Security and Privacy E192-06
The mission of the Security and Privacy research unit is to develop techniques to secure modern IT infrastructures and to design solutions to protect the privacy of users in the digital society.
About
The mission of the Security and Privacy research unit is to develop techniques to secure modern IT infrastructures and to design solutions to protect the privacy of users in the digital society.
Our research strengths include
- formal methods for the analysis and enforcement of security and privacy properties in various scenarios, such as cryptographic protocols, mobile apps, web applications, smart contracts;
- principles and technologies for system security, including the evaluation of the attack surface and the development of systematic countermeasures, with a focus on mobile, web, and cloud security;
- theory and applications of cryptography, with a focus on the design of privacy-enhancing cryptographic schemes, cryptographic protocols for blockchain technologies, and proof techniques for provable security.
The research Unit Security and Privacy is part of the Institute of Logic and Computation.
Professors
Scientific Staff
Administrative Staff
External Lecturers
Courses
2024W
- Attacks and Defenses in Computer Security / 192.111 / UE
- Bachelor Thesis / 192.061 / PR
- Cryptocurrencies / 192.065 / VU
- Foundations of System and Application Security / 192.044 / VU
- Introduction to Cryptography / 192.125 / VU
- Introduction to Logical Methods in Computer Science / 184.766 / VO
- Introduction to Programming 1 / 185.A91 / VU
- Orientation Bachelor with Honors of Informatics and Business Informatics / 180.767 / SE
- Project in Computer Science 1 / 192.021 / PR
- Project in Computer Science 2 / 192.022 / PR
- Research Seminar LogiCS / 184.767 / SE
- Seminar for Master Students in Logic and Computation / 180.773 / SE
- Seminar for PhD Students / 192.060 / SE
- Sustainability in Computer Science / 194.155 / VU
2025S
- Introduction to Logical Methods in Computer Science / 184.766 / VO
- Project in Computer Science 1 / 192.021 / PR
- Project in Computer Science 2 / 192.022 / PR
- Research Seminar LogiCS / 184.767 / SE
Projects
-
Building Robust and Explainable AI-based Defenses for Computer Security
2024 – 2030 / Vienna Science and Technology Fund (WWTF) -
Effective Formal Methods for Smart-Contract Certification
2023 – 2027 / Vienna Science and Technology Fund (WWTF)
Publications: 192933 / 199514 -
Scalable, Private, and Interoperable Layer 2
2023 – 2027 / Vienna Science and Technology Fund (WWTF) -
Fixing the Broken Bridge Between Mobile Apps and the Web
2023 – 2027 / Vienna Science and Technology Fund (WWTF)
Publications: 191166 / 191151 -
Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design
2023 – 2026 / Austrian Science Fund (FWF)
Publications: 189688 / 190634 / 190025 / 193102 / 192933 / 193926 / 192946 / 193074 / 195542 / 199514 / 199522 / 200038 / 200888 / 200903 / 200896 / 200893 -
A Composable Rational Framework for Blockchain Systems
2022 – 2025 / Austrian Science Fund (FWF)
Publications: 150285 / 191199 / 190025 / 190616 / 190619 / 191168 / 200038 -
Distributed Ledger Development and Implementation
2022 – 2024 / ABC Research GmbH -
Cryptographic Foundations of Privacy in Distributed Ledgers
2020 – 2027 / Vienna Science and Technology Fund (WWTF)
Publications: 142523 / 139748 / 142534 / 150318 / 153193 / 200888 / 200903 / 200896 / 200893 -
Blockchain Technologies for the Internet of Things
2020 – 2025 / Christian Doppler Research Association (CDG)
Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 175654 / 154428 / 158188 / 171624 / 177467 / 190648 / 189835 / 190192 / 189792 / 189878 / 190025 / 192610 / 190685 / 192166 / 200038 -
IoTIO: Analyzing and Understanding the Internet of Insecure Things
2020 – 2025 / Vienna Science and Technology Fund (WWTF)
Publications: 150264 / 175968 / 176906 / 190633 / 190031 / 193214 / 190032 / 194425 / 191166 / 78069 / 58517 / 80253 -
Security and Privacy Foundations of Blockchain Technologies
2020 – 2024 / SBA Research gemeinnützige GmbH
Publications: 190633 / 190031 / 190032 / 194425 / 192610 / 192677 / 192585 -
Vienna Cybersecurity and Privacy Research Center
2019 – 2023 / Vienna Business Agency (WAW)
Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 152950 / 152954 / 175654 / 150285 / 150314 / 191199 / 177467 / 191198 / 190648 / 189835 / 190192 / 189792 / 189878 / 192610 / 191151 / 190685 -
Cryptographic Foundations for Future-proof Internet Security
2019 – 2023 / Austrian Science Fund (FWF)
Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 152950 / 152954 / 175654 / 154428 / 153177 / 177467 / 190648 / 189835 / 190192 / 189792 / 189878 / 192610 / 193565 / 193570 / 190685 / 190687 -
Security and Privacy for Payment-Channel Networks
2019 – 2020 / Austrian Science Fund (FWF) -
Foundations and Tools for Client-Side Web Security
2018 – 2024 / European Research Council (ERC)
Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 152950 / 152954 / 175654 / 154428 / 150314 / 153177 / 177467 / 191198 / 190648 / 189835 / 190192 / 189792 / 189878 / 190025 / 192610 / 191151 / 190685 / 200038 -
Privacy-Preserving Regulatory Technologies for Distributed Ledger Technologies
2018 – 2021 / Austrian Research Promotion Agency (FFG)
Publications: 139862 / 152968 / 152950 / 152954 / 153177 / 190192 / 189792 -
Scalability for Lightning Networks
2018 – 2020 / Chaincode Labs Inc -
Ethertrust - Trustworthy smart contracts
2018 – 2019 / netidee.at
Publication: 153177
Publications
2024
-
How (Not) to Simulate PLONK
/
Sefranek, M. (2024). How (Not) to Simulate PLONK. In Security and Cryptography for Networks (pp. 96–117). https://doi.org/10.1007/978-3-031-71070-4_5
Projects: COnFIDE (2020–2027) / SFB SPyCoDe (2023–2026) - Distillation based Robustness Verification with PAC Guarantees / Indri, P., Blohm, P., Athavale, A., Bartocci, E., Weissenbacher, G., Maffei, M., Nickovic, D., Gärtner, T., & Malhotra, S. (2024). Distillation based Robustness Verification with PAC Guarantees. In Volume 235: International Conference on Machine Learning, 21-27 July 2024, Vienna, Austria. 41st International Conference on Machine Learning (ICML 2024), Vienna, Austria.
-
Concurrently Secure Blind Schnorr Signatures
/
Fuchsbauer, G., & Wolf, M. (2024). Concurrently Secure Blind Schnorr Signatures. In Advances in Cryptology – EUROCRYPT 2024 (pp. 124–160). https://doi.org/10.1007/978-3-031-58723-8_5
Projects: COnFIDE (2020–2027) / SFB SPyCoDe (2023–2026) -
Updatable Public-Key Encryption, Revisited
/
Alwen, J., Fuchsbauer, G., & Mularczyk, M. (2024). Updatable Public-Key Encryption, Revisited. In Advances in Cryptology – EUROCRYPT 2024 (pp. 346–376). https://doi.org/10.1007/978-3-031-58754-2_13
Projects: COnFIDE (2020–2027) / SFB SPyCoDe (2023–2026) -
On Proving Equivalence Class Signatures Secure from Non-interactive Assumptions
/
Bauer, B., Fuchsbauer, G., & Regen, F. (2024). On Proving Equivalence Class Signatures Secure from Non-interactive Assumptions. In Public-Key Cryptography – PKC 2024 (pp. 3–36). https://doi.org/10.1007/978-3-031-57718-5_1
Projects: COnFIDE (2020–2027) / SFB SPyCoDe (2023–2026) -
Optimizing Virtual Payment Channel Establishment in the Face of On-Path Adversaries
/
Aumayr, L., Ceylan, E., Kopyciok, Y., Maffei, M., Moreno-Sanchez, P., Salem, I., & Schmid, S. (2024). Optimizing Virtual Payment Channel Establishment in the Face of On-Path Adversaries. In Proceedings 2024 IFIP Networking Conference (IFIP Networking) (pp. 1–10). https://doi.org/10.23919/IFIPNetworking62109.2024.10619889
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / CoRaF (2022–2025) / SFB SPyCoDe (2023–2026) -
(Inner-product) functional encryption with updatable ciphertexts
/
Cini, V., Ramacher, S., Slamanig, D., Striecks, C., & Tairi, E. (2024). (Inner-product) functional encryption with updatable ciphertexts. Journal of Cryptology, 37, Article 8. https://doi.org/10.1007/s00145-023-09486-y
Download: PDF (657 KB)
Project: PROFET (2019–2023)
2023
-
The Threat of Surveillance and the Need for Privacy Protections
/
Lindorfer, M. (2023). The Threat of Surveillance and the Need for Privacy Protections. In H. Werthner, C. Ghezzi, J. Kramer, J. Nida-Rümelin, B. Nuseibeh, E. Prem, & A. Stanger (Eds.), Introduction to Digital Humanism : A Textbook (pp. 593–609). Springer. https://doi.org/10.1007/978-3-031-45304-5_37
Download: PDF (576 KB) -
A blockchain-based IoT data marketplace
/
Sober, M., Scaffino, G., Schulte, S., & Kanhere, S. S. (2023). A blockchain-based IoT data marketplace. CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS, 26(6), 3523–3545. https://doi.org/10.1007/s10586-022-03745-6
Download: Artikel (662 KB)
Project: CDL-BOT (2020–2025) -
Optimizing 0-RTT Key Exchange with Full Forward Security
/
Göth, C., Ramacher, S., Slamanig, D., Striecks, C., Tairi, E., & Zikulnig, A. (2023). Optimizing 0-RTT Key Exchange with Full Forward Security. In CCSW ’23: Proceedings of the 2023 on Cloud Computing Security Workshop (pp. 55–68). Association for Computing Machinery (ACM). https://doi.org/10.1145/3605763.3625246
Download: PDF (1.12 MB)
Project: PROFET (2019–2023) -
LedgerLocks: A Security Framework for Blockchain Protocols Based on Adaptor Signatures
/
Tairi, E., Moreno-Sanchez, P., & Schneidewind, C. (2023). LedgerLocks: A Security Framework for Blockchain Protocols Based on Adaptor Signatures. In CCS ’23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 859–873). Association for Computing Machinery. https://doi.org/10.1145/3576915.3623149
Download: PDF (15.4 MB)
Project: PROFET (2019–2023) - Let's Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation / Bhati, A. S., Pohle, E., Abidin, A., Andreeva, E., & Preneel, B. (2023). Let’s Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation. In CCS ’23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 2546–2560). Association for Computing Machinery. https://doi.org/10.1145/3576915.3623091
-
IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis
/
Schmidt, D., Tagliaro, C., Borgolte, K., & Lindorfer, M. (2023). IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis. In CCS ’23: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (pp. 681–695). Association for Computing Machinery. https://doi.org/10.1145/3576915.3623211
Download: PDF (1.26 MB)
Projects: IoTIO (2020–2025) / W4MP (2023–2027) -
Cookie Crumbles: Breaking and Fixing Web Session Integrity
/
Squarcina, M., Adão, P., Lorenzo Veronese, & Matteo Maffei. (2023). Cookie Crumbles: Breaking and Fixing Web Session Integrity. In J. Calandrino & C. Troncoso (Eds.), SEC ’23: Proceedings of the 32nd USENIX Conference on Security Symposium (pp. 5539–5556). USENIX Association. https://doi.org/10.34726/5329
Downloads: Paper (1020 KB) / Appendix Paper (342 KB) / Slides (2.54 MB)
Projects: Browsec (2018–2024) / ViSP (2019–2023) / W4MP (2023–2027) - Virtual Payment Channel Networks in Cryptocurrencies / Aumayr, L. (2023, October 12). Virtual Payment Channel Networks in Cryptocurrencies [Presentation]. Lunchtime Seminar, Universität Innsbruck, Austria.
-
Chrisimos: A useful Proof-of-Work for finding Minimal Dominating Set of a graph
/
Chatterjee, D., Banerjee, P., & Mazumdar, S. (2023). Chrisimos: A useful Proof-of-Work for finding Minimal Dominating Set of a graph. arXiv. https://doi.org/10.34726/5301
Download: PDF (515 KB)
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023) -
Breaking and Fixing Virtual Channels: Domino Attack and Donner
/
Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2023, September 6). Breaking and Fixing Virtual Channels: Domino Attack and Donner [Presentation]. VISA Research - external research talks, Palo Alto, United States of America (the). http://hdl.handle.net/20.500.12708/192610
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / SPFBT (2020–2024) / ViSP (2019–2023) -
Thora: Atomic and Privacy-Preserving Multi-Channel Updates
/
Aumayr, L., Abbaszadeh, K., & Maffei, M. (2023, August 30). Thora: Atomic and Privacy-Preserving Multi-Channel Updates [Conference Presentation]. The Science of Blockchain Conference 2023 (SBC’23), Stanford University, United States of America (the).
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Sleepy Channels: Bitcoin-Compatible Bi-directional Payment Channels without Watchtowers
/
Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2023, August 30). Sleepy Channels: Bitcoin-Compatible Bi-directional Payment Channels without Watchtowers [Conference Presentation]. The Science of Blockchain Conference 2023, Stanford, United States of America (the).
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Glimpse: On-Demand PoW Light Client with Constant-Size Storage for DeFi
/
Scaffino, G., Aumayr, L., Avarikioti, G., & Maffei, M. (2023). Glimpse: On-Demand PoW Light Client with Constant-Size Storage for DeFi. In Proceedings of the 32nd USENIX Security Symposium (pp. 733–750).
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / CoRaF (2022–2025) / SFB SPyCoDe (2023–2026) -
Connecting the .dotfiles: Checked-In Secret Exposure with Extra (Lateral Movement) Steps
/
Jungwirth, G., Saha, A., Schröder, M., Fiebig, T., Lindorfer, M., & Cito, J. (2023). Connecting the .dotfiles: Checked-In Secret Exposure with Extra (Lateral Movement) Steps. In IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) (pp. 322–333). https://doi.org/10.1109/MSR59073.2023.00051
Project: IoTIO (2020–2025) -
Not Your Average App: A Large-scale Privacy Analysis of Android Browsers
/
Pradeep, A., Feal, Á., Gamba, J., Rao, A., Lindorfer, M., Vallina-Rodriguez, N., & Choffnes, D. (2023). Not Your Average App: A Large-scale Privacy Analysis of Android Browsers. In M. L. Mazurek & M. Sherr (Eds.), Proceedings on Privacy Enhancing Technologies Symposium 2023 (pp. 29–46). https://doi.org/10.56553/popets-2023-0003
Download: PDF (2.72 MB)
Projects: IoTIO (2020–2025) / SPFBT (2020–2024) -
Heads in the Clouds? Measuring Universities’ Migration to Public Clouds: Implications for Privacy & Academic Freedom
/
Fiebig, T., Gürses, S., Hernández Gañán, C., Kotkamp, E., Kuipers, F., Lindorfer, M., Prisse, M., & Sari, T. (2023). Heads in the Clouds? Measuring Universities’ Migration to Public Clouds: Implications for Privacy & Academic Freedom. In M. L. Mazurek & M. Sherr (Eds.), Proceedings on Privacy Enhancing Technologies (pp. 117–150). De Gruyter Open / Sciendo. https://doi.org/10.56553/popets-2023-0044
Download: PDF (6.58 MB) -
Distributed Key Generation with Smart Contracts using zk-SNARKs
/
Sober, M., Max Kobelt, Scaffino, G., Kaaser, D., & Schulte, S. (2023). Distributed Key Generation with Smart Contracts using zk-SNARKs. In SAC ’23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing (pp. 231–240). Association for Computing Machinery. https://doi.org/10.34726/4523
Download: PDF (582 KB) -
Of Ahead Time: Evaluating Disassembly of Android Apps Compiled to Binary OATs Through the ART
/
Bleier, J., & Lindorfer, M. (2023). Of Ahead Time: Evaluating Disassembly of Android Apps Compiled to Binary OATs Through the ART. In J. Polakis & E. van der Kouwe (Eds.), EUROSEC ’23: Proceedings of the 16th European Workshop on System Security (pp. 21–29). https://doi.org/10.1145/3578357.3591219
Download: PDF (2.39 MB)
Projects: IoTIO (2020–2025) / SPFBT (2020–2024) -
Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem
/
Hageman, K., Feal, A., Gamba, J., Girish, A., Bleier, J., Lindorfer, M., Tapiador, J., & Vallina-Rodriguez, N. (2023). Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem. IEEE Transactions on Software Engineering, 49(4), 2964–2979. https://doi.org/10.34726/5296
Download: PDF (3.29 MB)
Projects: IoTIO (2020–2025) / SPFBT (2020–2024) -
Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets
/
Streibelt, F., Lindorfer, M., Gürses, S., Hernández Gañán, C., & Fiebig, T. (2023). Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets. In Passive and Active Measurement : 24th International Conference, PAM 2023, Virtual Event, March 21–23, 2023, Proceedings (pp. 209–226). Springer. https://doi.org/10.1007/978-3-031-28486-1_10
Download: PDF (2.52 MB) - CryptoMaze: Privacy-Preserving Splitting of Off-Chain Payments / Mazumdar, S., & Ruj, S. (2023). CryptoMaze: Privacy-Preserving Splitting of Off-Chain Payments. IEEE Transactions on Dependable and Secure Computing, 20(2), 1060–1073. https://doi.org/10.1109/TDSC.2022.3148476
-
Thora: Atomic and Privacy-Preserving Multi-Channel Updates
/
Aumayr, L., Abbaszadeh, K., & Maffei, M. (2023, February 28). Thora: Atomic and Privacy-Preserving Multi-Channel Updates [Poster Presentation]. Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). http://hdl.handle.net/20.500.12708/189792
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Sleepy Channels: Bi-directional Payment Channels without Watchtowers
/
Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2023, February 28). Sleepy Channels: Bi-directional Payment Channels without Watchtowers [Poster Presentation]. Network and Distributed System Security Symposium (NDSS) 2023, United States of America (the).
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Breaking and Fixing Virtual Channels: Domino Attack and Donner
/
Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2023). Breaking and Fixing Virtual Channels: Domino Attack and Donner. In Proceedings Network and Distributed System Security Symposium 2023. 30th Annual Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). https://doi.org/10.14722/ndss.2023.24370
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains
/
Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., & Ruj, S. (2023). LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains. In J. Garcia-Alfaro, G. Navarro-Arribas, & N. Dragoni (Eds.), Data Privacy Management, Cryptocurrencies and Blockchain Technology (pp. 219–235). Springer Cham. https://doi.org/10.1007/978-3-031-25734-6_14
Project: CDL-BOT (2020–2025) -
I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape
/
Tagliaro, C., Hahn, F., Sepe, R., Aceti, A., & Lindorfer, M. (2023). I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape. In Proceedings Network and Distributed System Security (NDSS) Symposium 2023. 30th Annual Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). https://doi.org/10.14722/ndss.2023.24102
Projects: IoTIO (2020–2025) / SPFBT (2020–2024) -
SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients
/
Abusalah, H., Fuchsbauer, G., Gazi, P., & Klein, K. (2023). SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients. In Advances in Cryptology - ASIACRYPT 2022 (pp. 806–836). Springer. https://doi.org/10.1007/978-3-031-22963-3_27
Project: COnFIDE (2020–2027) -
Non-interactive Mimblewimble transactions, revisited
/
Fuchsbauer, G., & Orrù, M. (2023). Non-interactive Mimblewimble transactions, revisited. In Advances in Cryptology - ASIACRYPT 2022 (pp. 713–744). Springer. https://doi.org/10.1007/978-3-031-22963-3_24
Project: COnFIDE (2020–2027) -
WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms
/
Veronese, L., Farinier, B., Bernardo, P., Tempesta, M., Squarcina, M., & Maffei, M. (2023). WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms. In 2023 IEEE Symposium on Security and Privacy (SP) (pp. 2761–2779). IEEE. https://doi.org/10.1109/SP46215.2023.10179465
Projects: Browsec (2018–2024) / ViSP (2019–2023) - A Forkcipher-Based Pseudo-Random Number Generator / Andreeva, E., & Weninger, A. (2023). A Forkcipher-Based Pseudo-Random Number Generator. In M. Tibouchi & X. Wang (Eds.), Applied Cryptography and Network Security (pp. 3–31). https://doi.org/10.1007/978-3-031-33491-7_1
- Quantum cryptanalysis of Farfalle and (generalised) key-alternating Feistel networks / Hodžić, S., Roy, A., & Andreeva, E. (2023). Quantum cryptanalysis of Farfalle and (generalised) key-alternating Feistel networks. Designs, Codes and Cryptography. https://doi.org/10.1007/s10623-023-01305-6
-
Lightning Creation Games
/
Avarikioti, G., Lizurej, T., Michalak, T., & Yeo, M. (2023). Lightning Creation Games. In E. Bertino, B. Li, O. Frieder, & X. Jia (Eds.), 2023 IEEE 43rd International Conference on Distributed Computing Systems (ICDCS 2023) (pp. 603–613). IEEE. https://doi.org/10.1109/ICDCS57875.2023.00037
Project: CoRaF (2022–2025) -
Divide & Scale: Formalization and Roadmap to Robust Sharding
/
Avarikioti, G., Desjardins, A., Kokoris-Kogias, L., & Wattenhofer, R. (2023). Divide & Scale: Formalization and Roadmap to Robust Sharding. In S. Rajsbaum, A. Balliu, J. Daymude, & D. Olivetti (Eds.), Structural Information and Communication Complexity : 30th International Colloquium, SIROCCO 2023, Alcalá de Henares, Spain, June 6–9, 2023, Proceedings (pp. 199–245). Springer. https://doi.org/10.1007/978-3-031-32733-9_10
Project: CoRaF (2022–2025) -
Towards a Game-Theoretic Security Analysis of Off-Chain Protocols
/
Rain, S., Avarikioti, G., Kovacs, L., & Maffei, M. (2023). Towards a Game-Theoretic Security Analysis of Off-Chain Protocols. In 2023 IEEE 36th Computer Security Foundations Symposium (CSF) (pp. 107–122). IEEE. https://doi.org/10.1109/CSF57540.2023.00003
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / LCS (2017–2025) / PROFET (2019–2023) / ViSP (2019–2023) -
FnF-BFT: A BFT Protocol with Provable Performance Under Attack
/
Avarikioti, G., Heimbach, L., Schmid, R., Vanbever, L., Wattenhofer, R., & Wintermeyer, P. (2023). FnF-BFT: A BFT Protocol with Provable Performance Under Attack. In S. Rajsbaum, A. Balliu, J. Dymude, & D. Olivetti (Eds.), Structural Information and Communication Complexity : 30th International Colloquium, SIROCCO 2023, Alcalá de Henares, Spain, June 6–9, 2023, Proceedings (pp. 165–198). Springer. https://doi.org/10.1007/978-3-031-32733-9_9
Project: CoRaF (2022–2025)
2022
-
Strategic Analysis of Griefing Attack in Lightning Network
/
Mazumdar, S., Banerjee, P., Sinha, A., Ruj, S., & Roy, B. (2022). Strategic Analysis of Griefing Attack in Lightning Network. IEEE Transactions on Network and Service Management. https://doi.org/10.34726/3581
Downloads: Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. (1.78 MB) / Supplemental Material (453 KB)
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023) -
SecWasm: Information Flow Control for WebAssembly
/
Bastys, I., Algehed, M., Sjösten, A., & Sabelfeld, A. (2022). SecWasm: Information Flow Control for WebAssembly. In Static Analysis (pp. 74–103). Springer Nature Switzerland AG. https://doi.org/10.1007/978-3-031-22308-2_5
Projects: Browsec (2018–2024) / ViSP (2019–2023) - Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom / Fiebig, T., Gürses, S., & Lindorfer, M. (2022). Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom. Privacy Studies Journal, 51–68. https://doi.org/10.7146/psj.vi.132713
-
LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains
/
Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., & Ruj, S. (2022). LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains. Cryptology ePrint Archive. https://doi.org/10.34726/3662
Download: PDF (502 KB)
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023) -
Towards faster settlement in HTLC-based Cross-Chain Atomic Swaps
/
Mazumdar, S. (2022). Towards faster settlement in HTLC-based Cross-Chain Atomic Swaps. arXiv. https://doi.org/10.34726/3805
Download: PDF (800 KB)
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023) -
Foundations of Coin Mixing Services
/
Glaeser, N., Maffei, M., Malavolta, G., Moreno-Sanchez, P., Tairi, E., & Thyagarajan, S. A. (2022). Foundations of Coin Mixing Services. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 1259–1273). Association for Computing Machinery. https://doi.org/10.34726/3601
Download: Accepted manuscript incl. Suppl. Material. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. (756 KB)
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) -
Thora: Atomic and Privacy-Preserving Multi-Channel Updates
/
Aumayr, L., Abbaszadeh, K., & Maffei, M. (2022). Thora: Atomic and Privacy-Preserving Multi-Channel Updates. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 165–178). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560556
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Sleepy Channels: Bi-directional Payment Channels without Watchtowers
/
Aumayr, L., Thyagarajan, S. A., Malavolta, G., Moreno-Sanchez, P., & Maffei, M. (2022). Sleepy Channels: Bi-directional Payment Channels without Watchtowers. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 179–192). Association for Computing Machinery. https://doi.org/10.1145/3548606.3559370
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Sleepy Channels: Bi-directional Payment Channels without Watchtowers
/
Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2022, October 31). Sleepy Channels: Bi-directional Payment Channels without Watchtowers [Poster Presentation]. Crypto Economics Security Conference, Berkeley, United States of America (the).
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Thora: Atomic And Privacy-Preserving Multi-Channel Updates
/
Aumayr, L., Kasra Abbaszadeh, & Maffei, M. (2022, October 31). Thora: Atomic And Privacy-Preserving Multi-Channel Updates [Poster Presentation]. Crypto Economics Security Conference, Berkeley, United States of America (the).
Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks
/
Avarikioti, G., Pietrzak, K., Salem, I., Schmid, S., Tiwari, S., & Yeo, M. (2022). Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks. In I. Eyal & J. Garay (Eds.), Financial Cryptography and Data Security (pp. 358–373). Springer-Verlag. https://doi.org/10.1007/978-3-031-18283-9_17
Projects: CoRaF (2022–2025) / ViSP (2019–2023) -
Suborn Channels: Incentives Against Timelock Bribes
/
Avarikioti, G., & Thyfronitis Litos, O. S. (2022). Suborn Channels: Incentives Against Timelock Bribes. In Financial Cryptography and Data Security (pp. 488–511). Springer Nature Switzerland AG. https://doi.org/10.34726/3904
Download: Paper (556 KB) -
A Comparative Analysis of Certificate Pinning in Android & iOS
/
Pradeep, A., Paracha, M. T., Bhowmick, P., Davanian, A., Razaghpanah, A., Chung, T., Lindorfer, M., Vallina-Rodriguez, N., Levin, D., & Choffnes, D. (2022). A Comparative Analysis of Certificate Pinning in Android & iOS. In Proceedings of the 22nd ACM Internet Measurement Conference (pp. 605–618). ACM. https://doi.org/10.34726/3505
Project: IoTIO (2020–2025) -
Wiser: Increasing Throughput in Payment Channel Networks with Transaction Aggregation
/
Tiwari, S., Yeo, M., Avarikioti, G., Salem, I., Pietrzak, K., & Schmid, S. (2022). Wiser: Increasing Throughput in Payment Channel Networks with Transaction Aggregation. In AFT ’22: Proceedings of the 4th ACM Conference on Advances in Financial Technologies (pp. 217–231). Association for Computing Machinery. https://doi.org/10.1145/3558535.3559775
Download: PDF (561 KB)
Projects: CoRaF (2022–2025) / ViSP (2019–2023) -
Blitz: Secure Multi-Hop Payments Without Two-Phase Commits
/
Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2022, August 31). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Conference Presentation]. The Science of Blockchain Conference 2022, Stanford, United States of America (the).
Projects: Browsec (2018–2024) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures
/
Aumayr, L., Oguzhan Ersoy, Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2022, August 30). Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures [Conference Presentation]. The Science of Blockchain Conference 2022, Stanford, United States of America (the). http://hdl.handle.net/20.500.12708/152950
Projects: Browsec (2018–2024) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023) -
Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality
/
Fassl, M., Anell, S., Houy, S., Lindorfer, M., & Krombholz, K. (2022). Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality. In Proceedings of the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) (pp. 135–154). USENIX Association. https://doi.org/10.34726/3902
Download: Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. (1.35 MB)
Project: IoTIO (2020–2025) - Evolution of Payment Channels / Aumayr, L. (2022, July 27). Evolution of Payment Channels [Presentation]. DFINITY Foundation - research talks, Austria.
-
Not that Simple: Email Delivery in the 21st Century
/
Holzbauer, F., Ullrich, J., Lindorfer, M., & Fiebig, T. (2022). Not that Simple: Email Delivery in the 21st Century. In Proceedings of the 2022 USENIX Annual Technical Conference (pp. 295–308). USENIX Association. https://doi.org/10.34726/4024
Download: PDF (1.43 MB)
Project: IoTIO (2020–2025) -
The security of Mimblewimble
/
Fuchsbauer, G. (2022, June 27). The security of Mimblewimble [Keynote Presentation]. 22nd Central European Conference on Cryptography, Smolenice, Slovakia. http://hdl.handle.net/20.500.12708/153193
Project: COnFIDE (2020–2027) -
No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis
/
Al Alsadi, A. A., Sameshima, K., Bleier, J., Yoshioka, K., Lindorfer, M., van Eeten, M., & Hernández Gañán, C. (2022). No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis. In Yuji Suga, Kouichi Sakurai, Xuhua Ding, & Kazue Sako (Eds.), ASIA CCS ’22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (pp. 309–321). Association for Computing Machinery. https://doi.org/10.1145/3488932.3517408
Project: IoTIO (2020–2025) -
ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android's OAT Compiler
/
Bleier, J., & Lindorfer, M. (2022, May 23). ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android’s OAT Compiler [Poster Presentation]. 43rd IEEE Symposium on Security and Privacy, San Francisco, United States of America (the).
Project: IoTIO (2020–2025) -
Rigorous Methods for Smart Contracts
/
Bjørner, N., Christakis, M., Maffei, M., & Rosu, G. (Eds.). (2022). Rigorous Methods for Smart Contracts (Dagstuhl Seminar 21431). Schloss Dagstuhl – Leibniz-Zentrum für Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/DagRep.11.9.80
Projects: Browsec (2018–2024) / Ethertrust (2018–2019) / PR4DLT (2018–2021) / PROFET (2019–2023) -
Double-authentication-preventing signatures in the standard model
/
Catalano, D., Fuchsbauer, G., & Soleimanian, A. (2022). Double-authentication-preventing signatures in the standard model. Journal of Computer Security, 30(1), 3–38. https://doi.org/10.3233/JCS-200117
Project: COnFIDE (2020–2027) - Approximate Distance-Comparison-Preserving Symmetric Encryption / Fuchsbauer, G., Ghosal, R., Hauke, N., & O’Neill, A. (2022). Approximate Distance-Comparison-Preserving Symmetric Encryption. In Security and Cryptography for Networks (pp. 117–144). https://doi.org/10.1007/978-3-031-14791-3_6
-
Credential Transparency System
/
Chase, M., Fuchsbauer, G., Ghosh, E., & Plouviez, A. (2022). Credential Transparency System. In Security and Cryptography for Networks (pp. 313–335). https://doi.org/10.1007/978-3-031-14791-3_14
Project: COnFIDE (2020–2027) - Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks / Naseredini, A., Gast, S., Schwarzl, M., Sousa Bernardo, P. M., Smajic, A., Canella, C., Berger, M., & Gruss, D. (2022). Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. In P. Mori, G. Lenzini, & S. Furnell (Eds.), Proceedings of the 8th International Conference on Information Systems Security and Privacy (pp. 48–59). SciTePress. http://hdl.handle.net/20.500.12708/58799
2021
- Off-chain Scaling of Cryptocurrencies / Aumayr, L. (2021, December 9). Off-chain Scaling of Cryptocurrencies [Presentation]. VISP blockchain research meetup, Austria. http://hdl.handle.net/20.500.12708/153233
- Designing Secure Payment Channel Schemes / Aumayr, L. (2021, November 16). Designing Secure Payment Channel Schemes [Presentation]. Singapore Management University - Online Topic, Singapore. http://hdl.handle.net/20.500.12708/153226
- Beyond Payments in Payment Channel Networks / Aumayr, L. (2021, November 16). Beyond Payments in Payment Channel Networks [Presentation]. Software Seminar Series (S3), Spain. http://hdl.handle.net/20.500.12708/153227
-
Formal Methods for the Security Analysis of Smart Contracts
/
Maffei, M. (2021). Formal Methods for the Security Analysis of Smart Contracts. In Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021 (pp. 8–8). TU Wien Academic Press. https://doi.org/10.34727/2021/isbn.978-3-85448-046-4_3
Download: PDF (47.5 KB) - 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher / Andreeva, E., Bhati, A. S., Preneel, B., & Vizár, D. (2021). 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher. IACR Transactions on Symmetric Cryptology, 2021(3). https://doi.org/10.46586/tosc.v2021.i3.1-35
- Donner: UTXO-Based Virtual Channels Across Multiple Hops / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, September 7). Donner: UTXO-Based Virtual Channels Across Multiple Hops [Presentation]. Bitcoin Sydney Socratic Seminar, Australia. http://hdl.handle.net/20.500.12708/152979
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, May 26). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Conference Presentation]. Theory and Practice of Blockchains, Unknown. http://hdl.handle.net/20.500.12708/153230
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, April 27). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Bitcoin Sydney Socratic Seminar, Australia. http://hdl.handle.net/20.500.12708/152982
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, February 24). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Decrypto Seminar, Unknown. http://hdl.handle.net/20.500.12708/152985
- Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures. In Advances in Cryptology – ASIACRYPT 2021 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part II (pp. 635–664). Springer. https://doi.org/10.1007/978-3-030-92075-3_22
- Cross-Layer Deanonymization Methods in the Lightning Protocol / Romiti, M., Victor, F., Moreno-Sanchez, P., Nordholt, P. S., Haslhofer, B., & Maffei, M. (2021). Cross-Layer Deanonymization Methods in the Lightning Protocol. In Financial Cryptography and Data Security 25th International Conference, FC 2021, Virtual Event, March 1–5, 2021, Revised Selected Papers, Part I. Springer Verlag, Austria. Springer LNCS. https://doi.org/10.1007/978-3-662-64322-8_9
- Compactness of Hashing Modes and Efficiency Beyond Merkle Tree / Andreeva, E., Bhattacharyya, R., & Roy, A. (2021). Compactness of Hashing Modes and Efficiency Beyond Merkle Tree. In Advances in Cryptology – EUROCRYPT 2021 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17–21, 2021, Proceedings, Part II (pp. 92–123). Springer. https://doi.org/10.1007/978-3-030-77886-6_4
- The One-More Discrete Logarithm Assumption in the Generic Group Model / Bauer, B., Fuchsbauer, G., & Plouviez, A. (2021). The One-More Discrete Logarithm Assumption in the Generic Group Model. In Advances in Cryptology – ASIACRYPT 2021 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part IV (pp. 587–617). Springer. https://doi.org/10.1007/978-3-030-92068-5_20
- Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web / Squarcina, M., Tempesta, M., Veronese, L., Calzavara, S., & Maffei, M. (2021). Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web. In 30th USENIX Security Symposium (pp. 2917–2934). 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. http://hdl.handle.net/20.500.12708/58469
- Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments. In Financial Cryptography and Data Security (pp. 131–150). https://doi.org/10.1007/978-3-662-64331-0_7
- A<sup>2</sup>L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy 2021, United States of America (the). https://doi.org/10.1109/sp40001.2021.00111
- Updatable Signatures and Message Authentication Codes / Cini, V., Ramacher, S., Slamanig, D., Striecks, C., & Tairi, E. (2021). Updatable Signatures and Message Authentication Codes. In Public-Key Cryptography – PKC 2021 (pp. 691–723). Springer, Cham. https://doi.org/10.1007/978-3-030-75245-3_25
- The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches / Squarcina, M., Calzavara, S., & Maffei, M. (2021). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches. In 2021 IEEE Security and Privacy Workshops (SPW). 15th IEEE Workshop on Offensive Technologies, San Francisco, CA, United States of America (the). https://doi.org/10.1109/spw53761.2021.00062
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits. In 30th USENIX Security Symposium (pp. 4043–4060). USENIX: The Advanced Computing Systems Association. http://hdl.handle.net/20.500.12708/55607
-
Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone
/
Quarta, D., Ianni, M., Machiry, A., Fratantonio, Y., Gustafson, E., Balzarotti, D., Lindorfer, M., Vigna, G., & Kruegel, C. (2021). Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM’s TrustZone. In Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks. ACM, Austria. ACM. https://doi.org/10.1145/3465413.3488571
Project: IoTIO (2020–2025) - FWS: Analyzing, Maintaining and Transcompiling Firewalls / Bodei, C., Ceragioli, L., Degano, P., Focardi, R., Galletta, L., Luccio, F., Tempesta, M., & Veronese, L. (2021). FWS: Analyzing, Maintaining and Transcompiling Firewalls. Journal of Computer Security, 29(1), 77–134. https://doi.org/10.3233/jcs-200017
- Bitcoin-Compatible Virtual Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Bitcoin-Compatible Virtual Channels. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy 2021, Oakland, United States of America (the). IEEE Computer Society. https://doi.org/10.1109/sp40001.2021.00097
- Nonce-Misuse Security of the SAEF Authenticated Encryption Mode / Andreeva, E., Bhati, A. S., & Vizár, D. (2021). Nonce-Misuse Security of the SAEF Authenticated Encryption Mode. In Selected Areas in Cryptography (pp. 512–534). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_20
- Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE / Andreeva, E., Deprez, A., Bermudo Mera, J. M., Karmakar, A., & Purnal, A. (2021). Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE. In Smart Card Research and Advanced Applications (pp. 68–83). Springer. https://doi.org/10.1007/978-3-030-68487-7_5
- Transferable E-Cash: A Cleaner Model and the First Practical Instantiation / Bauer, B., Fuchsbauer, G., & Qian, C. (2021). Transferable E-Cash: A Cleaner Model and the First Practical Instantiation. In Public-Key Cryptography – PKC 2021 (pp. 559–590). Springer. https://doi.org/10.1007/978-3-030-75248-4_20
- EssentialFP: Exposing the Essence of Browser Fingerprinting / Sjösten, A., Hedin, D., & Sabelfeld, A. (2021). EssentialFP: Exposing the Essence of Browser Fingerprinting. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). EuroS&P 2021 SecWeb Workshop, Vienna, Austria. https://doi.org/10.1109/eurospw54576.2021.00011
- Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference / Girol, G., Farinier, B., & Bardin, S. (2021). Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference. In Computer Aided Verification (pp. 669–693). Springer LNCS. https://doi.org/10.1007/978-3-030-81685-8_32
- Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions / Andreeva, E., Roy, A., & Sauer, J. F. (2021). Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions. In Selected Areas in Cryptography (pp. 273–300). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_11
2020
- eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Grishchenko, I., Scherer, M., & Maffei, M. (2020). eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM Conference on Computer and Communications Security (CCS), Washington, United States of America (the). Association for Computing Machinery ACM. https://doi.org/10.1145/3372297.3417250
- Language-Based Web Session Integrity / Calzavara, S., Focardi, R., Grimm, N., Maffei, M., & Tempesta, M. (2020). Language-Based Web Session Integrity. In 2020 IEEE 33rd Computer Security Foundations Symposium (CSF). IEEE 33rd Computer Security Foundations Symposium (CSF), Santa Barbara, United States of America (the). IEEE Computer Society. https://doi.org/10.1109/csf49147.2020.00016
- Efficient Signatures on Randomizable Ciphertexts / Bauer, B., & Fuchsbauer, G. (2020). Efficient Signatures on Randomizable Ciphertexts. In Security and Cryptography for Networks (pp. 359–381). Springer. https://doi.org/10.1007/978-3-030-57990-6_18
- Double-Authentication-Preventing Signatures in the Standard Model / Catalano, D., Fuchsbauer, G., & Soleimanian, A. (2020). Double-Authentication-Preventing Signatures in the Standard Model. In Security and Cryptography for Networks (pp. 338–358). Springer. https://doi.org/10.1007/978-3-030-57990-6_17
- Formalizing Graph Trail Properties in Isabelle/HOL / Kovács, L., Lachnitt, H., & Szeider, S. (2020). Formalizing Graph Trail Properties in Isabelle/HOL. In Intelligent Computer Mathematics 13th International Conference, CICM 2020, Bertinoro, Italy, July 26–31, 2020, Proceedings (pp. 190–205). LNCS. https://doi.org/10.1007/978-3-030-53518-6_12
- Bulwark: Holistic and Verified Security Monitoring of Web Protocols / Veronese, L., Calzavara, S., & Compagna, L. (2020). Bulwark: Holistic and Verified Security Monitoring of Web Protocols. In Computer Security – ESORICS 2020 (pp. 23–41). Springer. https://doi.org/10.1007/978-3-030-58951-6_2
- The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications / Somé, D. F., Squarcina, M., Calzavara, S., & Maffei, M. (2020). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications. EuroS&P 2020 SecWeb Workshop, Genova, Italy. http://hdl.handle.net/20.500.12708/87080
- A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network / Tikhomirov, S., Moreno-Sanchez, P., & Maffei, M. (2020). A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE Security & Privacy On The Blockchain, Genova, Italy. IEEE. https://doi.org/10.1109/eurospw51379.2020.00059
- The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Scherer, M., & Maffei, M. (2020). The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts. In T. Margaria & B. Steffen (Eds.), Leveraging Applications of Formal Methods, Verification and Validation: Applications. ISoLA 2020, Proceedings, Part III (pp. 212–231). Springer. https://doi.org/10.1007/978-3-030-61467-6_14
- When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features / Aghakhani, H., Gritti, F., Mecca, F., Lindorfer, M., Ortolani, S., Balzarotti, D., Vigna, G., & Krügel, C. (2020). When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58307
- FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic / van Ede, T., Bortolameotti, R., Continella, A., Ren, J., Dubois, D., Lindorfer, M., Choffnes, D., van Steen, M., & Peter, A. (2020). FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58308
- A Voting-Based Blockchain Interoperability Oracle / Scaffino, G., Schulte, S., Sober, M., & Spanring, C. (2020). A Voting-Based Blockchain Interoperability Oracle. In 2021 IEEE International Conference on Blockchain (Blockchain). IEEE. https://doi.org/10.1109/blockchain53845.2021.00030
- Filter List Generation for Underserved Regions / Sjösten, A., Snyder, P., Pastor, A., Papadopoulos, P., & Livshits, B. (2020). Filter List Generation for Underserved Regions. In Proceedings of The Web Conference 2020. ACM/IW3C2. https://doi.org/10.1145/3366423.3380239
- TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records / der Toorn, O. van, van Rijswijk-Deij, R., Fiebig, T., Lindorfer, M., & Sperotto, A. (2020). TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE. https://doi.org/10.1109/eurospw51379.2020.00080
- Secrets in Source Code: Reducing False Positives using Machine Learning / Saha, A., Denning, T., Srikumar, V., & Kasera, S. K. (2020). Secrets in Source Code: Reducing False Positives using Machine Learning. In 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS). IEEE Xplore Digital Library. https://doi.org/10.1109/comsnets48256.2020.9027350
- A Classification of Computational Assumptions in the Algebraic Group Model / Bauer, B., Fuchsbauer, G., & Loss, J. (2020). A Classification of Computational Assumptions in the Algebraic Group Model. In Advances in Cryptology – CRYPTO 2020 (pp. 121–151). Springer. https://doi.org/10.1007/978-3-030-56880-1_5
- Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model / Fuchsbauer, G., Plouviez, A., & Seurin, Y. (2020). Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model. In Advances in Cryptology – EUROCRYPT 2020 (pp. 63–95). Springer. https://doi.org/10.1007/978-3-030-45724-2_3
- Simpler Constructions of Asymmetric Primitives from Obfuscation / Farshim, P., Fuchsbauer, G., & Passelègue, A. (2020). Simpler Constructions of Asymmetric Primitives from Obfuscation. In Progress in Cryptology – INDOCRYPT 2020 (pp. 715–738). Springer. https://doi.org/10.1007/978-3-030-65277-7_32
- Generalized Bitcoin-Compatible Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2020). Generalized Bitcoin-Compatible Channels (2020/476). http://hdl.handle.net/20.500.12708/40215
2019
- Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages / Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., & Vizár, D. (2019). Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages. In Advances in Cryptology – ASIACRYPT 2019 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8–12, 2019, Proceedings, Part II (pp. 153–182). Springer LNCS. https://doi.org/10.1007/978-3-030-34621-8_6
- Verifying Relational Properties using Trace Logic / Barthe, G., Eilers, R., Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Verifying Relational Properties using Trace Logic. In B. Clark & J. Yang (Eds.), 2019 Formal Methods in Computer Aided Design (FMCAD). IEEE. https://doi.org/10.23919/fmcad.2019.8894277
- Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. In Proceedings 2019 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), San Diego, United States of America (the). https://doi.org/10.14722/ndss.2019.23330
- Reversible Proofs of Sequential Work / Pietrzak, K., Walter, M., Klein, K., Kamath, C., & Abusalah, H. (2019). Reversible Proofs of Sequential Work. In Advances in Cryptology – EUROCRYPT 2019 (pp. 277–291). Springer LNCS. https://doi.org/10.1007/978-3-030-17656-3_10
- Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Maffei, M., & Moreno-Sanchez, P. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks. In ACM (Ed.), Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3319535.3345666
- Group ORAM for Privacy and AccessControl in Outsourced Personal Records / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2019). Group ORAM for Privacy and AccessControl in Outsourced Personal Records. Journal of Computer Security, 27(1), 1–47. https://doi.org/10.3233/jcs-171030
- Gathering of robots in a ring with mobile faults / Das, S., Focardi, R., Luccio, F. L., Markou, E., & Squarcina, M. (2019). Gathering of robots in a ring with mobile faults. Theoretical Computer Science, 764, 42–60. https://doi.org/10.1016/j.tcs.2018.05.002
- Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Moreno-Sanchez, P., & Maffei, M. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks [Conference Presentation]. Scaling Bitcoin 2019, Tel Aviv, Israel. http://hdl.handle.net/20.500.12708/58034
- Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. ACM Advances in Financial Technologies AFT 2019, Zurich, Switzerland, Non-EU. http://hdl.handle.net/20.500.12708/87045
- Trace Reasoning for Formal Verification using the First-Order Superposition Calculus / Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Trace Reasoning for Formal Verification using the First-Order Superposition Calculus. FMCAD 2019 Student Forum, San Jose, US, Non-EU. http://hdl.handle.net/20.500.12708/86988
- Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem / Calzavara, S., Focardi, R., Nemec, M., Rabitti, A., & Squarcina, M. (2019). Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, Austria. IEEE. https://doi.org/10.1109/sp.2019.00053
- From Firewalls to Functions and Back / Ceragioli, L., Galletta, L., & Tempesta, M. (2019). From Firewalls to Functions and Back. In Proceedings of the Third Italian Conference on Cyber Security (p. 13). CEUR-Proceedings. http://hdl.handle.net/20.500.12708/58149
- Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges / Lu, D., Moreno-Sanchez, P., Zeryihun, A., Bajpayi, S., Yin, S., Feldman, K., Kosofsky, J., Mitra, P., & Kate, A. (2019). Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges. In 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) (pp. 39–48). IEEE Computer Society. http://hdl.handle.net/20.500.12708/58148
- Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks / Sjösten, A., Van Acker, S., Picazo-Sanchez, P., & Sabelfeld, A. (2019). Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. In Proceedings 2019 Network and Distributed System Security Symposium. The Internet Society. https://doi.org/10.14722/ndss.2019.23309
2018
- A Semantic Framework for the Security Analysis of Ethereum Smart Contracts / Grishchenko, I., Schneidewind, C., & Maffei, M. (2018). A Semantic Framework for the Security Analysis of Ethereum Smart Contracts. In Principles of Security and Trust 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings (pp. 243–269). Springer Open. https://doi.org/10.1007/978-3-319-89722-6_10
- MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense / Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H., & Vigna, G. (2018). MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3243734.3243858
- GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM / van der Veen, V., Lindorfer, M., Fratantonio, Y., Padmanabha Pillai, H., Vigna, G., Kruegel, C., Bos, H., & Razavi, K. (2018). GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 92–113). Springer. https://doi.org/10.1007/978-3-319-93411-2_5
- ClearChart: Ensuring integrity of consumer ratings in online marketplaces / Moreno-Sanchez, P., Mahmood, U., & Kate, A. (2018). ClearChart: Ensuring integrity of consumer ratings in online marketplaces. Computers and Security, 78, 90–102. https://doi.org/10.1016/j.cose.2018.04.014
- Equivalence Properties by Typing in Cryptographic Branching Protocols / Cortier, V., Grimm, N., Lallemand, J., & Maffei, M. (2018). Equivalence Properties by Typing in Cryptographic Branching Protocols. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 160–187). Springer LNCS. https://doi.org/10.1007/978-3-319-89722-6_7
- UniTraX: Protecting Data Privacy with Discoverable Biases / Munz, R., Eigner, F., Maffei, M., Francis, P., & Garg, D. (2018). UniTraX: Protecting Data Privacy with Discoverable Biases. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 278–299). Springer, Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-319-89722-6_12
- Transcompiling Firewalls / Bodei, C., Degano, P., Focardi, R., Galletta, L., & Tempesta, M. (2018). Transcompiling Firewalls. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 303–324). Springer International Publishing AG. https://doi.org/10.1007/978-3-319-89722-6_13
- Information Flow Tracking for Side-Effectful Libraries / Sjösten, A., Hedin, D., & Sabelfeld, A. (2018). Information Flow Tracking for Side-Effectful Libraries. In Formal Techniques for Distributed Objects, Components, and Systems (pp. 141–160). Springer. https://doi.org/10.1007/978-3-319-92612-4_8
- Mind Your Credit / Moreno-Sanchez, P., Modi, N., Songhela, R., Kate, A., & Fahmy, S. (2018). Mind Your Credit. In Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM Digital Library. https://doi.org/10.1145/3178876.3186099
- Language-Independent Synthesis of Firewall Policies / Bodei, C., Degano, P., Galletta, L., Focardi, R., Tempesta, M., & Veronese, L. (2018). Language-Independent Synthesis of Firewall Policies. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). Institute of Electrical and Electronics Engineers ( IEEE ), Austria. IEEE. https://doi.org/10.1109/eurosp.2018.00015
- Surviving the Web / Calzavara, S., Squarcina, M., Focardi, R., & Tempesta, M. (2018). Surviving the Web. In Companion of the The Web Conference 2018 on The Web Conference 2018 - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM. https://doi.org/10.1145/3184558.3186232
- Mind Your Keys? A Security Evaluation of Java Keystores / Focardi, R., Squarcina, M., Steel, G., Palmarini, M., & Tempesta, M. (2018). Mind Your Keys? A Security Evaluation of Java Keystores. In Proceedings of 2019 Network and Distributed System Security Symposium (pp. 1–15). http://hdl.handle.net/20.500.12708/57775
- Firewall Management With FireWall Synthesizer / Tempesta, M., Bodei, C., Degano, P., Forcardi, R., Galletta, L., & Veronese, L. (2018). Firewall Management With FireWall Synthesizer. In keiner (p. 1). ITASEC. http://hdl.handle.net/20.500.12708/57774
- Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions / Ren, J., Lindorfer, M., Dubois, D. J., Rao, A., Choffnes, D., & Vallina-Rodriguez, N. (2018). Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions. In Proceedings 2018 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2018.23143
- Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications / Pan, E., Ren, J., Lindorfer, M., Wilson, C., & Choffnes, D. (2018). Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications. In Proceedings on Privacy Enhancing Technologies (pp. 33–50). DeGruyter. https://doi.org/10.1515/popets-2018-0030
- Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions / Roos, S., Moreno-Sanchez, P., Kate, A., & Goldberg, I. (2018). Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions. In Proceedings 2018 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), USA, Non-EU. https://doi.org/10.14722/ndss.2018.23254
- Foundations and Tools for the Static Analysis of Ethereum Smart Contracts / Gishchenko, I., Maffei, M., & Schneidewind, C. (2018). Foundations and Tools for the Static Analysis of Ethereum Smart Contracts. In G. Weissenbacher & H. Chockler (Eds.), Computer Aided Verification (pp. 51–78). Springer Open. https://doi.org/10.1007/978-3-319-96145-3_4
- WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring / Calzavara, S., Maffei, M., Schneidewind, C., Tempesta, M., & Squarcina, M. (2018). WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. In Proceedings of the 27th USENIX Security Symposium (pp. 1493–1510). USENIX. http://hdl.handle.net/20.500.12708/57493
- Simple Password Hardened Encryption Services / Maffei, M., Reinert, M., Lai, R., Egger, C., Chow, S. S. M., & Schröder, D. (2018). Simple Password Hardened Encryption Services. In Proceedings of the 27th USENIX Security Symposium (pp. 1405–1421). USENIX. http://hdl.handle.net/20.500.12708/57492
- Functional Credentials / Deuber, D., Maffei, M., Malavolta, G., Rabkin, M., Schröder, D., & Simkin, M. (2018). Functional Credentials. In Proceedings on Privacy Enhancing Technologies (pp. 64–84). Walter de Gruyter GmbH. http://hdl.handle.net/20.500.12708/57361
- A monadic framework for relational verification: applied to information security, program equivalence, and optimizations / Grimm, N., Maillard, K., Fournet, C., Hritcu, C., Maffei, M., Protzenko, J., Ramananandro, T., Swamy, N., & Zanella-Béguelin, S. (2018). A monadic framework for relational verification: applied to information security, program equivalence, and optimizations. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. ACM Digital Library. https://doi.org/10.1145/3167090
- Subset Predicate Encryption and Its Applications / Katz, J., Maffei, M., Malavolta, G., & Schröder, D. (2018). Subset Predicate Encryption and Its Applications. In Cryptology and Network Security (pp. 115–134). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_6
2017
- Surviving the Web: A Journey into Web Session Security / Calzavara, S., Focardi, R., Squarcina, M., & Tempesta, M. (2017). Surviving the Web: A Journey into Web Session Security. ACM Computing Surveys, 50(1), 1–34. https://doi.org/10.1145/3038923
- A Principled Approach to Tracking Information Flow in the Presence of Libraries / Hedin, D., Sjösten, A., Piessens, F., & Sabelfeld, A. (2017). A Principled Approach to Tracking Information Flow in the Presence of Libraries. In Principles of Security and Trust 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings (pp. 49–70). Springer. https://doi.org/10.1007/978-3-662-54455-6_3
- Principles of Security and Trust / Maffei, M., & Ryan, M. (Eds.). (2017). Principles of Security and Trust (Vol. 10204). Springer-Verlag. https://doi.org/10.1007/978-3-662-54455-6
- Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis / Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., & Vigna, G. (2017). Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23465
- A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications / Maffei, M., Calzavara, S., Grishchenko, I., & Koutsos, A. (2017). A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.19
- Maliciously Secure Multi-Client ORAM / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2017). Maliciously Secure Multi-Client ORAM. In D. Gollmann, A. Miyaji, & H. Kikuchi (Eds.), Applied Cryptography and Network Security (pp. 645–664). © Springer International Publishing AG 2017. https://doi.org/10.1007/978-3-319-61204-1_32
- Discovering Browser Extensions via Web Accessible Resources / Sjösten, A., Van Acker, S., & Sabelfeld, A. (2017). Discovering Browser Extensions via Web Accessible Resources. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. ACM. https://doi.org/10.1145/3029806.3029820
- Run-Time Attack Detection in Cryptographic APIs / Squarcina, M., & Focardi, R. (2017). Run-Time Attack Detection in Cryptographic APIs. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.33
- On the Security of Frequency-Hiding Order-Preserving Encryption / Reinert, M., Schröder, D., & Maffei, M. (2017). On the Security of Frequency-Hiding Order-Preserving Encryption. In Cryptology and Network Security (pp. 51–70). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_3
- Concurrency and Privacy with Payment-Channel Networks / Maffei, M., Kate, A., Malavolta, G., Moreno-Sanchez, P., & Ravi, S. (2017). Concurrency and Privacy with Payment-Channel Networks. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM Digital Library. https://doi.org/10.1145/3133956.3134096
- SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks / Maffei, M., Moreno-Sanchez, P., Kate, A., & Malavolta, G. (2017). SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23448
- A Type System for Privacy Properties / Maffei, M., Lallemand, J., Cortier, V., & Grimm, N. (2017). A Type System for Privacy Properties. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM CCS 2017 Conference on Computer and Communications Security, Dallas, USA, Non-EU. ACM Digital Library. https://doi.org/10.1145/3133956.3133998
2016
- CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes / Carter, P., Mulliner, C., Lindorfer, M., Robertson, W., & Kirda, E. (2016). CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In Financial Cryptography and Data Security (pp. 231–249). Springer. https://doi.org/10.1007/978-3-662-54970-4_13
- Drammer: Deterministic Rowhammer Attacks on Mobile Platforms / van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., & Giuffrida, C. (2016). Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/2976749.2978406
- ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic / Ren, J., Rao, A., Lindorfer, M., Legout, A., & Choffnes, D. (2016). ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. ACM. https://doi.org/10.1145/2906388.2906392
2015
- Open problems in hash function security / Andreeva, E., Mennink, B., & Preneel, B. (2015). Open problems in hash function security. Designs, Codes and Cryptography, 77(2–3), 611–631. https://doi.org/10.1007/s10623-015-0096-0
-
MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis
/
Lindorfer, M., Neugschwandtner, M., & Platzer, C. (2015). MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis. In 2015 IEEE 39th Annual Computer Software and Applications Conference. IEEE. https://doi.org/10.1109/compsac.2015.103
Project: SysSec (2010–2014)
2014
-
ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors
/
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V. van der, & Platzer, C. (2014). ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). IEEE. https://doi.org/10.1109/badgers.2014.7
Project: SysSec (2010–2014) - Enter Sandbox: Android Sandbox Comparison / Neuner, S., van der Veen, V., Lindorfer, M., Huber, M., Georg, M., Mulazzani, M., & Weippl, E. (2014). Enter Sandbox: Android Sandbox Comparison. In Proceedings of the IEEE Mobile Security Technologies Workshop (MoST). IEEE. http://hdl.handle.net/20.500.12708/55124
-
Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images
/
Platzer, C., Stuetz, M., & Lindorfer, M. (2014). Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images. In Proceedings of the 2nd international workshop on Security and forensics in communication systems - SFCS ’14. IEEE. https://doi.org/10.1145/2598918.2598920
Project: SysSec (2010–2014) -
AndRadar: Fast Discovery of Android Applications in Alternative Markets
/
Lindorfer, M., Volanis, S., Sisto, A., Neugschwandtner, M., Athanasopoulos, E., Maggi, F., Platzer, C., Zanero, S., & Ioannidis, S. (2014). AndRadar: Fast Discovery of Android Applications in Alternative Markets. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 51–71). Springer. https://doi.org/10.1007/978-3-319-08509-8_4
Project: SysSec (2010–2014) - Provably Sound Browser-Based Enforcement of Web Session Integrity / Calzavara, S., Focardi, R., Khan, W., & Tempesta, M. (2014). Provably Sound Browser-Based Enforcement of Web Session Integrity. In 2014 IEEE 27th Computer Security Foundations Symposium. IEEE Computer Society. https://doi.org/10.1109/csf.2014.33
2013
- POSTER: Cross-Platform Malware: Write Once, Infect Everywhere / Lindorfer, M., Neumayr, M., Caballero, J., & Platzer, C. (2013). POSTER: Cross-Platform Malware: Write Once, Infect Everywhere. In ACM Conference on Computer and Communications Security (CCS). ACM Conference on Computer and Communications Security (CCS), Washington, USA, Non-EU. http://hdl.handle.net/20.500.12708/54855
- Take a Bite - Finding the Worm in the Apple / Lindorfer, M., Miller, B., Neugschwandtner, M., & Platzer, C. (2013). Take a Bite - Finding the Worm in the Apple. In International Conference on Information, Communications and Signal Processing (ICICS). IEEE. http://hdl.handle.net/20.500.12708/54856
- A View to a Kill: WebView Exploitation / Neugschwandtner, M., Lindorfer, M., & Platzer, C. (2013). A View to a Kill: WebView Exploitation. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX. http://hdl.handle.net/20.500.12708/54854
2012
- Lines of Malicious Code: Insights Into the Malicious Software Industry / Lindorfer, M., Di Federico, A., Maggi, F., Milani Comparetti, P., & Zanero, S. (2012). Lines of Malicious Code: Insights Into the Malicious Software Industry. In Proceedings of the 28th Annual Computer Security Applications Conference (pp. 349–358). ACM. http://hdl.handle.net/20.500.12708/54349
2011
-
Detecting Environment-Sensitive Malware
/
Lindorfer, M., Kolbitsch, C., & Milani Comparetti, P. (2011). Detecting Environment-Sensitive Malware. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (2011). Springer. http://hdl.handle.net/20.500.12708/54010
Projects: icode (2010–2012) / SysSec (2010–2014) / TRUDIE (2009–2012)
Theses
2024
-
Identifying frameworks in android applications using binary code function similarity
/
Zeier, Y. (2024). Identifying frameworks in android applications using binary code function similarity [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.117246
Download: PDF (1.07 MB) -
Detecting Bot Wallets on the Ethereum Blockchain
/
Niedermayer, T. (2024). Detecting Bot Wallets on the Ethereum Blockchain [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.106562
Download: PDF (3.26 MB) -
Formalization of bitcoin off-chain protocols in F*
/
Zikulnig, A. M. (2024). Formalization of bitcoin off-chain protocols in F* [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.113647
Download: PDF (1.38 MB) -
WebAPISpec: An extensible, machine checked model of secure browser specifications
/
Lee, A. (2024). WebAPISpec: An extensible, machine checked model of secure browser specifications [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.119447
Download: PDF (660 KB) -
Bridging realms: Analyzing app-to-web Interactions in IABs
/
Beer, P. (2024). Bridging realms: Analyzing app-to-web Interactions in IABs [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.118621
Download: PDF (1.23 MB) -
Foundations of Adaptor Signatures for Distributed Ledger Protocols
/
Tairi, E. (2024). Foundations of Adaptor Signatures for Distributed Ledger Protocols [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.123264
Download: PDF (2.67 MB) -
Increasing Efficiency and Flexibility in Post-Quantum Cryptography
/
Cini, V. (2024). Increasing Efficiency and Flexibility in Post-Quantum Cryptography [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.121300
Download: PDF (2.95 MB) -
Foundations of Bitcoin-Compatible Scalability Protocols
/
Aumayr, L. (2024). Foundations of Bitcoin-Compatible Scalability Protocols [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.122127
Download: PDF (5.09 MB)
2023
-
Security analysis of WebViews in cross-plattform mobile frameworks
/
Sattlegger, P. F. (2023). Security analysis of WebViews in cross-plattform mobile frameworks [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.115825
Download: PDF (1.19 MB) -
Post-quantum cryptography in OpenPGP
/
Wussler, A. (2023). Post-quantum cryptography in OpenPGP [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.106226
Download: PDF (1.38 MB) -
On the impossbility of proving security of equivalence class signatures from computational assumptions
/
Regen, F. (2023). On the impossbility of proving security of equivalence class signatures from computational assumptions [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.116107
Download: PDF (502 KB) -
Security and privacy concerns in shared configuration repositories
/
Jungwirth, G. (2023). Security and privacy concerns in shared configuration repositories [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.94601
Download: PDF (933 KB) -
How to simulate PLONK: A formal security analysis of a zk-SNARK
/
Sefranek, M. (2023). How to simulate PLONK: A formal security analysis of a zk-SNARK [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.111120
Download: PDF (961 KB)
2022
-
Tracing android apps based on ART ahead-of-time compilation profiles from Google Play
/
Burtscher, L. (2022). Tracing android apps based on ART ahead-of-time compilation profiles from Google Play [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.90745
Download: PDF (1.22 MB) -
Android vs. iOS: : security of mobile Deep Links
/
Steinböck, M. (2022). Android vs. iOS: : security of mobile Deep Links [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.93327
Download: PDF (2.15 MB) -
Curious apps: Large-scale detection of apps scanning your local network
/
Hager, P. T. (2022). Curious apps: Large-scale detection of apps scanning your local network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.98764
Download: PDF (1.35 MB) -
A systematic investigation of illicit money flows in the DeFi ecosystem
/
Luzian, S. (2022). A systematic investigation of illicit money flows in the DeFi ecosystem [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.106121
Download: PDF (2.61 MB) -
Tracing cryptoassets across chains: An empirical analysis of the Terra network
/
Haimerl, N. (2022). Tracing cryptoassets across chains: An empirical analysis of the Terra network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.103500
Download: PDF (2.27 MB) -
Sound cross-contract reachability analysis of ethereum smart contracts
/
Schweighofer, M. (2022). Sound cross-contract reachability analysis of ethereum smart contracts [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.95282
Download: PDF (1.99 MB) -
Non-Linear reasoning in the superposition calculus
/
Lackner, A. (2022). Non-Linear reasoning in the superposition calculus [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.90765
Download: PDF (734 KB)
2021
-
Large-scale Static Analysis of PII Leakage in IoT Companion Apps
/
Schmidt, D. (2021). Large-scale Static Analysis of PII Leakage in IoT Companion Apps [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.86548
Download: PDF (2.16 MB) -
Dynamic iOS privacy analysis: Verifying App Store privacy labels
/
Jirout, T. W. (2021). Dynamic iOS privacy analysis: Verifying App Store privacy labels [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.92880
Download: PDF (1.51 MB) -
Analysis of decentralized mixing services in the greater bitcoin ecosystem
/
Stockinger, J. (2021). Analysis of decentralized mixing services in the greater bitcoin ecosystem [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87269
Download: PDF (1.89 MB) -
Adaptor signature based atomic swaps between bitcoin and a mimblewimble based cryptocurrency
/
Abfalter, J. (2021). Adaptor signature based atomic swaps between bitcoin and a mimblewimble based cryptocurrency [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.77663
Download: PDF (1.17 MB) -
Foundations for the security analysis of distributed blockchain applications
/
Schneidewind, C. (2021). Foundations for the security analysis of distributed blockchain applications [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.91204
Download: PDF (3.53 MB) -
Static and dynamic enforcement of security via relational reasoning
/
Grimm, N. (2021). Static and dynamic enforcement of security via relational reasoning [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.90710
Download: PDF (2.93 MB) -
Static analysis of low-level code
/
Grishchenko, I. (2021). Static analysis of low-level code [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87563
Download: PDF (2.4 MB)
2020
-
Detecting neural network functions in binaries based on syntactic features
/
Aschl, G. (2020). Detecting neural network functions in binaries based on syntactic features [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.66352
Download: PDF (2.41 MB) -
Privacy preserving authenticated Kkey exchange : Modelling, constructions, proofs and formal verification : Modellierung, Konstruktionen, Beweise und Verification
/
Weninger, A. J. (2020). Privacy preserving authenticated Kkey exchange : Modelling, constructions, proofs and formal verification : Modellierung, Konstruktionen, Beweise und Verification [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87263
Download: PDF (1020 KB) -
Payment channel network analysis with focus on lightning network
/
Holzer, P. (2020). Payment channel network analysis with focus on lightning network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.75260
Download: PDF (3.04 MB)
2019
-
Static analysis of eWASM contracts
/
Schwarz, A. (2019). Static analysis of eWASM contracts [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.72720
Download: PDF (884 KB)
2018
-
Theoretische und praktische Smart Contracts - Realisierung eines Investmentfonds
/
Schneider, J. F. (2018). Theoretische und praktische Smart Contracts - Realisierung eines Investmentfonds [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2018.55468
Download: PDF (980 KB)
2016
-
Parallelizing the commutation property for functions over small domains
/
Scherer, M. (2016). Parallelizing the commutation property for functions over small domains [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2016.36321
Download: PDF (708 KB)
2015
-
Current state of browser extension security and extension-based malware
/
Neumayr, M. (2015). Current state of browser extension security and extension-based malware [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2015.24755
Download: PDF (742 KB) -
Malware through the looking glass : malware analysis in an evolving threat landscape
/
Lindorfer, M. (2015). Malware through the looking glass : malware analysis in an evolving threat landscape [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2015.35065
Download: PDF (2.89 MB)
2011
-
Detecting environment-sensitive malware
/
Lindorfer, M. (2011). Detecting environment-sensitive malware [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-40430
Download: PDF (1.06 MB)
And more…
Soon, this page will include additional information such as reference projects, conferences, events, and other research activities.
Until then, please visit Security and Privacy’s research profile in TISS .