2025
Scrooge: Detection of Changes in Web Applications to Enhance Security Testing.
Proceedings of the 11th International Conference on Information Systems Security and Privacy, 2025
2023
Adversarial attacks against mouse- and keyboard-based biometric authentication: black-box versus domain-specific techniques.
Int. J. Inf. Sec., December, 2023
On the Security of Containers: Threat Modeling, Attack Analysis, and Mitigation Strategies.
Comput. Secur., May, 2023
FooBaR: Fault Fooling Backdoor Attack on Neural Network Training.
IEEE Trans. Dependable Secur. Comput., 2023
Is Modeling Access Control Worth It?
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023
SealClub: Computer-aided Paper Document Authentication.
Proceedings of the Annual Computer Security Applications Conference, 2023
2022
Constrained Proximity Attacks on Mobile Targets.
ACM Trans. Priv. Secur., 2022
SealClub: Computer-aided Paper Document Authentication.
CoRR, 2022
Dynamic face authentication systems: Deep learning verification for camera close-Up and head rotation paradigms.
Comput. Secur., 2022
ATLAS: A Practical Attack Detection and Live Malware Analysis System for IoT Threat Intelligence.
Proceedings of the Information Security - 25th International Conference, 2022
A Siamese Neural Network for Scalable Behavioral Biometrics Authentication.
Proceedings of the Applied Cryptography and Network Security Workshops, 2022
Scalable and Secure HTML5 Canvas-Based User Authentication.
Proceedings of the Applied Cryptography and Network Security Workshops, 2022
2021
Combining behavioral biometrics and session context analytics to enhance risk-based static authentication in web applications.
Int. J. Inf. Sec., 2021
SCOPE: Secure Compiling of PLCs in Cyber-Physical Systems.
Int. J. Crit. Infrastructure Prot., 2021
Threat Modeling and Security Analysis of Containers: A Survey.
CoRR, 2021
AttkFinder: Discovering Attack Vectors in PLC Programs using Information Flow Analysis.
Proceedings of the RAID '21: 24th International Symposium on Research in Attacks, 2021
Centy: Scalable Server-Side Web Integrity Verification System Based on Fuzzy Hashes.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2021
Scanning the Cycle: Timing-based Authentication on PLCs.
Proceedings of the ASIA CCS '21: ACM Asia Conference on Computer and Communications Security, 2021
2020
<i>NoiSense Print</i>: Detecting Data Integrity Attacks on Sensor Measurements Using Hardware-based Fingerprints.
ACM Trans. Priv. Secur., 2020
CIMA: Compiler-Enforced Resilience Against Memory Safety Attacks in Cyber-Physical Systems.
Comput. Secur., 2020
Machine Learning Techniques for Identity Document Verification in Uncontrolled Environments: A Case Study.
Proceedings of the Pattern Recognition - 12th Mexican Conference, 2020
SCRAP: Synthetically Composed Replay Attacks vs. Adversarial Machine Learning Attacks against Mouse-based Biometric Authentication.
Proceedings of the AISec@CCS 2020: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security, 2020
Risk-based Authentication Based on Network Latency Profiling.
Proceedings of the AISec@CCS 2020: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security, 2020
2019
Leveraging Compression-Based Graph Mining for Behavior-Based Malware Detection.
IEEE Trans. Dependable Secur. Comput., 2019
Practical static analysis of context leaks in Android applications.
Softw. Pract. Exp., 2019
Improving Network Intrusion Detection Classifiers by Non-payload-Based Exploit-Independent Obfuscations: An Adversarial Approach.
EAI Endorsed Trans. Security Safety, 2019
Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures.
ACM Comput. Surv., 2019
Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing.
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, 2019
Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots.
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, 2019
Risk-Based Static Authentication in Web Applications with Behavioral Biometrics and Session Context Analytics.
Proceedings of the Applied Cryptography and Network Security Workshops, 2019
2018
The Wolf Of SUTD (TWOS): A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition.
J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 2018
Taming the War in Memory: A Resilient Mitigation Strategy Against Memory Safety Attacks in CPS.
CoRR, 2018
Insight into Insiders: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures.
CoRR, 2018
Detection of Masqueraders Based on Graph Partitioning of File System Access Events.
Proceedings of the 2018 IEEE Security and Privacy Workshops, 2018
Static analysis of context leaks in android applications.
Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Practice, 2018
Enforcing Full-Stack Memory-Safety in Cyber-Physical Systems.
Proceedings of the Engineering Secure Software and Systems - 10th International Symposium, 2018
Location Proximity Attacks Against Mobile Targets: Analytical Bounds and Attacker Strategies.
Proceedings of the Computer Security, 2018
<i>NoisePrint</i>: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems.
Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 2018
Finding Dependencies between Cyber-Physical Domains for Security Testing of Industrial Control Systems.
Proceedings of the 34th Annual Computer Security Applications Conference, 2018
2017
Jif-Based Verification of Information Flow Policies for Android Apps.
Int. J. Secur. Softw. Eng., 2017
NoiSense: Detecting Data Integrity Attacks on Sensor Measurements using Hardware based Fingerprints.
CoRR, 2017
Detection of Unauthorized IoT Devices Using Machine Learning Techniques.
CoRR, 2017
Gamifying Education and Research on ICS Security: Design, Implementation and Results of S3.
CoRR, 2017
ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis.
Proceedings of the Symposium on Applied Computing, 2017
Reasoning about Probabilistic Defense Mechanisms against Remote Attacks.
Proceedings of the 2017 IEEE European Symposium on Security and Privacy, 2017
Enforcing Memory Safety in Cyber-Physical Systems.
Proceedings of the Computer Security - ESORICS 2017 International Workshops, 2017
Design-time Quantification of Integrity in Cyber-physical Systems.
Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security, 2017
TWOS: A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition.
Proceedings of the 2017 International Workshop on Managing Insider Security Threats, Dallas, TX, USA, October 30, 2017
SIPHON: Towards Scalable High-Interaction Physical Honeypots.
Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, 2017
Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3.
Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, 2017
Legacy-Compliant Data Authentication for Industrial Control System Traffic.
Proceedings of the Applied Cryptography and Network Security, 2017
2016
Q-Floid: Android Malware detection with Quantitative Data Flow Graphs.
Proceedings of the Singapore Cyber-Security Conference (SG-CRC) 2016, 2016
Enhancing Operation Security using Secret Sharing.
Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016), 2016
Umlchange - specifying model changes to support security verification of potential evolution.
Proceedings of the Software Engineering 2016, 2016
MalFlow: identification of C&C servers through host-based data flow profiling.
Proceedings of the 31st Annual ACM Symposium on Applied Computing, 2016
Generating behavior-based malware detection models with genetic programming.
Proceedings of the 14th Annual Conference on Privacy, Security and Trust, 2016
MACKE: compositional analysis of low-level vulnerabilities with symbolic execution.
Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, 2016
Sound and Precise Cross-Layer Data Flow Tracking.
Proceedings of the Engineering Secure Software and Systems - 8th International Symposium, 2016
MaxPace: Speed-constrained location queries.
Proceedings of the 2016 IEEE Conference on Communications and Network Security, 2016
2015
The Meaning of Attack-Resistant Programs.
CoRR, 2015
FEEBO: An Empirical Evaluation Framework for Malware Behavior Obfuscation.
CoRR, 2015
InnerCircle: A parallelizable decentralized privacy-preserving location proximity protocol.
Proceedings of the 13th Annual Conference on Privacy, Security and Trust, 2015
BetterTimes - Privacy-Assured Outsourced Multiplications for Additively Homomorphic Encryption on Finite Fields.
Proceedings of the Provable Security, 2015
A framework for empirical evaluation of malware detection resilience against behavior obfuscation.
Proceedings of the 10th International Conference on Malicious and Unwanted Software, 2015
A Framework for Measuring Software Obfuscation Resilience against Automated Attacks.
Proceedings of the 1st IEEE/ACM International Workshop on Software Protection, 2015
Idea: Unwinding Based Model-Checking and Testing for Non-Interference on EFSMs.
Proceedings of the Engineering Secure Software and Systems - 7th International Symposium, 2015
Idea: Benchmarking Indistinguishability Obfuscation - A Candidate Implementation.
Proceedings of the Engineering Secure Software and Systems - 7th International Symposium, 2015
Short Paper: The Meaning of Attack-Resistant Systems.
Proceedings of the 10th ACM Workshop on Programming Languages and Analysis for Security, 2015
Robust and Effective Malware Detection Through Quantitative Data Flow Graph Metrics.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2015
2014
Evolution of Security Engineering Artifacts: A State of the Art Survey.
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
Int. J. Secur. Softw. Eng., 2014
Specifying model changes with UMLchange to support security verification of potential evolution.
Comput. Stand. Interfaces, 2014
DAVAST: data-centric system level activity visualization.
Proceedings of the 11th Workshop on Visualization for Cyber Security, 2014
Model-Based Detection of CSRF.
Proceedings of the ICT Systems Security and Privacy Protection, 2014
Leakage Resilience against Concurrent Cache Attacks.
Proceedings of the Principles of Security and Trust - Third International Conference, 2014
Malware detection with quantitative data flow graphs.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014
2013
VERA: A Flexible Model-Based Vulnerability Testing Tool.
Proceedings of the Sixth IEEE International Conference on Software Testing, 2013
2012
Model based security guarantees and change.
PhD thesis, 2012
Automatic Quantification of Cache Side-Channels.
IACR Cryptol. ePrint Arch., 2012
Non-interference on UML State-Charts.
Proceedings of the Objects, Models, Components, Patterns - 50th International Conference, 2012
Indistinguishable regions in geographic privacy.
Proceedings of the ACM Symposium on Applied Computing, 2012
A Sound Decision Procedure for the Compositionality of Secrecy.
Proceedings of the Engineering Secure Software and Systems - 4th International Symposium, 2012
Security Guarantees and Evolution: From Models to Reality.
Proceedings of the Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS 2012), 2012
2011
Modelling Secure Systems Evolution: Abstract and Concrete Change Specifications.
Proceedings of the Formal Methods for Eternal Networked Software Systems, 2011
Incremental Security Verification for Evolving UMLsec models.
Proceedings of the Modelling Foundations and Applications - 7th European Conference, 2011
Model-Based Security Verification and Testing for Smart-cards.
Proceedings of the Sixth International Conference on Availability, 2011