Mohammad Mannan

IEEE Internet Things J., January, 2024

LURK-T: Limited Use of Remote Keys With Added Trust in TLS 1.3.

[BibT_eX]

[DOI]

IEEE Trans. Netw. Sci. Eng., 2024

On Detecting and Measuring Exploitable JavaScript Functions in Real-world Applications.

[BibT_eX]

[DOI]

Maryna Kluban

ACM Trans. Priv. Secur., 2024

WARNE: A stalkerware evidence collection tool.

[BibT_eX]

[DOI]

Forensic Sci. Int. Digit. Investig., 2024

Racing for TLS Certificate Validation: A Hijacker's Guide to the Android TLS Galaxy.

[BibT_eX]

[DOI]

Proceedings of the 33rd USENIX Security Symposium, 2024

"Trust Me Over My Privacy Policy": Privacy Discrepancies in Romantic AI Chatbot Apps.

[BibT_eX]

[DOI]

Abdelrahman Ragab

Proceedings of the IEEE European Symposium on Security and Privacy Workshops, 2024

Poster: Detecting Ransomware Attacks by Analyzing Replicated Block Snapshots Using Neural Networks.

[BibT_eX]

[DOI]

Seok Min Hong

Beom Heyn Kim

Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

2023

CDNs' Dark Side: Security Problems in CDN-to-Origin Connections.

[BibT_eX]

[DOI]

Behnam Shobiri

DTRAP, 2023

APTHunter: Detecting Advanced Persistent Threats in Early Stages.

[BibT_eX]

[DOI]

Moustafa Mahmoud

DTRAP, 2023

All Your Shops Are Belong to Us: Security Weaknesses in E-commerce Platforms.

[BibT_eX]

[DOI]

Rohan Pagey

Proceedings of the ACM Web Conference 2023, 2023

"My Privacy for their Security": Employees' Privacy Perspectives and Expectations when using Enterprise Security Software.

[BibT_eX]

[DOI]

Proceedings of the 32nd USENIX Security Symposium, 2023

Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case.

[BibT_eX]

[DOI]

Proceedings of the 26th International Symposium on Research in Attacks, 2023

No Place to Hide: Privacy Exposure in Anti-stalkerware Apps and Support Websites.

[BibT_eX]

[DOI]

Proceedings of the Secure IT Systems - 28th Nordic Conference, NordSec 2023, Oslo, Norway, 2023

Try On, Spied On?: Privacy Analysis of Virtual Try-On Websites and Android Apps.

[BibT_eX]

[DOI]

Abdelrahman Ragab

Proceedings of the Computer Security. ESORICS 2023 International Workshops, 2023

All Your IoT Devices Are Belong to Us: Security Weaknesses in IoT Management Platforms.

[BibT_eX]

[DOI]

Bhaskar Tejaswi

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy, 2023

2022

"Free" as in Freedom to Protest?

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2022

Blindfold: Keeping private keys in PKIs and CDNs out of sight.

[BibT_eX]

[DOI]

Hisham S. Galal

Comput. Secur., 2022

Et tu, Brute? Privacy Analysis of Government Websites and Mobile Apps.

[BibT_eX]

[DOI]

Aashish Adhikari

Proceedings of the WWW '22: The ACM Web Conference 2022, Virtual Event, Lyon, France, April 25, 2022

Silver Surfers on the Tech Wave: Privacy Analysis of Android Apps for the Elderly.

[BibT_eX]

[DOI]

Proceedings of the Security and Privacy in Communication Networks, 2022

Not so Immutable: Upgradeability of Smart Contracts on Ethereum.

[BibT_eX]

[DOI]

Mehdi Salehi

Jeremy Clark

Proceedings of the Financial Cryptography and Data Security. FC 2022 International Workshops, 2022

Got Sick and Tracked: Privacy Analysis of Hospital Websites.

[BibT_eX]

[DOI]

Xiufen Yu

Proceedings of the IEEE European Symposium on Security and Privacy, 2022

SAUSAGE: Security Analysis of Unix domain Socket usAGE in Android.

[BibT_eX]

[DOI]

Proceedings of the 7th IEEE European Symposium on Security and Privacy, 2022

No Salvation from Trackers: Privacy Analysis of Religious Websites and Mobile Apps.

[BibT_eX]

[DOI]

Pranay Kapoor

Proceedings of the Data Privacy Management, Cryptocurrencies and Blockchain Technology, 2022

Leaky Kits: The Increased Risk of Data Exposure from Phishing Kits.

[BibT_eX]

[DOI]

Bhaskar Tejaswi

Sajjad Pourali

Proceedings of the APWG Symposium on Electronic Crime Research, 2022

Hidden in Plain Sight: Exploring Encrypted Channels in Android Apps.

[BibT_eX]

[DOI]

Sajjad Pourali

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

On Measuring Vulnerable JavaScript Functions in the Wild.

[BibT_eX]

[DOI]

Maryna Kluban

Proceedings of the ASIA CCS '22: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May 2022, 2022

2021

Perspectives on the SolarWinds Incident.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2021

Parental Controls: Safer Internet Solutions or New Pitfalls?

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2021

On Securing Cloud-hosted Cyber-physical Systems Using Trusted Execution Environments.

[BibT_eX]

[DOI]

CoRR, 2021

On cloaking behaviors of malicious websites.

[BibT_eX]

[DOI]

Comput. Secur., 2021

Horus: A Security Assessment Framework for Android Crypto Wallets.

[BibT_eX]

[DOI]

Md Shahab Uddin

Proceedings of the Security and Privacy in Communication Networks, 2021

Red-Black Coins: Dai Without Liquidations.

[BibT_eX]

[DOI]

Mehdi Salehi

Jeremy Clark

Proceedings of the Financial Cryptography and Data Security. FC 2021 International Workshops, 2021

2020

Confronting the Limitations of Hardware-Assisted Security.

[BibT_eX]

[DOI]

N. Asokan

IEEE Secur. Priv., 2020

LURK: Server-Controlled TLS Delegation.

[BibT_eX]

[DOI]

Ioana Boureanu

Daniel Migault

Stere Preda

Hyame Assem Alamedine

Sanjay Mishra

Frederic Fieau

IACR Cryptol. ePrint Arch., 2020

The Sorry State of TLS Security in Enterprise Interception Appliances.

[BibT_eX]

[DOI]

Louis Waked

DTRAP, 2020

Securing Applications against Side-channel Attacks through Resource Access Veto.

[BibT_eX]

[DOI]

DTRAP, 2020

Chaperone: Real-time Locking and Loss Prevention for Smartphones.

[BibT_eX]

[DOI]

Proceedings of the 29th USENIX Security Symposium, 2020

ByPass: Reconsidering the Usability of Password Managers.

[BibT_eX]

[DOI]

Proceedings of the Security and Privacy in Communication Networks, 2020

Reboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devices.

[BibT_eX]

[DOI]

Proceedings of the ACSAC '20: Annual Computer Security Applications Conference, 2020

Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions.

[BibT_eX]

[DOI]

Proceedings of the ACSAC '20: Annual Computer Security Applications Conference, 2020

2019

Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys.

[BibT_eX]

[DOI]

IEEE Internet Things J., 2019

Privacy and Security Risks of "Not-a-Virus" Bundled Adware: The Wajam Case.

[BibT_eX]

[DOI]

CoRR, 2019

Towards a global perspective on web tracking.

[BibT_eX]

[DOI]

Comput. Secur., 2019

Another look at TLS ecosystems in networked devices vs. Web servers.

[BibT_eX]

[DOI]

Comput. Secur., 2019

On the null relationship between personality types and passwords.

[BibT_eX]

[DOI]

Proceedings of the 17th International Conference on Privacy, Security and Trust, 2019

TEE-aided Write Protection Against Privileged Data Tampering.

[BibT_eX]

[DOI]

Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

One-Time Programs Made Practical.

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 2019

On Privacy Risks of Public WiFi Captive Portals.

[BibT_eX]

[DOI]

Proceedings of the Data Privacy Management, Cryptocurrencies and Blockchain Technology, 2019

DeviceVeil: Robust Authentication for Individual USB Devices Using Physical Unclonable Functions.

[BibT_eX]

[DOI]

Proceedings of the 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2019

AppVeto: mobile application self-defense through resource access veto.

[BibT_eX]

[DOI]

Proceedings of the 35th Annual Computer Security Applications Conference, 2019

2018

Smart But Unsafe: Experimental Evaluation of Security and Privacy Practices in Smart Toys.

[BibT_eX]

[DOI]

CoRR, 2018

Using SafeKeeper to Protect Web Passwords.

[BibT_eX]

[DOI]

Proceedings of the Companion of the The Web Conference 2018 on The Web Conference 2018, 2018

SafeKeeper: Protecting Web Passwords using Trusted Execution Environments.

[BibT_eX]

[DOI]

Proceedings of the 2018 World Wide Web Conference on World Wide Web, 2018

On Understanding Permission Usage Contextuality in Android Apps.

[BibT_eX]

[DOI]

Md Zakir Hossen

Proceedings of the Data and Applications Security and Privacy XXXII, 2018

To Intercept or Not to Intercept: Analyzing TLS Interception in Network Appliances.

[BibT_eX]

[DOI]

Louis Waked

Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 2018

Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials.

[BibT_eX]

[DOI]

Proceedings of the 13th International Conference on Availability, Reliability and Security, 2018

2017

Protecting Web Passwords from Rogue Servers using Trusted Execution Environments.

[BibT_eX]

[DOI]

CoRR, 2017

Towards a comprehensive analytical framework for smart toy privacy practices.

[BibT_eX]

[DOI]

Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust, 2017

Short Paper: TLS Ecosystems in Networked Devices vs. Web Servers.

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 2017

2016

Deceptive Deletion Triggers Under Coercion.

[BibT_eX]

[DOI]

IEEE Trans. Inf. Forensics Secur., 2016

An evaluation of recent secure deduplication proposals.

[BibT_eX]

[DOI]

Vladimir Rabotka

J. Inf. Secur. Appl., 2016

Killed by Proxy: Analyzing Client-end TLS Interception Software.

[BibT_eX]

[DOI]

Proceedings of the 23rd Annual Network and Distributed System Security Symposium, 2016

Hypnoguard: Protecting Secrets across Sleep-wake Cycles.

[BibT_eX]

[DOI]

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

Sixth Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2016).

[BibT_eX]

[DOI]

Long Lu

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015

A Large-Scale Evaluation of High-Impact Password Strength Meters.

[BibT_eX]

[DOI]

ACM Trans. Inf. Syst. Secur., 2015

Peace vs. Privacy: Leveraging Conflicting Jurisdictions for Email Security.

[BibT_eX]

[DOI]

Proceedings of the 2015 New Security Paradigms Workshop, 2015

Gracewipe: Secure and Verifiable Deletion under Coercion.

[BibT_eX]

[DOI]

Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015

2014

Mobiflage: Deniable Storage Encryptionfor Mobile Devices.

[BibT_eX]

[DOI]

Adam Skillen

IEEE Trans. Dependable Secur. Comput., 2014

From Very Weak to Very Strong: Analyzing Password-Strength Meters.

[BibT_eX]

[DOI]

Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014

Detection of malicious payload distribution channels in DNS.

[BibT_eX]

[DOI]

Proceedings of the IEEE International Conference on Communications, 2014

Challenges and implications of verifiable builds for security-critical open-source software.

[BibT_eX]

[DOI]

Proceedings of the 30th Annual Computer Security Applications Conference, 2014

2013

Explicit authentication response considered harmful.

[BibT_eX]

[DOI]

Proceedings of the New Security Paradigms Workshop, 2013

On Implementing Deniable Storage Encryption for Mobile Devices.

[BibT_eX]

[DOI]

Adam Skillen

Proceedings of the 20th Annual Network and Distributed System Security Symposium, 2013

2012

Passwords for Both Mobile and Desktop Computers Appendix.

[BibT_eX]

[DOI]

Passwords for Both Mobile and Desktop Computers: ObPwd for Firefox and Android.

[BibT_eX]

[DOI]

Revisiting Defenses against Large-Scale Online Password Guessing Attacks.

[BibT_eX]

[DOI]

Mansour Alsaleh

IEEE Trans. Dependable Secur. Comput., 2012

Lightweight Client-Side Methods for Detecting Email Forgery.

[BibT_eX]

[DOI]

Eric Lin

John Aycock

Proceedings of the Information Security Applications - 13th International Workshop, 2012

2011

User Study, Analysis, and Usable Security of Passwords Based on Digital Objects.

[BibT_eX]

[DOI]

IEEE Trans. Inf. Forensics Secur., 2011

Leveraging personal devices for stronger password authentication from untrusted computers.

[BibT_eX]

[DOI]

J. Comput. Secur., 2011

Mercury: Recovering Forgotten Passwords Using Personal Devices.

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 2011

Unicorn: two-factor attestation for data security.

[BibT_eX]

[DOI]

Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

2009

Reducing threats from flawed security APIs: The banking PIN case.

[BibT_eX]

[DOI]

Comput. Secur., 2009

2008

Privacy-enhanced sharing of personal content on the web.

[BibT_eX]

[DOI]

Proceedings of the 17th International Conference on World Wide Web, 2008

Digital Objects as Passwords.

[BibT_eX]

[DOI]

Proceedings of the 3rd USENIX Workshop on Hot Topics in Security, 2008

Localization of credential information to address increasingly inevitable data breaches.

[BibT_eX]

[DOI]

Proceedings of the 2008 Workshop on New Security Paradigms, 2008

Weighing Down "The Unbearable Lightness of PIN Cracking".

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 12th International Conference, 2008

2007

Security and usability: the gap in real-world online banking.

[BibT_eX]

[DOI]

Proceedings of the 2007 Workshop on New Security Paradigms, White Mountain Hotel and Resort, New Hampshire, USA, 2007

Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer.

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 2007

2006

A Protocol for Secure Public Instant Messaging.

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 2006

2005

On instant messaging worms, analysis and countermeasures.

[BibT_eX]

[DOI]

Proceedings of the 2005 ACM Workshop on Rapid Malcode, 2005

2004

Secure Public Instant Messaging.

[BibT_eX]

[DOI]