20. USENIX Security Symposium 2011: San Francisco, CA, USA

Web Security

• Pieter Hooimeijer, Benjamin Livshits, David Molnar, Prateek Saxena, Margus Veanes:
  Fast and Precise Sanitizer Analysis with BEK.
  
• Baptiste Gourdin, Chinmay Soman, Hristo Bojinov, Elie Bursztein:
  Toward Secure Embedded Web Interfaces.
  
• Charlie Curtsinger, Benjamin Livshits, Benjamin G. Zorn, Christian Seifert:
  ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection.
  

Analysis of Deployed Systems

• Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, Matt Blaze:
  Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System.
  
• Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, Edgar Weippl:
  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space.
  
• Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno:
  Comprehensive Experimental Analyses of Automotive Attack Surfaces.
  

Forensic Analysis

• Robert J. Walls, Erik G. Learned-Miller, Brian Neil Levine:
  Forensic Triage for Mobile Phones with DEC0DE.
  
• Ton van Deursen, Sjouke Mauw, Sasa Radomirovic:
  mCarve: Carving Attributed Dump Sets.
  
• Kevin Z. Snow, Srinivas Krishnan, Fabian Monrose, Niels Provos:
  SHELLOS: Enabling Fast Detection and Forensic Analysis of Code Injection Attacks.
  

Static and Dynamic Analysis

• Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward XueJun Wu, Dawn Song:
  MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery.
  
• Fangqi Sun, Liang Xu, Zhendong Su:
  Static Detection of Access Control Vulnerabilities in Web Applications.
  
• Joe Gibbs Politz, Spiridon Aristides Eliopoulos, Arjun Guha, Shriram Krishnamurthi:
  ADsafety: Type-Based Verification of JavaScript Sandboxing.
  

Understanding the Underground Economy

• Juan Caballero, Chris Grier, Christian Kreibich, Vern Paxson:
  Measuring Pay-per-Install: The Commoditization of Malware Distribution.
  
• Marti Motoyama, Damon McCoy, Kirill Levchenko, Stefan Savage, Geoffrey M. Voelker:
  Dirty Jobs: The Role of Freelance Labor in Web Service Abuse.
  
• Chris Kanich, Nicholas Weaver, Damon McCoy, Tristan Halvorson, Christian Kreibich, Kirill Levchenko, Vern Paxson, Geoffrey M. Voelker, Stefan Savage:
  Show Me the Money: Characterizing Spam-advertised Revenue.
  

Defenses and New Directions

• Shyamnath Gollakota, Nabeel Ahmed, Nickolai Zeldovich, Dina Katabi:
  Secure In-Band Wireless Pairing.
  
• Tilo Müller, Felix C. Freiling, Andreas Dewald:
  TRESOR Runs Encryption Securely Outside RAM.
  
• Joseph A. Calandrino, William Clarkson, Edward W. Felten:
  Bubble Trouble: Off-Line De-Anonymization of Bubble Forms.
  

Securing Search

• Nektarios Leontiadis, Tyler Moore, Nicolas Christin:
  Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade.
  
• John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, Martín Abadi:
  deSEO: Combating Search-Result Poisoning.
  

Securing Smart Phones

• William Enck, Damien Octeau, Patrick McDaniel, Swarat Chaudhuri:
  A Study of Android Application Security.
  
• Adrienne Porter Felt, Helen J. Wang, Alexander Moshchuk, Steve Hanna, Erika Chin:
  Permission Re-Delegation: Attacks and Defenses.
  
• Michael Dietz, Shashi Shekhar, Yuliy Pisetsky, Anhei Shu, Dan S. Wallach:
  QUIRE: Lightweight Provenance for Smart Phone Operating Systems.
  

Understanding Attacks

• Collin Mulliner, Nico Golde, Jean-Pierre Seifert:
  SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale.
  
• Edward J. Schwartz, Thanassis Avgerinos, David Brumley:
  Q: Exploit Hardening Made Easy.
  
• Alan M. Dunn, Owen S. Hofmann, Brent Waters, Emmett Witchel:
  Cloaking Malware with the Trusted Platform Module.
  

Dealing with Malware and Bots

• Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou II, David Dagon:
  Detecting Malware Domains at the Upper DNS Hierarchy.
  
• Gianluca Stringhini, Thorsten Holz, Brett Stone-Gross, Christopher Kruegel, Giovanni Vigna:
  BOTMAGNIFIER: Locating Spambots on the Internet.
  
• Grégoire Jacob, Ralf Hund, Christopher Kruegel, Thorsten Holz:
  JACKSTRAWS: Picking Command and Control Connections from Bot Traffic.
  

Privacy- and Freedom-Enhancing Technologies

• Eric Wustrow, Scott Wolchok, Ian Goldberg, J. Alex Halderman:
  Telex: Anticensorship in the Network Infrastructure.
  
• Prateek Mittal, Femi G. Olumofin, Carmela Troncoso, Nikita Borisov, Ian Goldberg:
  PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval.
  
• Sarah Meiklejohn, Keaton Mowery, Stephen Checkoway, Hovav Shacham:
  The Phantom Tollbooth: Privacy-Preserving Electronic Toll Collection in the Presence of Driver Collusion.
  

Applied Cryptography

• Andreas Haeberlen, Benjamin C. Pierce, Arjun Narayan:
  Differential Privacy Under Fire.
  
• Matthew Green, Susan Hohenberger, Brent Waters:
  Outsourcing the Decryption of ABE Ciphertexts.
  
• Yan Huang, David Evans, Jonathan Katz, Lior Malka:
  Faster Secure Two-Party Computation Using Garbled Circuits.
  

Last update Sat May 18 19:52:49 2013 CET by the DBLP Team — Data released under the ODC-BY 1.0 license — See also our legal information page