Publications
2016
SoK: Towards Grounding Censorship Circumvention in Empiricism
Michael Carl Tschantz, Sadia Afroz, David Fifield and Vern Paxson
IEEE S&P 2016.
Reviewer Integration and Performance Measurement for Malware Detection
Brad Miller, Alex Kantchelian, Michael Carl Tschantz, Sadia Afroz, Rekha Bachwani, Riyaz Faizullabhoy, Ling Huang, Vaishaal Shankar, Tony Wu, George Yiu, Anthony D. Joseph, J. D. Tygar.
Submitted to DIMVA 2016. Arxiv version
PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration
Shuang Hao, Alex Kantchelian, Brad Miller, Nick Feamster, Vern Paxson.
Submitted to SIGCOMM 2016
Evasion and Hardening of Tree Ensemble Classifiers
Alex Kantchelian, Anthony D. Joseph, J. D. Tygar.
Submitted to ICML 2016. Arxiv version
Do You See What I See?: Differential Treatment of Anonymous Users
Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Vern Paxson, Steven J. Murdoch, Damon McCoy
NDSS 2016 PDF
2015
Better Malware Ground Truth: Techniques for Weighting Anti-Virus Vendor Labels
Alex Kantchelian, Michael Carl Tschantz, Sadia Afroz, Brad Miller, Vaishaal Shankar, Rekha Bachwani, Anthony D. Joseph, J. D. Tygar
AISec 2015
Android Permissions Remystified: A Field Study on Contextual Integrity
Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner, and Konstantin Beznosov
USENIX Security 2015. Pre-Print PDF
Censorship Arms Race: Research vs. Practice
Sadia Afroz, David Fifield, Michael C. Tschantz, Vern Paxson, J. D. Tygar
HotPETS 2015
Is This Thing On?: Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms
Serge Egelman, Raghudeep Kannavara, and Richard Chow
ACM CHI 2015. PDF
Somebody’s Watching Me?: Assessing the Effectiveness of Webcam Indicator Lights
Rebecca S Portnoff, Linda N Lee, Serge Egelman, Pratyush Mishra, Derek Leung, and David Wagner
ACM CHI 2015. PDF
Computer-Supported Cooperative Crime
Vaibhav Garg, Sadia Afroz, Rebekah Overdorf and Rachel Greenstadt
Financial Cryptography and Data Security 2015. PDF
Uncovering the Footprints of Malicious Traffic in Cellular Data Networks
Arun Raghuramu, Hui Zang, and Chen-Nee Chuah
Passive and Active Measurement Conference, 2015. PDF
2014
Formal Modeling and Verification of CloudProxy
Wei Yang Tan, Rohit Sinha, John Manferdelli, and Sanjit A. Seshia.
Conference on Verified Software: Theories, Tools, and Experiments (VSTTE), 2014. PDF
A Critical Evaluation of Website Fingerprinting Attacks.
Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, Rachel Greenstadt
ACM CCS 2014. PDF
Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors
Serge Egelman, Sakshi Jain, Rebecca S Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner.
ACM CCS 2014. PDF
Large Margin Convex Polytope Machine
Alex Kantchelian, Michael C. Tschantz, Ling Huang, Peter L. Bartlett, Anthony D. Joseph, J. D. Tygar.
NIPS 2014. PDF
Adversarial Active Learning.
Brad Miller, Alex Kantchelian, Sadia Afroz, Rekha Bachwani, Edwin Dauber, Ling Huang, Michael Tschantz, Anthony D. Joseph, J.D. Tygar.
AISec 2014. PDF
Contextual Localization Through Network Traffic Analysis
Aveek K. Das, Parth H. Pathak, Chen-Nee Chuah, and Prasant Mohapatra
IEEE INFOCOM, 2014. PDF
On the Security of Trustee-based Social Authentications
Neil Zhenqiang Gong, Di Wang.
IEEE Transactions on Information Forensics and Security (TIFS), 9(8), 2014. PDF
SybilBelief: A Semi-supervised Learning Approach for Structure-based Sybil Detection
Neil Zhenqiang Gong, Mario Frank, Prateek Mittal.
IEEE Transactions on Information Forensics and Security (TIFS), 9(6), 2014. PDF
Reciprocal versus Parasocial Relationships in Online Social Networks
Neil Zhenqiang Gong, Wenchang Xu.
Springer Social Network Analysis and Mining (SNAM), 4(1), 2014. PDF
Joint Link Prediction and Attribute Inference using a Social-Attribute Network
Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Richard Shin, Emil Stefanov, Elaine Shi, Dawn Song.
ACM Transactions on Intelligent Systems and Technology (TIST), 5(2), 2014. PDF
Doppelgänger Finder: Taking Stylometry To The Underground
Sadia Afroz, Aylin Caliskan-Islam, Ariel Stolerman, Rachel Greenstadt, Damon McCoy.
IEEE Symposium on Security and Privacy 2014. PDF
Classify, but Verify: Breaking the Closed-World Assumption in Stylometric Authorship Attribution
Ariel Stolerman, Rebekah Overdorf, Sadia Afroz and Rachel Greenstadt
IFIP WG11.9 2014. PDF
2013
Approaches to Adversarial Drift
Alex Kantchelian, Sadia Afroz, Ling Huang, Aylin Caliskan Islam, Brad Miller, Michael Carl Tschantz, Rachel Greenstadt, Anthony Joseph and J.D. Tygar. AISec ’13. PDF
Honor Among Thieves: A Common’s Analysis of Cybercrime Economics
Sadia Afroz, Vaibhav Garg, Damon McCoy, Rachel Greenstadt.
eCrime Research Summit ’13. PDF
How Privacy Flaws Affect Consumer Perception.
Sadia Afroz, Aylin Caliskan Islam, Jordan Santell, Aaron Chapin, Rachel Greenstadt.
3rd workshop on Socio-Technical Aspects in Security and Trust (STAST ’13). PDF
Symbolic Software Model Validation
Cynthia Sturton, Rohit Sinha, Thurston Dang, Sakshi Jain, Michael McCoyd, Wei Yang Tan, Petros Maniatis, Sanjit Seshia, David Wagner
11th ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2013). [PDF]
Bifocals: Analyzing WebView Vulnerabilities in Android Applications
Erika Chin, David Wagner
Proc. of the 14th International Workshop on Information Security Applications (WISA). [PDF]
The CloudProxy Tao for Trusted Computing
John Manferdelli, Tom Roeder, Fred Schneider
Technical report UCB/EECS-2013-135, UC Berkeley, EECS Dept. PDF
When It’s Better to Ask Forgiveness than Get Permission: Attribution Mechanisms for Smartphone Resources
Christopher Thompson, Maritza Johnson, Serge Egelman, David Wagner, and Jennifer King.
Symposium on Usable Privacy and Security (SOUPS) 2013. [PDF]
Data-confined HTML5 Applications
Devdatta Akhawe, Frank Li, Warren He, Prateek Saxena, Dawn Song
Proc. of the 2013 European Symposium on Research in Computer Security (ESORICS) [PDF]
Alice in Warningland:
A Large-Scale Field Study of Browser Security Warning Effectiveness
Devdatta Akhawe, Adrienne Porter Felt
Proc. of the 2013 Usenix Security Symposium [PDF]
An Empirical Study of Vulnerability Rewards Programs
Matthew Finifter, Devdatta Akhawe, David Wagner
Proc. of the 2013 Usenix Security Symposium [PDF]
Here’s My Cert, So Trust Me, Maybe? Understanding TLS Errors on the Web
Devdatta Akhawe, Bernhard Amann, Matthias Vallentin, Robin Sommer
Proc. of the 2013 World Wide Web Conference (WWW) [PDF]
Role Mining with Probabilistic Models
Mario Frank, Joachim M. Buhmann, David Basin.
ACM Transactions on Information and System Security (TISSEC), in press [PDF]
Prefetching mobile ads: Can advertising systems afford it?
Prashanth Mohan, Suman Nath and Oriana Riva
Proc of the 2013 European Conference on Computer Systems (EuroSys), April, 2013. [PDF]
Who do you sync you are? Smartphone Fingerprinting based on Application Behaviour
Tim Stöber, Mario Frank, Jens Schmitt, Ivan Martinovic.
Accepted at WiSec’13: ACM Conference on Security and Privacy in Wireless and Mobile Networks.
ScreenPass: Secure Password Entry for Touchscreen Devices
Dongtao Liu, Eduardo Cuervo, Valentin Pistol, Ryan Scudellari, and Landon P. Cox.
Proceedings of the 11th International Conference on Mobile Systems, Applications, and Services (MobiSys). Taipei, Taiwan. June, 2013. [PDF]
Joint Link Prediction and Attribute Inference using a Social-Attribute Network
Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Eui Chul Richard Shin, Emil Stefanov, Elaine(Runting) Shi and Dawn Song.
Accepted by ACM Transactions on Intelligent Systems and Technology (TIST), 2013. [PDF]
Towards Verifiable Resource Accounting for Outsourced Computation
Chen Chen, Petros Maniatis, Adrian Perrig, Amit Vasudevan, Vyas Sekar.
Proceedings of the International Conference on Virtual Execution Environments (VEE), Houston,
TX, USA. March, 2013. [PDF]
Intel Science and Technology Center for Secure Computing: Secure Computing Research for User Benefit
The SCRUB Center. [PDF]
Do Android Users Write About Electric Sheep? Examining Consumer Reviews in Google Play
Elizabeth Ha and David Wagner.
IEEE Consumer Communications & Networking Conference (CCNC) 2013, Mobile Devices, Platforms & Applications track. [PDF]
The Importance of Being Earnest [in Security Warnings]
Serge Egelman, Stuart Schechter
FC’13: Proceedings of the 2013 international conference on Financial Cryptography and Data Security. [PDF]
Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection
Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, Cormac Herley
CHI ’13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. [PDF]
My Profile Is My Password, Verify Me! The Privacy/Convenience Tradeoff of Facebook Connect
Serge Egelman
CHI ’13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. [PDF]
Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication
Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, Dawn Song
IEEE Transactions on Information Forensics and Security (Vol. 8, No. 1), pages 136-148. [PDF]
Signatures of Correct Computation
Charalampos Papamanthou, Elaine Shi, Roberto Tamassia
Theory of Cryptography Conference (TCC), 2013. [PDF]
Preserving Link Privacy in Social Network Based Systems
Prateek Mittal, Charalampos Papamanthou, Dawn Song
Network and Distributed System Security Symposium (NDSS), 2013. [PDF]
Building a Secure Foundation for Mobile Apps
Haohui Mai, Edgar Pek, P. Madhusudan, Samuel T. King
Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2013.
Cyrus: Unintrusive Application-Level Record-Replay for Replay Parallelism
Nima Honarmand, Nathan Dautenhahn, Gilles Pokam, Cristiano Pereira, Samuel T. King and Josep Torrellas
Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2013.
2012
Evolution of Social-Attribute Networks: Measurements, Modeling, and Implications using Google+
Neil Zhenqiang Gong, Wenchang Xu, Ling Huang, Prateek Mittal, Emil Stefanov, Vyas Sekar, Dawn Song
Proceedings of ACM/USENIX Internet Measurement Conference (IMC), 2012. [PDF]
Mining Permission Request Patterns from Android and Facebook Applications
Mario Frank, Ben Dong, Adrienne Porter-Felt, Dawn Song
IEEE International Conference on Data Mining (ICDM) 2012. [PDF]
Smartphones: Not Smart Enough?
Ian Fischer, Cynthia Kuo, Ling Huang, Mario Frank
ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM 2012). [PDF]
Dynamic Searchable Symmetric Encryption
Seny Kamara, Charalampos Papamanthou, Tom Roeder
ACM Conference on Computer and Communications Security (CCS) 2012. [PDF]
Verification with Small and Short Worlds
Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, David Wagner
Formal Methods in Computer-Aided Design (FMCAD) 2012. [PDF]
Reducing Attack Surfaces for Intra-Application Communication in Android
David Kantola, Erika Chin, Warren He, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2012 [PDF]
I’ve Got 99 Problems, But Vibration Ain’t One: A Survey of Smartphone Users’ Concerns
Adrienne Porter Felt, Serge Egelman, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2012 [PDF]
Short Paper: Location Privacy: User Behavior in the Field
Drew Fisher, Leah Dorner, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2012 [PDF]
Robust Detection of Comment Spam Using Entropy Rate
Alex Kantchelian, Justin Ma, Ling Huang, Sadia Afroz, Anthony D. Joseph, J. D. Tygar
ACM Workshop on Artificial Intelligence and Security (AISec) [PDF]
IBOS: A Correct-By-Construction Modular Browser
Ralf Sasse, Samuel T. King, Jose Meseguer, and Shuo Tang
International Symposium on Formal Aspects of Component Software (FACS)
[PDF]
Adversarial Stylometry: Circumventing Authorship Recognition to Preserve Privacy and Anonymity.
Michael Brennan, Sadia Afroz, and Rachel Greenstadt
ACM Transactions of Information and System Security (TISSEC). [PDF]
Winner of the PET Award for Outstanding Research in Privacy Enhancing Technologies
GUPT: Privacy Preserving Data Mining Made Easy
Prashanth Mohan, Abhradeep Thakutra, Elaine Shi, Dawn Song, and David E. Culler.
ACM SIGMOD 2012. [PDF]
Context Centric Security
Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Elaine Shi, Eric Love, Dawn Song, and Krste Asanovic.
USENIX Workshop on Hot Topics in Security 2012. [PDF]
How To Ask For Permission
Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David Wagner
USENIX Workshop on Hot Topics in Security 2012. [PDF]
Privilege Separation for HTML5 Applications
Devdatta Akhawe, Prateek Saxena, and Dawn Song
USENIX Security Symposium 2012. [PDF]
An Evaluation of the Google Chrome Extension Security Architecture
Nicholas Carlini, Adrienne Porter Felt, and David Wagner
USENIX Security Symposium 2012. [PDF]
Jointly Predicting Links and Inferring Attributes using a Social-Attribute Network (SAN)
Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Eui Chul Richard Shin, Emil Stefanov, Elaine (Runting) Shi, Dawn Song
ACM Workshop on Social Network Mining and Analysis (SNA-KDD) 2012. [PDF]
Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications
Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen and Dawn Song
Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2012. [PDF]
Measuring User Confidence in Smartphone Security and Privacy
Erika Chin, Adrienne Porter Felt, Vyas Sekar, and David Wagner
Symposium on Usable Privacy and Security (SOUPS) 2012. [PDF]
Android Permissions: User Attention, Comprehension, and Behavior
Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner
Symposium on Usable Privacy and Security (SOUPS) 2012. [PDF]
Facebook and Privacy: It’s Complicated
Maritza Johnson, Serge Egelman, Steven M. Bellovin
Symposium on Usable Privacy and Security (SOUPS) 2012. [PDF]
Choice Architecture and Smartphone Privacy: There’s a Price for That
Serge Egelman, Adrienne Porter Felt, and David Wagner
Workshop on the Economics of Information Security (WEIS) 2012. [PDF]
Efficient Verification of Web-Content Searching Through Authenticated Web Crawlers
Michael T. Goodrich, Duy Nguyen, Olga Ohrimenko, Charalampos Papamanthou, Roberto Tamassia, Nikos Triandopoulos and Cristina Videira Lopes
International Conference on Very Large Databases (VLDB), PVLDB 5(10):920-931, 2012. [PDF]
On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces
Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros and Dawn Song
Usenix Security Symposium 2012. [PDF]
Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems
Lorenzo Martignoni, Pongsin Poosankam, Matei Zaharia, Jun Han, Stephen McCamant,
Dawn Song, Vern Paxson, Adrian Perrig, Scott Shenker, and Ion Stoica
USENIX Annual Technical Conference 2012. [PDF]
Privacy in Online Review Sites
Matthew Burkholder and Rachel Greenstadt
Workshop on Semantic Computing and Security (WSCS) 2012. [PDF]
Query Strategies for Evading Convex-Inducing Classifiers
Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, Steven J. Lee, Satish Rao, and J. D. Tygar
Journal of Machine Learning Research, 13(May):1293–1332, 2012. [PDF]
Use Fewer Instances of the Letter “i”: Toward Writing Style Anonymization
Andrew McDonald, Sadia Afroz, Aylin Caliskan, Ariel Stolerman and Rachel Greenstadt
Privacy Enhancing Technologies Symposium 2012. [PDF]
AdDroid: Privilege Separation for Applications and Advertisers in Android
Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, David Wagner
ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2012. [PDF]
Product Labels for Mobile Application Markets
Devdatta Akhawe, Matthew Finifter
Mobile Security Technologies Workshop (MoST 2012). [PDF]
On the Feasibility of Internet-Scale Author Identification
Arvind Narayanan, Hristo Spassimirov Paskov, Neil Zhenqiang Gong, John Bethencourt, Eui Chul Richard Shin, Emil Stefanov and Dawn Song
IEEE Symposium on Security and Privacy 2012. [PDF]
Detecting Hoaxes, Frauds, and Deception in Writing Style Online
Sadia Afroz, Michael Brennan, and Rachel Greenstadt
IEEE Symposium on Security and Privacy 2012. [PDF]
Path-Exploration Lifting: Hi-fi Tests for Lo-fi Emulators
Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Dawn Song and Petros Maniatis
Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2012. [PDF]
2011
Verifiable Resource Accounting for Cloud Computing Services
Vyas Sekar, Petros Maniatis
ACM Cloud Computing Security Workshop (CCSW) 2011. [PDF]
Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection
Petros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song
Hot Topics in Operating Systems (HotOS) 2011. [PDF]
A Survey of Mobile Malware in the Wild
Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011. [PDF]
Introducing the Intel Science and Technology Center for Secure Computing
The SCRUB Center. [PDF]