Security, Privacy and Abuse Prevention
The Internet and the World Wide Web have brought many changes that provide huge benefits, in particular by giving people easy access to information that was previously unavailable, or simply hard to find. Unfortunately, these changes have raised many new challenges in the security of computer systems and the protection of information against unauthorized access and abusive usage. At Google, our primary focus is the user, and his/her safety. We have people working on nearly every aspect of security, privacy, and anti-abuse including access control and information security, networking, operating systems, language design, cryptography, fraud detection and prevention, spam and abuse detection, denial of service, anonymity, privacy-preserving systems, disclosure controls, as well as user interfaces and other human-centered aspects of security and privacy. Our security and privacy efforts cover a broad range of systems including, mobile, cloud, distributed, sensors and embedded systems, and large-scale machine learning.
289 Publications
-
An Experience Sampling Study of User Reactions to Browser Warnings in the Field
Rob Reeder, Adrienne Porter Felt, Sunny Consolvo, Nathan Malkin, Chris Thompson, Serge Egelman
CHI (2018) (to appear)
-
Learning Differentially Private Recurrent Language Models
Brendan McMahan, Daniel Ramage, Kunal Talwar, Li Zhang
International Conference on Learning Representations (ICLR) (2018)
-
Scalable Private Learning with PATE
Nicolas Papernot, Shuang Song, Ilya Mironov, Ananth Raghunathan, Kunal Talwar, Úlfar Erlingsson
ICLR 2018 (2018) (to appear)
-
The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets
Nicholas Carlini, Chang Liu, Jernej Kos, Úlfar Erlingsson, Dawn Song
ArXiv e-prints, vol. 1802.08232 (2018)
-
Tracking Ransomware End-to-end
Danny Y. Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Kylie McRoberts, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Alex C. Snoeren, Damon McCoy
Security & Privacy 2018 (2018)
-
152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users
Robert W. Reeder, Iulia Ion, Sunny Consolvo
IEEE Security and Privacy (2017)
-
Kevin Huguenin, Igor Bilogrevic, Joana Soares Machado, Stefan Mihaila, Reza Shokri, Italo Dacosta, Jean-Pierre Hubaux
IEEE Transactions on Mobile Computing (2017)
-
A Vendor-Agnostic Root of Trust for Measurement
Google Inc. (2017)
-
AES-VCM, AN AES-GCM CONSTRUCTION USING AN INTEGER-BASED UNIVERSAL HASH FUNCTION
Ed Knapp
(2017)
-
BeyondCorp: The User Experience
Victor Manuel Escobedo, Filip Zyzniewski, Betsy (Adrienne Elizabeth) Beyer, Max Saltonstall
Login, vol. tbd (2017), tbd
-
Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß, Eduardo Vela Nava, Martin Johns
ACM CCS (2017)
-
Cyber, Nano, and AGI Risks: Decentralized Approaches to Reducing Risks
Allison Duettmann, Christine Peterson, Mark S. Miller
The First Colloquium On Catastrophic And Existential Risk (2017)
-
Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Kurt Thomas, Frank Li, Ali Zand, Jacob Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Daniel Margolis, Vern Paxson, Elie Bursztein
(2017)
-
Exploring decision making with Android's runtime permission dialogs using in-context surveys
Bram Bonné, Sai Teja Peddinti, Igor Bilogrevic, Nina Taft
Thirteenth Symposium on Usable Privacy and Security (SOUPS), Usenix (2017)
-
Glimmers: Resolving the Privacy/Trust Quagmire
David Lie, Petros Maniatis
ACM Hot Topics in Operating Systems (HotOS), ACM SIGOPS, Whistler, British Columbia, Canada (2017)
-
Hiding Images in Plain Sight: Deep Steganography
Neural Information Processing Systems, NIPS (2017)
-
Measuring HTTPS adoption on the web
Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, Parisa Tabriz
USENIX Security (2017)
-
Migrating to BeyondCorp: Maintaining Productivity While Improving Security
Betsy (Adrienne Elizabeth) Beyer, Colin McCormick Beske, Jeff Peck, Max Saltonstall
Login, vol. Summer 2017, VOl 42, No 2 (2017)
-
On the Protection of Private Information in Machine Learning Systems: Two Recent Approaches
Martín Abadi, Úlfar Erlingsson, Ian Goodfellow, H. Brendan McMahan, Nicolas Papernot, Ilya Mironov, Kunal Talwar, Li Zhang
IEEE 30th Computer Security Foundations Symposium (CSF), IEEE (2017), pp. 1-6
-
Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers
Thurston H.Y. Dang, Petros Maniatis, David Wagner
USENIX Security, USENIX, Vancouver, BC, Canada (2017) (to appear)
-
Pinning Down Abuse on Google Maps
Danny Y. Huang, Doug Grundman, Kurt Thomas, Abhishek Kumar, Elie Bursztein, Kirill Levchenko, Alex C. Snoeren
Proceedings of the International Conference on World Wide Web (WWW) (2017)
-
Practical Cryptanalysis of Json Web Token and Galois Counter Mode's Implementations
Real World Crypto Conference 2017, http://www.realworldcrypto.com/rwc2017
-
Privacy Requirements: Present & Future
Pauline Anthonysamy, Awais Rashid, Ruzanna Chitchyan
39th International Conference on Software Engineering (2017)
-
Privacy and security experiences and practices of survivors of intimate partner abuse
Anna Turner, Cori Manthorne, Elizabeth Churchill, Jill Palzkill Woelfer, Katie O'Leary, Manya Sleeper, Martin Shelton, Sunny Consolvo, Tara Matthews
IEEE Security & Privacy Magazine (2017)
-
RFC 8110 - Opportunistic Wireless Encryption
Dan Harkins, Warren Kumari
IETF (2017)
-
RFC 8145 - Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC)
Duane Wessels, Verisign, Warren Kumari, Google, Paul Hoffman, ICANN
Internet Engineering Task Force (IETF), IETF (2017)
-
RFC 8198 - Aggressive Use of DNSSEC-Validated Cache
Kazunori Fujiwara, Akira Kato, Warren Kumari
Internet Engineering Task Force (IETF) (2017)
-
30th IEEE Computer Security Foundations Symposium (CSF), pp. 263-275
-
Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data
Nicolas Papernot, Martín Abadi, Úlfar Erlingsson, Ian Goodfellow, Kunal Talwar
Proceedings of the International Conference on Learning Representations (2017)
-
Stories from survivors: Privacy & security practices when coping with intimate partner abuse
Tara Matthews, Kathleen O’Leary, Anna Turner, Manya Sleeper, Jill Palzkill Woelfer, Martin Shelton, Cori Manthorne, Elizabeth F. Churchill, Sunny Consolvo
CHI '17 Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, ACM, New York, NY, USA (2017), pp. 2189-2201
-
The Anatomy of Smartphone Unlocking - Why and How Android Users Around the World Lock their Phones
Nathan Malkin, Marian Harbach, Alexander De Luca, Serge Egelman
GetMobile: Mobile Comp. and Comm., vol. 20 (2017), pp. 42-46
-
The Applied Pi Calculus: Mobile Values, New Names, and Secure Communication
Martin Abadi, Bruno Blanchet, Cedric Fournet
JACM (2017) (to appear)
-
The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game
Sylvain Frey, Awais Rashid, Pauline Anthonysamy, Maria Pinto-Albuquerque, Asad Syed
IEEE Transactions on Software Engineering, vol. Issue: 99 (2017)
-
Understanding the Mirai Botnet
Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou
Proceedings of the 26th USENIX Security Symposium (2017)
-
Where the Wild Warnings Are: Root Causes of Chrome Certificate Errors
Mustafa Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz
Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security (2017)
-
Igor Bilogrevic, Martin Ortlieb
ACM CHI (2016)
-
A Week to Remember: The Impact of Browser Warning Storage Policies
Joel Weinberger, Adrienne Porter Felt
SOUPS 2016
-
Abstract Data Types in Object-Capability Systems
James Noble, Sophia Drossopoulou, Mark S. Miller, Toby Murray, Alex Potanin
ECOOP 2016 (2016)
-
Batz Spear, Betsy (Adrienne Elizabeth) Beyer, Luca Cittadini, Max Saltonstall
Login (2016)
-
BeyondCorp: Design to Deployment at Google
Barclay Osborn, Justin McWilliams, Betsy Beyer, Max Saltonstall
;login:, vol. 41 (2016), pp. 28-34
-
Giulia Fanti, Vasyl Pihur, Úlfar Erlingsson
Proceedings on Privacy Enhancing Technologies (PoPETS), vol. issue 3, 2016 (2016)
-
Lukas Weichselbaum, Michele Spagnuolo, Sebastian Lekies, Artur Janc
Proceedings of the 23rd ACM Conference on Computer and Communications Security, ACM, Vienna, Austria (2016)
-
Cloak of Visibility: Detecting When Machines Browse a Different Web
Luca Invernizzi, Kurt Thomas, Alexandros Kapravelos, Oxana Comanescu, Jean-Michel Picod, Elie Bursztein
Proceedings of the 37th IEEE Symposium on Security and Privacy (2016)
-
Content Sniffing with Comma Chameleon
Gábor Molnár, Krzysztof Kotowicz
PoC||GTFO, vol. 12 (2016)
-
DROWN: Breaking TLS using SSLv2
Christoph Paar, David Adrian, Emilia Kasper, J. Alex Halderman, Jens Steube, Juraj Somorovsky, Luke Valenta, Maik Dankel, Nadia Heninger, Nimrod Aviram, Sebastian Schinzel, Shaanan Cohney, Susanne Engels, Viktor Dukhovni, Yuval Shavitt
25th USENIX Security Symposium (2016)
-
Data-driven software security: Models and methods
IEEE Computer Security Foundations Symposium (2016)
-
Deep Learning with Differential Privacy
Martin Abadi, Andy Chu, Ian Goodfellow, Brendan McMahan, Ilya Mironov, Kunal Talwar, Li Zhang
23rd ACM Conference on Computer and Communications Security (ACM CCS) (2016), pp. 308-318
-
Discrete Distribution Estimation under Local Privacy
Peter Kairouz, Keith Bonawitz, Daniel Ramage
ICML (2016)
-
Distributed Authorization in Vanadium
Ankur Taly, Asim Shankar
Foundations of Security Analysis and Design VIII, Springer-Verlag (2016)
-
Ephemeral Identifiers: Mitigating Tracking & Spoofing Threats to BLE Beacons
Avinatan Hassidim, Yossi Matias, Moti Yung, Alon Ziv
Google (2016)
-
Expert and Non-Expert Attitudes towards (Secure) Instant Messaging
Alexander De Luca, Sauvik Das, Martin Ortlieb, Iulia Ion, Ben Laurie
Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), USENIX Association, Denver, CO, pp. 147-157
-
Fast keyed hash/pseudo-random function using SIMD multiply and permute
Jyrki Alakuijala, Bill Cox, Jan Wassenberg
Google Research (2016)
-
Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE
Joppe Bos, Craig Costello, Léo Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan, Douglas Stebila
23rd ACM Conference on Computer and Communications Security (ACM CCS) (2016) (to appear)
-
H. Halawa, K. Beznosov, Y. Boshmaf, B. Coskun, E. Santos-Neto, M. Ripeanu
New Security Paradigms Workshop (NSPW) 2016, ACM, http://www.nspw.org/2016 (to appear)
-
Inferring semantic mapping between policies and code: the clue is in the language
Pauline Anthonysamy, Matthew Edwards, Chris Weichel, Awais Rashid
International Symposium on Engineering Secure Software and Systems, Springer (2016)
-
Intuitions, analytics, and killing ants: Inference literacy of high school-educated adults in the US
Jeff Warshaw, Nina Taft, Allison Woodruff
SOUPS 2016
-
Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software
Kurt Thomas, Juan Antonio Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-André (MAD) Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panos Mavrommatis, Niels Provos, Elie Bursztein, Damon McCoy
Proceedings of the USENIX Security Symposium (2016)
-
Keep on Lockin' in the Free World: A Multi-National Comparison of Smartphone Locking
Marian Harbach, Alexander De Luca, Nathan Malkin, Serge Egelman
Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI'16), ACM, New York, NY, USA (2016) (to appear)
-
Learning to Protect Communications with Adversarial Neural Cryptography
Martín Abadi, David G. Andersen
arXiv (2016)
-
Permission and Authority Revisited: towards a formalization
Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray
Workshop on Formal Techniques for Java-like Programs, ACM (2016)
-
Picasso: Lightweight Device Class Fingerprinting for Web Clients
Elie Bursztein, Artem Malyshey, Tadek Pietraszek, Kurt Thomas
Workshop on Security and Privacy in Smartphones and Mobile Devices (2016)
-
Practical Secure Aggregation for Federated Learning on User-Held Data
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth
NIPS Workshop on Private Multi-Party Machine Learning (2016)
-
Privacy Mediators: Helping IoT Cross the Chasm
Nigel Davies, Nina Taft, Mahadev Satyanarayanan, Sarah Clinch, Brandon Amos
Hot Topics in Mobile Computing (Hot Mobile), ACM (2016)
-
Private Service Discovery and Mutual Authentication for the Internet of Things
Ankur Taly, Asim Shankar, Dan Boneh, David Wu
European Symposium on Research in Computer Security (ESORICS), Spinger-Verlag (2016), pp. 301-319
-
Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension
Frank Li, Grant Ho, Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, Elie Bursztein, Vern Paxson
International World Wide Web Conference (2016)
-
Rethinking Connection Security Indicators
Adrienne Porter Felt, Robert W Reeder, Alex Ainslie, Helen Harris, Max Walker, Chris Thompson, Mustafa Acer, Elisabeth Morant, Sunny Consolvo
SOUPS (2016)
-
SAC073 - SSAC Comments on Root Zone Key Signing Key Rollover Plan
Warren Kumari, Patrik Fältström
ICANN Security and Stability Advisory Committee (SSAC) Reports and Advisories, ICANN (2016), pp. 41
-
Security Keys: Practical Cryptographic Second Factors for the Modern Web
Juan Lang, Alexei Czeskis, Dirk Balfanz, Marius Schilder
Financial Cryptography (2016)
-
The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges
Kurt Thomas, Rony Amira, Adi Ben-Yoash, Ori Folger, Amir Hardon, Ari Berger, Elie Bursztein, Michael Bailey
Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (2016)
-
The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens
Marian Harbach, Alexander De Luca, Serge Egelman
Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI'16), ACM, New York, NY, USA (2016) (to appear)
-
The Rowhammer Attack Injection Methodology
In Proceedings of the IEEE Symposium on Reliable Distributed Systems (SRDS) (2016), pp. 1-10
-
Users Really Do Plug in USB Drives They Find
Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, Michael Bailey
Security and Privacy, IEEE (2016)
-
What Mobile Ads Know About Mobile Users
Daehyeok Kim, Sooel Son, Vitaly Shmatikov
NDSS 2016
-
Amit Vasudevan, Sagar Chaki, Petros Maniatis, Limin Jia, Anupam Datta
USENIX Security, USENIX (2016)
-
(Smart) watch your taps: side-channel keystroke inference attacks using smartwatches
Anindya Maiti, Murtuza Jadliwala, Jibo He, Igor Bilogrevic
ACM International Symposium on Wearable Computers (2015), pp. 27-30
-
Access Control and the Internet of Things
IEEE Internet Computing, vol. 19 (2015), pp. 96-
-
Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab
Proceedings of the IEEE Symposium on Security and Privacy (2015)
-
Apples and Oranges: Detecting Least-Privilege Violators with Peer Group Analysis
Iulia Ion, Suman Jana, Úlfar Erlingsson
CoRR, vol. abs/1510.07308 (2015)
-
Attitudes Toward Vehicle-Based Sensing and Recording
Manya Sleeper, Sebastian Schnorf, Brian Kemler, Sunny Consolvo
Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, ACM, pp. 1017-1028
-
Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement
Richard Barnes, Bruce Schneier, Cullen Jennings, Ted Hardie, Brian Trammel, Christian Huitema, Daniel Borkman
IETF RFCs, Internet Engineering Task Force (2015), pp. 24
-
Distributed Authorization With Distributed Grammars
Martin Abadi, Mike Burrows, Himabindu Pucha, Adam Sadovsky, Asim Shankar, Ankur Taly
Programming Languages with Applications to Biology and Security, Springer International Publishing Switzerland, Gewerbestrasse 11 CH-6330 Cham (ZG) Switzerland (2015), pp. 10-26
-
Fast and Secure Three-party Computation: The Garbled Circuit Approach
Payman Mohassel, Mike Rosulek, Ye Zhang
The 22nd ACM Conference on Computer and Communications Security, ACM (2015)
-
Framing Dependencies Introduced by Underground Commoditization
Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna
Workshop on the Economics of Information Security (2015)
-
GraphSC: Parallel Secure Computation Made Easy
Kartik Nayak, Xiao S. Wang, Stratis Ioannidis, Udi Weinsberg, Nina Taft, Elaine Shi
IEEE Symposium on Security and Privacy, IEEE (2015)
-
Improving SSL Warnings: Comprehension and Adherence
Adrienne Porter Felt, Alex Ainslie, Robert W. Reeder, Sunny Consolvo, Somas Thyagaraja, Alan Bettes, Helen Harris, Jeff Grimes
Proceedings of the Conference on Human Factors and Computing Systems, ACM (2015)
-
Communications of the ACM, vol. 58 (2015), pp. 62-65
-
Managing your Private and Public Data: Bringing down Inference Attacks against your Privacy
Amy Zhang, Branislav Kveton, Flavio du Pin Calmon, Nadia Fawaz, Nina Taft, Pedro Oliveira, Salman Salamatian, Sandilya Bhamidipati
IEEE Journal on Signal Processing (2015)
-
Neither Snow Nor Rain Nor MITM ... An Empirical Analysis of Email Delivery Security
Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, J. Alex Halderman
Proceedings of the Internet Measurement Conferene (2015)
-
RFC7646 -Definition and Use of DNSSEC Negative Trust Anchors
Warren Kumari, Jason Livingood, Chris Griffiths
IETF RFCs, Internet Engineering Task Force (2015), pp. 15
-
Reasoning about Risk and Trust in an Open World
Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller
Victoria University of Wellington (2015)
-
Rich Queries on Encrypted Data: Beyond Exact Matches
Sky Faber, Stanislaw Jarecki, Hugo Krawczyk, Quan Nguyen, Marcel Rosu, Michael Steiner
20th European Symposium on Research in Computer Security (2015)
-
SAC070 - ICANN SSAC Advisory on the Use of Static TLD / Suffix Lists
Warren Kumari, Jaap Akkerhuis, Patrik Fältström
ICANN Security and Stability Advisory Committee (SSAC) Reports and Advisories, ICANN (2015), pp. 32
-
Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google
Joseph Bonneau, Elie Bursztein, Ilan Caron, Rob Jackson, Mike Williamson
WWW'15 - Proceedings of the 22nd international conference on World Wide Web, ACM (2015)
-
Software engineering for privacy in-the-large
Pauline Anthonysamy, Awais Rashid
International Conference in Software Engineering, IEEE Press (2015)
-
Supporting Privacy-Conscious App Update Decisions with User Reviews
Yuan Tian, Bin Liu, Weisi Dai, Blase Ur, Patrick Tague, Lorrie Faith Cranor
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, ACM, New York, NY, USA (2015), pp. 51-61
-
Swapsies on the Internet: First Steps towards Reasoning about Risk and Trust in an Open World
Sophia Drossopoulou, James Noble, Mark S. Miller
Tenth Workshop on Programming Languages and Analysis for Security (PLAS 2015), ACM
-
The Correctness-Security Gap in Compiler Optimization
Vijay D'Silva, Mathias Payer, Dawn Song
Security and Privacy Workshops (SPW), 2015 IEEE, IEEE, pp. 73-87
-
The Performance Cost of Shadow Stacks and Stack Canaries
Thurston H.Y. Dang, Petros Maniatis, David Wagner
Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), ACM (2015), pp. 555-566
-
Thwarting Fake OSN Accounts by Predicting their Victims
Yazan Boshmaf, Matei Ripeanu, Konstantin Beznosov, Elizeu Santos-Neto
AI-Sec'2015, ACM (to appear)
-
Trends and Lessons from Three Years Fighting Malicious Extensions
Nav Jagpal, Eric Dingle, Jean-Philippe Gravel, Panayiotis Mavrommatis, Niels Provos, Moheeb Abu Rajab, Kurt Thomas
USENIX Security Symposium (2015)
-
Understanding Sensitivity by Analyzing Anonymity
Sai Teja Peddinti, Aleksandra Korolova, Elie Bursztein, Geetanjali Sampemane
IEEE Security & Privacy, vol. 13 (2015), pp. 14-21
-
“...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices
Iulia Ion, Rob Reeder, Sunny Consolvo
Proceedings of the Eleventh Symposium On Usable Privacy and Security, USENIX (2015), pp. 327-346
-
“WTH..!?!” Experiences, reactions, and expectations related to online privacy panic situations
Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), USENIX Association
-
A Language-Based Approach to Secure Quorum Replication
Lantian Zheng, Andrew C. Myers
Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security (2014), pp. 27-39
-
Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors
Serge Egelman, Sakshi Jain, Rebecca Pottenger, Kerwell Liao, Sunny Consolvo, David Wagner
Proceedings of the ACM Conference on Computer and Communications Security: CCS '14, ACM (2014)
-
BeyondCorp: A New Approach to Enterprise Security
;login:, vol. Vol. 39, No. 6 (2014), pp. 6-11
-
Cloak and Swagger: Understanding Data Sensitivity through the Lens of User Anonymity
Sai Teja Peddinti, Aleksandra Korolova, Elie Bursztein, Geetanjali Sampemane
2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014, IEEE Computer Society, pp. 493-508
-
Communities, Random Walks, and Social Sybil Defense.
Lorenzo Alvisi, Allen Clement, Alessandro Epasto, Silvio Lattanzi, Alessandro Panconesi
Internet Mathematics (2014)
-
Dialing Back Abuse on Phone Verified Accounts
Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier, Damon McCoy
Proceedings of the 21st ACM Conference on Computer and Communications Security (2014)
-
Dividing secrets to secure data outsourcing
Fatih Emekci, Ahmed Methwally, Divyakant Agrawal, Amr El Abbadi
Information Sciences, vol. 263 (2014), pp. 198-210
-
Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM
Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, Geoff Pike
Proceedings of the 23rd Usenix Security Symposium, USENIX, San Diego, CA (2014)
-
Experimenting At Scale With Google Chrome's SSL Warning
Adrienne Porter Felt, Robert W. Reeder, Hazim Almuhimedi, Sunny Consolvo
ACM CHI Conference on Human Factors in Computing Systems (2014)
-
Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild
Elie Bursztein, Borbala Benko, Daniel Margolis, Tadek Pietraszek, Andy Archer, Allan Aquino, Andreas Pitsillidis, Stefan Savage
IMC '14 Proceedings of the 2014 Conference on Internet Measurement Conference, ACM, 1600 Amphitheatre Parkway, pp. 347-358
-
M. Angela Sasse, Charles C. Palmer, Markus Jakobsson, Sunny Consolvo, Rick Wash, L. Jean Camp
IEEE (2014), pp. 39-42
-
Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud
Arnar Birgisson, Joe Gibbs Politz, Úlfar Erlingsson, Ankur Taly, Michael Vrable, Mark Lentczner
Network and Distributed System Security Symposium, Internet Society (2014)
-
MiniBox: A Two-Way Sandbox for x86 Native Code
Yanlin Li, Jonathan McCune, James Newsome, Adrian Perrig, Brandon Baker, Will Drewry
Proceedings of the Usenix Annual Technical Conference, Usenix (2014)
-
Moving Targets: Security and Rapid-Release in Firefox
Sandy Clark, Michael Collis, Matt Blaze, Jonathan M. Smith
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ACM, New York, NY, pp. 1256-1266
-
RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response
Úlfar Erlingsson, Vasyl Pihur, Aleksandra Korolova
Proceedings of the 21st ACM Conference on Computer and Communications Security, ACM, Scottsdale, Arizona (2014)
-
RFC7344 - Automating DNSSEC Delegation Trust Maintenance
Warren Kumari
IETF RFCs, Internet Engineering Task Force (2014)
-
RFC7344 - Automating DNSSEC Delegation Trust Maintenance
IETF RFCs, Internet Engineering Task Force (2014)
-
SAC064 - ICANN SSAC Advisory on Search List Processing
Warren Kumari, Jaap Akkerhuis, Don Blumenthal
ICANN Security and Stability Advisory Committee (SSAC) Reports and Advisories, ICANN (2014), pp. 17
-
Christoph Kern
Communications of the ACM, vol. 57, no. 9 (2014), pp. 38-47
-
The End is Nigh: Generic Solving of Text-based CAPTCHAs
Elie Bursztein, Jonathan Aigrain, Angelika Moscicki, John C. Mitchell
WOOT'14 Proceedings of the 8th USENIX conference on Offensive Technologies, Usenix (2014)
-
Tick Tock: Building Browser Red Pills from Timing Side Channels
Grant Ho, Dan Boneh, Lucas Ballard, Niels Provos
8th USENIX Workshop on Offensive Technologies (WOOT 14), USENIX Association (2014)
-
Allison Woodruff, Vasyl Pihur, Sunny Consolvo, Lauren Schmidt, Laura Brandimarte, Alessandro Acquisti
Proceedings of the Symposium On Usable Privacy and Security: SOUPS '14, USENIX (2014)
-
Your Reputation Precedes You: History, Reputation, and the Chrome Malware Warning
Hazim Almuhimedi, Adrienne Porter Felt, Robert W. Reeder, Sunny Consolvo
Proceedings of the Symposium On Usable Privacy and Security: SOUPS '14, USENIX (2014)
-
ZARATHUSTRA: Extracting WebInject Signatures from Banking Trojans
Claudio Criscione, Fabio Bosatelli, Stefano Zanero, Federico Maggi
Twelfth Annual International Conference on Privacy, Security and Trust, IEEE (2014), pp. 139-148
-
“My religious aunt asked why I was trying to sell her viagra”: Experiences with account hijacking
Richard Shay, Iulia Ion, Robert W. Reeder, Sunny Consolvo
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: CHI '14, ACM, New York, NY, USA (2014), pp. 2657-2666
-
Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness
Devdatta Akhawe, Adrienne Porter Felt
USENIX Security Symposium, USENIX (2013)
-
Anti-forensic resilient memory acquisition
Johaness Stuerrgen, Michael Cohen
Digital Investigation, vol. 10 (2013), S105-S115
-
Eric Grosse, Mayank Upadhyay
IEEE Security and Privacy, vol. 11 (2013), pp. 15-22
-
CAMP: Content-Agnostic Malware Protection
Moheeb Abu Rajab, Lucas Ballard, Noe Lutz, Panayiotis Mavrommatis, Niels Provos
Network and Distributed Systems Security Symposium (NDSS), Network and Distributed Systems Security Symposium (NDSS), USA (2013)
-
Cross Platform Network Access Control
RVASec 2013, RVASec 2013, RIchmond, VA
-
Crowd-Sourced Call Identification and Suppression
Daniel V. Klein, Dean K. Jackson
Federal Trade Commission Robocall Challenge (2013)
-
Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework
Amit Vasudevan, Sagar Chaki, Limin Jia, Jonathan McCune, James Newsome, Anupam Datta
IEEE Symposium on Security and Privacy (2013) (to appear)
-
Distributed Electronic Rights in JavaScript
Mark S. Miller, Tom Van Cutsem, Bill Tulloh
ESOP'13 22nd European Symposium on Programming, Springer (2013)
-
Hunting in the Enterprise: Forensic Triage and Incident Response
Digital Investigation, vol. 10 (2013), pp. 89-98
-
Identifying and Exploiting Windows Kernel Race Conditions via Memory Access Patterns
Mateusz Jurczyk, Gynvael Coldwind
Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns, The Symposium on Security for Asia Network, 102F Pasir Panjang Road, #08-02, Singapore 118530 (2013), pp. 69
-
Making programs forget: Enforcing Lifetime for Sensitive Data
Jayanthkumar Kannan, Gautam Altekar, Petros Maniatis, Byung-Gon Chun
Proceedings of the 13th USENIX conference on Hot topics in operating systems, USENIX Association, Berkeley, CA, USA (2013)
-
Rogue Femtocell Owners: How Mallory Can Monitor My Devices
David Malone, Darren F Kavanagh, Niall Richard Murphy
2013 Proceedings IEEE INFOCOM, IEEE, New Jersey, USA, pp. 3553-3558
-
S-links: Why distributed security policy requires secure introduction
Web 2.0 Security & Privacy 2013, IEEE
-
SAC057 - ICANN SSAC Advisory on Internal Name Certificates
Warren Kumari, Steve Crocker, Patrik Fältström, Ondrej Filip, James Galvin, Danny McPherson, Ram Mohan, Doron Shikmoni
ICANN SSAC Reports and Advisories, ICANN (Internet Corporation for Assigned Names and Numbers) (2013)
-
Sok: The Evolution of Sybil Defense via Social Networks
Lorenzo Alvisi, Allen Clement, Alessandro Epasto, Silvio Lattanzi, Alessandro Panconesi
2013 IEEE Symposium on Security and Privacy, SP 2013
-
Strato: A Retargetable Framework for Low-level Inlined Reference Monitors
Bin Zeng, Gang Tan, Úlfar Erlingsson
Proceedings of the 22nd USENIX Conference on Security, USENIX Association, Berkeley, CA, USA (2013), pp. 369-382
-
The Dangers of Composing Anonymous Channels
Emilia Kasper, George Danezis
Information Hiding - 14th International Conference, IH 2012, Revised Selected Papers, Springer, Lecture notes in Computer Science (2013), pp. 191-206
-
Trustworthy Proxies: Virtualizing Objects with Invariants
Tom Van Cutsem, Mark S. Miller
ECOOP 2013
-
Verified Boot on Chrome OS and How to do it yourself
Embedded Linux Conference Europe, Linux Foundation, 660 York Street, Suite 102, San Francisco, CA 94110, USA (2013)
-
Verifying Cloud Services: Present and Future
Sara Bouchenak, Gregory Chockler, Hana Chockler, Gabriela Gheorghe, Nuno Santos, Alexander Shraer
Operating Systems Review (2013)
-
A taste of Capsicum: practical capabilities for UNIX
Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway
Communications of the ACM, vol. 55(3) (2012), pp. 97-104
-
Browser Exploits as a Service: The Monetization of Driveby Downloads
C. Grier, L. Ballard, J. Caballero, N. Chachra, C. Dietrich, K. Levchenko, P. Mavrommatis, D. McCoy, A. Nappa, A. Pitsillidis, N. Provos, Z. Rafique, M. Rajab, C. Rossow, K. Thomas, V. Paxson, S. Savage, G. Voelker
Proceedings of 19th ACM Conference on Computer and Communications Security (2012)
-
Cloud Data Protection for the Masses
Dawn Song, Elaine Shi, Ian Fischer, Umesh Shankar
Computer, vol. 45, no. 1 (2012), pp. 39-45
-
Contextual OTP: Mitigating Emerging Man-in-the-Middle Attacks with Wireless Hardware Tokens
Assaf Ben-David, Omer Berkman, Yossi Matias, Sarvar Patel, Cem Paya, Moti Yung
Applied Cryptography and Network Security - 10th International Conference, ACNS 2012, Springer, pp. 30-47
-
Enhanced multi-factor authentication
Patent (2012)
-
How well can congestion pricing neutralize denial of service attacks?
Ashish Vulimiri, Gul A. Agha, Philip Brighten Godfrey, Karthik Lakshminarayanan
Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems, ACM, New York, NY, USA (2012), pp. 137-150
-
Mike Samuel, Úlfar Erlingsson
USENIX workshop on Large-Scale Exploits and Emergent Threats, USENIX (2012)
-
Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms
Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, Adrian Perrig
TRUST 2012, Lecture Notes in Computer Science, pp. 21
-
Manufacturing Compromise: The Emergence of Exploit-as-a-Service
Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker
Proceedings of 19th ACM Conference on Computer and Communications Security (2012)
-
Benoit Libert, Moti Yung
Proceedings of the 9th international conference on Theory of Cryptography, Springer-Verlag, Berlin, Heidelberg (2012), pp. 75-93
-
Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web
Michael Dietz, Alexei Czeskis, Dirk Balfanz, Dan Wallach
21st USENIX Security Symposium, The USENIX Association (2012), pp. 317-332
-
RFC6583 - Operational Neighbor Discovery Problems
Warren Kumari, Igor Gashinsky, Yahoo!, Joel Jaeggli, Zynga
IETF RFCs, Internet Engineering Task Force (2012)
-
Robust Trait Composition for JavaScript
Tom Van Cutsem, Mark S. Miller
Science of Computer Programming: Special Issue on Advances in Dynamic Languages (2012)
-
SAC056 - ICANN SSAC Advisory on Impacts of Content Blocking via the Domain Name System
Warren Kumari, Alain Aina, Jaap Akkerhuis, Don Blumenthal, KC Claffy, David Conrad, Patrik Fältström, James Galvin, Jason Livingood, Danny McPherson, Ram Mohan, Paul Vixie
ICANN Security and Stability Advisory Committee (SSAC) Reports and Advisories, ICANN (Internet Corporation for Assigned Names and Numbers) (2012)
-
Scalable group signatures with revocation
Benoit Libert, Thomas Peters, Moti Yung
Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques, Springer-Verlag, Berlin, Heidelberg (2012), pp. 609-627
-
Kurt Rosenfeld
Introduction to Hardware Security and Trust, Springer (2012) (to appear)
-
Vanity or Privacy? Social Media as a Facilitator of Privacy and Trust
CSCW Workshop: Reconciling Privacy with Social Media (2012)
-
Address space randomization for mobile devices
Hristo Bojinov, Dan Boneh, Rich Cannings, Iliyan Malchev
WiSec '11 - Proceedings of the fourth ACM conference on wireless network security, ACM, New York, NY (2011)
-
App Isolation: Get the Security of Multiple Browsers with Just One
Eric Y. Chen, Jason Bau, Charles Reis, Adam Barth, Collin Jackson
18th ACM Conference on Computer and Communications Security, ACM (2011)
-
Automated Analysis of Security-Critical JavaScript APIs
Ankur Taly, Úlfar Erlingsson, John C. Mitchell, Mark S. Miller, Jasvir Nagra
IEEE Symposium on Security & Privacy (SP), IEEE (2011)
-
Digital Forensics with Open Source Tools
Cory Altheide, Harlan Carvey
Syngress (2011)
-
Distributed forensics and incident response in the enterprise
Michael Cohen, Darren Bilby, Germano Caronni
Journal of Digital Investigation, vol. 8 (2011), S101-S110
-
Fast Elliptic Curve Cryptography in OpenSSL
Financial Cryptography and Data Security: FC 2011 Workshops, RLCPS and WECSR, Springer
-
Hardware Trojan Detection Solutions and Design-for-Trust Challenges
Kurt Rosenfeld
IEEE Computer (2011), pp. 64-72
-
Indirect Content Privacy Surveys: Measuring Privacy Without Asking About It
Alex Braunstein, Laura Granka, Jessica Staddon
Symposium on Usable Privacy and Security (SOUPS), ACM SIGCHI (2011)
-
Public vs. Publicized: Content Use Trends and Privacy Expectations
Jessica Staddon, Andrew Swerdlow
6th USENIX Workshop on Hot Topics in Security (HotSec '11), USENIX (2011)
-
Rootkits in your web application
Artur Janc
28C3: Chaos Communications Congress, Berlin, Germany (2011)
-
Security Challenges During VLSI Test
Kurt Rosenfeld
Proceedings of 2011 IEEE NEWCAS Conference, IEEE
-
Security-Aware SoC Test Access Mechanisms
Kurt Rosenfeld
Proceedings of the 2011 IEEE VLSI Test Symposium
-
ShellOS: Enabling fast detection and forensic analysis of code injection attacks
Kevin Snow, Srinivas Krishnan, Fabian Monrose, Niels Provos
USENIX Security Symposium (2011)
-
Third International Symposium on Engineering Secure Software and Systems, ESSoS 2011
Úlfar Erlingsson, Roel Wieringa, Nicola Zannone, editors.
Springer Verlag, Berlin / Heidelberg
-
Transparency and Choice: Protecting Consumer Privacy in an Online World
Alma Whitten, Sean Harvey, Ian Fette, Betsy Masiello, Jochen Eisinger, Jane Horvath
W3C Workshop on Web Tracking and User Privacy, W3C (2011), pp. 3
-
Automata Evaluation and Text Search Protocols with Simulation Based Security
Carmit Hazay, Rosario Gennaro, Jeffrey Sorensen
Google, Inc. (2010)
-
Dagstuhl Seminar 09141: Web Application Security (Abstracts collection)
Dan Boneh, Úlfar Erlingsson, Martin Johns, Benjamin Livshits
Dagstuhl Seminar Proceedings, Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany, Dagstuhl, Germany (2010)
-
Drac: An Architecture for Anonymous Low-Volume Communications
George Danezis, Claudia Diaz, Carmela Troncosco, Ben Laurie
PETS 2010 (to appear)
-
Engineering Privacy in an Age of Information Abundance
Betsy Masiello, Alma Whitten
Intelligent Privacy Management Symposium (2010)
-
Group Message Authentication
Bartosz Przydatek, Douglas Wikström
Security and Cryptography for Networks, SCN 2010, Springer Verlag, pp. 399-417
-
Improving users' security choices on home wireless networks
Justin T. Ho, David Dearman, Khai N. Truong
Proceedings of the Sixth Symposium on Usable Privacy and Security, ACM, New York, NY, USA (2010), 12:1-12:12
-
Large-Scale Automatic Classification of Phishing Pages
Colin Whittaker, Brian Ryner, Marria Nazif
NDSS '10 (2010)
-
Making Privacy a Fundamental Component of Web Resources
Thomas Duebendorfer, Christoph Renner, Tyrone Grandison, Michael Maximilien, Mark Weitzel
W3C Workshop on Privacy for Advanced Web APIs, W3C (2010), pp. 5
-
Practical Privacy Concerns in a Real World Browser
Ian Fette, Jochen Eisinger
W3C Workshop on Privacy for Advanced Web APIs, W3C (2010), pp. 4
-
Protecting Browsers from Extension Vulnerabilities
Adam Barth, Adrienne Porter Felt, Prateek Saxena, Aaron Boodman
Network and Distributed System Security Symposium (2010)
-
PseudoID: Enhancing Privacy in Federated Login
Arkajit Dey, Stephen Weis
Hot Topics in Privacy Enhancing Technologies (2010), pp. 95-107
-
Public-Key Encryption in the Bounded-Retrieval Model
Joel Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs
Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30 - June 3, 2010. Proceedings, Springer, pp. 113-134
-
Technology Companies are Best Positioned to Offer Health Record Trusts
Shirley Gaw, Umesh Shankar
HealthSec '10 Position Paper (2010)
-
The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution
Moheeb Abu Rajab, Lucas Ballard, Panayiotis Marvrommatis, Niels Provos, Xin Zhao
Large-Scale Exploits and Emergent Threats, USENIX (2010)
-
Trustworthy Hardware: Identifying and Classifying Hardware Trojans
Kurt Rosenfeld
IEEE Design and Test of Computers (2010), pp. 39-46
-
Universally optimal privacy mechanisms for minimax agents
Mangesh Gupte, Mukund Sundararajan
Proc. ACM SIGMOD, ACM, Indianapolis, Indiana (2010), pp. 135-146
-
Using the Wave Protocol to Represent Individuals’ Health Records
Shirley Gaw, Umesh Shankar
HealthSec '10 Position Paper (2010)
-
Eduardo Alberto Vela Nava
Syngress (2010), pp. 282
-
A New Randomness Extraction Paradigm for Hybrid Encryption
Eike Kiltz, Krzysztof Pietrzak, Martijn Stam, Moti Yung
EUROCRYPT '09: Proceedings of the 28th Annual International Conference on Advances in Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 590-609
-
A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks
François-Xavier Standaert, Tal G. Malkin, Moti Yung
EUROCRYPT '09: Proceedings of the 28th Annual International Conference on Advances in Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 443-461
-
Balancing Usability and Security in a Video CAPTCHA
Kurt Alfred Kluever, Richard Zanibbi
Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09), ACM Press (2009)
-
Browser Security: Lessons from Google Chrome
Charles Reis, Adam Barth, Carlos Pizano
ACM Queue, vol. 7, no. 5 (2009), pp. 3
-
Capacity of Steganographic Channels
Jeremiah Harmsen, William Pearlman
IEEE Transactions on Information Theory, vol. 55 (2009), pp. 1775-1792
-
Composability and On-Line Deniability of Authentication
Yevgeniy Dodis, Jonathan Katz, Adam Smith, Shabsi Walfish
Springer, pp. 146-162
-
Constructing Variable-Length PRPs and SPRPs from Fixed-Length PRPs
Debra L. Cook, Moti Yung, Angelos Keromytis
Information Security and Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 157-180
-
E Unum Pluribus - Google Network Filtering Management
Paul (Tony) Watson, Peter Moody
LISA'09 23rd Large Installation System Administration Conference (2009)
-
Efficient Robust Private Set Intersection
Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung
ACNS '09: Proceedings of the 7th International Conference on Applied Cryptography and Network Security, Springer-Verlag, Berlin, Heidelberg (2009), pp. 125-142
-
Efficient Traceable Signatures in the Standard Model
Benoît Libert, Moti Yung
Pairing '09: Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography, Springer-Verlag, Berlin, Heidelberg (2009), pp. 187-205
-
Efficient and secure authenticated key exchange using weak passwords
Jonathan Katz, Rafail Ostrovsky, Moti Yung
J. ACM, vol. 57 (2009), pp. 1-39
-
Elastic block ciphers: method, security and instantiations
Debra L. Cook, Moti Yung, Angelos D. Keromytis
Int. J. Inf. Secur., vol. 8 (2009), pp. 211-231
-
Expecting the Unexpected: Towards Robust Credential Infrastructure
Shouhuai Xu, Moti Yung
Financial Cryptography and Data Security, Springer-Verlag, Berlin, Heidelberg (2009), pp. 201-221
-
Firefox (In)Security Update Dynamics Exposed
Stefan Frei, Thomas Duebendorfer, Bernhard Plattner
ACM Sigcomm Comput. Commun. Rev., vol. 39 Issue 1 (2009), pp. 16-22
-
Generative usability: security and user centered design beyond the appliance
Luke Church, Alma Whitten
New Security Paradigms Workshop (2009)
-
Key Evolution Systems in Untrusted Update Environments
Benoît Libert, Jean-Jacques Quisquater, Moti Yung
Information Security and Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 12-21
-
John Black, Martin Cochran
Fast Software Encryption, Springer (2009), pp. 345-362
-
On the Portability of Generalized Schnorr Proofs
Jan Camenisch, Aggelos Kiayias, Moti Yung
EUROCRYPT '09: Proceedings of the 28th Annual International Conference on Advances in Cryptology, Springer-Verlag, Berlin, Heidelberg (2009), pp. 425-442
-
Plinko: polling with a physical implementation of a noisy channel
Chris Alexander, Joel Reardon, Ian Goldberg
WPES '09: Proceedings of the 8th ACM workshop on Privacy in the electronic society, ACM, New York, NY, USA (2009), pp. 109-112
-
Privacy-Preserving Information Markets for Computing Statistical Data
Aggelos Kiayias, Bülent Yener, Moti Yung
Financial Cryptography and Data Security, Springer-Verlag, Berlin, Heidelberg (2009), pp. 32-50
-
Privacy-preserving indexing of documents on the network
Mayank Bawa, Roberto J. Bayardo, Rakesh Agrawal, Jaideep Vaidya
The VLDB Journal, vol. 18 (2009), pp. 837-856
-
Redirects to login pages are bad, or are they?
Eric Sachs
SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security, ACM, New York, NY, USA (2009), pp. 1-1
-
Secure EPC Gen2 Compliant Radio Frequency Identification
Mike Burmester, Breno Medeiros, Jorge Munilla, Alberto Peinado
ADHOC-NOW '09: Proceedings of the 8th International Conference on Ad-Hoc, Mobile and Wireless Networks, Springer-Verlag, Berlin, Heidelberg (2009), pp. 227-240
-
Secure Function Collection with Sublinear Storage
Maged H. Ibrahim, Aggelos Kiayias, Moti Yung, Hong-Sheng Zhou
ICALP '09: Proceedings of the 36th Internatilonal Collogquium on Automata, Languages and Programming, Springer-Verlag, Berlin, Heidelberg (2009), pp. 534-545
-
The Goals and Challenges of Click Fraud Penetration Testing Systems
Carmelo Kintana, David Turner, Jia-Yu Pan, Ahmed Metwally, Neil Daswani, Erika Chin, Andrew Bortz
International Symposium on Software Reliability Engineering, International Symposium on Software Reliability Engineering (2009)
-
The Kurosawa--Desmedt key encapsulation is not chosen-ciphertext secure
Seung Geol Choi, Javier Herranz, Dennis Hofheinz, Jung Yeon Hwang, Eike Kiltz, Dong Hoon Lee, Moti Yung
Inf. Process. Lett., vol. 109 (2009), pp. 897-901
-
Why Silent Updates Boost Security
Thomas Duebendorfer, Stefan Frei
ETH Zurich (2009), pp. 1-9
-
xBook: Redesigning Privacy Control in Social Networking Platforms
Kapil Singh, Sumeer Bhola, Wenke Lee
18th Usenix Security Symposium, Usenix (2009)
-
(Under)mining Privacy in Social Networks
Monica Chew, Dirk Balfanz, Ben Laurie
W2SP 2008: Web 2.0 Security and Privacy 2008
-
A block cipher based pseudo random number generator secure against side-channel key recovery
Christophe Petit, François-Xavier Standaert, Olivier Pereira, Tal G. Malkin, Moti Yung
ASIACCS '08: Proceedings of the 2008 ACM symposium on Information, computer and communications security, ACM, New York, NY, USA, pp. 56-65
-
Access Control
Google, Inc. (2008)
-
All Your iFrames Point to Us
Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab, Fabian Monrose
17th USENIX Security Symposium (2008)
-
Anonymous RFID authentication supporting constant cost key lookup against active adversaries
M. Burmester, B. De Medeiros, R. Motta
Int. J. Appl. Cryptol., vol. 1 (2008), pp. 79-90
-
Asynchronous Multi-Party Computation with Quadratic Communication
Martin Hirt, Jesper Buus Nielsen, Bartosz Przydatek
International Colloquium on Automata, Languages and Programming, ICALP 2008, Springer Verlag, pp. 473-485
-
Choose the Red Pill and the Blue Pill
Ben Laurie, Abe Singer
New Security Paradigms Workshop 2008
-
Competition and Fraud in Online Advertising Markets
Bob Mungamuru, Stephen A. Weis
Financial Cryptography (2008)
-
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority
David Dagon, Chris Lee, Wenke Lee, Niels Provos
Proc. 15th Network and Distributed System Security Symposium (NDSS), Internet Society, San Diego, CA (2008)
-
Distributed divide-and-conquer techniques for effective DDoS attack defenses
Muthuprasanna Muthusrinivasan, Manimaran Govindarasu
IEEE International Conference on Distributed Computing Systems (ICDCS) (2008)
-
Does Physical Security of Cryptographic Devices Need a Formal Study? (Invited Talk)
François-Xavier Standaert, Tal G. Malkin, Moti Yung
ICITS '08: Proceedings of the 3rd international conference on Information Theoretic Security, Springer-Verlag, Berlin, Heidelberg (2008), pp. 70-70
-
Efficient Constructions of Composable Commitments and Zero-Knowledge Proofs
Yevgeniy Dodis, Victor Shoup, Shabsi Walfish
Proceedings of Advances in Cryptology - CRYPTO 2008, 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008, pp. 515-535
-
Error-Tolerant Combiners for Oblivious Primitives
Bartosz Przydatek, Jürg Wullschleger
International Colloquium on Automata, Languages and Programming, ICALP 2008, Springer Verlag, pp. 461-472
-
Fair Traceable Multi-Group Signatures
Vicente Benjumea, Seung Geol Choi, Javier Lopez, Moti Yung
Financial Cryptography, Springer-Verlag, Berlin, Heidelberg (2008), pp. 231-246
-
Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware
Michalis Polychronakis, Panayiotis Mavrommatis, Niels Provos
Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2008)
-
Insecure Context Switching: Innoculating regular expressions for survivability
Will Drewry, Tavis Ormandy
2nd USENIX Workshop on Offensive Technologies (WOOT '08) (2008)
-
Methods for Linear and Differential Cryptanalysis of Elastic Block Ciphers
Debra L. Cook, Moti Yung, Angelos D. Keromytis
ACISP '08: Proceedings of the 13th Australasian conference on Information Security and Privacy, Springer-Verlag, Berlin, Heidelberg (2008), pp. 187-202
-
On the Evolution of User Authentication: Non-bilateral Factors
Moti Yung
Information Security and Cryptology, Third SKLOIS Conference, Inscrypt 2007, Springer-Verlag, Berlin, Heidelberg (2008), pp. 5-10
-
Peeking Through the Cloud
Moheeb Abu Rajab, Fabian Monrose, Andreas Terzis, Niels Provos
6th Conference on Applied Cryptography and Network Security (2008)
-
Plan 9 Authentication in Linux
ACM SIGOPS OSR special issue on Research and Developments in the Linux Kernel, vol. 42, Issue 5 (July 2008) (2008)
-
Please Permit Me: Stateless Delegated Authorization in Mashups
Ragib Hasan, Marianne Winslett, Richard Conlan, Brian Slesinsky, Nandakumar Ramani
Proceedings of the Annual Computer Security Applications Conference, IEEE Press, Anaheim, CA (2008), pp. 173-182
-
Privacy Preserving Data Mining within Anonymous Credential Systems
Aggelos Kiayias, Shouhuai Xu, Moti Yung
SCN '08: Proceedings of the 6th international conference on Security and Cryptography for Networks, Springer-Verlag, Berlin, Heidelberg (2008), pp. 57-76
-
Provably Secure Grouping-Proofs for RFID Tags
Mike Burmester, Breno Medeiros, Rossana Motta
CARDIS '08: Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications, Springer-Verlag, Berlin, Heidelberg (2008), pp. 176-190
-
Public-key traitor tracing from efficient decoding and unbounded enrollment: extended abstract
Aggelos Kiayias, Moti Yung
DRM '08: Proceedings of the 8th ACM workshop on Digital rights management, ACM, New York, NY, USA (2008), pp. 9-18
-
Real Electronic Cash Versus Academic Electronic Cash Versus Paper Cash (Panel Report)
Jon Callas, Yvo Desmedt, Daniel Nagy, Akira Otsuka, Jean-Jacques Quisquater, Moti Yung
Financial Cryptography and Data Security, Springer-Verlag, Berlin, Heidelberg (2008), pp. 307-313
-
Securing Nonintrusive Web Encryption through Information Flow
Lantian Zheng, Andrew C. Myers
Proceedings of the 2008 workshop on programming languages and analysis for security
-
Security aspects of the Authentication used in Quantum Cryptography
Jörgen Cederlöf, Jan-Åke Larsson
IEEE Transactions on Information Theory, vol. 54 (2008), pp. 1735-1741
-
To Catch a Predator: A Natural Language Approach for Eliciting Protocol Interaction
Sam Small, Joshua Mason, Fabian Monrose, Niels Provos, Adam Stubblefield
17th USENIX Security Symposium (2008)
-
Understanding the Web browser threat
Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May
ETH Zurich
-
Video CAPTCHAs: Usability vs. Security
Kurt Alfred Kluever, Richard Zanibbi
Proceedings of the IEEE Western New York Image Processing Workshop (WNYIP '08), IEEE Press (2008)
-
A Framework for Detection and Measurement of Phishing Attacks
Sujata Garera, Niels Provos, Monica Chew, Aviel D. Rubin
WORM'07, ACM, Alexandria, VA (2007)
-
An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments
Tavis Ormandy
CanSecWest 2007
-
Byzantine Attacks on Anonymity Systems
Nikita Borisov, George Danezis, Parisa Tabriz
Digital Privacy: Theory, Technologies, and Practices (2007)
-
Cyberassault on Estonia
IEEE Security and Privacy, vol. 5, no. 4 (2007), pp. 4
-
Defining Strong Privacy for RFID
Ari Juels, Stephen A. Weis
Proc. 5th International Conf. on Pervasive Computing and Communications Workshops, IEEE (2007), pp. 342-347
-
Delegating Responsibility in Digital Systems: Horton's Who Done It
Mark S. Miller, Jed Donnelley, Alan H. Karp
2nd USENIX Workshop on Hot Topics in Security, USENIX (2007), pp. 5
-
Denial of Service or Denial of Security? How Attacks can Compromize Anonymity
Nikita Borisov, George Danezis, Prateek Mittal, Parisa Tabriz
Conference on Computer and Communications Security, ACM, Alexandria, VA (2007)
-
Dynamic Pharming Attacks and Locked Same-Origin Policies for Web Browsers
Chris Karlof, Umesh Shankar, J. D. Tygar, David Wagner
Conference on Computer and Communications Security, ACM, Alexandria, VA (2007)
-
Flayer: Exposing Application Internals
Will Drewry, Tavis Ormandy
First USENIX Workshop on Offensive Technologies (WOOT '07), Online Proceedings, http://www.usenix.org/events/woot07/tech/ (2007)
-
Foundations of Security: What Every Programmer Needs to Know
Neil Daswani, Christoph Kern, Anita Kesavan
APress, New York (2007)
-
Memsherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities
Emre C. Sezer, Peng Ning, ChongKyung Kil, Jun Xu
Conference on Computer and Communication Security, ACM, Alexandria, VA (2007)
-
Provable Data Possession at Untrusted Stores
Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, Dawn Song
Conference on Computer and Communications Security, ACM, Alexandria, VA (2007)
-
Ben Laurie (2007)
-
The Ghost In The Browser: Analysis of Web-based Malware
Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, Nagendra Modadugu
First Workshop on Hot Topics in Understanding Botnets (HotBots '07), Online Proceedings, http://www.usenix.org/events/hotbots07/tech/ (2007)
-
Tradeoffs in Retrofitting Security: An Experience Report
Dynamic Languages Symposium, ACM (2007)
-
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Niels Provos, Thorsten Holz
Addison Wesley (2007)
-
A Method for Making Password-Based Key Exchange Resilient to Server Compromise
Craig Gentry, Philip MacKenzie, Zulfikar Ramzan
Advances in Cryptology - CRYPTO 2006, Springer, pp. 142-159
-
Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection
Martin Casado, Aditya Akella, Pei Cao, Niels Provos, Scott Shenker
In Proceedings of Steps To Reduce Unwated Traffic From The Internet (2006)
-
Flow-Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks
Martin Casado, Pei Cao, Aditya Akella, Niels Provos
Proceedings of the IEEE Workshop on QoS (2006)
-
Language Modeling and Encryption on Packet Switched Networks
Advances in Cryptology: Proc. Eurocrypt 2006, Springer, St. Petersburg, pp. 359-372
-
Limits to Anti Phishing
Jeff Nelson, David Jeske
Proceedings of the W3c Security and Usability Workshop (2006), pp. 5
-
Packet vaccine: black-box exploit detection and signature generation
XiaoFeng Wang, Zhuowei Li, Jun Xu, Michael K. Reiter, Chongkyung Kil, Jong Youl Choi
Proc. 13th ACM Conference on Computer and Communications Security, ACM, Alexandria, VA (2006), pp. 37-46
-
Privacy-Enhancing Technologies
Stephen A. Weis
IEEE Security and Privacy, vol. 4 (2006), pp. 59
-
Resource Fairness and Composability of Cryptographic Protocols
Juan Garay, Philip MacKenzie, Manoj Prabhakaran, Ke Yang
Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Springer, pp. 404-428
-
Niels Provos, Joe McClain, Ke Wang
WORM '06: Proceedings of the 4th ACM workshop on Recurring malcode, ACM Press, Alexandria, Virginia, USA (2006), pp. 1-8
-
A Virtual Honeypot Framework
USENIX Security Symposium (2004), pp. 1-14
-
Cygnus - An Approach for Large Scale Network Security Monitoring
Syscan 2004, Singapore
-
Improving Host Security with System Call Policies
12th USENIX Security Symposium (2003)
-
Preventing Privilege Escalation
Niels Provos, Markus Friedl, Peter Honeyman
12th USENIX Security Symposium (2003)
-
Defending Against Statistical Steganalysis
10th USENIX Security Symposium (2001)
-
Encrypting Virtual Memory
9th USENIX Security Symposium (2000)
-
A Future-Adaptable Password Scheme
Niels Provos, David Mazières
USENIX Annual Technical Conference, FREENIX Track (1999)
-
Cryptography in OpenBSD: An Overview
Theo de Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, Niels Provos
USENIX Annual Technical Conference, FREENIX Track (1999)