2024W

• Attacks and Defenses in Computer Security / 192.111 / UE
• Bachelor Thesis / 192.061 / PR
• Cryptocurrencies / 192.065 / VU
• Foundations of System and Application Security / 192.044 / VU
• Introduction to Cryptography / 192.125 / VU
• Introduction to Logical Methods in Computer Science / 184.766 / VO
• Introduction to Programming 1 / 185.A91 / VU
• Orientation Bachelor with Honors of Informatics and Business Informatics / 180.767 / SE
• Project in Computer Science 1 / 192.021 / PR
• Project in Computer Science 2 / 192.022 / PR
• Research Seminar LogiCS / 184.767 / SE
• Seminar for Master Students in Logic and Computation / 180.773 / SE
• Seminar for PhD Students / 192.060 / SE
• Sustainability in Computer Science / 194.155 / VU

2025S

• Advanced Cryptography / 192.115 / VU
• Bachelor Thesis / 192.061 / PR
• Bug Bounty Program of TU Wien / 193.145 / UE
• Crypto Asset Analytics / 192.080 / VU
• Digital Humanism for Doctoral Students / 194.178 / VU
• Formal Methods for Security and Privacy / 192.059 / VU
• Fundamentals of Security and Privacy / 191.124 / VU
• Introduction to Logical Methods in Computer Science / 184.766 / VO
• Introduction to Security / 192.019 / VU
• Orientation Bachelor with Honors of Informatics and Business Informatics / 180.767 / SE
• Project in Computer Science 1 / 192.021 / PR
• Project in Computer Science 2 / 192.022 / PR
• Research Seminar LogiCS / 184.767 / SE
• Scientific Research and Writing / 193.052 / SE
• Selected Topics in Information Security / 188.985 / VU
• Seminar for Master Students in Logic and Computation / 180.773 / SE
• Seminar for PhD Students / 192.060 / SE
• Symmetric Cryptography / 192.124 / VU

• Formal Methods for Secure Blockchain-Oriented Programming
  2025 – 2030 / European Commission
• Building Robust and Explainable AI-based Defenses for Computer Security
  2024 – 2030 / Vienna Science and Technology Fund (WWTF)
• Ark – novel Bitcoin layer-2 protocol
  2024 – 2025 / AKRLabs OÜ
• Effective Formal Methods for Smart-Contract Certification
  2023 – 2027 / Vienna Science and Technology Fund (WWTF)
  Publications: 192933 / 199514 / 199522 / 203882 / 203672 / 202379 / 203892 / 204116 / 205356 / 205513 / 209749 / 209750 / 210852 / 209910
• Scalable, Private, and Interoperable Layer 2
  2023 – 2027 / Vienna Science and Technology Fund (WWTF)
  Publications: 204483 / 204345 / 209770
• Fixing the Broken Bridge Between Mobile Apps and the Web
  2023 – 2027 / Vienna Science and Technology Fund (WWTF)
  Publications: 191166 / 191151 / 203681 / 203809 / 204362
• Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design
  2023 – 2026 / Austrian Science Fund (FWF)
  Publications: 189688 / 190634 / 190025 / 193102 / 192933 / 193926 / 192946 / 193074 / 195542 / 199514 / 199522 / 200038 / 200888 / 200903 / 200896 / 200893 / 202379 / 202600 / 203695 / 203892 / 203814 / 203816 / 204116 / 204344 / 204483 / 204345 / 209724 / 208024 / 209749 / 209750 / 210852 / 209910 / 209770 / 211021
• A Composable Rational Framework for Blockchain Systems
  2022 – 2025 / Austrian Science Fund (FWF)
  Publications: 150285 / 191199 / 190025 / 190616 / 190619 / 191168 / 200038 / 204344 / 204483 / 204345 / 209770
• Distributed Ledger Development and Implementation
  2022 – 2024 / ABC Research GmbH
  Publications: 204116 / 209770
• Cryptographic Foundations of Privacy in Distributed Ledgers
  2020 – 2027 / Vienna Science and Technology Fund (WWTF)
  Publications: 142523 / 139748 / 142534 / 150318 / 153193 / 200888 / 200903 / 200896 / 200893 / 208024
• Security and Privacy Foundations of Blockchain Technologies
  2020 – 2026 / SBA Research gemeinnützige GmbH
  Publications: 190633 / 190031 / 190032 / 194425 / 192610 / 192677 / 192585 / 204116 / 204362
• Blockchain Technologies for the Internet of Things
  2020 – 2025 / Christian Doppler Research Association (CDG)
  Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 175654 / 154428 / 158188 / 171624 / 177467 / 190648 / 189835 / 190192 / 189792 / 189878 / 190025 / 192610 / 190685 / 192166 / 200038 / 203892 / 204116 / 209770
• IoTIO: Analyzing and Understanding the Internet of Insecure Things
  2020 – 2025 / Vienna Science and Technology Fund (WWTF)
  Publications: 150264 / 175968 / 176906 / 190633 / 190031 / 193214 / 190032 / 194425 / 191166 / 203681 / 203927 / 203692 / 203809 / 203668 / 203804 / 203812 / 78069 / 58517 / 80253
• Vienna Cybersecurity and Privacy Research Center
  2019 – 2023 / Vienna Business Agency (WAW)
  Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 152950 / 152954 / 175654 / 150285 / 150314 / 191199 / 177467 / 191198 / 190648 / 189835 / 190192 / 189792 / 189878 / 192610 / 191151 / 190685
• Cryptographic Foundations for Future-proof Internet Security
  2019 – 2023 / Austrian Science Fund (FWF)
  Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 152950 / 152954 / 175654 / 154428 / 153177 / 177467 / 190648 / 189835 / 190192 / 189792 / 189878 / 192610 / 193565 / 193570 / 190685 / 190687
• Security and Privacy for Payment-Channel Networks
  2019 – 2020 / Austrian Science Fund (FWF)
• Foundations and Tools for Client-Side Web Security
  2018 – 2024 / European Research Council (ERC)
  Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 152950 / 152954 / 175654 / 154428 / 150314 / 153177 / 177467 / 191198 / 190648 / 189835 / 190192 / 189792 / 189878 / 190025 / 192610 / 191151 / 190685 / 203681 / 200038 / 202379 / 203892 / 204116 / 204362 / 209770
• Privacy-Preserving Regulatory Technologies for Distributed Ledger Technologies
  2018 – 2021 / Austrian Research Promotion Agency (FFG)
  Publications: 139862 / 152968 / 152950 / 152954 / 153177 / 190192 / 189792 / 209770
• Scalability for Lightning Networks
  2018 – 2020 / Chaincode Labs Inc
• Ethertrust - Trustworthy smart contracts
  2018 – 2019 / netidee.at
  Publication: 153177

2024

• On Security Proofs of Existing Equivalence Class Signature Schemes / Bauer, B., Fuchsbauer, G., & Regen, F. (2024). On Security Proofs of Existing Equivalence Class Signature Schemes. In K.-M. Chung & Y. Sakaki (Eds.), Advances in Cryptology – ASIACRYPT 2024 : 30th International Conference on the Theory and Application of Cryptology and Information Security, Kolkata, India, December 9–13, 2024, Proceedings, Part II (pp. 3–37). Springer. https://doi.org/10.1007/978-981-96-0888-1_1
  Projects: COnFIDE (2020–2027) / SFB SPyCoDe (2023–2026)
• Securing Lightning Channels against Rational Miners / Aumayr, L., Avarikioti, Z., Maffei, M., & Mazumdar, S. (2024). Securing Lightning Channels against Rational Miners. In B. Luo, X. Liao, & J. Xu (Eds.), Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (pp. 393–407). https://doi.org/10.1145/3658644.3670373
  Download: Paper (1.21 MB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / CoRaF (2022–2025) / DLDaI (2022–2024) / PR4DLT (2018–2021) / SCALE2 (2023–2027) / SFB SPyCoDe (2023–2026)
• Pitfalls in Machine Learning for Computer Security / Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., & Rieck, K. (2024). Pitfalls in Machine Learning for Computer Security. Communications of the ACM, 67(11), 104–112. https://doi.org/10.1145/3643456
  Download: Artikel (1.17 MB)
• How (Not) to Simulate PLONK / Sefranek, M. (2024). How (Not) to Simulate PLONK. In Security and Cryptography for Networks (pp. 96–117). https://doi.org/10.1007/978-3-031-71070-4_5
  Projects: COnFIDE (2020–2027) / SFB SPyCoDe (2023–2026)
• Are You Sure You Want To Do Coordinated Vulnerability Disclosure? / Chen, T.-H., Tagliaro, C., Lindorfer, M., Borgolte, K., & van der Ham-de Vos, J. (2024). Are You Sure You Want To Do Coordinated Vulnerability Disclosure? In 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 307–314). https://doi.org/10.1109/EuroSPW61312.2024.00039
  Project: IoTIO (2020–2025)
• Distillation based Robustness Verification with PAC Guarantees / Indri, P., Blohm, P., Athavale, A., Bartocci, E., Weissenbacher, G., Maffei, M., Nickovic, D., Gärtner, T., & Malhotra, S. (2024). Distillation based Robustness Verification with PAC Guarantees. In International Conference on Machine Learning 2024 - Next Generation of AI Safety Workshop. International Conference on Machine Learning 2024 - Next Generation of AI Safety Workshop, Vienna, Austria. http://hdl.handle.net/20.500.12708/200890
• Concurrently Secure Blind Schnorr Signatures / Fuchsbauer, G., & Wolf, M. (2024). Concurrently Secure Blind Schnorr Signatures. In Advances in Cryptology – EUROCRYPT 2024 (pp. 124–160). https://doi.org/10.1007/978-3-031-58723-8_5
  Projects: COnFIDE (2020–2027) / SFB SPyCoDe (2023–2026)
• Updatable Public-Key Encryption, Revisited / Alwen, J., Fuchsbauer, G., & Mularczyk, M. (2024). Updatable Public-Key Encryption, Revisited. In Advances in Cryptology – EUROCRYPT 2024 (pp. 346–376). https://doi.org/10.1007/978-3-031-58754-2_13
  Projects: COnFIDE (2020–2027) / SFB SPyCoDe (2023–2026)
• On Proving Equivalence Class Signatures Secure from Non-interactive Assumptions / Bauer, B., Fuchsbauer, G., & Regen, F. (2024). On Proving Equivalence Class Signatures Secure from Non-interactive Assumptions. In Public-Key Cryptography – PKC 2024 (pp. 3–36). https://doi.org/10.1007/978-3-031-57718-5_1
  Projects: COnFIDE (2020–2027) / SFB SPyCoDe (2023–2026)
• The COLM Authenticated Encryption Scheme / Andreeva, E., Bogdanov, A., Datta, N., Luykx, A., Mennink, B., Nandi, M., Tischhauser, E., & Yasuda, K. (2024). The COLM Authenticated Encryption Scheme. Journal of Cryptology, 37, Article 15. https://doi.org/10.1007/s00145-024-09492-8
• A TPRF-based pseudo-random number generator / Andreeva, E., & Weninger, A. (2024). A TPRF-based pseudo-random number generator. Journal of Surveillance, Security and Safety, 5, 36–51. https://doi.org/10.20517/jsss.2023.45
  Project: SFB SPyCoDe (2023–2026)
• Verifying Global Two-Safety Properties in Neural Networks with Confidence / Athavale, A., Bartocci, E., Christakis, M., Maffei, M., Ničković, D., & Weissenbacher, G. (2024). Verifying Global Two-Safety Properties in Neural Networks with Confidence. In A. Gurfinkel & V. Ganesh (Eds.), Computer Aided Verification (pp. 329–351). Springer. https://doi.org/10.1007/978-3-031-65630-9_17
  Projects: Browsec (2018–2024) / ForSmart (2023–2027) / ProbInG (2020–2025) / SFB SPyCoDe (2023–2026) / TAIGER (2023–2027)
• Musketeer: Incentive-Compatible Rebalancing for Payment Channel Networks / Avarikioti, Z., Schmid, S., & Tiwari, S. (2024). Musketeer: Incentive-Compatible Rebalancing for Payment Channel Networks. In R. Böhme & L. Kiffer (Eds.), 6th Conference on Advances in Financial Technologies (AFT 2024) (pp. 1–22). https://doi.org/10.4230/LIPIcs.AFT.2024.13
  Download: Paper Published Version (1.01 MB)
  Projects: CoRaF (2022–2025) / SCALE2 (2023–2027) / SFB SPyCoDe (2023–2026)
• On Efficient and Secure Compression Functions for Arithmetization-Oriented Hashing / Andreeva, E., Bhattacharyya, R., Roy, A., & Trevisani, S. (2024). On Efficient and Secure Compression Functions for Arithmetization-Oriented Hashing. In 2024 IEEE 37th Computer Security Foundations Symposium (CSF) (pp. 1–16). https://doi.org/10.1109/CSF61375.2024.00045
  Project: SFB SPyCoDe (2023–2026)
• Skye: An Expanding PRF based Fast KDF and its Applications / Bhati, A. S., Dufka, A., Andreeva, E., Roy, A., & Preneel, B. (2024). Skye: An Expanding PRF based Fast KDF and its Applications. In ASIA CCS ’24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (pp. 1082–1098). https://doi.org/10.1145/3634737.3637673
  Project: SFB SPyCoDe (2023–2026)
• Masked Iterate-Fork-Iterate: A New Design Paradigm for Tweakable Expanding Pseudorandom Function / Andreeva, E., Cogliati, B., Lallemand, V., Minier, M., Purnal, A., & Roy, A. (2024). Masked Iterate-Fork-Iterate: A New Design Paradigm for Tweakable Expanding Pseudorandom Function. In C. Pöpper & L. Batina (Eds.), Applied Cryptography and Network Security (pp. 433–459). Springer, Cham. https://doi.org/10.1007/978-3-031-54773-7_17
  Project: SFB SPyCoDe (2023–2026)
• Route Discovery in Private Payment Channel Networks / Avarikioti, G., Bastankhah, M., Maddah-Ali, M. A., Pietrzak, K., Svoboda, J., & Yeo, M. (2024). Route Discovery in Private Payment Channel Networks. In DPM & CBT 2024 Pre-proceedings (pp. 195–211). http://hdl.handle.net/20.500.12708/210627
• Tabbed Out: Subverting the Android Custom Tab Security Model / Beer, P., Squarcina, M., Veronese, L., & Lindorfer, M. (2024). Tabbed Out: Subverting the Android Custom Tab Security Model. In 2024 IEEE Symposium on Security and Privacy (SP) (pp. 4591–4609). https://doi.org/10.1109/SP54263.2024.00105
  Projects: Browsec (2018–2024) / IoTIO (2020–2025) / W4MP (2023–2027)
• Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols / Tagliaro, C., Komsic, M., Continella, A., Borgolte, K., & Lindorfer, M. (2024). Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols. In RAID ’24: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses (pp. 561–578). https://doi.org/10.1145/3678890.3678899
  Download: PDF (1010 KB)
  Project: IoTIO (2020–2025)
• Optimizing Virtual Payment Channel Establishment in the Face of On-Path Adversaries / Aumayr, L., Ceylan, E., Kopyciok, Y., Maffei, M., Moreno-Sanchez, P., Salem, I., & Schmid, S. (2024). Optimizing Virtual Payment Channel Establishment in the Face of On-Path Adversaries. In Proceedings 2024 IFIP Networking Conference (IFIP Networking) (pp. 1–10). https://doi.org/10.23919/IFIPNetworking62109.2024.10619889
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / CoRaF (2022–2025) / SFB SPyCoDe (2023–2026)
• (Inner-product) functional encryption with updatable ciphertexts / Cini, V., Ramacher, S., Slamanig, D., Striecks, C., & Tairi, E. (2024). (Inner-product) functional encryption with updatable ciphertexts. Journal of Cryptology, 37, Article 8. https://doi.org/10.1007/s00145-023-09486-y
  Download: PDF (657 KB)
  Project: PROFET (2019–2023)
• Exploring the Malicious Document Threat Landscape: Towards a Systematic Approach to Detection and Analysis / Saha, A., Blasco Alís, J., & Lindorfer, M. (2024). Exploring the Malicious Document Threat Landscape: Towards a Systematic Approach to Detection and Analysis. In 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 533–544). https://doi.org/10.1109/EuroSPW61312.2024.00065
• Bribe & Fork: Cheap PCN Bribing Attacks via Forking Threat / Avarikioti, Z., Kędzior, P., Lizurej, T., & Michalak, T. (2024). Bribe & Fork: Cheap PCN Bribing Attacks via Forking Threat. In R. Böhme & L. Kiffer (Eds.), 6th Conference on Advances in Financial Technologies (AFT 2024) (pp. 1–22). https://doi.org/10.4230/LIPIcs.AFT.2024.11
  Projects: CoRaF (2022–2025) / SFB SPyCoDe (2023–2026)
• Trust Me If You Can - How Usable Is Trusted Types In Practice? / Roth, S., Gröber, L., Baus, P., Krombholz, K., & Stock, B. (2024). Trust Me If You Can - How Usable Is Trusted Types In Practice? In 33rd USENIX Security Symposium (USENIX Security 24) (pp. 6003–6020). http://hdl.handle.net/20.500.12708/203698
• Wappler: Sound Reachability Analysis for WebAssembly / Scherer, M., Blaabjerg, J. F., Sjösten, A., Solitro, M. M., & Maffei, M. (2024). Wappler: Sound Reachability Analysis for WebAssembly. In L. O’Conner & P. Kellenberger (Eds.), 2024 IEEE 37th Computer Security Foundations Symposium (CSF) (pp. 249–264). https://doi.org/10.1109/CSF61375.2024.00025
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / ForSmart (2023–2027) / SFB SPyCoDe (2023–2026)
• Web Platform Threats: Automated Detection of Web Security Issues With WPT / Bernardo, P., Veronese, L., DALLA VALLE, V., Calzavara, S., Squarcina, M., Adão, P., & Maffei, M. (2024). Web Platform Threats: Automated Detection of Web Security Issues With WPT. In Proceedings of the 33rd USENIX Security Symposium (pp. 757–774). http://hdl.handle.net/20.500.12708/204362
  Projects: Browsec (2018–2024) / SPFBT (2020–2026) / W4MP (2023–2027)
• Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy Research / Hantke, F., Roth, S., Mrowczynski, R., Utz, C., & Stock, B. (2024). Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy Research. In 2024 IEEE Symposium on Security and Privacy (S&P) (pp. 4405–4423). https://doi.org/10.1109/SP54263.2024.00104
• OAE-RUP: A Strong Online AEAD Security Notion and Its Application to SAEF / Bhati, A. S., Andreeva, E., & Vizár, D. (2024). OAE-RUP: A Strong Online AEAD Security Notion and Its Application to SAEF. In Security and Cryptography for Networks (pp. 117–139). Springer. https://doi.org/10.1007/978-3-031-71073-5_6
• Brief Announcement: Musketeer - Incentive-Compatible Rebalancing for Payment Channel Networks / Avarikioti, Z., Schmid, S., & Tiwari, S. (2024). Brief Announcement: Musketeer - Incentive-Compatible Rebalancing for Payment Channel Networks. In PODC ’24: Proceedings of the 43rd ACM Symposium on Principles of Distributed Computing (pp. 306–309). https://doi.org/10.1145/3662158.3662809
  Projects: CoRaF (2022–2025) / SCALE2 (2023–2027) / SFB SPyCoDe (2023–2026)
• Message from General Chairs; EuroSP 2024 / Weippl, E., & Maffei, M. (2024). Message from General Chairs; EuroSP 2024. In 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 9th IEEE European Symposium on Security and Privacy Workshops (EUROS&PW 2024), Wien, Austria. https://doi.org/10.1109/EuroSPW61312.2024.00005
• CryptoVampire: Automated Reasoning for the Complete Symbolic Attacker Cryptographic Model / Jeanteur, S., Kovács, L., Maffei, M., & Rawson, M. (2024). CryptoVampire: Automated Reasoning for the Complete Symbolic Attacker Cryptographic Model. In 2024 IEEE Symposium on Security and Privacy (SP) (pp. 3165–3183). IEEE. https://doi.org/10.1109/SP54263.2024.00246
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / DLDaI (2022–2024) / ForSmart (2023–2027) / SFB SPyCoDe (2023–2026) / SPFBT (2020–2026)
• Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform Analyses / Steinböck, M., Bleier, J., Rainer, M., Urban, T., Utz, C., & Lindorfer, M. (2024). Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform Analyses. In MSR ’24: Proceedings of the 21st International Conference on Mining Software Repositories (pp. 348–360). https://doi.org/10.1145/3643991.3644896
  Download: PDF (780 KB)
  Projects: IoTIO (2020–2025) / W4MP (2023–2027)
• ADAPT it! Automating APT Campaign and Group Attribution by Leveraging and Linking Heterogeneous Files / Saha, A., Blasco, J., Cavallaro, L., & Lindorfer, M. (2024). ADAPT it! Automating APT Campaign and Group Attribution by Leveraging and Linking Heterogeneous Files. In RAID ’24: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses (pp. 114–129). Association for Computing Machinery. https://doi.org/10.1145/3678890.3678909
  Download: PDF (966 KB)
  Project: IoTIO (2020–2025)
• C2Miner: Tricking IoT Malware into Revealing Live Command & Control Servers / Davanian, A., Faloutsos, M., & Lindorfer, M. (2024). C2Miner: Tricking IoT Malware into Revealing Live Command & Control Servers. In ASIA CCS ’24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (pp. 112–127). https://doi.org/10.1145/3634737.3644992
  Download: PDF (928 KB)
  Project: IoTIO (2020–2025)

2023

• The Threat of Surveillance and the Need for Privacy Protections / Lindorfer, M. (2023). The Threat of Surveillance and the Need for Privacy Protections. In H. Werthner, C. Ghezzi, J. Kramer, J. Nida-Rümelin, B. Nuseibeh, E. Prem, & A. Stanger (Eds.), Introduction to Digital Humanism : A Textbook (pp. 593–609). Springer. https://doi.org/10.1007/978-3-031-45304-5_37
  Download: PDF (576 KB)
• A blockchain-based IoT data marketplace / Sober, M., Scaffino, G., Schulte, S., & Kanhere, S. S. (2023). A blockchain-based IoT data marketplace. CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS, 26(6), 3523–3545. https://doi.org/10.1007/s10586-022-03745-6
  Download: Artikel (662 KB)
  Project: CDL-BOT (2020–2025)
• Optimizing 0-RTT Key Exchange with Full Forward Security / Göth, C., Ramacher, S., Slamanig, D., Striecks, C., Tairi, E., & Zikulnig, A. (2023). Optimizing 0-RTT Key Exchange with Full Forward Security. In CCSW ’23: Proceedings of the 2023 on Cloud Computing Security Workshop (pp. 55–68). Association for Computing Machinery (ACM). https://doi.org/10.1145/3605763.3625246
  Download: PDF (1.12 MB)
  Project: PROFET (2019–2023)
• LedgerLocks: A Security Framework for Blockchain Protocols Based on Adaptor Signatures / Tairi, E., Moreno-Sanchez, P., & Schneidewind, C. (2023). LedgerLocks: A Security Framework for Blockchain Protocols Based on Adaptor Signatures. In CCS ’23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 859–873). Association for Computing Machinery. https://doi.org/10.1145/3576915.3623149
  Download: PDF (15.4 MB)
  Project: PROFET (2019–2023)
• Let's Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation / Bhati, A. S., Pohle, E., Abidin, A., Andreeva, E., & Preneel, B. (2023). Let’s Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation. In CCS ’23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 2546–2560). Association for Computing Machinery. https://doi.org/10.1145/3576915.3623091
• IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis / Schmidt, D., Tagliaro, C., Borgolte, K., & Lindorfer, M. (2023). IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis. In CCS ’23: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (pp. 681–695). Association for Computing Machinery. https://doi.org/10.1145/3576915.3623211
  Download: PDF (1.26 MB)
  Projects: IoTIO (2020–2025) / W4MP (2023–2027)
• Cookie Crumbles: Breaking and Fixing Web Session Integrity / Squarcina, M., Adão, P., Lorenzo Veronese, & Matteo Maffei. (2023). Cookie Crumbles: Breaking and Fixing Web Session Integrity. In J. Calandrino & C. Troncoso (Eds.), SEC ’23: Proceedings of the 32nd USENIX Conference on Security Symposium (pp. 5539–5556). USENIX Association. https://doi.org/10.34726/5329
  Downloads: Paper (1020 KB) / Appendix Paper (342 KB) / Slides (2.54 MB)
  Projects: Browsec (2018–2024) / ViSP (2019–2023) / W4MP (2023–2027)
• Virtual Payment Channel Networks in Cryptocurrencies / Aumayr, L. (2023, October 12). Virtual Payment Channel Networks in Cryptocurrencies [Presentation]. Lunchtime Seminar, Universität Innsbruck, Austria.
• Chrisimos: A useful Proof-of-Work for finding Minimal Dominating Set of a graph / Chatterjee, D., Banerjee, P., & Mazumdar, S. (2023). Chrisimos: A useful Proof-of-Work for finding Minimal Dominating Set of a graph. arXiv. https://doi.org/10.34726/5301
  Download: PDF (515 KB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023)
• Breaking and Fixing Virtual Channels: Domino Attack and Donner / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2023, September 6). Breaking and Fixing Virtual Channels: Domino Attack and Donner [Presentation]. VISA Research - external research talks, Palo Alto, United States of America (the). http://hdl.handle.net/20.500.12708/192610
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / SPFBT (2020–2026) / ViSP (2019–2023)
• Sleepy Channels: Bitcoin-Compatible Bi-directional Payment Channels without Watchtowers / Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2023, August 30). Sleepy Channels: Bitcoin-Compatible Bi-directional Payment Channels without Watchtowers [Conference Presentation]. The Science of Blockchain Conference 2023, Stanford, United States of America (the). http://hdl.handle.net/20.500.12708/189835
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Thora: Atomic and Privacy-Preserving Multi-Channel Updates / Aumayr, L., Abbaszadeh, K., & Maffei, M. (2023, August 30). Thora: Atomic and Privacy-Preserving Multi-Channel Updates [Conference Presentation]. The Science of Blockchain Conference 2023 (SBC’23), Stanford University, United States of America (the). http://hdl.handle.net/20.500.12708/190192
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Glimpse: On-Demand PoW Light Client with Constant-Size Storage for DeFi / Scaffino, G., Aumayr, L., Avarikioti, G., & Maffei, M. (2023). Glimpse: On-Demand PoW Light Client with Constant-Size Storage for DeFi. In Proceedings of the 32nd USENIX Security Symposium (pp. 733–750).
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / CoRaF (2022–2025) / SFB SPyCoDe (2023–2026)
• Connecting the .dotfiles: Checked-In Secret Exposure with Extra (Lateral Movement) Steps / Jungwirth, G., Saha, A., Schröder, M., Fiebig, T., Lindorfer, M., & Cito, J. (2023). Connecting the .dotfiles: Checked-In Secret Exposure with Extra (Lateral Movement) Steps. In IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) (pp. 322–333). https://doi.org/10.1109/MSR59073.2023.00051
  Project: IoTIO (2020–2025)
• Not Your Average App: A Large-scale Privacy Analysis of Android Browsers / Pradeep, A., Feal, Á., Gamba, J., Rao, A., Lindorfer, M., Vallina-Rodriguez, N., & Choffnes, D. (2023). Not Your Average App: A Large-scale Privacy Analysis of Android Browsers. In M. L. Mazurek & M. Sherr (Eds.), Proceedings on Privacy Enhancing Technologies Symposium 2023 (pp. 29–46). https://doi.org/10.56553/popets-2023-0003
  Download: PDF (2.72 MB)
  Projects: IoTIO (2020–2025) / SPFBT (2020–2026)
• Heads in the Clouds? Measuring Universities’ Migration to Public Clouds: Implications for Privacy & Academic Freedom / Fiebig, T., Gürses, S., Hernández Gañán, C., Kotkamp, E., Kuipers, F., Lindorfer, M., Prisse, M., & Sari, T. (2023). Heads in the Clouds? Measuring Universities’ Migration to Public Clouds: Implications for Privacy & Academic Freedom. In M. L. Mazurek & M. Sherr (Eds.), Proceedings on Privacy Enhancing Technologies (pp. 117–150). De Gruyter Open / Sciendo. https://doi.org/10.56553/popets-2023-0044
  Download: PDF (6.58 MB)
• Distributed Key Generation with Smart Contracts using zk-SNARKs / Sober, M., Max Kobelt, Scaffino, G., Kaaser, D., & Schulte, S. (2023). Distributed Key Generation with Smart Contracts using zk-SNARKs. In SAC ’23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing (pp. 231–240). Association for Computing Machinery. https://doi.org/10.34726/4523
  Download: PDF (582 KB)
• Of Ahead Time: Evaluating Disassembly of Android Apps Compiled to Binary OATs Through the ART / Bleier, J., & Lindorfer, M. (2023). Of Ahead Time: Evaluating Disassembly of Android Apps Compiled to Binary OATs Through the ART. In J. Polakis & E. van der Kouwe (Eds.), EUROSEC ’23: Proceedings of the 16th European Workshop on System Security (pp. 21–29). https://doi.org/10.1145/3578357.3591219
  Download: PDF (2.39 MB)
  Projects: IoTIO (2020–2025) / SPFBT (2020–2026)
• Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem / Hageman, K., Feal, A., Gamba, J., Girish, A., Bleier, J., Lindorfer, M., Tapiador, J., & Vallina-Rodriguez, N. (2023). Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem. IEEE Transactions on Software Engineering, 49(4), 2964–2979. https://doi.org/10.34726/5296
  Download: PDF (3.29 MB)
  Projects: IoTIO (2020–2025) / SPFBT (2020–2026)
• Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets / Streibelt, F., Lindorfer, M., Gürses, S., Hernández Gañán, C., & Fiebig, T. (2023). Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets. In Passive and Active Measurement : 24th International Conference, PAM 2023, Virtual Event, March 21–23, 2023, Proceedings (pp. 209–226). Springer. https://doi.org/10.1007/978-3-031-28486-1_10
  Download: PDF (2.52 MB)
• CryptoMaze: Privacy-Preserving Splitting of Off-Chain Payments / Mazumdar, S., & Ruj, S. (2023). CryptoMaze: Privacy-Preserving Splitting of Off-Chain Payments. IEEE Transactions on Dependable and Secure Computing, 20(2), 1060–1073. https://doi.org/10.1109/TDSC.2022.3148476
• Sleepy Channels: Bi-directional Payment Channels without Watchtowers / Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2023, February 28). Sleepy Channels: Bi-directional Payment Channels without Watchtowers [Poster Presentation]. Network and Distributed System Security Symposium (NDSS) 2023, United States of America (the). http://hdl.handle.net/20.500.12708/189878
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Thora: Atomic and Privacy-Preserving Multi-Channel Updates / Aumayr, L., Abbaszadeh, K., & Maffei, M. (2023, February 28). Thora: Atomic and Privacy-Preserving Multi-Channel Updates [Poster Presentation]. Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). http://hdl.handle.net/20.500.12708/189792
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Breaking and Fixing Virtual Channels: Domino Attack and Donner / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2023). Breaking and Fixing Virtual Channels: Domino Attack and Donner. In Proceedings Network and Distributed System Security Symposium 2023. 30th Annual Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). https://doi.org/10.14722/ndss.2023.24370
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains / Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., & Ruj, S. (2023). LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains. In J. Garcia-Alfaro, G. Navarro-Arribas, & N. Dragoni (Eds.), Data Privacy Management, Cryptocurrencies and Blockchain Technology (pp. 219–235). Springer Cham. https://doi.org/10.1007/978-3-031-25734-6_14
  Project: CDL-BOT (2020–2025)
• I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape / Tagliaro, C., Hahn, F., Sepe, R., Aceti, A., & Lindorfer, M. (2023). I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape. In Proceedings Network and Distributed System Security (NDSS) Symposium 2023. 30th Annual Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). https://doi.org/10.14722/ndss.2023.24102
  Projects: IoTIO (2020–2025) / SPFBT (2020–2026)
• SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients / Abusalah, H., Fuchsbauer, G., Gazi, P., & Klein, K. (2023). SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients. In Advances in Cryptology - ASIACRYPT 2022 (pp. 806–836). Springer. https://doi.org/10.1007/978-3-031-22963-3_27
  Project: COnFIDE (2020–2027)
• Non-interactive Mimblewimble transactions, revisited / Fuchsbauer, G., & Orrù, M. (2023). Non-interactive Mimblewimble transactions, revisited. In Advances in Cryptology - ASIACRYPT 2022 (pp. 713–744). Springer. https://doi.org/10.1007/978-3-031-22963-3_24
  Project: COnFIDE (2020–2027)
• Quantum cryptanalysis of Farfalle and (generalised) key-alternating Feistel networks / Hodžić, S., Roy, A., & Andreeva, E. (2023). Quantum cryptanalysis of Farfalle and (generalised) key-alternating Feistel networks. Designs, Codes and Cryptography. https://doi.org/10.1007/s10623-023-01305-6
• Lightning Creation Games / Avarikioti, G., Lizurej, T., Michalak, T., & Yeo, M. (2023). Lightning Creation Games. In E. Bertino, B. Li, O. Frieder, & X. Jia (Eds.), 2023 IEEE 43rd International Conference on Distributed Computing Systems (ICDCS 2023) (pp. 603–613). IEEE. https://doi.org/10.1109/ICDCS57875.2023.00037
  Project: CoRaF (2022–2025)
• Divide & Scale: Formalization and Roadmap to Robust Sharding / Avarikioti, G., Desjardins, A., Kokoris-Kogias, L., & Wattenhofer, R. (2023). Divide & Scale: Formalization and Roadmap to Robust Sharding. In S. Rajsbaum, A. Balliu, J. Daymude, & D. Olivetti (Eds.), Structural Information and Communication Complexity : 30th International Colloquium, SIROCCO 2023, Alcalá de Henares, Spain, June 6–9, 2023, Proceedings (pp. 199–245). Springer. https://doi.org/10.1007/978-3-031-32733-9_10
  Project: CoRaF (2022–2025)
• A Forkcipher-Based Pseudo-Random Number Generator / Andreeva, E., & Weninger, A. (2023). A Forkcipher-Based Pseudo-Random Number Generator. In M. Tibouchi & X. Wang (Eds.), Applied Cryptography and Network Security (pp. 3–31). https://doi.org/10.1007/978-3-031-33491-7_1
• FnF-BFT: A BFT Protocol with Provable Performance Under Attack / Avarikioti, G., Heimbach, L., Schmid, R., Vanbever, L., Wattenhofer, R., & Wintermeyer, P. (2023). FnF-BFT: A BFT Protocol with Provable Performance Under Attack. In S. Rajsbaum, A. Balliu, J. Dymude, & D. Olivetti (Eds.), Structural Information and Communication Complexity : 30th International Colloquium, SIROCCO 2023, Alcalá de Henares, Spain, June 6–9, 2023, Proceedings (pp. 165–198). Springer. https://doi.org/10.1007/978-3-031-32733-9_9
  Project: CoRaF (2022–2025)
• Investigating HbbTV Privacy Invasiveness Across European Countries / Tagliaro, C., Hahn, F., Sepe, R., Aceti, A., & Lindorfer, M. (2023). Investigating HbbTV Privacy Invasiveness Across European Countries. In Learning from Authoritative Security Experiment Results (LASER) 2023. Workshop on Learning from Authoritative Security Experiment Results (LASER 2023), San Diego, United States of America (the). https://doi.org/10.14722/laser-ndss.2023.24102
  Project: IoTIO (2020–2025)
• WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms / Veronese, L., Farinier, B., Bernardo, P., Tempesta, M., Squarcina, M., & Maffei, M. (2023). WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms. In 2023 IEEE Symposium on Security and Privacy (SP) (pp. 2761–2779). IEEE. https://doi.org/10.1109/SP46215.2023.10179465
  Projects: Browsec (2018–2024) / ViSP (2019–2023)
• Towards a Game-Theoretic Security Analysis of Off-Chain Protocols / Rain, S., Avarikioti, G., Kovacs, L., & Maffei, M. (2023). Towards a Game-Theoretic Security Analysis of Off-Chain Protocols. In 2023 IEEE 36th Computer Security Foundations Symposium (CSF) (pp. 107–122). IEEE. https://doi.org/10.1109/CSF57540.2023.00003
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / LCS (2017–2025) / PROFET (2019–2023) / ViSP (2019–2023)

2022

• Strategic Analysis of Griefing Attack in Lightning Network / Mazumdar, S., Banerjee, P., Sinha, A., Ruj, S., & Roy, B. (2022). Strategic Analysis of Griefing Attack in Lightning Network. IEEE Transactions on Network and Service Management. https://doi.org/10.34726/3581
  Downloads: Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. (1.78 MB) / Supplemental Material (453 KB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023)
• SecWasm: Information Flow Control for WebAssembly / Bastys, I., Algehed, M., Sjösten, A., & Sabelfeld, A. (2022). SecWasm: Information Flow Control for WebAssembly. In Static Analysis (pp. 74–103). Springer Nature Switzerland AG. https://doi.org/10.1007/978-3-031-22308-2_5
  Projects: Browsec (2018–2024) / ViSP (2019–2023)
• Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom / Fiebig, T., Gürses, S., & Lindorfer, M. (2022). Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom. Privacy Studies Journal, 51–68. https://doi.org/10.7146/psj.vi.132713
• LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains / Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., & Ruj, S. (2022). LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains. Cryptology ePrint Archive. https://doi.org/10.34726/3662
  Download: PDF (502 KB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023)
• Towards faster settlement in HTLC-based Cross-Chain Atomic Swaps / Mazumdar, S. (2022). Towards faster settlement in HTLC-based Cross-Chain Atomic Swaps. arXiv. https://doi.org/10.34726/3805
  Download: PDF (800 KB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023)
• Sleepy Channels: Bi-directional Payment Channels without Watchtowers / Aumayr, L., Thyagarajan, S. A., Malavolta, G., Moreno-Sanchez, P., & Maffei, M. (2022). Sleepy Channels: Bi-directional Payment Channels without Watchtowers. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 179–192). Association for Computing Machinery. https://doi.org/10.1145/3548606.3559370
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Foundations of Coin Mixing Services / Glaeser, N., Maffei, M., Malavolta, G., Moreno-Sanchez, P., Tairi, E., & Thyagarajan, S. A. (2022). Foundations of Coin Mixing Services. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 1259–1273). Association for Computing Machinery. https://doi.org/10.34726/3601
  Download: Accepted manuscript incl. Suppl. Material. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. (756 KB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023)
• Thora: Atomic and Privacy-Preserving Multi-Channel Updates / Aumayr, L., Abbaszadeh, K., & Maffei, M. (2022). Thora: Atomic and Privacy-Preserving Multi-Channel Updates. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 165–178). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560556
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Sleepy Channels: Bi-directional Payment Channels without Watchtowers / Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2022, October 31). Sleepy Channels: Bi-directional Payment Channels without Watchtowers [Poster Presentation]. Crypto Economics Security Conference, Berkeley, United States of America (the). http://hdl.handle.net/20.500.12708/152969
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Thora: Atomic And Privacy-Preserving Multi-Channel Updates / Aumayr, L., Kasra Abbaszadeh, & Maffei, M. (2022, October 31). Thora: Atomic And Privacy-Preserving Multi-Channel Updates [Poster Presentation]. Crypto Economics Security Conference, Berkeley, United States of America (the). http://hdl.handle.net/20.500.12708/152968
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks / Avarikioti, G., Pietrzak, K., Salem, I., Schmid, S., Tiwari, S., & Yeo, M. (2022). Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks. In I. Eyal & J. Garay (Eds.), Financial Cryptography and Data Security (pp. 358–373). Springer-Verlag. https://doi.org/10.1007/978-3-031-18283-9_17
  Projects: CoRaF (2022–2025) / ViSP (2019–2023)
• Suborn Channels: Incentives Against Timelock Bribes / Avarikioti, G., & Thyfronitis Litos, O. S. (2022). Suborn Channels: Incentives Against Timelock Bribes. In Financial Cryptography and Data Security (pp. 488–511). Springer Nature Switzerland AG. https://doi.org/10.34726/3904
  Download: Paper (556 KB)
• A Comparative Analysis of Certificate Pinning in Android & iOS / Pradeep, A., Paracha, M. T., Bhowmick, P., Davanian, A., Razaghpanah, A., Chung, T., Lindorfer, M., Vallina-Rodriguez, N., Levin, D., & Choffnes, D. (2022). A Comparative Analysis of Certificate Pinning in Android & iOS. In Proceedings of the 22nd ACM Internet Measurement Conference (pp. 605–618). ACM. https://doi.org/10.34726/3505
  Project: IoTIO (2020–2025)
• Wiser: Increasing Throughput in Payment Channel Networks with Transaction Aggregation / Tiwari, S., Yeo, M., Avarikioti, G., Salem, I., Pietrzak, K., & Schmid, S. (2022). Wiser: Increasing Throughput in Payment Channel Networks with Transaction Aggregation. In AFT ’22: Proceedings of the 4th ACM Conference on Advances in Financial Technologies (pp. 217–231). Association for Computing Machinery. https://doi.org/10.1145/3558535.3559775
  Download: PDF (561 KB)
  Projects: CoRaF (2022–2025) / ViSP (2019–2023)
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2022, August 31). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Conference Presentation]. The Science of Blockchain Conference 2022, Stanford, United States of America (the). http://hdl.handle.net/20.500.12708/152954
  Projects: Browsec (2018–2024) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures / Aumayr, L., Oguzhan Ersoy, Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2022, August 30). Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures [Conference Presentation]. The Science of Blockchain Conference 2022, Stanford, United States of America (the). http://hdl.handle.net/20.500.12708/152950
  Projects: Browsec (2018–2024) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality / Fassl, M., Anell, S., Houy, S., Lindorfer, M., & Krombholz, K. (2022). Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality. In Proceedings of the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) (pp. 135–154). USENIX Association. https://doi.org/10.34726/3902
  Download: Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. (1.35 MB)
  Project: IoTIO (2020–2025)
• Evolution of Payment Channels / Aumayr, L. (2022, July 27). Evolution of Payment Channels [Presentation]. DFINITY Foundation - research talks, Austria.
• Not that Simple: Email Delivery in the 21st Century / Holzbauer, F., Ullrich, J., Lindorfer, M., & Fiebig, T. (2022). Not that Simple: Email Delivery in the 21st Century. In Proceedings of the 2022 USENIX Annual Technical Conference (pp. 295–308). USENIX Association. https://doi.org/10.34726/4024
  Download: PDF (1.43 MB)
  Project: IoTIO (2020–2025)
• The security of Mimblewimble / Fuchsbauer, G. (2022, June 27). The security of Mimblewimble [Keynote Presentation]. 22nd Central European Conference on Cryptography, Smolenice, Slovakia. http://hdl.handle.net/20.500.12708/153193
  Project: COnFIDE (2020–2027)
• No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis / Al Alsadi, A. A., Sameshima, K., Bleier, J., Yoshioka, K., Lindorfer, M., van Eeten, M., & Hernández Gañán, C. (2022). No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis. In Yuji Suga, Kouichi Sakurai, Xuhua Ding, & Kazue Sako (Eds.), ASIA CCS ’22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (pp. 309–321). Association for Computing Machinery. https://doi.org/10.1145/3488932.3517408
  Project: IoTIO (2020–2025)
• ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android's OAT Compiler / Bleier, J., & Lindorfer, M. (2022, May 23). ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android’s OAT Compiler [Poster Presentation]. 43rd IEEE Symposium on Security and Privacy, San Francisco, United States of America (the).
  Project: IoTIO (2020–2025)
• Rigorous Methods for Smart Contracts / Bjørner, N., Christakis, M., Maffei, M., & Rosu, G. (Eds.). (2022). Rigorous Methods for Smart Contracts (Dagstuhl Seminar 21431). Schloss Dagstuhl – Leibniz-Zentrum für Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/DagRep.11.9.80
  Projects: Browsec (2018–2024) / Ethertrust (2018–2019) / PR4DLT (2018–2021) / PROFET (2019–2023)
• Double-authentication-preventing signatures in the standard model / Catalano, D., Fuchsbauer, G., & Soleimanian, A. (2022). Double-authentication-preventing signatures in the standard model. Journal of Computer Security, 30(1), 3–38. https://doi.org/10.3233/JCS-200117
  Project: COnFIDE (2020–2027)
• Approximate Distance-Comparison-Preserving Symmetric Encryption / Fuchsbauer, G., Ghosal, R., Hauke, N., & O’Neill, A. (2022). Approximate Distance-Comparison-Preserving Symmetric Encryption. In Security and Cryptography for Networks (pp. 117–144). https://doi.org/10.1007/978-3-031-14791-3_6
• Credential Transparency System / Chase, M., Fuchsbauer, G., Ghosh, E., & Plouviez, A. (2022). Credential Transparency System. In Security and Cryptography for Networks (pp. 313–335). https://doi.org/10.1007/978-3-031-14791-3_14
  Project: COnFIDE (2020–2027)
• Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks / Naseredini, A., Gast, S., Schwarzl, M., Sousa Bernardo, P. M., Smajic, A., Canella, C., Berger, M., & Gruss, D. (2022). Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. In P. Mori, G. Lenzini, & S. Furnell (Eds.), Proceedings of the 8th International Conference on Information Systems Security and Privacy (pp. 48–59). SciTePress. http://hdl.handle.net/20.500.12708/58799

2021

• Off-chain Scaling of Cryptocurrencies / Aumayr, L. (2021, December 9). Off-chain Scaling of Cryptocurrencies [Presentation]. VISP blockchain research meetup, Austria. http://hdl.handle.net/20.500.12708/153233
• Designing Secure Payment Channel Schemes / Aumayr, L. (2021, November 16). Designing Secure Payment Channel Schemes [Presentation]. Singapore Management University - Online Topic, Singapore. http://hdl.handle.net/20.500.12708/153226
• Beyond Payments in Payment Channel Networks / Aumayr, L. (2021, November 16). Beyond Payments in Payment Channel Networks [Presentation]. Software Seminar Series (S3), Spain. http://hdl.handle.net/20.500.12708/153227
• Formal Methods for the Security Analysis of Smart Contracts / Maffei, M. (2021). Formal Methods for the Security Analysis of Smart Contracts. In Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021 (pp. 8–8). TU Wien Academic Press. https://doi.org/10.34727/2021/isbn.978-3-85448-046-4_3
  Download: PDF (47.5 KB)
• 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher / Andreeva, E., Bhati, A. S., Preneel, B., & Vizár, D. (2021). 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher. IACR Transactions on Symmetric Cryptology, 2021(3). https://doi.org/10.46586/tosc.v2021.i3.1-35
• Donner: UTXO-Based Virtual Channels Across Multiple Hops / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, September 7). Donner: UTXO-Based Virtual Channels Across Multiple Hops [Presentation]. Bitcoin Sydney Socratic Seminar, Australia. http://hdl.handle.net/20.500.12708/152979
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, May 26). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Conference Presentation]. Theory and Practice of Blockchains, Unknown. http://hdl.handle.net/20.500.12708/153230
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, April 27). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Bitcoin Sydney Socratic Seminar, Australia. http://hdl.handle.net/20.500.12708/152982
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, February 24). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Decrypto Seminar, Unknown. http://hdl.handle.net/20.500.12708/152985
• Updatable Signatures and Message Authentication Codes / Cini, V., Ramacher, S., Slamanig, D., Striecks, C., & Tairi, E. (2021). Updatable Signatures and Message Authentication Codes. In Public-Key Cryptography – PKC 2021 (pp. 691–723). Springer, Cham. https://doi.org/10.1007/978-3-030-75245-3_25
• Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures. In Advances in Cryptology – ASIACRYPT 2021 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part II (pp. 635–664). Springer. https://doi.org/10.1007/978-3-030-92075-3_22
• Cross-Layer Deanonymization Methods in the Lightning Protocol / Romiti, M., Victor, F., Moreno-Sanchez, P., Nordholt, P. S., Haslhofer, B., & Maffei, M. (2021). Cross-Layer Deanonymization Methods in the Lightning Protocol. In Financial Cryptography and Data Security 25th International Conference, FC 2021, Virtual Event, March 1–5, 2021, Revised Selected Papers, Part I. Springer Verlag, Austria. Springer LNCS. https://doi.org/10.1007/978-3-662-64322-8_9
• Compactness of Hashing Modes and Efficiency Beyond Merkle Tree / Andreeva, E., Bhattacharyya, R., & Roy, A. (2021). Compactness of Hashing Modes and Efficiency Beyond Merkle Tree. In Advances in Cryptology – EUROCRYPT 2021 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17–21, 2021, Proceedings, Part II (pp. 92–123). Springer. https://doi.org/10.1007/978-3-030-77886-6_4
• The One-More Discrete Logarithm Assumption in the Generic Group Model / Bauer, B., Fuchsbauer, G., & Plouviez, A. (2021). The One-More Discrete Logarithm Assumption in the Generic Group Model. In Advances in Cryptology – ASIACRYPT 2021 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part IV (pp. 587–617). Springer. https://doi.org/10.1007/978-3-030-92068-5_20
• Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web / Squarcina, M., Tempesta, M., Veronese, L., Calzavara, S., & Maffei, M. (2021). Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web. In 30th USENIX Security Symposium (pp. 2917–2934). 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. http://hdl.handle.net/20.500.12708/58469
• Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments. In Financial Cryptography and Data Security (pp. 131–150). https://doi.org/10.1007/978-3-662-64331-0_7
• A²L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy 2021, United States of America (the). https://doi.org/10.1109/sp40001.2021.00111
• The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches / Squarcina, M., Calzavara, S., & Maffei, M. (2021). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches. In 2021 IEEE Security and Privacy Workshops (SPW). 15th IEEE Workshop on Offensive Technologies, San Francisco, CA, United States of America (the). https://doi.org/10.1109/spw53761.2021.00062
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits. In 30th USENIX Security Symposium (pp. 4043–4060). USENIX: The Advanced Computing Systems Association. http://hdl.handle.net/20.500.12708/55607
• Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone / Quarta, D., Ianni, M., Machiry, A., Fratantonio, Y., Gustafson, E., Balzarotti, D., Lindorfer, M., Vigna, G., & Kruegel, C. (2021). Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM’s TrustZone. In Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks. ACM, Austria. ACM. https://doi.org/10.1145/3465413.3488571
  Project: IoTIO (2020–2025)
• FWS: Analyzing, Maintaining and Transcompiling Firewalls / Bodei, C., Ceragioli, L., Degano, P., Focardi, R., Galletta, L., Luccio, F., Tempesta, M., & Veronese, L. (2021). FWS: Analyzing, Maintaining and Transcompiling Firewalls. Journal of Computer Security, 29(1), 77–134. https://doi.org/10.3233/jcs-200017
• Bitcoin-Compatible Virtual Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Bitcoin-Compatible Virtual Channels. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy 2021, Oakland, United States of America (the). IEEE Computer Society. https://doi.org/10.1109/sp40001.2021.00097
• Nonce-Misuse Security of the SAEF Authenticated Encryption Mode / Andreeva, E., Bhati, A. S., & Vizár, D. (2021). Nonce-Misuse Security of the SAEF Authenticated Encryption Mode. In Selected Areas in Cryptography (pp. 512–534). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_20
• Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE / Andreeva, E., Deprez, A., Bermudo Mera, J. M., Karmakar, A., & Purnal, A. (2021). Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE. In Smart Card Research and Advanced Applications (pp. 68–83). Springer. https://doi.org/10.1007/978-3-030-68487-7_5
• Transferable E-Cash: A Cleaner Model and the First Practical Instantiation / Bauer, B., Fuchsbauer, G., & Qian, C. (2021). Transferable E-Cash: A Cleaner Model and the First Practical Instantiation. In Public-Key Cryptography – PKC 2021 (pp. 559–590). Springer. https://doi.org/10.1007/978-3-030-75248-4_20
• EssentialFP: Exposing the Essence of Browser Fingerprinting / Sjösten, A., Hedin, D., & Sabelfeld, A. (2021). EssentialFP: Exposing the Essence of Browser Fingerprinting. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). EuroS&P 2021 SecWeb Workshop, Vienna, Austria. https://doi.org/10.1109/eurospw54576.2021.00011
• Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference / Girol, G., Farinier, B., & Bardin, S. (2021). Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference. In Computer Aided Verification (pp. 669–693). Springer LNCS. https://doi.org/10.1007/978-3-030-81685-8_32
• Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions / Andreeva, E., Roy, A., & Sauer, J. F. (2021). Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions. In Selected Areas in Cryptography (pp. 273–300). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_11

2020

• eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Grishchenko, I., Scherer, M., & Maffei, M. (2020). eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM Conference on Computer and Communications Security (CCS), Washington, United States of America (the). Association for Computing Machinery ACM. https://doi.org/10.1145/3372297.3417250
• Language-Based Web Session Integrity / Calzavara, S., Focardi, R., Grimm, N., Maffei, M., & Tempesta, M. (2020). Language-Based Web Session Integrity. In 2020 IEEE 33rd Computer Security Foundations Symposium (CSF). IEEE 33rd Computer Security Foundations Symposium (CSF), Santa Barbara, United States of America (the). IEEE Computer Society. https://doi.org/10.1109/csf49147.2020.00016
• The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Scherer, M., & Maffei, M. (2020). The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts. In T. Margaria & B. Steffen (Eds.), Leveraging Applications of Formal Methods, Verification and Validation: Applications. ISoLA 2020, Proceedings, Part III (pp. 212–231). Springer. https://doi.org/10.1007/978-3-030-61467-6_14
• Generalized Bitcoin-Compatible Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2020). Generalized Bitcoin-Compatible Channels. Cryptology ePrint Archive. http://hdl.handle.net/20.500.12708/40215
• A Voting-Based Blockchain Interoperability Oracle / Scaffino, G., Schulte, S., Sober, M., & Spanring, C. (2020). A Voting-Based Blockchain Interoperability Oracle. In 2021 IEEE International Conference on Blockchain (Blockchain). IEEE. https://doi.org/10.1109/blockchain53845.2021.00030
• Efficient Signatures on Randomizable Ciphertexts / Bauer, B., & Fuchsbauer, G. (2020). Efficient Signatures on Randomizable Ciphertexts. In Security and Cryptography for Networks (pp. 359–381). Springer. https://doi.org/10.1007/978-3-030-57990-6_18
• Double-Authentication-Preventing Signatures in the Standard Model / Catalano, D., Fuchsbauer, G., & Soleimanian, A. (2020). Double-Authentication-Preventing Signatures in the Standard Model. In Security and Cryptography for Networks (pp. 338–358). Springer. https://doi.org/10.1007/978-3-030-57990-6_17
• Formalizing Graph Trail Properties in Isabelle/HOL / Kovács, L., Lachnitt, H., & Szeider, S. (2020). Formalizing Graph Trail Properties in Isabelle/HOL. In Intelligent Computer Mathematics 13th International Conference, CICM 2020, Bertinoro, Italy, July 26–31, 2020, Proceedings (pp. 190–205). LNCS. https://doi.org/10.1007/978-3-030-53518-6_12
• Bulwark: Holistic and Verified Security Monitoring of Web Protocols / Veronese, L., Calzavara, S., & Compagna, L. (2020). Bulwark: Holistic and Verified Security Monitoring of Web Protocols. In Computer Security – ESORICS 2020 (pp. 23–41). Springer. https://doi.org/10.1007/978-3-030-58951-6_2
• The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications / Somé, D. F., Squarcina, M., Calzavara, S., & Maffei, M. (2020). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications. EuroS&P 2020 SecWeb Workshop, Genova, Italy. http://hdl.handle.net/20.500.12708/87080
• A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network / Tikhomirov, S., Moreno-Sanchez, P., & Maffei, M. (2020). A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE Security & Privacy On The Blockchain, Genova, Italy. IEEE. https://doi.org/10.1109/eurospw51379.2020.00059
• When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features / Aghakhani, H., Gritti, F., Mecca, F., Lindorfer, M., Ortolani, S., Balzarotti, D., Vigna, G., & Krügel, C. (2020). When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58307
• FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic / van Ede, T., Bortolameotti, R., Continella, A., Ren, J., Dubois, D., Lindorfer, M., Choffnes, D., van Steen, M., & Peter, A. (2020). FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58308
• Filter List Generation for Underserved Regions / Sjösten, A., Snyder, P., Pastor, A., Papadopoulos, P., & Livshits, B. (2020). Filter List Generation for Underserved Regions. In Proceedings of The Web Conference 2020. ACM/IW3C2. https://doi.org/10.1145/3366423.3380239
• TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records / der Toorn, O. van, van Rijswijk-Deij, R., Fiebig, T., Lindorfer, M., & Sperotto, A. (2020). TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE. https://doi.org/10.1109/eurospw51379.2020.00080
• Secrets in Source Code: Reducing False Positives using Machine Learning / Saha, A., Denning, T., Srikumar, V., & Kasera, S. K. (2020). Secrets in Source Code: Reducing False Positives using Machine Learning. In 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS). IEEE Xplore Digital Library. https://doi.org/10.1109/comsnets48256.2020.9027350
• A Classification of Computational Assumptions in the Algebraic Group Model / Bauer, B., Fuchsbauer, G., & Loss, J. (2020). A Classification of Computational Assumptions in the Algebraic Group Model. In Advances in Cryptology – CRYPTO 2020 (pp. 121–151). Springer. https://doi.org/10.1007/978-3-030-56880-1_5
• Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model / Fuchsbauer, G., Plouviez, A., & Seurin, Y. (2020). Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model. In Advances in Cryptology – EUROCRYPT 2020 (pp. 63–95). Springer. https://doi.org/10.1007/978-3-030-45724-2_3
• Simpler Constructions of Asymmetric Primitives from Obfuscation / Farshim, P., Fuchsbauer, G., & Passelègue, A. (2020). Simpler Constructions of Asymmetric Primitives from Obfuscation. In Progress in Cryptology – INDOCRYPT 2020 (pp. 715–738). Springer. https://doi.org/10.1007/978-3-030-65277-7_32

2019

• Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Moreno-Sanchez, P., & Maffei, M. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks [Conference Presentation]. Scaling Bitcoin 2019, Tel Aviv, Israel. http://hdl.handle.net/20.500.12708/58034
• Group ORAM for Privacy and AccessControl in Outsourced Personal Records / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2019). Group ORAM for Privacy and AccessControl in Outsourced Personal Records. Journal of Computer Security, 27(1), 1–47. https://doi.org/10.3233/jcs-171030
• Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. ACM Advances in Financial Technologies AFT 2019, Zurich, Switzerland. http://hdl.handle.net/20.500.12708/87045
• Trace Reasoning for Formal Verification using the First-Order Superposition Calculus / Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Trace Reasoning for Formal Verification using the First-Order Superposition Calculus. FMCAD 2019 Student Forum, San Jose, United States of America (the). http://hdl.handle.net/20.500.12708/86988
• Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages / Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., & Vizár, D. (2019). Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages. In Advances in Cryptology – ASIACRYPT 2019 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8–12, 2019, Proceedings, Part II (pp. 153–182). Springer LNCS. https://doi.org/10.1007/978-3-030-34621-8_6
• Verifying Relational Properties using Trace Logic / Barthe, G., Eilers, R., Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Verifying Relational Properties using Trace Logic. In B. Clark & J. Yang (Eds.), 2019 Formal Methods in Computer Aided Design (FMCAD). IEEE. https://doi.org/10.23919/fmcad.2019.8894277
• Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. In Proceedings 2019 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), San Diego, United States of America (the). https://doi.org/10.14722/ndss.2019.23330
• Reversible Proofs of Sequential Work / Pietrzak, K., Walter, M., Klein, K., Kamath, C., & Abusalah, H. (2019). Reversible Proofs of Sequential Work. In Advances in Cryptology – EUROCRYPT 2019 (pp. 277–291). Springer LNCS. https://doi.org/10.1007/978-3-030-17656-3_10
• Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Maffei, M., & Moreno-Sanchez, P. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks. In ACM (Ed.), Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3319535.3345666
• Gathering of robots in a ring with mobile faults / Das, S., Focardi, R., Luccio, F. L., Markou, E., & Squarcina, M. (2019). Gathering of robots in a ring with mobile faults. Theoretical Computer Science, 764, 42–60. https://doi.org/10.1016/j.tcs.2018.05.002
• Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem / Calzavara, S., Focardi, R., Nemec, M., Rabitti, A., & Squarcina, M. (2019). Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, Austria. IEEE. https://doi.org/10.1109/sp.2019.00053
• From Firewalls to Functions and Back / Ceragioli, L., Galletta, L., & Tempesta, M. (2019). From Firewalls to Functions and Back. In Proceedings of the Third Italian Conference on Cyber Security (p. 13). CEUR-Proceedings. http://hdl.handle.net/20.500.12708/58149
• Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges / Lu, D., Moreno-Sanchez, P., Zeryihun, A., Bajpayi, S., Yin, S., Feldman, K., Kosofsky, J., Mitra, P., & Kate, A. (2019). Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges. In 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) (pp. 39–48). IEEE Computer Society. http://hdl.handle.net/20.500.12708/58148
• Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks / Sjösten, A., Van Acker, S., Picazo-Sanchez, P., & Sabelfeld, A. (2019). Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. In Proceedings 2019 Network and Distributed System Security Symposium. The Internet Society. https://doi.org/10.14722/ndss.2019.23309

2018

• Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions / Roos, S., Moreno-Sanchez, P., Kate, A., & Goldberg, I. (2018). Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions. In Proceedings 2018 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), United States of America (the). https://doi.org/10.14722/ndss.2018.23254
• Mind Your Keys? A Security Evaluation of Java Keystores / Focardi, R., Squarcina, M., Steel, G., Palmarini, M., & Tempesta, M. (2018). Mind Your Keys? A Security Evaluation of Java Keystores. In Proceedings of 2019 Network and Distributed System Security Symposium (pp. 1–15). http://hdl.handle.net/20.500.12708/57775
• Transcompiling Firewalls / Bodei, C., Degano, P., Focardi, R., Galletta, L., & Tempesta, M. (2018). Transcompiling Firewalls. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 303–324). Springer International Publishing AG. https://doi.org/10.1007/978-3-319-89722-6_13
• Functional Credentials / Deuber, D., Maffei, M., Malavolta, G., Rabkin, M., Schröder, D., & Simkin, M. (2018). Functional Credentials. In Proceedings on Privacy Enhancing Technologies (pp. 64–84). Walter de Gruyter GmbH. http://hdl.handle.net/20.500.12708/57361
• Simple Password Hardened Encryption Services / Maffei, M., Reinert, M., Lai, R., Egger, C., Chow, S. S. M., & Schröder, D. (2018). Simple Password Hardened Encryption Services. In Proceedings of the 27th USENIX Security Symposium (pp. 1405–1421). USENIX. http://hdl.handle.net/20.500.12708/57492
• Subset Predicate Encryption and Its Applications / Katz, J., Maffei, M., Malavolta, G., & Schröder, D. (2018). Subset Predicate Encryption and Its Applications. In Cryptology and Network Security (pp. 115–134). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_6
• A Semantic Framework for the Security Analysis of Ethereum Smart Contracts / Grishchenko, I., Schneidewind, C., & Maffei, M. (2018). A Semantic Framework for the Security Analysis of Ethereum Smart Contracts. In Principles of Security and Trust 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings (pp. 243–269). Springer Open. https://doi.org/10.1007/978-3-319-89722-6_10
• GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM / van der Veen, V., Lindorfer, M., Fratantonio, Y., Padmanabha Pillai, H., Vigna, G., Kruegel, C., Bos, H., & Razavi, K. (2018). GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 92–113). Springer. https://doi.org/10.1007/978-3-319-93411-2_5
• MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense / Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H., & Vigna, G. (2018). MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3243734.3243858
• ClearChart: Ensuring integrity of consumer ratings in online marketplaces / Moreno-Sanchez, P., Mahmood, U., & Kate, A. (2018). ClearChart: Ensuring integrity of consumer ratings in online marketplaces. Computers and Security, 78, 90–102. https://doi.org/10.1016/j.cose.2018.04.014
• Equivalence Properties by Typing in Cryptographic Branching Protocols / Cortier, V., Grimm, N., Lallemand, J., & Maffei, M. (2018). Equivalence Properties by Typing in Cryptographic Branching Protocols. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 160–187). Springer LNCS. https://doi.org/10.1007/978-3-319-89722-6_7
• UniTraX: Protecting Data Privacy with Discoverable Biases / Munz, R., Eigner, F., Maffei, M., Francis, P., & Garg, D. (2018). UniTraX: Protecting Data Privacy with Discoverable Biases. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 278–299). Springer, Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-319-89722-6_12
• Information Flow Tracking for Side-Effectful Libraries / Sjösten, A., Hedin, D., & Sabelfeld, A. (2018). Information Flow Tracking for Side-Effectful Libraries. In Formal Techniques for Distributed Objects, Components, and Systems (pp. 141–160). Springer. https://doi.org/10.1007/978-3-319-92612-4_8
• Mind Your Credit / Moreno-Sanchez, P., Modi, N., Songhela, R., Kate, A., & Fahmy, S. (2018). Mind Your Credit. In Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM Digital Library. https://doi.org/10.1145/3178876.3186099
• Language-Independent Synthesis of Firewall Policies / Bodei, C., Degano, P., Galletta, L., Focardi, R., Tempesta, M., & Veronese, L. (2018). Language-Independent Synthesis of Firewall Policies. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). Institute of Electrical and Electronics Engineers ( IEEE ), Austria. IEEE. https://doi.org/10.1109/eurosp.2018.00015
• Surviving the Web / Calzavara, S., Squarcina, M., Focardi, R., & Tempesta, M. (2018). Surviving the Web. In Companion of the The Web Conference 2018 on The Web Conference 2018 - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM. https://doi.org/10.1145/3184558.3186232
• Firewall Management With FireWall Synthesizer / Tempesta, M., Bodei, C., Degano, P., Forcardi, R., Galletta, L., & Veronese, L. (2018). Firewall Management With FireWall Synthesizer. In keiner (p. 1). ITASEC. http://hdl.handle.net/20.500.12708/57774
• Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions / Ren, J., Lindorfer, M., Dubois, D. J., Rao, A., Choffnes, D., & Vallina-Rodriguez, N. (2018). Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions. In Proceedings 2018 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2018.23143
• Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications / Pan, E., Ren, J., Lindorfer, M., Wilson, C., & Choffnes, D. (2018). Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications. In Proceedings on Privacy Enhancing Technologies (pp. 33–50). DeGruyter. https://doi.org/10.1515/popets-2018-0030
• Foundations and Tools for the Static Analysis of Ethereum Smart Contracts / Gishchenko, I., Maffei, M., & Schneidewind, C. (2018). Foundations and Tools for the Static Analysis of Ethereum Smart Contracts. In G. Weissenbacher & H. Chockler (Eds.), Computer Aided Verification (pp. 51–78). Springer Open. https://doi.org/10.1007/978-3-319-96145-3_4
• WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring / Calzavara, S., Maffei, M., Schneidewind, C., Tempesta, M., & Squarcina, M. (2018). WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. In Proceedings of the 27th USENIX Security Symposium (pp. 1493–1510). USENIX. http://hdl.handle.net/20.500.12708/57493
• A monadic framework for relational verification: applied to information security, program equivalence, and optimizations / Grimm, N., Maillard, K., Fournet, C., Hritcu, C., Maffei, M., Protzenko, J., Ramananandro, T., Swamy, N., & Zanella-Béguelin, S. (2018). A monadic framework for relational verification: applied to information security, program equivalence, and optimizations. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. ACM Digital Library. https://doi.org/10.1145/3167090

2017

• Surviving the Web: A Journey into Web Session Security / Calzavara, S., Focardi, R., Squarcina, M., & Tempesta, M. (2017). Surviving the Web: A Journey into Web Session Security. ACM Computing Surveys, 50(1), 1–34. https://doi.org/10.1145/3038923
• Run-Time Attack Detection in Cryptographic APIs / Squarcina, M., & Focardi, R. (2017). Run-Time Attack Detection in Cryptographic APIs. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, United States of America (the). IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.33
• A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications / Maffei, M., Calzavara, S., Grishchenko, I., & Koutsos, A. (2017). A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, United States of America (the). IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.19
• A Type System for Privacy Properties / Maffei, M., Lallemand, J., Cortier, V., & Grimm, N. (2017). A Type System for Privacy Properties. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM CCS 2017 Conference on Computer and Communications Security, Dallas, United States of America (the). ACM Digital Library. https://doi.org/10.1145/3133956.3133998
• Principles of Security and Trust / Maffei, M., & Ryan, M. (Eds.). (2017). Principles of Security and Trust (Vol. 10204). Springer-Verlag. https://doi.org/10.1007/978-3-662-54455-6
• On the Security of Frequency-Hiding Order-Preserving Encryption / Reinert, M., Schröder, D., & Maffei, M. (2017). On the Security of Frequency-Hiding Order-Preserving Encryption. In Cryptology and Network Security (pp. 51–70). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_3
• Maliciously Secure Multi-Client ORAM / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2017). Maliciously Secure Multi-Client ORAM. In D. Gollmann, A. Miyaji, & H. Kikuchi (Eds.), Applied Cryptography and Network Security (pp. 645–664). © Springer International Publishing AG 2017. https://doi.org/10.1007/978-3-319-61204-1_32
• A Principled Approach to Tracking Information Flow in the Presence of Libraries / Hedin, D., Sjösten, A., Piessens, F., & Sabelfeld, A. (2017). A Principled Approach to Tracking Information Flow in the Presence of Libraries. In Principles of Security and Trust 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings (pp. 49–70). Springer. https://doi.org/10.1007/978-3-662-54455-6_3
• Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis / Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., & Vigna, G. (2017). Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23465
• Discovering Browser Extensions via Web Accessible Resources / Sjösten, A., Van Acker, S., & Sabelfeld, A. (2017). Discovering Browser Extensions via Web Accessible Resources. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. ACM. https://doi.org/10.1145/3029806.3029820
• Concurrency and Privacy with Payment-Channel Networks / Maffei, M., Kate, A., Malavolta, G., Moreno-Sanchez, P., & Ravi, S. (2017). Concurrency and Privacy with Payment-Channel Networks. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM Digital Library. https://doi.org/10.1145/3133956.3134096
• SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks / Maffei, M., Moreno-Sanchez, P., Kate, A., & Malavolta, G. (2017). SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23448

2016

• CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes / Carter, P., Mulliner, C., Lindorfer, M., Robertson, W., & Kirda, E. (2016). CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In Financial Cryptography and Data Security (pp. 231–249). Springer. https://doi.org/10.1007/978-3-662-54970-4_13
• Drammer: Deterministic Rowhammer Attacks on Mobile Platforms / van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., & Giuffrida, C. (2016). Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/2976749.2978406
• ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic / Ren, J., Rao, A., Lindorfer, M., Legout, A., & Choffnes, D. (2016). ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. ACM. https://doi.org/10.1145/2906388.2906392

2015

• Open problems in hash function security / Andreeva, E., Mennink, B., & Preneel, B. (2015). Open problems in hash function security. DESIGNS CODES AND CRYPTOGRAPHY, 77(2–3), 611–631. https://doi.org/10.1007/s10623-015-0096-0
• MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis / Lindorfer, M., Neugschwandtner, M., & Platzer, C. (2015). MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis. In 2015 IEEE 39th Annual Computer Software and Applications Conference. IEEE. https://doi.org/10.1109/compsac.2015.103
  Project: SysSec (2010–2014)

2014

• Enter Sandbox: Android Sandbox Comparison / Neuner, S., van der Veen, V., Lindorfer, M., Huber, M., Georg, M., Mulazzani, M., & Weippl, E. (2014). Enter Sandbox: Android Sandbox Comparison. In Proceedings of the IEEE Mobile Security Technologies Workshop (MoST). IEEE. http://hdl.handle.net/20.500.12708/55124
• ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors / Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V. van der, & Platzer, C. (2014). ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). IEEE. https://doi.org/10.1109/badgers.2014.7
  Project: SysSec (2010–2014)
• Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images / Platzer, C., Stuetz, M., & Lindorfer, M. (2014). Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images. In Proceedings of the 2nd international workshop on Security and forensics in communication systems - SFCS ’14. IEEE. https://doi.org/10.1145/2598918.2598920
  Project: SysSec (2010–2014)
• AndRadar: Fast Discovery of Android Applications in Alternative Markets / Lindorfer, M., Volanis, S., Sisto, A., Neugschwandtner, M., Athanasopoulos, E., Maggi, F., Platzer, C., Zanero, S., & Ioannidis, S. (2014). AndRadar: Fast Discovery of Android Applications in Alternative Markets. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 51–71). Springer. https://doi.org/10.1007/978-3-319-08509-8_4
  Project: SysSec (2010–2014)
• Provably Sound Browser-Based Enforcement of Web Session Integrity / Calzavara, S., Focardi, R., Khan, W., & Tempesta, M. (2014). Provably Sound Browser-Based Enforcement of Web Session Integrity. In 2014 IEEE 27th Computer Security Foundations Symposium. IEEE Computer Society. https://doi.org/10.1109/csf.2014.33

2013

• POSTER: Cross-Platform Malware: Write Once, Infect Everywhere / Lindorfer, M., Neumayr, M., Caballero, J., & Platzer, C. (2013). POSTER: Cross-Platform Malware: Write Once, Infect Everywhere. In ACM Conference on Computer and Communications Security (CCS). ACM Conference on Computer and Communications Security (CCS), Washington, USA, Non-EU. http://hdl.handle.net/20.500.12708/54855
• Take a Bite - Finding the Worm in the Apple / Lindorfer, M., Miller, B., Neugschwandtner, M., & Platzer, C. (2013). Take a Bite - Finding the Worm in the Apple. In International Conference on Information, Communications and Signal Processing (ICICS). IEEE. http://hdl.handle.net/20.500.12708/54856
• A View to a Kill: WebView Exploitation / Neugschwandtner, M., Lindorfer, M., & Platzer, C. (2013). A View to a Kill: WebView Exploitation. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX. http://hdl.handle.net/20.500.12708/54854

2012

• Lines of Malicious Code: Insights Into the Malicious Software Industry / Lindorfer, M., Di Federico, A., Maggi, F., Milani Comparetti, P., & Zanero, S. (2012). Lines of Malicious Code: Insights Into the Malicious Software Industry. In Proceedings of the 28th Annual Computer Security Applications Conference (pp. 349–358). ACM. http://hdl.handle.net/20.500.12708/54349

2011

• Detecting Environment-Sensitive Malware / Lindorfer, M., Kolbitsch, C., & Milani Comparetti, P. (2011). Detecting Environment-Sensitive Malware. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (2011). Springer. http://hdl.handle.net/20.500.12708/54010
  Projects: icode (2010–2012) / SysSec (2010–2014) / TRUDIE (2009–2012)

2025

• Exploiting Smart TVs using the HbbTV Protocol / Danis, A. (2025). Exploiting Smart TVs using the HbbTV Protocol [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2025.126342
  Download: PDF (1.08 MB)

2024

• Computer-aided formal security analysis of the Web platform / Veronese, L. (2024). Computer-aided formal security analysis of the Web platform [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.127183
  Download: PDF (4.73 MB)
• Foundations of adaptor signatures for distributed ledger protocols / Tairi, E. (2024). Foundations of adaptor signatures for distributed ledger protocols [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.123264
  Download: PDF (2.67 MB)
• Foundations of bitcoin-compatible scalability protocols / Aumayr, L. (2024). Foundations of bitcoin-compatible scalability protocols [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.122127
  Download: PDF (5.09 MB)
• Design and verification of information flows / Oliveira Da Costa, A. A. (2024). Design and verification of information flows [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.124622
  Download: PDF (1.37 MB)
• Root kit discovery with behavior-based anomaly detection through eBPF / Alton, L. (2024). Root kit discovery with behavior-based anomaly detection through eBPF [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.123246
  Download: PDF (1.27 MB)
• On the physical security of falcon / Schönauer, M. (2024). On the physical security of falcon [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.116108
  Download: PDF (3.48 MB)
• Identifying frameworks in android applications using binary code function similarity / Zeier, Y. (2024). Identifying frameworks in android applications using binary code function similarity [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.117246
  Download: PDF (1.07 MB)
• Detecting Bot Wallets on the Ethereum Blockchain / Niedermayer, T. (2024). Detecting Bot Wallets on the Ethereum Blockchain [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.106562
  Download: PDF (3.26 MB)
• Formalization of bitcoin off-chain protocols in F* / Zikulnig, A. M. (2024). Formalization of bitcoin off-chain protocols in F* [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.113647
  Download: PDF (1.38 MB)
• WebAPISpec: An extensible, machine checked model of secure browser specifications / Lee, A. (2024). WebAPISpec: An extensible, machine checked model of secure browser specifications [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.119447
  Download: PDF (660 KB)
• Bridging realms: Analyzing app-to-web Interactions in IABs / Beer, P. (2024). Bridging realms: Analyzing app-to-web Interactions in IABs [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.118621
  Download: PDF (1.23 MB)

2023

• Increasing efficiency and flexibility in post-quantum cryptography / Cini, V. (2023). Increasing efficiency and flexibility in post-quantum cryptography [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.121300
  Download: PDF (2.95 MB)
• Security analysis of WebViews in cross-plattform mobile frameworks / Sattlegger, P. F. (2023). Security analysis of WebViews in cross-plattform mobile frameworks [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.115825
  Download: PDF (1.19 MB)
• Post-quantum cryptography in OpenPGP / Wussler, A. (2023). Post-quantum cryptography in OpenPGP [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.106226
  Download: PDF (1.38 MB)
• On the impossbility of proving security of equivalence class signatures from computational assumptions / Regen, F. (2023). On the impossbility of proving security of equivalence class signatures from computational assumptions [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.116107
  Download: PDF (502 KB)
• Security and privacy concerns in shared configuration repositories / Jungwirth, G. (2023). Security and privacy concerns in shared configuration repositories [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.94601
  Download: PDF (933 KB)
• How to simulate PLONK: A formal security analysis of a zk-SNARK / Sefranek, M. (2023). How to simulate PLONK: A formal security analysis of a zk-SNARK [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.111120
  Download: PDF (961 KB)

2022

• Tracing android apps based on ART ahead-of-time compilation profiles from Google Play / Burtscher, L. (2022). Tracing android apps based on ART ahead-of-time compilation profiles from Google Play [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.90745
  Download: PDF (1.22 MB)
• Android vs. iOS: : security of mobile Deep Links / Steinböck, M. (2022). Android vs. iOS: : security of mobile Deep Links [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.93327
  Download: PDF (2.15 MB)
• Curious apps: Large-scale detection of apps scanning your local network / Hager, P. T. (2022). Curious apps: Large-scale detection of apps scanning your local network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.98764
  Download: PDF (1.35 MB)
• A systematic investigation of illicit money flows in the DeFi ecosystem / Luzian, S. (2022). A systematic investigation of illicit money flows in the DeFi ecosystem [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.106121
  Download: PDF (2.61 MB)
• Tracing cryptoassets across chains: An empirical analysis of the Terra network / Haimerl, N. (2022). Tracing cryptoassets across chains: An empirical analysis of the Terra network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.103500
  Download: PDF (2.27 MB)
• Sound cross-contract reachability analysis of ethereum smart contracts / Schweighofer, M. (2022). Sound cross-contract reachability analysis of ethereum smart contracts [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.95282
  Download: PDF (1.99 MB)
• Non-Linear reasoning in the superposition calculus / Lackner, A. (2022). Non-Linear reasoning in the superposition calculus [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.90765
  Download: PDF (734 KB)

2021

• Static and dynamic enforcement of security via relational reasoning / Grimm, N. (2021). Static and dynamic enforcement of security via relational reasoning [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.90710
  Download: PDF (2.93 MB)
• Large-scale Static Analysis of PII Leakage in IoT Companion Apps / Schmidt, D. (2021). Large-scale Static Analysis of PII Leakage in IoT Companion Apps [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.86548
  Download: PDF (2.16 MB)
• Dynamic iOS privacy analysis: Verifying App Store privacy labels / Jirout, T. W. (2021). Dynamic iOS privacy analysis: Verifying App Store privacy labels [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.92880
  Download: PDF (1.51 MB)
• Analysis of decentralized mixing services in the greater bitcoin ecosystem / Stockinger, J. (2021). Analysis of decentralized mixing services in the greater bitcoin ecosystem [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87269
  Download: PDF (1.89 MB)
• Adaptor signature based atomic swaps between bitcoin and a mimblewimble based cryptocurrency / Abfalter, J. (2021). Adaptor signature based atomic swaps between bitcoin and a mimblewimble based cryptocurrency [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.77663
  Download: PDF (1.17 MB)
• Foundations for the security analysis of distributed blockchain applications / Schneidewind, C. (2021). Foundations for the security analysis of distributed blockchain applications [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.91204
  Download: PDF (3.53 MB)
• Static analysis of low-level code / Grishchenko, I. (2021). Static analysis of low-level code [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87563
  Download: PDF (2.4 MB)

2020

• Detecting neural network functions in binaries based on syntactic features / Aschl, G. (2020). Detecting neural network functions in binaries based on syntactic features [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.66352
  Download: PDF (2.41 MB)
• Privacy preserving authenticated Kkey exchange : Modelling, constructions, proofs and formal verification : Modellierung, Konstruktionen, Beweise und Verification / Weninger, A. J. (2020). Privacy preserving authenticated Kkey exchange : Modelling, constructions, proofs and formal verification :  Modellierung, Konstruktionen, Beweise und Verification [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87263
  Download: PDF (1020 KB)
• Payment channel network analysis with focus on lightning network / Holzer, P. (2020). Payment channel network analysis with focus on lightning network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.75260
  Download: PDF (3.04 MB)

2019

• Static analysis of eWASM contracts / Schwarz, A. (2019). Static analysis of eWASM contracts [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.72720
  Download: PDF (884 KB)

2018

• Theoretische und praktische Smart Contracts - Realisierung eines Investmentfonds / Schneider, J. F. (2018). Theoretische und praktische Smart Contracts - Realisierung eines Investmentfonds [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2018.55468
  Download: PDF (980 KB)

2016

• Parallelizing the commutation property for functions over small domains / Scherer, M. (2016). Parallelizing the commutation property for functions over small domains [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2016.36321
  Download: PDF (708 KB)

2015

• Current state of browser extension security and extension-based malware / Neumayr, M. (2015). Current state of browser extension security and extension-based malware [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2015.24755
  Download: PDF (742 KB)
• Malware through the looking glass : malware analysis in an evolving threat landscape / Lindorfer, M. (2015). Malware through the looking glass : malware analysis in an evolving threat landscape [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2015.35065
  Download: PDF (2.89 MB)

2011

• Detecting environment-sensitive malware / Lindorfer, M. (2011). Detecting environment-sensitive malware [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-40430
  Download: PDF (1.06 MB)

Soon, this page will include additional information such as reference projects, conferences, events, and other research activities.

Until then, please visit Security and Privacy’s research profile in TISS .