Publications (by year)
View [ by type : by year : all (with superceded) ]
2025
- Giacomo Benedetti, Oreofe Solarin, Courtney Miller, Greg Tystahl, William Enck, Christian Kästner, Alexandros Kapravelos, Alessio Merlo, and Luca Verderame, An Empirical Study on Reproducible Packaging in Open-Source Ecosystems, in Proceedings of the IEEE/ACM International Conference on Software Engineering (ICSE), Apr. 2025.
2024
- David Adei, Varun Madathil, Sathvik Prasad, Bradley Reaves, and Alessandra Scafuro, Jäger: Automated Telephone Call Traceback, in Proceedings of the ACM Conference on Computer and Communications Security, Oct. 2024.
- Nathaniel Bennett, Weidong Zhu, Benjamin Simon, Ryon Kennedy, William Enck, Patrick Traynor, and Kevin Butler, RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces, in Proceedings of the ACM Conference on Computer and Communications Security (CCS), Oct. 2024.
- Rami Sammak, Anna Lena Rotthaler, Harshini Sri Ramulu, Dominik Wermke, and Yasemin Acar, Developers’ Approaches to Software Supply Chain Security: An Interview Study, in Proceedings of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED 2024), Oct. 2024.
- Alexander J. Ross, Bradley Reaves, Yomna Nasser, Gil Cukierman, and Roger Piqueras Jover, Fixing Insecure Cellular System Information Broadcasts For Good, in International Symposium on Research in Attacks, Intrusions and Defenses, Sep. 2024.
- Harshini Sri Ramulu, Helen Schmitt, Dominik Wermke, and Yasemin Acar, Security and Privacy Software Creators’ Perspectives on Unintended Consequences, in Proceedings of the 33rd USENIX Security Symposium (USENIX Sec ’24), Aug. 2024.
[PDF] - Nikolaos Pantelaios and Alexandros Kapravelos, FV8: A Forced Execution JavaScript Engine for Detecting Evasive Techniques, in Proceedings of the USENIX Security Symposium, Aug. 2024.
- Nusrat Zahan, Yasemin Acar, Michel Cukier, William Enck, Alexandros Kapravelos, Christian Kästner, Dominik Wermke, and Laurie Williams, S3C2 Summit 2023-11: Industry Secure Supply Chain Summit. Aug-2024. arXiv:2408.16529.
[PDF] - Trevor Dunlap, Elizabeth Lin, William Enck, and Bradley Reaves, VFCFinder: Pairing Security Advisories and Patches, in Proceedings of the ACM ASIA Conference on Computer and Communications Security (AsiaCCS), Jul. 2024.
- K. Virgil English, Nathaniel Bennett, Seaver Thorn, Kevin Butler, William Enck, and Patrick Traynor, Examining Cryptography and Randomness Failures in Open-Source Cellular Cores, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), Jun. 2024.
- Juliane Schmüser, Harshini Sri Ramulu, Noah Wöhler, Christian Stransky, Felix Bensmann, Dimitar Dimitrov, Sebastian Schellhammer, Dominik Wermke, Stefan Dietze, Yasemin Acar, and Sascha Fahl, Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter, in Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI ’24), May 2024, pp. 1–16.
- Aleksandr Nahapetyan, Sathvik Prasad, Kevin Childs, Adam Oest, Yeganeh Ladwig, Alexandros Kapravelos, and Brad Reaves, On SMS Phishing Tactics and Infrastructure, in Proceedings of the IEEE Symposium on Security and Privacy, May 2024.
- Seaver Thorn, K. Virgil English, Kevin Butler, and William Enck, 5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network Functions, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2024.
- Isaac Polinsky, Pubali Datta, Adam Bates, and William Enck, GRASP: Hardening Serverless Applications through Graph Reachability Analysis of Security Policies, in Proceedings of ACM The Web Conference, May 2024.
- Greg Tystahl, Yasemin Acar, Michel Cukier, William Enck, Alexandros Kapravelos, Christian Kästner, Dominik Wermke, and Laurie Williams, S3C2 Summit 2024-03: Industry Secure Supply Chain Summit. May-2024. arXiv:2405.08762.
[PDF] - Sarah Elder, Md Rayhanur Rahman, Gage Fringer, Kunal Kapoor, and Laurie Williams, A Survey on Software Vulnerability Exploitability Assessment, ACM Comput. Surv., vol. 56, no. 8, Apr. 2024.
[PDF] - Lina Boughton, Courtney Miller, Yasemin Acar, Dominik Wermke, and Christian Kästner, Decomposing and Measuring Trust in Open-Source Software Supply Chains, in Proceedings of the IEEE/ACM 46th International Conference on Software Engineering: New Ideas and Emerging Results (IEEE/ACM ICSE-NIER ’24), Apr. 2024.
- Elizabeth Lin, Igibek Koishybayev, Trevor Dunlap, William Enck, and Alexandros Kapravelos, UntrustIDE: Exploiting Weaknesses in VS Code Extensions, in Proceedings of the ISOC Network and Distributed Systems Symposium (NDSS), Feb. 2024.
- Md Jakaria, Danny Yuxing Huang, and Anupam Das, Connecting the Dots: Tracing Data Endpoints in IoT Devices, Proceedings on Privacy Enhancing Technologies (PoPETs), vol. 2024, no. 3, 2024.
- Mohammad Shamim Ahsan, Md. Shariful Islam, Md. Shohrab Hossain, and Anupam Das, Detecting Smart Home Device Activities Using Packet-Level Signatures from Encrypted Traffic, IEEE Transactions on Dependable and Secure Computing, no. 01, pp. 1–12, 2024.
- Taufiq Islam Protick, Aafaq Sabir, S.B. Abhinaya, and Anupam Das, Unveiling Users’ Security and Privacy Concerns Regarding Smart Home IoT Products from Online Reviews, ACM Journal on Computing and Sustainable Societies, 2024.
- Nusrat Zahan, Philipp Burckhardt, Mikola Lysenko, Feross Aboukhadijeh, and Laurie Williams, MalwareBench: Malware samples are not enough, in 2024 IEEE/ACM 21st International Conference on Mining Software Repositories (MSR), 2024, pp. 728–732.
- Shaown Sarker, William Melicher, Oleksii Starov, Anupam Das, and Alexandros Kapravelos, Automated Generation of Behavioral Signatures for Malicious Web Campaigns, in Proceedings of the 27th Information Security Conference (ISC), 2024.
- Shaown Sarker, Aleksandr Nahapetyan, Anupam Das, and Alexandros Kapravelos, JSHint: Revealing API Usage to Improve Detection of Malicious JavaScript, in Proceedings of the 27th Information Security Conference (ISC), 2024.
- Abhinaya S.B., Aafaq Sabir, and Anupam Das, Enabling Developers, Protecting Users: Investigating Harassment and Safety in VR, in Proceedings of the 33rd USENIX Security Symposium (USENIX Security), 2024.
- Jiaxun Cao, Abhinaya S.B., Anupam Das, and Pardis Emami-Naeini, Understanding Parents’ Perceptions and Practices Toward Children’s Security and Privacy in Virtual Reality, in Proceedings of 45th IEEE Symposium on Security and Privacy (IEEE S&P), 2024.
- Sivana Hamer, Marcelo d’Amorim, and Laurie Williams, Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers, in 2024 IEEE Security and Privacy Workshops (SPW), 2024, pp. 87–94.
- Laurie Williams, Narrowing the Software Supply Chain Attack Vectors: The SSDF Is Wonderful but not Enough, IEEE Security & Privacy, vol. 22, no. 2, pp. 4–7, 2024.
2023
- Yu-Tsung Lee, Haining Chen, William Enck, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Giuseppe Petracca, and Trent Jaeger, PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage, IEEE Transactions on Dependable and Secure Computing, Aug. 2023. (early access).
- Sathvik Prasad, Trevor Dunlap, Alexander Ross, and Bradley Reaves, Diving into Robocall Content with {SnorCall}, in 32nd USENIX Security Symposium (USENIX Security 23), Aug. 2023, pp. 427–444.
- Dilawer Ahmed, Aafaq Sabir, and Anupam Das, Spying through your voice assistants: Realistic voice command fingerprinting, in Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Aug. 2023.
- Siddharth Muralee, Igibek Koishybayev, Aleksandr Nahapetyan, Greg Tystahl, Brad Reaves, Antonio Bianchi, William Enck, Alexandros Kapravelos, and Aravind Machiry, ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions, in Proceedings of the USENIX Security Symposium, Aug. 2023.
- William Enck, Yasemin Acar, Michel Cukier, Alexandros Kapravelos, Christian Kästner, and Laurie Williams, S3C2 Summit 2023-06: Government Secure Supply Chain Summit. Aug-2023. arXiv:2308.06850.
[PDF] - Zhouyu Li, Ruozhou Yu, Anupam Das, Shaohu Zhang, Huayue Gu, Xiaojian Wang, Fangtong Zhou, Aafaq Sabir, Dilawer Ahmed, and Ahsan Zafar, INSPIRE: Instance-level Privacy-preserving Transformation for Vehicular Camera Videos, in Proceedings of the 32nd International Conference on Computer Communications and Networks (ICCCN), Jul. 2023.
- Trevor Dunlap, Seaver Thorn, William Enck, and Bradley Reaves, Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis, in Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), Jul. 2023.
- Trevor Dunlap, Yasemin Acar, Michel Cucker, William Enck, Alexandros Kapravelos, Christian Kastner, and Laurie Williams, S3C2 Summit 2023-02: Industry Secure Supply Chain Summit. Jul-2023. arXiv:2307.16557.
[PDF] - Mindy Tran, Yasemin Acar, Michel Cucker, William Enck, Alexandros Kapravelos, Christian Kastner, and Laurie Williams, S3C2 Summit 2022-09: Industry Secure Suppy Chain Summit. Jul-2023. arXiv:2307.15642.
[PDF] - Shaohu Zhang, Aafaq Sabir, and Anupam Das, Speaker Orientation-Aware Privacy Control to Thwart Misactivation of Voice Assistants, in Proceedings of the 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Network (IEEE IFIP DSN), Jun. 2023.
- Iffat Anjum, Jessica Sokal, Hafiza Ramzah Rehman, Ben Weintraub, Ethan Leba, William Enck, Cristina Nitarotaru, and Bradley Reaves, MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy, in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), Jun. 2023.
- Nusrat Zahan, Shohanuzzaman Shohan, Dan Harris, and Laurie Williams, Do Software Security Practices Yield Fewer Vulnerabilities?, in 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), May 2023, pp. 292–303.
- Md Adnan Arefeen, Zhouyu Li, Md Yusuf Sarwar Uddin, and Anupam Das, MetaMorphosis: Task-oriented Privacy Cognizant Feature Generation for Multi-task Learning, in Proceedings of the 8th ACM/IEEE Conference on Internet of Things Design and Implementation (IoTDI), May 2023.
- Shaohu Zhang, Zhouyu Li, and Anupam Das, VoicePM: A Robust Privacy Measurement on Voice Anonymity, in Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2023.
- Marcel Fourné, Dominik Wermke, William Enck, Sascha Fahl, and Yasemin Acar, It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security, in Proceedings of the IEEE Symposium on Security and Privacy (S&P), May 2023.
- Shaohu Zhang, Daniel Nolting, and Anupam Das, Heat Marks the Spot: De-Anonymizing User’s Geographical Data on the Strava Heatmap, in 7th Workshop on Technology and Consumer Protection (ConPro), May 2023.
- Junhua Su and Alexandros Kapravelos, Automatic Discovery of Emerging Browser Fingerprinting Techniques, in Proceedings of The Web Conference (WWW), Apr. 2023.
- Ahsan Zafar and Anupam Das, Comparative Privacy Analysis of Mobile Browsers, in Proceedings of the 13th ACM Conference on Data and Application Security and Privacy (CODASPY), Apr. 2023.
- Nusrat Zahan, Elizabeth Lin, Mahzabin Tamanna, William Enck, and Laurie Williams, Software Bills of Materials Are Required. Are We There Yet?, IEEE Security and Privacy Magazine, vol. 21, no. 2, pp. 82–88, Mar. 2023. (column).
- Mohammad Sujan Miah, Mu Zhu, Alonso Granados, Nazia Sharmin, Iffat Anjum, Anthony Ortiz, Christopher Kiekintveld, William Enck, and Munindar P. Singh, Optimizing Honey Traffic Using Game Theory and Adversarial Learning, in Cyber Deception: Techniques, Strategies, and Human Aspects, Cham: Springer International Publishing, 2023, pp. 97–124.
[PDF] - Nusrat Zahan, Parth Kanakiya, Brian Hambleton, Shohanuzzaman Shohan, and Laurie Williams, Openssf scorecard: On the path toward ecosystem-wide automated security metrics, IEEE Security & Privacy, vol. 21, no. 6, pp. 76–88, 2023.
- Giorgos Vasiliadis, Apostolos Karampelas, Alexandros Shevtsov, Panagiotis Papadopoulos, Sotiris Ioannidis, and Alexandros Kapravelos, WRIT: Web Request Integrity and Attestation against Malicious Browser Extensions, IEEE Transactions on Dependable and Secure Computing, 2023.
- Nasif Imtiaz and Laurie Williams, Are your dependencies code reviewed?: Measuring code review coverage in dependency updates, IEEE Transactions on Software Engineering, 2023.
- Carl Landwehr, Michael K Reiter, Laurie Williams, Gene Tsudik, Trent Jaeger, Tadayoshi Kohno, and Apu Kapadia, Looking Backwards (and Forwards): NSF Secure and Trustworthy Computing 20-Year Retrospective Panel Transcription, IEEE Security & Privacy, vol. 21, no. 2, pp. 32–42, 2023.
- Md Rayhanur Rahman, Rezvan Mahdavi Hezaveh, and Laurie Williams, What are the attackers doing now? Automating cyberthreat intelligence extraction from text on pace with the changing threat landscape: A survey, ACM Computing Surveys, vol. 55, no. 12, pp. 1–36, 2023.
- Setu Kumar Basak, Jamison Cox, Bradley Reaves, and Laurie Williams, A Comparative Study of Software Secrets Reporting by Secret Detection Tools, in 2023 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2023, pp. 1–12.
- Eric Bodden, Sam Weber, and Laurie Williams, Empirical Evaluation of Secure Development Processes (Dagstuhl Seminar 23181), Dagstuhl Reports, vol. 13, no. 5, pp. 1–21, 2023.
[PDF]
2022
- Samin Yaseer Mahmud, K. Virgil English, Seaver Thorn, William Enck, Adam Oest, and Muhammad Saad, Analysis of Payment Service Provider SDKs in Android, in Proceedings of the Annual Computer Security Applications Conference (ACSAC), Dec. 2022.
- Sarah Elder, Nusrat Zahan, Rui Shu, Monica Metro, Valeri Kozarev, Tim Menzies, and Laurie A. Williams, Do I really need all this work to find vulnerabilities?, Empirical Software Engineering, vol. 27, Nov. 2022.
- Aafaq Sabir, Evan Lafontaine, and Anupam Das, Analyzing the Impact and Accuracy of Facebook Activity on Facebook’s Ad-Interest Inference Process, in Proceedings of the ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW), Nov. 2022.
- Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, and Laurie A. Williams, What are the Practices for Secret Management in Software Artifacts?, in Proceedings of the IEEE Secure Development Conference (SecDev), Oct. 2022.
- Laurie A. Williams, Trusting Trust: Humans in the Software Supply Chain Loop, IEEE Security and Privacy Magazine, vol. 20, Sep. 2022.
- Alessandra Scafuro, Black-Box Anonymous Commit-and-Prove, in Proceedings of Security and Cryptography for Networks: 13th International Conference, Sep. 2022.
- Varun Madathil, Alessandra Scafuro, Kemafor Anyanwu, Sen Qiao, Akash Pateria, and Binil Starly, Preserving Buyer-Privacy in Decentralized Supply Chain Marketplaces, in Proceedings of Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2022 International Workshops, Sep. 2022.
- Varun Madathil, Alessandra Scafuro, István András Seres, Omer Shlomovits, and Denis Varlakov, Private Signaling, in Proceedings of the USENIX Security Symposium, Aug. 2022.
- Igibek Koishybayev, Aleksandr Nahapetyan, Raima Zachariah, Siddharth Muralee, Brad Reaves, Alexandros Kapravelos, and Aravind Machiry, Characterizing the Security of Github CI Workflows, in Proceedings of the USENIX Security Symposium, Aug. 2022.
- Pubali Datta, Isaac Polinsky, Muhammad Adil Inam, Adam Bates, and William Enck, ALASTOR: Reconstructing the Provenance of Serverless Intrusions, in Proceedings of the USENIX Security Symposium, Aug. 2022.
- Sigmund Albert Gorski III, Seaver Thorn, William Enck, and Haining Chen, FReD: Identifying File Re-Delegation in Android System Services, in Proceedings of the USENIX Security Symposium, Aug. 2022.
- Dilawer Ahmed, Anupam Das, and Fareed Zaffar, Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices, Proceedings on Privacy Enhancing Technologies (PoPETs), vol. 2022, no. 2, Jul. 2022.
- Vanesa Daza, Abida Haque, Alessandra Scafuro, Alexandros Zacharakis, and Arantxa Zapico, Mutual Accountability Layer: Accountable Anonymity Within Accountable Trust, in Proceedings of the Cyber Security, Cryptology, and Machine Learning: 6th International Symposium, Jun. 2022.
- Varun Madathil, Chris Orsini, Alessandra Scafuro, and Daniele Venturi, From Privacy-Only to Simulatable OT: Black-Box, Round-Optimal, Information-Theoretic, in Proceedings of the 3rd Conference on Information-Theoretic Cryptography (ITC 2022), Jun. 2022.
- Karthika Subramani, Jordan Jueckstock, Alexandros Kapravelos, and Roberto Perdisci, SoK: Workerounds - Categorizing Service Worker Attacks and Mitigations, in Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), Jun. 2022.
- Iffat Anjum, Daniel Kostecki, Ethan Leba, Jessica Sokal, Rajit Bharambe, William Enck, Cristina Nita-Rotaru, and Bradley Reaves, Removing the Reliance on Perimeters for Security using Network Views, in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), Jun. 2022. (best student paper).
- Trevor Dunlap, William Enck, and Bradley Reaves, A Study of Application Sandbox Policies in Linux, in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), Jun. 2022.
- Dashmeet Kaur Ajmani, Igibek Koishybayev, and Alexandros Kapravelos, yoU aRe a Liar://A Unified Framework for Cross-Testing URL Parsers, in Proceedings of the IEEE SecWeb Workshop, Jun. 2022.
- Rezvan Mahdavi-Hezaveh, Nirav Ajmeri, and Laurie A. Williams, Feature toggles as code: Heuristics and metrics for structuring feature toggles, Information and Software Technology, vol. 145, May 2022.
- Md. Rayhanur Rahman, Nasif Imtiaz, Margaret-Anne D. Storey, and Laurie A. Williams, Why secret detection tools are not enough: It’s not just about false positives - An industrial case study, Empirical Software Engineering, vol. 27, May 2022.
- Rui Shu, Tianpei Xia, Laurie A. Williams, and Tim Menzies, Dazzle: Using Optimized Generative Adversarial Networks to Address Security Data Class Imbalance Issue, in Proceedings of the 19th International Conference on Mining Software Repositories, May 2022.
- Nusrat Zahan, Thomas Zimmermann, Patrice Godefroid, Brendan Murphy, Chandra Shekhar Maddila, and Laurie A. Williams, What are Weak Links in the npm Supply Chain?, in Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice, May 2022.
- Aafaq Sabir, Evan Lafontaine, and Anupam Das, Hey Alexa, Who Am I Talking to?: Analyzing Users’ Perception and Awareness Regarding Third-party Alexa Skills, in Proceedings of the 2022 ACM Conference on Human Factors in Computing Systems (CHI), Apr. 2022.
- Jordan Jueckstock, Peter Snyder, Shaown Sarker, Alexandros Kapravelos, and Ben Livshits, Measuring the Privacy vs. Compatibility Trade-off in Preventing Third-Party Stateful Tracking, in Proceedings of The Web Conference (WWW), Apr. 2022.
- Samin Yaseer Mahmud and William Enck, A Study of Security Weaknesses in Android Payment Service Provider SDKs, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, Apr. 2022.
- William Enck and Laurie Williams, Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations, IEEE Security and Privacy Magazine, vol. 20, no. 2, pp. 96–100, Mar. 2022. (column).
- Charles Weir, Sammy Migues, and Laurie A. Williams, Exploring the Shift in Security Responsibility, IEEE Security and Privacy Magazine, vol. 20, Feb. 2022.
- Rui Shu, Tianpei Xia, Laurie A. Williams, and Tim Menzies, Omni: automated ensemble with unexpected models against adversarial evasion attack, Empirical Software Engineering, vol. 27, Jan. 2022.
- Nasif Imtiaz, Aniqa Khanom, and Laurie Williams, Open or sneaky? fast or slow? light or heavy?: Investigating security releases of open source packages, IEEE Transactions on Software Engineering, vol. 49, no. 4, pp. 1540–1560, 2022.
2021
- Seyed Ali Akhavani, Jordan Jueckstock, Junhua Su, Alexandros Kapravelos, Engin Kirda, and Long Lu, Browserprint: An Analysis of the Impact of Browser Features on Fingerprintability and Web Privacy, in Proceedings of the Information Security Conference (ISC), Nov. 2021.
- Nasif Imtiaz, Seaver Thorn, and Laurie A. Williams, A comparative study of vulnerability reporting by software composition analysis tools, in Proceedings of the 15th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), Oct. 2021.
- Alessandra Scafuro and Bihan Zhang, One-time Traceable Ring Signatures, in Proceedings of the European Symposium on Research in Computer Security (ESORICS), Oct. 2021.
- Shaohu Zhang and Anupam Das, HandLock: Enabling 2-FA for Smart Home Voice Assistants using Inaudible Acoustic Signal, in Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Oct. 2021.
- Saikath Bhattacharya, Munindar P. Singh, and Laurie A. Williams, Software Security Readiness and Deployment, in IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), Oct. 2021.
- Charles Weir, Sammy Migues, Mike Ware, and Laurie A. Williams, Infiltrating security into development: exploring the world’s largest software security study, in Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Aug. 2021.
- Lorenzo Neil, Elijah Bouma-Sims, Evan Lafontaine, Yasemin Acar, and Bradley Reaves, Investigating Web Service Account Remediation Advice, in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Aug. 2021, pp. 359–376.
- Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, and Nick Nikiforakis, Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets, in Proceedings of the USENIX Security Symposium, Aug. 2021.
- Yu-Tsung Lee, William Enck, Haining Chen, Zhiyun Qian, Ninghui Li, Hayawardh Vijayakumar, Trent Jaeger, Giuseppe Petracca, and Daimeng Wang, PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems, in Proceedings of the USENIX Security Symposium, Aug. 2021.
- Tanusree Sharma, Md. Mirajul Islam, Anupam Das, S. M. Taiabul Haque, and Syed Ishtiaque Ahmed, Privacy during Pandemic: A Global View of Privacy Practices around COVID-19 Apps, in Proceedings of the ACM SIGCAS Conference on Computing and Sustainable Societies (COMPASS), Jun. 2021.
- Abida Haque, Varun Madathil, Bradley Reaves, and Alessandra Scafuro, Anonymous Device Authorization for Cellular Networks, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Jun. 2021.
- Isaac Polinsky, Pubali Datta, Adam Bates, and William Enck, SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless Computing, in Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), Jun. 2021.
- Ahsan Zafar, Aafaq Sabir, Dilawer Ahmed, and Anupam Das, Understanding the Privacy Implications of Adblock Plus’s Acceptable Ads, in Proceedings of the 16th ACM ASIA Conference on Computer and Communications Security (ASIACCS), Jun. 2021.
- Laurie A. Williams, The People Who Live in Glass Houses Are Happy the Stones Weren’t Thrown at Them [From the Editors], IEEE Security and Privacy Magazine, vol. 19, May 2021.
- A. Rahman and L. Williams, A Different Kind of Smell: Security Smells in Infrastructure as Code Scripts, IEEE Security and Privacy Magazine, vol. 19, no. 3, pp. 33–41, May 2021.
- Ivan Visconti Alessandra Scafuro Luisa Siniscalchi, Publicly Verifiable Zero Knowledge from (Collapsing) Blockchains, in Proceedings of the IACR International Conference on Practice and Theory of Public Key Cryptography (PKC), May 2021.
- Markulf Kohlweiss, Varun Madathil, Kartik Nayak, and Alessandra Scafuro, On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols, in Proceedings of the IEEE Symposium on Security and Privacy (SP), May 2021.
- S. Elder, N. Zahan, V. Kozarev, R. Shu, T. Menzies, and L. Williams, Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard, in Proceedings of the ICSE 2021 Joint Software Engineering Education and Training (JSEET), May 2021.
- Evan Lafontaine, Aafaq Sabir, and Anupam Das, Understanding People’s Attitude and Concerns towardsAdopting IoT Devices, in Proceedings CHI Conference on Human Factors in Computing Systems Extended Abstracts (CHI ’21 Extended Abstracts), May 2021.
- Quan Chen, Peter Snyder, Ben Livshits, and Alexandros Kapravelos, Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures, in Proceedings of the IEEE Symposium on Security and Privacy, May 2021.
- Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn, CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing, in Proceedings of the IEEE Symposium on Security and Privacy, May 2021.
- Rui Shu, Tianpei Xia, Jianfeng Chen, Laurie Williams, and Tim Menzies, How to Better Distinguish Security Bug Reports (Using Dual Hyperparameter Optimization), Empirical Software Engineering, vol. 26, Apr. 2021.
- Jordan Jueckstock, Shaown Sarker, Peter Snyder, Aidan Beggs, Panagiotis Papadopoulos, Matteo Varvello, Ben Livshits, and Alexandros Kapravelos, Towards Realistic and Reproducible Web Crawl Measurements, in Proceedings of the The Web Conference (WWW), Apr. 2021.
- Quan Chen, Panagiotis Ilia, Michalis Polychronakis, and Alexandros Kapravelos, Cookie Swap Party: Abusing First-Party Cookies for Web Tracking, in Proceedings of the The Web Conference (WWW), Apr. 2021.
- Iffat Anjum, Mu Zhu, Isaac Polinsky, William Enck, Michael K. Reiter, and Munindar Singh, Role-Based Deception in Enterprise Networks, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), Apr. 2021.
- Matthew McNiece, Ruidan Li, and Bradley Reaves, Characterizing the Security of Endogenous and Exogenous Desktop Application Network Flows, in Proceedings of the Passive and Active Measurement Conference (PAM), Mar. 2021.
- Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Yihui Zeng, Alexandros Kapravelos, Tiffany Bao, Ruoyu "Fish" Wang, Yan Shoshitaishvili, Adam Doupe, and Gail-Joon Ahn, Favocado: Fuzzing Binding Code of JavaScript Engines Using Semantically Correct Test Cases, in Proceedings of the Network and Distributed System Security Symposium (NDSS), Feb. 2021.
- Christopher Lentzsch, Sheel Jayesh Shah, Martin Degeling, Benjamin Andow, Anupam Das, and William Enck, Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem, in Proceedings of the ISOC Network and Distributed Systems Symposium (NDSS), Feb. 2021.
- Elijah Bouma-Sims and Bradley Reaves, A First Look at Scams on YouTube, in Proceedings of the Workshop on Measurements, Attacks, and Defenses for the Web, Feb. 2021.
- Rayhanur Rahman, Christopher Parnin, and Laurie Williams, Security Smells in Ansible and Chef Scripts: A Replication Study, ACM Transactions on Software Engineering (TOSEM), vol. 20, no. 1, Jan. 2021.
- Shikun Zhang, Yuanyuan Feng, Lujo Bauer, Lorrie Cranor, Anupam Das, and Norman Sadeh, “Did you know this camera tracks your mood?”: Understanding Privacy Expectations and Preferences in the Age of Video Analytics, Proceedings on Privacy Enhancing Technologies (PoPETS), vol. 2021, no. 2, 2021.
2020
- Richard Mitev, Anna Pazii, Markus Miettinen, William Enck, and Ahmad-Reza Sadeghi, LeakyPick: IoT Audio Spy Detector, in Proceedings of the Annual Computer Security Applications Conference (ACSAC), Dec. 2020.
(acceptance rate=23.2%) - Nikolaos Pantelaios, Nick Nikiforakis, and Alexandros Kapravelos, You’ve Changed: Detecting Malicious Browser Extensions through their Update Deltas, in Proceedings of the ACM Conference on Computer and Communications Security (CCS), Nov. 2020.
- M. R. Rahman, R. Mahdavi-Hezaveh, and L. Williams, A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts, in Proceedings of the International Conference on Data Mining Workshops (ICDMW), Nov. 2020, pp. 516–525.
- Shaown Sarker, Jordan Jueckstock, and Alexandros Kapravelos, Hiding in Plain Site: Detecting JavaScript Obfuscation through Concealed Browser API Usage, in Proceedings of the ACM Internet Measurement Conference (IMC), Oct. 2020.
- Igibek Koishybayev and Alexandros Kapravelos, Mininode: Reducing the Attack Surface of Node.js Applications, in Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Oct. 2020.
- A. Rahman, E. Farhana, and L. Williams, The ‘as code’ Activities: Development Anti-Patterns for Infrastructure as Code, Empirical Software Engineering, vol. 25, pp. 3430–3467, Sep. 2020.
- Rayhanur Rahman, William Enck, and Laurie Williams, Do Configuration Management Tools Make Systems More Secure? An Empirical Research Plan, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, Sep. 2020.
- Camille Cobb, Milijana Surbatovich, Anna Kawakami, Mahmood Sharif, Lujo Bauer, Anupam Das, and Limin Jia, The How Risky are Real Users’ IFTTT Applets?, in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Aug. 2020.
- Sathvik Prasad, Elijah Bouma-Sims, Athishay Kiran Mylappan, and Bradley Reaves, Who’s Calling? Characterizing Robocalls through Audio and Metadata Analysis, in Proceedings of the USENIX Security Symposium, Boston, MA, Aug. 2020.
(acceptance rate=16.3%) - Samin Yaseer Mahmud, Akhil Acharya, Benjamin Andow, William Enck, and Bradley Reaves, Cardpliance: PCI DSS Compliance of Android Applications, in Proceedings of the USENIX Security Symposium, Boston, MA, Aug. 2020.
(acceptance rate=16.3%) - Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman, Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck, in Proceedings of the USENIX Security Symposium, Boston, MA, Aug. 2020.
(acceptance rate=16.3%) - Abida Haque and Alessandra Scafuro, Threshold Ring Signatures: New Definitions and Post-quantum Security, in Proceedings of the IACR International Conference on Practice and Theory of Public-Key Cryptography (PKC), Jun. 2020, pp. 423–452.
[PDF] - Foteini Baldimtsi, Varun Madathil, Alessandra Scafuro, and Linfeng Zhou, Anonymous Lottery In The Proof-of-Stake Setting, in Proceedings of the IEEE Computer Security Foundations Symposium (CSF), Jun. 2020, pp. 318–333.
[PDF] - Luke Deshotels, Costin Carabas, Jordan Beichler, Razvan Deaconescu, and William Enck, Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS, in Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 2020.
(acceptance rate=12.3%) - Christopher Theisen and Laurie Williams, Better together: Comparing vulnerability prediction models, Information and Software Technology, vol. 119, Mar. 2020.
[PDF] - Isaac Polinsky, Kyle Martin, William Enck, and Mike Reiter, n-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), New Orleans, LA, Mar. 2020.
(acceptance rate=20%) - Mu Zhu, Mohammad Miah, Nazia Sharmin, Iffat Anjum, Christopher Kiekintveld, William Enck, and Munindar Singh, Optimizing Vulnerability-Driven Honey Traffic Using Game Theory, in Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security (AICS), Feb. 2020.
- Hui Guo, Özgür Kafali, Anne-Liz Jeukeng, Laurie Williams, and Munindar P. Singh, Çorba: crowdsourcing to obtain requirements from regulations and breaches, Empirical Software Engineering, vol. 25, no. 1, pp. 532–561, 2020.
2019
- Justin Whitaker, Sathvik Prasad, Bradley Reaves, and William Enck, Thou Shalt Discuss Security: Quantifying the Impacts of Instructions to RFC Authors, in Proceedings of the Security Standardisation Research Conference, Nov. 2019.
(acceptance rate=35%) - Zhe Yu, Christopher Theisen, Laurie A. Williams, and Tim Menzies, Improving vulnerability inspection efficiency using active learning, IEEE Transactions on Software Engineering, vol. 47, Oct. 2019.
- Jordan Jueckstock and Alexandros Kapravelos, VisibleV8: In-browser Monitoring of JavaScript in the Wild, in Proceedings of the ACM Internet Measurement Conference (IMC), Oct. 2019.
- Nasif Imtiaz, Brendan Murphy, and Laurie Williams, How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage, in Proceedings of the IEE International Symposium on Software Reliability Engineering (ISSRE), Oct. 2019, pp. 323–333.
[PDF] - Inger Anne Tøndel, Martin Gilje Jaatun, Daniela Soares Cruzes, and Laurie Williams, Collaborative security risk estimation in agile software development, Information and Computer Security, vol. 27, no. 4, pp. 508–535, Sep. 2019.
[PDF] - Md. Rayhanur Rahman, Akond Rahman, and Laurie Williams, Share, But be Aware: Security Smells in Python Gists, in Proceedings of the IEEE International Conference on Software Maintenance and Evolution (ICSME), Sep. 2019, pp. 536–540.
[PDF] - Nuthan Munaiah, Akond Rahman, Justin Pelletier, Laurie Williams, and Andrew Meneely, Characterizing Attacker Behavior in a Cybersecurity Penetration Testing Competition, in Proceedings of the ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), Sep. 2019, pp. 1–6.
[PDF] - Erik Trickel, Oleksii Starov, Alexandros Kapravelos, Nick Nikiforakis, and Adam Doupe, Everyone is Different: Client-side Diversification for Defending Against Extension Fingerprinting, in Proceedings of the USENIX Security Symposium, Aug. 2019.
- Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie, PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play, in Proceedings of the USENIX Security Symposium, Santa Clara, CA, Aug. 2019.
- Shafi Goldwasser, Rafail Ostrovsky, Alessandra Scafuro, and Adam Sealfon, Population Stability: Regulating Size in the Presence of an Adversary, in ACM Symposium on Principles of Distributed Computing (PODC), Toronto, Ontario, Canada, Jul. 2019.
- Aidan Beggs and Alexandros Kapravelos, Wild Extensions: Discovering and Analyzing Unlisted Chrome Extensions, in Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Jun. 2019.
- Oleksii Starov, Pierre Laperdrix, Alexandros Kapravelos, and Nick Nikiforakis, Unnecessarily Identifiable: Quantifying the fingerprintability of browser extensions due to bloat, in Proceedings of the World Wide Web Conference (WWW), May 2019.
- TJ OConnor, Reham Mohamed, Markus Miettinen, William Enck, Bradley Reaves, and Ahmad-Reza Sadeghi, HomeSnitch: Behavior Transparency and Control for Smart Home IoT Devices, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2019.
(acceptance rate=25.6%) - TJ OConnor, William Enck, and Bradley Reaves, Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2019.
(acceptance rate=25.6%) - Sigmund Albert Gorski III and William Enck, ARF: Identifying Re-Delegation Vulnerabilities in Android System Services, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2019.
(acceptance rate=25.6%) - Sanket Goutam, William Enck, and Bradley Reaves, Hestia: Simple Least Privilege Network Policies for Smart Homes, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2019. (short paper).
(acceptance rate=32.2%) - Alessandra Scafuro, Break-glass Encryption, in Proceedings of International Conference on Practice and Theory of Public-Key Cryptography (PKC), Apr. 2019.
(acceptance rate=24.3%) - Alessandra Scafuro, Luisa Siniscalchi, and Ivan Visconti, Publicly Verifiable Proofs from Blockchains, in Proceedings of International Conference on Practice and Theory of Public-Key Cryptography (PKC), Apr. 2019.
(acceptance rate=24.3%) - Sigmund Albert Gorski III, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden, and Alexandre Bartel, ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), Dallas, TX, Mar. 2019.
[PDF] (acceptance rate=23.5%) - Michael Meli, Matthew R. McNiece, and Bradley Reaves, How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories, in Proceedings of the Networked and Distributed Systems Security Symposium (NDSS), Feb. 2019.
(acceptance rate=17.1%) - Sigmund Albert Gorski III, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden, and Alexandre Bartel, ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, arXiv:1901.03603, Jan. 2019.
[PDF] (extends gan+19) - Reham Mohamed, Terrence O’Connor, Markus Miettinen, William Enck, and Ahmad-Reza Sadeghi, HONEYSCOPE: IoT Device Protection with Deceptive Network Views, in Autonomous Cyber Deception: Reasoning, Adaptive Planning, and Evaluation of HoneyThings, E. Al-Shaer, J. Wei, K. W. Hamlen, and C. Wang, Eds. Springer, 2019.
[PDF] - Laurie Williams, Science Leaves Clues, IEEE Security & Privacy Magazine, vol. 17, no. 5, pp. 4–6, 2019. (column).
2018
- Reaves, Bradley, Luis Vargas, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin R. B. Butler, Characterizing the Security of the SMS Ecosystem with Public Gateways, ACM Transactions on Privacy and Security (TOPS), vol. 22, no. 1, Dec. 2018.
- Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl, A Large Scale Investigation of Obfuscation Use in Google Play, in Proceedings of the Annual Computer Security Applications Conference (ACSAC), Dec. 2018.
(acceptance rate=20.1%) - Alexandros Kapravelos Quan Chen, Mystique: Uncovering Information Leakage from Browser Extensions, in Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, Oct. 2018.
- Luke Deshotels, Razvan Deaconescu, Costin Carabas, Iulia Manda, William Enck, Mihai Chiroiu, Ninghui Li, and Ahmad-Reza Sadeghi, iOracle: Automated Evaluation of Access Control Policies in iOS, in Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS), Songdo, Incheon, Korea, Jun. 2018.
[PDF] (acceptance rate=20.0%) - Christian Peeters, Hadi Abdullah, Nolen Scaife, Jasmine Bowers, Patrick Traynor, Bradley Reaves, and Kevin Butler, Sonar: Detecting SS7 Redirection Attacks Via Call Audio-Based Distance Bounding, in Proceedings of the 39th IEEE Symposium on Security and Privacy (S&P), May 2018.
(acceptance rate=10.4%) - Micah Bushouse and Douglas S. Reeves, Goalkeeper: Comprehensive process enforcement from the hypervisor, Computers & Security (CS), vol. 73, Mar. 2018.
- TJ OConnor, William Enck, W. Michael Petullo, and Akash Verma, PivotWall: SDN-Based Information Flow Control, in Proceedings of the ACM Symposium on SDN Research (SOSR), Los Angeles, CA, Mar. 2018.
(acceptance rate=28.6%) - Micah Bushouse and Douglas S. Reeves, Hyperagents: Migrating Host Agents to the Hypervisor, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), Tempe, AZ, Mar. 2018.
- Micah Bushouse and Douglas S. Reeves, Furnace: Self-service Tenant VMI for the Cloud, in Proceedings of the Recent Advances in Intrusion Detection (RAID), Heraklion, Crete, Greece, 2018.
2017
- Haining Chen, Ninghui Li, William Enck, Yousra Aafer, and Xiangyu Zhang, Analysis of SEAndroid Policies: Combining MAC and DAC in Android, in Proceedings of the Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, Dec. 2017.
(acceptance rate=19.7%) - Bradley Reaves, Logan Blue, Hadi Abdullah, Luis Vargas, Patrick Traynor, and Tom Shrimpton, AuthentiCall: Efficient Identity and Content Authentication for Phone Calls, in Proceedings of the USENIX Security Symposium, Vancouver, BC, Canada, Aug. 2017.
(acceptance rate=16.3%) - Adwait Nadkarni, Akash Verma, Vasant Tendulkar, and William Enck, Reliable Ad Hoc Smartphone Application Creation for End Users, in Intrusion Detection and Prevention for Mobile Ecosystems, CRC Press, Jul. 2017.
[PDF] - Benjamin Andow, Akhil Acharya, Dengfeng Li, William Enck, Kapil Singh, and Tao Xie, UiRef: Analysis of Sensitive User Inputs in Android Applications, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Jul. 2017.
[PDF] (acceptance rate=22.3%) - Payman Mohassel, Mike Rosulek, and Alessandra Scafuro, Sublinear Zero-Knowledge Arguments for RAM Programs, in Proceedings of the 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt 2017), Paris, France, May 2017.
[PDF] - Ruowen Wang, Ahmed M. Azab, William Enck, Ninghui Li, Peng Ning, Xun Chen, Wenbo Shen, and Yueqiang Cheng, SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android, in Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS), Apr. 2017.
(acceptance rate=18.7%) - Micah Bushouse, Sanghyun Ahn, and Douglas S. Reeves, Arav: monitoring a cloud’s virtual routers, in Proceedings of the 12th Cyber and Information Security Research Conference (CISRC), Oak Ridge, TN, Apr. 2017.
- Rui Shu, Xiaohui Gu, and William Enck, A Study of Security Vulnerabilities on Docker Hub, in Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), Scottsdale, Arizona, Mar. 2017.
- T-Chain: A General Incentive Scheme for Cooperative Computing., IEEE/ACM Transactions on Networking (TN), vol. 25, no. 1, Feb. 2017.
- Ethan Heilman, Foteini Baldimtsi, Leen Alshenibr, Alessandra Scafuro, and Sharon Goldberg, TumbleBit: An Untrusted Tumbler for Bitcoin-Compatible Anonymous Payments, in Proceedings of the Network and Distributed System Security Symposium 2017, San Diego, CA, Feb. 2017.
[PDF] (acceptance rate=14.2%) - Stephan Heuser, Bradley Reaves, Praveen Kumar Pendyala, Henry Carter, Alexandra Dmitrienko, William Enck, Negar Kiyavash, Ahmad-Reza Sadeghi, and Patrick Traynor, Phonion: Practical Protection of Metadata in Telephony Networks, Proceedings on Privacy Enhancing Technologies (PoPETS), vol. 2017, no. 1, Jan. 2017.
2016
- Bradley Reaves, Jasmine Bowers, Sigmund Albert Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, William Enck, and Patrick Traynor, *droid: Assessment and Evaluation of Android Application Analysis Tools, ACM Computing Surveys (CSUR), vol. 2016, no. 3, Dec. 2016.
- Mihir Bellare, Georg Fuchsbauer, and Alessandra Scafuro, NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion, in Proceedings of the 22nd Annual International Conference on the Theory and Applications of Cryptology and Information Security (Asiacrypt 2016), Hanoi, Vietnam, Dec. 2016.
[PDF] - Rui Shu, Peipei Wang, Sigmund A. Gorski III, Benjamin Andow, Adwait Nadkarni, Luke Deshotels, Jason Gionta, William Enck, and Xiaohui Gu, A Study of Security Isolation Techniques, ACM Computing Surveys (CSUR), vol. 49, no. 3, Oct. 2016.
[PDF] - Luke Deshotels, Razvan Deaconescu, Mihai Chiroiu, Lucas Davi, William Enck, and Ahmad-Reza Sadeghi, SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles, in Proceedings of the ACM Conference on Computer and Communications Security (CCS), Vienna, Austria, Oct. 2016.
(acceptance rate=16.5%) - Jason Gionta, William Enck, and Per Larsen, Preventing Kernel Code-Reuse Attacks Through Disclosure Resistant Code Diversification, in Proceedings of the IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, Oct. 2016.
(acceptance rate=29.0%) - Adwait Nadkarni, Benjamin Andow, William Enck, and Somesh Jha, Practical DIFC Enforcement on Android, in Proceedings of the USENIX Security Symposium, Austin, TX, Aug. 2016.
[PDF] (acceptance rate=15.6%) - Luca Invernizzi, Kurt Thomas, Alexandros Kapravelos, Oxana Comanescu, Jean-Michel Picod, and Elie Bursztein, Cloak of Visibility: Detecting When Machines Browse A Different Web, in Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Jose, CA, USA, May 2016.
[PDF] - Terrence OConnor and William Enck, Code-Stop: Code-Reuse Prevention By Context-Aware Traffic Proxying, in Proceedings of the International Conference on Internet Monitoring and Protection (ICIMP), Valencia, Spain, May 2016.
[PDF] (acceptance rate=28%) - Benjamin Andow, Adwait Nadkarni, Blake Bassett, William Enck, and Tao Xie, A Study of Grayware on Google Play, in Proceedings of the IEEE Mobile Security Technologies workshop (MoST), May 2016.
(acceptance rate=28.6%) - William Enck and Adwait Nadkarni, What if the FBI tried to crack an Android phone? We attacked one to find out, The Conversation, Mar. 2016.
[PDF]
2015
- Qian Liu, Anne Collins McLaughlin, Benjamin Watson, William Enck, and Agnes Davis, Multitasking Increases Stress and Insecure Behavior
on Mobile Devices, in Proceedings of the International Annual Meeting of the Human Factors and Ergonomics Society (HFES), Oct. 2015, pp. 1110–1114.
[PDF] - Ruowen Wang, William Enck, Douglas Reeves, Xinwen Zhang, Peng Ning, Dingbang Xu, Wu Zhou, and Ahmed Azab, EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning, in Proceedings of the USENIX Security Symposium, Washington, DC, Aug. 2015.
[PDF] (acceptance rate=15.7%) - Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck, AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context, in Proceedings of the International Conference on Software Engineering (ICSE), Firenze, Italy, May 2015.
[PDF] (acceptance rate=18.5%) - Jason Gionta, William Enck, and Peng Ning, HideM: Protecting the Contents of Userspace Memory in the Face of Disclosure Vulnerabilities, in Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, Mar. 2015.
[PDF] (acceptance rate=21.3%) - K. Shin, C. Joe-Wong, S. Ha, Y. Yi, I. Rhee, and D. Reeves, T-Chain: A General Incentive Scheme for Cooperative Computing, in Proceedings of the Intl. Conf. on Distributed Computing Systems (ICDCS), 2015.
2014
- Jason Gionta, Ahmed Azab, William Enck, Peng Ning, and Xiaolan Zhang, SEER: Practical Memory Virus Scanning as a Service, in Proceedings of the Annual Computer Security Applications Conference (ACSAC), New Orleans, LA, Dec. 2014.
[PDF] (acceptance rate=19.9%) - Stephan Heuser, Adwait Nadkarni, William Enck, and Ahmad-Reza Sadeghi, ASM: A Programmable Interface for Extending Android Security, in Proceedings of the USENIX Security Symposium, San Diego, CA, Aug. 2014.
[PDF] (acceptance rate=19.1%) (supercedes TUD-CS-2014-0063) - Jason Gionta, Ahmed Azab, William Enck, Peng Ning, and Xiaolan Zhang, DACSA: A Decoupled Architecture for Cloud Security Analysis, in Proceedings of the 7th Workshop on Cyber Security Experimentation and Test (CSET), Aug. 2014.
[PDF] (acceptance rate=40.0%) - Adwait Nadkarni, Anmol Sheth, Udi Weinsberg, Nina Taft, and William Enck, GraphAudit: Privacy Auditing for Massive Graph Mining, North Carolina State University, Department of Computer Science, Raleigh, NC, TR-2014-10, Aug. 2014.
- Adwait Nadkarni, Vasant Tendulkar, and William Enck, NativeWrap: Ad Hoc Smartphone Application Creation for End Users, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Oxford, United Kingdom, Jul. 2014.
[PDF] (acceptance rate=26.0%) - William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, ACM Transactions on Computer Systems (TOCS), vol. 32, no. 2, Jun. 2014.
(extends egc+10) - Vasant Tendulkar and William Enck, An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities, in Proceedings of the IEEE Mobile Security Technologies workshop (MoST), May 2014.
[PDF] (acceptance rate=36.7%) - Wei Yang, Xusheng Xiao, Rahul Pandita, William Enck, and Tao Xie, Improving Mobile Application Security via Bridging User Expectations and Application Behaviors, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, Apr. 2014.
- Agnes Davis, Ashwin Shashidharan, Qian Liu, William Enck, Anne Mclaughlin, and Benjamin Watson, Insecure Behaviors on Mobile Devices under Stress, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, Apr. 2014.
- Qian Liu, Juhee Bae, Benjamin Watson, and William Enck, Modeling and Sensing Risky User Behavior based on Mobile Devices, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session, Apr. 2014.
- William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime
Privacy Monitoring on Smartphones, Communications of the ACM, vol. 57, no. 3, Mar. 2014. Research Highlight.
- Tsung-Hsuan Ho, Daniel Dean, Xiaohui Gu, and William Enck, PREC: Practical Root Exploit Containment for Android Devices, in Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, Mar. 2014.
[PDF] (acceptance rate=16.0%) (supercedes TR-2012-12) - Stephan Heuser, Adwait Nadkarni, William Enck, and Ahmad-Reza Sadeghi, ASM: A Programmable Interface for Extending Android Security, Intel CRI-SC at TU Darmstadt, North Carolina State University, CASED / TU
Darmstadt, TUD-CS-2014-0063, Mar. 2014.
[PDF]
2013
- Younghee Park, Douglas S Reeves, and Mark Stamp, Deriving Common Malware Behavior Through Graph Clustering, Journal of Computers and Security, vol. 39, Nov. 2013.
- Adwait Nadkarni and William Enck, Preventing Accidental Data Disclosure in Modern Operating Systems, in Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, Nov. 2013.
[PDF] (acceptance rate=19.8%) - Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie, WHYPER: Towards Automating Risk Assessment of Mobile Applications, in Proceedings of the USENIX Security Symposium, Washington, D.C., Aug. 2013.
[PDF] (acceptance rate=16.2%) - Saurabh Chakradeo, Brad Reaves, Patrick Traynor, and William Enck, MAST: Triage for Market-scale Mobile Malware Analysis, in Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Budapest, Hungary, Apr. 2013. (\bf best paper).
[PDF] (acceptance rate=15.1%) - Vaibhav Rastogi, Yan Chen, and William Enck, AppsPlayground: Automatic Large-scale Dynamic Analysis of Android Applications, in Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, Feb. 2013.
[PDF] (acceptance rate=23.1%)
2012
- Vasant Tendulkar, Joe Pletcher, Ashwin Shashidharan, Ryan Snyder, Kevin Butler, and William Enck, Abusing Cloud-based Browsers for Fun and Profit, in Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), Orlando, FL, Dec. 2012.
[PDF] (acceptance rate=19.0%) - J.K. So and D. S. Reeves, AntiLiar: Defending Against Cheating Attacks in Mesh-Based Streaming, in Proceedings of IEEE Conference on Peer-to-Peer Computing (P2P12), Sep. 2012.
(acceptance rate=24.0%) - Tsung-Hsuan Ho, Daniel J. Dean, Xiaohui Gu, and William Enck, Less is More: Selective Behavior Learning for Efficient Android Root Exploit Detection, North Carolina State University, Department of Computer Science, Raleigh, NC, TR-2012-12, Sep. 2012.
- David Barrera, William Enck, and Paul C. van Oorschot, Meteor: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems, in Proceedings of the IEEE Mobile Security Technologies workshop (MoST), May 2012.
[PDF] (acceptance rate=39.3%) (supercedes TR-11-06) - Young June Pyun, Young Hee Park, Douglas S. Reeves, Xinyuan Wang, and Peng Ning, Interval-based flow watermarking for tracing interactive traffic, Computer Networks, vol. 56, no. 5, 2012.
- Kyuyong Shin and Douglas S. Reeves, Winnowing: Protecting P2P systems against pollution through cooperative index filtering, J. Network and Computer Applications, vol. 35, no. 1, 2012.
2011
- William Enck, Defending Users Against Smartphone Apps: Techniques and Future Directions, in Proceedings of 7th International Conference on Information Systems Security (ICISS), Kolkata, India, Dec. 2011. (Invited).
[PDF] - David Barrera, William Enck, and Paul C. van Oorschot, Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems, Carleton University, School of Computer Science, Ottawa, ON, Canada, TR-11-06, Apr. 2011.
[PDF] - Xinyuan Wang and Douglas S. Reeves, Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Flow Watermarking, IEEE Trans. Dependable Sec. Comput., vol. 8, no. 3, 2011.
- Young Hee Park and Douglas S. Reeves, Deriving common malware behavior through graph clustering, in ASIACCS, 2011.
(acceptance rate=20.0%) - Jung Ki So and Douglas S. Reeves, Adaptive neighbor management for cooperative P2P video-on-demand streaming, in IPCCC, 2011.
(acceptance rate=27.0%) - Jung Ki So and Douglas S. Reeves, Defending against Sybil Nodes in BitTorrent, in Networking, 2011.
(acceptance rate=22.0%)
2010
- Younghee Park and Douglas Reeves, Fast Malware Classification by Automated Behavioral Graph Matching, in Proceedings of 6th ACM Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW), Apr. 2010.
- Brent Rowe, Dallas Wood, and Douglas S. Reeves, How the Public Views Strategies Designed to Reduce the Threat of Botnets, in TRUST, 2010.
- Y. H. Park, Q. Zhang, D. S. Reeves, and V. Mulukutla, AntiBot: Clustering Common Semantic Patterns for Bot Detection, in Proceedings Of the 34th IEEE Computer Software and Applications Conf., 2010.
(acceptance rate=20.0%) - J. Du, X. Gu, and D. Reeves, Highly Available Component Sharing in Large-Scale Multi-Tenant Cloud Systems, in Proceedings of High Performance Distributed Computing, 2010.
2009
- Y. H. Park and D. S. Reeves, Identification of Bot Commands by Run-Time Execution Monitoring, in Proceedings Of the Annual Computer Security Applications Conference (ACSAC 2009), Dec. 2009.
- K. Shin, D. Reeves, and I. Rhee, Treat-Before-Trick : Free-riding Prevention for BitTorrent-like Peer-to-Peer Networks, in Proceedings Of Intl. Parallel and Distributed Processing Symposium , May 2009.
(acceptance rate=23.0%) - S. McKinney and D. Reeves, User Identification Via Process Profiling, in Proceedings Of Cyber Security and Information Intelligence Research Workshop, Apr. 2009.
2008
- TJ O’Connor and D. S. Reeves, Bluetooth Intrusion Detection, in Proceedings Of Annual Computer Security and Applications Conference (ACSAC 2008), Dec. 2008.
(acceptance rate=20.0%)
2007
- Q. Zhang and D. S. Reeves, Identification of Metamorphic Viruses and Worms, in Proceedings Of the Annual Computer Security Applications Conference, Dec. 2007.
(acceptance rate=20.0%) - Y. J. Pyun, Y. H. Park, X.Y. Wang, D. S. Reeves, and P. Ning, Tracing Traffic through Intermediate Hosts that Repacketize Flows, in Proceedings of the 26th Annual IEEE Conference on Computer Communications (Infocom 2007), May 2007.
(acceptance rate=18.0%) - Q. Zhang, D. S. Reeves, P. Ning, and S. P. Iyer, Analyzing network traffic to detect self-decrypting exploit code, in Proceedings of the 2nd ACM Symposium on Information, Computer, and Communications Security (ASIACCS 2007), Mar. 2007.
(acceptance rate=18.0%)
2006
- P. Peng, P. Ning, and D. Reeves, On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques, in Proceedings Of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2006.
(acceptance rate=15.0%)
2005
- P. Peng, P. Ning, D. Reeves, and X. Wang, Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets, in Proceedings Of the the 2nd International Workshop on Security in Distributed Computing Systems (SDCS 2005), 2005.
(acceptance rate=29.0%) - Q. Zhang, P. Ning, and D. Reeves, Defending Against Sybil Attacks in Sensor Networks, in Proceedings Of the the 2nd International Workshop on Security in Distributed Computing Systems (SDCS 2005), 2005.
(acceptance rate=29.0%)
2004
- P. Ning, Y. Cui, and D. S. Reeves, Analyzing Intensive Intrusion Alerts via Correlation, ACM Transactions on Information and System Security, vol. 7, no. 2, May 2004.
- Q. Jiang, D. Reeves, and P. Ning, Certificate Recommendations to Improve the Robustness of Webs of Trust, in Proc of the 7th International Security Conference (ISC2004), 2004.
(acceptance rate=35.0%) - P. Wang, P. Ning, and D. Reeves, Storage Efficient Stateless Group Key Revocation, in Proc of the 7th International Security Conference (ISC2004), 2004.
(acceptance rate=35.0%) - Y. Zhai, P. Ning, P. Iyer, and D. Reeves, Reasoning About Complementary Intrusion Evidence, in Proceedings Of the Annual Computer Security Applications Conference 2004 (ACSAC 2004), 2004.
- Q. Jiang and D. Reeves, Improving Robustness of PGP Keyrings through Conflict Detection, in Proceedings of RSA-CT (Cryptographer’s Track), 2004.
(acceptance rate=36.0%)
2003
- X. Wang and D. S. Reeves, Watermark Based Robust Correlation of Randomly Perturbed Encrypted Connections, in Proceedings of ACM Symposium on Computer and Communications Security (CCS), Oct. 2003.
(acceptance rate=14.0%)
2002
- P. Ning, Y. Cui, and D. Reeves, Constructing Attack Scenarios through Alert Correlation, in Proceedings of ACM Symposium on Computer and Communications Security (CCS), 2002.
(acceptance rate=18.0%) - P. Ning, Y. Cui, and D. Reeves, Analyzing Intensive Intrusion Alerts Via Correlation, in Proceedings Of the 5th Intl. Symposium on Recent Advances in Intrusion Detection (RAID 2002), 2002.
(acceptance rate=23.0%) - X. Wang, D. Reeves, and S. F. Wu, Inter-Packet Delay Based Correlation for Tracing Encrypted Connections Through Stepping Stones, in Proceedings Of the 7th European Symposium on Research in Computer Security (ESORICS 2002), 2002.
(acceptance rate=19.0%)
2001
- X. Wang, D. Reeves, and S. F. Wu, Tracing Based Active Intrusion Response, Journal of Information Warfare, Teamlink Australia Pty Ltd., vol. 1, no. 1, Sep. 2001.