2013

Here’s My Cert, So Trust Me, Maybe? Understanding TLS Errors on the Web

Devdatta Akhawe, Bernhard Amann, Matthias Vallentin, Robin Sommer
Proc. of the 2013 World Wide Web Conference (WWW) [PDF]

Role Mining with Probabilistic Models

Mario Frank, Joachim M. Buhmann, David Basin.
ACM Transactions on Information and System Security (TISSEC), in press [PDF]

Who do you sync you are? Smartphone Fingerprinting based on Application Behaviour

Tim Stöber, Mario Frank, Jens Schmitt, Ivan Martinovic.
Accepted at WiSec’13: ACM Conference on Security and Privacy in Wireless and Mobile Networks.

ScreenPass: Secure Password Entry for Touchscreen Devices

Dongtao Liu, Eduardo Cuervo, Valentin Pistol, Ryan Scudellari, and Landon P. Cox.
Proceedings of the 11th International Conference on Mobile Systems, Applications, and Services (MobiSys). Taipei, Taiwan. June, 2013. [PDF]

Joint Link Prediction and Attribute Inference using a Social-Attribute Network

Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Eui Chul Richard Shin, Emil Stefanov, Elaine(Runting) Shi and Dawn Song.
Accepted by ACM Transactions on Intelligent Systems and Technology (TIST), 2013. [PDF]

Towards Verifiable Resource Accounting for Outsourced Computation

Chen Chen, Petros Maniatis, Adrian Perrig, Amit Vasudevan, Vyas Sekar.
Proceedings of the International Conference on Virtual Execution Environments (VEE), Houston,
TX, USA. March, 2013. [PDF]

Intel Science and Technology Center for Secure Computing: Secure Computing Research for User Benefit

The SCRUB Center. [PDF]

Do Android Users Write About Electric Sheep? Examining Consumer Reviews in Google Play

Elizabeth Ha and David Wagner.
IEEE Consumer Communications & Networking Conference (CCNC) 2013, Mobile Devices, Platforms & Applications track. [PDF]

The Importance of Being Earnest [in Security Warnings]

Serge Egelman, Stuart Schechter
FC’13: Proceedings of the 2013 international conference on Financial Cryptography and Data Security.

Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection

Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, Cormac Herley
CHI ’13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. [PDF]

My Profile Is My Password, Verify Me! The Privacy/Convenience Tradeoff of Facebook Connect

Serge Egelman
CHI ’13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. [PDF]

Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, Dawn Song
IEEE Transactions on Information Forensics and Security (Vol. 8, No. 1), pages 136-148. [PDF]

Signatures of Correct Computation

Charalampos Papamanthou, Elaine Shi, Roberto Tamassia
Theory of Cryptography Conference (TCC), 2013. [PDF]

Preserving Link Privacy in Social Network Based Systems

Prateek Mittal, Charalampos Papamanthou, Dawn Song
Network and Distributed System Security Symposium (NDSS), 2013. [PDF]

Building a Secure Foundation for Mobile Apps

Haohui Mai, Edgar Pek, P. Madhusudan, Samuel T. King
Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2013.

Cyrus: Unintrusive Application-Level Record-Replay for Replay Parallelism

Nima Honarmand, Nathan Dautenhahn, Gilles Pokam, Cristiano Pereira, Samuel T. King and Josep Torrellas
Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2013.

2012

Evolution of Social-Attribute Networks: Measurements, Modeling, and Implications using Google+

Neil Zhenqiang Gong, Wenchang Xu, Ling Huang, Prateek Mittal, Emil Stefanov, Vyas Sekar, Dawn Song
Proceedings of ACM/USENIX Internet Measurement Conference (IMC), 2012. [PDF]

Mining Permission Request Patterns from Android and Facebook Applications

Mario Frank, Ben Dong, Adrienne Porter-Felt, Dawn Song
IEEE International Conference on Data Mining (ICDM) 2012. [PDF]

Smartphones: Not Smart Enough?

Ian Fischer, Cynthia Kuo, Ling Huang, Mario Frank
ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM 2012). [PDF]

Dynamic Searchable Symmetric Encryption

Seny Kamara, Charalampos Papamanthou, Tom Roeder
ACM Conference on Computer and Communications Security (CCS) 2012. [PDF]

Verification with Small and Short Worlds

Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, David Wagner
Formal Methods in Computer-Aided Design (FMCAD) 2012. [PDF]

Reducing Attack Surfaces for Intra-Application Communication in Android

David Kantola, Erika Chin, Warren He, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2012 [PDF]

I’ve Got 99 Problems, But Vibration Ain’t One: A Survey of Smartphone Users’ Concerns

Adrienne Porter Felt, Serge Egelman, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2012 [PDF]

Short Paper: Location Privacy: User Behavior in the Field

Drew Fisher, Leah Dorner, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2012 [PDF]

Robust Detection of Comment Spam Using Entropy Rate

Alex Kantchelian, Justin Ma, Ling Huang, Sadia Afroz, Anthony D. Joseph, J. D. Tygar
ACM Workshop on Artificial Intelligence and Security (AISec) [PDF]

IBOS: A Correct-By-Construction Modular Browser

Ralf Sasse, Samuel T. King, Jose Meseguer, and Shuo Tang
International Symposium on Formal Aspects of Component Software (FACS)
[PDF]

Adversarial Stylometry: Circumventing Authorship Recognition to Preserve Privacy and Anonymity.

Michael Brennan, Sadia Afroz, and Rachel Greenstadt
ACM Transactions of Information and System Security (TISSEC). [PDF]

GUPT: Privacy Preserving Data Mining Made Easy

Prashanth Mohan, Abhradeep Thakutra, Elaine Shi, Dawn Song, and David E. Culler.
ACM SIGMOD 2012. [PDF]

Context Centric Security

Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Elaine Shi, Eric Love, Dawn Song, and Krste Asanovic.
USENIX Workshop on Hot Topics in Security 2012. [PDF]

How To Ask For Permission

Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David Wagner
USENIX Workshop on Hot Topics in Security 2012. [PDF]

Privilege Separation for HTML5 Applications

Devdatta Akhawe, Prateek Saxena, and Dawn Song
USENIX Security Symposium 2012.  [PDF]

An Evaluation of the Google Chrome Extension Security Architecture

Nicholas Carlini, Adrienne Porter Felt, and David Wagner
USENIX Security Symposium 2012. [PDF]

Jointly Predicting Links and Inferring Attributes using a Social-Attribute Network (SAN)

Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Eui Chul Richard Shin, Emil Stefanov, Elaine (Runting) Shi, Dawn Song
ACM Workshop on Social Network Mining and Analysis (SNA-KDD) 2012. [PDF]

Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications

Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen and Dawn Song
Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2012. [PDF]

Measuring User Confidence in Smartphone Security and Privacy

Erika Chin, Adrienne Porter Felt, Vyas Sekar, and David Wagner
Symposium on Usable Privacy and Security (SOUPS) 2012. [PDF]

Android Permissions: User Attention, Comprehension, and Behavior

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner
Symposium on Usable Privacy and Security (SOUPS) 2012. [PDF]

Facebook and Privacy: It’s Complicated

Maritza Johnson, Serge Egelman, Steven M. Bellovin
Symposium on Usable Privacy and Security (SOUPS) 2012. [PDF]

Choice Architecture and Smartphone Privacy: There’s a Price for That

Serge Egelman, Adrienne Porter Felt, and David Wagner
Workshop on the Economics of Information Security (WEIS) 2012. [PDF]

Efficient Verification of Web-Content Searching Through Authenticated Web Crawlers

Michael T. Goodrich, Duy Nguyen, Olga Ohrimenko, Charalampos Papamanthou, Roberto Tamassia, Nikos Triandopoulos and Cristina Videira Lopes
International Conference on Very Large Databases (VLDB), PVLDB 5(10):920-931, 2012. [PDF]

On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces

Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros and Dawn Song
Usenix Security Symposium 2012. [PDF]

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems

Lorenzo Martignoni, Pongsin Poosankam, Matei Zaharia, Jun Han, Stephen McCamant,
Dawn Song, Vern Paxson, Adrian Perrig, Scott Shenker, and Ion Stoica
USENIX Annual Technical Conference 2012. [PDF]

Privacy in Online Review Sites

Matthew Burkholder and Rachel Greenstadt
Workshop on Semantic Computing and Security (WSCS) 2012. [PDF]

Query Strategies for Evading Convex-Inducing Classifiers

Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, Steven J. Lee, Satish Rao, and J. D. Tygar
Journal of Machine Learning Research, 13(May):1293–1332, 2012. [PDF]

Use Fewer Instances of the Letter “i”: Toward Writing Style Anonymization

Andrew McDonald, Sadia Afroz, Aylin Caliskan, Ariel Stolerman and Rachel Greenstadt
Privacy Enhancing Technologies Symposium 2012. [PDF]

AdDroid: Privilege Separation for Applications and Advertisers in Android

Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, David Wagner
ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2012. [PDF]

Product Labels for Mobile Application Markets

Devdatta Akhawe, Matthew Finifter
Mobile Security Technologies Workshop (MoST 2012). [PDF]

On the Feasibility of Internet-Scale Author Identification

Arvind Narayanan, Hristo Spassimirov Paskov, Neil Zhenqiang Gong, John Bethencourt, Eui Chul Richard Shin, Emil Stefanov and Dawn Song
IEEE Symposium on Security and Privacy 2012. [PDF]

Detecting Hoaxes, Frauds, and Deception in Writing Style Online

Sadia Afroz, Michael Brennan, and Rachel Greenstadt
IEEE Symposium on Security and Privacy 2012. [PDF]

Path-Exploration Lifting: Hi-fi Tests for Lo-fi Emulators

Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Dawn Song and Petros Maniatis
Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2012. [PDF]

2011

Verifiable Resource Accounting for Cloud Computing Services

Vyas Sekar, Petros Maniatis
ACM Cloud Computing Security Workshop (CCSW) 2011. [PDF]

Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection

Petros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song
Hot Topics in Operating Systems (HotOS) 2011. [PDF]

A Survey of Mobile Malware in the Wild

Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011. [PDF]

Introducing the Intel Science and Technology Center for Secure Computing

The SCRUB Center. [PDF]