TU Wien Informatics

20 Years

About

The mission of the Security and Privacy research unit is to develop techniques to secure modern IT infrastructures and to design solutions to protect the privacy of users in the digital society.

Our research strengths include

  • formal methods for the analysis and enforcement of security and privacy properties in various scenarios, such as cryptographic protocols, mobile apps, web applications, smart contracts;
  • principles and technologies for system security, including the evaluation of the attack surface and the development of systematic countermeasures, with a focus on mobile, web, and cloud security;
  • theory and applications of cryptography, with a focus on the design of privacy-enhancing cryptographic schemes, cryptographic protocols for blockchain technologies, and proof techniques for provable security.

The research Unit Security and Privacy is part of the Institute of Logic and Computation.

Elena Andreeva
Elena Andreeva E. Andreeva

Assistant Professor
Asst.Prof. / PhD

Daniel Christopher Arp
Daniel Christopher Arp D. Arp

Assistant Professor
Asst.Prof. Dr.

Georg Fuchsbauer
Georg Fuchsbauer G. Fuchsbauer

Associate Professor
Assoc.Prof. DI Dr.

Martina Lindorfer
Martina Lindorfer M. Lindorfer

Associate Professor
Assoc.Prof. DI Dr. / BSc

Matteo Maffei
Matteo Maffei M. Maffei

Head of Research Unit
Univ.Prof.

Anagha Athavale
Anagha Athavale A. Athavale

PreDoc Researcher
MSc

Georgia Avarikioti
Georgia Avarikioti G. Avarikioti

PostDoc Researcher
Dr.

Philipp Beer
Philipp Beer P. Beer

PreDoc Researcher
DI / BSc

Jakob Bleier
Jakob Bleier J. Bleier

PreDoc Researcher
BSc BSc MSc

Olha Denisova
Olha Denisova O. Denisova

PreDoc Researcher

Simon Jeanteur
Simon Jeanteur S. Jeanteur

PreDoc Researcher
MA

Pim Keer
Pim Keer P. Keer

PreDoc Researcher
MSc

Andreas Lackner
Andreas Lackner A. Lackner

PreDoc Researcher
DI / BSc

Andrea Pelosi
Andrea Pelosi A. Pelosi

PreDoc Researcher
MSc

Fabian Regen
Fabian Regen F. Regen

PreDoc Researcher
DI / BSc

Sebastian Roth
Sebastian Roth S. Roth

PostDoc Researcher
Dr. / MSc

Aakanksha Saha
Aakanksha Saha A. Saha

PreDoc Researcher
BSc MSc

Giulia Scaffino
Giulia Scaffino G. Scaffino

PreDoc Researcher
MSc

Markus Scherer
Markus Scherer M. Scherer

PreDoc Researcher
DI / BSc

Marek Sefranek
Marek Sefranek M. Sefranek

PreDoc Researcher
DI / BSc

Marco Squarcina
Marco Squarcina M. Squarcina

Senior Scientist
Dr.

Christos Stefo
Christos Stefo C. Stefo

PreDoc Researcher
MSc

Magdalena Steinböck
Magdalena Steinböck M. Steinböck

PreDoc Researcher
DI / BSc

Carlotta Tagliaro
Carlotta Tagliaro C. Tagliaro

PreDoc Researcher
MSc

Mauro Tempesta
Mauro Tempesta M. Tempesta

Senior Lecturer
Dr.

Stefano Trevisani
Stefano Trevisani S. Trevisani

PreDoc Researcher
MSc

Yuheng Wang
Yuheng Wang Y. Wang

PreDoc Researcher
MSc

Andreas Weninger
Andreas Weninger A. Weninger

PreDoc Researcher
DI / BSc

2024

2023

  • The Threat of Surveillance and the Need for Privacy Protections / Lindorfer, M. (2023). The Threat of Surveillance and the Need for Privacy Protections. In H. Werthner, C. Ghezzi, J. Kramer, J. Nida-Rümelin, B. Nuseibeh, E. Prem, & A. Stanger (Eds.), Introduction to Digital Humanism : A Textbook (pp. 593–609). Springer. https://doi.org/10.1007/978-3-031-45304-5_37
    Download: PDF (576 KB)
  • A blockchain-based IoT data marketplace / Sober, M., Scaffino, G., Schulte, S., & Kanhere, S. S. (2023). A blockchain-based IoT data marketplace. CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS, 26(6), 3523–3545. https://doi.org/10.1007/s10586-022-03745-6
    Download: Artikel (662 KB)
    Project: CDL-BOT (2020–2025)
  • Optimizing 0-RTT Key Exchange with Full Forward Security / Göth, C., Ramacher, S., Slamanig, D., Striecks, C., Tairi, E., & Zikulnig, A. (2023). Optimizing 0-RTT Key Exchange with Full Forward Security. In CCSW ’23: Proceedings of the 2023 on Cloud Computing Security Workshop (pp. 55–68). Association for Computing Machinery (ACM). https://doi.org/10.1145/3605763.3625246
    Download: PDF (1.12 MB)
    Project: PROFET (2019–2023)
  • LedgerLocks: A Security Framework for Blockchain Protocols Based on Adaptor Signatures / Tairi, E., Moreno-Sanchez, P., & Schneidewind, C. (2023). LedgerLocks: A Security Framework for Blockchain Protocols Based on Adaptor Signatures. In CCS ’23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 859–873). Association for Computing Machinery. https://doi.org/10.1145/3576915.3623149
    Download: PDF (15.4 MB)
    Project: PROFET (2019–2023)
  • Let's Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation / Bhati, A. S., Pohle, E., Abidin, A., Andreeva, E., & Preneel, B. (2023). Let’s Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation. In CCS ’23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 2546–2560). Association for Computing Machinery. https://doi.org/10.1145/3576915.3623091
  • IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis / Schmidt, D., Tagliaro, C., Borgolte, K., & Lindorfer, M. (2023). IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis. In CCS ’23: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (pp. 681–695). Association for Computing Machinery. https://doi.org/10.1145/3576915.3623211
    Download: PDF (1.26 MB)
    Projects: IoTIO (2020–2025) / W4MP (2023–2027)
  • Cookie Crumbles: Breaking and Fixing Web Session Integrity / Squarcina, M., Adão, P., Lorenzo Veronese, & Matteo Maffei. (2023). Cookie Crumbles: Breaking and Fixing Web Session Integrity. In J. Calandrino & C. Troncoso (Eds.), SEC ’23: Proceedings of the 32nd USENIX Conference on Security Symposium (pp. 5539–5556). USENIX Association. https://doi.org/10.34726/5329
    Downloads: Paper (1020 KB) / Appendix Paper (342 KB) / Slides (2.54 MB)
    Projects: Browsec (2018–2024) / ViSP (2019–2023) / W4MP (2023–2027)
  • Virtual Payment Channel Networks in Cryptocurrencies / Aumayr, L. (2023, October 12). Virtual Payment Channel Networks in Cryptocurrencies [Presentation]. Lunchtime Seminar, Universität Innsbruck, Austria.
  • Chrisimos: A useful Proof-of-Work for finding Minimal Dominating Set of a graph / Chatterjee, D., Banerjee, P., & Mazumdar, S. (2023). Chrisimos: A useful Proof-of-Work for finding Minimal Dominating Set of a graph. arXiv. https://doi.org/10.34726/5301
    Download: PDF (515 KB)
    Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / ViSP (2019–2023)
  • Breaking and Fixing Virtual Channels: Domino Attack and Donner / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2023, September 6). Breaking and Fixing Virtual Channels: Domino Attack and Donner [Presentation]. VISA Research - external research talks, Palo Alto, United States of America (the). http://hdl.handle.net/20.500.12708/192610
    Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / SPFBT (2020–2025) / ViSP (2019–2023)
  • Thora: Atomic and Privacy-Preserving Multi-Channel Updates / Aumayr, L., Abbaszadeh, K., & Maffei, M. (2023, August 30). Thora: Atomic and Privacy-Preserving Multi-Channel Updates [Conference Presentation]. The Science of Blockchain Conference 2023 (SBC’23), Stanford University, United States of America (the). http://hdl.handle.net/20.500.12708/190192
    Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
  • Sleepy Channels: Bitcoin-Compatible Bi-directional Payment Channels without Watchtowers / Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2023, August 30). Sleepy Channels: Bitcoin-Compatible Bi-directional Payment Channels without Watchtowers [Conference Presentation]. The Science of Blockchain Conference 2023, Stanford, United States of America (the). http://hdl.handle.net/20.500.12708/189835
    Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
  • Glimpse: On-Demand PoW Light Client with Constant-Size Storage for DeFi / Scaffino, G., Aumayr, L., Avarikioti, G., & Maffei, M. (2023). Glimpse: On-Demand PoW Light Client with Constant-Size Storage for DeFi. In Proceedings of the 32nd USENIX Security Symposium (pp. 733–750).
    Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / CoRaF (2022–2025) / SFB SPyCoDe (2023–2026)
  • Connecting the .dotfiles: Checked-In Secret Exposure with Extra (Lateral Movement) Steps / Jungwirth, G., Saha, A., Schröder, M., Fiebig, T., Lindorfer, M., & Cito, J. (2023). Connecting the .dotfiles: Checked-In Secret Exposure with Extra (Lateral Movement) Steps. In IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) (pp. 322–333). https://doi.org/10.1109/MSR59073.2023.00051
    Project: IoTIO (2020–2025)
  • Not Your Average App: A Large-scale Privacy Analysis of Android Browsers / Pradeep, A., Feal, Á., Gamba, J., Rao, A., Lindorfer, M., Vallina-Rodriguez, N., & Choffnes, D. (2023). Not Your Average App: A Large-scale Privacy Analysis of Android Browsers. In M. L. Mazurek & M. Sherr (Eds.), Proceedings on Privacy Enhancing Technologies Symposium 2023 (pp. 29–46). https://doi.org/10.56553/popets-2023-0003
    Download: PDF (2.72 MB)
    Projects: IoTIO (2020–2025) / SPFBT (2020–2025)
  • Heads in the Clouds? Measuring Universities’ Migration to Public Clouds: Implications for Privacy & Academic Freedom / Fiebig, T., Gürses, S., Hernández Gañán, C., Kotkamp, E., Kuipers, F., Lindorfer, M., Prisse, M., & Sari, T. (2023). Heads in the Clouds? Measuring Universities’ Migration to Public Clouds: Implications for Privacy & Academic Freedom. In M. L. Mazurek & M. Sherr (Eds.), Proceedings on Privacy Enhancing Technologies (pp. 117–150). De Gruyter Open / Sciendo. https://doi.org/10.56553/popets-2023-0044
    Download: PDF (6.58 MB)
  • Distributed Key Generation with Smart Contracts using zk-SNARKs / Sober, M., Max Kobelt, Scaffino, G., Kaaser, D., & Schulte, S. (2023). Distributed Key Generation with Smart Contracts using zk-SNARKs. In SAC ’23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing (pp. 231–240). Association for Computing Machinery. https://doi.org/10.34726/4523
    Download: PDF (582 KB)
  • Of Ahead Time: Evaluating Disassembly of Android Apps Compiled to Binary OATs Through the ART / Bleier, J., & Lindorfer, M. (2023). Of Ahead Time: Evaluating Disassembly of Android Apps Compiled to Binary OATs Through the ART. In J. Polakis & E. van der Kouwe (Eds.), EUROSEC ’23: Proceedings of the 16th European Workshop on System Security (pp. 21–29). https://doi.org/10.1145/3578357.3591219
    Download: PDF (2.39 MB)
    Projects: IoTIO (2020–2025) / SPFBT (2020–2025)
  • Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem / Hageman, K., Feal, A., Gamba, J., Girish, A., Bleier, J., Lindorfer, M., Tapiador, J., & Vallina-Rodriguez, N. (2023). Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem. IEEE Transactions on Software Engineering, 49(4), 2964–2979. https://doi.org/10.34726/5296
    Download: PDF (3.29 MB)
    Projects: IoTIO (2020–2025) / SPFBT (2020–2025)
  • Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets / Streibelt, F., Lindorfer, M., Gürses, S., Hernández Gañán, C., & Fiebig, T. (2023). Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets. In Passive and Active Measurement : 24th International Conference, PAM 2023, Virtual Event, March 21–23, 2023, Proceedings (pp. 209–226). Springer. https://doi.org/10.1007/978-3-031-28486-1_10
    Download: PDF (2.52 MB)
  • CryptoMaze: Privacy-Preserving Splitting of Off-Chain Payments / Mazumdar, S., & Ruj, S. (2023). CryptoMaze: Privacy-Preserving Splitting of Off-Chain Payments. IEEE Transactions on Dependable and Secure Computing, 20(2), 1060–1073. https://doi.org/10.1109/TDSC.2022.3148476
  • Thora: Atomic and Privacy-Preserving Multi-Channel Updates / Aumayr, L., Abbaszadeh, K., & Maffei, M. (2023, February 28). Thora: Atomic and Privacy-Preserving Multi-Channel Updates [Poster Presentation]. Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). http://hdl.handle.net/20.500.12708/189792
    Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PR4DLT (2018–2021) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
  • Sleepy Channels: Bi-directional Payment Channels without Watchtowers / Aumayr, L., Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Moreno-Sanchez, P., & Maffei, M. (2023, February 28). Sleepy Channels: Bi-directional Payment Channels without Watchtowers [Poster Presentation]. Network and Distributed System Security Symposium (NDSS) 2023, United States of America (the). http://hdl.handle.net/20.500.12708/189878
    Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
  • Breaking and Fixing Virtual Channels: Domino Attack and Donner / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2023). Breaking and Fixing Virtual Channels: Domino Attack and Donner. In Proceedings Network and Distributed System Security Symposium 2023. 30th Annual Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). https://doi.org/10.14722/ndss.2023.24370
    Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / PROFET (2019–2023) / SBA - COOP COMET SBA2 (2016–2019) / ViSP (2019–2023)
  • LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains / Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., & Ruj, S. (2023). LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains. In J. Garcia-Alfaro, G. Navarro-Arribas, & N. Dragoni (Eds.), Data Privacy Management, Cryptocurrencies and Blockchain Technology (pp. 219–235). Springer Cham. https://doi.org/10.1007/978-3-031-25734-6_14
    Project: CDL-BOT (2020–2025)
  • I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape / Tagliaro, C., Hahn, F., Sepe, R., Aceti, A., & Lindorfer, M. (2023). I Still Know What You Watched Last Sunday: Privacy of the HbbTV Protocol in the European Smart TV Landscape. In Proceedings Network and Distributed System Security (NDSS) Symposium 2023. 30th Annual Network and Distributed System Security Symposium (NDSS) 2023, San Diego, United States of America (the). https://doi.org/10.14722/ndss.2023.24102
    Projects: IoTIO (2020–2025) / SPFBT (2020–2025)
  • SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients / Abusalah, H., Fuchsbauer, G., Gazi, P., & Klein, K. (2023). SNACKs: Leveraging Proofs of Sequential Work for Blockchain Light Clients. In Advances in Cryptology - ASIACRYPT 2022 (pp. 806–836). Springer. https://doi.org/10.1007/978-3-031-22963-3_27
    Project: COnFIDE (2020–2027)
  • Non-interactive Mimblewimble transactions, revisited / Fuchsbauer, G., & Orrù, M. (2023). Non-interactive Mimblewimble transactions, revisited. In Advances in Cryptology - ASIACRYPT 2022 (pp. 713–744). Springer. https://doi.org/10.1007/978-3-031-22963-3_24
    Project: COnFIDE (2020–2027)
  • Quantum cryptanalysis of Farfalle and (generalised) key-alternating Feistel networks / Hodžić, S., Roy, A., & Andreeva, E. (2023). Quantum cryptanalysis of Farfalle and (generalised) key-alternating Feistel networks. Designs, Codes and Cryptography. https://doi.org/10.1007/s10623-023-01305-6
  • Lightning Creation Games / Avarikioti, G., Lizurej, T., Michalak, T., & Yeo, M. (2023). Lightning Creation Games. In E. Bertino, B. Li, O. Frieder, & X. Jia (Eds.), 2023 IEEE 43rd International Conference on Distributed Computing Systems (ICDCS 2023) (pp. 603–613). IEEE. https://doi.org/10.1109/ICDCS57875.2023.00037
    Project: CoRaF (2022–2025)
  • Divide & Scale: Formalization and Roadmap to Robust Sharding / Avarikioti, G., Desjardins, A., Kokoris-Kogias, L., & Wattenhofer, R. (2023). Divide & Scale: Formalization and Roadmap to Robust Sharding. In S. Rajsbaum, A. Balliu, J. Daymude, & D. Olivetti (Eds.), Structural Information and Communication Complexity : 30th International Colloquium, SIROCCO 2023, Alcalá de Henares, Spain, June 6–9, 2023, Proceedings (pp. 199–245). Springer. https://doi.org/10.1007/978-3-031-32733-9_10
    Project: CoRaF (2022–2025)
  • WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms / Veronese, L., Farinier, B., Bernardo, P., Tempesta, M., Squarcina, M., & Maffei, M. (2023). WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms. In 2023 IEEE Symposium on Security and Privacy (SP) (pp. 2761–2779). IEEE. https://doi.org/10.1109/SP46215.2023.10179465
    Projects: Browsec (2018–2024) / ViSP (2019–2023)
  • FnF-BFT: A BFT Protocol with Provable Performance Under Attack / Avarikioti, G., Heimbach, L., Schmid, R., Vanbever, L., Wattenhofer, R., & Wintermeyer, P. (2023). FnF-BFT: A BFT Protocol with Provable Performance Under Attack. In S. Rajsbaum, A. Balliu, J. Dymude, & D. Olivetti (Eds.), Structural Information and Communication Complexity : 30th International Colloquium, SIROCCO 2023, Alcalá de Henares, Spain, June 6–9, 2023, Proceedings (pp. 165–198). Springer. https://doi.org/10.1007/978-3-031-32733-9_9
    Project: CoRaF (2022–2025)
  • Investigating HbbTV Privacy Invasiveness Across European Countries / Tagliaro, C., Hahn, F., Sepe, R., Aceti, A., & Lindorfer, M. (2023). Investigating HbbTV Privacy Invasiveness Across European Countries. In Learning from Authoritative Security Experiment Results (LASER) 2023. Workshop on Learning from Authoritative Security Experiment Results (LASER 2023), San Diego, United States of America (the). https://doi.org/10.14722/laser-ndss.2023.24102
    Project: IoTIO (2020–2025)
  • A Forkcipher-Based Pseudo-Random Number Generator / Andreeva, E., & Weninger, A. (2023). A Forkcipher-Based Pseudo-Random Number Generator. In M. Tibouchi & X. Wang (Eds.), Applied Cryptography and Network Security (pp. 3–31). https://doi.org/10.1007/978-3-031-33491-7_1
  • Towards a Game-Theoretic Security Analysis of Off-Chain Protocols / Rain, S., Avarikioti, G., Kovacs, L., & Maffei, M. (2023). Towards a Game-Theoretic Security Analysis of Off-Chain Protocols. In 2023 IEEE 36th Computer Security Foundations Symposium (CSF) (pp. 107–122). IEEE. https://doi.org/10.1109/CSF57540.2023.00003
    Projects: Browsec (2018–2024) / CDL-BOT (2020–2025) / LCS (2017–2025) / PROFET (2019–2023) / ViSP (2019–2023)

2022

2021

  • Off-chain Scaling of Cryptocurrencies / Aumayr, L. (2021, December 9). Off-chain Scaling of Cryptocurrencies [Presentation]. VISP blockchain research meetup, Austria. http://hdl.handle.net/20.500.12708/153233
  • Designing Secure Payment Channel Schemes / Aumayr, L. (2021, November 16). Designing Secure Payment Channel Schemes [Presentation]. Singapore Management University - Online Topic, Singapore. http://hdl.handle.net/20.500.12708/153226
  • Beyond Payments in Payment Channel Networks / Aumayr, L. (2021, November 16). Beyond Payments in Payment Channel Networks [Presentation]. Software Seminar Series (S3), Spain. http://hdl.handle.net/20.500.12708/153227
  • Formal Methods for the Security Analysis of Smart Contracts / Maffei, M. (2021). Formal Methods for the Security Analysis of Smart Contracts. In Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021 (pp. 8–8). TU Wien Academic Press. https://doi.org/10.34727/2021/isbn.978-3-85448-046-4_3
    Download: PDF (47.5 KB)
  • 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher / Andreeva, E., Bhati, A. S., Preneel, B., & Vizár, D. (2021). 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher. IACR Transactions on Symmetric Cryptology, 2021(3). https://doi.org/10.46586/tosc.v2021.i3.1-35
  • Donner: UTXO-Based Virtual Channels Across Multiple Hops / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, September 7). Donner: UTXO-Based Virtual Channels Across Multiple Hops [Presentation]. Bitcoin Sydney Socratic Seminar, Australia. http://hdl.handle.net/20.500.12708/152979
  • Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, May 26). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Conference Presentation]. Theory and Practice of Blockchains, Unknown. http://hdl.handle.net/20.500.12708/153230
  • Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, April 27). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Bitcoin Sydney Socratic Seminar, Australia. http://hdl.handle.net/20.500.12708/152982
  • Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021, February 24). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits [Presentation]. Decrypto Seminar, Unknown. http://hdl.handle.net/20.500.12708/152985
  • Updatable Signatures and Message Authentication Codes / Cini, V., Ramacher, S., Slamanig, D., Striecks, C., & Tairi, E. (2021). Updatable Signatures and Message Authentication Codes. In Public-Key Cryptography – PKC 2021 (pp. 691–723). Springer, Cham. https://doi.org/10.1007/978-3-030-75245-3_25
  • Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures. In Advances in Cryptology – ASIACRYPT 2021 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part II (pp. 635–664). Springer. https://doi.org/10.1007/978-3-030-92075-3_22
  • Cross-Layer Deanonymization Methods in the Lightning Protocol / Romiti, M., Victor, F., Moreno-Sanchez, P., Nordholt, P. S., Haslhofer, B., & Maffei, M. (2021). Cross-Layer Deanonymization Methods in the Lightning Protocol. In Financial Cryptography and Data Security 25th International Conference, FC 2021, Virtual Event, March 1–5, 2021, Revised Selected Papers, Part I. Springer Verlag, Austria. Springer LNCS. https://doi.org/10.1007/978-3-662-64322-8_9
  • Compactness of Hashing Modes and Efficiency Beyond Merkle Tree / Andreeva, E., Bhattacharyya, R., & Roy, A. (2021). Compactness of Hashing Modes and Efficiency Beyond Merkle Tree. In Advances in Cryptology – EUROCRYPT 2021 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17–21, 2021, Proceedings, Part II (pp. 92–123). Springer. https://doi.org/10.1007/978-3-030-77886-6_4
  • The One-More Discrete Logarithm Assumption in the Generic Group Model / Bauer, B., Fuchsbauer, G., & Plouviez, A. (2021). The One-More Discrete Logarithm Assumption in the Generic Group Model. In Advances in Cryptology – ASIACRYPT 2021 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part IV (pp. 587–617). Springer. https://doi.org/10.1007/978-3-030-92068-5_20
  • Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web / Squarcina, M., Tempesta, M., Veronese, L., Calzavara, S., & Maffei, M. (2021). Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web. In 30th USENIX Security Symposium (pp. 2917–2934). 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. http://hdl.handle.net/20.500.12708/58469
  • Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments. In Financial Cryptography and Data Security (pp. 131–150). https://doi.org/10.1007/978-3-662-64331-0_7
  • A<sup>2</sup>L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs / Tairi, E., Moreno-Sanchez, P., & Maffei, M. (2021). A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy 2021, United States of America (the). https://doi.org/10.1109/sp40001.2021.00111
  • The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches / Squarcina, M., Calzavara, S., & Maffei, M. (2021). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches. In 2021 IEEE Security and Privacy Workshops (SPW). 15th IEEE Workshop on Offensive Technologies, San Francisco, CA, United States of America (the). https://doi.org/10.1109/spw53761.2021.00062
  • Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2021). Blitz: Secure Multi-Hop Payments Without Two-Phase Commits. In 30th USENIX Security Symposium (pp. 4043–4060). USENIX: The Advanced Computing Systems Association. http://hdl.handle.net/20.500.12708/55607
  • Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone / Quarta, D., Ianni, M., Machiry, A., Fratantonio, Y., Gustafson, E., Balzarotti, D., Lindorfer, M., Vigna, G., & Kruegel, C. (2021). Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM’s TrustZone. In Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks. ACM, Austria. ACM. https://doi.org/10.1145/3465413.3488571
    Project: IoTIO (2020–2025)
  • FWS: Analyzing, Maintaining and Transcompiling Firewalls / Bodei, C., Ceragioli, L., Degano, P., Focardi, R., Galletta, L., Luccio, F., Tempesta, M., & Veronese, L. (2021). FWS: Analyzing, Maintaining and Transcompiling Firewalls. Journal of Computer Security, 29(1), 77–134. https://doi.org/10.3233/jcs-200017
  • Bitcoin-Compatible Virtual Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2021). Bitcoin-Compatible Virtual Channels. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy 2021, Oakland, United States of America (the). IEEE Computer Society. https://doi.org/10.1109/sp40001.2021.00097
  • Nonce-Misuse Security of the SAEF Authenticated Encryption Mode / Andreeva, E., Bhati, A. S., & Vizár, D. (2021). Nonce-Misuse Security of the SAEF Authenticated Encryption Mode. In Selected Areas in Cryptography (pp. 512–534). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_20
  • Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE / Andreeva, E., Deprez, A., Bermudo Mera, J. M., Karmakar, A., & Purnal, A. (2021). Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE. In Smart Card Research and Advanced Applications (pp. 68–83). Springer. https://doi.org/10.1007/978-3-030-68487-7_5
  • Transferable E-Cash: A Cleaner Model and the First Practical Instantiation / Bauer, B., Fuchsbauer, G., & Qian, C. (2021). Transferable E-Cash: A Cleaner Model and the First Practical Instantiation. In Public-Key Cryptography – PKC 2021 (pp. 559–590). Springer. https://doi.org/10.1007/978-3-030-75248-4_20
  • EssentialFP: Exposing the Essence of Browser Fingerprinting / Sjösten, A., Hedin, D., & Sabelfeld, A. (2021). EssentialFP: Exposing the Essence of Browser Fingerprinting. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&amp;PW). EuroS&P 2021 SecWeb Workshop, Vienna, Austria. https://doi.org/10.1109/eurospw54576.2021.00011
  • Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference / Girol, G., Farinier, B., & Bardin, S. (2021). Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference. In Computer Aided Verification (pp. 669–693). Springer LNCS. https://doi.org/10.1007/978-3-030-81685-8_32
  • Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions / Andreeva, E., Roy, A., & Sauer, J. F. (2021). Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions. In Selected Areas in Cryptography (pp. 273–300). Springer LNCS. https://doi.org/10.1007/978-3-030-81652-0_11

2020

  • eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Grishchenko, I., Scherer, M., & Maffei, M. (2020). eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM Conference on Computer and Communications Security (CCS), Washington, United States of America (the). Association for Computing Machinery ACM. https://doi.org/10.1145/3372297.3417250
  • Language-Based Web Session Integrity / Calzavara, S., Focardi, R., Grimm, N., Maffei, M., & Tempesta, M. (2020). Language-Based Web Session Integrity. In 2020 IEEE 33rd Computer Security Foundations Symposium (CSF). IEEE 33rd Computer Security Foundations Symposium (CSF), Santa Barbara, United States of America (the). IEEE Computer Society. https://doi.org/10.1109/csf49147.2020.00016
  • Generalized Bitcoin-Compatible Channels / Aumayr, L., Ersoy, O., Erwig, A., Faust, S., Hostáková, K., Maffei, M., Moreno-Sanchez, P., & Riahi, S. (2020). Generalized Bitcoin-Compatible Channels. Cryptology ePrint Archive. http://hdl.handle.net/20.500.12708/40215
  • The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts / Schneidewind, C., Scherer, M., & Maffei, M. (2020). The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts. In T. Margaria & B. Steffen (Eds.), Leveraging Applications of Formal Methods, Verification and Validation: Applications. ISoLA 2020, Proceedings, Part III (pp. 212–231). Springer. https://doi.org/10.1007/978-3-030-61467-6_14
  • A Voting-Based Blockchain Interoperability Oracle / Scaffino, G., Schulte, S., Sober, M., & Spanring, C. (2020). A Voting-Based Blockchain Interoperability Oracle. In 2021 IEEE International Conference on Blockchain (Blockchain). IEEE. https://doi.org/10.1109/blockchain53845.2021.00030
  • Efficient Signatures on Randomizable Ciphertexts / Bauer, B., & Fuchsbauer, G. (2020). Efficient Signatures on Randomizable Ciphertexts. In Security and Cryptography for Networks (pp. 359–381). Springer. https://doi.org/10.1007/978-3-030-57990-6_18
  • Double-Authentication-Preventing Signatures in the Standard Model / Catalano, D., Fuchsbauer, G., & Soleimanian, A. (2020). Double-Authentication-Preventing Signatures in the Standard Model. In Security and Cryptography for Networks (pp. 338–358). Springer. https://doi.org/10.1007/978-3-030-57990-6_17
  • Formalizing Graph Trail Properties in Isabelle/HOL / Kovács, L., Lachnitt, H., & Szeider, S. (2020). Formalizing Graph Trail Properties in Isabelle/HOL. In Intelligent Computer Mathematics 13th International Conference, CICM 2020, Bertinoro, Italy, July 26–31, 2020, Proceedings (pp. 190–205). LNCS. https://doi.org/10.1007/978-3-030-53518-6_12
  • Bulwark: Holistic and Verified Security Monitoring of Web Protocols / Veronese, L., Calzavara, S., & Compagna, L. (2020). Bulwark: Holistic and Verified Security Monitoring of Web Protocols. In Computer Security – ESORICS 2020 (pp. 23–41). Springer. https://doi.org/10.1007/978-3-030-58951-6_2
  • The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications / Somé, D. F., Squarcina, M., Calzavara, S., & Maffei, M. (2020). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications. EuroS&P 2020 SecWeb Workshop, Genova, Italy. http://hdl.handle.net/20.500.12708/87080
  • A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network / Tikhomirov, S., Moreno-Sanchez, P., & Maffei, M. (2020). A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE Security & Privacy On The Blockchain, Genova, Italy. IEEE. https://doi.org/10.1109/eurospw51379.2020.00059
  • When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features / Aghakhani, H., Gritti, F., Mecca, F., Lindorfer, M., Ortolani, S., Balzarotti, D., Vigna, G., & Krügel, C. (2020). When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58307
  • FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic / van Ede, T., Bortolameotti, R., Continella, A., Ren, J., Dubois, D., Lindorfer, M., Choffnes, D., van Steen, M., & Peter, A. (2020). FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. In Network and Distributed System Security Symposium (NDSS). Internet Society. http://hdl.handle.net/20.500.12708/58308
  • Filter List Generation for Underserved Regions / Sjösten, A., Snyder, P., Pastor, A., Papadopoulos, P., & Livshits, B. (2020). Filter List Generation for Underserved Regions. In Proceedings of The Web Conference 2020. ACM/IW3C2. https://doi.org/10.1145/3366423.3380239
  • TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records / der Toorn, O. van, van Rijswijk-Deij, R., Fiebig, T., Lindorfer, M., & Sperotto, A. (2020). TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&amp;PW). IEEE. https://doi.org/10.1109/eurospw51379.2020.00080
  • Secrets in Source Code: Reducing False Positives using Machine Learning / Saha, A., Denning, T., Srikumar, V., & Kasera, S. K. (2020). Secrets in Source Code: Reducing False Positives using Machine Learning. In 2020 International Conference on COMmunication Systems &amp; NETworkS (COMSNETS). IEEE Xplore Digital Library. https://doi.org/10.1109/comsnets48256.2020.9027350
  • A Classification of Computational Assumptions in the Algebraic Group Model / Bauer, B., Fuchsbauer, G., & Loss, J. (2020). A Classification of Computational Assumptions in the Algebraic Group Model. In Advances in Cryptology – CRYPTO 2020 (pp. 121–151). Springer. https://doi.org/10.1007/978-3-030-56880-1_5
  • Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model / Fuchsbauer, G., Plouviez, A., & Seurin, Y. (2020). Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model. In Advances in Cryptology – EUROCRYPT 2020 (pp. 63–95). Springer. https://doi.org/10.1007/978-3-030-45724-2_3
  • Simpler Constructions of Asymmetric Primitives from Obfuscation / Farshim, P., Fuchsbauer, G., & Passelègue, A. (2020). Simpler Constructions of Asymmetric Primitives from Obfuscation. In Progress in Cryptology – INDOCRYPT 2020 (pp. 715–738). Springer. https://doi.org/10.1007/978-3-030-65277-7_32

2019

  • Group ORAM for Privacy and AccessControl in Outsourced Personal Records / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2019). Group ORAM for Privacy and AccessControl in Outsourced Personal Records. Journal of Computer Security, 27(1), 1–47. https://doi.org/10.3233/jcs-171030
  • Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. ACM Advances in Financial Technologies AFT 2019, Zurich, Switzerland. http://hdl.handle.net/20.500.12708/87045
  • Trace Reasoning for Formal Verification using the First-Order Superposition Calculus / Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Trace Reasoning for Formal Verification using the First-Order Superposition Calculus. FMCAD 2019 Student Forum, San Jose, United States of America (the). http://hdl.handle.net/20.500.12708/86988
  • Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages / Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., & Vizár, D. (2019). Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages. In Advances in Cryptology – ASIACRYPT 2019 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8–12, 2019, Proceedings, Part II (pp. 153–182). Springer LNCS. https://doi.org/10.1007/978-3-030-34621-8_6
  • Verifying Relational Properties using Trace Logic / Barthe, G., Eilers, R., Georgiou, P., Gleiss, B., Kovacs, L., & Maffei, M. (2019). Verifying Relational Properties using Trace Logic. In B. Clark & J. Yang (Eds.), 2019 Formal Methods in Computer Aided Design (FMCAD). IEEE. https://doi.org/10.23919/fmcad.2019.8894277
  • Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., & Maffei, M. (2019). Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. In Proceedings 2019 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), San Diego, United States of America (the). https://doi.org/10.14722/ndss.2019.23330
  • Reversible Proofs of Sequential Work / Pietrzak, K., Walter, M., Klein, K., Kamath, C., & Abusalah, H. (2019). Reversible Proofs of Sequential Work. In Advances in Cryptology – EUROCRYPT 2019 (pp. 277–291). Springer LNCS. https://doi.org/10.1007/978-3-030-17656-3_10
  • Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Maffei, M., & Moreno-Sanchez, P. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks. In ACM (Ed.), Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3319535.3345666
  • Gathering of robots in a ring with mobile faults / Das, S., Focardi, R., Luccio, F. L., Markou, E., & Squarcina, M. (2019). Gathering of robots in a ring with mobile faults. Theoretical Computer Science, 764, 42–60. https://doi.org/10.1016/j.tcs.2018.05.002
  • Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / Egger, C., Moreno-Sanchez, P., & Maffei, M. (2019). Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks [Conference Presentation]. Scaling Bitcoin 2019, Tel Aviv, Israel. http://hdl.handle.net/20.500.12708/58034
  • Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem / Calzavara, S., Focardi, R., Nemec, M., Rabitti, A., & Squarcina, M. (2019). Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, Austria. IEEE. https://doi.org/10.1109/sp.2019.00053
  • From Firewalls to Functions and Back / Ceragioli, L., Galletta, L., & Tempesta, M. (2019). From Firewalls to Functions and Back. In Proceedings of the Third Italian Conference on Cyber Security (p. 13). CEUR-Proceedings. http://hdl.handle.net/20.500.12708/58149
  • Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges / Lu, D., Moreno-Sanchez, P., Zeryihun, A., Bajpayi, S., Yin, S., Feldman, K., Kosofsky, J., Mitra, P., & Kate, A. (2019). Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges. In 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) (pp. 39–48). IEEE Computer Society. http://hdl.handle.net/20.500.12708/58148
  • Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks / Sjösten, A., Van Acker, S., Picazo-Sanchez, P., & Sabelfeld, A. (2019). Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. In Proceedings 2019 Network and Distributed System Security Symposium. The Internet Society. https://doi.org/10.14722/ndss.2019.23309

2018

  • Functional Credentials / Deuber, D., Maffei, M., Malavolta, G., Rabkin, M., Schröder, D., & Simkin, M. (2018). Functional Credentials. In Proceedings on Privacy Enhancing Technologies (pp. 64–84). Walter de Gruyter GmbH. http://hdl.handle.net/20.500.12708/57361
  • Simple Password Hardened Encryption Services / Maffei, M., Reinert, M., Lai, R., Egger, C., Chow, S. S. M., & Schröder, D. (2018). Simple Password Hardened Encryption Services. In Proceedings of the 27th USENIX Security Symposium (pp. 1405–1421). USENIX. http://hdl.handle.net/20.500.12708/57492
  • Subset Predicate Encryption and Its Applications / Katz, J., Maffei, M., Malavolta, G., & Schröder, D. (2018). Subset Predicate Encryption and Its Applications. In Cryptology and Network Security (pp. 115–134). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_6
  • A Semantic Framework for the Security Analysis of Ethereum Smart Contracts / Grishchenko, I., Schneidewind, C., & Maffei, M. (2018). A Semantic Framework for the Security Analysis of Ethereum Smart Contracts. In Principles of Security and Trust 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings (pp. 243–269). Springer Open. https://doi.org/10.1007/978-3-319-89722-6_10
  • GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM / van der Veen, V., Lindorfer, M., Fratantonio, Y., Padmanabha Pillai, H., Vigna, G., Kruegel, C., Bos, H., & Razavi, K. (2018). GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 92–113). Springer. https://doi.org/10.1007/978-3-319-93411-2_5
  • MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense / Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H., & Vigna, G. (2018). MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3243734.3243858
  • ClearChart: Ensuring integrity of consumer ratings in online marketplaces / Moreno-Sanchez, P., Mahmood, U., & Kate, A. (2018). ClearChart: Ensuring integrity of consumer ratings in online marketplaces. Computers and Security, 78, 90–102. https://doi.org/10.1016/j.cose.2018.04.014
  • Equivalence Properties by Typing in Cryptographic Branching Protocols / Cortier, V., Grimm, N., Lallemand, J., & Maffei, M. (2018). Equivalence Properties by Typing in Cryptographic Branching Protocols. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 160–187). Springer LNCS. https://doi.org/10.1007/978-3-319-89722-6_7
  • UniTraX: Protecting Data Privacy with Discoverable Biases / Munz, R., Eigner, F., Maffei, M., Francis, P., & Garg, D. (2018). UniTraX: Protecting Data Privacy with Discoverable Biases. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 278–299). Springer, Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-319-89722-6_12
  • Transcompiling Firewalls / Bodei, C., Degano, P., Focardi, R., Galletta, L., & Tempesta, M. (2018). Transcompiling Firewalls. In L. Bauer & R. Küsters (Eds.), Principles of Security and Trust (pp. 303–324). Springer International Publishing AG. https://doi.org/10.1007/978-3-319-89722-6_13
  • Information Flow Tracking for Side-Effectful Libraries / Sjösten, A., Hedin, D., & Sabelfeld, A. (2018). Information Flow Tracking for Side-Effectful Libraries. In Formal Techniques for Distributed Objects, Components, and Systems (pp. 141–160). Springer. https://doi.org/10.1007/978-3-319-92612-4_8
  • Mind Your Credit / Moreno-Sanchez, P., Modi, N., Songhela, R., Kate, A., & Fahmy, S. (2018). Mind Your Credit. In Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM Digital Library. https://doi.org/10.1145/3178876.3186099
  • Language-Independent Synthesis of Firewall Policies / Bodei, C., Degano, P., Galletta, L., Focardi, R., Tempesta, M., & Veronese, L. (2018). Language-Independent Synthesis of Firewall Policies. In 2018 IEEE European Symposium on Security and Privacy (EuroS&amp;P). Institute of Electrical and Electronics Engineers ( IEEE ), Austria. IEEE. https://doi.org/10.1109/eurosp.2018.00015
  • Surviving the Web / Calzavara, S., Squarcina, M., Focardi, R., & Tempesta, M. (2018). Surviving the Web. In Companion of the The Web Conference 2018 on The Web Conference 2018 - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM. https://doi.org/10.1145/3184558.3186232
  • Mind Your Keys? A Security Evaluation of Java Keystores / Focardi, R., Squarcina, M., Steel, G., Palmarini, M., & Tempesta, M. (2018). Mind Your Keys? A Security Evaluation of Java Keystores. In Proceedings of 2019 Network and Distributed System Security Symposium (pp. 1–15). http://hdl.handle.net/20.500.12708/57775
  • Firewall Management With FireWall Synthesizer / Tempesta, M., Bodei, C., Degano, P., Forcardi, R., Galletta, L., & Veronese, L. (2018). Firewall Management With FireWall Synthesizer. In keiner (p. 1). ITASEC. http://hdl.handle.net/20.500.12708/57774
  • Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions / Ren, J., Lindorfer, M., Dubois, D. J., Rao, A., Choffnes, D., & Vallina-Rodriguez, N. (2018). Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions. In Proceedings 2018 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2018.23143
  • Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications / Pan, E., Ren, J., Lindorfer, M., Wilson, C., & Choffnes, D. (2018). Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications. In Proceedings on Privacy Enhancing Technologies (pp. 33–50). DeGruyter. https://doi.org/10.1515/popets-2018-0030
  • Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions / Roos, S., Moreno-Sanchez, P., Kate, A., & Goldberg, I. (2018). Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions. In Proceedings 2018 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium (NDSS), USA, Non-EU. https://doi.org/10.14722/ndss.2018.23254
  • Foundations and Tools for the Static Analysis of Ethereum Smart Contracts / Gishchenko, I., Maffei, M., & Schneidewind, C. (2018). Foundations and Tools for the Static Analysis of Ethereum Smart Contracts. In G. Weissenbacher & H. Chockler (Eds.), Computer Aided Verification (pp. 51–78). Springer Open. https://doi.org/10.1007/978-3-319-96145-3_4
  • WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring / Calzavara, S., Maffei, M., Schneidewind, C., Tempesta, M., & Squarcina, M. (2018). WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. In Proceedings of the 27th USENIX Security Symposium (pp. 1493–1510). USENIX. http://hdl.handle.net/20.500.12708/57493
  • A monadic framework for relational verification: applied to information security, program equivalence, and optimizations / Grimm, N., Maillard, K., Fournet, C., Hritcu, C., Maffei, M., Protzenko, J., Ramananandro, T., Swamy, N., & Zanella-Béguelin, S. (2018). A monadic framework for relational verification: applied to information security, program equivalence, and optimizations. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. ACM Digital Library. https://doi.org/10.1145/3167090

2017

  • Surviving the Web: A Journey into Web Session Security / Calzavara, S., Focardi, R., Squarcina, M., & Tempesta, M. (2017). Surviving the Web: A Journey into Web Session Security. ACM Computing Surveys, 50(1), 1–34. https://doi.org/10.1145/3038923
  • Principles of Security and Trust / Maffei, M., & Ryan, M. (Eds.). (2017). Principles of Security and Trust (Vol. 10204). Springer-Verlag. https://doi.org/10.1007/978-3-662-54455-6
  • On the Security of Frequency-Hiding Order-Preserving Encryption / Reinert, M., Schröder, D., & Maffei, M. (2017). On the Security of Frequency-Hiding Order-Preserving Encryption. In Cryptology and Network Security (pp. 51–70). Springer International Publishing. https://doi.org/10.1007/978-3-030-02641-7_3
  • Maliciously Secure Multi-Client ORAM / Maffei, M., Malavolta, G., Reinert, M., & Schröder, D. (2017). Maliciously Secure Multi-Client ORAM. In D. Gollmann, A. Miyaji, & H. Kikuchi (Eds.), Applied Cryptography and Network Security (pp. 645–664). © Springer International Publishing AG 2017. https://doi.org/10.1007/978-3-319-61204-1_32
  • A Principled Approach to Tracking Information Flow in the Presence of Libraries / Hedin, D., Sjösten, A., Piessens, F., & Sabelfeld, A. (2017). A Principled Approach to Tracking Information Flow in the Presence of Libraries. In Principles of Security and Trust 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings (pp. 49–70). Springer. https://doi.org/10.1007/978-3-662-54455-6_3
  • Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis / Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., & Vigna, G. (2017). Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23465
  • A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications / Maffei, M., Calzavara, S., Grishchenko, I., & Koutsos, A. (2017). A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.19
  • Discovering Browser Extensions via Web Accessible Resources / Sjösten, A., Van Acker, S., & Sabelfeld, A. (2017). Discovering Browser Extensions via Web Accessible Resources. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. ACM. https://doi.org/10.1145/3029806.3029820
  • Run-Time Attack Detection in Cryptographic APIs / Squarcina, M., & Focardi, R. (2017). Run-Time Attack Detection in Cryptographic APIs. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.33
  • Concurrency and Privacy with Payment-Channel Networks / Maffei, M., Kate, A., Malavolta, G., Moreno-Sanchez, P., & Ravi, S. (2017). Concurrency and Privacy with Payment-Channel Networks. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM Digital Library. https://doi.org/10.1145/3133956.3134096
  • SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks / Maffei, M., Moreno-Sanchez, P., Kate, A., & Malavolta, G. (2017). SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks. In Proceedings 2017 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2017.23448
  • A Type System for Privacy Properties / Maffei, M., Lallemand, J., Cortier, V., & Grimm, N. (2017). A Type System for Privacy Properties. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM CCS 2017 Conference on Computer and Communications Security, Dallas, USA, Non-EU. ACM Digital Library. https://doi.org/10.1145/3133956.3133998

2016

  • CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes / Carter, P., Mulliner, C., Lindorfer, M., Robertson, W., & Kirda, E. (2016). CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In Financial Cryptography and Data Security (pp. 231–249). Springer. https://doi.org/10.1007/978-3-662-54970-4_13
  • Drammer: Deterministic Rowhammer Attacks on Mobile Platforms / van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., & Giuffrida, C. (2016). Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/2976749.2978406
  • ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic / Ren, J., Rao, A., Lindorfer, M., Legout, A., & Choffnes, D. (2016). ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. ACM. https://doi.org/10.1145/2906388.2906392

2015

2014

  • ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors / Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V. van der, & Platzer, C. (2014). ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). IEEE. https://doi.org/10.1109/badgers.2014.7
    Project: SysSec (2010–2014)
  • Enter Sandbox: Android Sandbox Comparison / Neuner, S., van der Veen, V., Lindorfer, M., Huber, M., Georg, M., Mulazzani, M., & Weippl, E. (2014). Enter Sandbox: Android Sandbox Comparison. In Proceedings of the IEEE Mobile Security Technologies Workshop (MoST). IEEE. http://hdl.handle.net/20.500.12708/55124
  • Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images / Platzer, C., Stuetz, M., & Lindorfer, M. (2014). Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images. In Proceedings of the 2nd international workshop on Security and forensics in communication systems - SFCS ’14. IEEE. https://doi.org/10.1145/2598918.2598920
    Project: SysSec (2010–2014)
  • AndRadar: Fast Discovery of Android Applications in Alternative Markets / Lindorfer, M., Volanis, S., Sisto, A., Neugschwandtner, M., Athanasopoulos, E., Maggi, F., Platzer, C., Zanero, S., & Ioannidis, S. (2014). AndRadar: Fast Discovery of Android Applications in Alternative Markets. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 51–71). Springer. https://doi.org/10.1007/978-3-319-08509-8_4
    Project: SysSec (2010–2014)
  • Provably Sound Browser-Based Enforcement of Web Session Integrity / Calzavara, S., Focardi, R., Khan, W., & Tempesta, M. (2014). Provably Sound Browser-Based Enforcement of Web Session Integrity. In 2014 IEEE 27th Computer Security Foundations Symposium. IEEE Computer Society. https://doi.org/10.1109/csf.2014.33

2013

  • POSTER: Cross-Platform Malware: Write Once, Infect Everywhere / Lindorfer, M., Neumayr, M., Caballero, J., & Platzer, C. (2013). POSTER: Cross-Platform Malware: Write Once, Infect Everywhere. In ACM Conference on Computer and Communications Security (CCS). ACM Conference on Computer and Communications Security (CCS), Washington, USA, Non-EU. http://hdl.handle.net/20.500.12708/54855
  • Take a Bite - Finding the Worm in the Apple / Lindorfer, M., Miller, B., Neugschwandtner, M., & Platzer, C. (2013). Take a Bite - Finding the Worm in the Apple. In International Conference on Information, Communications and Signal Processing (ICICS). IEEE. http://hdl.handle.net/20.500.12708/54856
  • A View to a Kill: WebView Exploitation / Neugschwandtner, M., Lindorfer, M., & Platzer, C. (2013). A View to a Kill: WebView Exploitation. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX. http://hdl.handle.net/20.500.12708/54854

2012

  • Lines of Malicious Code: Insights Into the Malicious Software Industry / Lindorfer, M., Di Federico, A., Maggi, F., Milani Comparetti, P., & Zanero, S. (2012). Lines of Malicious Code: Insights Into the Malicious Software Industry. In Proceedings of the 28th Annual Computer Security Applications Conference (pp. 349–358). ACM. http://hdl.handle.net/20.500.12708/54349

2011

  • Detecting Environment-Sensitive Malware / Lindorfer, M., Kolbitsch, C., & Milani Comparetti, P. (2011). Detecting Environment-Sensitive Malware. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (2011). Springer. http://hdl.handle.net/20.500.12708/54010
    Projects: icode (2010–2012) / SysSec (2010–2014) / TRUDIE (2009–2012)

 

2024

2023

2022

2021

2020

2019

  • Static analysis of eWASM contracts / Schwarz, A. (2019). Static analysis of eWASM contracts [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.72720
    Download: PDF (884 KB)

2018

2016

2015

2011

  • Detecting environment-sensitive malware / Lindorfer, M. (2011). Detecting environment-sensitive malware [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-40430
    Download: PDF (1.06 MB)

 

Soon, this page will include additional information such as reference projects, conferences, events, and other research activities.

Until then, please visit Security and Privacy’s research profile in TISS .