-Fang Yen (1), Yinglian Xie (2), Fang Yu (2), Roger Peng Yu (3), and Martin Abadi (2). (1) RSA (2) MSR (3) Microsoft. NDSS 2012. |
| Mar 13, 2012 | An Attack on PUF-Based Session Key Exchange and a Hardware-Based Countermeasure: Erasable PUFs
Ulrich Rührmai, Christian Jaeger, and Michael Algasinger. Technische Universität München. FC 2011. |
| Mar 6, 2012 | Analyzing Facebook Privacy Settings: User Expectations vs. Reality
Yabing Liu, Krishna P. Gummadi, Balachander Krishnamurthy, and Alan Mislove. IMC 2011. |
| Privacy Protection for Social Networking Platforms Adrienne Felt and David Evans. W2SP 2008. | |
| Feb 21, 2012 | Software fault isolation with API integrity and multi-principal modules
Yandong Mao, Haogang Chen (MIT), Dong Zhou (Tsinghua), Xi Wang, Nickolai Zeldovich and M. Frans Kaashoek (MIT). SOSP 2011. |
| Feb 14, 2012 | A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware
Kangkook Jee (1), Georgios Portokalidis (1), Vasileios P. Kemerlis (1), Soumyadeep Ghosh (2), David I. August (2), and Angelos D. Keromytis (1). (1) Columbia University (2) Princeton. NDSS 2012. |
| Jan 31, 2012 | Insights into User Behavior in Dealing with Internet Attacks
Kaan Onarlioglu (1), Utku Ozan Yilmaz (2), and Engin Kirda (1). (1) Northeastern University (2) Bilkent University. NDSS 2012. |
| Jan 24, 2012 | Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems
Xiaoxin Chen (1), Tal Garfinkel (1), E. Christopher Lewis (1), Pratap Subrahmanyam (1), Carl A. Waldspurger (1), Dan Boneh (2), Jeffrey Dwoskin (3), and Dan R.K. Ports (4). (1) VMWare (2) Stanford (3) Princeton (4) MIT. ASPLOS 2008. |
| Jan 17, 2012 | WarningBird: Detecting Suspicious URLs in Twitter Stream
Sangho Lee and Jong Kim. Pohang University of Science and Technology. NDSS 2012. |
| Dec 12, 2011 | What’s Clicking What? Techniques and Innovations of Today’s Clickbots
Brad Miller (1), Paul Pearce (1), and Chris Grier (1), Christian Kreibich (2), Vern Paxson (1,2). (1) UC Berkeley (2) ICSI. DIMVA 2011. |
| Dec 5, 2011 | Systematic Detection of Capability Leaks in Stock Android Smartphones
Michael Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang. North Carolina State University. NDSS 2012. |
| Nov 28, 2011 | How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores
Rui Wang (1), Shuo Chen (2), XiaoFeng Wang (1), Shaz Qadeer (2). (1) Indiana University Bloomington (2) MSR. IEEE S&P 2011. |
| Nov 21, 2011 | Dirty Jobs: The Role of Freelance Labor in Web Service Abuse
Marti Motoyama, Damon McCoy, Kirill Levchenko, Stefan Savage, and Geoffrey M. Voelker. UC San Diego. USENIX Security 2011. |
| Nov 14, 2011 | "You Might Also Like:" Privacy Risks of Collaborative Filtering
Joseph A. Calandrino(1), Ann Kilzer(2), Arvind Narayanan(3), Edward W. Felten(1), and Vitaly Shmatikov(2). (1) Princeton (2) U. of Texas Austin (3) Stanford. IEEE S&P 2011. |
| Nov 7, 2011 | Security Aspects of Piecewise Hashing in Computer Forensics
Harald Baier, Frank Breitinger. Hochschule Darmstadt. 2011 Sixth International Conference on IT Security Incident Management and IT Forensics (IMF). |
| Oct 31, 2011 | Countering Gattaca: Efficient and Secure Testing of Fully-Sequenced Human Genomes
Pierre Baldi, Roberta Baronio, Emiliano De Cristofaro, Paolo Gasti, Gene Tsudik. CCS 2011. UC Irvine. |
| Oct 24, 2011 | Forcing Johnny to Login Safely: Long-Term User Study of Forcing and Training Login Mechanisms
Amir Herzberg and Ronen Margulies. Bar Ilan University. ESORICS 2011. |
| Oct 17, 2011 | Canceled. Fall Break. |
| Oct 10, 2011 | Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL
Christopher Soghoian and Sid Stamm. FC 2011. |
| Oct 3, 2011 | MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery
Chia Yuan Cho, Domagoj Babi, Pongsin Poosankam, Kevin Zhijie Chen, Edward XueJun Wu, and Dawn Song. UC Berkeley. USENIX 2011. |
| Sep 26, 2011 | Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System
Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, Matt Blaze. UPenn. USENIX Security 2011. |
| Sep 19, 2011 | Mimimorphism: A New Approach to Binary Code Obfuscation
Zhenyu Wu, Steven Gianvecchio, Mengjun Xie, and Haining Wang |
| Sep 12, 2011 | Secure In-Band Wireless Pairing
Shyamnath Gollakota, Nabeel Ahmed, Nickolai Zeldovich, and Dina Katabi. MIT. USENIX Security 2011. |
| Aug 23, 2011 | Cloaking Malware with the Trusted Platform Module
Alan M. Dunn, Owen S. Hofmann, Brent Waters and EmmettWitchel. UT Austin. USENIX Security 2011. |
| Aug 9, 2011 | deSEO: Combating Search-Result Poisoning
John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi. MSR. USENIX Security 2011. |
| Jul 26, 2011 | Measuring Pay-per-Install: The Commoditization of Malware Distribution
Juan Caballero (1), Chris Grier (2), Christian Kreibich(2), and Vern Paxson (2). (1) IMDEA (2) UC Berkeley. USENIX Security 2011. |
| Jul 12, 2011 | A Study of Android Application Security
William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. PSU. USENIX Security 2011. |
| June 28, 2011 | Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space
Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner and Markus Huber. SBA Research. USENIX Security 2011. |
| June 14, 2011 | I Still Know What You Visited Last Summer - Leaking browsing history via user interaction and side channel attacks
Zachary Weinberg, Eric Y. Chen, Pavithra Ramesh Jayaraman and Collin Jackson (CMU). IEEE SP2011. |
| May 31, 2011 | Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices
Michael Becher (1), Felix C. Freiling (1), Johannes Hoffmann (2), Thorsten Holz (2), Sebastian Uellenbeck (2), Christopher Wolf (2). (1) University of Mannheim, Germany (2) Horst Gortz Institute (HGI) Ruhr-University Bochum, Germany. IEEE SP2011. |
| Apr 07, 2011 | Ensuring Operating System Kernel Integrity of OSck
Owen S. Hofmann (1), Alan M. Dunn (1), Sangman Kim (1), Indrajit Roy (2), Emmett Witchel (1). (1) UT Austin (2) HP Labs. ASPLOS 2011. |
| Mar 31, 2011 | Folk Models of Home Computer Security
Rick Wash. Michigan State University. SOUPS 10. |
| Mar 24, 2011 | PiOS: Detecting Privacy Leaks in iOS Applications
Manuel Egele (Vienna University of Technology, Austria & UCSB), Christopher Kruegel (UCSB) , Engin Kirda (Institute Eurecom & Northeastern University, Boston), and Giovanni Vigna (UCSB). NDSS 11. |
| Mar 17, 2011 | Reliably Erasing Data From Flash-Based Solid State Drives
Michael Wei, Laura, M. Grupp, Frederick E. Spada, and Steven Swanson. UCSD. FAST 11. |
| Mar 10, 2011 | Where Do Security Policies Come From?
Dinei Florencio and Cormac Herley. MSR. SOUPS 10. |
| Feb 24, 2011 | AEG: Automatic Exploit Generation
Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao and David Brumley. CMU. NDSS 11. |
| Feb 17, 2011 | EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis
Leyla Bilge (1), Engin Kirda (1,2), Christopher Kruegel (3), Marco Balduzzi(1). (1) Institute of Eurecom, Sophia Antipolis (2) Northeastern University, Boston (3) UCSB. NDSS 11. |
| Feb 10, 2011 | Canceled. |
| Feb 03, 2011 | Usability Testing a Malware-Resistant Input Mechanism
Alana Libonati (UNC), Jonathan M. McCune (CMU), and Michael K. Reiter (UNC). NDSS 11. |
| Jan 27, 2011 | Losing Control of the Internet: Using the Data Plane to Attack the Control Plane
Max Schuchard (1), Eugene Y. Vasserman (2), Abedelaziz Mohaisen (1), Denis Foo Kune (1), Nicholas Hopper (1), Yongdae Kim (2). (1) Uni. of Minnesota (2) Kansas State Uni. NDSS 11. |
| Jan 20, 2011 | Soundminer: A Stealthy and Context-Aware Sound Trojan for Smartphones
Roman Schlegel (City Uni of Hong Kong), Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang (Indiana University Bloomington). NDSS 11. |
| Jan 13, 2011 | Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars
Aurelien Francillon, Boris Danev, and Srdjan Capkun (ETH Zurich). NDSS11. |
| Dec 02, 2010 | AccessMiner: Using System-Centric Models for Malware Protection
Andrea Lanzi (1), Davide Balzarotti (1), Christopher Kruegel (2), Mihai Christodorescu (3) and Engin Kirda (1). (1) Institute Eurecom, (2) UCSB, (3) IBM. CCS 2010. |
| Nov 25, 2010 | Thanksgiving. |
| Nov 18, 2010 | Discussion with Hari Prasad. |
| Nov 11, 2010 | Platform-Independent Programs
Sang Kl Cha, Brian Pak, David Brumley (CMU), and Richard J. Lipton (Georgia Tech). CCS 2010. |
| Nov 4, 2010 | @spam: The Underground on 140 Characters or Less
Chris Grier (Berkeley), Kurt Thomas (UIUC), Vern Paxson (Berkeley), and Michael Zhang (Berkeley). CCS 2010. |
| Oct 28, 2010 | W32.Stuxnet Dossier
Nicolas Falliere, Liam O Murchu, and Eric Chien. Symantec. |
| Oct 21, 2010 (Postponed from Sep 30) | MulVAL: A Logic-based Network Security Analyzer
Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel, Princeton. USENIX Security 2005. |
| Oct 14, 2010 | Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware
Juan Caballero (CMU/Berkley), Pongsin Poosankam (CMU/Berkley), Stephen McCamant, Domagoj Babic, and Dawn Song (Berkley). CCS 2010. |
| Sep 23, 2010 | Vex: Vetting Browser Extensions for Security Vulnerabilities
Sruthi Bandhakavi, Samuel T. King, P. Madhusudan, and Marianne Winslett, UIUC. USENIX Security 2010. |
| Sep 16, 2010 | Kamouflage: Loss-Resistant Password Management
Hristo Bojinov (1), Elie Bursztein (1), Xavier Boyen (2), and Dan Boneh (1). (1) Stanford University, (2) Universite de Liege, Belgium. ESORICS 2010. |
| Sep 9, 2010 | Capsicum: Practical Capabilities for UNIX
Robert N.M. Watson and Jonathan Anderson, University of Cambridge; Ben Laurie and Kris Kennaway, Google UK Ltd. USENIX Security 2010. |
| Sep 2, 2010 | On Challenges in Evaluating Malware Clustering
Peng Li (University of North Carolina, Chapel Hill) , Limin Liu (Graduate School of Chinese Academy of Sciences) , Debin Gao (Singapore Management University) , and Michael K. Reiter (University of North Caroline, Chapel Hill). RAID 2010. |
| Aug 26, 2010 | Searching the Searchers with SearchAudit
John P. John, Fang Yu, Yinglian Xie , Mart ́n Abadi, Arvind Krishnamurthy. USENIX Security 2010. |
| Aug 19, 2010 | Automatic Generation of Remediation Procedures for Malware Infections
Roberto Paleari (1), Lorenzo Martignoni (2), Emanuele Passerini (1), Drew Davidson (3), Matt Fredrikson (3), Jon Giffin (4), Somesh Jha (3), (1) Universita degli Studi di Milano, (2) Universita degli Studi di Udine, (3) University of Wisconsin, (4) Georgia Institute of Technology. USENIX Security 2010. |
| Aug 5, 2010 | Baaz: A System for Detecting Access Control Misconfigurations
Tathagata Das, Ranjita Bhagwan, Prasad Naldurg (MSR India). USENIX Security 2010. |
| July 22, 2010 | An Analysis of Private Browsing Modes in Modern Browsers
Gaurav Aggarwal (Stanford), Elie Burzstein (Stanford), Collin Jackson (CMU), and Dan Boneh (Stanford). USENIX Security 2010. |
| July 15, 2010 | Adapting Software Fault Isolation to Contemporary CPU Architectures
David Sehr, Robert Muth, Cliff Biffle, Victor Khimenko, Egor Pasko, Karl Schimpf, Bennet Yee, Brad Chen (Google, Inc). USENIX Security 2010. |
| July 8, 2010 | Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy
Richard Carback (UMBC CDL), David Chaum, Jeremy Clark (Uni of Waterloo), John Conway (UMBC CDL), Aleksander Essex (Uni of Waterloo), Paul S. Herrnson (UMCP CAPC), Travis Mayberry (UMBC CDL), Stefan Popoveniuc, Ronald L. Rivest, Emily Shen (MIT CSAIL), Alan T. Sherman (UMBC CDL), Poorvi L. Vora (GW). USENIX Security 2010. |
| June 24, 2010 | Absolute Pwnage: Security Risks of Remote Administration Tools
Jay Novak, Jonathan Stribley, Kenneth Meagher, Scott Wolchok, J. Alex Halderman Crawling BitTorrent DHTs for Fun and Profit Scott Wolchok and J. Alex Halderman |
| June 17, 2010 | Detecting and Removing Malicious Hardware Automatically
Matthew Hicks (UIUC), Murph Finnicum (UIUC), Samuel T. King (UIUC), Milo M. K. Martin (UPenn), Jonathan M. Smith (UPenn), IEEE SP2010. |
| June 10, 2010 | Chip and PIN is Broken
Steven J. Murdoch, Saar Drimer, Ross Anderson, and Mike Bond (University of Cambridge), IEEE SP2010. |
| May 27, 2010 | Experimental Security Analysis of a Modern Automobile
Karl Koscher (UW), Alexei Czeskis (UW), Franziska Roesner (UW), Shwetak Patel (UW), and Tadayoshi Kohno (UW), Stephen Checkoway (UCSD), Damon McCoy (UCSD), Brian Kantor (UCSD), Danny Anderson (UCSD), Hovav Shacham (UCSD), and Stefan Savage (UCSD), IEEE SP2010. |
| May 6, 2010 | Security Analysis of India's Electronic Voting Machines
Hari K. Prasad (1), J. Alex Halderman (2), Rop Gonggrijp, Scott Wolchok (2), Eric Wustrow (2), Arun Kankipati (1), Sai Krishna Sakhamuri (1), and Vasavya Yagati(1), (1) NetIndia, (P) Ltd., Hyderabad (2) University of Michigan, submitted to CCS 2010. |
| April 29, 2010 | A Practical Attack to De-Anonymize Social Network Users
Gilbert Wondracek (1), Thorsten Holz (1), Engin Kirda (2), Christopher Kruegel (3), (1) Technical University Vienna (2) Institute Eurecom (3) University of California, IEEE SP2010. |
| April 15, 2010 | When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography
Thomas Ristenpart and Scott Yilek, University of California San Diego, NDSS 2010. |
| April 8, 2010 | State of the Art: Automated Black-Box Web Application Vulnerability Testing
Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell, Stanford University, IEEE SP2010. |
| April 1, 2010 | Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow
Shuo Chen (1), Rui Wang (2), XiaoFeng Wang (2), Kehuan Zhang (2), (1) MSR (2) Indiana University Bloomington, IEEE SP2010. |
| March 25, 2010 | How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation
Elie Bursztein, Steven Bethard, Celine Fabry, John C. Mitchell, Dan Jurafsky, Stanford University, IEEE SP2010. |
| March 18, 2010 | Server-Side Verification of Client Behavior in Online Games
Darrell Bethea, Robert Cochran and Michael Reiter, University of North Carolina at Chapel Hill, NDSS 2010. |
| March 11, 2010 | A Systematic Characterization of IM Threats Using Honeypots
Spiros Antonatos, Iasonas Polakis, Thanasis Petsas and Evangelos P. Markatos, Foundation for Research and Technology Hellas, NDSS 2010. |
| February 25, 2010 | FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications
Prateek Saxena, Steve Hanna, Pongsin Poosankam and Dawn Song, UC Berkeley, NDSS 2010. |
| February 18, 2010 | Active Botnet Probing to Identify Obscure Command and Control Channels
Guofei Gu (1) , Vinod Yegneswaran (2), Phillip Porras (2) , Jennifer Stoll (3) , and Wenke Lee (3), (1) Texas A&M, (2) SRI International, (3) Georgia Institute of Technology |
| February 11, 2010 | Where Do You Want to Go Today? Escalating Privileges By Pathname Manipulation
Suresh Chari, Shai Halevi and Wietse Venema, IBM Research, to appear in NDSS 2010. |
| February 4, 2010 | Botnet Judo: Fighting Spam with Itself
Andreas Pitsillidis, Kirill Levchenko, Christian Kreibich, Chris Kanich, Geoffrey M. Voelker, Vern Paxson, Nicholas Weaver and Stefan Savage, to appear in NDSS 2010. |
| January 28, 2010 | Efficient Detection of Split Personalities in Malware
Davide Balzarotti (1), Marco Cova(3), Christoph Karlberger (2), Christopher Kruegel (3), Engin Kirda (2), and Giovanni Vigna (3), to appear in NDSS 2010. (1) Institute Eurecom, Sophia Antipolis (2) Secure Systems Lab, Vienna University of Technology (3) University of California, Santa Barbara |
| January 21, 2010 | Contractual Anonymity
Edward J. Schwartz, David Brumley and Jonathan M. McCune. to appear in NDSS 2010. |
| January 14, 2010 | Protecting Browsers from Extension Vulnerabilities
Adam Barth, Adrienne Porter Felt, Prateek Saxena (UC Berkeley), and Aaron Boodman (Google, Inc.), to appear in NDSS 2010. |
| December 16, 2009 (postponed from December 9) | EPC RFID Tag Security Weaknesses and Defenses: Passport Cards, Enhanced Drivers Licenses, and Beyond
Karl Koscher (UW), Ari Juels (RSA Labs), Vjekoslav Brajkovic (UW), and Tadayoshi Kohno (UW), CCS 2009. |
| December 2, 2009 | On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core
Patrick Traynor (Georgia Tech), Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Thomas La Porta and Patrick McDaniel (all of Penn State), CCS 2009. |
| November 25, 2009 | SMILE: Encounter-Based Trust for Mobile Social Services
Justin Manweiler, Ryan Scudellari, and Landon P. Cox, CCS 2009. |
| November 18, 2009 | Can They Hear Me Now? A Security Analysis of Law Enforcement Wiretaps
Micah Sherr, Gaurav Shah, Eric Cronin, Sandy Clark, and Matt Blaze (University of Pennsylvania), CCS 2009. |
| November 11, 2009 | Countering Kernel Rootkits with Lightweight Hook Protection
Zhi Wang (NCSU), Xuxian Jiang (NCSU), Weidong Cui (MSR), and Peng Ning (NCSU), CCS 2009. |
| November 4, 2009 | Behavior Based Software Theft Detection
Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, and Peng Liu (Penn State), CCS 2009. |
| October 28, 2009 | Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
Mike Ter Louw, V.N. Venkatakrishnan (University of Illinois at Chicago), Oakland 2009. |
| October 21, 2009 | Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds
Thomas Ristenpart (UCSD), Eran Tromer (MIT), Hovav Shacham (UCSD), and Stefen Savage (UCSD), CCS 2009. |
| October 14, 2009 | Revealing Hidden Context: Improving Mental Models of Personal Firewall Users
Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov (UBC), SOUPS 2009. |
| October 7, 2009 | Fabric: A Platform for Secure Distributed Computation and Storage
Jed Liu, Michael George, K. Vikram, Xin Qi, Lucas Waye, and Andrew C. Myers (Cornell University), SOSP 2009. |
| September 16, 2009 | Heat-ray: Combating Identity Snowball Attacks using Machine Learning, Combinatorial Optimization and Attack Graphs
John Dunagan (Microsoft Research), Alice X. Zheng (Microsoft Research), Daniel R. Simon (Microsoft), SOSP 2009. |
| September 9, 2009 | Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems
Kehuan Zhang and XiaoFeng Wang (Indiana University, Bloomington), USENIX Security 2009. |
| September 3, 2009 | Crying Wolf :An Empirical Study of SSL Warning Effectiveness
Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor (Carnegie Mellon University), USENIX Security 2009. |
| August 27, 2009 | Membership-concealing overlay networks
Eugene Vasserman, Rob Jansen, James Tyra, Nicholas Hopper, and Yongdae Kim (University of Minnesota), CCS 2009. |
| August 20, 2009 | Compromising Electromagnetic Emanations of Wired and Wireless Keyboards
Martin Vuagnoux and Sylvain Pasini (EPFL), USENIX Security 2009. |
| August 13, 2009 | Unpacking Virtualization Obfuscators
Rolf Rolles Jianing Guo, Jun Yuan, and Rob Johnson (Stony Brook University) |
| August 6, 2009 | Null Prefix Attacks Against SSL Certificates
Moxie Marlinspike Defeating OCSP with the Number 3 Moxie Marlinspike Reversing and exploiting an Apple firmware update K. Chen (Georgia Institute of Technology) "Smart" Parking Meter Implementations, Globalism, and You Joe Grand, Jacob Appelbaum, and Chris Tarnovsky |
| July 30, 2009 | Hardware-Software Integrated Approaches to Defend Against Software Cache-based Side Channel Attacks
Jingfei Kong, Onur Acıiçmez, Jean-Pierre Seifert, and Huiyang Zhou |
| July 23, 2009 | Half-Blind Attacks: Mask ROM Bootloaders Are Dangerous
Travis Goodspeed; Aurélien Francillon, INRIA Rhône-Alpes A Fistful of Red-Pills: How to Automatically Generate Procedures to Detect CPU Emulators Roberto Paleari, Università degli Studi di Milano; Lorenzo Martignoni, Università degli Studi di Udine; Giampaolo Fresi Roglia and Danilo Bruschi, Università degli Studi di Milano |
| July 16, 2009 | It's No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions
Stuart Schechter, A. J. Bernheim Brush (Microsoft Research), Serge Egelman (Carnegie Mellon University) |
| July 9, 2009 | How to Impress Girls with Browser Memory Protection Bypasses
Mark Dowd and Alexander Sotirov |
| July 2, 2009 | Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors
Periklis Akritidis, Computer Laboratory, University of Cambridge; Manuel Costa and Miguel Castro, Microsoft Research, Cambridge; Steven Hand, Computer Laboratory, University of Cambridge |
| June 25, 2009 | Physical-layer Identification of RFID Devices
Boris Danev (ETH Zurich, Switzerland), Thomas S. Heydt-Benjamin (IBM Zurich Research), and Srdjan Capkun (ETH Zurich, Switzerland). USENIX Security 2009. |
| June 18, 2009 | Nozzle: Protecting Browsers Against Heap Spraying Attacks
Ben Zorn, Ben Livshits, and Paruj Ratanaworabhan (Microsoft Research). Technical Report; paper to appear in USENIX Security 2009. |
| June 11, 2009 | Protecting Confidential Data on Personal Computers with Storage Capsules
Kevin Borders, Eric Vander Weele, Billy Lau, and Atul Prakash (University of Michigan). Oakland 2009. |
| June 4, 2009 | De-anonymizing Social Networks
Arvind Narayanan and Vitaly Shmatikov (University of Texas at Austin). Oakland 2009. |
| May 28, 2009 | Automatic Reverse Engineering of Malware Emulators
Monirul Sharif, Andrea Lanzi, Jonathon Giffin, Wenke Lee from Georgia Tech. Oakland '09. |
| May 21, 2009 | Your Botnet is My Botnet: Analysis of a Botnet Takeover
B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, G. Vigna. 2009. |
| May 14, 2009 | BootJacker: Compromising Computers using Forced Restarts
Ellick M. Chan, Jeffrey C. Carlyle, Francis M. David, Reza Farivar, and Roy H. Campbell (all of whom are from UIUC). CCS '08. |
| May 7, 2009 | Code Injection Attacks on Harvard-Architecture Devices
Aurelien Francillon (INRIA Rhone-Alpes) and Claude Castelluccia (INRIA Rhone-Alpes). CCS '08. |
| April 30, 2009 | SybilInfer: Detecting Sybil Nodes using Social Networks
George Danezis (MSR UK) and Prateek Mittal (UIUC). NDSS '09. |
| April 16, 2009 | An Efficient Black-box Technique for Defeating Web Application Attacks
R. Sekar (Stony Brook). NDSS '09. |
| April 9, 2009 | Detecting Forged TCP Reset Packets
Nicholas Weaver (ICSI), Robin Sommer (ICSI & LBNL), and Vern Paxson (ICSI & UC Berkeley). NDSS '09. |
| April 2, 2009 | Detecting In-Flight Page Changes with Web Tripwires.
Charles Reis, Steven D. Gribble, Tadayoshi Kohno, and Nicholas C. Weaver. NSDI '08. |
| March 26, 2009 | Safe Passage for Passwords and Other Sensitive Data.
Jonathan M. McCune (CMU), Adrian Perrig (CMU), and Michael K. Reiter (UNC). NDSS '09. |
| March 19, 2009 | Quantifying Information Leaks in Outbound Web Traffic
Kevin Borders and Atul Prakash. Oakland 2009. |
| March 12, 2009 | Fingerprinting Blank Paper Using Commodity Scanners
William Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, J. Alex Halderman and Edward W. Felten. Oakland 2009. |
| March 5, 2009 | Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves
Adam Barth, Juan Caballero, Dawn Song. Oakland 2009 |
| February 19, 2009 | Digging for Data Structures by Cozzie et al. OSDI 2008. |
General References
Lecture Notes on Cryptography (200+ pages)
