m2kar / best-papers-in-computer-security

This repo collects the best papers from top 4 computer security conferences, including IEEE S&P, ACM CCS, USENIX Security, and NDSS.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Best Papers from Top Computer Security Conferences

This repo is inpired by the Awesome Best Papers. However, the Awesome Best Papers does not include the computer security fields. So, I collect the best papers from top 4 computer security conferences, including IEEE S&P, ACM CCS, USENIX Security, and NDSS.

All the data are collected manully. If you find any errors, please feel free to contribute to this repo. Also, you are welcome to add papers from other computer security conferences.

Future Work

  1. Add link to each paper.
  2. Add other awards, such as best student paper award, best practical award.
  3. Add best papers from other computer security conferences.

IEEE S&P

Best Paper Awards

Year Paper
2022 Four Attacks and a Proof for Telegram
Martin R. Albrecht (Royal Holloway, University of London), Lenka Mareková (Royal Holloway, University of London), Kenneth G. Paterson (ETH Zurich), Igors Stepanovs (ETH Zurich)
Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions
Hammond Pearce, Baleegh Ahmad, Benjamin Tan, Brendan Dolan-Gavitt, Ramesh Karri (NYU Tandon School of Engineering)
Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices
Haoqi Shan (University of Florida), Boyi Zhang (University of Florida), Zihao Zhan (University of Florida), Dean Sullivan (University of New Hampshire), Shuo Wang (University of Florida), Yier Jin (University of Florida)
Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects
Dominik Wermke (CISPA), Noah Woehler (CISPA), Jan H. Klemmer (Leibniz University Hannover), Marcel Fourné (MPI-SP), Yasemin Acar (George Washington University), Sascha Fahl (CISPA, Leibniz University Hannover)
2021 Compositional Security for Reentrant Applications
Ethan Cecchetti (Cornell University), Siqiu Yao (Cornell University), Haobin Ni (Cornell University), Andrew C. Myers (Cornell University)
Hardware-Software Contracts for Secure Speculation
Marco Guarnieri (IMDEA Software Institute), Boris Köpf (Microsoft Research), Jan Reineke (Saarland University), and Pepe Vila (IMDEA Software Institute)
2020 TRRespass: Exploiting the Many Sides of Target Row Refresh
Pietro Frigo (Vrije Universiteit Amsterdam), Emanuele Vannacci (Vrije Universiteit Amsterdam), Hasan Hassan (ETH Zürich), Victor van der Veen (Qualcomm Technologies, Inc.), Onur Mutlu (ETH Zürich), Cristiano Giuffrida (Vrije Universiteit Amsterdam), Herbert Bos (Vrije Universiteit Amsterdam), Kaveh Razavi (Vrije Universiteit Amsterdam)
2019 Spectre Attacks: Exploiting Speculative Execution
Paul Kocher (Independent (www.paulkocher.com)), Jann Horn (Google Project Zero), Anders Fogh (G DATA Advanced Analytics), Daniel Genkin (University of Pennsylvania and University of Maryland), Daniel Gruss (Graz University of Technology), Werner Haas (Cyberus Technology), Mike Hamburg (Rambus, Cryptography Research Division), Moritz Lipp (Graz University of Technology), Stefan Mangard (Graz University of Technology), Thomas Prescher (Cyberus Technology), Michael Schwarz (Graz University of Technology), Yuval Yarom (University of Adelaide and Data61)
2018 DEEPSEC: Deciding Equivalence Properties in Security Protocols -- Theory and Practice
Vincent Cheval (Inria Nancy & Loria), Steve Kremer (Inria Nancy & Loria), Itsaka Rakotonirina (Inria Nancy & Loria)
On Enforcing the Digital Immunity of a Large Humanitarian Organization
Stevens Le Blond (École Polytechnique Fédérale de Lausanne), Alejandro Cuevas (École Polytechnique Fédérale de Lausanne), Juan Ramón Troncoso-Pastoriza (École Polytechnique Fédérale de Lausanne), Philipp Jovanovic (École Polytechnique Fédérale de Lausanne), Bryan Ford (École Polytechnique Fédérale de Lausanne), Jean-Pierre Hubaux (École Polytechnique Fédérale de Lausanne)
2017 Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate
Karthikeyan Bhargavan (INRIA), Bruno Blanchet (INRIA), and Nadim Kobeissi (INRIA)
2016 A2: Analog Malicious Hardware
Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, and Dennis Sylvester (University of Michigan)
2015 A Messy State of the Union: Taming the Composite State Machines of TLS
Benjamin Beurdouche (INRIA), Karthikeyan Bhargavan (INRIA), Antoine Delignat-Lavaud (INRIA), Cédric Fournet (Microsoft Research), Markulf Kohlweiss (Microsoft Research), Alfredo Pironti (INRIA), Pierre-Yves Strub (IMDEA), Jean Karim Zinzindohoue (INRIA)
Riposte: An Anonymous Messaging System Handling Millions of Users
Henry Corrigan-Gibbs (Stanford University), Dan Boneh (Stanford University), David Mazières (Stanford University)
2014 Secure Multiparty Computations on Bitcoin
Marcin Andrychowicz (University of Warsaw) , Stefan Dziembowski (University of Warsaw and Sapienza University of Rome) , Daniel Malinowski, and Łukasz Mazurek (University of Warsaw)
2013 Pinocchio: Nearly Practical Verifiable Computation
Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova

ACM CCS

Best Paper Awards

Year Paper
2022 Victory by KO: Attacking OpenPGP Using Key Overwriting
Kenny Paterson, Lara Bruseghini, Daniel Huigens
Proving UNSAT in Zero Knowledge
Ning Luo, Timos Antonopoulos, William Harris, Ruzica Piskac, Eran Tromer, Xiao Wang
Automatic Detection of Speculative Execution Combinations
Xaver Fabian, Marco Patrignani, Marco Guarnieri
Zapper: Smart Contracts with Data and Identity Privacy
Samuel Steffen, Benjamin Bichsel, Martin Vechev
STAR: Secret Sharing for Private Threshold Aggregation Reporting
Alex Davidson, Peter Snyder, E. B. Quirk, Joseph Genereux, Hamed Haddadi, Benjamin Livshits
2021 XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
Lukas Knittel; Christian Mainka (Ruhr University Bochum); Marcus Niemietz (Niederrhein University of Applied Sciences); Dominik Trevor Noß Jörg Schwenk (Ruhr University Bochum)
One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization
Robert Buhren; Hans-Niklas Jacob; Thilo Krachenfels (Technische UniversitätBerlin - SECT); Jean-Pierre Seifert (Technische Universität Berlin - SECT & Fraunhofer SIT)
On the Renyi Differential Privacy of the Shuffle Model
Antonious M. Girgis; Deepesh Data; Suhas Diggavi (University of California Los Angeles); Ananda Theertha Suresh; Peter Kairouz (Google Research)
On the (In)Security of ElGamal in OpenPGP
Luca De Feo; Bertram Poettering; Alessandro Sorniotti (IBM Research Europe - Zurich)
V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing
Gaoning Pan (Zhejiang University & Ant Group); Xingwei Lin (Ant Group); Xuhong Zhang (Zhejiang University & Binjiang Institute of Zhejiang University); Yongkang Jia (Zhejiang University); Shouling Ji (Zhejiang University & Binjiang Institute of Zhejiang University); Chunming Wu (Zhejiang University); Xinlei Ying (Ant Group); Jiashui Wang (Ant Group); Yanjun Wu (Institute of Software, Chinese Academy of Sciences)
2020 DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels
Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan
2019 Where Does It Go? Refining Indirect-Call Targets with Multi-layer Type Analysis
Kangjie Lu and Hong Hu
2018 LEMNA: Explaining Deep Learning based Security Applications
Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, Xinyu Xing
Toward Detecting Violations of Differential Privacy
Ding Ding, Yuxin Wang, Guanhong Wang, Danfeng Zhang, Daniel Kifer
2017 Scaling ORAM for Secure Computation
Jack Doerner, Abhi Shelat
Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation
Shay Gueron, Yehuda Lindell
DolphinAttack: Inaudible Voice Commands
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation
Xiao Wang, Samuel Ranellucci, Jonathan Katz
A Formal Foundation for Secure Remote Execution of Enclaves
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia
2016 A Surfeit of SSH Cipher Suites
Martin R. Albrecht, Jean Paul Degabriele, Torben Brandt Hansen and Kenneth G. Paterson
A Systematic Analysis of the Juniper Dual EC Incident
Stephen Checkoway, Jacob Mankiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham
High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority
Toshinori Araki, Jun Furukawa, Yehuda Lindell, Ariel Nof and Kazuma Ohara
2015 Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice
David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Mathew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin Vandersloot, Eric Wustrow, Santiago Zanella-Béquelin, and Paul Zimmerman
Guitar: Piecing Together Android App GUIs From Memory Images
Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang and Dongyan Xu
Automated Analysis And Synthesis Of Authenticated Encryption Schemes
Viet Tung Hoang, Jonathan Katz and Alex J. Malozemoff
2014 Private-by-Design Advertising Meets the Real World Alexey Reznichenko and Paul Francis
Alexey Reznichenko and Paul Francis
Code Reuse Attacks in PHP: Automated POP Chain Generation
Johannes Dahse, Nikolai Krein and Thorsten Holz
Multi-ciphersuite security of the Secure Shell (SSH) protocol
Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk and Douglas Stebila
2013 FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis
Adam Waksman and Matthew Suozzo
Path ORAM: An Extremely Simple Oblivious RAM Protocol
Emil Stefanov, Christopher Fletcher, Ling Ren, and Xiangyao Yu
**Security Analysis of Integrated Circuit Camouflaging **
eyavijayan Rajendran and Michael Sam

USENIX Security

Best Paper Awards

Year Paper
2022 Dos and Don'ts of Machine Learning in Computer Security
Daniel Arp, Technische Universität Berlin; Erwin Quiring, Technische Universität Braunschweig; Feargus Pendlebury, King's College London and Royal Holloway, University of London and The Alan Turing Institute; Alexander Warnecke, Technische Universität Braunschweig; Fabio Pierazzi, King's College London; Christian Wressnegger, KASTEL Security Research Labs and Karlsruhe Institute of Technology; Lorenzo Cavallaro, University College London; Konrad Rieck, Technische Universität Braunschweig
OpenVPN is Open to VPN Fingerprinting
Diwen Xue, University of Michigan; Reethika Ramesh, University of Michigan; Arham Jain, University of Michigan; Michalis Kallitsis, Merit Network, Inc.; J. Alex Halderman, University of Michigan; Jedidiah R. Crandall, Arizona State University/Breakpointing Bad; Roya Ensafi, University of Michigan
FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing
Zenong Zhang, University of Texas at Dallas; Zach Patterson, University of Texas at Dallas; Michael Hicks, University of Maryland and Amazon; Shiyi Wei, University of Texas at Dallas
Attacks on Deidentification's Defenses
Aloni Cohen, University of Chicago
Augmenting Decompiler Output with Learned Variable Names and Types
Qibin Chen, Carnegie Mellon University; Jeremy Lacomis, Carnegie Mellon University; Edward J. Schwartz, Carnegie Mellon University Software Engineering Institute; Claire Le Goues, Carnegie Mellon University; Graham Neubig, Carnegie Mellon University; Bogdan Vasilescu, Carnegie Mellon University
The Antrim County 2020 Election Incident: An Independent Forensic Investigation
J. Alex Halderman, University of Michigan
Identity Confusion in WebView-based Mobile App-in-app Ecosystems
Lei Zhang, Fudan University; Zhibo Zhang, Fudan University; Ancong Liu, Fudan University; Yinzhi Cao, Johns Hopkins University; Xiaohan Zhang, Fudan University; Yanjun Chen, Fudan University; Yuan Zhang, Fudan University; Guangliang Yang, Fudan University; Min Yang, Fudan University
Provably-Safe Multilingual Software Sandboxing using WebAssembly
Jay Bosamiya, Carnegie Mellon University; Wen Shih Lim, Carnegie Mellon University; Bryan Parno, Carnegie Mellon University
An Audit of Facebook's Political Ad Policy Enforcement
Victor Le Pochat, imec-DistriNet, KU Leuven; Laura Edelson, New York University; Tom Van Goethem, imec-DistriNet, KU Leuven; Wouter Joosen, imec-DistriNet, KU Leuven; Damon McCoy, New York University; Tobias Lauinger, New York University
Private Signaling
Varun Madathil, North Carolina State University; Alessandra Scafuro, North Carolina State University; István András Seres, Eötvös Loránd University; Omer Shlomovits, ZenGo X; Denis Varlakov, ZenGo X
Faster Yet Safer: Logging System Via Fixed-Key Blockcipher
Viet Tung Hoang, Florida State University; Cong Wu, Florida State University; Xin Yuan, Florida State University
Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World
Giovanni Cherubin, Alan Turing Institute; Rob Jansen, U.S. Naval Research Laboratory; Carmela Troncoso, EPFL SPRING Lab
2021 Poisoning the Unlabeled Dataset of Semi-Supervised Learning
Nicholas Carlini, Google
You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion
Roei Schuster, Tel Aviv University and Cornell Tech; Congzheng Song, Cornell University; Eran Tromer, Tel Aviv University and Columbia University; Vitaly Shmatikov, Cornell Tech
Why wouldn't someone think of democracy as a target?: Security practices & challenges of people involved with U.S. political campaigns
Sunny Consolvo, Google; Patrick Gage Kelley, Google; Tara Matthews, Google; Kurt Thomas, Google; Lee Dunn, Google; Elie Bursztein, Google
An Analysis of Speculative Type Confusion Vulnerabilities in the Wild
Ofek Kirzner, Tel Aviv University; Adam Morrison, Tel Aviv University
Weaponizing Middleboxes for TCP Reflected Amplification
Kevin Bock, University of Maryland; Abdulrahman Alaraj, University of Colorado Boulder; Yair Fax, University of Maryland; Kyle Hurley, University of Maryland; Eric Wustrow, University of Colorado Boulder; Dave Levin, University of Maryland
Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks
Hany Ragab, Vrije Universiteit Amsterdam; Enrico Barberis, Vrije Universiteit Amsterdam; Herbert Bos, VU Amsterdam; Cristiano Giuffrida, VU Amsterdam
It's stressful having all these phones: Investigating Sex Workers' Safety Goals, Risks, and Practices Online
Allison McDonald, University of Michigan; Catherine Barwulor, Clemson University; Michelle L. Mazurek, University of Maryland; Florian Schaub, University of Michigan; Elissa M. Redmiles, Max Planck Institute for Software Systems
2020 Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale
Adam Oest, Arizona State University; Penghui Zhang, Arizona State University; Brad Wardman, PayPal; Eric Nunes, PayPal; Jakub Burgis, PayPal; Ali Zand, Google; Kurt Thomas, Google; Adam Doupé, Arizona State University; Gail-Joon Ahn, Arizona State University, Samsung Research
Retrofitting Fine Grain Isolation in the Firefox Renderer
Shravan Narayan, UC San Diego; Craig Disselkoen, UC San Diego; Tal Garfinkel, Stanford University; Nathan Froyd, Mozilla; Eric Rahm, Mozilla; Sorin Lerner, UC San Diego; Hovav Shacham, UT Austin; Deian Stefan, UC San Diego
Pancake: Frequency Smoothing for Encrypted Data Stores
Paul Grubbs, Cornell Tech; Anurag Khandelwal, Yale University; Marie-Sarah Lacharité, Royal Holloway, University of London; Lloyd Brown, University of California, Berkeley; Lucy Li, Cornell Tech; Rachit Agarwal, Cornell University; Thomas Ristenpart, Cornell Tech
Composition Kills: A Case Study of Email Sender Authentication
Jianjun Chen, International Computer Science Institute; Vern Paxson, University of California Berkeley and International Computer Science Institute; Jian Jiang, Shape Security
The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums
Emily Tseng, Cornell University; Rosanna Bellini, Open Lab, Newcastle University; Nora McDonald, University of Maryland, Baltimore County; Matan Danos, Weizmann Institute of Science; Rachel Greenstadt, New York University; Damon McCoy, New York University; Nicola Dell, Cornell Tech; Thomas Ristenpart, Cornell Tech
Symbolic execution with SymCC: Don't interpret, compile!
Sebastian Poeplau, EURECOM; Aurélien Francillon, EURECOM
The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs
Maik Ender, Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany; Amir Moradi, Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany; Christof Paar, Max Planck Institute for Cyber Security and Privacy and Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany
Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis
Sathvik Prasad, North Carolina State University; Elijah Bouma-Sims, North Carolina State University; Athishay Kiran Mylappan, North Carolina State University; Bradley Reaves, North Carolina State University
Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
Daniel Votipka, University of Maryland; Kelsey R. Fulton, University of Maryland; James Parker, University of Maryland; Matthew Hou, University of Maryland; Michelle L. Mazurek, University of Maryland; Michael Hicks, University of Maryland
Datalog Disassembly
Antonio Flores-Montoya, GrammaTech Inc.; Eric Schulte, GrammaTech Inc.
A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web
Elissa M. Redmiles, University of Maryland; Noel Warford, University of Maryland; Amritha Jayanti, University of Maryland; Aravind Koneru, University of Maryland; Sean Kross, University of California, San Diego; Miraida Morales, Rutgers University; Rock Stevens, University of Maryland; Michelle L. Mazurek, University of Maryland
2019 Computer Security and Privacy in the Interactions Between Victim Service Providers and Human Trafficking Survivors
Christine Chen, University of Washington; Nicola Dell, Cornell Tech; Franziska Roesner, University of Washington
Users Really Do Answer Telephone Scams
Huahong Tu, University of Maryland; Adam Doupé, Arizona State University; Ziming Zhao, Rochester Institute of Technology; Gail-Joon Ahn, Arizona State University and Samsung Research
Detecting and Characterizing Lateral Phishing at Scale
Grant Ho, UC Berkeley and Barracuda Networks; Asaf Cidon, Barracuda Networks and Columbia University; Lior Gavish, Barracuda Networks; Marco Schweighauser, Barracuda Networks; Vern Paxson, UC Berkeley and ICSI; Stefan Savage, UC San Diego; Geoffrey M. Voelker, UC San Diego; David Wagner, UC Berkeley
ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
Anjo Vahldiek-Oberwagner, Max Planck Institute for Software Systems, Saarland Informatics Campus; Eslam Elnikety, Max Planck Institute for Software Systems, Saarland Informatics Campus; Nuno O. Duarte, Max Planck Institute for Software Systems, Saarland Informatics Campus; Michael Sammler, Max Planck Institute for Software Systems, Saarland Informatics Campus; Peter Druschel, Max Planck Institute for Software Systems, Saarland Informatics Campus; Deepak Garg, Max Planck Institute for Software Systems, Saarland Informatics Campus
50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System
Joel Reardon, University of Calgary / AppCensus Inc.; Álvaro Feal, IMDEA Networks Institute / Universidad Carlos III Madrid; Primal Wijesekera, U.C. Berkeley / ICSI; Amit Elazari Bar On, U.C. Berkeley; Narseo Vallina-Rodriguez, IMDEA Networks Institute / ICSI / AppCensus Inc.; Serge Egelman, U.C. Berkeley / ICSI / AppCensus Inc.
Protecting accounts from credential stuffing with password breach alerting
Kurt Thomas, Google; Jennifer Pullman, Google; Kevin Yeo, Google; Ananth Raghunathan, Google; Patrick Gage Kelley, Google; Luca Invernizzi, Google; Borbala Benko, Google; Tadek Pietraszek, Google; Sarvar Patel, Google; Dan Boneh, Stanford; Elie Bursztein, Google
2018 Fear the Reaper: Characterization and Fast Detection of Card Skimmers
Nolen Scaife, University of Florida; Christian Peeters, University of Florida; Patrick Traynor, University of Florida
Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies
Gertjan Franken, imec-Distrinet, KU Leuven; Tom Van Goethem, imec-Distrinet, KU Leuven; Wouter Joosen, imec-Distrinet, KU Leuven
The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level
Rock Stevens, University of Maryland; Daniel Votipka, University of Maryland; Elissa M. Redmiles, University of Maryland; Colin Ahern, NYC Cyber Command; Patrick Sweeney, Wake Forest University; Michelle L. Mazurek, University of Maryland
NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications
Abeer Alhuzali, University of Illinois at Chicago; Rigel Gjomemo, University of Illinois at Chicago; Birhanu Eshete, University of Illinois at Chicago; V.N. Venkatakrishnan, University of Illinois at Chicago
QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
Insu Yun, Georgia Institute of Technology; Sangho Lee, Georgia Institute of Technology; Meng Xu, Georgia Institute of Technology; Yeongjin Jang, Oregon State University; Taesoo Kim, Georgia Institute of Technology
2017 CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
Adrian Tang, Columbia University; Simha Sethumadhavan, Columbia University; Salvatore Stolfo, Columbia University
A Longitudinal, End-to-End View of the DNSSEC Ecosystem
Taejoong Chung, Northeastern University; Roland van Rijswijk-Deij, University of Twente and SURFnet bv; Balakrishnan Chandrasekaran, TU Berlin; David Choffnes, Northeastern University; Dave Levin, University of Maryland; Bruce M. Maggs, Duke University and Akamai Technologies; Alan Mislove, Northeastern University; Christo Wilson, Northeastern University
Loophole: Timing Attacks on Shared Event Loops in Chrome
Pepe Vila, IMDEA Software Institute & Technical University of Madrid (UPM); Boris Köpf, IMDEA Software Institute
Detecting Credential Spearphishing in Enterprise Settings
Grant Ho, UC Berkeley; Aashish Sharma, The Lawrence Berkeley National Labratory; Mobin Javed, UC Berkeley; Vern Paxson, UC Berkeley and ICSI; David Wagner, UC Berkeley
MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning
Shiqing Ma, Purdue University; Juan Zhai, Nanjing University; Fei Wang, Purdue University; Kyu Hyung Lee, University of Georgia; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue University
Vale: Verifying High-Performance Cryptographic Assembly Code
Barry Bond, Microsoft Research; Chris Hawblitzel, Microsoft Research; Manos Kapritsos, University of Michigan; K. Rustan M. Leino, Microsoft Research; Jacob R. Lorch, Microsoft Research; Bryan Parno, Carnegie Mellon University; Ashay Rane, The University of Texas at Austin; Srinath Setty, Microsoft Research; Laure Thompson, Cornell University
2016 The Million-Key Question—Investigating the Origins of RSA Public Keys
Petr Švenda, Masaryk University; Matúš Nemec, Masaryk University; Peter Sekan, Masaryk University; Rudolf Kvašňovský, Masaryk University; David Formánek, Masaryk University; David Komárek, Masaryk University; Vashek Matyáš, Masaryk University
ZKBoo: Faster Zero-Knowledge for Boolean Circuits
Irene Giacomelli, Aarhus University; Jesper Madsen, Aarhus University; Claudio Orlandi, Aarhus University
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
William Melicher, Carnegie Mellon University; Blase Ur, Carnegie Mellon University; Sean M. Segreti, Carnegie Mellon University; Saranga Komanduri, Carnegie Mellon University; Lujo Bauer, Carnegie Mellon University; Nicolas Christin, Carnegie Mellon University; Lorrie Faith Cranor, Carnegie Mellon University
2015 Under-Constrained Symbolic Execution: Correctness Checking for Real Code
David A. Ramos, Stanford University; Dawson Engler, Stanford University
All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS
Mathy Vanhoef, Katholieke Universiteit Leuven; Frank Piessens, Katholieke Universiteit Leuven
2014 Automatically Detecting Vulnerable Websites Before They Turn Malicious
Kyle Soska, Carnegie Mellon University; Nicolas Christin, Carnegie Mellon University
DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse
Brendan Saltaformaggio, Purdue University; Zhongshu Gu, Purdue University; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue University
Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing
Matthew Fredrikson, University of Wisconsin—Madison; Eric Lantz, University of Wisconsin—Madison; Somesh Jha, University of WisconsinMadison; Simon Lin, Marshfield Clinic Research Foundation; David Page, University of Wisconsin—Madison; Thomas Ristenpart, University of Wisconsin—Madison
2013 Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation
Frank Imeson, University of Waterloo; Ariq Emtenan, University of Waterloo; Siddharth Garg, University of Waterloo; Mahesh Tripunitara, University of Waterloo
Control Flow Integrity for COTS Binaries
Mingwei Zhang, Stony Brook University; R. Sekar, Stony Brook University
2012 Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider
Ariel J. Feldman, Princeton University; Aaron Blankstein, Princeton University; Michael J. Freedman, Princeton University; Edward W. Felten, Princeton University
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
Nadia Heninger, University of California, San Diego; Zakir Durumeric, University of Michigan; Eric Wustrow, University of Michigan; J. Alex Halderman, University of Michigan

NDSS

Distinguished Paper Award

Year Paper
2021 Awakening the Web’s Sleeper Agents: Misusing Service Workers for Privacy Leakage
Soroush Karami, Panagiotis Ilia, Jason Polakis (University of Illinois at Chicago)
2020 Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites
Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori
2019 MBeacon: Privacy-Preserving Beacons for DNA Methylation Data
Inken Hagestedt (CISPA Helmholtz Center for Information Security), Yang Zhang (CISPA Helmholtz Center for Information Security), Mathias Humbert (Swiss Data Science Center, ETH Zurich/EPFL), Pascal Berrang (CISPA Helmholtz Center for Information Security), Haixu Tang (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington), Michael Backes (CISPA Helmholtz Center for Information Security)
Establishing Software Root of Trust Unconditionally
Virgil D. Gligor (Carnegie Mellon University), Maverick S. L. Woo (Carnegie Mellon University)
Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs
Eihal Alowaisheq (Indiana University, King Saud University), Peng Wang (Indiana University), Sumayah Alrwais (King Saud University), Xiaojing Liao (Indiana University), XiaoFeng Wang (Indiana University), Tasneem Alowaisheq (Indiana University, King Saud University), Xianghang Mi (Indiana University), Siyuan Tang (Indiana University), Baojun Liu (Tsinghua University)
Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai
Orcun Cetin (Delft University of Technology), Carlos Ganan (Delft University of Technology), Lisette Altena (Delft University of Technology), Takahiro Kasama (National Institute of Information and Communications Technology), Daisuke Inoue (National Institute of Information and Communications Technology), Kazuki Tamiya (Yokohama National University), Ying Tie (Yokohama National University), Katsunari Yoshioka (Yokohama National University), Michel van Eeten (Delft University of Technology)
2018 Knock Knock, Who’s There? Membership Inference on Aggregate Location Data
Apostolos Pyrgelis (UCL), Carmela Troncoso (EPFL), and Emiliano De Cristofaro (UCL)
Resolving the Predicament of Android Custom Permissions
Güliz Seray Tuncay, Soteris Demetriou, Karan Ganju, and Carl Gunter (UIUC)
2017 Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
Najmeh Miramirkhani, Oleksii Starov, Nick Nikiforakis
Ramblr: Making Reassembly Great Again
Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna

About

This repo collects the best papers from top 4 computer security conferences, including IEEE S&P, ACM CCS, USENIX Security, and NDSS.