2016

SoK: Towards Grounding Censorship Circumvention in Empiricism

Michael Carl Tschantz, Sadia Afroz, David Fifield and Vern Paxson
IEEE S&P 2016.

Reviewer Integration and Performance Measurement for Malware Detection

Brad Miller, Alex Kantchelian, Michael Carl Tschantz, Sadia Afroz, Rekha Bachwani, Riyaz Faizullabhoy, Ling Huang, Vaishaal Shankar, Tony Wu, George Yiu, Anthony D. Joseph, J. D. Tygar.
Submitted to DIMVA 2016. Arxiv version

PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration

Shuang Hao, Alex Kantchelian, Brad Miller, Nick Feamster, Vern Paxson.
Submitted to SIGCOMM 2016

Evasion and Hardening of Tree Ensemble Classifiers

Alex Kantchelian, Anthony D. Joseph, J. D. Tygar.
Submitted to ICML 2016. Arxiv version

Do You See What I See?: Differential Treatment of Anonymous Users

Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Vern Paxson, Steven J. Murdoch, Damon McCoy
NDSS 2016 PDF

2015

Better Malware Ground Truth: Techniques for Weighting Anti-Virus Vendor Labels

Alex Kantchelian, Michael Carl Tschantz, Sadia Afroz, Brad Miller, Vaishaal Shankar, Rekha Bachwani, Anthony D. Joseph, J. D. Tygar
AISec 2015

Android Permissions Remystified: A Field Study on Contextual Integrity

Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner, and Konstantin Beznosov
USENIX Security 2015. Pre-Print PDF

Censorship Arms Race: Research vs. Practice

Sadia Afroz, David Fifield, Michael C. Tschantz, Vern Paxson, J. D. Tygar
HotPETS 2015

Is This Thing On?: Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms

Serge Egelman, Raghudeep Kannavara, and Richard Chow
ACM CHI 2015. PDF

Somebody’s Watching Me?: Assessing the Effectiveness of Webcam Indicator Lights

Rebecca S Portnoff, Linda N Lee, Serge Egelman, Pratyush Mishra, Derek Leung, and David Wagner
ACM CHI 2015. PDF

Computer-Supported Cooperative Crime

Vaibhav Garg, Sadia Afroz, Rebekah Overdorf and Rachel Greenstadt
Financial Cryptography and Data Security 2015. PDF

Uncovering the Footprints of Malicious Traffic in Cellular Data Networks

Arun Raghuramu, Hui Zang, and Chen-Nee Chuah
Passive and Active Measurement Conference, 2015. PDF

2014

Formal Modeling and Verification of CloudProxy

Wei Yang Tan, Rohit Sinha, John Manferdelli, and Sanjit A. Seshia.
Conference on Verified Software: Theories, Tools, and Experiments (VSTTE), 2014. PDF

A Critical Evaluation of Website Fingerprinting Attacks.

Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, Rachel Greenstadt
ACM CCS 2014. PDF

Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors

Serge Egelman, Sakshi Jain, Rebecca S Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner.
ACM CCS 2014. PDF

Large Margin Convex Polytope Machine

Alex Kantchelian, Michael C. Tschantz, Ling Huang, Peter L. Bartlett, Anthony D. Joseph, J. D. Tygar.
NIPS 2014. PDF

Adversarial Active Learning.

Brad Miller, Alex Kantchelian, Sadia Afroz, Rekha Bachwani, Edwin Dauber, Ling Huang, Michael Tschantz, Anthony D. Joseph, J.D. Tygar.
AISec 2014. PDF

Contextual Localization Through Network Traffic Analysis

Aveek K. Das, Parth H. Pathak, Chen-Nee Chuah, and Prasant Mohapatra
IEEE INFOCOM, 2014. PDF

On the Security of Trustee-based Social Authentications

Neil Zhenqiang Gong, Di Wang.
IEEE Transactions on Information Forensics and Security (TIFS), 9(8), 2014. PDF

SybilBelief: A Semi-supervised Learning Approach for Structure-based Sybil Detection 

Neil Zhenqiang Gong, Mario Frank, Prateek Mittal.
IEEE Transactions on Information Forensics and Security (TIFS), 9(6), 2014. PDF

Reciprocal versus Parasocial Relationships in Online Social Networks 

Neil Zhenqiang Gong, Wenchang Xu.
Springer Social Network Analysis and Mining (SNAM), 4(1), 2014. PDF

Joint Link Prediction and Attribute Inference using a Social-Attribute Network 

Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Richard Shin, Emil Stefanov, Elaine Shi, Dawn Song.
ACM Transactions on Intelligent Systems and Technology (TIST), 5(2), 2014. PDF

Doppelgänger Finder: Taking Stylometry To The Underground

Sadia Afroz, Aylin Caliskan-Islam, Ariel Stolerman, Rachel Greenstadt, Damon McCoy.
IEEE Symposium on Security and Privacy 2014. PDF

Classify, but Verify: Breaking the Closed-World Assumption in Stylometric Authorship Attribution

Ariel Stolerman, Rebekah Overdorf, Sadia Afroz and Rachel Greenstadt
IFIP WG11.9 2014. PDF

2013

Approaches to Adversarial Drift

Alex Kantchelian, Sadia Afroz, Ling Huang, Aylin Caliskan Islam, Brad Miller, Michael Carl Tschantz, Rachel Greenstadt, Anthony Joseph and J.D. Tygar. AISec ’13. PDF

Honor Among Thieves: A Common’s Analysis of Cybercrime Economics

Sadia Afroz, Vaibhav Garg, Damon McCoy, Rachel Greenstadt.
eCrime Research Summit ’13. PDF

How Privacy Flaws Affect Consumer Perception.

Sadia Afroz, Aylin Caliskan Islam, Jordan Santell, Aaron Chapin, Rachel Greenstadt.
3rd workshop on Socio-Technical Aspects in Security and Trust (STAST ’13). PDF

Symbolic Software Model Validation

Cynthia Sturton, Rohit Sinha, Thurston Dang, Sakshi Jain, Michael McCoyd, Wei Yang Tan, Petros Maniatis, Sanjit Seshia, David Wagner
11th ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2013). [PDF]

Bifocals: Analyzing WebView Vulnerabilities in Android Applications

Erika Chin, David Wagner
Proc. of the 14th International Workshop on Information Security Applications (WISA). [PDF]

The CloudProxy Tao for Trusted Computing

John Manferdelli, Tom Roeder, Fred Schneider
Technical report UCB/EECS-2013-135, UC Berkeley, EECS Dept.  PDF

When It’s Better to Ask Forgiveness than Get Permission: Attribution Mechanisms for Smartphone Resources

Christopher Thompson, Maritza Johnson, Serge Egelman, David Wagner, and Jennifer King.
Symposium on Usable Privacy and Security (SOUPS) 2013. [PDF]

Data-confined HTML5 Applications

Devdatta Akhawe, Frank Li, Warren He, Prateek Saxena, Dawn Song
Proc. of the 2013 European Symposium on Research in Computer Security (ESORICS) [PDF]

Alice in Warningland:
A Large-Scale Field Study of Browser Security Warning Effectiveness

Devdatta Akhawe, Adrienne Porter Felt
Proc. of the 2013 Usenix Security Symposium [PDF]

An Empirical Study of Vulnerability Rewards Programs

Matthew Finifter, Devdatta Akhawe, David Wagner
Proc. of the 2013 Usenix Security Symposium [PDF]

Here’s My Cert, So Trust Me, Maybe? Understanding TLS Errors on the Web

Devdatta Akhawe, Bernhard Amann, Matthias Vallentin, Robin Sommer
Proc. of the 2013 World Wide Web Conference (WWW) [PDF]

Role Mining with Probabilistic Models

Mario Frank, Joachim M. Buhmann, David Basin.
ACM Transactions on Information and System Security (TISSEC), in press [PDF]

Prefetching mobile ads: Can advertising systems afford it?

Prashanth Mohan, Suman Nath and Oriana Riva
Proc of the 2013 European Conference on Computer Systems (EuroSys), April, 2013. [PDF]

Who do you sync you are? Smartphone Fingerprinting based on Application Behaviour

Tim Stöber, Mario Frank, Jens Schmitt, Ivan Martinovic.
Accepted at WiSec’13: ACM Conference on Security and Privacy in Wireless and Mobile Networks.

ScreenPass: Secure Password Entry for Touchscreen Devices

Dongtao Liu, Eduardo Cuervo, Valentin Pistol, Ryan Scudellari, and Landon P. Cox.
Proceedings of the 11th International Conference on Mobile Systems, Applications, and Services (MobiSys). Taipei, Taiwan. June, 2013. [PDF]

Joint Link Prediction and Attribute Inference using a Social-Attribute Network

Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Eui Chul Richard Shin, Emil Stefanov, Elaine(Runting) Shi and Dawn Song.
Accepted by ACM Transactions on Intelligent Systems and Technology (TIST), 2013. [PDF]

Towards Verifiable Resource Accounting for Outsourced Computation

Chen Chen, Petros Maniatis, Adrian Perrig, Amit Vasudevan, Vyas Sekar.
Proceedings of the International Conference on Virtual Execution Environments (VEE), Houston,
TX, USA. March, 2013. [PDF]

Intel Science and Technology Center for Secure Computing: Secure Computing Research for User Benefit

The SCRUB Center. [PDF]

Do Android Users Write About Electric Sheep? Examining Consumer Reviews in Google Play

Elizabeth Ha and David Wagner.
IEEE Consumer Communications & Networking Conference (CCNC) 2013, Mobile Devices, Platforms & Applications track. [PDF]

The Importance of Being Earnest [in Security Warnings]

Serge Egelman, Stuart Schechter
FC’13: Proceedings of the 2013 international conference on Financial Cryptography and Data Security. [PDF]

Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection

Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, Cormac Herley
CHI ’13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. [PDF]

My Profile Is My Password, Verify Me! The Privacy/Convenience Tradeoff of Facebook Connect

Serge Egelman
CHI ’13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. [PDF]

Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, Dawn Song
IEEE Transactions on Information Forensics and Security (Vol. 8, No. 1), pages 136-148. [PDF]

Signatures of Correct Computation

Charalampos Papamanthou, Elaine Shi, Roberto Tamassia
Theory of Cryptography Conference (TCC), 2013. [PDF]

Preserving Link Privacy in Social Network Based Systems

Prateek Mittal, Charalampos Papamanthou, Dawn Song
Network and Distributed System Security Symposium (NDSS), 2013. [PDF]

Building a Secure Foundation for Mobile Apps

Haohui Mai, Edgar Pek, P. Madhusudan, Samuel T. King
Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2013.

Cyrus: Unintrusive Application-Level Record-Replay for Replay Parallelism

Nima Honarmand, Nathan Dautenhahn, Gilles Pokam, Cristiano Pereira, Samuel T. King and Josep Torrellas
Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2013.

2012

Evolution of Social-Attribute Networks: Measurements, Modeling, and Implications using Google+

Neil Zhenqiang Gong, Wenchang Xu, Ling Huang, Prateek Mittal, Emil Stefanov, Vyas Sekar, Dawn Song
Proceedings of ACM/USENIX Internet Measurement Conference (IMC), 2012. [PDF]

Mining Permission Request Patterns from Android and Facebook Applications

Mario Frank, Ben Dong, Adrienne Porter-Felt, Dawn Song
IEEE International Conference on Data Mining (ICDM) 2012. [PDF]

Smartphones: Not Smart Enough?

Ian Fischer, Cynthia Kuo, Ling Huang, Mario Frank
ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM 2012). [PDF]

Dynamic Searchable Symmetric Encryption

Seny Kamara, Charalampos Papamanthou, Tom Roeder
ACM Conference on Computer and Communications Security (CCS) 2012. [PDF]

Verification with Small and Short Worlds

Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, David Wagner
Formal Methods in Computer-Aided Design (FMCAD) 2012. [PDF]

Reducing Attack Surfaces for Intra-Application Communication in Android

David Kantola, Erika Chin, Warren He, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2012 [PDF]

I’ve Got 99 Problems, But Vibration Ain’t One: A Survey of Smartphone Users’ Concerns

Adrienne Porter Felt, Serge Egelman, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2012 [PDF]

Short Paper: Location Privacy: User Behavior in the Field

Drew Fisher, Leah Dorner, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2012 [PDF]

Robust Detection of Comment Spam Using Entropy Rate

Alex Kantchelian, Justin Ma, Ling Huang, Sadia Afroz, Anthony D. Joseph, J. D. Tygar
ACM Workshop on Artificial Intelligence and Security (AISec) [PDF]

IBOS: A Correct-By-Construction Modular Browser

Ralf Sasse, Samuel T. King, Jose Meseguer, and Shuo Tang
International Symposium on Formal Aspects of Component Software (FACS)
[PDF]

Adversarial Stylometry: Circumventing Authorship Recognition to Preserve Privacy and Anonymity.

Michael Brennan, Sadia Afroz, and Rachel Greenstadt
ACM Transactions of Information and System Security (TISSEC). [PDF]
Winner of the PET Award for Outstanding Research in Privacy Enhancing Technologies

GUPT: Privacy Preserving Data Mining Made Easy

Prashanth Mohan, Abhradeep Thakutra, Elaine Shi, Dawn Song, and David E. Culler.
ACM SIGMOD 2012. [PDF]

Context Centric Security

Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Elaine Shi, Eric Love, Dawn Song, and Krste Asanovic.
USENIX Workshop on Hot Topics in Security 2012. [PDF]

How To Ask For Permission

Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David Wagner
USENIX Workshop on Hot Topics in Security 2012. [PDF]

Privilege Separation for HTML5 Applications

Devdatta Akhawe, Prateek Saxena, and Dawn Song
USENIX Security Symposium 2012.  [PDF]

An Evaluation of the Google Chrome Extension Security Architecture

Nicholas Carlini, Adrienne Porter Felt, and David Wagner
USENIX Security Symposium 2012. [PDF]

Jointly Predicting Links and Inferring Attributes using a Social-Attribute Network (SAN)

Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Eui Chul Richard Shin, Emil Stefanov, Elaine (Runting) Shi, Dawn Song
ACM Workshop on Social Network Mining and Analysis (SNA-KDD) 2012. [PDF]

Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications

Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen and Dawn Song
Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2012. [PDF]

Measuring User Confidence in Smartphone Security and Privacy

Erika Chin, Adrienne Porter Felt, Vyas Sekar, and David Wagner
Symposium on Usable Privacy and Security (SOUPS) 2012. [PDF]

Android Permissions: User Attention, Comprehension, and Behavior

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner
Symposium on Usable Privacy and Security (SOUPS) 2012. [PDF]

Facebook and Privacy: It’s Complicated

Maritza Johnson, Serge Egelman, Steven M. Bellovin
Symposium on Usable Privacy and Security (SOUPS) 2012. [PDF]

Choice Architecture and Smartphone Privacy: There’s a Price for That

Serge Egelman, Adrienne Porter Felt, and David Wagner
Workshop on the Economics of Information Security (WEIS) 2012. [PDF]

Efficient Verification of Web-Content Searching Through Authenticated Web Crawlers

Michael T. Goodrich, Duy Nguyen, Olga Ohrimenko, Charalampos Papamanthou, Roberto Tamassia, Nikos Triandopoulos and Cristina Videira Lopes
International Conference on Very Large Databases (VLDB), PVLDB 5(10):920-931, 2012. [PDF]

On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces

Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros and Dawn Song
Usenix Security Symposium 2012. [PDF]

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems

Lorenzo Martignoni, Pongsin Poosankam, Matei Zaharia, Jun Han, Stephen McCamant,
Dawn Song, Vern Paxson, Adrian Perrig, Scott Shenker, and Ion Stoica
USENIX Annual Technical Conference 2012. [PDF]

Privacy in Online Review Sites

Matthew Burkholder and Rachel Greenstadt
Workshop on Semantic Computing and Security (WSCS) 2012. [PDF]

Query Strategies for Evading Convex-Inducing Classifiers

Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, Steven J. Lee, Satish Rao, and J. D. Tygar
Journal of Machine Learning Research, 13(May):1293–1332, 2012. [PDF]

Use Fewer Instances of the Letter “i”: Toward Writing Style Anonymization

Andrew McDonald, Sadia Afroz, Aylin Caliskan, Ariel Stolerman and Rachel Greenstadt
Privacy Enhancing Technologies Symposium 2012. [PDF]

AdDroid: Privilege Separation for Applications and Advertisers in Android

Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, David Wagner
ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2012. [PDF]

Product Labels for Mobile Application Markets

Devdatta Akhawe, Matthew Finifter
Mobile Security Technologies Workshop (MoST 2012). [PDF]

On the Feasibility of Internet-Scale Author Identification

Arvind Narayanan, Hristo Spassimirov Paskov, Neil Zhenqiang Gong, John Bethencourt, Eui Chul Richard Shin, Emil Stefanov and Dawn Song
IEEE Symposium on Security and Privacy 2012. [PDF]

Detecting Hoaxes, Frauds, and Deception in Writing Style Online

Sadia Afroz, Michael Brennan, and Rachel Greenstadt
IEEE Symposium on Security and Privacy 2012. [PDF]

Path-Exploration Lifting: Hi-fi Tests for Lo-fi Emulators

Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Dawn Song and Petros Maniatis
Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2012. [PDF]

2011

Verifiable Resource Accounting for Cloud Computing Services

Vyas Sekar, Petros Maniatis
ACM Cloud Computing Security Workshop (CCSW) 2011. [PDF]

Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection

Petros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song
Hot Topics in Operating Systems (HotOS) 2011. [PDF]

A Survey of Mobile Malware in the Wild

Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner
ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011. [PDF]

Introducing the Intel Science and Technology Center for Secure Computing

The SCRUB Center. [PDF]