Fabian Monrose

Angelos D. Keromytis

CoRR, 2024

Comparing Malware Evasion Theory with Practice: Results from Interviews with Expert Analysts.

[BibT_eX]

[DOI]

Proceedings of the Twentieth Symposium on Usable Privacy and Security, 2024

Towards Practical Fabrication Stage Attacks Using Interrupt-Resilient Hardware Trojans.

[BibT_eX]

[DOI]

Athanasios Moschos

Angelos D. Keromytis

Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust, 2024

CrashTalk: Automated Generation of Precise, Human Readable, Descriptions of Software Security Bugs.

[BibT_eX]

[DOI]

Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy, 2024

2023

Beyond The Gates: An Empirical Analysis of HTTP-Managed Password Stealers and Operators.

[BibT_eX]

[DOI]

Proceedings of the 32nd USENIX Security Symposium, 2023

Securely Autograding Cybersecurity Exercises Using Web Accessible Jupyter Notebooks.

[BibT_eX]

[DOI]

Mac Malone

Yicheng Wang

Proceedings of the 54th ACM Technical Symposium on Computer Science Education, Volume 1, 2023

Virtual Career Advisor System.

[BibT_eX]

[DOI]

Proceedings of the Mobile Web and Intelligent Information Systems, 2023

More Carrot or Less Stick: Organically Improving Student Time Management With Practice Tasks and Gamified Assignments.

[BibT_eX]

[DOI]

Mac Malone

Proceedings of the 2023 Conference on Innovation and Technology in Computer Science Education V. 1, 2023

Stale TLS Certificates: Investigating Precarious Third-Party Access to Valid TLS Keys.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM on Internet Measurement Conference, 2023

Improving Security Tasks Using Compiler Provenance Information Recovered At the Binary-Level.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022

Leveraging Disentangled Representations to Improve Vision-Based Keystroke Inference Attacks Under Low Data.

[BibT_eX]

[DOI]

John Lim

CoRR, 2022

Automatic Recovery of Fine-grained Compiler Artifacts at the Binary Level.

[BibT_eX]

[DOI]

Proceedings of the 2022 USENIX Annual Technical Conference, 2022

Separating the Wheat from the Chaff: Using Indexing and Sub-Sequence Mining Techniques to Identify Related Crashes During Bug Triage.

[BibT_eX]

[DOI]

Proceedings of the 22nd IEEE International Conference on Software Quality, 2022

Leveraging Disentangled Representations to Improve Vision-Based Keystroke Inference Attacks Under Low Data Constraints.

[BibT_eX]

[DOI]

John Lim

Proceedings of the CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy, Baltimore, MD, USA, April 24, 2022

View from Above: Exploring the Malware Ecosystem from the Upper DNS Hierarchy.

[BibT_eX]

[DOI]

Proceedings of the Annual Computer Security Applications Conference, 2022

2021

The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle.

[BibT_eX]

[DOI]

Proceedings of the 30th USENIX Security Symposium, 2021

DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection.

[BibT_eX]

[DOI]

Tapti Palit

Jarin Firose Moon

Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

An Online Gamified Learning Platform for Teaching Cybersecurity and More.

[BibT_eX]

[DOI]

Mac Malone

Yicheng Wang

Proceedings of the SIGITE '21: The 22nd Annual Conference on Information Technology Education, SnowBird, UT, USA, October 6, 2021

To Gamify or Not?: On Leaderboard Effects, Student Engagement and Learning Outcomes in a Cybersecurity Intervention.

[BibT_eX]

[DOI]

Proceedings of the SIGCSE '21: The 52nd ACM Technical Symposium on Computer Science Education, 2021

Applicable Micropatches and Where to Find Them: Finding and Applying New Security Hot Fixes to Old Software.

[BibT_eX]

[DOI]

Proceedings of the 14th IEEE Conference on Software Testing, Verification and Validation, 2021

2020

Revisiting the Threat Space for Vision-Based Keystroke Inference Attacks.

[BibT_eX]

[DOI]

Proceedings of the Computer Vision - ECCV 2020 Workshops, 2020

Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP.

[BibT_eX]

[DOI]

Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020

A Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New Bugs.

[BibT_eX]

[DOI]

Proceedings of the ACSAC '20: Annual Computer Security Applications Conference, 2020

2019

Measuring Attack Surface Reduction in the Presence of Code (Re-)Randomization.

[BibT_eX]

[DOI]

CoRR, 2019

SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security.

[BibT_eX]

[DOI]

Sanjeev Das

Jan Werner

Manos Antonakakis

Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

SoK: Security Evaluation of Home-Based IoT Deployments.

[BibT_eX]

[DOI]

Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves.

[BibT_eX]

[DOI]

Jan Werner

Joshua Mason

Manos Antonakakis

Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019

Mitigating data leakage by protecting memory-resident sensitive data.

[BibT_eX]

[DOI]

Tapti Palit

Proceedings of the 35th Annual Computer Security Applications Conference, 2019

2018

Tutorial: Parry and RIPOSTE: Honing Cybersecurity Skills with Challenge-Based Exercises.

[BibT_eX]

[DOI]

Jan Werner

Proceedings of the 2018 IEEE Cybersecurity Development, SecDev 2018, Cambridge, MA, USA, 2018

Security Risks in Asynchronous Web Servers: When Performance Optimizations Amplify the Impact of Data-Oriented Attacks.

[BibT_eX]

[DOI]

Proceedings of the 2018 IEEE European Symposium on Security and Privacy, 2018

2017

Revisiting Browser Security in the Modern Era: New Data-Only Attacks and Defenses.

[BibT_eX]

[DOI]

Proceedings of the 2017 IEEE European Symposium on Security and Privacy, 2017

Defeating Zombie Gadgets by Re-randomizing Code upon Disclosure.

[BibT_eX]

[DOI]

Proceedings of the Engineering Secure Software and Systems - 9th International Symposium, 2017

Caught Red-Handed: Toward Practical Video-Based Subsequences Matching in the Presence of Real-World Transformations.

[BibT_eX]

[DOI]

Proceedings of the 2017 IEEE Conference on Computer Vision and Pattern Recognition Workshops, 2017

Practical Attacks Against Graph-based Clustering.

[BibT_eX]

[DOI]

Yizheng Chen

Yacin Nadji

Athanasios Kountouras

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

2016

Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos.

[BibT_eX]

[DOI]

Proceedings of the 25th USENIX Security Symposium, 2016

Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks.

[BibT_eX]

[DOI]

Proceedings of the IEEE Symposium on Security and Privacy, 2016

Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-Wire.

[BibT_eX]

[DOI]

Proceedings of the 23rd Annual Network and Distributed System Security Symposium, 2016

Detecting Malicious Exploit Kits using Tree-based Similarity Searches.

[BibT_eX]

[DOI]

Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, 2016

No-Execute-After-Read: Preventing Code Disclosure in Commodity Software.

[BibT_eX]

[DOI]

Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016

2015

Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming.

[BibT_eX]

[DOI]

Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015

2014

Security Analysis and Related Usability of Motion-Based CAPTCHAs: Decoding Codewords in Motion.

[BibT_eX]

[DOI]

IEEE Trans. Dependable Secur. Comput., 2014

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection.

[BibT_eX]

[DOI]

Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

Isn't that Fantabulous: Security, Linguistic and Usability Challenges of Pronounceable Tokens.

[BibT_eX]

[DOI]

Proceedings of the 2014 workshop on New Security Paradigms Workshop, 2014

Watching the Watchers: Automatically Inferring TV Content From Outdoor Light Effusions.

[BibT_eX]

[DOI]

Yi Xu

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

2013

On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction of Typed Input from Compromising Reflections.

[BibT_eX]

[DOI]

IEEE Trans. Dependable Secur. Comput., 2013

Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization.

[BibT_eX]

[DOI]

Proceedings of the 2013 IEEE Symposium on Security and Privacy, 2013

Check My Profile: Leveraging Static Analysis for Fast and Accurate Detection of ROP Gadgets.

[BibT_eX]

[DOI]

Proceedings of the Research in Attacks, Intrusions, and Defenses, 2013

Clear and Present Data: Opaque Traffic and its Security Implications for the Future.

[BibT_eX]

[DOI]

Proceedings of the 20th Annual Network and Distributed System Security Symposium, 2013

Crossing the threshold: Detecting network malfeasance via sequential hypothesis testing.

[BibT_eX]

[DOI]

Proceedings of the 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2013

Seeing double: reconstructing obscured typed input from repeated compromising reflections.

[BibT_eX]

[DOI]

Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

2012

Trail of Bytes: New Techniques for Supporting Data Provenance and Limiting Privacy Breaches.

[BibT_eX]

[DOI]

Kevin Z. Snow

IEEE Trans. Inf. Forensics Secur., 2012

Understanding domain registration abuses.

[BibT_eX]

[DOI]

Comput. Secur., 2012

Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion.

[BibT_eX]

[DOI]

Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

Toward Efficient Querying of Compressed Network Payloads.

[BibT_eX]

[DOI]

Proceedings of the 2012 USENIX Annual Technical Conference, 2012

2011

SHELLOS: Enabling Fast Detection and Forensic Analysis of Code Injection Attacks.

[BibT_eX]

[DOI]

Proceedings of the 20th USENIX Security Symposium, 2011

Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks.

[BibT_eX]

[DOI]

Proceedings of the 32nd IEEE Symposium on Security and Privacy, 2011

On Measuring the Similarity of Network Hosts: Pitfalls, New Metrics, and Empirical Analyses.

[BibT_eX]

[DOI]

Scott E. Coull

Michael D. Bailey

Proceedings of the Network and Distributed System Security Symposium, 2011

An empirical study of the performance, security and privacy implications of domain name prefetching.

[BibT_eX]

[DOI]

Proceedings of the 2011 IEEE/IFIP International Conference on Dependable Systems and Networks, 2011

Amplifying limited expert input to sanitize large network traces.

[BibT_eX]

[DOI]

Xin Huang

Proceedings of the 2011 IEEE/IFIP International Conference on Dependable Systems and Networks, 2011

iSpy: automatic reconstruction of typed input from compromising reflections.

[BibT_eX]

[DOI]

Rahul Raguram

Andrew M. White

Dibyendusekhar Goswami

Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

2010

Peeking Through the Cloud: Client Density Estimation via DNS Cache Probing.

[BibT_eX]

[DOI]

Niels Provos

ACM Trans. Internet Techn., 2010

Uncovering Spoken Phrases in Encrypted Voice over IP Conversations.

[BibT_eX]

[DOI]

ACM Trans. Inf. Syst. Secur., 2010

Traffic classification using visual motifs: an empirical evaluation.

[BibT_eX]

[DOI]

Wilson Lian

John McHugh

Proceedings of the 7th International Symposium on Visualization for Cyber Security, 2010

DNS Prefetching and Its Privacy Implications: When Good Things Go Bad.

[BibT_eX]

[DOI]

Proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2010

The security of modern password expiration: an algorithmic framework and empirical analysis.

[BibT_eX]

[DOI]

Yinqian Zhang

Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

Trail of bytes: efficient support for forensic analysis.

[BibT_eX]

[DOI]

Kevin Z. Snow

Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

2009

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis.

[BibT_eX]

[DOI]

Scott E. Coull

Proceedings of the Network and Distributed System Security Symposium, 2009

Toward Resisting Forgery Attacks via Pseudo-Signatures.

[BibT_eX]

[DOI]

Jin Chen

Daniel P. Lopresti

Proceedings of the 10th International Conference on Document Analysis and Recognition, 2009

Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications.

[BibT_eX]

[DOI]

Proceedings of the Detection of Intrusions and Malware, 2009

English shellcode.

[BibT_eX]

[DOI]

Proceedings of the 2009 ACM Conference on Computer and Communications Security, 2009

TimeCapsule: secure recording of accesses to a protected datastore.

[BibT_eX]

[DOI]

Proceedings of the 1st ACM Workshop on Virtual Machine Security, 2009

2008

Masquerade: Simulating a Thousand Victims.

[BibT_eX]

[DOI]

To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads.

[BibT_eX]

Proceedings of the 17th USENIX Security Symposium, 2008

All Your iFRAMEs Point to Us.

[BibT_eX]

[DOI]

Niels Provos

Panayiotis Mavrommatis

Proceedings of the 17th USENIX Security Symposium, 2008

Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations.

[BibT_eX]

[DOI]

Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP 2008), 2008

Taming the Devil: Techniques for Evaluating Anonymized Network Data.

[BibT_eX]

[DOI]

Proceedings of the Network and Distributed System Security Symposium, 2008

Towards practical biometric key generation with randomized biometric templates.

[BibT_eX]

[DOI]

Proceedings of the 2008 ACM Conference on Computer and Communications Security, 2008

Peeking Through the Cloud: DNS-Based Estimation and Its Applications.

[BibT_eX]

[DOI]

Proceedings of the Applied Cryptography and Network Security, 6th International Conference, 2008

2007

Forgery Quality and Its Implications for Behavioral Biometric Security.

[BibT_eX]

[DOI]

Lucas Ballard

Daniel P. Lopresti

IEEE Trans. Syst. Man Cybern. Part B, 2007

Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob?

[BibT_eX]

[DOI]

Proceedings of the 16th USENIX Security Symposium, Boston, MA, USA, August 6-10, 2007, 2007

On Web Browsing Privacy in Anonymized NetFlows.

[BibT_eX]

[DOI]

Proceedings of the 16th USENIX Security Symposium, Boston, MA, USA, August 6-10, 2007, 2007

My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging.

[BibT_eX]

[DOI]

Proceedings of the First Workshop on Hot Topics in Understanding Botnets, 2007

Playing Devil's Advocate: Inferring Sensitive Information from Anonymized Network Traces.

[BibT_eX]

[DOI]

Proceedings of the Network and Distributed System Security Symposium, 2007

Toward Valley-Free Inter-domain Routing.

[BibT_eX]

[DOI]

Sophie Y. Qiu

Patrick D. McDaniel

Proceedings of IEEE International Conference on Communications, 2007

2006

On Inferring Application Protocol Behaviors in Encrypted Network Traffic.

[BibT_eX]

[DOI]

Gerald M. Masson

J. Mach. Learn. Res., 2006

On the impact of dynamic addressing on malware propagation.

[BibT_eX]

[DOI]

Proceedings of the 2006 ACM Workshop on Rapid Malcode, 2006

Using visual motifs to classify encrypted traffic.

[BibT_eX]

[DOI]

Gerald M. Masson

Proceedings of the 3rd International Workshop on Visualization for Computer Security, 2006

Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing.

[BibT_eX]

[DOI]

Lucas Ballard

Daniel P. Lopresti

Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31, 2006

Fast and Evasive Attacks: Highlighting the Challenges Ahead.

[BibT_eX]

[DOI]

Proceedings of the Recent Advances in Intrusion Detection, 9th International Symposium, 2006

Characterizing Address Use Structure and Stability of Origin Advertisement in Inter-domain Routing.

[BibT_eX]

[DOI]

Proceedings of the 11th IEEE Symposium on Computers and Communications (ISCC 2006), 2006

A multifaceted approach to understanding the botnet phenomenon.

[BibT_eX]

[DOI]

Proceedings of the 6th ACM SIGCOMM Internet Measurement Conference, 2006

Efficient Memory Bound Puzzles Using Pattern Databases.

[BibT_eX]

[DOI]

Sujata Doshi

Proceedings of the Applied Cryptography and Network Security, 4th International Conference, 2006

2005

Correlation-Resistant Storage via Keyword-Searchable Encryption.

[BibT_eX]

[DOI]

IACR Cryptol. ePrint Arch., 2005

Worm evolution tracking via timing analysis.

[BibT_eX]

[DOI]

Proceedings of the 2005 ACM Workshop on Rapid Malcode, 2005

On the Effectiveness of Distributed Worm Monitoring.

[BibT_eX]

[DOI]

Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, July 31, 2005

Achieving Efficient Conjunctive Keyword Searches over Encrypted Data.

[BibT_eX]

[DOI]

Lucas Ballard

Seny Kamara

Proceedings of the Information and Communications Security, 7th International Conference, 2005

An Extensible Platform for Evaluating Security Protocols.

[BibT_eX]

[DOI]

Proceedings of the Proceedings 38th Annual Simulation Symposium (ANSS-38 2005), 2005

2004

HMM profiles for network traffic classification.

[BibT_eX]

[DOI]

Gerald M. Masson

Proceedings of the 1st ACM Workshop on Visualization and Data Mining for Computer Security, 2004

On User Choice in Graphical Password Schemes.

[BibT_eX]

[DOI]

Darren Davis

Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, 2004

Time-Scoped Searching of Encrypted Audit Logs.

[BibT_eX]

[DOI]

Darren Davis

Proceedings of the Information and Communications Security, 6th International Conference, 2004

2002

Password hardening based on keystroke dynamics.

[BibT_eX]

[DOI]

Susanne Wetzel

Int. J. Inf. Sec., 2002

Toward Speech-Generated Cryptographic Keys on Resource-Constrained Devices.

[BibT_eX]

[DOI]

Proceedings of the 11th USENIX Security Symposium, 2002

2001

Cryptographic Key Generation from Voice.

[BibT_eX]

[DOI]

Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001

Using voice to generate cryptographic keys.

[BibT_eX]

[DOI]

Proceedings of the 2001: A Speaker Odyssey, 2001

2000

Keystroke dynamics as a biometric for authentication.

[BibT_eX]

[DOI]

Future Gener. Comput. Syst., 2000

Privacy-preserving global customization.

[BibT_eX]

[DOI]

Proceedings of the 2nd ACM Conference on Electronic Commerce (EC-00), 2000

1999

Toward Stronger User Authentication.

[BibT_eX]

[DOI]

PhD thesis, 1999

The Design and Analysis of Graphical Passwords.

[BibT_eX]

[DOI]

Proceedings of the 8th USENIX Security Symposium, Washington, DC, USA, August 23-26, 1999, 1999

Distributed Execution with Remote Audit.

[BibT_eX]

[DOI]

Peter Wyckoff

Proceedings of the Network and Distributed System Security Symposium, 1999

1998

Leaving the sandbox: Third party validation for Java applications.

[BibT_eX]

Ian H. Jermyn

Peter Wyckoff

Proceedings of the Computers and Their Applications (CATA-98), 1998

1997

Authentication via Keystroke Dynamics.

[BibT_eX]

[DOI]