Main Page

From Security Reading Group Wiki
Main Page
Jump to: navigation, search

This is the home page for our security reading group, known as SECRIT (SECurity Reading Is Terrific). The group is run by Elisa Tsai (eltsai) and Jonah Rosenblum (jonaher). Security reading meets every (other) Tuesday from 12:30 PM to 1:30 PM in 3901 for this academic year, but we might move back to 3725 BBB (the stained-glass conference room) next year. Since learning went remote due to COVID-19, the group has been meeting biweekly in a hybrid mode.

The format of the security reading group is that everyone reads the paper beforehand and we have a roundtable discussion of a paper picked by a member over lunch. We also begin each meeting with a 10-minute discussion of current events pertaining to computer security.

If you would like to sign up to recommend a paper, you can do so on this spreadsheet

If you would like to receive announcements and reminders pertaining to this group, subscribe to the security-reading list at .

If you noticed any problems on this page, please contact the SECRIT admins.

Papers We've Read

Date Paper
Nov 29, 2022 SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks

Presenter: Jonah Rosenblum

Nov 8, 2022 Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture

Invited guest: Xinyu Tang

Oct 27, 2022 Sigstore: Software Signing for Everyone

Invited guest: Zachary Newman

Sep 27, 2022 ditto: WAN Traffic Obfuscation at Line Rate

Roland Meier, Vincent Lenders, Laurent Vanbever

Sep 13, 2022 Is this model mine? On stealing and defending Machine Learning models.

Invited guest: Adam Dziedzic

March 29, 2022 Zero-Knowledge Middleboxes

Paul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, Michael Walfish

Feb 8, 2022 Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison

Zhongjie Wang, Shitong Zhu, Keyu Man, Pengxiong Zhu, Yu Hao, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, Michael J. De Lucia

Nov 16, 2021 Weaponizing Middleboxes for TCP Reflected Amplification

Kevin Bock, Abdulrahman Alaraj, Yair Fax, Kyle Hurley, Eric Wustrow, Dave Levin

Oct 5, 2021 How Great is the Great Firewall? Measuring China’s DNS Censorship

Nguyen Phong Hoang, Arian Akhavan Niaki, Jakub Dalek, Jeffrey Knockel, Pellaeon Lin, Bill Marczak, Masashi Crete-Nishihata, Phillipa Gill, Michalis Polychronakis

Sep 21, 2021 PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop

Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, and Christian Weinert, TU Darmstadt

Sep 14, 2021 Hopper: Modeling and Detecting Lateral Movement

Grant Ho, Mayank Dhiman, Devdatta Akhawe,Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner

May 11, 2021 Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time

Trippel, Timothy and Shin, Kang G and Bush, Kevin B and Hicks, Matthew

April 20, 2021 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers

Hagen, Christoph and Weinert, Christian and Sendner, Christoph and Dmitrienko, Alexandra and Schneider, Thomas

April 6, 2021 Awakening the Web’s Sleeper Agents: Misusing Service Workers for Privacy Leakage

Karami, Soroush and Ilia, Panagiotis and Polakis, Jason

March 23, 2021 To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

Kaleli, Beliz and Kondracki, Brian and Egele, Manuel and Nikiforakis, Nick and Stringhini, Gianluca

March 9, 2021 SiegeBreaker: An SDN Based Practical Decoy Routing System

Sharma, Piyush Kumar and Gosain, Devashish and Sagar, Himanshu and Kumar, Chaitanya and Dogra, Aneesh and Naik, Vinayak and Acharya, HB and Chakravarty, Sambuddho

February 23, 2021 Examining Mirai's Battle over the Internet of Things

Griffioen, Harm and Doerr, Christian

February 9, 2021 Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill

Lin, Xu and Ilia, Panagiotis and Polakis, Jason

January 26, 2021 Manipulative tactics are the norm in political emails

Mathur, Arunesh and Wang, Angelina and Schwemmer, Carsten and Hamin, Maia and Stewart, Brandon M and Narayanan, Arvind

December 1, 2020 Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC

Barradas, Diogo and Santos, Nuno and Rodrigues, Luis and Nunes, Vitor

November 17, 2020 DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels

Man, Keyu and Qian, Zhiyun and Wang, Zhongjie and Zheng, Xiaofeng and Huang, Youjun and Duan, Haixin

November 3, 2020 Trufflehunter: Cache Snooping Rare Domains at Large Public DNS Resolvers

Randall, Audrey and Liu, Enze and Akiwate, Gautam and Padmanabhan, Ramakrishna and Voelker, Geoffrey M and Savage, Stefan and Schulman, Aaron

October 13, 2020 Censored Planet: An Internet-wide, Longitudinal Censorship Observatory (Practice Talk)

Sundara Raman, Ram and Shenoy, Prerana and Kohls, Katharina and Ensafi, Roya

September 29, 2020 Composition Kills: A Case Study of Email Sender Authentication

Chen, Jianjun and Paxson, Vern and Jiang, Jian

September 15, 2020 The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects

Ramsauer, Ralf and Bulwahn, Lukas and Lohmann, Daniel and Mauerer, Wolfgang

September 1, 2020 ShadowMove: A Stealthy Lateral Movement Strategy

Niakanlahiji, Amirreza and Wei, Jinpeng and Alam, Md Rabbi and Wang, Qingyang and Chu, Bei-Tseng

August 18, 2020 iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Applications

Tang, Zhushou and Tang, Ke and Xue, Minhui and Tian, Yuan and Chen, Sen and Ikram, Muhammad and Wang, Tielei and Zhu, Haojin

August 4, 2020 A Comparative Measurement Study of Web Tracking on Mobile and Desktop Environments

Yang, Zhiju and Yue, Chuan

June 23, 2020 Flaw Label: Exploiting IPv6 Flow Label

Berger, Jonathan and Klein, Amit and Pinkas, Benny

June 9, 2020 This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

Markert, Philipp and Bailey, Daniel V and Golla, Maximilian and Durmuth, Markus and AviG, Adam J

May 26, 2020 Watching the Watchers: Nonce-based Inverse Surveillance to Remotely Detect Monitoring

Roberts, Laura M and Plonka, David

May 12, 2020 Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps

Zhao, Qingchuan and Zuo, Chaoshun and Dolan-Gavitt, Brendan and Pellegrino, Giancarlo and Lin, Zhiqiang

April 7, 2020 Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators

Sherman, Imani N and Bowers, Jasmine D and McNamara Jr, Keith and Gilbert, Juan E and Ruiz, Jaime and Traynor, Patrick

March 31, 2020 Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites

Watanabe, Takuya and Shioji, Eitaro and Akiyama, Mitsuaki and Mori, Tatsuya

March 10, 2020 BLAG: Improving the Accuracy of Blacklists

Ramanathan, Sivaramakrishnan and Mirkovic, Jelena and Yu, Minlan

March 3, 2020 Cdn judo: Breaking the cdn dos protection with itself

Guo, Run and Li, Weizhong and Liu, Baojun and Hao, Shuang and Zhang, Jia and Duan, Haixin and Shen, Kaiwen and Chen, Jianjun and Liu, Ying

February 18, 2020 Measuring the deployment of network censorship filters at global scale

Sundara Raman, Ram and Stoll, Adrian and Dalek, Jakub and Ramesh, Reethika and Scott, Will and Ensafi, Roya

February 4, 2020 Session Resumption Protocols and Efficient Forward Security for TLS 1.3 0-RTT

Aviram, Nimrod and Gellert, Kai and Jager, Tibor

February 18, 2020 Measuring the deployment of network censorship filters at global scale

Sundara Raman, Ram and Stoll, Adrian and Dalek, Jakub and Ramesh, Reethika and Scott, Will and Ensafi, Roya

January 28, 2020 A better zip bomb

Fifield, David

January 28, 2020 A better zip bomb

Fifield, David

January 21, 2020 Encrypted DNS ⇒ Privacy? A Traffic Analysis Perspective

Siby, Sandra and Juarez, Marc and Diaz, Claudia and Vallina-Rodriguez, Narseo and Troncoso, Carmela

December 17, 2019 Evaluating Login Challenges as a Defense Against Account Takeover

Doerfler, Periwinkle and Thomas, Kurt and Marincenko, Maija and Ranieri, Juri and Jiang, Yu and Moscicki, Angelika and McCoy, Damon

November 26, 2019 Conjure: Summoning Proxies from Unused Address Space

Frolov, Sergey and Wampler, Jack and Tan, Sze Chuen and Halderman, J Alex and Borisov, Nikita and Wustrow, Eric

November 19, 2019 Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices

Moghaddam, Hooman Mohajeri and Acar, Gunes and Burgess, Ben and Mathur, Arunesh and Huang, Danny Yuxing and Feamster, Nick and Felten, Edward W and Mittal, Prateek and Narayanan, Arvind

November 12, 2019 Geneva: Evolving Censorship Evasion Strategies

Bock, Kevin and Hughey, George and Qiang, Xiao and Levin, Dave

November 5, 2019 Fallout: Leaking Data on Meltdown-resistant CPUs

Minkin, Marina

October 29, 2019 Principled Unearthing of TCP Side Channel Vulnerabilities

Cao, Yue and Wang, Zhongjie and Qian, Zhiyun and Song, Chengyu and Krishnamurthy, Srikanth V and Yu, Paul

October 15, 2019 All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems

Zeng, Kexiong Curtis and Liu, Shinan and Shu, Yuanchao and Wang, Dong and Li, Haoyu and Dou, Yanzhi and Wang, Gang and Yang, Yaling

October 1, 2019 “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale

Reyes, Irwin and Wijesekera, Primal and Reardon, Joel and On, Amit Elazari Bar and Razaghpanah, Abbas and Vallina-Rodriguez, Narseo and Egelman, Serge

September 17, 2019 IODINE: Verifying Constant-Time Execution of Hardware

Gleissenthall, Klaus v and Kici, Rami Gokhan and Stefan, Deian and Jhala, Ranji

September 10, 2019 Detecting and Characterizing Lateral Phishing at Scale

Ho, Grant and Cidon, Asaf and Gavish, Lior and Schweighauser, Marco and Paxson, Vern and Savage, Stefan and Voelker, Geoffrey M and Wagner, David

September 3, 2019 ICLab: A Global, Longitudinal Internet Censorship Measurement Platform

Arian Akhavan Niaki and Shinyoung Cho and Zachary Weinberg and Nguyen Phong Hoang and Abbas Razaghpanah and Nicolas Christin and Phillipa Gill

August 27, 2019 Privacy Engineering in the Automotive Domain (Guest Talk)

Frank Kargl

August 20, 2019 TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time

Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro

August 13, 2019 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System

Joel Reardon, Álvaro Feal, Primal Wijesekera, Narseo Vallina-Rodriguez, and Serge Egelman

August 6, 2019 I never signed up for this! Privacy implications of email tracking

Steven Englehardt, Jeffrey Han, and Arvind Narayanan

July 23, 2019 Robust Website Fingerprinting Through the Cache Occupancy Channel

Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, and Yuval Yarom

July 16, 2019 Spoofing OpenPGP and S/MIME Signatures in Emails

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel,Juraj Somorovsky, and Jörg Schwenk

July 9, 2019 Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs

Eihal Alowaisheq, Peng Wang, Sumayah Alrwais, Xiaojing Liao, XiaoFeng Wang, Tasneem Alowaisheq, Xianghang Mi, Siyuan Tang, Baojun Liu

June 25, 2019 SoK: Towards the Science of Security and Privacy in Machine Learning

Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, and Michael Wellman

June 18, 2019 SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks

Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk Gulmezoglu, Thomas Eisenbarth, Berk Sunar

June 4, 2019 Computing Arbitrary Functions of Encrypted Data

Craig Gentry

May 14, 2019 Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized Microphone

Andrew Kwong, Wenyuan Xu, Kevin Fu

May 7, 2019 SPHINX: A Password Store that Perfectly Hides Passwords from Itself

Maliheh Shirvanian, Stanislaw Jarecki, Hugo Krawczyk, Nitesh Saxena

April 23, 2019 Perfect is the Enemy of Good: Setting Realistic Goals for BGP Security

Yossi Gilad, Tomas Hlavacek, Amir Herzberg, Michael Schapira, Haya Shulman

April 2, 2019 Port Contention for Fun and Profit

Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García, Nicola Tuveri

March 26, 2019 maTLS: How to Make TLS middlebox-aware?

Hyunwoo Lee, Zach Smith, Junghwan Lim, Gyeongjae Choi, Selin Chun, Taejoong Chung, Ted "Taekyoung" Kwon

March 19, 2019 ExSpectre: Hiding Malware in Speculative Execution

Jack Wampler, Ian Martiny, Eric Wustrow

March 12, 2019 Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications

Yangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, Guofei Gu

February 26, 2019 Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)

Carlo Meijer, Bernard van Gastel

February 19, 2019 The Learning with Errors Problem

Oded Regev

February 12, 2019 Nemesis

Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich

February 5, 2019 Securing Self-Virtualizing Ethernet Devices

Igor Smolyar, Muli Ben-Yehuda, and Dan Tsafrir

January 29, 2019 Investigating sources of PII used in Facebook’s targeted advertising

Giridhari Venkatadri, Elena Lucherini, Piotr Sapiezynski, Alan Mislove

January 22, 2019 Introduction to Post-Quantum Cryptography

Daniel J. Bernstein

January 15, 2019 Mobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy Efficiency

Mohammadkazem Taram, Ashish Venkat, Dean Tullsen

December 11, 2018 Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU

Pietro Frigo, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi

November 27, 2018 Hacking Blind

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazieres, Dan Boneh

November 20, 2018 Predicting Impending Exposure to Malicious Content from User Behavior

Mahmood Sharif, Jumpei Urakawa, Nicolas Christin, Ayumu Kubota, Akira Yamada

November 13, 2018 Translation HoMonit: Monitoring Smart Home Apps from Encrypted Traffic

Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, Haojin Zhu

November 6, 2018 CEASER: Mitigating Conflict-Based Cache Attacks via Encrypted-Address and Remapping

Moinuddin K. Qureshi

October 30, 2018 Pisces: Anonymous Communication Using Social Networks

Prateek Mittal, Matthew Wright, Nikita Borisov

October 9, 2018 Backtracking System Intrusions at Enterprise Scale

Adam Bates

October 2, 2018 FPGA-Based Remote Power Side-Channel Attacks

Mark Zhao, G. Edward Suh

September 25, 2018 Stealthy Malware Traffic – Not as Innocent as It Looks

Xingsi Zhong, Yu Fu, Lu Yu, Richard Brooks, G. Kumar Venayagamoorthy

September 18, 2018 Lawful Device Access without Mass Surveillance Risk: A Technical Design Discussion

Stefan Savage

September 11, 2018 Hiding Intermittent Information Leakage with Architectural Support for Blinking

Alric Althoff, Joseph McMahan, Luis Vega, Scott Davidson, Timothy Sherwood, Michael B. Taylor, and Ryan Kastner

September 4, 2018 Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution

Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, Raoul Strackx

August 28, 2018 Translation Leak-aside Buffer: Defeating Cache Side-channel Protections

Ben Gras, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida

August 7, 2018 Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Durmuth, Earlence Fernandes, Blase Ur

July 31, 2018 Practical Accountability of Secret Processes

Jonathan Frankle, Sunoo Park, Daniel Shaar, Shafi Goldwasser, and Daniel Weitzner

July 24, 2018 With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning

Bolun Wang, Yuanshun Yao, Bimal Viswanath, Haitao Zheng, Ben Y. Zhao

July 17, 2018 Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016

Ada Lerner, Anna Kornfeld Simpson, Tadayoshi Kohno, and Franziska Roesner

July 10, 2018 Privacy Pass: Bypassing Internet Challenges Anonymously

Alex Davidson, Ian Goldberg, Nick Sullivan, George Tankersley, and Filippo Valsorda

June 26, 2018 An Empirical Analysis of Anonymity in Zcash

George Kappos, Haaroon Yousaf, Mary Maller, and Sarah Meiklejohn

June 19, 2018 2018 Verizon Data Breach Investigation Report
June 5, 2018 The Spyware Used in Intimate Partner Violence

Rahul Chatterjee, Periwinkle Doerfler, Hadas Orgad, Sam Havron, Jackeline Palmer, Diana Freed, Karen Levy, Nicola Dell, Damon McCoy, Thomas Ristenpart

May 29, 2018 Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk

May 22, 2018 General Data Protection Regulation Discussion
May 15, 2018 A Socratic method for validation of measurement-based networking research

Balachander Krishnamurthy, Walter Willinger, Phillipa Gill, Martin Arlitt

May 8, 2018 Understanding Linux Malware

Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti

May 1, 2018 What Did I Really Vote For? On the Usability of Verifiable E-Voting Schemes

Karola Marky, Oksana Kulyk, Karen Renaud, Melanie Volkamer

April 24, 2018 Tracking Ransomware End-to-end

Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Kylie McRoberts, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Alex C. Snoeren, Damon McCoy

April 17, 2018 Privacy Risks with Facebook’s PII-based Targeting: Auditing a Data Broker’s Advertising Interface

Giridhari Venkatadri, Athanasios Andreou, Yabing Liu, Alan Mislove, Krishna P. Gummadi, Patrick Loiseau, Oana Goga

April 10, 2018 Inferring Internet Denial-of-Service Activity

David Moore, Geoffrey M. Voelker and Stefan Savage

April 3, 2018 Tempest: Temporal Dynamics in Anonymity Systems

Ryan Wails, Yixin Sun, Aaron Johnson, Mung Chiang, and Prateek Mittal

March 27, 2018 End-to-End Arguments in System Design

J.H. Saltzer, D.P. Reed, and D.D. Clark

March 20, 2018 Unpacking Perceptions of Data-Driven Inferences Underlying Online Targeting and Personalization

Claire Dolin, Ben Weinshel, Shawn Shan, Chang Min Hahn, Euirim Choi, Michelle L. Mazurek, Blase Ur

March 13, 2018 Why Johnny Doesn’t Use Two Factor A Two-Phase Usability Study of the FIDO U2F Security Key

Sanchari Das, Andrew Dingman, L Jean Camp

March 6, 2018 The Rules of Engagement for Bug Bounty Programs

Aron Laszka, Mingyi Zhao, Akash Malbari, and Jens Grossklags

February 20, 2018 A Computer Security and Privacy for Refugees in the United States

Lucy Simko, Ada Lerner, Samia Ibtasam, Franziska Roesnerand Tadayoshi Kohno

February 13, 2018 Large-scale Analysis of Content Modification by Open HTTP Proxies

Giorgos Tsirantonakis, Panagiotis Ilia, Sotiris Ioannidis, Elias Athanasopoulos, Michalis Polychronakis

January 30, 2018 When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries

Aylin Caliskan, Fabian Yamaguchi, Edwin Dauber, Richard Harang, Konrad Rieck, Rachel Greenstadt, and Arvind Narayanan

January 23, 2018 POISED: Spotting Twitter Spam Off the Beaten Paths

Shirin Nilizadeh, François Labrèche, Alireza Sedighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna

January 16, 2018 Tripwire: Inferring Internet Site Compromise

Joe DeBlasio, Stefan Savage, Geoffrey M. Voelker and Alex C. Snoeren

January 9, 2018 Meltdown & Spectre

Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom

December 19, 2017 Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem

Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, Phillipa Gill

December 12, 2017 Economic Factors of Vulnerability Trade and Exploitation

Luca Allodi

December 5, 2017 Inferring BGP Blackholing Activity in the Internet

Vasileios Giotsas, Georgios Smaragdakis, Christoph Dietzel, Philipp Richter, Anja Feldmann, Arthur Berger

November 28, 2017 Exploring ADINT: Using Ad Targeting for Surveillance on a Budget — or — How Alice Can Buy Ads to Track Bob

Paul Vines, Franziska Roesner, and Tadayoshi Kohno

November 21, 2017 Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing

Peter Snyder, Periwinkle Doerfler, Chris Kanich, Damon McCoy

November 14, 2017 Ethical issues in research using datasets of illicit origin

Daniel R. Thomas, Sergio Pastrana, Alice Hutchings, Richard Clayton, Alastair R. Beresford

November 7, 2017 The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli

Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas

October 31, 2017 Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

Mathy Vanhoef, Frank Piessens

October 24, 2017 Hacking in Darkness: Return-oriented Programming against Secure Enclaves

Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, Brent Byunghoon Kang

October 17, 2017 The Web Centipede: Understanding How Web Communities Influence Each Other Through the Lens of Mainstream and Alternative News Sources

Savvas Zannettou, Tristan Caulfield, Emiliano De Cristofaro, Nicolas Kourtellis, Ilias Leontiadis, Michael Sirivianos, Gianluca Stringhini, and Jeremy Blackburn

October 10, 2017 I never signed up for this! Privacy implications of email tracking

Steven Englehardt, Jeffrey Han, and Arvind Narayanan

October 3, 2017 Where the Wild Warnings Are

Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz

September 26, 2017 Online Tracking: A 1-million-site Measurement and Analysis

Steven Englehardt, Arvind Narayanan

September 19, 2017 MCMix: Anonymous Messaging via Secure Multiparty Computation

Nikolaos Alexopoulos, Aggelos Kiayias, Riivo Talviste, Thomas Zacharias

September 12, 2017 Same-Origin Policy: Evaluation in Modern Browsers

Jörg Schwenk, Marcus Niemietz, and Christian Mainka

September 5, 2017 SoK: Fraud In Telephony Networks

Merve Sahin, Aurelien Francillon, Payas Gupta, Mustaque Ahamad

August 29, 2017 Reverse Engineering x86 Processor Microcode

Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Christof Paar, and Thorsten Holz

August 22, 2017 Detecting Credential Spearphishing Attacks in Enterprise Settings

Grant Ho, Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner

August 15, 2017 Cancelled for USENIX
August 8, 2017 Characterizing the Nature and Dynamics of Tor Exit Blocking

Rachee Singh, Rishab Nithyanand, Sadia Afroz, Paul Pearce, Michael Carl Tschantz, Phillipa Gill, Vern Paxson

August 1, 2017 Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers

Tobias Lauinger, Abdelberi Chaabane, Ahmet Salih Buyukkayhan, Kaan Onarlioglu, William Robertson

July 25, 2017 Measuring HTTPS Adoption on the Web

Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, Parisa Tabriz

July 18, 2017 A Longitudinal, End-to-End View of the DNSSEC Ecosystem

Taejoong Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson

July 11, 2017 Certificate Transparency with Privacy

Saba Eskandarian, Eran Messeri, Joseph Bonneau, and Dan Boneh

June 27, 2017 How to Learn Klingon Without a Dictionary: Detection and Measurement of Black Keywords Used by the Underground Economy

Hao Yang, Xiulin Ma, Kun Du, Zhou Li, Haixin Duan, Xiaodong Su, Guang Liu, Zhifeng Geng, and Jianping Wu

June 20, 2017 Systematizing Decentralization and Privacy: Lessons from 15 years of research and deployments

Carmela Troncoso, George Danezis, Marios Isaakidis, and Harry Halpin

June 13, 2017 Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate

Karthikeyan Bhargavan, Bruno Blanchet, Nadim Kobeissi

June 6, 2017 SeaGlass: Enabling City-Wide IMSI-Catcher Detection

Peter Ney, Ian Smith, Gabriel Cadamuro, Tadayoshi Kohno

May 30, 2017 Obstacles to the Adoption of Secure Communication Tools

Ruba Abu-Salma, Anastasia Danilova, M. Angela Sasse, Alena Naiakshina, Joseph Bonneau, Matthew Smith

May 23, 2017 The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services

Iskander Sanchez-Rola, Davide Balzarotti, Igor Santos

May 16, 2017 WannaCry Discussion
May 9, 2017 How Public Is My Private Life? Privacy in Online Dating

Camille Cobb, Tadayoshi Kohno

May 2, 2017 Social Engineering Attacks on Government Opponents: Target Perspectives

William R. Marczak, Vern Paxson

April 25, 2017 The Future of Ad Blocking: An Analytical Framework and New Techniques

Grant Storey, Dillon Reisman, Jonathan Mayer, Arvind Narayanan

April 18, 2017 To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild

Brown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh Dharmdasani, Haikuo Yin, Stevens Le Blondk, Damon McCoy, Kirill Levchenko

April 11, 2017 SoK: Exploiting Network Printers

Jens Müller, Vladislav Mladenov, Juraj Somorovsky

March 28, 2017 SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit

Cormac Herley, P.C. van Oorschot

March 21, 2017 A Methodology Towards Reproducible Analyses of TLS Datasets

Olivier Levillain, Maxence Tury, Nicolas Vivet

March 14, 2017 SSH over Robust Cache Covert Channels in the Cloud

Clementine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Kay Romer, Stefan Mangard

March 7, 2017 Scaling Dynamic Searchable Encryption to Millions of Indexes By Improving Locality

Ian Miers, Payman Mohassel

February 21, 2017 Uncovering Fake Base Stations at Scale in the Wild

Zhenhua Li, Weiwei Wang, Christo Wilson, Jian Chen, Chen Qian,Taeho Jung, Lan Zhang, Kebin Liu, Xiangyang Li, Yunhao Liu

February 14, 2017 A Large-scale Analysis of the Mnemonic Password Advice

Johannes Kiesel, Benno Stein, Stefan Lucks

February 7, 2017 Dial One for Scam: A Large-Scale Analysis of Technical Support Scams

Najmeh Miramirkhani, Oleksii Starov, Nick Nikiforakis

January 31, 2017 The Effect of DNS on Tor’s Anonymity

Benjamin Greschbach, Tobias Pulls,Laura M. Roberts, Philipp Winter, Nick Feamster

January 24, 2017 Blocking-resistant Communication Through Domain Fronting

David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson

January 17, 2017 Eclipse Attacks on Bitcoin’s Peer-to-Peer Network

Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg

January 3, 2017 How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior

Elissa M. Redmiles, Sean Kross, Michelle L. Mazurek

December 20, 2016 WireGuard: Next Generation Kernel Network Tunnel

Jason A. Donenfeld

November 29, 2016 Should You Use the App for That?: Comparing the Privacy Implications of App- and Web-based Online Services

Christophe Leung, Jingjing Ren, David Choffnes, Christo Wilson

November 22, 2016 Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement

Cecylia Bocovich, Ian Goldberg

November 15, 2016 Shuffler: Fast and Deployable Continuous Code Re-Randomization

David Williams-King, Graham Gobieski, Kent Williams-King, James P. Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P. Kemerlis, Junfeng Yang, William Aiello

November 8, 2016 STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System

Susan Bell, Josh Benaloh, Michael D. Byrne, Dana DeBeauvoir, Bryce Eakin, Gail Fisher, Philip Kortum, Neal McBurnett, Julian Montoya, Michelle Parker, Olivier Pereira, Philip B. Stark, Dan S. Wallach, Michael Winn

October 25, 2016 Indiscreet Logs: Persistent Diffie-Hellman Backdoors in TLS

Kristen Dorey, Nicholas Chang-Fong, Aleksander Essex

October 18, 2016 What Happens After You Are Pwnd: Understanding the Use of Leaked Webmail Credentials in the Wild

Jeremiah Onaolapo, Enrico Mariconti, and Gianluca Stringhini

October 11, 2016 Measuring and Applying Invalid SSL Certificates: The Silent Majority

Taejoong Chung, Yabing Liu, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson

October 4, 2016 A Comprehensive Measurement Study of Domain Generating Malware

Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader

September 27, 2016 Making USB Great Again with usbfilter

Dave (Jing) Tian, Nolen Scaife, Adam Bates, Kevin R. B. Butler, and Patrick Traynor

September 20, 2016 An Empirical Study of Textual Key-Fingerprint Representations

Sergej Dechand, Dominik Schürmann, Karoline Busse, Yasemin Acar, Sascha Fahl and Matthew Smith

September 13, 2016 Lock It and Still Lose It—On the (In)Security of Automotive Remote Keyless Entry Systems

Flavio D. Garcia, David Oswald, Timo Kasper and Pierre Pavlidès,

September 6, 2016 Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks

William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor

August 30, 2016 The Million-Key Question—Investigating the Origins of RSA Public Keys

Petr Švenda, Matúš Nemec, Peter Sekan, Rudolf Kvašňovský, David Formánek, David Komárek, and Vashek Matyáš

August 23, 2016 Post-quantum Key Exchange—A New Hope

Erdem Alkim, Léo Ducas, Thomas Pöppelmann, Peter Schwabe

August 9 & 16, 2016 No paper.
August 2, 2016 Riffle: An Efficient Communication System With Strong Anonymity

Albert Kwon, David Lazar, Srinivas Devadas, and Bryan Ford

July 19, 2016 Access Denied! Contrasting Data Access in the United States and Ireland

Samuel Grogan and Aleecia M. McDonald

June 9, 2015 Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks

Pierre-Antoine Vervier, Olivier Thonnard and Marc Dacier

June 2, 2015 Why Wassenaar Arrangement's Definitions of Intrusion Software and Controlled Items Put Security Research and Defense At Risk And How To Fix It, What Is the U.S. Doing About Wassenaar, and Why Do We Need to Fight It?

Sergey Bratus, D J Capelis, Michael Locasto and Anna Shubina; Nate Cardozo and Eva Galperin

May 26, 2015 Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google

Joseph Bonneau, Elie Bursztein, Ilan Caron, Rob Jackson and Mike Williamson

May 12, 2015 Ad Injection at Scale: Assessing Deceptive Advertisement Modifications

Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos and Moheeb Abu Rajab

April 28, 2015 FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen


April 21, 2015 Optimizing TLS for High–Bandwidth Applications in FreeBSD

Randall Stewart, John-Mark Gurney and Scott Long

April 14, 2015 How Secure and Quick is QUIC? Provable Security and Performance Analyses

Robert Lychev, Samuel Jero, Alexandra Boldyreva, and Cristina Nita-Rotaru

April 7, 2015 What the App is That? Deception and Countermeasures in the Android User Interface

Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel and Giovanni Vigna

March 31, 2015 SoK: Secure Messaging

Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg and Matthew Smith

March 24, 2015 Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface

Stephen Checkoway and Hovav Shacham

March 17, 2015 A Messy State of the Union: Taming the Composite State Machines of TLS

Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub and Jean Karim Zinzindohoue

March 10, 2015 Surreptitiously Weakening Cryptographic Systems

Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno and Thomas Ristenpart

February 24, 2015 Code Reuse Attacks in PHP

Johannes Dahse, Nikolai Krein, and Thorsten Holz

February 17, 2015 The Web Never Forgets: Persistent Tracking Mechanisms in the Wild

Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan and Claudia Diaz

February 10, 2015 Internet of Things: Privacy and Security in Connected World

FTC Report

February 3, 2015 Enhanced Certificate Transparency and End-to-end Encrypted Mail

Mark Ryan

January 27, 2015 Information Leaks without Memory Disclosures

Jeff Seibert, Hamed Okhravi, and Eric Söderström

January 20, 2015 DP5: A Private Presence Service

Nikita Borisov, George Danezis and Ian Goldberg

January 13, 2015 The Emperor's New API's: On the (In)Secure Usage of New Client-Side Primitives

Steve Hanna, Eui Chul Richard Shin, Devdatta Akhawe, Arman Boehm, Prateek Saxena and Dawn Song

December 9, 2014 Securing SSL Certificate Verification through Dynamic Linking

Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Dave Tian, Kevin R.B. Butler and Abdulrahman Alkhelaifi

December 2, 2014 Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on The Internet

Steven M. Bellovin, Matt Blaze, Sandy Clark and Susan Landau

November 18, 2014 On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records

Sambuddho Chakravarty, Marco V. Barbera, Georgios Portokalidis, Michalis Polychronakis and Angelos D. Keromytis

November 11, 2014 Moving Targets: Security and Rapid-Release in Firefox

Sandy Clark, Michael Collis, Matt Blaze, and Jonathan M. Smith

October 28, 2014 From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation

Frederico Araujo, Kevin W. Hamlen, Sebastian Biedermann, and Stefan Katzenbeisser

October 21, 2014 Analaysis of SSL Certificate Reissues and Recocations in the Wake of Heartbleed

Liang Zhang, David Choffnes, Dave Levin, Tudor Dumitras, Alan Mislove, Aaron Schulman and Christo Wilson

October 7, 2014 ROP is Still Dangerous - Breaking Modern Defenses

Nicholas Carlini and David Wagner

September 30, 2014 From the Aether to the Ethernet – Attacking the Internet using Broadcast Digital Television

Yossef Oren and Angelos D. Keromytis

September 23, 2014 On the Practical Exploitability of Dual EC in TLS Implementations

Stephen Checkoway, Matthew Fredrikson, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Ristenpart, Daniel J. Bernstein, Jake Maskiewicz and Hovav Shacham

September 16, 2014 Exit from Hell? Reducing the Impact of Amplification DDoS Attacks

Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz

September 9, 2014 Gyrophone: Recognizing Speech from Gyroscope Signals

Yan Michalevsky and Dan Boneh

August 26, 2014 Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs

Daniel Genkin, Itamar Pipman, and Eran Tromer

August 19, 2014 Hacking Blind

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazieres, and Dan Boneh

August 12, 2014 RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2
August 5, 2014 Spoiled Onions: Exposing Malicious Tor Exit Relays

Philipp Winter, Richard Köwer, Martin Mulazzani, Markus Huber, Sebastian Schrittwieser, Stefan Lindskog, and Edgar Weipp

July 29, 2014 When Governments Hack Opponents: A Look at Actors and Technology

William R. Marczak, John Scott-Railton, Morgan Marquis-Boire, and Vern Paxson

July 22, 2014 Framing Signals—A Return to Portable Shellcode

Erik Bosman and Herbert Bos

July 15, 2014 Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings

Ajaya Neupane, Nitesh Saxena, Keya Kuruvilla, Michael Georgescu, and Rajesh Kana.

July 8, 2014 When HTTPS Meets CDN: A Case of Authentication in Delegated Service

Liang, J., Jiang, J., Duan, H., Li, K., Wan, T., Wu, J.

July 1, 2014 Nazca: Detecting Malware Distribution in Large-Scale Networks

Invernizzi, L., Lee, S. J., Miskovic, S., Mellia, M., Torres, R., Kruegel, C., Saha, S., Vigna, G.

June 24, 2014 SNARKSs for C: Verifying Program Execution Succinctly and in Zero Knowledge

Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.

June 17, 2014 Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains

Mikens, J.

June 10, 2014 Chip and Skim: Cloning EMV Cards with the Pre-Play Attack

Bond, M., Choudary, O., Murdoch, S., Skorobogatov, S., Anderson, R.

June 3, 2014 Zerocash: Decentralized Anonymous Payments from Bitcoin

Ben-Sasson, E., Chiesa, A., Garma, C., Green, M., Miers, I., Tromer, E., Virza, M.

May 27, 2014 Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS

Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Alfredo Pironti and Pierre-Yves Strub

May 20, 2014 Analyzing Forged SSL Certificates in the Wild

Huang, L. S., Rice, A., Ellingsen, E., & Jackson, C. Analyzing Forged SSL Certificates in the Wild.

May 13, 2014 mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations

Heiderich, M., Schwenk, J., Frosch, T., Magazinius, J., & Yang, E. Z. (2013, November). mXSS attacks: attacking well-secured web-applications by using innerHTML mutations. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (pp. 777-788). ACM.

May 6, 2014 Towards Automatic Software Lineage Inference

Jang, J., Woo, M., & Brumley, D. (2013, August). Towards automatic software lineage inference. In Proceedings of the 22nd USENIX conference on Security (pp. 81-96). USENIX Association.

March 25, 2014 On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency

Courtois, N. T., & Bahack, L. (2014). On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency. arXiv preprint arXiv:1402.1718.

March 18, 2014 PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces

Templeman, R., Korayem, M., Crandall, D., & Kapadia, A. (2014). PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces.

March 11, 2014 Copker: Computing with Private Keys without RAM

Guan, L., Lin, J., Luo, B., & Jing, J. (2014). Copker: Computing with Private Keys without RAM.

March 4, 2014 Auditable Version Control Systems

Bo Chen, Reza Curtmola (New Jersey Institute of Technology)

February 25, 2014 Toward Black-Box Detection of Logic Flaws in Web Applications

Giancarlo Pellegrino, Davide Balzarotti (EURECOM, France)

February 18, 2014 ROPecker: A Generic and Practical Approach for Defending Against ROP Attacks

Yueqiang Cheng‡, Zongwei Zhou*, Miao Yu*, Xuhua Ding‡, Robert H. Deng‡ * Carnegie Mellon University ‡ Singapore Management University

February 11, 2014 The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network

Rob Jansen* , Florian Tschorsch‡, Aaron Johnson* , Bjorn Scheuermann‡ * U.S. Naval Research Laboratory ‡ Humboldt University of Berlin, Germany

February 4, 2014 Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares

Zaddach, J., Bruno, L., Francillon, A., & Balzarotti, D. (2010). AVATAR: A framework to support dynamic security analysis of embedded system's firmwares. IEEE Transactions on Software Engineering, 36(4).

January 28, 2014 Botcoin: Monetizing Stolen Cycles

Huang, D. Y., Dharmdasani, H., Meiklejohn, S., Dave, V., Grier, C., McCoy, D., ... & Levchenko, K. (2014). Botcoin: monetizing stolen cycles. In Proceedings of NDSS (Vol. 2014).

January 21, 2014 Model-Based Evaluation of GPS Spoofing Attacks on Power Grid Sensors

Akkaya, I., Lee, E. A., & Derler, P. (2013, May). Model-based evaluation of GPS spoofing attacks on power grid sensors. In Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES), 2013 Workshop on (pp. 1-6). IEEE.

January 7, 2014 CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers

Antonio Nappa, Zhaoyan Xu, M. Zubair Rafique, Juan Caballero, Guofei Gu

Nov 26, 2013 GOTCHA Password Hackers!

Jeremiah Blocki, Manuel Blum, Anupam Datta (Carnegie Mellon University)

Nov 19, 2013 Ed Felton Discussion
Nov 12, 2013 On the Security of RC4 in TLS

Nadhem AlFardan (University of London), Daniel J. Bernstein (University of Illinois at Chicago and Technische Universiteit Eindhoven), Kenneth G. Paterson, Bertram Poettering, Jacob C.N. Schuldt (University of London)

Nov 5, 2013 SAuth: Protecting User Accounts from Password Database Leaks,

RFC 6749: The OAuth 2.0 Authorization Framework Georgios Kontaxis, Elias Athanasopoulos (Columbia University), Georgios Portokalidis (Stevens Inst. of Technology), Angelos D. Keromytis (Columbia University)

Oct 29, 2013 Take This Personally: Pollution Attacks on Personalized Services

Xinyu Xing, Wei Meng, Dan Doozan (Georgia Institute of Technology), Alex C. Snoeren (University of California, San Diego), Nick Feamster, Wenke Lee (Georgia Institute of Technology)

Oct 22, 2013 Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations

Istvan Haller, Asia Slowinska (VU University Amsterdam), Matthias Neugschwandtner (Vienna University of Technology), Herbert Bos (VU University Amsterdam)

Oct 15, 2013
Oct 8, 2013 Silk Road New York Trial Document,

Silk Road Maryland Trial Document

Oct 1, 2013 Stealthy Dopant-Level Hardware Trojans

Georg T. Becker (UMASS Amherst), Francesco Regazzoni (TU Delft and ALaRI, University of Lugano), Christof Paar (UMASS Amherst), Wayne P. Burleson (UMASS Amherst), CHES 2013.

Sep 24, 2013 Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries

Aaron Johnson (U.S. Naval Research Laboratory), Chris Wacek (Georgetown University), Rob Jansen (U.S. Naval Research Laboratory), Micah Sherr (Georgetown University), Paul Syverson (U.S. Naval Research Laboratory), CCS 2013

Sep 17, 2013 Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse

Kurt Thomas (UC Berkeley and Twitter), Damon McCoy (George Mason University), Chris Grier (UC Berkeley and International Computer Science Institute), Alek Kolcz (Twitter), Vern Paxson (UC Berkeley and International Computer Science Institute), USENIX 2013.

Sep 10, 2013 Control Flow Integrity for COTS Binaries

Mingwei Zhang, R. Sekar (Stony Brook University), USENIX 2013.

Sep 3, 2013 Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation

Frank Imeson, Ariq Emtenan, Siddharth Garg, Mahesh V. Tripunitara (University of Waterloo), USENIX 2013.

Aug 27, 2013
Aug 20, 2013
Aug 13, 2013
Aug 6, 2013
July 30, 2013 Measuring the practical impact of DNSSEC Deployment

Wilson Lian (UC San Diego), Eric Rescorla (RTFM, Inc.), Hovav Shacham, Stefan Savage (UC San Diego), USENIX 2013.

July 16, 2013 seL4: from General Purpose to a Proof of Information Flow Enforcement

Toby Murray, Daniel Matichuk, Matthew Brassil, Peter Gammie, Timothy Bourke, Sean Seefried, Corey Lewis, Xin Gao, Gerwin Klein (NICTA), IEEE S&P 2013.

July 9, 2013 PRIVEXEC: Private Execution as an Operating System Service

Kaan Onarlioglu, Collin Mulliner, William Robertson and Engin Kirda (Northeastern), IEEE S&P 2013.

July 2, 2013 ObliviStore: High Performance Oblivious Cloud Storage

Emil Stefanov (UC Berkeley), Elaine Shi (Maryland), IEEE S&P 2013.

June 25, 2013 Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann (University of Luxembourg), IEEE S&P 2013.

June 18, 2013 Breakthrough silicon scanning discovers backdoor in military chip

Sergei Skorobogatov (Cambridge), Christopher Woods (Quo Vadis Labs), CHES 2012.

June 11, 2013 Hiding Information in Flash Memory

Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh (Cornell), IEEE S&P 2013.

June 4, 2013 The Crossfire Attack

Min Suk Kang, Soo Bum Lee, Virgil D. Gligor (CMU), IEEE S&P 2013.

May 28, 2013 Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization

Kevin Z. Snow, Fabian Monrose (University of North Carolina), Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Ahmad-Reza Sadeghi (CASED/Technische Universitat Darmstadt), IEEE S&P 2013.

May 21, 2013 Honeywords: Making Password-Cracking Detectable

Ari Juels (RSA Labs), Ronald L. Rivest (MIT CSAIL).

May 14, 2013 SoK: Eternal War in Memory

Laszlo Szekeres(Stony Brook University), Mathias Payerz, Tao Weiz, Dawn Song (UCB), IEEE S&P 2013.

May 7, 2013 A Scanner Darkly: Protecting User Privacy From Perceptual Applications

Suman Jana (UT Austin), Arvind Narayanany (Princeton), Vitaly Shmatikov (UT Austin), IEEE S&P 2013.

Apr 30, 2013 Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting

Nick Nikiforakis(1), Alexandros Kapravelosy(2), Wouter Joosen(1), Christopher Kruegely(2), Frank Piessens(1), Giovanni Vigna(2); (1) iMinds-DistriNet, (2) UCSB, IEEE S&P 2013.

Apr 23, 2013 SkyNET: a 3G-enabled mobile attack drone and stealth botmaster

Theodore Reed, Joseph Geis, Sven Dietrich (Stevens Institute of Technology) USENIX WOOT'11.

Apr 16, 2013 Zerocoin: Anonymous Distributed E-Cash from Bitcoin

Ian Miers, Christina Garman, Matthew Green, Aviel D. Rubin (Johns Hopkins) IEEE S&P 2013.

Apr 9, 2013 Anon-Pass: Practical Anonymous Subscriptions

Michael Z. Lee, Alan M. Dunn, Brent Waters, Emmett Witchel (University of Texas at Austin), Jonathan Katz (University of Maryland) IEEE S&P 2013.

Apr 2, 2013 I can be You: Questioning the use of Keystroke Dynamics as Biometrics

Tey Chee Meng, Payas Gupta, Debin Gao (Singapore Management University) NDSS 2013.

Mar 26, 2013 SoK: Secure Data Deletion

Joel Reardon, David Basin, Srdjan Capkun (ETH Zurich) Oakland 2013.

Mar 19, 2013 PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs

Damon McCoy (2), Andreas Pitsillidis (1), Grant Jordan (1), Nicholas Weaver (1,3), Christian Kreibich (1,3), Brian Krebs (4), Geoffrey M. Voelker (1), Stefan Savage (1), Kirill Levchenko (1). (1) UCSD, (2) George Mason, (3) International Computer Science Institute, (4) USENIX Security 2012.

Mar 12, 2013 Vanity, Cracks and Malware: Insights into the Anti-Copy Protection Ecosystem

Markus Kammerstetter, Christian Platzer, and Gilbert Wondracek (Vienna University of Technology) ACM CCS 2012.

Mar 5, 2013 The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

Joseph Bonneau (University of Cambridge), Cormac Herley (Microsoft Research), Paul C. van Oorschot (Carleton University), Frank Stajanoy (University of Cambridge) IEEE S&P 2012.

Feb 26, 2013 Hourglass Schemes: How to Prove that Cloud Files Are Encrypted

Marten van Dijk (1), Ari Juels (1), Alina Oprea (1), Ronald L. Rivest (2), Emil Stefanov (3), Nikos Triandopoulos (1). (1) RSA Laboratories, (2) MIT, (3) UC Berkeley. ACM CCS 2012.

Feb 19, 2013 Going Bright: Wiretapping without Weakening Communications Infrastructure

Steven M. Bellovin (Columbia University), Matt Blaze (University of Pennsylvania), Sandy Clark (University of Pennsylvania), Susan Landau (Privacy Ink) IEEE S&P 2011.

Feb 12, 2013 Lucky Thirteen: Breaking the TLS and DTLS Record Protocols

Nadhem J. AlFardan and Kenneth G. Paterson (Royal Holloway, University of London) 2013.

Sep 26, 2012 Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider

Ariel J. Feldman, Aaron Blankstein, Michael J. Freedman, and Edward W. Felten (Princeton University) USENIX Security 2012.

Sep 19, 2012 Distinguishing Users with Capacitative Touch Communication

Tam Vu, Akash Baid, Simon Gao, Marco Gruteser, Richard Howard, Janne Lindqvist, Predrag Spasojevic and Jeffrey Walling (Rutgers University) MobiCom 2012.

Sep 12, 2012 Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks

Hristo Bojinov (Stanford), Daniel Sanchez, Paul Reber (Northwestern), Dan Boneh (Stanford), and Patrick Lincoln (SRI) USENIX Security 2012.

Sep 5, 2012 Memento: Learning Secrets from Process Footprints

Suman Jana and Vitaly Shmatikov. U. of Texas Austin. IEEE S&P 2012.

Aug 30, 2012 On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces

Ivan Martinovic (1), Doug Davies (2), Mario Frank (2), Daniele Perito (2), Tomas Ros (3), Dawn Song (2). (1) University of Oxford, (2) UC Berkeley, (3) University of Geneva. USENIX Security 2012.

Aug 23, 2012 Clickjacking: Attacks and Defenses

Lin-Shung Huang (1), Alex Moshchuk (2), Helen J. Wang (2), Stuart Schechter (2), and Collin Jackson (1). (1) CMU (2) MSR. USENIX Security 2012.

Jul 12, 2012 Aurasium: Practical Policy Enforcement for Android Applications

Rubin Xu (1), Hassen Saidi (2), and Ross Anderson (1). (1) Cambridge (2) SRI International. USENIX Security 2012.

Jun 28, 2012 (Canceled) Prudent Practices for Designing Malware Experiments: Status Quo and Outlook

Christian Rossow (1,4), Christian J. Dietrich (1), Chris Grier (3,2), Christian Kreibich (3,2), Vern Paxson (3,2), Norbert Pohlmann (1), Herbert Bos (4), and Maarten van Steen (4). (1) Institute for Internet Security, Gelsenkirchen (2) UC Berkeley (3) International Computer Science Institute, Berkeley (4) VU University Amsterdam, The Network Institute. IEEE S&P 2012.

Jun 14, 2012 Using Replicated Execution for a More Secure and Reliable Web Browser

Hui Xue, Nathan Dautenhahn, Samuel T. King. UIUC. NDSS 2012.

Apr 17, 2012 User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems

Franziska Roesner (1), Tadayoshi Kohno (1), Alexander Moshchuk (2), Bryan Parno (2), Helen J. Wang (2), and Crispin Cowan (2). (1) University of Washington (2) MSR (3) Microsoft. IEEE S&P 2012.

Apr 10, 2012 The Case for Prefetching and Prevalidating TLS Server Certificates

Emily Stark (1), Lin-Shung Huang (2), Dinesh Israni (2), Collin Jackson (2) and Dan Boneh (3). (1) MIT (2) CMU (3) Stanford. NDSS 2012.

Apr 3, 2012 Ghost Domain Names: Revoked Yet Still Resolvable

Jian Jiang (1), Jinjin Liang (1), Kang Li (2), Jun Li (3), Haixin Duan (1), and Jianping Wu (1). (1) Tsinghua University (2) University of Georgia (3) University of Oregon. NDSS 2012.

Mar 27, 2012 Persistent OSPF Attacks

Gabi Nakibly (1), Alex Kirshon (2), Dima Gonikman (2), and Dan Boneh (3). (1) Rafael (2) Technion – Israel Institute of Technology (3) Stanford. NDSS 2012.

Mar 20, 2012 Host Fingerprinting and Tracking on the Web: Privacy and Security Implications

Ting-Fang Yen (1), Yinglian Xie (2), Fang Yu (2), Roger Peng Yu (3), and Martin Abadi (2). (1) RSA (2) MSR (3) Microsoft. NDSS 2012.

Mar 13, 2012 An Attack on PUF-Based Session Key Exchange and a Hardware-Based Countermeasure: Erasable PUFs

Ulrich Rührmai, Christian Jaeger, and Michael Algasinger. Technische Universität München. FC 2011.

Mar 6, 2012 Analyzing Facebook Privacy Settings: User Expectations vs. Reality

Yabing Liu, Krishna P. Gummadi, Balachander Krishnamurthy, and Alan Mislove. IMC 2011.

Privacy Protection for Social Networking Platforms Adrienne Felt and David Evans. W2SP 2008.
Feb 21, 2012 Software fault isolation with API integrity and multi-principal modules

Yandong Mao, Haogang Chen (MIT), Dong Zhou (Tsinghua), Xi Wang, Nickolai Zeldovich and M. Frans Kaashoek (MIT). SOSP 2011.

Feb 14, 2012 A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware

Kangkook Jee (1), Georgios Portokalidis (1), Vasileios P. Kemerlis (1), Soumyadeep Ghosh (2), David I. August (2), and Angelos D. Keromytis (1). (1) Columbia University (2) Princeton. NDSS 2012.

Jan 31, 2012 Insights into User Behavior in Dealing with Internet Attacks

Kaan Onarlioglu (1), Utku Ozan Yilmaz (2), and Engin Kirda (1). (1) Northeastern University (2) Bilkent University. NDSS 2012.

Jan 24, 2012 Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems

Xiaoxin Chen (1), Tal Garfinkel (1), E. Christopher Lewis (1), Pratap Subrahmanyam (1), Carl A. Waldspurger (1), Dan Boneh (2), Jeffrey Dwoskin (3), and Dan R.K. Ports (4). (1) VMWare (2) Stanford (3) Princeton (4) MIT. ASPLOS 2008.

Jan 17, 2012 WarningBird: Detecting Suspicious URLs in Twitter Stream

Sangho Lee and Jong Kim. Pohang University of Science and Technology. NDSS 2012.

Dec 12, 2011 What’s Clicking What? Techniques and Innovations of Today’s Clickbots

Brad Miller (1), Paul Pearce (1), and Chris Grier (1), Christian Kreibich (2), Vern Paxson (1,2). (1) UC Berkeley (2) ICSI. DIMVA 2011.

Dec 5, 2011 Systematic Detection of Capability Leaks in Stock Android Smartphones

Michael Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang. North Carolina State University. NDSS 2012.

Nov 28, 2011 How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores

Rui Wang (1), Shuo Chen (2), XiaoFeng Wang (1), Shaz Qadeer (2). (1) Indiana University Bloomington (2) MSR. IEEE S&P 2011.

Nov 21, 2011 Dirty Jobs: The Role of Freelance Labor in Web Service Abuse

Marti Motoyama, Damon McCoy, Kirill Levchenko, Stefan Savage, and Geoffrey M. Voelker. UC San Diego. USENIX Security 2011.

Nov 14, 2011 "You Might Also Like:" Privacy Risks of Collaborative Filtering

Joseph A. Calandrino(1), Ann Kilzer(2), Arvind Narayanan(3), Edward W. Felten(1), and Vitaly Shmatikov(2). (1) Princeton (2) U. of Texas Austin (3) Stanford. IEEE S&P 2011.

Nov 7, 2011 Security Aspects of Piecewise Hashing in Computer Forensics

Harald Baier, Frank Breitinger. Hochschule Darmstadt. 2011 Sixth International Conference on IT Security Incident Management and IT Forensics (IMF).

Oct 31, 2011 Countering Gattaca: Efficient and Secure Testing of Fully-Sequenced Human Genomes

Pierre Baldi, Roberta Baronio, Emiliano De Cristofaro, Paolo Gasti, Gene Tsudik. CCS 2011. UC Irvine.

Oct 24, 2011 Forcing Johnny to Login Safely: Long-Term User Study of Forcing and Training Login Mechanisms

Amir Herzberg and Ronen Margulies. Bar Ilan University. ESORICS 2011.

Oct 17, 2011 Canceled. Fall Break.
Oct 10, 2011 Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL

Christopher Soghoian and Sid Stamm. FC 2011.

Oct 3, 2011 MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery

Chia Yuan Cho, Domagoj Babi, Pongsin Poosankam, Kevin Zhijie Chen, Edward XueJun Wu, and Dawn Song. UC Berkeley. USENIX 2011.

Sep 26, 2011 Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System

Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, Matt Blaze. UPenn. USENIX Security 2011.

Sep 19, 2011 Mimimorphism: A New Approach to Binary Code Obfuscation

Zhenyu Wu, Steven Gianvecchio, Mengjun Xie, and Haining Wang

Sep 12, 2011 Secure In-Band Wireless Pairing

Shyamnath Gollakota, Nabeel Ahmed, Nickolai Zeldovich, and Dina Katabi. MIT. USENIX Security 2011.

Aug 23, 2011 Cloaking Malware with the Trusted Platform Module

Alan M. Dunn, Owen S. Hofmann, Brent Waters and EmmettWitchel. UT Austin. USENIX Security 2011.

Aug 9, 2011 deSEO: Combating Search-Result Poisoning

John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi. MSR. USENIX Security 2011.

Jul 26, 2011 Measuring Pay-per-Install: The Commoditization of Malware Distribution

Juan Caballero (1), Chris Grier (2), Christian Kreibich(2), and Vern Paxson (2). (1) IMDEA (2) UC Berkeley. USENIX Security 2011.

Jul 12, 2011 A Study of Android Application Security

William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. PSU. USENIX Security 2011.

June 28, 2011 Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space

Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner and Markus Huber. SBA Research. USENIX Security 2011.

June 14, 2011 I Still Know What You Visited Last Summer - Leaking browsing history via user interaction and side channel attacks

Zachary Weinberg, Eric Y. Chen, Pavithra Ramesh Jayaraman and Collin Jackson (CMU). IEEE SP2011.

May 31, 2011 Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices

Michael Becher (1), Felix C. Freiling (1), Johannes Hoffmann (2), Thorsten Holz (2), Sebastian Uellenbeck (2), Christopher Wolf (2). (1) University of Mannheim, Germany (2) Horst Gortz Institute (HGI) Ruhr-University Bochum, Germany. IEEE SP2011.

Apr 07, 2011 Ensuring Operating System Kernel Integrity of OSck

Owen S. Hofmann (1), Alan M. Dunn (1), Sangman Kim (1), Indrajit Roy (2), Emmett Witchel (1). (1) UT Austin (2) HP Labs. ASPLOS 2011.

Mar 31, 2011 Folk Models of Home Computer Security

Rick Wash. Michigan State University. SOUPS 10.

Mar 24, 2011 PiOS: Detecting Privacy Leaks in iOS Applications

Manuel Egele (Vienna University of Technology, Austria & UCSB), Christopher Kruegel (UCSB) , Engin Kirda (Institute Eurecom & Northeastern University, Boston), and Giovanni Vigna (UCSB). NDSS 11.

Mar 17, 2011 Reliably Erasing Data From Flash-Based Solid State Drives

Michael Wei, Laura, M. Grupp, Frederick E. Spada, and Steven Swanson. UCSD. FAST 11.

Mar 10, 2011 Where Do Security Policies Come From?

Dinei Florencio and Cormac Herley. MSR. SOUPS 10.

Feb 24, 2011 AEG: Automatic Exploit Generation

Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao and David Brumley. CMU. NDSS 11.

Feb 17, 2011 EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis

Leyla Bilge (1), Engin Kirda (1,2), Christopher Kruegel (3), Marco Balduzzi(1). (1) Institute of Eurecom, Sophia Antipolis (2) Northeastern University, Boston (3) UCSB. NDSS 11.

Feb 10, 2011 Canceled.
Feb 03, 2011 Usability Testing a Malware-Resistant Input Mechanism

Alana Libonati (UNC), Jonathan M. McCune (CMU), and Michael K. Reiter (UNC). NDSS 11.

Jan 27, 2011 Losing Control of the Internet: Using the Data Plane to Attack the Control Plane

Max Schuchard (1), Eugene Y. Vasserman (2), Abedelaziz Mohaisen (1), Denis Foo Kune (1), Nicholas Hopper (1), Yongdae Kim (2). (1) Uni. of Minnesota (2) Kansas State Uni. NDSS 11.

Jan 20, 2011 Soundminer: A Stealthy and Context-Aware Sound Trojan for Smartphones

Roman Schlegel (City Uni of Hong Kong), Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang (Indiana University Bloomington). NDSS 11.

Jan 13, 2011 Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Aurelien Francillon, Boris Danev, and Srdjan Capkun (ETH Zurich). NDSS11.

Dec 02, 2010 AccessMiner: Using System-Centric Models for Malware Protection

Andrea Lanzi (1), Davide Balzarotti (1), Christopher Kruegel (2), Mihai Christodorescu (3) and Engin Kirda (1). (1) Institute Eurecom, (2) UCSB, (3) IBM. CCS 2010.

Nov 25, 2010 Thanksgiving.
Nov 18, 2010 Discussion with Hari Prasad.
Nov 11, 2010 Platform-Independent Programs

Sang Kl Cha, Brian Pak, David Brumley (CMU), and Richard J. Lipton (Georgia Tech). CCS 2010.

Nov 4, 2010 @spam: The Underground on 140 Characters or Less

Chris Grier (Berkeley), Kurt Thomas (UIUC), Vern Paxson (Berkeley), and Michael Zhang (Berkeley). CCS 2010.

Oct 28, 2010 W32.Stuxnet Dossier

Nicolas Falliere, Liam O Murchu, and Eric Chien. Symantec.

Oct 21, 2010 (Postponed from Sep 30) MulVAL: A Logic-based Network Security Analyzer

Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel, Princeton. USENIX Security 2005.

Oct 14, 2010 Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware

Juan Caballero (CMU/Berkley), Pongsin Poosankam (CMU/Berkley), Stephen McCamant, Domagoj Babic, and Dawn Song (Berkley). CCS 2010.

Sep 23, 2010 Vex: Vetting Browser Extensions for Security Vulnerabilities

Sruthi Bandhakavi, Samuel T. King, P. Madhusudan, and Marianne Winslett, UIUC. USENIX Security 2010.

Sep 16, 2010 Kamouflage: Loss-Resistant Password Management

Hristo Bojinov (1), Elie Bursztein (1), Xavier Boyen (2), and Dan Boneh (1). (1) Stanford University, (2) Universite de Liege, Belgium. ESORICS 2010.

Sep 9, 2010 Capsicum: Practical Capabilities for UNIX

Robert N.M. Watson and Jonathan Anderson, University of Cambridge; Ben Laurie and Kris Kennaway, Google UK Ltd. USENIX Security 2010.

Sep 2, 2010 On Challenges in Evaluating Malware Clustering

Peng Li (University of North Carolina, Chapel Hill) , Limin Liu (Graduate School of Chinese Academy of Sciences) , Debin Gao (Singapore Management University) , and Michael K. Reiter (University of North Caroline, Chapel Hill). RAID 2010.

Aug 26, 2010 Searching the Searchers with SearchAudit

John P. John, Fang Yu, Yinglian Xie , Mart ́n Abadi, Arvind Krishnamurthy. USENIX Security 2010.

Aug 19, 2010 Automatic Generation of Remediation Procedures for Malware Infections

Roberto Paleari (1), Lorenzo Martignoni (2), Emanuele Passerini (1), Drew Davidson (3), Matt Fredrikson (3), Jon Giffin (4), Somesh Jha (3), (1) Universita degli Studi di Milano, (2) Universita degli Studi di Udine, (3) University of Wisconsin, (4) Georgia Institute of Technology. USENIX Security 2010.

Aug 5, 2010 Baaz: A System for Detecting Access Control Misconfigurations

Tathagata Das, Ranjita Bhagwan, Prasad Naldurg (MSR India). USENIX Security 2010.

July 22, 2010 An Analysis of Private Browsing Modes in Modern Browsers

Gaurav Aggarwal (Stanford), Elie Burzstein (Stanford), Collin Jackson (CMU), and Dan Boneh (Stanford). USENIX Security 2010.

July 15, 2010 Adapting Software Fault Isolation to Contemporary CPU Architectures

David Sehr, Robert Muth, Cliff Biffle, Victor Khimenko, Egor Pasko, Karl Schimpf, Bennet Yee, Brad Chen (Google, Inc). USENIX Security 2010.

July 8, 2010 Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy

Richard Carback (UMBC CDL), David Chaum, Jeremy Clark (Uni of Waterloo), John Conway (UMBC CDL), Aleksander Essex (Uni of Waterloo), Paul S. Herrnson (UMCP CAPC), Travis Mayberry (UMBC CDL), Stefan Popoveniuc, Ronald L. Rivest, Emily Shen (MIT CSAIL), Alan T. Sherman (UMBC CDL), Poorvi L. Vora (GW). USENIX Security 2010.

June 24, 2010 Absolute Pwnage: Security Risks of Remote Administration Tools

Jay Novak, Jonathan Stribley, Kenneth Meagher, Scott Wolchok, J. Alex Halderman

Crawling BitTorrent DHTs for Fun and Profit

Scott Wolchok and J. Alex Halderman

June 17, 2010 Detecting and Removing Malicious Hardware Automatically

Matthew Hicks (UIUC), Murph Finnicum (UIUC), Samuel T. King (UIUC), Milo M. K. Martin (UPenn), Jonathan M. Smith (UPenn), IEEE SP2010.

June 10, 2010 Chip and PIN is Broken

Steven J. Murdoch, Saar Drimer, Ross Anderson, and Mike Bond (University of Cambridge), IEEE SP2010.

May 27, 2010 Experimental Security Analysis of a Modern Automobile

Karl Koscher (UW), Alexei Czeskis (UW), Franziska Roesner (UW), Shwetak Patel (UW), and Tadayoshi Kohno (UW), Stephen Checkoway (UCSD), Damon McCoy (UCSD), Brian Kantor (UCSD), Danny Anderson (UCSD), Hovav Shacham (UCSD), and Stefan Savage (UCSD), IEEE SP2010.

May 6, 2010 Security Analysis of India's Electronic Voting Machines

Hari K. Prasad (1), J. Alex Halderman (2), Rop Gonggrijp, Scott Wolchok (2), Eric Wustrow (2), Arun Kankipati (1), Sai Krishna Sakhamuri (1), and Vasavya Yagati(1), (1) NetIndia, (P) Ltd., Hyderabad (2) University of Michigan, submitted to CCS 2010.

April 29, 2010 A Practical Attack to De-Anonymize Social Network Users

Gilbert Wondracek (1), Thorsten Holz (1), Engin Kirda (2), Christopher Kruegel (3), (1) Technical University Vienna (2) Institute Eurecom (3) University of California, IEEE SP2010.

April 15, 2010 When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography

Thomas Ristenpart and Scott Yilek, University of California San Diego, NDSS 2010.

April 8, 2010 State of the Art: Automated Black-Box Web Application Vulnerability Testing

Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell, Stanford University, IEEE SP2010.

April 1, 2010 Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow

Shuo Chen (1), Rui Wang (2), XiaoFeng Wang (2), Kehuan Zhang (2), (1) MSR (2) Indiana University Bloomington, IEEE SP2010.

March 25, 2010 How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation

Elie Bursztein, Steven Bethard, Celine Fabry, John C. Mitchell, Dan Jurafsky, Stanford University, IEEE SP2010.

March 18, 2010 Server-Side Verification of Client Behavior in Online Games

Darrell Bethea, Robert Cochran and Michael Reiter, University of North Carolina at Chapel Hill, NDSS 2010.

March 11, 2010 A Systematic Characterization of IM Threats Using Honeypots

Spiros Antonatos, Iasonas Polakis, Thanasis Petsas and Evangelos P. Markatos, Foundation for Research and Technology Hellas, NDSS 2010.

February 25, 2010 FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications

Prateek Saxena, Steve Hanna, Pongsin Poosankam and Dawn Song, UC Berkeley, NDSS 2010.

February 18, 2010 Active Botnet Probing to Identify Obscure Command and Control Channels

Guofei Gu (1) , Vinod Yegneswaran (2), Phillip Porras (2) , Jennifer Stoll (3) , and Wenke Lee (3), (1) Texas A&M, (2) SRI International, (3) Georgia Institute of Technology

February 11, 2010 Where Do You Want to Go Today? Escalating Privileges By Pathname Manipulation

Suresh Chari, Shai Halevi and Wietse Venema, IBM Research, to appear in NDSS 2010.

February 4, 2010 Botnet Judo: Fighting Spam with Itself

Andreas Pitsillidis, Kirill Levchenko, Christian Kreibich, Chris Kanich, Geoffrey M. Voelker, Vern Paxson, Nicholas Weaver and Stefan Savage, to appear in NDSS 2010.

January 28, 2010 Efficient Detection of Split Personalities in Malware

Davide Balzarotti (1), Marco Cova(3), Christoph Karlberger (2), Christopher Kruegel (3), Engin Kirda (2), and Giovanni Vigna (3), to appear in NDSS 2010. (1) Institute Eurecom, Sophia Antipolis (2) Secure Systems Lab, Vienna University of Technology (3) University of California, Santa Barbara

January 21, 2010 Contractual Anonymity

Edward J. Schwartz, David Brumley and Jonathan M. McCune. to appear in NDSS 2010.

January 14, 2010 Protecting Browsers from Extension Vulnerabilities

Adam Barth, Adrienne Porter Felt, Prateek Saxena (UC Berkeley), and Aaron Boodman (Google, Inc.), to appear in NDSS 2010.

December 16, 2009 (postponed from December 9) EPC RFID Tag Security Weaknesses and Defenses: Passport Cards, Enhanced Drivers Licenses, and Beyond

Karl Koscher (UW), Ari Juels (RSA Labs), Vjekoslav Brajkovic (UW), and Tadayoshi Kohno (UW), CCS 2009.

December 2, 2009 On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core

Patrick Traynor (Georgia Tech), Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Thomas La Porta and Patrick McDaniel (all of Penn State), CCS 2009.

November 25, 2009 SMILE: Encounter-Based Trust for Mobile Social Services

Justin Manweiler, Ryan Scudellari, and Landon P. Cox, CCS 2009.

November 18, 2009 Can They Hear Me Now? A Security Analysis of Law Enforcement Wiretaps

Micah Sherr, Gaurav Shah, Eric Cronin, Sandy Clark, and Matt Blaze (University of Pennsylvania), CCS 2009.

November 11, 2009 Countering Kernel Rootkits with Lightweight Hook Protection

Zhi Wang (NCSU), Xuxian Jiang (NCSU), Weidong Cui (MSR), and Peng Ning (NCSU), CCS 2009.

November 4, 2009 Behavior Based Software Theft Detection

Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, and Peng Liu (Penn State), CCS 2009.

October 28, 2009 Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers

Mike Ter Louw, V.N. Venkatakrishnan (University of Illinois at Chicago), Oakland 2009.

October 21, 2009 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds

Thomas Ristenpart (UCSD), Eran Tromer (MIT), Hovav Shacham (UCSD), and Stefen Savage (UCSD), CCS 2009.

October 14, 2009 Revealing Hidden Context: Improving Mental Models of Personal Firewall Users

Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov (UBC), SOUPS 2009.

October 7, 2009 Fabric: A Platform for Secure Distributed Computation and Storage

Jed Liu, Michael George, K. Vikram, Xin Qi, Lucas Waye, and Andrew C. Myers (Cornell University), SOSP 2009.

September 16, 2009 Heat-ray: Combating Identity Snowball Attacks using Machine Learning, Combinatorial Optimization and Attack Graphs

John Dunagan (Microsoft Research), Alice X. Zheng (Microsoft Research), Daniel R. Simon (Microsoft), SOSP 2009.

September 9, 2009 Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems

Kehuan Zhang and XiaoFeng Wang (Indiana University, Bloomington), USENIX Security 2009.

September 3, 2009 Crying Wolf :An Empirical Study of SSL Warning Effectiveness

Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor (Carnegie Mellon University), USENIX Security 2009.

August 27, 2009 Membership-concealing overlay networks

Eugene Vasserman, Rob Jansen, James Tyra, Nicholas Hopper, and Yongdae Kim (University of Minnesota), CCS 2009.

August 20, 2009 Compromising Electromagnetic Emanations of Wired and Wireless Keyboards

Martin Vuagnoux and Sylvain Pasini (EPFL), USENIX Security 2009.

August 13, 2009 Unpacking Virtualization Obfuscators

Rolf Rolles

Pre-Patched Software

Jianing Guo, Jun Yuan, and Rob Johnson (Stony Brook University)

August 6, 2009 Null Prefix Attacks Against SSL Certificates

Moxie Marlinspike

Defeating OCSP with the Number 3

Moxie Marlinspike

Reversing and exploiting an Apple firmware update

K. Chen (Georgia Institute of Technology)

"Smart" Parking Meter Implementations, Globalism, and You

Joe Grand, Jacob Appelbaum, and Chris Tarnovsky

July 30, 2009 Hardware-Software Integrated Approaches to Defend Against Software Cache-based Side Channel Attacks

Jingfei Kong, Onur Acıiçmez, Jean-Pierre Seifert, and Huiyang Zhou

July 23, 2009 Half-Blind Attacks: Mask ROM Bootloaders Are Dangerous

Travis Goodspeed; Aurélien Francillon, INRIA Rhône-Alpes

A Fistful of Red-Pills: How to Automatically Generate Procedures to Detect CPU Emulators

Roberto Paleari, Università degli Studi di Milano; Lorenzo Martignoni, Università degli Studi di Udine; Giampaolo Fresi Roglia and Danilo Bruschi, Università degli Studi di Milano

July 16, 2009 It's No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions

Stuart Schechter, A. J. Bernheim Brush (Microsoft Research), Serge Egelman (Carnegie Mellon University)

July 9, 2009 How to Impress Girls with Browser Memory Protection Bypasses

Mark Dowd and Alexander Sotirov

July 2, 2009 Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors

Periklis Akritidis, Computer Laboratory, University of Cambridge; Manuel Costa and Miguel Castro, Microsoft Research, Cambridge; Steven Hand, Computer Laboratory, University of Cambridge

June 25, 2009 Physical-layer Identification of RFID Devices

Boris Danev (ETH Zurich, Switzerland), Thomas S. Heydt-Benjamin (IBM Zurich Research), and Srdjan Capkun (ETH Zurich, Switzerland). USENIX Security 2009.

June 18, 2009 Nozzle: Protecting Browsers Against Heap Spraying Attacks

Ben Zorn, Ben Livshits, and Paruj Ratanaworabhan (Microsoft Research). Technical Report; paper to appear in USENIX Security 2009.

June 11, 2009 Protecting Confidential Data on Personal Computers with Storage Capsules

Kevin Borders, Eric Vander Weele, Billy Lau, and Atul Prakash (University of Michigan). Oakland 2009.

June 4, 2009 De-anonymizing Social Networks

Arvind Narayanan and Vitaly Shmatikov (University of Texas at Austin). Oakland 2009.

May 28, 2009 Automatic Reverse Engineering of Malware Emulators

Monirul Sharif, Andrea Lanzi, Jonathon Giffin, Wenke Lee from Georgia Tech. Oakland '09.

May 21, 2009 Your Botnet is My Botnet: Analysis of a Botnet Takeover

B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, G. Vigna. 2009.

May 14, 2009 BootJacker: Compromising Computers using Forced Restarts

Ellick M. Chan, Jeffrey C. Carlyle, Francis M. David, Reza Farivar, and Roy H. Campbell (all of whom are from UIUC). CCS '08.

May 7, 2009 Code Injection Attacks on Harvard-Architecture Devices

Aurelien Francillon (INRIA Rhone-Alpes) and Claude Castelluccia (INRIA Rhone-Alpes). CCS '08.

April 30, 2009 SybilInfer: Detecting Sybil Nodes using Social Networks

George Danezis (MSR UK) and Prateek Mittal (UIUC). NDSS '09.

April 16, 2009 An Efficient Black-box Technique for Defeating Web Application Attacks

R. Sekar (Stony Brook). NDSS '09.

April 9, 2009 Detecting Forged TCP Reset Packets

Nicholas Weaver (ICSI), Robin Sommer (ICSI & LBNL), and Vern Paxson (ICSI & UC Berkeley). NDSS '09.

April 2, 2009 Detecting In-Flight Page Changes with Web Tripwires.

Charles Reis, Steven D. Gribble, Tadayoshi Kohno, and Nicholas C. Weaver. NSDI '08.

March 26, 2009 Safe Passage for Passwords and Other Sensitive Data.

Jonathan M. McCune (CMU), Adrian Perrig (CMU), and Michael K. Reiter (UNC). NDSS '09.

March 19, 2009 Quantifying Information Leaks in Outbound Web Traffic

Kevin Borders and Atul Prakash. Oakland 2009.

March 12, 2009 Fingerprinting Blank Paper Using Commodity Scanners

William Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, J. Alex Halderman and Edward W. Felten. Oakland 2009.

March 5, 2009 Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves

Adam Barth, Juan Caballero, Dawn Song. Oakland 2009

February 19, 2009 Digging for Data Structures by Cozzie et al. OSDI 2008.

General References

Lecture Notes on Cryptography (200+ pages)

Other Security Reading Groups

Personal tools