Security and Privacy E192-06
The mission of the Security and Privacy research unit is to develop techniques to secure modern IT infrastructures and to design solutions to protect the privacy of users in the digital society.

About
The mission of the Security and Privacy research unit is to develop techniques to secure modern IT infrastructures and to design solutions to protect the privacy of users in the digital society.
Our research strengths include
- formal methods for the analysis and enforcement of security and privacy properties in various scenarios, such as cryptographic protocols, mobile apps, web applications, smart contracts;
- principles and technologies for system security, including the evaluation of the attack surface and the development of systematic countermeasures, with a focus on mobile, web, and cloud security;
- theory and applications of cryptography, with a focus on the design of privacy-enhancing cryptographic schemes, cryptographic protocols for blockchain technologies, and proof techniques for provable security.
The research Unit Security and Privacy is part of the Institute of Logic and Computation.
Professors
Scientific Staff
Visiting Researchers
Administrative Staff
Student Staff
External Lecturers
Courses
2022W
- Attacks and Defenses in Computer Security / 192.111 / UE
- Bachelor Thesis / 192.061 / PR
- Cryptocurrencies / 192.065 / VU
- Introduction to Cryptography / 192.125 / VU
- Introduction to Logical Methods in Computer Science / 184.766 / VO
- Introduction to Programming 1 / 185.A91 / VU
- Orientation Bachelor with Honors of Informatics and Business Informatics / 180.767 / SE
- Project in Computer Science 1 / 192.075 / PR
- Project in Computer Science 2 / 192.076 / PR
- Research Seminar LogiCS / 184.767 / SE
- Seminar for Master Students in Logic and Computation / 180.773 / SE
- Seminar for Master Students in Software Engineering & Internet Computing / 180.777 / SE
- Seminar for PhD Students / 192.060 / SE
- Systems and Applications Security / 192.112 / VU
2023S
- Advanced Cryptography / 192.115 / VU
- Bachelor Thesis / 192.061 / PR
- Crypto Asset Analytics / 192.080 / VU
- Formal Methods for Security and Privacy / 192.059 / VU
- Fundamentals of Security and Privacy / 191.124 / VU
- Introduction to Logical Methods in Computer Science / 184.766 / VO
- Introduction to Security / 192.082 / UE
- Introduction to Security / 184.783 / VU
- Orientation Bachelor with Honors of Informatics and Business Informatics / 180.767 / SE
- Project in Computer Science 1 / 192.075 / PR
- Project in Computer Science 2 / 192.076 / PR
- Research Seminar LogiCS / 184.767 / SE
- Scientific Research and Writing / 193.052 / SE
- Selected Topics in Information Security / 188.985 / VU
- Seminar for Master Students in Logic and Computation / 180.773 / SE
- Seminar for Master Students in Software Engineering & Internet Computing / 180.777 / SE
- Seminar for PhD Students / 192.060 / SE
Projects
-
Fixing the Broken Bridge Between Mobile Apps and the Web
2023 – 2027 / Vienna Science and Technology Fund (WWTF) -
Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design
2023 – 2026 / Austrian Science Fund (FWF) -
A Composable Rational Framework for Blockchain Systems
2022 – 2025 / Austrian Science Fund (FWF) / Publication: 148519 -
Distributed Ledger Development and Implementation
2022 – 2023 / ABC Research GmbH -
Cryptographic Foundations of Privacy in Distributed Ledgers
2020 – 2027 / Vienna Science and Technology Fund (WWTF) / Publications: 148000, 148007, 148094, 148102, 152492 -
Blockchain Technologies for the Internet of Things
2020 – 2025 / Christian Doppler Research Association (CDG) / Publications: 142724, 142738, 144163, 146968, 147336, 147337, 147641, 149081, 166194, 176469 -
IoTIO: Analyzing and Understanding the Internet of Insecure Things
2020 – 2024 / Vienna Science and Technology Fund (WWTF) / Publications: 148435, 148446, 148455, 53211, 62313, 82045 -
Security and Privacy Foundations of Blockchain Technologies
2020 – 2023 / SBA Research gemeinnützige GmbH -
Vienna Cybersecurity and Privacy Research Center
2019 – 2023 / Vienna Business Agency (WAW) / Publications: 142724, 142738, 144163, 146968, 147336, 147337, 147339, 147344, 147641, 148519, 149187 -
Cryptographic Foundations for Future-proof Internet Security
2019 – 2023 / Austrian Science Fund (FWF) / Publications: 142724, 142738, 144163, 146968, 147336, 147337, 147339, 147344, 147641, 149081, 149800 -
Security and Privacy for Payment-Channel Networks
2019 – 2020 / Austrian Science Fund (FWF) -
Foundations and Tools for Client-Side Web Security
2018 – 2024 / European Research Council (ERC) / Publications: 142724, 142738, 144163, 146968, 147336, 147337, 147339, 147344, 147641, 149081, 149187, 149800 -
Privacy-Preserving Regulatory Technologies for Distributed Ledger Technologies
2018 – 2021 / Austrian Research Promotion Agency (FFG) / Publications: 142724, 147336, 147339, 147344, 149800 -
Scalability for Lightning Networks
2018 – 2020 / Chaincode Labs Inc -
Ethertrust - Trustworthy smart contracts
2018 – 2019 / netidee.at / Publication: 149800
Publications
Note: Due to the rollout of TU Wien’s new publication database, the list below may be slightly outdated. Once the migration is complete, everything will be up to date again.
2023
- LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains / Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., & Ruj, S. (2023). LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains. In J. Garcia-Alfaro, G. Navarro-Arribas, & N. Dragoni (Eds.), Data Privacy Management, Cryptocurrencies and Blockchain Technology (pp. 219–235). Springer Cham. https://doi.org/10.1007/978-3-031-25734-6_14 / Project: CDL-BOT
- SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients / Abusalah, H., Fuchsbauer, G., Gazi, P., & Klein, K. (2023). SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients. In Advances in Cryptology - ASIACRYPT 2022 (pp. 806–836). Springer. https://doi.org/10.1007/978-3-031-22963-3_27 / Project: COnFIDE
- Non-interactive Mimblewimble transactions, revisited / Fuchsbauer, G., & Orrù, M. (2023). Non-interactive Mimblewimble transactions, revisited. In Advances in Cryptology - ASIACRYPT 2022 (pp. 713–744). Springer. https://doi.org/10.1007/978-3-031-22963-3_24 / Project: COnFIDE
2022
- Strategic Analysis of Griefing Attack in Lightning Network / Mazumdar, S., Banerjee, P., Sinha, A., Ruj, S., & Roy, B. (2022). Strategic Analysis of Griefing Attack in Lightning Network. IEEE Transactions on Network and Service Management. https://doi.org/10.34726/3581 / Projects: Browsec, CDL-BOT, PROFET, ViSP
- SecWasm: Information Flow Control for WebAssembly / Bastys, I., Algehed, M., Sjösten, A., & Sabelfeld, A. (2022). SecWasm: Information Flow Control for WebAssembly. In Static Analysis (pp. 74–103). Springer Nature Switzerland AG. https://doi.org/10.1007/978-3-031-22308-2_5 / Projects: Browsec, ViSP
- Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom / Fiebig, T., Gürses, S., & Lindorfer, M. (2022). Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom. Privacy Studies Journal, 51–68. https://doi.org/10.7146/psj.vi.132713
- LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains / Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., & Ruj, S. (2022). LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains. Cryptology ePrint Archive. https://doi.org/10.34726/3662 / Projects: Browsec, CDL-BOT, PROFET, ViSP
- Towards faster settlement in HTLC-based Cross-Chain Atomic Swaps / Mazumdar, S. (2022). Towards faster settlement in HTLC-based Cross-Chain Atomic Swaps. arXiv. https://doi.org/10.34726/3805 / Projects: Browsec, CDL-BOT, PROFET, ViSP
- Thora: Atomic and Privacy-Preserving Multi-Channel Updates / Aumayr, L., Abbaszadeh, K., & Maffei, M. (2022). Thora: Atomic and Privacy-Preserving Multi-Channel Updates. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 165–178). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560556 / Projects: Browsec, CDL-BOT, PR4DLT, PROFET, SBA - COOP COMET SBA2, ViSP
- Foundations of Coin Mixing Services / Glaeser, N., Maffei, M., Malavolta, G., Moreno-Sanchez, P., Tairi, E., & Thyagarajan, S. A. (2022). Foundations of Coin Mixing Services. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 1259–1273). Association for Computing Machinery. https://doi.org/10.34726/3601 / Projects: Browsec, CDL-BOT, PROFET
- Sleepy Channels: Bi-directional Payment Channels without Watchtowers / Aumayr, L., Thyagarajan, S. A., Malavolta, G., Moreno-Sanchez, P., & Maffei, M. (2022). Sleepy Channels: Bi-directional Payment Channels without Watchtowers. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 179–192). Association for Computing Machinery. https://doi.org/10.1145/3548606.3559370 / Projects: Browsec, CDL-BOT, PROFET, SBA - COOP COMET SBA2, ViSP
- Sleepy Channels: Bi-directional Payment Channels without Watchtowers / Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2022, October 31). Sleepy Channels: Bi-directional Payment Channels without Watchtowers [Poster Presentation]. Crypto Economics Security Conference, Berkeley, United States of America (the). / Projects: Browsec, CDL-BOT, PROFET, SBA - COOP COMET SBA2, ViSP
- Thora: Atomic And Privacy-Preserving Multi-Channel Updates / Aumayr, L., Kasra Abbaszadeh, & Maffei, M. (2022, October 31). Thora: Atomic And Privacy-Preserving Multi-Channel Updates [Poster Presentation]. Crypto Economics Security Conference, Berkeley, United States of America (the). / Projects: Browsec, CDL-BOT, PR4DLT, PROFET, SBA - COOP COMET SBA2, ViSP
- Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks / Avarikioti, G., Pietrzak, K., Salem, I., Schmid, S., Tiwari, S., & Yeo, M. (2022). Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks. In I. Eyal & J. Garay (Eds.), Financial Cryptography and Data Security (pp. 358–373). Springer-Verlag. https://doi.org/10.1007/978-3-031-18283-9_17 / Projects: CoRaF, ViSP
- A Comparative Analysis of Certificate Pinning in Android & iOS / Pradeep, A., Paracha, M. T., Bhowmick, P., Davanian, A., Razaghpanah, A., Chung, T., Lindorfer, M., Vallina-Rodriguez, N., Levin, D., & Choffnes, D. (2022). A Comparative Analysis of Certificate Pinning in Android & iOS. In Proceedings of the 22nd ACM Internet Measurement Conference (pp. 605–618). ACM. https://doi.org/10.34726/3505 / Project: IoTIO
- Suborn Channels: Incentives Against Timelock Bribes / Avarikioti, G., & Thyfronitis Litos, O. S. (2022). Suborn Channels: Incentives Against Timelock Bribes. In Financial Cryptography and Data Security (pp. 488–511). Springer Nature Switzerland AG. https://doi.org/10.34726/3904
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2022, August 31). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Conference Presentation]. The Science of Blockchain Conference 2022, Stanford, United States of America (the). / Projects: Browsec, PR4DLT, PROFET, SBA - COOP COMET SBA2, ViSP
- Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures / Aumayr, L., Oguzhan Ersoy, Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2022, August 30). Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures [Conference Presentation]. The Science of Blockchain Conference 2022, Stanford, United States of America (the). / Projects: Browsec, PR4DLT, PROFET, SBA - COOP COMET SBA2, ViSP
- Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality / Fassl, M., Anell, S., Houy, S., Lindorfer, M., & Krombholz, K. (2022). Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality. In Proceedings of the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) (pp. 135–154). USENIX Association. https://doi.org/10.34726/3902 / Project: IoTIO
- Evolution of Payment Channels / Aumayr, L. (2022, July 27). Evolution of Payment Channels [Presentation]. DFINITY Foundation - research talks, Austria.
- Not that Simple: Email Delivery in the 21st Century / Holzbauer, F., Ullrich, J., Lindorfer, M., & Fiebig, T. (2022). Not that Simple: Email Delivery in the 21st Century. In Proceedings of the 2022 USENIX Annual Technical Conference (pp. 295–308). USENIX Association. https://doi.org/10.34726/4024 / Project: IoTIO
- The security of Mimblewimble / Fuchsbauer, G. (2022, June 27). The security of Mimblewimble [Keynote Presentation]. 22nd Central European Conference on Cryptography, Smolenice, Slovakia. http://hdl.handle.net/20.500.12708/153193 / Project: COnFIDE
- No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis / Al Alsadi, A. A., Sameshima, K., Bleier, J., Yoshioka, K., Lindorfer, M., van Eeten, M., & Hernández Gañán, C. (2022). No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis. In Yuji Suga, Kouichi Sakurai, Xuhua Ding, & Kazue Sako (Eds.), ASIA CCS ’22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (pp. 309–321). Association for Computing Machinery. https://doi.org/10.1145/3488932.3517408 / Project: IoTIO
- ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android's OAT Compiler / Bleier, J., & Lindorfer, M. (2022, May 23). ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android’s OAT Compiler [Poster Presentation]. 43rd IEEE Symposium on Security and Privacy, San Francisco, United States of America (the). / Project: IoTIO
- Rigorous Methods for Smart Contracts / Bjørner, N., Christakis, M., Maffei, M., & Rosu, G. (Eds.). (2022). Rigorous Methods for Smart Contracts (Dagstuhl Seminar 21431). Schloss Dagstuhl – Leibniz-Zentrum für Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/DagRep.11.9.80 / Projects: Browsec, Ethertrust, PR4DLT, PROFET
- Double-authentication-preventing signatures in the standard model / Catalano, D., Fuchsbauer, G., & Soleimanian, A. (2022). Double-authentication-preventing signatures in the standard model. Journal of Computer Security, 30(1), 3–38. https://doi.org/10.3233/JCS-200117 / Project: COnFIDE
- Approximate Distance-Comparison-Preserving Symmetric Encryption / Fuchsbauer, G., Ghosal, R., Hauke, N., & O’Neill, A. (2022). Approximate Distance-Comparison-Preserving Symmetric Encryption. In Security and Cryptography for Networks (pp. 117–144). https://doi.org/10.1007/978-3-031-14791-3_6
- Credential Transparency System / Chase, M., Fuchsbauer, G., Ghosh, E., & Plouviez, A. (2022). Credential Transparency System. In Security and Cryptography for Networks (pp. 313–335). https://doi.org/10.1007/978-3-031-14791-3_14 / Project: COnFIDE
- Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks / Naseredini, A., Gast, S., Schwarzl, M., Sousa Bernardo, P. M., Smajic, A., Canella, C., Berger, M., & Gruss, D. (2022). Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. In P. Mori, G. Lenzini, & S. Furnell (Eds.), Proceedings of the 8th International Conference on Information Systems Security and Privacy (pp. 48–59). SciTePress. http://hdl.handle.net/20.500.12708/58799
2021
- Off-chain Scaling of Cryptocurrencies / Aumayr, L. (2021, December 9). Off-chain Scaling of Cryptocurrencies [Presentation]. VISP blockchain research meetup, Austria.
- Designing Secure Payment Channel Schemes / Aumayr, L. (2021, November 16). Designing Secure Payment Channel Schemes [Presentation]. Singapore Management University - Online Topic, Singapore.
- Beyond Payments in Payment Channel Networks / Aumayr, L. (2021, November 16). Beyond Payments in Payment Channel Networks [Presentation]. Software Seminar Series (S3), Spain.
- Formal Methods for the Security Analysis of Smart Contracts / Maffei, M. (2021). Formal Methods for the Security Analysis of Smart Contracts. In Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021 (pp. 8–8). TU Wien Academic Press. https://doi.org/10.34727/2021/isbn.978-3-85448-046-4_3
- 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher / Andreeva, E., Bhati, A. S., Preneel, B., & Vizár, D. (2021). 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher. IACR Transactions on Symmetric Cryptology, 2021(3). https://doi.org/10.46586/tosc.v2021.i3.1-35
- Donner: UTXO-Based Virtual Channels Across Multiple Hops / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, September 7). Donner: UTXO-Based Virtual Channels Across Multiple Hops [Presentation]. Bitcoin Sydney Socratic Seminar, Australia.
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, May 26). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Conference Presentation]. Theory and Practice of Blockchains, International.
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, April 27). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Bitcoin Sydney Socratic Seminar, Australia.
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, February 24). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Decrypto Seminar, International.
- FWS: Analyzing, Maintaining and Transcompiling Firewalls / Bodei, C., Ceragioli, L., Degano, P., Focardi, R., Galletta, L., Luccio, F., Tempesta, M., & Veronese, L. (2021). FWS: Analyzing, Maintaining and Transcompiling Firewalls. Journal of Computer Security, 29(1), 77–134. https://doi.org/10.3233/jcs-200017
- Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone / Quarta, D., Ianni, M., Machiry, A., Fratantonio, Y., Gustafson, E., Balzarotti, D., Lindorfer, M., Vigna, G., & Kruegel, C. (2021). Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM’s TrustZone. In Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks. ACM, Austria. ACM. https://doi.org/10.1145/3465413.3488571 / Project: IoTIO
- Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures. In Lecture Notes in Computer Science (pp. 635–664). Springer. https://doi.org/10.1007/978-3-030-92075-3_22
- Cross-Layer Deanonymization Methods in the Lightning Protocol / Romiti, M., Victor, F., Moreno-Sanchez, P., Nordholt, P. S., Haslhofer, B., & Maffei, M. (2021). Cross-Layer Deanonymization Methods in the Lightning Protocol. In Lecture Notes in Computer Science. Springer Verlag, Austria. Springer LNCS. https://doi.org/10.1007/978-3-662-64322-8
- Nonce-Misuse Security of the SAEF Authenticated Encryption Mode / Andreeva, E., Bhati, A. S., & Vizár, D. (2021). Nonce-Misuse Security of the SAEF Authenticated Encryption Mode. In Selected Areas in Cryptography (pp. 512–534). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_20
- Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE / Andreeva, E., Deprez, A., Bermudo Mera, J. M., Karmakar, A., & Purnal, A. (2021). Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE. In Smart Card Research and Advanced Applications (pp. 68–83). Springer. https://doi.org/10.1007/978-3-030-68487-7_5
- Compactness of Hashing Modes and Efficiency Beyond Merkle Tree / Andreeva, E., Bhattacharyya, R., & Roy, A. (2021). Compactness of Hashing Modes and Efficiency Beyond Merkle Tree. In Lecture Notes in Computer Science (pp. 92–123). Springer. https://doi.org/10.1007/978-3-030-77886-6_4
- The One-More Discrete Logarithm Assumption in the Generic Group Model / Bauer, B., Fuchsbauer, G., & Plouviez, A. (2021). The One-More Discrete Logarithm Assumption in the Generic Group Model. In Lecture Notes in Computer Science (pp. 587–617). Springer. https://doi.org/10.1007/978-3-030-92068-5_20
- Transferable E-Cash: A Cleaner Model and the First Practical Instantiation / Bauer, B., Fuchsbauer, G., & Qian, C. (2021). Transferable E-Cash: A Cleaner Model and the First Practical Instantiation. In Public-Key Cryptography – PKC 2021 (pp. 559–590). Springer. https://doi.org/10.1007/978-3-030-75248-4_20
- The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches / Squarcina, M., Calzavara, S., & Maffei, M. (2021). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches. In 2021 IEEE Security and Privacy Workshops (SPW). 15th IEEE Workshop on Offensive Technologies, San Francisco, CA, USA, Non-EU. https://doi.org/10.1109/spw53761.2021.00062
- EssentialFP: Exposing the Essence of Browser Fingerprinting / Sjösten, A., Hedin, D., & Sabelfeld, A. (2021). EssentialFP: Exposing the Essence of Browser Fingerprinting. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). EuroS&P 2021 SecWeb Workshop, Vienna, Austria. https://doi.org/10.1109/eurospw54576.2021.00011
- Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference / Girol, G., Farinier, B., & Bardin, S. (2021). Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference. In Computer Aided Verification (pp. 669–693). Springer LNCS. https://doi.org/10.1007/978-3-030-81685-8_32
- Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web / Squarcina, M., Tempesta, M., Veronese, L., Calzavara, S., & Maffei, M. (2021). Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web. In 30th USENIX Security Symposium (pp. 2917–2934). 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. http://hdl.handle.net/20.500.12708/58469
- Updatable Signatures and Message Authentication Codes / Cini, V., Ramacher, S., Slamanig, D., Striecks, C., & Tairi, E. (2021). Updatable Signatures and Message Authentication Codes. In Public-Key Cryptography – PKC 2021 (pp. 691–723). Springer, Cham. https://doi.org/10.1007/978-3-030-75245-3_25
- A<sup>2</sup>L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy, Oakland, USA, Non-EU. https://doi.org/10.1109/sp40001.2021.00111
- Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments. In Financial Cryptography and Data Security (pp. 131–150). https://doi.org/10.1007/978-3-662-64331-0_7
- Bitcoin-Compatible Virtual Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Bitcoin-Compatible Virtual Channels. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy, Oakland, USA, Non-EU. IEEE Computer Society. https://doi.org/10.1109/sp40001.2021.00097
- Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions / Andreeva, E., Roy, A., & Sauer, J. F. (2021). Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions. In Selected Areas in Cryptography (pp. 273–300). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_11
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits. In 30th USENIX Security Symposium (pp. 4043–4060). USENIX: The Advanced Computing Systems Association. http://hdl.handle.net/20.500.12708/55607
2020
- The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications / Somé, D. F., Squarcina, M., Calzavara, S., & Maffei, M. (2020). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications. EuroS&P 2020 SecWeb Workshop, Genova, IT, EU. http://hdl.handle.net/20.500.12708/87080
- A Voting-Based Blockchain Interoperability Oracle / Scaffino, G., Schulte, S., Sober, M., & Spanring, C. (2020). A Voting-Based Blockchain Interoperability Oracle. In 2021 IEEE International Conference on Blockchain (Blockchain). IEEE. https://doi.org/10.1109/blockchain53845.2021.00030
- Filter List Generation for Underserved Regions / Sjösten, A., Snyder, P., Pastor, A., Papadopoulos, P., & Livshits, B. (2020). Filter List Generation for Underserved Regions. In Proceedings of The Web Conference 2020. ACM/IW3C2. https://doi.org/10.1145/3366423.3380239
- TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records / der Toorn, O. van, van Rijswijk-Deij, R., Fiebig, T., Lindorfer, M., & Sperotto, A. (2020). TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE. https://doi.org/10.1109/eurospw51379.2020.00080
- FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic / van Ede, T., Bortolameotti, R., Continella, A., Ren, J., Dubois, D., Lindorfer, M., Choffnes, D., van Steen, M., & Peter, A. (2020). FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58308
- When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features / Aghakhani, H., Gritti, F., Mecca, F., Lindorfer, M., Ortolani, S., Balzarotti, D., Vigna, G., & Krügel, C. (2020). When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58307
- Formalizing Graph Trail Properties in Isabelle/HOL / Kovács, L., Lachnitt, H., & Szeider, S. (2020). Formalizing Graph Trail Properties in Isabelle/HOL. In Lecture Notes in Computer Science (pp. 190–205). LNCS. https://doi.org/10.1007/978-3-030-53518-6_12
- Bulwark: Holistic and Verified Security Monitoring of Web Protocols / Veronese, L., Calzavara, S., & Compagna, L. (2020). Bulwark: Holistic and Verified Security Monitoring of Web Protocols. In Computer Security – ESORICS 2020 (pp. 23–41). Springer. https://doi.org/10.1007/978-3-030-58951-6_2
- A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network / Tikhomirov, S., Moreno-Sanchez, P., & Maffei, M. (2020). A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE Security & Privacy On The Blockchain, Genova, EU. IEEE. https://doi.org/10.1109/eurospw51379.2020.00059
- The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Scherer, M., & Maffei, M. (2020). The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts. In Lecture Notes in Computer Science (pp. 212–231). Springer. https://doi.org/10.1007/978-3-030-61467-6_14
- eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Grishchenko, I., Scherer, M., & Maffei, M. (2020). eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM Conference on Computer and Communications Security (CCS), Washington, USA, Non-EU. Association for Computing Machinery ACM. https://doi.org/10.1145/3372297.3417250
- Language-Based Web Session Integrity / Calzavara, S., Focardi, R., Grimm, N., Maffei, M., & Tempesta, M. (2020). Language-Based Web Session Integrity. In 2020 IEEE 33rd Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Computer Society. https://doi.org/10.1109/csf49147.2020.00016
- Secrets in Source Code: Reducing False Positives using Machine Learning / Saha, A., Denning, T., Srikumar, V., & Kasera, S. K. (2020). Secrets in Source Code: Reducing False Positives using Machine Learning. In 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS). IEEE Xplore Digital Library. https://doi.org/10.1109/comsnets48256.2020.9027350
- A Classification of Computational Assumptions in the Algebraic Group Model / Bauer, B., Fuchsbauer, G., & Loss, J. (2020). A Classification of Computational Assumptions in the Algebraic Group Model. In Advances in Cryptology – CRYPTO 2020 (pp. 121–151). Springer. https://doi.org/10.1007/978-3-030-56880-1_5
- Double-Authentication-Preventing Signatures in the Standard Model / Catalano, D., Fuchsbauer, G., & Soleimanian, A. (2020). Double-Authentication-Preventing Signatures in the Standard Model. In Lecture Notes in Computer Science (pp. 338–358). Springer. https://doi.org/10.1007/978-3-030-57990-6_17
- Efficient Signatures on Randomizable Ciphertexts / Bauer, B., & Fuchsbauer, G. (2020). Efficient Signatures on Randomizable Ciphertexts. In Lecture Notes in Computer Science (pp. 359–381). Springer. https://doi.org/10.1007/978-3-030-57990-6_18
- Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model / Fuchsbauer, G., Plouviez, A., & Seurin, Y. (2020). Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model. In Advances in Cryptology – EUROCRYPT 2020 (pp. 63–95). Springer. https://doi.org/10.1007/978-3-030-45724-2_3
- Simpler Constructions of Asymmetric Primitives from Obfuscation / Farshim, P., Fuchsbauer, G., & Passelègue, A. (2020). Simpler Constructions of Asymmetric Primitives from Obfuscation. In Progress in Cryptology – INDOCRYPT 2020 (pp. 715–738). Springer. https://doi.org/10.1007/978-3-030-65277-7_32
- Generalized Bitcoin-Compatible Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2020). Generalized Bitcoin-Compatible Channels (2020/476). http://hdl.handle.net/20.500.12708/40215
2019
- Gathering of robots in a ring with mobile faults / Das, S., Focardi, R., Luccio, F. L., Markou, E., & Squarcina, M. (2019). Gathering of robots in a ring with mobile faults. Theoretical Computer Science, 764, 42–60. https://doi.org/10.1016/j.tcs.2018.05.002
- Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Maffei, M., & Moreno-Sanchez, P. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks. In ACM (Ed.), Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3319535.3345666
- Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Moreno-Sanchez, P., & Maffei, M. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks [Conference Presentation]. Scaling Bitcoin 2019, Tel Aviv, Israel. http://hdl.handle.net/20.500.12708/58034
- Group ORAM for Privacy and AccessControl in Outsourced Personal Records / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2019). Group ORAM for Privacy and AccessControl in Outsourced Personal Records. Journal of Computer Security, 27(1), 1–47. https://doi.org/10.3233/jcs-171030
- Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. ACM Advances in Financial Technologies AFT 2019, Zurich, Switzerland, Non-EU. http://hdl.handle.net/20.500.12708/87045
- Trace Reasoning for Formal Verification using the First-Order Superposition Calculus / Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Trace Reasoning for Formal Verification using the First-Order Superposition Calculus. FMCAD 2019 Student Forum, San Jose, US, Non-EU. http://hdl.handle.net/20.500.12708/86988
- Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem / Calzavara, S., Focardi, R., Nemec, M., Rabitti, A., & Squarcina, M. (2019). Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, Austria. IEEE. https://doi.org/10.1109/sp.2019.00053
- From Firewalls to Functions and Back / Ceragioli, L., Galletta, L., & Tempesta, M. (2019). From Firewalls to Functions and Back. In Proceedings of the Third Italian Conference on Cyber Security (p. 13). CEUR-Proceedings. http://hdl.handle.net/20.500.12708/58149
- Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges / Lu, D., Moreno-Sanchez, P., Zeryihun, A., Bajpayi, S., Yin, S., Feldman, K., Kosofsky, J., Mitra, P., & Kate, A. (2019). Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges. In 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) (pp. 39–48). IEEE Computer Society. http://hdl.handle.net/20.500.12708/58148
- Verifying Relational Properties using Trace Logic / Barthe, G., Eilers, R., Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Verifying Relational Properties using Trace Logic. In B. Clark & J. Yang (Eds.), 2019 Formal Methods in Computer Aided Design (FMCAD). IEEE. https://doi.org/10.23919/fmcad.2019.8894277
- Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. In Proceedings 2019 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), USA, Non-EU. https://doi.org/10.14722/ndss.2019.23330
- Reversible Proofs of Sequential Work / Pietrzak, K., Walter, M., Klein, K., Kamath, C., & Abusalah, H. (2019). Reversible Proofs of Sequential Work. In Advances in Cryptology – EUROCRYPT 2019 (pp. 277–291). Springer LNCS. https://doi.org/10.1007/978-3-030-17656-3_10
- Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages / Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., & Vizár, D. (2019). Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages. In Lecture Notes in Computer Science (pp. 153–182). Springer LNCS. https://doi.org/10.1007/978-3-030-34621-8_6
- Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks / Sjösten, A., Van Acker, S., Picazo-Sanchez, P., & Sabelfeld, A. (2019). Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. In Proceedings 2019 Network and Distributed System Security Symposium. The Internet Society. https://doi.org/10.14722/ndss.2019.23309
2018
- ClearChart: Ensuring integrity of consumer ratings in online marketplaces / Moreno-Sanchez, P., Mahmood, U., & Kate, A. (2018). ClearChart: Ensuring integrity of consumer ratings in online marketplaces. Computers and Security, 78, 90–102. https://doi.org/10.1016/j.cose.2018.04.014
- GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM / van der Veen, V., Lindorfer, M., Fratantonio, Y., Padmanabha Pillai, H., Vigna, G., Kruegel, C., Bos, H., & Razavi, K. (2018). GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 92–113). Springer. https://doi.org/10.1007/978-3-319-93411-2_5
- MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense / Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H., & Vigna, G. (2018). MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3243734.3243858
- Equivalence Properties by Typing in Cryptographic Branching Protocols / Cortier, V., Grimm, N., Lallemand, J., & Maffei, M. (2018). Equivalence Properties by Typing in Cryptographic Branching Protocols. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 160–187). Springer LNCS. https://doi.org/10.1007/978-3-319-89722-6_7
- UniTraX: Protecting Data Privacy with Discoverable Biases / Munz, R., Eigner, F., Maffei, M., Francis, P., & Garg, D. (2018). UniTraX: Protecting Data Privacy with Discoverable Biases. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 278–299). Springer, Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-319-89722-6_12
- Transcompiling Firewalls / Bodei, C., Degano, P., Focardi, R., Galletta, L., & Tempesta, M. (2018). Transcompiling Firewalls. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 303–324). Springer International Publishing AG. https://doi.org/10.1007/978-3-319-89722-6_13
- Information Flow Tracking for Side-Effectful Libraries / Sjösten, A., Hedin, D., & Sabelfeld, A. (2018). Information Flow Tracking for Side-Effectful Libraries. In Formal Techniques for Distributed Objects, Components, and Systems (pp. 141–160). Springer. https://doi.org/10.1007/978-3-319-92612-4_8
- Mind Your Credit / Moreno-Sanchez, P., Modi, N., Songhela, R., Kate, A., & Fahmy, S. (2018). Mind Your Credit. In Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM Digital Library. https://doi.org/10.1145/3178876.3186099
- Language-Independent Synthesis of Firewall Policies / Bodei, C., Degano, P., Galletta, L., Focardi, R., Tempesta, M., & Veronese, L. (2018). Language-Independent Synthesis of Firewall Policies. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). Institute of Electrical and Electronics Engineers ( IEEE ), Austria. IEEE. https://doi.org/10.1109/eurosp.2018.00015
- Surviving the Web / Calzavara, S., Squarcina, M., Focardi, R., & Tempesta, M. (2018). Surviving the Web. In Companion of the The Web Conference 2018 on The Web Conference 2018 - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM. https://doi.org/10.1145/3184558.3186232
- Mind Your Keys? A Security Evaluation of Java Keystores / Focardi, R., Squarcina, M., Steel, G., Palmarini, M., & Tempesta, M. (2018). Mind Your Keys? A Security Evaluation of Java Keystores. In Proceedings of 2019 Network and Distributed System Security Symposium (pp. 1–15). http://hdl.handle.net/20.500.12708/57775
- Firewall Management With FireWall Synthesizer / Tempesta, M., Bodei, C., Degano, P., Forcardi, R., Galletta, L., & Veronese, L. (2018). Firewall Management With FireWall Synthesizer. In keiner (p. 1). ITASEC. http://hdl.handle.net/20.500.12708/57774
- Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions / Ren, J., Lindorfer, M., Dubois, D. J., Rao, A., Choffnes, D., & Vallina-Rodriguez, N. (2018). Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions. In Proceedings 2018 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2018.23143
- Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications / Pan, E., Ren, J., Lindorfer, M., Wilson, C., & Choffnes, D. (2018). Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications. In Proceedings on Privacy Enhancing Technologies (pp. 33–50). DeGruyter. https://doi.org/10.1515/popets-2018-0030
- Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions / Roos, S., Moreno-Sanchez, P., Kate, A., & Goldberg, I. (2018). Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions. In Proceedings 2018 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), USA, Non-EU. https://doi.org/10.14722/ndss.2018.23254
- A Semantic Framework for the Security Analysis of Ethereum Smart Contracts / Grishchenko, I., Schneidewind, C., & Maffei, M. (2018). A Semantic Framework for the Security Analysis of Ethereum Smart Contracts. In Lecture Notes in Computer Science (pp. 243–269). Springer Open. https://doi.org/10.1007/978-3-319-89722-6_10
- Foundations and Tools for the Static Analysis of Ethereum Smart Contracts / Gishchenko, I., Maffei, M., & Schneidewind, C. (2018). Foundations and Tools for the Static Analysis of Ethereum Smart Contracts. In G. Weissenbacher & H. Chockler (Eds.), Computer Aided Verification (pp. 51–78). Springer Open. https://doi.org/10.1007/978-3-319-96145-3_4
- WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring / Calzavara, S., Maffei, M., Schneidewind, C., Tempesta, M., & Squarcina, M. (2018). WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. In Proceedings of the 27th USENIX Security Symposium (pp. 1493–1510). USENIX. http://hdl.handle.net/20.500.12708/57493
- Simple Password Hardened Encryption Services / Maffei, M., Reinert, M., Lai, R., Egger, C., Chow, S. S. M., & Schröder, D. (2018). Simple Password Hardened Encryption Services. In Proceedings of the 27th USENIX Security Symposium (pp. 1405–1421). USENIX. http://hdl.handle.net/20.500.12708/57492
- Functional Credentials / Deuber, D., Maffei, M., Malavolta, G., Rabkin, M., Schröder, D., & Simkin, M. (2018). Functional Credentials. In Proceedings on Privacy Enhancing Technologies (pp. 64–84). Walter de Gruyter GmbH. http://hdl.handle.net/20.500.12708/57361
- A monadic framework for relational verification: applied to information security, program equivalence, and optimizations / Grimm, N., Maillard, K., Fournet, C., Hritcu, C., Maffei, M., Protzenko, J., Ramananandro, T., Swamy, N., & Zanella-Béguelin, S. (2018). A monadic framework for relational verification: applied to information security, program equivalence, and optimizations. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. ACM Digital Library. https://doi.org/10.1145/3167090
- Subset Predicate Encryption and Its Applications / Katz, J., Maffei, M., Malavolta, G., & Schröder, D. (2018). Subset Predicate Encryption and Its Applications. In Cryptology and Network Security (pp. 115–134). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_6
2017
- Surviving the Web: A Journey into Web Session Security / Calzavara, S., Squarcina, M., Tempesta, M., & Focardi, R. (2017). Surviving the Web: A Journey into Web Session Security. ACM Computing Surveys, 50(1), 1–34. https://doi.org/10.1145/3038923
- Maliciously Secure Multi-Client ORAM / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2017). Maliciously Secure Multi-Client ORAM. In D. Gollmann, A. Miyaji, & H. Kikuchi (Eds.), Applied Cryptography and Network Security (pp. 645–664). © Springer International Publishing AG 2017. https://doi.org/10.1007/978-3-319-61204-1_32
- Discovering Browser Extensions via Web Accessible Resources / Sjösten, A., Van Acker, S., & Sabelfeld, A. (2017). Discovering Browser Extensions via Web Accessible Resources. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. ACM. https://doi.org/10.1145/3029806.3029820
- A Principled Approach to Tracking Information Flow in the Presence of Libraries / Hedin, D., Sjösten, A., Piessens, F., & Sabelfeld, A. (2017). A Principled Approach to Tracking Information Flow in the Presence of Libraries. In Lecture Notes in Computer Science (pp. 49–70). Springer. https://doi.org/10.1007/978-3-662-54455-6_3
- Run-Time Attack Detection in Cryptographic APIs / Squarcina, M., & Focardi, R. (2017). Run-Time Attack Detection in Cryptographic APIs. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.33
- Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis / Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., & Vigna, G. (2017). Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23465
- On the Security of Frequency-Hiding Order-Preserving Encryption / Reinert, M., Schröder, D., & Maffei, M. (2017). On the Security of Frequency-Hiding Order-Preserving Encryption. In Cryptology and Network Security (pp. 51–70). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_3
- Concurrency and Privacy with Payment-Channel Networks / Maffei, M., Kate, A., Malavolta, G., Moreno-Sanchez, P., & Ravi, S. (2017). Concurrency and Privacy with Payment-Channel Networks. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM Digital Library. https://doi.org/10.1145/3133956.3134096
- A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications / Maffei, M., Calzavara, S., Grishchenko, I., & Koutsos, A. (2017). A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.19
- SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks / Maffei, M., Moreno-Sanchez, P., Kate, A., & Malavolta, G. (2017). SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23448
- A Type System for Privacy Properties / Maffei, M., Lallemand, J., Cortier, V., & Grimm, N. (2017). A Type System for Privacy Properties. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM CCS 2017 Conference on Computer and Communications Security, Dallas, USA, Non-EU. ACM Digital Library. https://doi.org/10.1145/3133956.3133998
- Principles of Security and Trust / Principles of Security and Trust. (2017). In M. Maffei, M. Ryan, P. Ah-Fat, M. Alabbad, M. Alvim, Z. Aslanyan, N. Atzei, K. Babel, M. Bartoletti, L. Bauer, A. Blot, S. Bursuc, P. Cañones, G. Casini, V. Cheval, T. Cimoli, M. Cramer, J. Dreier, C. Duménil, … A. Sjösten (Eds.), Lecture Notes in Computer Science. Springer-Verlag. https://doi.org/10.1007/978-3-662-54455-6
2016
- Drammer: Deterministic Rowhammer Attacks on Mobile Platforms / van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., & Giuffrida, C. (2016). Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/2976749.2978406
- ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic / Ren, J., Rao, A., Lindorfer, M., Legout, A., & Choffnes, D. (2016). ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. ACM. https://doi.org/10.1145/2906388.2906392
- CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes / Carter, P., Mulliner, C., Lindorfer, M., Robertson, W., & Kirda, E. (2016). CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In Financial Cryptography and Data Security (pp. 231–249). Springer. https://doi.org/10.1007/978-3-662-54970-4_13
2015
- Open problems in hash function security / Andreeva, E., Mennink, B., & Preneel, B. (2015). Open problems in hash function security. Designs, Codes and Cryptography, 77(2–3), 611–631. https://doi.org/10.1007/s10623-015-0096-0
- MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis / Lindorfer, M., Neugschwandtner, M., & Platzer, C. (2015). MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis. In 2015 IEEE 39th Annual Computer Software and Applications Conference. IEEE. https://doi.org/10.1109/compsac.2015.103 / Project: SysSec
2014
- Enter Sandbox: Android Sandbox Comparison / Neuner, S., van der Veen, V., Lindorfer, M., Huber, M., Georg, M., Mulazzani, M., & Weippl, E. (2014). Enter Sandbox: Android Sandbox Comparison. In Proceedings of the IEEE Mobile Security Technologies Workshop (MoST). IEEE. http://hdl.handle.net/20.500.12708/55124
- Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images / Platzer, C., Stuetz, M., & Lindorfer, M. (2014). Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images. In Proceedings of the 2nd international workshop on Security and forensics in communication systems - SFCS ’14. IEEE. https://doi.org/10.1145/2598918.2598920 / Project: SysSec
- ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors / Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V. van der, & Platzer, C. (2014). ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). IEEE. https://doi.org/10.1109/badgers.2014.7 / Project: SysSec
- AndRadar: Fast Discovery of Android Applications in Alternative Markets / Lindorfer, M., Volanis, S., Sisto, A., Neugschwandtner, M., Athanasopoulos, E., Maggi, F., Platzer, C., Zanero, S., & Ioannidis, S. (2014). AndRadar: Fast Discovery of Android Applications in Alternative Markets. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 51–71). Springer. https://doi.org/10.1007/978-3-319-08509-8_4 / Project: SysSec
- Provably Sound Browser-Based Enforcement of Web Session Integrity / Calzavara, S., Focardi, R., Khan, W., & Tempesta, M. (2014). Provably Sound Browser-Based Enforcement of Web Session Integrity. In 2014 IEEE 27th Computer Security Foundations Symposium. IEEE Computer Society. https://doi.org/10.1109/csf.2014.33
2013
- Take a Bite - Finding the Worm in the Apple / Lindorfer, M., Miller, B., Neugschwandtner, M., & Platzer, C. (2013). Take a Bite - Finding the Worm in the Apple. In International Conference on Information, Communications and Signal Processing (ICICS). IEEE. http://hdl.handle.net/20.500.12708/54856
- POSTER: Cross-Platform Malware: Write Once, Infect Everywhere / Lindorfer, M., Neumayr, M., Caballero, J., & Platzer, C. (2013). POSTER: Cross-Platform Malware: Write Once, Infect Everywhere. In ACM Conference on Computer and Communications Security (CCS). ACM Conference on Computer and Communications Security (CCS), Washington, USA, Non-EU. http://hdl.handle.net/20.500.12708/54855
- A View to a Kill: WebView Exploitation / Neugschwandtner, M., Lindorfer, M., & Platzer, C. (2013). A View to a Kill: WebView Exploitation. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX. http://hdl.handle.net/20.500.12708/54854
2012
- Lines of Malicious Code: Insights Into the Malicious Software Industry / Lindorfer, M., Di Federico, A., Maggi, F., Milani Comparetti, P., & Zanero, S. (2012). Lines of Malicious Code: Insights Into the Malicious Software Industry. In Proceedings of the 28th Annual Computer Security Applications Conference (pp. 349–358). ACM. http://hdl.handle.net/20.500.12708/54349
2011
- Detecting Environment-Sensitive Malware / Lindorfer, M., Kolbitsch, C., & Milani Comparetti, P. (2011). Detecting Environment-Sensitive Malware. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (2011). Springer. http://hdl.handle.net/20.500.12708/54010 / Projects: icode, SysSec, TRUDIE
Theses
Note: Due to the rollout of TU Wien’s new publication database, the list below may be slightly outdated. Once the migration is complete, everything will be up to date again.
- Cross-Chain Traceability in Decentralized Finance / Haimerl, N. (2023). Cross-Chain Traceability in Decentralized Finance [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.103500
- A Systematic Investigation of Illicit Money Flows in the DeFi Ecosystem / Luzian, S. (2023). A Systematic Investigation of Illicit Money Flows in the DeFi Ecosystem [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.106121
- Sound cross-contract reachability analysis of ethereum smart contracts / Schweighofer, M. (2022). Sound cross-contract reachability analysis of ethereum smart contracts [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.95282
- Android vs. iOS: : security of mobile Deep Links / Steinböck, M. (2022). Android vs. iOS: : security of mobile Deep Links [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.93327
- Curious apps: Large-scale detection of apps scanning your local network / Hager, P. T. (2022). Curious apps: Large-scale detection of apps scanning your local network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.98764
- Tracing android apps based on ART ahead-of-time compilation profiles from Google Play / Burtscher, L. (2022). Tracing android apps based on ART ahead-of-time compilation profiles from Google Play [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.90745
- Non-Linear reasoning in the superposition calculus / Lackner, A. (2022). Non-Linear reasoning in the superposition calculus [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.90765
- Adaptor signature based atomic swaps between bitcoin and a mimblewimble based cryptocurrency / Abfalter, J. (2021). Adaptor signature based atomic swaps between bitcoin and a mimblewimble based cryptocurrency [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.77663
- Dynamic iOS privacy analysis: Verifying App Store privacy labels / Jirout, T. W. (2021). Dynamic iOS privacy analysis: Verifying App Store privacy labels [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.92880
- Static and dynamic enforcement of security via relational reasoning / Grimm, N. (2021). Static and dynamic enforcement of security via relational reasoning [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.90710
- Foundations for the security analysis of distributed blockchain applications / Schneidewind, C. (2021). Foundations for the security analysis of distributed blockchain applications [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.91204
- Static analysis of low-level code / Grishchenko, I. (2021). Static analysis of low-level code [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87563
- Analysis of decentralized mixing services in the greater bitcoin ecosystem / Stockinger, J. (2021). Analysis of decentralized mixing services in the greater bitcoin ecosystem [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87269
- Large-scale Static Analysis of PII Leakage in IoT Companion Apps / Schmidt, D. (2021). Large-scale Static Analysis of PII Leakage in IoT Companion Apps [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.86548
- Privacy enhancing technologies for distributed ledgers / Wolf, M. (2020). Privacy enhancing technologies for distributed ledgers [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.74343
- Privacy preserving authenticated Kkey exchange : Modelling, constructions, proofs and formal verification : Modellierung, Konstruktionen, Beweise und Verification / Weninger, A. J. (2020). Privacy preserving authenticated Kkey exchange : Modelling, constructions, proofs and formal verification : Modellierung, Konstruktionen, Beweise und Verification [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87263
- Detecting neural network functions in binaries based on syntactic features / Aschl, G. (2020). Detecting neural network functions in binaries based on syntactic features [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.66352
- Payment channel network analysis with focus on lightning network / Holzer, P. (2020). Payment channel network analysis with focus on lightning network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.75260
- Automatisierte Prognose der Entwicklung von Kryptowährungspreisen / Aumayr, L. (2019). Automatisierte Prognose der Entwicklung von Kryptowährungspreisen [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.55455
- Static analysis of eWASM contracts / Schwarz, A. (2019). Static analysis of eWASM contracts [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.72720
- Theoretische und praktische Smart Contracts - Realisierung eines Investmentfonds / Schneider, J. F. (2018). Theoretische und praktische Smart Contracts - Realisierung eines Investmentfonds [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2018.55468
- Current state of browser extension security and extension-based malware / Neumayr, M. (2015). Current state of browser extension security and extension-based malware [Diploma Thesis]. reposiTUm. https://doi.org/10.34726/hss.2015.24755
- Malware through the looking glass : malware analysis in an evolving threat landscape / Lindorfer, M. (2015). Malware through the looking glass : malware analysis in an evolving threat landscape [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2015.35065
And more…
Soon, this page will include additional information such as reference projects, conferences, events, and other research activities.
Until then, please visit Security and Privacy’s research profile in TISS .