2023W

• Attacks and Defenses in Computer Security / 192.111 / UE
• Bachelor Thesis / 192.061 / PR
• Cryptocurrencies / 192.065 / VU
• Introduction to Cryptography / 192.125 / VU
• Introduction to Logical Methods in Computer Science / 184.766 / VO
• Introduction to Programming 1 / 185.A91 / VU
• Orientation Bachelor with Honors of Informatics and Business Informatics / 180.767 / SE
• Project in Computer Science 1 / 192.021 / PR
• Project in Computer Science 2 / 192.022 / PR
• Research Seminar LogiCS / 184.767 / SE
• Seminar for Master Students in Logic and Computation / 180.773 / SE
• Seminar for Master Students in Software Engineering & Internet Computing / 180.777 / SE
• Seminar for PhD Students / 192.060 / SE

2024S

• Introduction to Logical Methods in Computer Science / 184.766 / VO
• Research Seminar LogiCS / 184.767 / SE

• Effective Formal Methods for Smart-Contract Certification
  2023 – 2027 / Vienna Science and Technology Fund (WWTF)
• Scalable, Private, and Interoperable Layer 2
  2023 – 2027 / Vienna Science and Technology Fund (WWTF)
• Fixing the Broken Bridge Between Mobile Apps and the Web
  2023 – 2027 / Vienna Science and Technology Fund (WWTF)
• Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design
  2023 – 2026 / Austrian Science Fund (FWF)
• A Composable Rational Framework for Blockchain Systems
  2022 – 2025 / Austrian Science Fund (FWF)
  Publication: 150285
• Distributed Ledger Development and Implementation
  2022 – 2024 / ABC Research GmbH
• Cryptographic Foundations of Privacy in Distributed Ledgers
  2020 – 2027 / Vienna Science and Technology Fund (WWTF)
  Publications: 142523 / 139748 / 142534 / 150318 / 153193
• Blockchain Technologies for the Internet of Things
  2020 – 2025 / Christian Doppler Research Association (CDG)
  Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 175654 / 154428 / 158188 / 171624 / 177467
• IoTIO: Analyzing and Understanding the Internet of Insecure Things
  2020 – 2025 / Vienna Science and Technology Fund (WWTF)
  Publications: 150264 / 175968 / 176906 / 78069 / 58517 / 80253
• Security and Privacy Foundations of Blockchain Technologies
  2020 – 2023 / SBA Research gemeinnützige GmbH
• Vienna Cybersecurity and Privacy Research Center
  2019 – 2023 / Vienna Business Agency (WAW)
  Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 152950 / 152954 / 175654 / 150285 / 150314 / 177467
• Cryptographic Foundations for Future-proof Internet Security
  2019 – 2023 / Austrian Science Fund (FWF)
  Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 152950 / 152954 / 175654 / 154428 / 153177 / 177467
• Security and Privacy for Payment-Channel Networks
  2019 – 2020 / Austrian Science Fund (FWF)
• Foundations and Tools for Client-Side Web Security
  2018 – 2024 / European Research Council (ERC)
  Publications: 139862 / 139860 / 153863 / 158286 / 152968 / 152969 / 152950 / 152954 / 175654 / 154428 / 150314 / 153177 / 177467
• Privacy-Preserving Regulatory Technologies for Distributed Ledger Technologies
  2018 – 2021 / Austrian Research Promotion Agency (FFG)
  Publications: 139862 / 152968 / 152950 / 152954 / 153177
• Scalability for Lightning Networks
  2018 – 2020 / Chaincode Labs Inc
• Ethertrust - Trustworthy smart contracts
  2018 – 2019 / netidee.at
  Publication: 153177

2023

• Distributed Key Generation with Smart Contracts using zk-SNARKs / Sober, M., Max Kobelt, Scaffino, G., Kaaser, D., & Schulte, S. (2023). Distributed Key Generation with Smart Contracts using zk-SNARKs. In SAC ’23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing (pp. 231–240). Association for Computing Machinery. https://doi.org/10.34726/4523
  Download: PDF (582 KB)
• Breaking and Fixing Virtual Channels: Domino Attack and Donner / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2023). Breaking and Fixing Virtual Channels: Domino Attack and Donner. In Proceedings Network and Distributed System Security Symposium 2023. 30th Annual Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). https://doi.org/10.14722/ndss.2023.24370
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains / Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., & Ruj, S. (2023). LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains. In J. Garcia-Alfaro, G. Navarro-Arribas, & N. Dragoni (Eds.), Data Privacy Management, Cryptocurrencies and Blockchain Technology (pp. 219–235). Springer Cham. https://doi.org/10.1007/978-3-031-25734-6_14
  Project: CDL-BOT (2020–2025)
• SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients / Abusalah, H., Fuchsbauer, G., Gazi, P., & Klein, K. (2023). SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients. In Advances in Cryptology - ASIACRYPT 2022 (pp. 806–836). Springer. https://doi.org/10.1007/978-3-031-22963-3_27
  Project: COnFIDE (2020–2027)
• Non-interactive Mimblewimble transactions, revisited / Fuchsbauer, G., & Orrù, M. (2023). Non-interactive Mimblewimble transactions, revisited. In Advances in Cryptology - ASIACRYPT 2022 (pp. 713–744). Springer. https://doi.org/10.1007/978-3-031-22963-3_24
  Project: COnFIDE (2020–2027)

2022

• Strategic Analysis of Griefing Attack in Lightning Network / Mazumdar, S., Banerjee, P., Sinha, A., Ruj, S., & Roy, B. (2022). Strategic Analysis of Griefing Attack in Lightning Network. IEEE Transactions on Network and Service Management. https://doi.org/10.34726/3581
  Downloads: Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. (1.78 MB) / Supplemental Material (453 KB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023)
• SecWasm: Information Flow Control for WebAssembly / Bastys, I., Algehed, M., Sjösten, A., & Sabelfeld, A. (2022). SecWasm: Information Flow Control for WebAssembly. In Static Analysis (pp. 74–103). Springer Nature Switzerland AG. https://doi.org/10.1007/978-3-031-22308-2_5
  Projects: Browsec (2018–2024) / ViSP (2019–2023)
• Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom / Fiebig, T., Gürses, S., & Lindorfer, M. (2022). Position Paper: Escaping Academic Cloudification to Preserve Academic Freedom. Privacy Studies Journal, 51–68. https://doi.org/10.7146/psj.vi.132713
• LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains / Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., & Ruj, S. (2022). LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains. Cryptology ePrint Archive. https://doi.org/10.34726/3662
  Download: PDF (502 KB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023)
• Towards faster settlement in HTLC-based Cross-Chain Atomic Swaps / Mazumdar, S. (2022). Towards faster settlement in HTLC-based Cross-Chain Atomic Swaps. arXiv. https://doi.org/10.34726/3805
  Download: PDF (800 KB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023)
• Foundations of Coin Mixing Services / Glaeser, N., Maffei, M., Malavolta, G., Moreno-Sanchez, P., Tairi, E., & Thyagarajan, S. A. (2022). Foundations of Coin Mixing Services. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 1259–1273). Association for Computing Machinery. https://doi.org/10.34726/3601
  Download: Accepted manuscript incl. Suppl. Material. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. (756 KB)
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023)
• Thora: Atomic and Privacy-Preserving Multi-Channel Updates / Aumayr, L., Abbaszadeh, K., & Maffei, M. (2022). Thora: Atomic and Privacy-Preserving Multi-Channel Updates. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 165–178). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560556
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Sleepy Channels: Bi-directional Payment Channels without Watchtowers / Aumayr, L., Thyagarajan, S. A., Malavolta, G., Moreno-Sanchez, P., & Maffei, M. (2022). Sleepy Channels: Bi-directional Payment Channels without Watchtowers. In CCS ’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 179–192). Association for Computing Machinery. https://doi.org/10.1145/3548606.3559370
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Sleepy Channels: Bi-directional Payment Channels without Watchtowers / Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2022, October 31). Sleepy Channels: Bi-directional Payment Channels without Watchtowers [Poster Presentation]. Crypto Economics Security Conference, Berkeley, United States of America (the).
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Thora: Atomic And Privacy-Preserving Multi-Channel Updates / Aumayr, L., Kasra Abbaszadeh, & Maffei, M. (2022, October 31). Thora: Atomic And Privacy-Preserving Multi-Channel Updates [Poster Presentation]. Crypto Economics Security Conference, Berkeley, United States of America (the).
  Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks / Avarikioti, G., Pietrzak, K., Salem, I., Schmid, S., Tiwari, S., & Yeo, M. (2022). Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks. In I. Eyal & J. Garay (Eds.), Financial Cryptography and Data Security (pp. 358–373). Springer-Verlag. https://doi.org/10.1007/978-3-031-18283-9_17
  Projects: CoRaF (2022–2025) / ViSP (2019–2023)
• A Comparative Analysis of Certificate Pinning in Android & iOS / Pradeep, A., Paracha, M. T., Bhowmick, P., Davanian, A., Razaghpanah, A., Chung, T., Lindorfer, M., Vallina-Rodriguez, N., Levin, D., & Choffnes, D. (2022). A Comparative Analysis of Certificate Pinning in Android & iOS. In Proceedings of the 22nd ACM Internet Measurement Conference (pp. 605–618). ACM. https://doi.org/10.34726/3505
  Download: PDF (1.54 MB)
  Project: IoTIO (2020–2025)
• Suborn Channels: Incentives Against Timelock Bribes / Avarikioti, G., & Thyfronitis Litos, O. S. (2022). Suborn Channels: Incentives Against Timelock Bribes. In Financial Cryptography and Data Security (pp. 488–511). Springer Nature Switzerland AG. https://doi.org/10.34726/3904
  Download: Paper (556 KB)
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2022, August 31). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Conference Presentation]. The Science of Blockchain Conference 2022, Stanford, United States of America (the).
  Projects: Browsec (2018–2024) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures / Aumayr, L., Oguzhan Ersoy, Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2022, August 30). Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures [Conference Presentation]. The Science of Blockchain Conference 2022, Stanford, United States of America (the).
  Projects: Browsec (2018–2024) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
• Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality / Fassl, M., Anell, S., Houy, S., Lindorfer, M., & Krombholz, K. (2022). Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality. In Proceedings of the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) (pp. 135–154). USENIX Association. https://doi.org/10.34726/3902
  Download: Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. (1.35 MB)
  Project: IoTIO (2020–2025)
• Evolution of Payment Channels / Aumayr, L. (2022, July 27). Evolution of Payment Channels [Presentation]. DFINITY Foundation - research talks, Austria.
• Not that Simple: Email Delivery in the 21st Century / Holzbauer, F., Ullrich, J., Lindorfer, M., & Fiebig, T. (2022). Not that Simple: Email Delivery in the 21st Century. In Proceedings of the 2022 USENIX Annual Technical Conference (pp. 295–308). USENIX Association. https://doi.org/10.34726/4024
  Download: PDF (1.43 MB)
  Project: IoTIO (2020–2025)
• The security of Mimblewimble / Fuchsbauer, G. (2022, June 27). The security of Mimblewimble [Keynote Presentation]. 22nd Central European Conference on Cryptography, Smolenice, Slovakia. http://hdl.handle.net/20.500.12708/153193
  Project: COnFIDE (2020–2027)
• No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis / Al Alsadi, A. A., Sameshima, K., Bleier, J., Yoshioka, K., Lindorfer, M., van Eeten, M., & Hernández Gañán, C. (2022). No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis. In Yuji Suga, Kouichi Sakurai, Xuhua Ding, & Kazue Sako (Eds.), ASIA CCS ’22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (pp. 309–321). Association for Computing Machinery. https://doi.org/10.1145/3488932.3517408
  Project: IoTIO (2020–2025)
• ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android's OAT Compiler / Bleier, J., & Lindorfer, M. (2022, May 23). ART-assisted App Diffing: Defeating Dalvik Bytecode Shrinking, Obfuscation, and Optimization with Android’s OAT Compiler [Poster Presentation]. 43rd IEEE Symposium on Security and Privacy, San Francisco, United States of America (the).
  Project: IoTIO (2020–2025)
• Rigorous Methods for Smart Contracts / Bjørner, N., Christakis, M., Maffei, M., & Rosu, G. (Eds.). (2022). Rigorous Methods for Smart Contracts (Dagstuhl Seminar 21431). Schloss Dagstuhl – Leibniz-Zentrum für Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/DagRep.11.9.80
  Projects: Browsec (2018–2024) / Ethertrust (2018–2019) / PR4DLT (2018–2021) / PROFET (2019–2023)
• Double-authentication-preventing signatures in the standard model / Catalano, D., Fuchsbauer, G., & Soleimanian, A. (2022). Double-authentication-preventing signatures in the standard model. Journal of Computer Security, 30(1), 3–38. https://doi.org/10.3233/JCS-200117
  Project: COnFIDE (2020–2027)
• Approximate Distance-Comparison-Preserving Symmetric Encryption / Fuchsbauer, G., Ghosal, R., Hauke, N., & O’Neill, A. (2022). Approximate Distance-Comparison-Preserving Symmetric Encryption. In Security and Cryptography for Networks (pp. 117–144). https://doi.org/10.1007/978-3-031-14791-3_6
• Credential Transparency System / Chase, M., Fuchsbauer, G., Ghosh, E., & Plouviez, A. (2022). Credential Transparency System. In Security and Cryptography for Networks (pp. 313–335). https://doi.org/10.1007/978-3-031-14791-3_14
  Project: COnFIDE (2020–2027)
• Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks / Naseredini, A., Gast, S., Schwarzl, M., Sousa Bernardo, P. M., Smajic, A., Canella, C., Berger, M., & Gruss, D. (2022). Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. In P. Mori, G. Lenzini, & S. Furnell (Eds.), Proceedings of the 8th International Conference on Information Systems Security and Privacy (pp. 48–59). SciTePress. http://hdl.handle.net/20.500.12708/58799

2021

• Off-chain Scaling of Cryptocurrencies / Aumayr, L. (2021, December 9). Off-chain Scaling of Cryptocurrencies [Presentation]. VISP blockchain research meetup, Austria. http://hdl.handle.net/20.500.12708/153233
• Designing Secure Payment Channel Schemes / Aumayr, L. (2021, November 16). Designing Secure Payment Channel Schemes [Presentation]. Singapore Management University - Online Topic, Singapore. http://hdl.handle.net/20.500.12708/153226
• Beyond Payments in Payment Channel Networks / Aumayr, L. (2021, November 16). Beyond Payments in Payment Channel Networks [Presentation]. Software Seminar Series (S3), Spain. http://hdl.handle.net/20.500.12708/153227
• Formal Methods for the Security Analysis of Smart Contracts / Maffei, M. (2021). Formal Methods for the Security Analysis of Smart Contracts. In Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021 (pp. 8–8). TU Wien Academic Press. https://doi.org/10.34727/2021/isbn.978-3-85448-046-4_3
  Download: PDF (47.5 KB)
• 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher / Andreeva, E., Bhati, A. S., Preneel, B., & Vizár, D. (2021). 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher. IACR Transactions on Symmetric Cryptology, 2021(3). https://doi.org/10.46586/tosc.v2021.i3.1-35
• Donner: UTXO-Based Virtual Channels Across Multiple Hops / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, September 7). Donner: UTXO-Based Virtual Channels Across Multiple Hops [Presentation]. Bitcoin Sydney Socratic Seminar, Australia. http://hdl.handle.net/20.500.12708/152979
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, May 26). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Conference Presentation]. Theory and Practice of Blockchains, International. http://hdl.handle.net/20.500.12708/153230
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, April 27). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Bitcoin Sydney Socratic Seminar, Australia. http://hdl.handle.net/20.500.12708/152982
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, February 24). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Decrypto Seminar, International. http://hdl.handle.net/20.500.12708/152985
• FWS: Analyzing, Maintaining and Transcompiling Firewalls / Bodei, C., Ceragioli, L., Degano, P., Focardi, R., Galletta, L., Luccio, F., Tempesta, M., & Veronese, L. (2021). FWS: Analyzing, Maintaining and Transcompiling Firewalls. Journal of Computer Security, 29(1), 77–134. https://doi.org/10.3233/jcs-200017
• Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone / Quarta, D., Ianni, M., Machiry, A., Fratantonio, Y., Gustafson, E., Balzarotti, D., Lindorfer, M., Vigna, G., & Kruegel, C. (2021). Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM’s TrustZone. In Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks. ACM, Austria. ACM. https://doi.org/10.1145/3465413.3488571
  Project: IoTIO (2020–2025)
• Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures. In Lecture Notes in Computer Science (pp. 635–664). Springer. https://doi.org/10.1007/978-3-030-92075-3_22
• Cross-Layer Deanonymization Methods in the Lightning Protocol / Romiti, M., Victor, F., Moreno-Sanchez, P., Nordholt, P. S., Haslhofer, B., & Maffei, M. (2021). Cross-Layer Deanonymization Methods in the Lightning Protocol. In Lecture Notes in Computer Science. Springer Verlag, Austria. Springer LNCS. https://doi.org/10.1007/978-3-662-64322-8
• Nonce-Misuse Security of the SAEF Authenticated Encryption Mode / Andreeva, E., Bhati, A. S., & Vizár, D. (2021). Nonce-Misuse Security of the SAEF Authenticated Encryption Mode. In Selected Areas in Cryptography (pp. 512–534). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_20
• Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE / Andreeva, E., Deprez, A., Bermudo Mera, J. M., Karmakar, A., & Purnal, A. (2021). Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE. In Smart Card Research and Advanced Applications (pp. 68–83). Springer. https://doi.org/10.1007/978-3-030-68487-7_5
• Compactness of Hashing Modes and Efficiency Beyond Merkle Tree / Andreeva, E., Bhattacharyya, R., & Roy, A. (2021). Compactness of Hashing Modes and Efficiency Beyond Merkle Tree. In Lecture Notes in Computer Science (pp. 92–123). Springer. https://doi.org/10.1007/978-3-030-77886-6_4
• The One-More Discrete Logarithm Assumption in the Generic Group Model / Bauer, B., Fuchsbauer, G., & Plouviez, A. (2021). The One-More Discrete Logarithm Assumption in the Generic Group Model. In Lecture Notes in Computer Science (pp. 587–617). Springer. https://doi.org/10.1007/978-3-030-92068-5_20
• Transferable E-Cash: A Cleaner Model and the First Practical Instantiation / Bauer, B., Fuchsbauer, G., & Qian, C. (2021). Transferable E-Cash: A Cleaner Model and the First Practical Instantiation. In Public-Key Cryptography – PKC 2021 (pp. 559–590). Springer. https://doi.org/10.1007/978-3-030-75248-4_20
• The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches / Squarcina, M., Calzavara, S., & Maffei, M. (2021). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches. In 2021 IEEE Security and Privacy Workshops (SPW). 15th IEEE Workshop on Offensive Technologies, San Francisco, CA, USA, Non-EU. https://doi.org/10.1109/spw53761.2021.00062
• EssentialFP: Exposing the Essence of Browser Fingerprinting / Sjösten, A., Hedin, D., & Sabelfeld, A. (2021). EssentialFP: Exposing the Essence of Browser Fingerprinting. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). EuroS&P 2021 SecWeb Workshop, Vienna, Austria. https://doi.org/10.1109/eurospw54576.2021.00011
• Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference / Girol, G., Farinier, B., & Bardin, S. (2021). Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference. In Computer Aided Verification (pp. 669–693). Springer LNCS. https://doi.org/10.1007/978-3-030-81685-8_32
• Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web / Squarcina, M., Tempesta, M., Veronese, L., Calzavara, S., & Maffei, M. (2021). Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web. In 30th USENIX Security Symposium (pp. 2917–2934). 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. http://hdl.handle.net/20.500.12708/58469
• Updatable Signatures and Message Authentication Codes / Cini, V., Ramacher, S., Slamanig, D., Striecks, C., & Tairi, E. (2021). Updatable Signatures and Message Authentication Codes. In Public-Key Cryptography – PKC 2021 (pp. 691–723). Springer, Cham. https://doi.org/10.1007/978-3-030-75245-3_25
• A²L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy, Oakland, USA, Non-EU. https://doi.org/10.1109/sp40001.2021.00111
• Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments. In Financial Cryptography and Data Security (pp. 131–150). https://doi.org/10.1007/978-3-662-64331-0_7
• Bitcoin-Compatible Virtual Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Bitcoin-Compatible Virtual Channels. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy, Oakland, USA, Non-EU. IEEE Computer Society. https://doi.org/10.1109/sp40001.2021.00097
• Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions / Andreeva, E., Roy, A., & Sauer, J. F. (2021). Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions. In Selected Areas in Cryptography (pp. 273–300). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_11
• Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits. In 30th USENIX Security Symposium (pp. 4043–4060). USENIX: The Advanced Computing Systems Association. http://hdl.handle.net/20.500.12708/55607

2020

• When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features / Aghakhani, H., Gritti, F., Mecca, F., Lindorfer, M., Ortolani, S., Balzarotti, D., Vigna, G., & Krügel, C. (2020). When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58307
• The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications / Somé, D. F., Squarcina, M., Calzavara, S., & Maffei, M. (2020). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications. EuroS&P 2020 SecWeb Workshop, Genova, IT, EU. http://hdl.handle.net/20.500.12708/87080
• A Voting-Based Blockchain Interoperability Oracle / Scaffino, G., Schulte, S., Sober, M., & Spanring, C. (2020). A Voting-Based Blockchain Interoperability Oracle. In 2021 IEEE International Conference on Blockchain (Blockchain). IEEE. https://doi.org/10.1109/blockchain53845.2021.00030
• Filter List Generation for Underserved Regions / Sjösten, A., Snyder, P., Pastor, A., Papadopoulos, P., & Livshits, B. (2020). Filter List Generation for Underserved Regions. In Proceedings of The Web Conference 2020. ACM/IW3C2. https://doi.org/10.1145/3366423.3380239
• TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records / der Toorn, O. van, van Rijswijk-Deij, R., Fiebig, T., Lindorfer, M., & Sperotto, A. (2020). TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE. https://doi.org/10.1109/eurospw51379.2020.00080
• FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic / van Ede, T., Bortolameotti, R., Continella, A., Ren, J., Dubois, D., Lindorfer, M., Choffnes, D., van Steen, M., & Peter, A. (2020). FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58308
• Formalizing Graph Trail Properties in Isabelle/HOL / Kovács, L., Lachnitt, H., & Szeider, S. (2020). Formalizing Graph Trail Properties in Isabelle/HOL. In Lecture Notes in Computer Science (pp. 190–205). LNCS. https://doi.org/10.1007/978-3-030-53518-6_12
• Bulwark: Holistic and Verified Security Monitoring of Web Protocols / Veronese, L., Calzavara, S., & Compagna, L. (2020). Bulwark: Holistic and Verified Security Monitoring of Web Protocols. In Computer Security – ESORICS 2020 (pp. 23–41). Springer. https://doi.org/10.1007/978-3-030-58951-6_2
• A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network / Tikhomirov, S., Moreno-Sanchez, P., & Maffei, M. (2020). A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE Security & Privacy On The Blockchain, Genova, EU. IEEE. https://doi.org/10.1109/eurospw51379.2020.00059
• The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Scherer, M., & Maffei, M. (2020). The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts. In Lecture Notes in Computer Science (pp. 212–231). Springer. https://doi.org/10.1007/978-3-030-61467-6_14
• eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Grishchenko, I., Scherer, M., & Maffei, M. (2020). eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM Conference on Computer and Communications Security (CCS), Washington, USA, Non-EU. Association for Computing Machinery ACM. https://doi.org/10.1145/3372297.3417250
• Language-Based Web Session Integrity / Calzavara, S., Focardi, R., Grimm, N., Maffei, M., & Tempesta, M. (2020). Language-Based Web Session Integrity. In 2020 IEEE 33rd Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Computer Society. https://doi.org/10.1109/csf49147.2020.00016
• Secrets in Source Code: Reducing False Positives using Machine Learning / Saha, A., Denning, T., Srikumar, V., & Kasera, S. K. (2020). Secrets in Source Code: Reducing False Positives using Machine Learning. In 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS). IEEE Xplore Digital Library. https://doi.org/10.1109/comsnets48256.2020.9027350
• A Classification of Computational Assumptions in the Algebraic Group Model / Bauer, B., Fuchsbauer, G., & Loss, J. (2020). A Classification of Computational Assumptions in the Algebraic Group Model. In Advances in Cryptology – CRYPTO 2020 (pp. 121–151). Springer. https://doi.org/10.1007/978-3-030-56880-1_5
• Double-Authentication-Preventing Signatures in the Standard Model / Catalano, D., Fuchsbauer, G., & Soleimanian, A. (2020). Double-Authentication-Preventing Signatures in the Standard Model. In Lecture Notes in Computer Science (pp. 338–358). Springer. https://doi.org/10.1007/978-3-030-57990-6_17
• Efficient Signatures on Randomizable Ciphertexts / Bauer, B., & Fuchsbauer, G. (2020). Efficient Signatures on Randomizable Ciphertexts. In Lecture Notes in Computer Science (pp. 359–381). Springer. https://doi.org/10.1007/978-3-030-57990-6_18
• Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model / Fuchsbauer, G., Plouviez, A., & Seurin, Y. (2020). Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model. In Advances in Cryptology – EUROCRYPT 2020 (pp. 63–95). Springer. https://doi.org/10.1007/978-3-030-45724-2_3
• Simpler Constructions of Asymmetric Primitives from Obfuscation / Farshim, P., Fuchsbauer, G., & Passelègue, A. (2020). Simpler Constructions of Asymmetric Primitives from Obfuscation. In Progress in Cryptology – INDOCRYPT 2020 (pp. 715–738). Springer. https://doi.org/10.1007/978-3-030-65277-7_32
• Generalized Bitcoin-Compatible Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2020). Generalized Bitcoin-Compatible Channels (2020/476). http://hdl.handle.net/20.500.12708/40215

2019

• Gathering of robots in a ring with mobile faults / Das, S., Focardi, R., Luccio, F. L., Markou, E., & Squarcina, M. (2019). Gathering of robots in a ring with mobile faults. Theoretical Computer Science, 764, 42–60. https://doi.org/10.1016/j.tcs.2018.05.002
• Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Maffei, M., & Moreno-Sanchez, P. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks. In ACM (Ed.), Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3319535.3345666
• Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Moreno-Sanchez, P., & Maffei, M. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks [Conference Presentation]. Scaling Bitcoin 2019, Tel Aviv, Israel. http://hdl.handle.net/20.500.12708/58034
• Group ORAM for Privacy and AccessControl in Outsourced Personal Records / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2019). Group ORAM for Privacy and AccessControl in Outsourced Personal Records. Journal of Computer Security, 27(1), 1–47. https://doi.org/10.3233/jcs-171030
• Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. ACM Advances in Financial Technologies AFT 2019, Zurich, Switzerland, Non-EU. http://hdl.handle.net/20.500.12708/87045
• Trace Reasoning for Formal Verification using the First-Order Superposition Calculus / Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Trace Reasoning for Formal Verification using the First-Order Superposition Calculus. FMCAD 2019 Student Forum, San Jose, US, Non-EU. http://hdl.handle.net/20.500.12708/86988
• Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem / Calzavara, S., Focardi, R., Nemec, M., Rabitti, A., & Squarcina, M. (2019). Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, Austria. IEEE. https://doi.org/10.1109/sp.2019.00053
• From Firewalls to Functions and Back / Ceragioli, L., Galletta, L., & Tempesta, M. (2019). From Firewalls to Functions and Back. In Proceedings of the Third Italian Conference on Cyber Security (p. 13). CEUR-Proceedings. http://hdl.handle.net/20.500.12708/58149
• Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges / Lu, D., Moreno-Sanchez, P., Zeryihun, A., Bajpayi, S., Yin, S., Feldman, K., Kosofsky, J., Mitra, P., & Kate, A. (2019). Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges. In 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) (pp. 39–48). IEEE Computer Society. http://hdl.handle.net/20.500.12708/58148
• Verifying Relational Properties using Trace Logic / Barthe, G., Eilers, R., Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Verifying Relational Properties using Trace Logic. In B. Clark & J. Yang (Eds.), 2019 Formal Methods in Computer Aided Design (FMCAD). IEEE. https://doi.org/10.23919/fmcad.2019.8894277
• Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. In Proceedings 2019 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), USA, Non-EU. https://doi.org/10.14722/ndss.2019.23330
• Reversible Proofs of Sequential Work / Pietrzak, K., Walter, M., Klein, K., Kamath, C., & Abusalah, H. (2019). Reversible Proofs of Sequential Work. In Advances in Cryptology – EUROCRYPT 2019 (pp. 277–291). Springer LNCS. https://doi.org/10.1007/978-3-030-17656-3_10
• Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages / Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., & Vizár, D. (2019). Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages. In Lecture Notes in Computer Science (pp. 153–182). Springer LNCS. https://doi.org/10.1007/978-3-030-34621-8_6
• Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks / Sjösten, A., Van Acker, S., Picazo-Sanchez, P., & Sabelfeld, A. (2019). Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. In Proceedings 2019 Network and Distributed System Security Symposium. The Internet Society. https://doi.org/10.14722/ndss.2019.23309

2018

• ClearChart: Ensuring integrity of consumer ratings in online marketplaces / Moreno-Sanchez, P., Mahmood, U., & Kate, A. (2018). ClearChart: Ensuring integrity of consumer ratings in online marketplaces. Computers and Security, 78, 90–102. https://doi.org/10.1016/j.cose.2018.04.014
• GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM / van der Veen, V., Lindorfer, M., Fratantonio, Y., Padmanabha Pillai, H., Vigna, G., Kruegel, C., Bos, H., & Razavi, K. (2018). GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 92–113). Springer. https://doi.org/10.1007/978-3-319-93411-2_5
• MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense / Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H., & Vigna, G. (2018). MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3243734.3243858
• Equivalence Properties by Typing in Cryptographic Branching Protocols / Cortier, V., Grimm, N., Lallemand, J., & Maffei, M. (2018). Equivalence Properties by Typing in Cryptographic Branching Protocols. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 160–187). Springer LNCS. https://doi.org/10.1007/978-3-319-89722-6_7
• UniTraX: Protecting Data Privacy with Discoverable Biases / Munz, R., Eigner, F., Maffei, M., Francis, P., & Garg, D. (2018). UniTraX: Protecting Data Privacy with Discoverable Biases. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 278–299). Springer, Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-319-89722-6_12
• Transcompiling Firewalls / Bodei, C., Degano, P., Focardi, R., Galletta, L., & Tempesta, M. (2018). Transcompiling Firewalls. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 303–324). Springer International Publishing AG. https://doi.org/10.1007/978-3-319-89722-6_13
• Information Flow Tracking for Side-Effectful Libraries / Sjösten, A., Hedin, D., & Sabelfeld, A. (2018). Information Flow Tracking for Side-Effectful Libraries. In Formal Techniques for Distributed Objects, Components, and Systems (pp. 141–160). Springer. https://doi.org/10.1007/978-3-319-92612-4_8
• Mind Your Credit / Moreno-Sanchez, P., Modi, N., Songhela, R., Kate, A., & Fahmy, S. (2018). Mind Your Credit. In Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM Digital Library. https://doi.org/10.1145/3178876.3186099
• Language-Independent Synthesis of Firewall Policies / Bodei, C., Degano, P., Galletta, L., Focardi, R., Tempesta, M., & Veronese, L. (2018). Language-Independent Synthesis of Firewall Policies. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). Institute of Electrical and Electronics Engineers ( IEEE ), Austria. IEEE. https://doi.org/10.1109/eurosp.2018.00015
• Surviving the Web / Calzavara, S., Squarcina, M., Focardi, R., & Tempesta, M. (2018). Surviving the Web. In Companion of the The Web Conference 2018 on The Web Conference 2018 - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM. https://doi.org/10.1145/3184558.3186232
• Mind Your Keys? A Security Evaluation of Java Keystores / Focardi, R., Squarcina, M., Steel, G., Palmarini, M., & Tempesta, M. (2018). Mind Your Keys? A Security Evaluation of Java Keystores. In Proceedings of 2019 Network and Distributed System Security Symposium (pp. 1–15). http://hdl.handle.net/20.500.12708/57775
• Firewall Management With FireWall Synthesizer / Tempesta, M., Bodei, C., Degano, P., Forcardi, R., Galletta, L., & Veronese, L. (2018). Firewall Management With FireWall Synthesizer. In keiner (p. 1). ITASEC. http://hdl.handle.net/20.500.12708/57774
• Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions / Ren, J., Lindorfer, M., Dubois, D. J., Rao, A., Choffnes, D., & Vallina-Rodriguez, N. (2018). Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions. In Proceedings 2018 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2018.23143
• Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications / Pan, E., Ren, J., Lindorfer, M., Wilson, C., & Choffnes, D. (2018). Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications. In Proceedings on Privacy Enhancing Technologies (pp. 33–50). DeGruyter. https://doi.org/10.1515/popets-2018-0030
• Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions / Roos, S., Moreno-Sanchez, P., Kate, A., & Goldberg, I. (2018). Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions. In Proceedings 2018 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), USA, Non-EU. https://doi.org/10.14722/ndss.2018.23254
• A Semantic Framework for the Security Analysis of Ethereum Smart Contracts / Grishchenko, I., Schneidewind, C., & Maffei, M. (2018). A Semantic Framework for the Security Analysis of Ethereum Smart Contracts. In Lecture Notes in Computer Science (pp. 243–269). Springer Open. https://doi.org/10.1007/978-3-319-89722-6_10
• Foundations and Tools for the Static Analysis of Ethereum Smart Contracts / Gishchenko, I., Maffei, M., & Schneidewind, C. (2018). Foundations and Tools for the Static Analysis of Ethereum Smart Contracts. In G. Weissenbacher & H. Chockler (Eds.), Computer Aided Verification (pp. 51–78). Springer Open. https://doi.org/10.1007/978-3-319-96145-3_4
• WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring / Calzavara, S., Maffei, M., Schneidewind, C., Tempesta, M., & Squarcina, M. (2018). WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. In Proceedings of the 27th USENIX Security Symposium (pp. 1493–1510). USENIX. http://hdl.handle.net/20.500.12708/57493
• Simple Password Hardened Encryption Services / Maffei, M., Reinert, M., Lai, R., Egger, C., Chow, S. S. M., & Schröder, D. (2018). Simple Password Hardened Encryption Services. In Proceedings of the 27th USENIX Security Symposium (pp. 1405–1421). USENIX. http://hdl.handle.net/20.500.12708/57492
• Functional Credentials / Deuber, D., Maffei, M., Malavolta, G., Rabkin, M., Schröder, D., & Simkin, M. (2018). Functional Credentials. In Proceedings on Privacy Enhancing Technologies (pp. 64–84). Walter de Gruyter GmbH. http://hdl.handle.net/20.500.12708/57361
• A monadic framework for relational verification: applied to information security, program equivalence, and optimizations / Grimm, N., Maillard, K., Fournet, C., Hritcu, C., Maffei, M., Protzenko, J., Ramananandro, T., Swamy, N., & Zanella-Béguelin, S. (2018). A monadic framework for relational verification: applied to information security, program equivalence, and optimizations. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. ACM Digital Library. https://doi.org/10.1145/3167090
• Subset Predicate Encryption and Its Applications / Katz, J., Maffei, M., Malavolta, G., & Schröder, D. (2018). Subset Predicate Encryption and Its Applications. In Cryptology and Network Security (pp. 115–134). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_6

2017

• Surviving the Web: A Journey into Web Session Security / Calzavara, S., Squarcina, M., Tempesta, M., & Focardi, R. (2017). Surviving the Web: A Journey into Web Session Security. ACM Computing Surveys, 50(1), 1–34. https://doi.org/10.1145/3038923
• Maliciously Secure Multi-Client ORAM / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2017). Maliciously Secure Multi-Client ORAM. In D. Gollmann, A. Miyaji, & H. Kikuchi (Eds.), Applied Cryptography and Network Security (pp. 645–664). © Springer International Publishing AG 2017. https://doi.org/10.1007/978-3-319-61204-1_32
• Discovering Browser Extensions via Web Accessible Resources / Sjösten, A., Van Acker, S., & Sabelfeld, A. (2017). Discovering Browser Extensions via Web Accessible Resources. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. ACM. https://doi.org/10.1145/3029806.3029820
• A Principled Approach to Tracking Information Flow in the Presence of Libraries / Hedin, D., Sjösten, A., Piessens, F., & Sabelfeld, A. (2017). A Principled Approach to Tracking Information Flow in the Presence of Libraries. In Lecture Notes in Computer Science (pp. 49–70). Springer. https://doi.org/10.1007/978-3-662-54455-6_3
• Run-Time Attack Detection in Cryptographic APIs / Squarcina, M., & Focardi, R. (2017). Run-Time Attack Detection in Cryptographic APIs. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.33
• Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis / Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., & Vigna, G. (2017). Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23465
• On the Security of Frequency-Hiding Order-Preserving Encryption / Reinert, M., Schröder, D., & Maffei, M. (2017). On the Security of Frequency-Hiding Order-Preserving Encryption. In Cryptology and Network Security (pp. 51–70). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_3
• Concurrency and Privacy with Payment-Channel Networks / Maffei, M., Kate, A., Malavolta, G., Moreno-Sanchez, P., & Ravi, S. (2017). Concurrency and Privacy with Payment-Channel Networks. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM Digital Library. https://doi.org/10.1145/3133956.3134096
• A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications / Maffei, M., Calzavara, S., Grishchenko, I., & Koutsos, A. (2017). A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.19
• SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks / Maffei, M., Moreno-Sanchez, P., Kate, A., & Malavolta, G. (2017). SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23448
• A Type System for Privacy Properties / Maffei, M., Lallemand, J., Cortier, V., & Grimm, N. (2017). A Type System for Privacy Properties. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM CCS 2017 Conference on Computer and Communications Security, Dallas, USA, Non-EU. ACM Digital Library. https://doi.org/10.1145/3133956.3133998
• Principles of Security and Trust / Principles of Security and Trust. (2017). In M. Maffei, M. Ryan, P. Ah-Fat, M. Alabbad, M. Alvim, Z. Aslanyan, N. Atzei, K. Babel, M. Bartoletti, L. Bauer, A. Blot, S. Bursuc, P. Cañones, G. Casini, V. Cheval, T. Cimoli, M. Cramer, J. Dreier, C. Duménil, … A. Sjösten (Eds.), Lecture Notes in Computer Science. Springer-Verlag. https://doi.org/10.1007/978-3-662-54455-6

2016

• Drammer: Deterministic Rowhammer Attacks on Mobile Platforms / van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., & Giuffrida, C. (2016). Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/2976749.2978406
• ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic / Ren, J., Rao, A., Lindorfer, M., Legout, A., & Choffnes, D. (2016). ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. ACM. https://doi.org/10.1145/2906388.2906392
• CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes / Carter, P., Mulliner, C., Lindorfer, M., Robertson, W., & Kirda, E. (2016). CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In Financial Cryptography and Data Security (pp. 231–249). Springer. https://doi.org/10.1007/978-3-662-54970-4_13

2015

• Open problems in hash function security / Andreeva, E., Mennink, B., & Preneel, B. (2015). Open problems in hash function security. Designs, Codes and Cryptography, 77(2–3), 611–631. https://doi.org/10.1007/s10623-015-0096-0
• MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis / Lindorfer, M., Neugschwandtner, M., & Platzer, C. (2015). MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis. In 2015 IEEE 39th Annual Computer Software and Applications Conference. IEEE. https://doi.org/10.1109/compsac.2015.103
  Project: SysSec (2010–2014)

2014

• Enter Sandbox: Android Sandbox Comparison / Neuner, S., van der Veen, V., Lindorfer, M., Huber, M., Georg, M., Mulazzani, M., & Weippl, E. (2014). Enter Sandbox: Android Sandbox Comparison. In Proceedings of the IEEE Mobile Security Technologies Workshop (MoST). IEEE. http://hdl.handle.net/20.500.12708/55124
• Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images / Platzer, C., Stuetz, M., & Lindorfer, M. (2014). Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images. In Proceedings of the 2nd international workshop on Security and forensics in communication systems - SFCS ’14. IEEE. https://doi.org/10.1145/2598918.2598920
  Project: SysSec (2010–2014)
• ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors / Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V. van der, & Platzer, C. (2014). ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). IEEE. https://doi.org/10.1109/badgers.2014.7
  Project: SysSec (2010–2014)
• AndRadar: Fast Discovery of Android Applications in Alternative Markets / Lindorfer, M., Volanis, S., Sisto, A., Neugschwandtner, M., Athanasopoulos, E., Maggi, F., Platzer, C., Zanero, S., & Ioannidis, S. (2014). AndRadar: Fast Discovery of Android Applications in Alternative Markets. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 51–71). Springer. https://doi.org/10.1007/978-3-319-08509-8_4
  Project: SysSec (2010–2014)
• Provably Sound Browser-Based Enforcement of Web Session Integrity / Calzavara, S., Focardi, R., Khan, W., & Tempesta, M. (2014). Provably Sound Browser-Based Enforcement of Web Session Integrity. In 2014 IEEE 27th Computer Security Foundations Symposium. IEEE Computer Society. https://doi.org/10.1109/csf.2014.33

2013

• POSTER: Cross-Platform Malware: Write Once, Infect Everywhere / Lindorfer, M., Neumayr, M., Caballero, J., & Platzer, C. (2013). POSTER: Cross-Platform Malware: Write Once, Infect Everywhere. In ACM Conference on Computer and Communications Security (CCS). ACM Conference on Computer and Communications Security (CCS), Washington, USA, Non-EU. http://hdl.handle.net/20.500.12708/54855
• Take a Bite - Finding the Worm in the Apple / Lindorfer, M., Miller, B., Neugschwandtner, M., & Platzer, C. (2013). Take a Bite - Finding the Worm in the Apple. In International Conference on Information, Communications and Signal Processing (ICICS). IEEE. http://hdl.handle.net/20.500.12708/54856
• A View to a Kill: WebView Exploitation / Neugschwandtner, M., Lindorfer, M., & Platzer, C. (2013). A View to a Kill: WebView Exploitation. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX. http://hdl.handle.net/20.500.12708/54854

2012

• Lines of Malicious Code: Insights Into the Malicious Software Industry / Lindorfer, M., Di Federico, A., Maggi, F., Milani Comparetti, P., & Zanero, S. (2012). Lines of Malicious Code: Insights Into the Malicious Software Industry. In Proceedings of the 28th Annual Computer Security Applications Conference (pp. 349–358). ACM. http://hdl.handle.net/20.500.12708/54349

2011

• Detecting Environment-Sensitive Malware / Lindorfer, M., Kolbitsch, C., & Milani Comparetti, P. (2011). Detecting Environment-Sensitive Malware. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (2011). Springer. http://hdl.handle.net/20.500.12708/54010
  Projects: icode (2010–2012) / SysSec (2010–2014) / TRUDIE (2009–2012)

• Security and Privacy Concerns in Shared Configuration Repositories / Jungwirth, G. (2023). Security and Privacy Concerns in Shared Configuration Repositories [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.94601
  Download: PDF (933 KB)
• Cross-Chain Traceability in Decentralized Finance / Haimerl, N. (2023). Cross-Chain Traceability in Decentralized Finance [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.103500
  Download: PDF (2.27 MB)
• A Systematic Investigation of Illicit Money Flows in the DeFi Ecosystem / Luzian, S. (2023). A Systematic Investigation of Illicit Money Flows in the DeFi Ecosystem [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.106121
  Download: PDF (2.61 MB)
• Sound cross-contract reachability analysis of ethereum smart contracts / Schweighofer, M. (2022). Sound cross-contract reachability analysis of ethereum smart contracts [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.95282
  Download: PDF (1.99 MB)
• Android vs. iOS: : security of mobile Deep Links / Steinböck, M. (2022). Android vs. iOS: : security of mobile Deep Links [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.93327
  Download: PDF (2.15 MB)
• Curious apps: Large-scale detection of apps scanning your local network / Hager, P. T. (2022). Curious apps: Large-scale detection of apps scanning your local network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.98764
  Download: PDF (1.35 MB)
• Tracing android apps based on ART ahead-of-time compilation profiles from Google Play / Burtscher, L. (2022). Tracing android apps based on ART ahead-of-time compilation profiles from Google Play [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.90745
  Download: PDF (1.22 MB)
• Non-Linear reasoning in the superposition calculus / Lackner, A. (2022). Non-Linear reasoning in the superposition calculus [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2022.90765
  Download: PDF (734 KB)
• Large-scale Static Analysis of PII Leakage in IoT Companion Apps / Schmidt, D. (2021). Large-scale Static Analysis of PII Leakage in IoT Companion Apps [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.86548
  Download: PDF (2.16 MB)
• Adaptor signature based atomic swaps between bitcoin and a mimblewimble based cryptocurrency / Abfalter, J. (2021). Adaptor signature based atomic swaps between bitcoin and a mimblewimble based cryptocurrency [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.77663
  Download: PDF (1.17 MB)
• Dynamic iOS privacy analysis: Verifying App Store privacy labels / Jirout, T. W. (2021). Dynamic iOS privacy analysis: Verifying App Store privacy labels [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.92880
  Download: PDF (1.51 MB)
• Static and dynamic enforcement of security via relational reasoning / Grimm, N. (2021). Static and dynamic enforcement of security via relational reasoning [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.90710
  Download: PDF (2.93 MB)
• Foundations for the security analysis of distributed blockchain applications / Schneidewind, C. (2021). Foundations for the security analysis of distributed blockchain applications [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.91204
  Download: PDF (3.53 MB)
• Static analysis of low-level code / Grishchenko, I. (2021). Static analysis of low-level code [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87563
  Download: PDF (2.4 MB)
• Analysis of decentralized mixing services in the greater bitcoin ecosystem / Stockinger, J. (2021). Analysis of decentralized mixing services in the greater bitcoin ecosystem [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87269
  Download: PDF (1.89 MB)
• Privacy enhancing technologies for distributed ledgers / Wolf, M. (2020). Privacy enhancing technologies for distributed ledgers [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.74343
  Download: PDF (1.05 MB)
• Privacy preserving authenticated Kkey exchange : Modelling, constructions, proofs and formal verification : Modellierung, Konstruktionen, Beweise und Verification / Weninger, A. J. (2020). Privacy preserving authenticated Kkey exchange : Modelling, constructions, proofs and formal verification :  Modellierung, Konstruktionen, Beweise und Verification [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2021.87263
  Download: PDF (1020 KB)
• Detecting neural network functions in binaries based on syntactic features / Aschl, G. (2020). Detecting neural network functions in binaries based on syntactic features [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.66352
  Download: PDF (2.41 MB)
• Payment channel network analysis with focus on lightning network / Holzer, P. (2020). Payment channel network analysis with focus on lightning network [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.75260
  Download: PDF (3.04 MB)
• Static analysis of eWASM contracts / Schwarz, A. (2019). Static analysis of eWASM contracts [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.72720
  Download: PDF (884 KB)
• Automatisierte Prognose der Entwicklung von Kryptowährungspreisen / Aumayr, L. (2019). Automatisierte Prognose der Entwicklung von Kryptowährungspreisen [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.55455
  Download: PDF (1.78 MB)
• Theoretische und praktische Smart Contracts - Realisierung eines Investmentfonds / Schneider, J. F. (2018). Theoretische und praktische Smart Contracts - Realisierung eines Investmentfonds [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2018.55468
  Download: PDF (980 KB)
• Parallelizing the commutation property for functions over small domains / Scherer, M. (2016). Parallelizing the commutation property for functions over small domains [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2016.36321
  Download: PDF (708 KB)
• Malware through the looking glass : malware analysis in an evolving threat landscape / Lindorfer, M. (2015). Malware through the looking glass : malware analysis in an evolving threat landscape [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2015.35065
  Download: PDF (2.89 MB)
• Current state of browser extension security and extension-based malware / Neumayr, M. (2015). Current state of browser extension security and extension-based malware [Diploma Thesis]. reposiTUm. https://doi.org/10.34726/hss.2015.24755
  Download: PDF (742 KB)

Soon, this page will include additional information such as reference projects, conferences, events, and other research activities.

Until then, please visit Security and Privacy’s research profile in TISS .