This repo is inpired by the Awesome Best Papers. However, the Awesome Best Papers does not include the computer security fields. So, I collect the best papers from top 4 computer security conferences, including IEEE S&P, ACM CCS, USENIX Security, and NDSS.
All the data are collected manully. If you find any errors, please feel free to contribute to this repo. Also, you are welcome to add papers from other computer security conferences.
- Add link to each paper.
- Add other awards, such as best student paper award, best practical award.
- Add best papers from other computer security conferences.
| Year | Paper |
|---|---|
| 2022 | Four Attacks and a Proof for Telegram Martin R. Albrecht (Royal Holloway, University of London), Lenka Mareková (Royal Holloway, University of London), Kenneth G. Paterson (ETH Zurich), Igors Stepanovs (ETH Zurich) Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions Hammond Pearce, Baleegh Ahmad, Benjamin Tan, Brendan Dolan-Gavitt, Ramesh Karri (NYU Tandon School of Engineering) Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices Haoqi Shan (University of Florida), Boyi Zhang (University of Florida), Zihao Zhan (University of Florida), Dean Sullivan (University of New Hampshire), Shuo Wang (University of Florida), Yier Jin (University of Florida) Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects Dominik Wermke (CISPA), Noah Woehler (CISPA), Jan H. Klemmer (Leibniz University Hannover), Marcel Fourné (MPI-SP), Yasemin Acar (George Washington University), Sascha Fahl (CISPA, Leibniz University Hannover) |
| 2021 | Compositional Security for Reentrant Applications Ethan Cecchetti (Cornell University), Siqiu Yao (Cornell University), Haobin Ni (Cornell University), Andrew C. Myers (Cornell University) Hardware-Software Contracts for Secure Speculation Marco Guarnieri (IMDEA Software Institute), Boris Köpf (Microsoft Research), Jan Reineke (Saarland University), and Pepe Vila (IMDEA Software Institute) |
| 2020 | TRRespass: Exploiting the Many Sides of Target Row Refresh Pietro Frigo (Vrije Universiteit Amsterdam), Emanuele Vannacci (Vrije Universiteit Amsterdam), Hasan Hassan (ETH Zürich), Victor van der Veen (Qualcomm Technologies, Inc.), Onur Mutlu (ETH Zürich), Cristiano Giuffrida (Vrije Universiteit Amsterdam), Herbert Bos (Vrije Universiteit Amsterdam), Kaveh Razavi (Vrije Universiteit Amsterdam) |
| 2019 | Spectre Attacks: Exploiting Speculative Execution Paul Kocher (Independent (www.paulkocher.com)), Jann Horn (Google Project Zero), Anders Fogh (G DATA Advanced Analytics), Daniel Genkin (University of Pennsylvania and University of Maryland), Daniel Gruss (Graz University of Technology), Werner Haas (Cyberus Technology), Mike Hamburg (Rambus, Cryptography Research Division), Moritz Lipp (Graz University of Technology), Stefan Mangard (Graz University of Technology), Thomas Prescher (Cyberus Technology), Michael Schwarz (Graz University of Technology), Yuval Yarom (University of Adelaide and Data61) |
| 2018 | DEEPSEC: Deciding Equivalence Properties in Security Protocols -- Theory and Practice Vincent Cheval (Inria Nancy & Loria), Steve Kremer (Inria Nancy & Loria), Itsaka Rakotonirina (Inria Nancy & Loria) On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond (École Polytechnique Fédérale de Lausanne), Alejandro Cuevas (École Polytechnique Fédérale de Lausanne), Juan Ramón Troncoso-Pastoriza (École Polytechnique Fédérale de Lausanne), Philipp Jovanovic (École Polytechnique Fédérale de Lausanne), Bryan Ford (École Polytechnique Fédérale de Lausanne), Jean-Pierre Hubaux (École Polytechnique Fédérale de Lausanne) |
| 2017 | Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate Karthikeyan Bhargavan (INRIA), Bruno Blanchet (INRIA), and Nadim Kobeissi (INRIA) |
| 2016 | A2: Analog Malicious Hardware Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, and Dennis Sylvester (University of Michigan) |
| 2015 | A Messy State of the Union: Taming the Composite State Machines of TLS Benjamin Beurdouche (INRIA), Karthikeyan Bhargavan (INRIA), Antoine Delignat-Lavaud (INRIA), Cédric Fournet (Microsoft Research), Markulf Kohlweiss (Microsoft Research), Alfredo Pironti (INRIA), Pierre-Yves Strub (IMDEA), Jean Karim Zinzindohoue (INRIA) Riposte: An Anonymous Messaging System Handling Millions of Users Henry Corrigan-Gibbs (Stanford University), Dan Boneh (Stanford University), David Mazières (Stanford University) |
| 2014 | Secure Multiparty Computations on Bitcoin Marcin Andrychowicz (University of Warsaw) , Stefan Dziembowski (University of Warsaw and Sapienza University of Rome) , Daniel Malinowski, and Łukasz Mazurek (University of Warsaw) |
| 2013 | Pinocchio: Nearly Practical Verifiable Computation Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova |
| Year | Paper |
|---|---|
| 2022 | Victory by KO: Attacking OpenPGP Using Key Overwriting Kenny Paterson, Lara Bruseghini, Daniel Huigens Proving UNSAT in Zero Knowledge Ning Luo, Timos Antonopoulos, William Harris, Ruzica Piskac, Eran Tromer, Xiao Wang Automatic Detection of Speculative Execution Combinations Xaver Fabian, Marco Patrignani, Marco Guarnieri Zapper: Smart Contracts with Data and Identity Privacy Samuel Steffen, Benjamin Bichsel, Martin Vechev STAR: Secret Sharing for Private Threshold Aggregation Reporting Alex Davidson, Peter Snyder, E. B. Quirk, Joseph Genereux, Hamed Haddadi, Benjamin Livshits |
| 2021 | XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers Lukas Knittel; Christian Mainka (Ruhr University Bochum); Marcus Niemietz (Niederrhein University of Applied Sciences); Dominik Trevor Noß Jörg Schwenk (Ruhr University Bochum) One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization Robert Buhren; Hans-Niklas Jacob; Thilo Krachenfels (Technische UniversitätBerlin - SECT); Jean-Pierre Seifert (Technische Universität Berlin - SECT & Fraunhofer SIT) On the Renyi Differential Privacy of the Shuffle Model Antonious M. Girgis; Deepesh Data; Suhas Diggavi (University of California Los Angeles); Ananda Theertha Suresh; Peter Kairouz (Google Research) On the (In)Security of ElGamal in OpenPGP Luca De Feo; Bertram Poettering; Alessandro Sorniotti (IBM Research Europe - Zurich) V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing Gaoning Pan (Zhejiang University & Ant Group); Xingwei Lin (Ant Group); Xuhong Zhang (Zhejiang University & Binjiang Institute of Zhejiang University); Yongkang Jia (Zhejiang University); Shouling Ji (Zhejiang University & Binjiang Institute of Zhejiang University); Chunming Wu (Zhejiang University); Xinlei Ying (Ant Group); Jiashui Wang (Ant Group); Yanjun Wu (Institute of Software, Chinese Academy of Sciences) |
| 2020 | DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan |
| 2019 | Where Does It Go? Refining Indirect-Call Targets with Multi-layer Type Analysis Kangjie Lu and Hong Hu |
| 2018 | LEMNA: Explaining Deep Learning based Security Applications Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, Xinyu Xing Toward Detecting Violations of Differential Privacy Ding Ding, Yuxin Wang, Guanhong Wang, Danfeng Zhang, Daniel Kifer |
| 2017 | Scaling ORAM for Secure Computation Jack Doerner, Abhi Shelat Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation Shay Gueron, Yehuda Lindell DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation Xiao Wang, Samuel Ranellucci, Jonathan Katz A Formal Foundation for Secure Remote Execution of Enclaves Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia |
| 2016 | A Surfeit of SSH Cipher Suites Martin R. Albrecht, Jean Paul Degabriele, Torben Brandt Hansen and Kenneth G. Paterson A Systematic Analysis of the Juniper Dual EC Incident Stephen Checkoway, Jacob Mankiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority Toshinori Araki, Jun Furukawa, Yehuda Lindell, Ariel Nof and Kazuma Ohara |
| 2015 | Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Mathew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin Vandersloot, Eric Wustrow, Santiago Zanella-Béquelin, and Paul Zimmerman Guitar: Piecing Together Android App GUIs From Memory Images Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang and Dongyan Xu Automated Analysis And Synthesis Of Authenticated Encryption Schemes Viet Tung Hoang, Jonathan Katz and Alex J. Malozemoff |
| 2014 | Private-by-Design Advertising Meets the Real World Alexey Reznichenko and Paul Francis Alexey Reznichenko and Paul Francis Code Reuse Attacks in PHP: Automated POP Chain Generation Johannes Dahse, Nikolai Krein and Thorsten Holz Multi-ciphersuite security of the Secure Shell (SSH) protocol Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk and Douglas Stebila |
| 2013 | FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis Adam Waksman and Matthew Suozzo Path ORAM: An Extremely Simple Oblivious RAM Protocol Emil Stefanov, Christopher Fletcher, Ling Ren, and Xiangyao Yu **Security Analysis of Integrated Circuit Camouflaging ** eyavijayan Rajendran and Michael Sam |
| Year | Paper |
|---|---|
| 2022 | Dos and Don'ts of Machine Learning in Computer Security Daniel Arp, Technische Universität Berlin; Erwin Quiring, Technische Universität Braunschweig; Feargus Pendlebury, King's College London and Royal Holloway, University of London and The Alan Turing Institute; Alexander Warnecke, Technische Universität Braunschweig; Fabio Pierazzi, King's College London; Christian Wressnegger, KASTEL Security Research Labs and Karlsruhe Institute of Technology; Lorenzo Cavallaro, University College London; Konrad Rieck, Technische Universität Braunschweig OpenVPN is Open to VPN Fingerprinting Diwen Xue, University of Michigan; Reethika Ramesh, University of Michigan; Arham Jain, University of Michigan; Michalis Kallitsis, Merit Network, Inc.; J. Alex Halderman, University of Michigan; Jedidiah R. Crandall, Arizona State University/Breakpointing Bad; Roya Ensafi, University of Michigan FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing Zenong Zhang, University of Texas at Dallas; Zach Patterson, University of Texas at Dallas; Michael Hicks, University of Maryland and Amazon; Shiyi Wei, University of Texas at Dallas Attacks on Deidentification's Defenses Aloni Cohen, University of Chicago Augmenting Decompiler Output with Learned Variable Names and Types Qibin Chen, Carnegie Mellon University; Jeremy Lacomis, Carnegie Mellon University; Edward J. Schwartz, Carnegie Mellon University Software Engineering Institute; Claire Le Goues, Carnegie Mellon University; Graham Neubig, Carnegie Mellon University; Bogdan Vasilescu, Carnegie Mellon University The Antrim County 2020 Election Incident: An Independent Forensic Investigation J. Alex Halderman, University of Michigan Identity Confusion in WebView-based Mobile App-in-app Ecosystems Lei Zhang, Fudan University; Zhibo Zhang, Fudan University; Ancong Liu, Fudan University; Yinzhi Cao, Johns Hopkins University; Xiaohan Zhang, Fudan University; Yanjun Chen, Fudan University; Yuan Zhang, Fudan University; Guangliang Yang, Fudan University; Min Yang, Fudan University Provably-Safe Multilingual Software Sandboxing using WebAssembly Jay Bosamiya, Carnegie Mellon University; Wen Shih Lim, Carnegie Mellon University; Bryan Parno, Carnegie Mellon University An Audit of Facebook's Political Ad Policy Enforcement Victor Le Pochat, imec-DistriNet, KU Leuven; Laura Edelson, New York University; Tom Van Goethem, imec-DistriNet, KU Leuven; Wouter Joosen, imec-DistriNet, KU Leuven; Damon McCoy, New York University; Tobias Lauinger, New York University Private Signaling Varun Madathil, North Carolina State University; Alessandra Scafuro, North Carolina State University; István András Seres, Eötvös Loránd University; Omer Shlomovits, ZenGo X; Denis Varlakov, ZenGo X Faster Yet Safer: Logging System Via Fixed-Key Blockcipher Viet Tung Hoang, Florida State University; Cong Wu, Florida State University; Xin Yuan, Florida State University Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World Giovanni Cherubin, Alan Turing Institute; Rob Jansen, U.S. Naval Research Laboratory; Carmela Troncoso, EPFL SPRING Lab |
| 2021 | Poisoning the Unlabeled Dataset of Semi-Supervised Learning Nicholas Carlini, Google You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion Roei Schuster, Tel Aviv University and Cornell Tech; Congzheng Song, Cornell University; Eran Tromer, Tel Aviv University and Columbia University; Vitaly Shmatikov, Cornell Tech Why wouldn't someone think of democracy as a target?: Security practices & challenges of people involved with U.S. political campaigns Sunny Consolvo, Google; Patrick Gage Kelley, Google; Tara Matthews, Google; Kurt Thomas, Google; Lee Dunn, Google; Elie Bursztein, Google An Analysis of Speculative Type Confusion Vulnerabilities in the Wild Ofek Kirzner, Tel Aviv University; Adam Morrison, Tel Aviv University Weaponizing Middleboxes for TCP Reflected Amplification Kevin Bock, University of Maryland; Abdulrahman Alaraj, University of Colorado Boulder; Yair Fax, University of Maryland; Kyle Hurley, University of Maryland; Eric Wustrow, University of Colorado Boulder; Dave Levin, University of Maryland Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks Hany Ragab, Vrije Universiteit Amsterdam; Enrico Barberis, Vrije Universiteit Amsterdam; Herbert Bos, VU Amsterdam; Cristiano Giuffrida, VU Amsterdam It's stressful having all these phones: Investigating Sex Workers' Safety Goals, Risks, and Practices Online Allison McDonald, University of Michigan; Catherine Barwulor, Clemson University; Michelle L. Mazurek, University of Maryland; Florian Schaub, University of Michigan; Elissa M. Redmiles, Max Planck Institute for Software Systems |
| 2020 | Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale Adam Oest, Arizona State University; Penghui Zhang, Arizona State University; Brad Wardman, PayPal; Eric Nunes, PayPal; Jakub Burgis, PayPal; Ali Zand, Google; Kurt Thomas, Google; Adam Doupé, Arizona State University; Gail-Joon Ahn, Arizona State University, Samsung Research Retrofitting Fine Grain Isolation in the Firefox Renderer Shravan Narayan, UC San Diego; Craig Disselkoen, UC San Diego; Tal Garfinkel, Stanford University; Nathan Froyd, Mozilla; Eric Rahm, Mozilla; Sorin Lerner, UC San Diego; Hovav Shacham, UT Austin; Deian Stefan, UC San Diego Pancake: Frequency Smoothing for Encrypted Data Stores Paul Grubbs, Cornell Tech; Anurag Khandelwal, Yale University; Marie-Sarah Lacharité, Royal Holloway, University of London; Lloyd Brown, University of California, Berkeley; Lucy Li, Cornell Tech; Rachit Agarwal, Cornell University; Thomas Ristenpart, Cornell Tech Composition Kills: A Case Study of Email Sender Authentication Jianjun Chen, International Computer Science Institute; Vern Paxson, University of California Berkeley and International Computer Science Institute; Jian Jiang, Shape Security The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums Emily Tseng, Cornell University; Rosanna Bellini, Open Lab, Newcastle University; Nora McDonald, University of Maryland, Baltimore County; Matan Danos, Weizmann Institute of Science; Rachel Greenstadt, New York University; Damon McCoy, New York University; Nicola Dell, Cornell Tech; Thomas Ristenpart, Cornell Tech Symbolic execution with SymCC: Don't interpret, compile! Sebastian Poeplau, EURECOM; Aurélien Francillon, EURECOM The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs Maik Ender, Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany; Amir Moradi, Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany; Christof Paar, Max Planck Institute for Cyber Security and Privacy and Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis Sathvik Prasad, North Carolina State University; Elijah Bouma-Sims, North Carolina State University; Athishay Kiran Mylappan, North Carolina State University; Bradley Reaves, North Carolina State University Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It Daniel Votipka, University of Maryland; Kelsey R. Fulton, University of Maryland; James Parker, University of Maryland; Matthew Hou, University of Maryland; Michelle L. Mazurek, University of Maryland; Michael Hicks, University of Maryland Datalog Disassembly Antonio Flores-Montoya, GrammaTech Inc.; Eric Schulte, GrammaTech Inc. A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web Elissa M. Redmiles, University of Maryland; Noel Warford, University of Maryland; Amritha Jayanti, University of Maryland; Aravind Koneru, University of Maryland; Sean Kross, University of California, San Diego; Miraida Morales, Rutgers University; Rock Stevens, University of Maryland; Michelle L. Mazurek, University of Maryland |
| 2019 | Computer Security and Privacy in the Interactions Between Victim Service Providers and Human Trafficking Survivors Christine Chen, University of Washington; Nicola Dell, Cornell Tech; Franziska Roesner, University of Washington Users Really Do Answer Telephone Scams Huahong Tu, University of Maryland; Adam Doupé, Arizona State University; Ziming Zhao, Rochester Institute of Technology; Gail-Joon Ahn, Arizona State University and Samsung Research Detecting and Characterizing Lateral Phishing at Scale Grant Ho, UC Berkeley and Barracuda Networks; Asaf Cidon, Barracuda Networks and Columbia University; Lior Gavish, Barracuda Networks; Marco Schweighauser, Barracuda Networks; Vern Paxson, UC Berkeley and ICSI; Stefan Savage, UC San Diego; Geoffrey M. Voelker, UC San Diego; David Wagner, UC Berkeley ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK) Anjo Vahldiek-Oberwagner, Max Planck Institute for Software Systems, Saarland Informatics Campus; Eslam Elnikety, Max Planck Institute for Software Systems, Saarland Informatics Campus; Nuno O. Duarte, Max Planck Institute for Software Systems, Saarland Informatics Campus; Michael Sammler, Max Planck Institute for Software Systems, Saarland Informatics Campus; Peter Druschel, Max Planck Institute for Software Systems, Saarland Informatics Campus; Deepak Garg, Max Planck Institute for Software Systems, Saarland Informatics Campus 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System Joel Reardon, University of Calgary / AppCensus Inc.; Álvaro Feal, IMDEA Networks Institute / Universidad Carlos III Madrid; Primal Wijesekera, U.C. Berkeley / ICSI; Amit Elazari Bar On, U.C. Berkeley; Narseo Vallina-Rodriguez, IMDEA Networks Institute / ICSI / AppCensus Inc.; Serge Egelman, U.C. Berkeley / ICSI / AppCensus Inc. Protecting accounts from credential stuffing with password breach alerting Kurt Thomas, Google; Jennifer Pullman, Google; Kevin Yeo, Google; Ananth Raghunathan, Google; Patrick Gage Kelley, Google; Luca Invernizzi, Google; Borbala Benko, Google; Tadek Pietraszek, Google; Sarvar Patel, Google; Dan Boneh, Stanford; Elie Bursztein, Google |
| 2018 | Fear the Reaper: Characterization and Fast Detection of Card Skimmers Nolen Scaife, University of Florida; Christian Peeters, University of Florida; Patrick Traynor, University of Florida Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies Gertjan Franken, imec-Distrinet, KU Leuven; Tom Van Goethem, imec-Distrinet, KU Leuven; Wouter Joosen, imec-Distrinet, KU Leuven The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level Rock Stevens, University of Maryland; Daniel Votipka, University of Maryland; Elissa M. Redmiles, University of Maryland; Colin Ahern, NYC Cyber Command; Patrick Sweeney, Wake Forest University; Michelle L. Mazurek, University of Maryland NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications Abeer Alhuzali, University of Illinois at Chicago; Rigel Gjomemo, University of Illinois at Chicago; Birhanu Eshete, University of Illinois at Chicago; V.N. Venkatakrishnan, University of Illinois at Chicago QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing Insu Yun, Georgia Institute of Technology; Sangho Lee, Georgia Institute of Technology; Meng Xu, Georgia Institute of Technology; Yeongjin Jang, Oregon State University; Taesoo Kim, Georgia Institute of Technology |
| 2017 | CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management Adrian Tang, Columbia University; Simha Sethumadhavan, Columbia University; Salvatore Stolfo, Columbia University A Longitudinal, End-to-End View of the DNSSEC Ecosystem Taejoong Chung, Northeastern University; Roland van Rijswijk-Deij, University of Twente and SURFnet bv; Balakrishnan Chandrasekaran, TU Berlin; David Choffnes, Northeastern University; Dave Levin, University of Maryland; Bruce M. Maggs, Duke University and Akamai Technologies; Alan Mislove, Northeastern University; Christo Wilson, Northeastern University Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila, IMDEA Software Institute & Technical University of Madrid (UPM); Boris Köpf, IMDEA Software Institute Detecting Credential Spearphishing in Enterprise Settings Grant Ho, UC Berkeley; Aashish Sharma, The Lawrence Berkeley National Labratory; Mobin Javed, UC Berkeley; Vern Paxson, UC Berkeley and ICSI; David Wagner, UC Berkeley MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning Shiqing Ma, Purdue University; Juan Zhai, Nanjing University; Fei Wang, Purdue University; Kyu Hyung Lee, University of Georgia; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue University Vale: Verifying High-Performance Cryptographic Assembly Code Barry Bond, Microsoft Research; Chris Hawblitzel, Microsoft Research; Manos Kapritsos, University of Michigan; K. Rustan M. Leino, Microsoft Research; Jacob R. Lorch, Microsoft Research; Bryan Parno, Carnegie Mellon University; Ashay Rane, The University of Texas at Austin; Srinath Setty, Microsoft Research; Laure Thompson, Cornell University |
| 2016 | The Million-Key Question—Investigating the Origins of RSA Public Keys Petr Švenda, Masaryk University; Matúš Nemec, Masaryk University; Peter Sekan, Masaryk University; Rudolf Kvašňovský, Masaryk University; David Formánek, Masaryk University; David Komárek, Masaryk University; Vashek Matyáš, Masaryk University ZKBoo: Faster Zero-Knowledge for Boolean Circuits Irene Giacomelli, Aarhus University; Jesper Madsen, Aarhus University; Claudio Orlandi, Aarhus University Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks William Melicher, Carnegie Mellon University; Blase Ur, Carnegie Mellon University; Sean M. Segreti, Carnegie Mellon University; Saranga Komanduri, Carnegie Mellon University; Lujo Bauer, Carnegie Mellon University; Nicolas Christin, Carnegie Mellon University; Lorrie Faith Cranor, Carnegie Mellon University |
| 2015 | Under-Constrained Symbolic Execution: Correctness Checking for Real Code David A. Ramos, Stanford University; Dawson Engler, Stanford University All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS Mathy Vanhoef, Katholieke Universiteit Leuven; Frank Piessens, Katholieke Universiteit Leuven |
| 2014 | Automatically Detecting Vulnerable Websites Before They Turn Malicious Kyle Soska, Carnegie Mellon University; Nicolas Christin, Carnegie Mellon University DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse Brendan Saltaformaggio, Purdue University; Zhongshu Gu, Purdue University; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue University Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing Matthew Fredrikson, University of Wisconsin—Madison; Eric Lantz, University of Wisconsin—Madison; Somesh Jha, University of WisconsinMadison; Simon Lin, Marshfield Clinic Research Foundation; David Page, University of Wisconsin—Madison; Thomas Ristenpart, University of Wisconsin—Madison |
| 2013 | Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation Frank Imeson, University of Waterloo; Ariq Emtenan, University of Waterloo; Siddharth Garg, University of Waterloo; Mahesh Tripunitara, University of Waterloo Control Flow Integrity for COTS Binaries Mingwei Zhang, Stony Brook University; R. Sekar, Stony Brook University |
| 2012 | Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel J. Feldman, Princeton University; Aaron Blankstein, Princeton University; Michael J. Freedman, Princeton University; Edward W. Felten, Princeton University Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices Nadia Heninger, University of California, San Diego; Zakir Durumeric, University of Michigan; Eric Wustrow, University of Michigan; J. Alex Halderman, University of Michigan |
| Year | Paper |
|---|---|
| 2021 | Awakening the Web’s Sleeper Agents: Misusing Service Workers for Privacy Leakage Soroush Karami, Panagiotis Ilia, Jason Polakis (University of Illinois at Chicago) |
| 2020 | Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori |
| 2019 | MBeacon: Privacy-Preserving Beacons for DNA Methylation Data Inken Hagestedt (CISPA Helmholtz Center for Information Security), Yang Zhang (CISPA Helmholtz Center for Information Security), Mathias Humbert (Swiss Data Science Center, ETH Zurich/EPFL), Pascal Berrang (CISPA Helmholtz Center for Information Security), Haixu Tang (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington), Michael Backes (CISPA Helmholtz Center for Information Security) Establishing Software Root of Trust Unconditionally Virgil D. Gligor (Carnegie Mellon University), Maverick S. L. Woo (Carnegie Mellon University) Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs Eihal Alowaisheq (Indiana University, King Saud University), Peng Wang (Indiana University), Sumayah Alrwais (King Saud University), Xiaojing Liao (Indiana University), XiaoFeng Wang (Indiana University), Tasneem Alowaisheq (Indiana University, King Saud University), Xianghang Mi (Indiana University), Siyuan Tang (Indiana University), Baojun Liu (Tsinghua University) Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai Orcun Cetin (Delft University of Technology), Carlos Ganan (Delft University of Technology), Lisette Altena (Delft University of Technology), Takahiro Kasama (National Institute of Information and Communications Technology), Daisuke Inoue (National Institute of Information and Communications Technology), Kazuki Tamiya (Yokohama National University), Ying Tie (Yokohama National University), Katsunari Yoshioka (Yokohama National University), Michel van Eeten (Delft University of Technology) |
| 2018 | Knock Knock, Who’s There? Membership Inference on Aggregate Location Data Apostolos Pyrgelis (UCL), Carmela Troncoso (EPFL), and Emiliano De Cristofaro (UCL) Resolving the Predicament of Android Custom Permissions Güliz Seray Tuncay, Soteris Demetriou, Karan Ganju, and Carl Gunter (UIUC) |
| 2017 | Dial One for Scam: A Large-Scale Analysis of Technical Support Scams Najmeh Miramirkhani, Oleksii Starov, Nick Nikiforakis Ramblr: Making Reassembly Great Again Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna |