Security, Cryptography, and Privacy

179 Publications

  •    

    A Language-Based Approach to Secure Quorum Replication

    Lantian Zheng, Andrew C. Myers

    Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security (2014), pp. 27-39

  •  

    Communities, Random Walks, and Social Sybil Defense.

    Lorenzo Alvisi, Allen Clement, Alessandro Epasto, Silvio Lattanzi, Alessandro Panconesi

    Internet Mathematics (2014)

  •    

    Dialing Back Abuse on Phone Verified Accounts

    Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier, Damon McCoy

    Proceedings of the 21st ACM Conference on Computer and Communications Security (2014)

  •    

    Dividing secrets to secure data outsourcing

    Fatih Emekci, Ahmed Methwally, Divyakant Agrawal, Amr El Abbadi

    Information Sciences, vol. 263 (2014), pp. 198-210

  •    

    Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM

    Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, Geoff Pike

    Proceedings of the 23rd Usenix Security Symposium, USENIX, San Diego, CA (2014)

  •    

    Experimenting At Scale With Google Chrome's SSL Warning

    Adrienne Porter Felt, Robert W. Reeder, Hazim Almuhimedi, Sunny Consolvo

    ACM CHI Conference on Human Factors in Computing Systems (2014)

  •    

    Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud

    Arnar Birgisson, Joe Gibbs Politz, Úlfar Erlingsson, Ankur Taly, Michael Vrable, Mark Lentczner

    Network and Distributed System Security Symposium, Internet Society (2014)

  •   

    MiniBox: A Two-Way Sandbox for x86 Native Code

    Yanlin Li, Jonathan McCune, James Newsome, Adrian Perrig, Brandon Baker, Will Drewry

    Proceedings of the Usenix Annual Technical Conference, Usenix (2014)

  •    

    RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response

    Úlfar Erlingsson, Vasyl Pihur, Aleksandra Korolova

    Proceedings of the 21st ACM Conference on Computer and Communications Security, ACM, Scottsdale, Arizona (2014) (to appear)

  •    

    RFC7344 - Automating DNSSEC Delegation Trust Maintenance

    Warren Kumari

    IETF RFCs, Internet Engineering Task Force (2014)

  •    

    SSAC Advisory on Search List Processing

    Warren Kumari, Jaap Akkerhuis, Don Blumenthal

    ICANN SSAC Reports and Advisories, ICANN (2014), pp. 17

  •    

    Securing the Tangled Web

    Christoph Kern

    Communications of the ACM, vol. 57, no. 9 (2014), pp. 38-47

  •    

    Would a Privacy Fundamentalist Sell Their DNA for $1000...If Nothing Bad Happened as a Result? The Westin Categories, Behavioral Intentions, and Consequences

    Allison Woodruff, Vasyl Pihur, Sunny Consolvo, Lauren Schmidt, Laura Brandimarte, Alessandro Acquisti

    Proceedings of the Symposium On Usable Privacy and Security: SOUPS '14, USENIX (2014)

  •    

    Your Reputation Precedes You: History, Reputation, and the Chrome Malware Warning

    Hazim Almuhimedi, Adrienne Porter Felt, Robert W. Reeder, Sunny Consolvo

    Proceedings of the Symposium On Usable Privacy and Security: SOUPS '14, USENIX (2014)

  •    

    ZARATHUSTRA: Extracting WebInject Signatures from Banking Trojans

    Claudio Criscione, Fabio Bosatelli, Stefano Zanero, Federico Maggi

    Twelfth Annual International Conference on Privacy, Security and Trust, IEEE (2014), pp. 139-148

  •    

    “My religious aunt asked why I was trying to sell her viagra”: Experiences with account hijacking

    Richard Shay, Iulia Ion, Robert W. Reeder, Sunny Consolvo

    Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: CHI '14, ACM, New York, NY, USA (2014), pp. 2657-2666

  •    

    Advisory on Internal Name Certificates

    Warren Kumari, Steve Crocker, Patrik Fältström, Ondrej Filip, James Galvin, Danny McPherson, Ram Mohan, Doron Shikmoni

    ICANN SSAC Reports and Advisories, ICANN (Internet Corporation for Assigned Names and Numbers) (2013)

  •    

    Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness

    Devdatta Akhawe, Adrienne Porter Felt

    USENIX Security Symposium, USENIX (2013)

  •   

    Anti-forensic resilient memory acquisition

    Johaness Stuerrgen, Michael Cohen

    Digital Investigation, vol. 10 (2013), S105-S115

  •    

    Authentication at Scale

    Eric Grosse, Mayank Upadhyay

    IEEE Security and Privacy, vol. 11 (2013), pp. 15-22

  •   

    CAMP: Content-Agnostic Malware Protection

    Moheeb Abu Rajab, Lucas Ballard, Noe Lutz, Panayiotis Mavrommatis, Niels Provos

    Network and Distributed Systems Security Symposium (NDSS), Network and Distributed Systems Security Symposium (NDSS), USA (2013)

  •    

    Cross Platform Network Access Control

    Paul (Tony) Watson

    RVASec 2013, RVASec 2013, RIchmond, VA

  •    

    Crowd-Sourced Call Identification and Suppression

    Daniel V. Klein, Dean K. Jackson

    Federal Trade Commission Robocall Challenge (2013)

  •   

    Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework

    Amit Vasudevan, Sagar Chaki, Limin Jia, Jonathan McCune, James Newsome, Anupam Datta

    IEEE Symposium on Security and Privacy (2013) (to appear)

  •    

    Distributed Electronic Rights in JavaScript

    Mark S. Miller, Tom Van Cutsem, Bill Tulloh

    ESOP'13 22nd European Symposium on Programming, Springer (2013) (to appear)

  •    

    Hunting in the Enterprise: Forensic Triage and Incident Response

    Andreas Moser, Michael Cohen

    Digital Investigation, vol. 10 (2013), pp. 89-98

  •    

    Identifying and Exploiting Windows Kernel Race Conditions via Memory Access Patterns

    Mateusz Jurczyk, Gynvael Coldwind

    Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns, The Symposium on Security for Asia Network, 102F Pasir Panjang Road, #08-02, Singapore 118530 (2013), pp. 69

  •    

    Making programs forget: Enforcing Lifetime for Sensitive Data

    Jayanthkumar Kannan, Gautam Altekar, Petros Maniatis, Byung-Gon Chun

    Proceedings of the 13th USENIX conference on Hot topics in operating systems, USENIX Association, Berkeley, CA, USA (2013)

  •    

    Rogue Femtocell Owners: How Mallory Can Monitor My Devices

    David Malone, Darren F Kavanagh, Niall Richard Murphy

    2013 Proceedings IEEE INFOCOM, IEEE, New Jersey, USA, pp. 3553-3558

  •    

    S-links: Why distributed security policy requires secure introduction

    Joseph Bonneau

    Web 2.0 Security & Privacy 2013, IEEE

  •    

    SAC062 - SSAC Advisory Concerning the Mitigation of Name Collision Risk

    Warren Kumari

    ICANN SSAC Reports and Advisories, ICANN (2013)

  •  

    Sok: The Evolution of Sybil Defense via Social Networks

    Lorenzo Alvisi, Allen Clement, Alessandro Epasto, Silvio Lattanzi, Alessandro Panconesi

    2013 IEEE Symposium on Security and Privacy, SP 2013

  •    

    Strato: A Retargetable Framework for Low-level Inlined Reference Monitors

    Bin Zeng, Gang Tan, Úlfar Erlingsson

    Proceedings of the 22nd USENIX Conference on Security, USENIX Association, Berkeley, CA, USA (2013), pp. 369-382

  •    

    The Dangers of Composing Anonymous Channels

    Emilia Kasper, George Danezis

    Information Hiding - 14th International Conference, IH 2012, Revised Selected Papers, Springer, Lecture notes in Computer Science (2013), pp. 191-206

  •    

    Trustworthy Proxies: Virtualizing Objects with Invariants

    Tom Van Cutsem, Mark S. Miller

    ECOOP 2013 (to appear)

  •    

    Verified Boot on Chrome OS and How to do it yourself

    Simon Glass

    Embedded Linux Conference Europe, Linux Foundation, 660 York Street, Suite 102, San Francisco, CA 94110, USA (2013)

  •    

    Verifying Cloud Services: Present and Future

    Sara Bouchenak, Gregory Chockler, Hana Chockler, Gabriela Gheorghe, Nuno Santos, Alexander Shraer

    Operating Systems Review (2013)

  •    

    A taste of Capsicum: practical capabilities for UNIX

    Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway

    Communications of the ACM, vol. 55(3) (2012), pp. 97-104

  •    

    Advisory on Impacts of Content Blocking via the Domain Name System

    Warren Kumari, Alain Aina, Jaap Akkerhuis, Don Blumenthal, KC Claffy, David Conrad, Patrik Fältström, James Galvin, Jason Livingood, Danny McPherson, Ram Mohan, Paul Vixie

    ICANN SSAC Reports and Advisories, ICANN (Internet Corporation for Assigned Names and Numbers) (2012)

  •  

    Browser Exploits as a Service: The Monetization of Driveby Downloads

    C. Grier, L. Ballard, J. Caballero, N. Chachra, C. Dietrich, K. Levchenko, P. Mavrommatis, D. McCoy, A. Nappa, A. Pitsillidis, N. Provos, Z. Rafique, M. Rajab, C. Rossow, K. Thomas, V. Paxson, S. Savage, G. Voelker

    Proceedings of 19th ACM Conference on Computer and Communications Security (2012)

  •    

    Cloud Data Protection for the Masses

    Dawn Song, Elaine Shi, Ian Fischer, Umesh Shankar

    Computer, vol. 45, no. 1 (2012), pp. 39-45

  •  

    Contextual OTP: Mitigating Emerging Man-in-the-Middle Attacks with Wireless Hardware Tokens

    Assaf Ben-David, Omer Berkman, Yossi Matias, Sarvar Patel, Cem Paya, Moti Yung

    Applied Cryptography and Network Security - 10th International Conference, ACNS 2012, Springer, pp. 30-47

  •   

    Enhanced multi-factor authentication

    Lantian Zheng

    Patent (2012)

  •   

    How well can congestion pricing neutralize denial of service attacks?

    Ashish Vulimiri, Gul A. Agha, Philip Brighten Godfrey, Karthik Lakshminarayanan

    Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems, ACM, New York, NY, USA (2012), pp. 137-150

  •    

    Let's Parse to Prevent Pwnage

    Mike Samuel, Úlfar Erlingsson

    USENIX workshop on Large-Scale Exploits and Emergent Threats, USENIX (2012)

  •    

    Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms

    Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, Adrian Perrig

    TRUST 2012, Lecture Notes in Computer Science, pp. 21

  •   

    Manufacturing Compromise: The Emergence of Exploit-as-a-Service

    Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker

    Proceedings of 19th ACM Conference on Computer and Communications Security (2012)

  •    

    Non-interactive CCA-Secure threshold cryptosystems with adaptive security: new framework and constructions

    Benoit Libert, Moti Yung

    Proceedings of the 9th international conference on Theory of Cryptography, Springer-Verlag, Berlin, Heidelberg (2012), pp. 75-93

  •    

    Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web

    Michael Dietz, Alexei Czeskis, Dirk Balfanz, Dan Wallach

    21st USENIX Security Symposium, The USENIX Association (2012), pp. 317-332

  •    

    RFC6583 - Operational Neighbor Discovery Problems

    Warren Kumari, Igor Gashinsky, Yahoo!, Joel Jaeggli, Zynga

    IETF RFCs, Internet Engineering Task Force (2012)

  •    

    Robust Trait Composition for JavaScript

    Tom Van Cutsem, Mark S. Miller

    Science of Computer Programming: Special Issue on Advances in Dynamic Languages (2012) (to appear)

  •   

    Scalable group signatures with revocation

    Benoit Libert, Thomas Peters, Moti Yung

    Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques, Springer-Verlag, Berlin, Heidelberg (2012), pp. 609-627

  •   

    Security and Testing

    Kurt Rosenfeld

    Introduction to Hardware Security and Trust, Springer (2012) (to appear)

  •    

    Vanity or Privacy? Social Media as a Facilitator of Privacy and Trust

    Jessica Staddon

    CSCW Workshop: Reconciling Privacy with Social Media (2012)

  •    

    Address space randomization for mobile devices

    Hristo Bojinov, Dan Boneh, Rich Cannings, Iliyan Malchev

    WiSec '11 - Proceedings of the fourth ACM conference on wireless network security, ACM, New York, NY (2011)

  •    

    App Isolation: Get the Security of Multiple Browsers with Just One

    Eric Y. Chen, Jason Bau, Charles Reis, Adam Barth, Collin Jackson

    18th ACM Conference on Computer and Communications Security, ACM (2011)

  •    

    Automated Analysis of Security-Critical JavaScript APIs

    Ankur Taly, Úlfar Erlingsson, John C. Mitchell, Mark S. Miller, Jasvir Nagra

    IEEE Symposium on Security & Privacy (SP), IEEE (2011)

  •    

    Digital Forensics with Open Source Tools

    Cory Altheide, Harlan Carvey

    Syngress (2011)

  •    

    Distributed forensics and incident response in the enterprise

    Michael Cohen, Darren Bilby, Germano Caronni

    Journal of Digital Investigation, vol. 8 (2011), S101-S110

  •    

    Fast Elliptic Curve Cryptography in OpenSSL

    Emilia Kasper

    Financial Cryptography and Data Security: FC 2011 Workshops, RLCPS and WECSR, Springer

  •    

    Hardware Trojan Detection Solutions and Design-for-Trust Challenges

    Kurt Rosenfeld

    IEEE Computer (2011), pp. 64-72

  •    

    Indirect Content Privacy Surveys: Measuring Privacy Without Asking About It

    Alex Braunstein, Laura Granka, Jessica Staddon

    Symposium on Usable Privacy and Security (SOUPS), ACM SIGCHI (2011)

  •    

    Public vs. Publicized: Content Use Trends and Privacy Expectations

    Jessica Staddon, Andrew Swerdlow

    6th USENIX Workshop on Hot Topics in Security (HotSec '11), USENIX (2011)

  •   

    Rootkits in your web application

    Artur Janc

    28C3: Chaos Communications Congress, Berlin, Germany (2011)

  •    

    Security Challenges During VLSI Test

    Kurt Rosenfeld

    Proceedings of 2011 IEEE NEWCAS Conference, IEEE

  •    

    Security-Aware SoC Test Access Mechanisms

    Kurt Rosenfeld

    Proceedings of the 2011 IEEE VLSI Test Symposium

  •    

    ShellOS: Enabling fast detection and forensic analysis of code injection attacks

    Kevin Snow, Srinivas Krishnan, Fabian Monrose, Niels Provos

    USENIX Security Symposium (2011)

  •  

    Third International Symposium on Engineering Secure Software and Systems, ESSoS 2011

    Úlfar Erlingsson, Roel Wieringa, Nicola Zannone, editors.

    Springer Verlag, Berlin / Heidelberg

  •    

    Transparency and Choice: Protecting Consumer Privacy in an Online World

    Alma Whitten, Sean Harvey, Ian Fette, Betsy Masiello, Jochen Eisinger, Jane Horvath

    W3C Workshop on Web Tracking and User Privacy, W3C (2011), pp. 3

  •    

    Automata Evaluation and Text Search Protocols with Simulation Based Security

    Carmit Hazay, Rosario Gennaro, Jeffrey Sorensen

    Google, Inc. (2010)

  •    

    Dagstuhl Seminar 09141: Web Application Security (Abstracts collection)

    Dan Boneh, Úlfar Erlingsson, Martin Johns, Benjamin Livshits

    Dagstuhl Seminar Proceedings, Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany, Dagstuhl, Germany (2010)

  •   

    Drac: An Architecture for Anonymous Low-Volume Communications

    George Danezis, Claudia Diaz, Carmela Troncosco, Ben Laurie

    PETS 2010 (to appear)

  •  

    Engineering Privacy in an Age of Information Abundance

    Betsy Masiello, Alma Whitten

    Intelligent Privacy Management Symposium (2010)

  •   

    Group Message Authentication

    Bartosz Przydatek, Douglas Wikström

    Security and Cryptography for Networks, SCN 2010, Springer Verlag, pp. 399-417

  •   

    Improving users' security choices on home wireless networks

    Justin T. Ho, David Dearman, Khai N. Truong

    Proceedings of the Sixth Symposium on Usable Privacy and Security, ACM, New York, NY, USA (2010), 12:1-12:12

  •    

    Large-Scale Automatic Classification of Phishing Pages

    Colin Whittaker, Brian Ryner, Marria Nazif

    NDSS '10 (2010)

  •    

    Making Privacy a Fundamental Component of Web Resources

    Thomas Duebendorfer, Christoph Renner, Tyrone Grandison, Michael Maximilien, Mark Weitzel

    W3C Workshop on Privacy for Advanced Web APIs, W3C (2010), pp. 5

  •    

    Practical Privacy Concerns in a Real World Browser

    Ian Fette, Jochen Eisinger

    W3C Workshop on Privacy for Advanced Web APIs, W3C (2010), pp. 4

  •    

    Protecting Browsers from Extension Vulnerabilities

    Adam Barth, Adrienne Porter Felt, Prateek Saxena, Aaron Boodman

    Network and Distributed System Security Symposium (2010)

  •    

    PseudoID: Enhancing Privacy in Federated Login

    Arkajit Dey, Stephen Weis

    Hot Topics in Privacy Enhancing Technologies (2010), pp. 95-107

  •    

    Public-Key Encryption in the Bounded-Retrieval Model

    Joel Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs

    Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30 - June 3, 2010. Proceedings, Springer, pp. 113-134

  •    

    Technology Companies are Best Positioned to Offer Health Record Trusts

    Shirley Gaw, Umesh Shankar

    HealthSec '10 Position Paper (2010)

  •    

    The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution

    Moheeb Abu Rajab, Lucas Ballard, Panayiotis Marvrommatis, Niels Provos, Xin Zhao

    Large-Scale Exploits and Emergent Threats, USENIX (2010)

  •    

    Trustworthy Hardware: Identifying and Classifying Hardware Trojans

    Kurt Rosenfeld

    IEEE Design and Test of Computers (2010), pp. 39-46

  •    

    Universally optimal privacy mechanisms for minimax agents

    Mangesh Gupte, Mukund Sundararajan

    Proc. ACM SIGMOD, ACM, Indianapolis, Indiana (2010), pp. 135-146

  •    

    Using the Wave Protocol to Represent Individuals’ Health Records

    Shirley Gaw, Umesh Shankar

    HealthSec '10 Position Paper (2010)

  •   

    Web Application Obfuscation

    Eduardo Alberto Vela Nava

    Syngress (2010), pp. 282

  •   

    A New Randomness Extraction Paradigm for Hybrid Encryption

    Eike Kiltz, Krzysztof Pietrzak, Martijn Stam, Moti Yung

    EUROCRYPT '09: Proceedings of the 28th Annual International Conference on Advances in Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 590-609

  •   

    A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks

    François-Xavier Standaert, Tal G. Malkin, Moti Yung

    EUROCRYPT '09: Proceedings of the 28th Annual International Conference on Advances in Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 443-461

  •    

    Balancing Usability and Security in a Video CAPTCHA

    Kurt Alfred Kluever, Richard Zanibbi

    Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09), ACM Press (2009)

  •   

    Browser Security: Lessons from Google Chrome

    Charles Reis, Adam Barth, Carlos Pizano

    ACM Queue, vol. 7, no. 5 (2009), pp. 3

  •    

    Capacity of Steganographic Channels

    Jeremiah Harmsen, William Pearlman

    IEEE Transactions on Information Theory, vol. 55 (2009), pp. 1775-1792

  •   

    Composability and On-Line Deniability of Authentication

    Yevgeniy Dodis, Jonathan Katz, Adam Smith, Shabsi Walfish

    Springer, pp. 146-162

  •   

    Constructing Variable-Length PRPs and SPRPs from Fixed-Length PRPs

    Debra L. Cook, Moti Yung, Angelos Keromytis

    Information Security and Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 157-180

  •    

    E Unum Pluribus - Google Network Filtering Management

    Paul (Tony) Watson, Peter Moody

    LISA'09 23rd Large Installation System Administration Conference (2009)

  •   

    Efficient Robust Private Set Intersection

    Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung

    ACNS '09: Proceedings of the 7th International Conference on Applied Cryptography and Network Security, Springer-Verlag, Berlin, Heidelberg (2009), pp. 125-142

  •   

    Efficient Traceable Signatures in the Standard Model

    Benoît Libert, Moti Yung

    Pairing '09: Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography, Springer-Verlag, Berlin, Heidelberg (2009), pp. 187-205

  •   

    Efficient and secure authenticated key exchange using weak passwords

    Jonathan Katz, Rafail Ostrovsky, Moti Yung

    J. ACM, vol. 57 (2009), pp. 1-39

  •   

    Elastic block ciphers: method, security and instantiations

    Debra L. Cook, Moti Yung, Angelos D. Keromytis

    Int. J. Inf. Secur., vol. 8 (2009), pp. 211-231

  •   

    Expecting the Unexpected: Towards Robust Credential Infrastructure

    Shouhuai Xu, Moti Yung

    Financial Cryptography and Data Security, Springer-Verlag, Berlin, Heidelberg (2009), pp. 201-221

  •   

    Firefox (In)Security Update Dynamics Exposed

    Stefan Frei, Thomas Duebendorfer, Bernhard Plattner

    ACM Sigcomm Comput. Commun. Rev., vol. 39 Issue 1 (2009), pp. 16-22

  •  

    Generative usability: security and user centered design beyond the appliance

    Luke Church, Alma Whitten

    New Security Paradigms Workshop (2009)

  •   

    Key Evolution Systems in Untrusted Update Environments

    Benoît Libert, Jean-Jacques Quisquater, Moti Yung

    Information Security and Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 12-21

  •   

    MAC Reforgeability

    John Black, Martin Cochran

    Fast Software Encryption, Springer (2009), pp. 345-362

  •   

    On the Portability of Generalized Schnorr Proofs

    Jan Camenisch, Aggelos Kiayias, Moti Yung

    EUROCRYPT '09: Proceedings of the 28th Annual International Conference on Advances in Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 425-442

  •   

    Plinko: polling with a physical implementation of a noisy channel

    Chris Alexander, Joel Reardon, Ian Goldberg

    WPES '09: Proceedings of the 8th ACM workshop on Privacy in the electronic society, ACM, New York, NY, USA (2009), pp. 109-112

  •   

    Privacy-Preserving Information Markets for Computing Statistical Data

    Aggelos Kiayias, Bülent Yener, Moti Yung

    Financial Cryptography and Data Security, Springer-Verlag, Berlin, Heidelberg (2009), pp. 32-50

  •   

    Privacy-preserving indexing of documents on the network

    Mayank Bawa, Roberto J. Bayardo, Rakesh Agrawal, Jaideep Vaidya

    The VLDB Journal, vol. 18 (2009), pp. 837-856

  •   

    Redirects to login pages are bad, or are they?

    Eric Sachs

    SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security, ACM, New York, NY, USA (2009), pp. 1-1

  •   

    Secure EPC Gen2 Compliant Radio Frequency Identification

    Mike Burmester, Breno Medeiros, Jorge Munilla, Alberto Peinado

    ADHOC-NOW '09: Proceedings of the 8th International Conference on Ad-Hoc, Mobile and Wireless Networks, Springer-Verlag, Berlin, Heidelberg (2009), pp. 227-240

  •   

    Secure Function Collection with Sublinear Storage

    Maged H. Ibrahim, Aggelos Kiayias, Moti Yung, Hong-Sheng Zhou

    ICALP '09: Proceedings of the 36th Internatilonal Collogquium on Automata, Languages and Programming, Springer-Verlag, Berlin, Heidelberg (2009), pp. 534-545

  •    

    The Goals and Challenges of Click Fraud Penetration Testing Systems

    Carmelo Kintana, David Turner, Jia-Yu Pan, Ahmed Metwally, Neil Daswani, Erika Chin, Andrew Bortz

    International Symposium on Software Reliability Engineering, International Symposium on Software Reliability Engineering (2009)

  •   

    The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure

    Seung Geol Choi, Javier Herranz, Dennis Hofheinz, Jung Yeon Hwang, Eike Kiltz, Dong Hoon Lee, Moti Yung

    Inf. Process. Lett., vol. 109 (2009), pp. 897-901

  •    

    Why Silent Updates Boost Security

    Thomas Duebendorfer, Stefan Frei

    ETH Zurich (2009), pp. 1-9

  •   

    xBook: Redesigning Privacy Control in Social Networking Platforms

    Kapil Singh, Sumeer Bhola, Wenke Lee

    18th Usenix Security Symposium, Usenix (2009)

  •   

    (Under)mining Privacy in Social Networks

    Monica Chew, Dirk Balfanz, Ben Laurie

    W2SP 2008: Web 2.0 Security and Privacy 2008

  •   

    A block cipher based pseudo random number generator secure against side-channel key recovery

    Christophe Petit, François-Xavier Standaert, Olivier Pereira, Tal G. Malkin, Moti Yung

    ASIACCS '08: Proceedings of the 2008 ACM symposium on Information, computer and communications security, ACM, New York, NY, USA, pp. 56-65

  •   

    Access Control

    Ben Laurie

    Google, Inc. (2008)

  •  

    All Your iFrames Point to Us

    Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab, Fabian Monrose

    17th USENIX Security Symposium (2008)

  •   

    Anonymous RFID authentication supporting constant cost key lookup against active adversaries

    M. Burmester, B. De Medeiros, R. Motta

    Int. J. Appl. Cryptol., vol. 1 (2008), pp. 79-90

  •   

    Asynchronous Multi-Party Computation with Quadratic Communication

    Martin Hirt, Jesper Buus Nielsen, Bartosz Przydatek

    International Colloquium on Automata, Languages and Programming, ICALP 2008, Springer Verlag, pp. 473-485

  •  

    Choose the Red Pill and the Blue Pill

    Ben Laurie, Abe Singer

    New Security Paradigms Workshop 2008

  •    

    Competition and Fraud in Online Advertising Markets

    Bob Mungamuru, Stephen A. Weis

    Financial Cryptography (2008)

  •    

    Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority

    David Dagon, Chris Lee, Wenke Lee, Niels Provos

    Proc. 15th Network and Distributed System Security Symposium (NDSS), Internet Society, San Diego, CA (2008)

  •    

    Distributed divide-and-conquer techniques for effective DDoS attack defenses

    Muthuprasanna Muthusrinivasan, Manimaran Govindarasu

    IEEE International Conference on Distributed Computing Systems (ICDCS) (2008)

  •   

    Does Physical Security of Cryptographic Devices Need a Formal Study? (Invited Talk)

    François-Xavier Standaert, Tal G. Malkin, Moti Yung

    ICITS '08: Proceedings of the 3rd international conference on Information Theoretic Security, Springer-Verlag, Berlin, Heidelberg (2008), pp. 70-70

  •   

    Efficient Constructions of Composable Commitments and Zero-Knowledge Proofs

    Yevgeniy Dodis, Victor Shoup, Shabsi Walfish

    Proceedings of Advances in Cryptology - CRYPTO 2008, 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008, pp. 515-535

  •   

    Error-Tolerant Combiners for Oblivious Primitives

    Bartosz Przydatek, Jürg Wullschleger

    International Colloquium on Automata, Languages and Programming, ICALP 2008, Springer Verlag, pp. 461-472

  •   

    Fair Traceable Multi-Group Signatures

    Vicente Benjumea, Seung Geol Choi, Javier Lopez, Moti Yung

    Financial Cryptography, Springer-Verlag, Berlin, Heidelberg (2008), pp. 231-246

  •   

    Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware

    Michalis Polychronakis, Panayiotis Mavrommatis, Niels Provos

    Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2008)

  •   

    Insecure Context Switching: Innoculating regular expressions for survivability

    Will Drewry, Tavis Ormandy

    2nd USENIX Workshop on Offensive Technologies (WOOT '08) (2008)

  •   

    Methods for Linear and Differential Cryptanalysis of Elastic Block Ciphers

    Debra L. Cook, Moti Yung, Angelos D. Keromytis

    ACISP '08: Proceedings of the 13th Australasian conference on Information Security and Privacy, Springer-Verlag, Berlin, Heidelberg (2008), pp. 187-202

  •   

    On the Evolution of User Authentication: Non-bilateral Factors

    Moti Yung

    Information Security and Cryptology, Third SKLOIS Conference, Inscrypt 2007, Springer-Verlag, Berlin, Heidelberg (2008), pp. 5-10

  •  

    Peeking Through the Cloud

    Moheeb Abu Rajab, Fabian Monrose, Andreas Terzis, Niels Provos

    6th Conference on Applied Cryptography and Network Security (2008)

  •   

    Plan 9 Authentication in Linux

    Ashwin Ganti

    ACM SIGOPS OSR special issue on Research and Developments in the Linux Kernel, vol. 42, Issue 5 (July 2008) (2008)

  •    

    Please Permit Me: Stateless Delegated Authorization in Mashups

    Ragib Hasan, Marianne Winslett, Richard Conlan, Brian Slesinsky, Nandakumar Ramani

    Proceedings of the Annual Computer Security Applications Conference, IEEE Press, Anaheim, CA (2008), pp. 173-182

  •   

    Privacy Preserving Data Mining within Anonymous Credential Systems

    Aggelos Kiayias, Shouhuai Xu, Moti Yung

    SCN '08: Proceedings of the 6th international conference on Security and Cryptography for Networks, Springer-Verlag, Berlin, Heidelberg (2008), pp. 57-76

  •   

    Provably Secure Grouping-Proofs for RFID Tags

    Mike Burmester, Breno Medeiros, Rossana Motta

    CARDIS '08: Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications, Springer-Verlag, Berlin, Heidelberg (2008), pp. 176-190

  •   

    Public-key traitor tracing from efficient decoding and unbounded enrollment: extended abstract

    Aggelos Kiayias, Moti Yung

    DRM '08: Proceedings of the 8th ACM workshop on Digital rights management, ACM, New York, NY, USA (2008), pp. 9-18

  •   

    Real Electronic Cash Versus Academic Electronic Cash Versus Paper Cash (Panel Report)

    Jon Callas, Yvo Desmedt, Daniel Nagy, Akira Otsuka, Jean-Jacques Quisquater, Moti Yung

    Financial Cryptography and Data Security, Springer-Verlag, Berlin, Heidelberg (2008), pp. 307-313

  •   

    Securing Nonintrusive Web Encryption through Information Flow

    Lantian Zheng, Andrew C. Myers

    Proceedings of the 2008 workshop on programming languages and analysis for security

  •   

    Security aspects of the Authentication used in Quantum Cryptography

    Jörgen Cederlöf, Jan-Åke Larsson

    IEEE Transactions on Information Theory, vol. 54 (2008), pp. 1735-1741

  •  

    To Catch a Predator: A Natural Language Approach for Eliciting Protocol Interaction

    Sam Small, Joshua Mason, Fabian Monrose, Niels Provos, Adam Stubblefield

    17th USENIX Security Symposium (2008)

  •   

    Understanding the Web browser threat

    Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May

    ETH Zurich

  •    

    Video CAPTCHAs: Usability vs. Security

    Kurt Alfred Kluever, Richard Zanibbi

    Proceedings of the IEEE Western New York Image Processing Workshop (WNYIP '08), IEEE Press (2008)

  •   

    A Framework for Detection and Measurement of Phishing Attacks

    Sujata Garera, Niels Provos, Monica Chew, Aviel D. Rubin

    WORM'07, ACM, Alexandria, VA (2007)

  •   

    An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments

    Tavis Ormandy

    CanSecWest 2007

  •  

    Byzantine Attacks on Anonymity Systems

    Nikita Borisov, George Danezis, Parisa Tabriz

    Digital Privacy: Theory, Technologies, and Practices (2007)

  •  

    Cyberassault on Estonia

    Marc Donner

    IEEE Security and Privacy, vol. 5, no. 4 (2007), pp. 4

  •   

    Defining Strong Privacy for RFID

    Ari Juels, Stephen A. Weis

    Proc. 5th International Conf. on Pervasive Computing and Communications Workshops, IEEE (2007), pp. 342-347

  •    

    Delegating Responsibility in Digital Systems: Horton's

    Mark S. Miller, Jed Donnelley, Alan H. Karp

    2nd USENIX Workshop on Hot Topics in Security, USENIX (2007), pp. 5

  •   

    Denial of Service or Denial of Security? How Attacks can Compromize Anonymity

    Nikita Borisov, George Danezis, Prateek Mittal, Parisa Tabriz

    Conference on Computer and Communications Security, ACM, Alexandria, VA (2007)

  •   

    Dynamic Pharming Attacks and Locked Same-Origin Policies for Web Browsers

    Chris Karlof, Umesh Shankar, J. D. Tygar, David Wagner

    Conference on Computer and Communications Security, ACM, Alexandria, VA (2007)

  •   

    Flayer: Exposing Application Internals

    Will Drewry, Tavis Ormandy

    First USENIX Workshop on Offensive Technologies (WOOT '07), Online Proceedings, http://www.usenix.org/events/woot07/tech/ (2007)

  •   

    Foundations of Security: What Every Programmer Needs to Know

    Neil Daswani, Christoph Kern, Anita Kesavan

    APress, New York (2007)

  •   

    Memsherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities

    Emre C. Sezer, Peng Ning, ChongKyung Kil, Jun Xu

    Conference on Computer and Communication Security, ACM, Alexandria, VA (2007)

  •   

    Provable Data Possession at Untrusted Stores

    Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, Dawn Song

    Conference on Computer and Communications Security, ACM, Alexandria, VA (2007)

  •    

    Selective Disclosure

    Ben Laurie

    Ben Laurie (2007)

  •   

    The Ghost In The Browser: Analysis of Web-based Malware

    Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, Nagendra Modadugu

    First Workshop on Hot Topics in Understanding Botnets (HotBots '07), Online Proceedings, http://www.usenix.org/events/hotbots07/tech/ (2007)

  •   

    Tradeoffs in Retrofitting Security: An Experience Report

    Mark S. Miller

    Dynamic Languages Symposium, ACM (2007)

  •   

    Virtual Honeypots: From Botnet Tracking to Intrusion Detection

    Niels Provos, Thorsten Holz

    Addison Wesley (2007)

  •   

    A Method for Making Password-Based Key Exchange Resilient to Server Compromise

    Craig Gentry, Philip MacKenzie, Zulfikar Ramzan

    Advances in Cryptology - CRYPTO 2006, Springer, pp. 142-159

  •   

    Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection

    Martin Casado, Aditya Akella, Pei Cao, Niels Provos, Scott Shenker

    In Proceedings of Steps To Reduce Unwated Traffic From The Internet (2006)

  •  

    Flow-Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks

    Martin Casado, Pei Cao, Aditya Akella, Niels Provos

    Proceedings of the IEEE Workshop on QoS (2006)

  •   

    Language Modeling and Encryption on Packet Switched Networks

    Kevin S. McCurley

    Advances in Cryptology: Proc. Eurocrypt 2006, Springer, St. Petersburg, pp. 359-372

  •   

    Limits to Anti Phishing

    Jeff Nelson, David Jeske

    Proceedings of the W3c Security and Usability Workshop (2006), pp. 5

  •  

    Packet vaccine: black-box exploit detection and signature generation

    XiaoFeng Wang, Zhuowei Li, Jun Xu, Michael K. Reiter, Chongkyung Kil, Jong Youl Choi

    Proc. 13th ACM Conference on Computer and Communications Security, ACM, Alexandria, VA (2006), pp. 37-46

  •   

    Privacy-Enhancing Technologies

    Stephen A. Weis

    IEEE Security and Privacy, vol. 4 (2006), pp. 59

  •  

    Resource Fairness and Composability of Cryptographic Protocols

    Juan Garay, Philip MacKenzie, Manoj Prabhakaran, Ke Yang

    Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Springer, pp. 404-428

  •    

    Search Worms

    Niels Provos, Joe McClain, Ke Wang

    WORM '06: Proceedings of the 4th ACM workshop on Recurring malcode, ACM Press, Alexandria, Virginia, USA (2006), pp. 1-8

  •   

    A Virtual Honeypot Framework

    Niels Provos

    USENIX Security Symposium (2004), pp. 1-14

  •  

    Cygnus - An Approach for Large Scale Network Security Monitoring

    Paul (Tony) Watson

    Syscan 2004, Singapore

  •   

    Improving Host Security with System Call Policies

    Niels Provos

    12th USENIX Security Symposium (2003)

  •   

    Preventing Privilege Escalation

    Niels Provos, Markus Friedl, Peter Honeyman

    12th USENIX Security Symposium (2003)

  •  

    Defending Against Statistical Steganalysis

    Niels Provos

    10th USENIX Security Symposium (2001)

  •  

    Encrypting Virtual Memory

    Niels Provos

    9th USENIX Security Symposium (2000)

  •   

    A Future-Adaptable Password Scheme

    Niels Provos, David Mazi{\`e}res

    USENIX Annual Technical Conference, FREENIX Track (1999)

  •   

    Cryptography in OpenBSD: An Overview

    Theo de Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, Niels Provos

    USENIX Annual Technical Conference, FREENIX Track (1999)