Security and Privacy E192-06
The mission of the Security and Privacy research unit is to develop techniques to secure modern IT infrastructures and to design solutions to protect the privacy of users in the digital society.

About
The mission of the Security and Privacy research unit is to develop techniques to secure modern IT infrastructures and to design solutions to protect the privacy of users in the digital society.
Our research strengths include
- formal methods for the analysis and enforcement of security and privacy properties in various scenarios, such as cryptographic protocols, mobile apps, web applications, smart contracts;
- principles and technologies for system security, including the evaluation of the attack surface and the development of systematic countermeasures, with a focus on mobile, web, and cloud security;
- theory and applications of cryptography, with a focus on the design of privacy-enhancing cryptographic schemes, cryptographic protocols for blockchain technologies, and proof techniques for provable security.
The research Unit Security and Privacy is part of the Institute of Logic and Computation.
Professors
Scientific Staff
Visiting Researchers
Administrative Staff
Student Staff
External Lecturers
Courses
2022W
- Attacks and Defenses in Computer Security / 192.111 / UE
- Bachelor Thesis / 192.061 / PR
- Cryptocurrencies / 192.065 / VU
- Introduction to Cryptography / 192.125 / VU
- Introduction to Logical Methods in Computer Science / 184.766 / VO
- Introduction to Programming 1 / 185.A91 / VU
- Orientation Bachelor with Honors of Informatics and Business Informatics / 180.767 / SE
- Project in Computer Science 1 / 192.075 / PR
- Project in Computer Science 2 / 192.076 / PR
- Research Seminar LogiCS / 184.767 / SE
- Seminar for Master Students in Logic and Computation / 180.773 / SE
- Seminar for Master Students in Software Engineering & Internet Computing / 180.777 / SE
- Seminar for PhD Students / 192.060 / SE
- Systems and Applications Security / 192.112 / VU
2023S
- Advanced Cryptography / 192.115 / VU
- Bachelor Thesis / 192.061 / PR
- Crypto Asset Analytics / 192.080 / VU
- Formal Methods for Security and Privacy / 192.059 / VU
- Fundamentals of Security and Privacy / 191.124 / VU
- Introduction to Logical Methods in Computer Science / 184.766 / VO
- Introduction to Security / 192.082 / UE
- Introduction to Security / 184.783 / VU
- Orientation Bachelor with Honors of Informatics and Business Informatics / 180.767 / SE
- Project in Computer Science 1 / 192.075 / PR
- Project in Computer Science 2 / 192.076 / PR
- Research Seminar LogiCS / 184.767 / SE
- Selected Topics in Information Security / 188.985 / VU
- Seminar for PhD Students / 192.060 / SE
Projects
-
Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design
2023 – 2026 / Austrian Science Fund (FWF) -
A Composable Rational Framework for Blockchain Systems
2022 – 2025 / Austrian Science Fund (FWF) -
Distributed Ledger Development and Implementation
2022 – 2023 / ABC Research GmbH -
Cryptographic Foundations of Privacy in Distributed Ledgers
2020 – 2027 / Vienna Science and Technology Fund (WWTF) -
Blockchain Technologies for the Internet of Things
2020 – 2025 / Christian Doppler Research Association (CDG) -
IoTIO: Analyzing and Understanding the Internet of Insecure Things
2020 – 2024 / Vienna Science and Technology Fund (WWTF) -
Security and Privacy Foundations of Blockchain Technologies
2020 – 2023 / SBA Research gemeinnützige GmbH -
Vienna Cybersecurity and Privacy Research Center
2019 – 2023 / Vienna Business Agency (WAW) -
Cryptographic Foundations for Future-proof Internet Security
2019 – 2023 / Austrian Science Fund (FWF) -
Security and Privacy for Payment-Channel Networks
2019 – 2020 / Austrian Science Fund (FWF) -
Foundations and Tools for Client-Side Web Security
2018 – 2024 / European Research Council (ERC) -
Privacy-Preserving Regulatory Technologies for Distributed Ledger Technologies
2018 – 2021 / Austrian Research Promotion Agency (FFG) -
Scalability for Lightning Networks
2018 – 2020 / Chaincode Labs Inc -
Ethertrust - Trustworthy smart contracts
2018 – 2019 / netidee.at
Publications
Note: Due to the rollout of TU Wien’s new publication database, the list below may be slightly outdated. Once APIs for the new database have been released, everything will be up to date again.
2022
- Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks / A. Naseredini, S. Gast, M. Schwarzl, Pedro Sousa Bernardo, A. Smajic, C. Canella, D. Gruss / in: "Proceedings of the 8th International Conference on Information Systems Security and Privacy", SciTePress, 2022, ISBN: 978-989-758-553-1, 48 - 59
2021
- Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures / L. Aumayr, O. Ersoy, A. Erwig, S. Faust, K. Hostáková, M. Maffei, P. Moreno-Sanchez, S. Riahi / Talk: Asiacrypt 2021, the 27th Annual International Conference on the Theory and Application of Cryptology and Information Security, Singapore; 2021-12-06 - 2021-12-10; in: "Advances in Cryptology - ASIACRYPT 2021", Springer, (2021), ISBN: 978-3-030-92074-6; 635 - 664
- EssentialFP: Exposing the Essence of Browser Fingerprinting / A. Sjösten, D. Hedin, A. Sabelfeld / Talk: EuroS&P 2021 SecWeb Workshop, Vienna; 2021-09-06; in: "IEEE European Symposium on Security and Privacy Workshops", (2021), 32 - 48
- Blitz: Secure Multi-Hop Payments Without Two-Phase Commits / L. Aumayr, P. Moreno-Sanchez, A. Kate, M. Maffei / Talk: Usenix Security Symposium, Vancouver, B.C., Canada; 2021-08-11 - 2021-08-13; in: "30th USENIX Security Symposium", USENIX: The Advanced Computing Systems Association, (2021), ISBN: 978-1-939133-24-3; 4043 - 4060
- Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web / M. Squarcina, M. Tempesta, L. Veronese, S. Calzavara, M. Maffei / Talk: 30th USENIX Security Symposium, Online; 2021-08-11 - 2021-08-13; in: "30th USENIX Security Symposium", 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, (2021), 2917 - 2934
- The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches / M. Squarcina, S. Calzavara, M. Maffei / Talk: 15th IEEE Workshop on Offensive Technologies, San Francisco, CA, USA; 2021-05-27; in: "IEEE Security and Privacy Workshops", (2021), 432 - 443
- Bitcoin-Compatible Virtual Channels / L. Aumayr, O. Ersoy, A. Erwig, S. Faust, K. Hostáková, M. Maffei, P. Moreno-Sanchez, S. Riahi / Talk: IEEE Symposium on Security and Privacy, Oakland, USA; 2021-05-23 - 2021-05-27; in: "42nd IEEE Symposium on Security and Privacy", IEEE Computer Society, (2021), 901 - 918
- A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs / E. Tairi, P. Moreno-Sanchez, M. Maffei / Talk: IEEE Symposium on Security and Privacy, Oakland, USA; 2021-05-23 - 2021-05-27; in: "42nd IEEE Symposium on Security and Privacy", (2021)
- Updatable Signatures and Message Authentication Codes / V. Cini, S. Ramacher, D. Slamanig, C. Striecks, E. Tairi / Talk: International Conference on Practice and Theory of Public-Key Cryptography (PKC), Edinburgh, Scotland; 2021-05-09 - 2021-05-13; in: "Proceedings of the 24rd IACR International Conference on the Practice and Theory of Public-Key Cryptography", Springer, Cham, Lecture Notes in Computer Science, vol 12710 (2021), ISBN: 978-3-030-75244-6; 691 - 723
- Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments / E. Tairi, P. Moreno-Sanchez, M. Maffei / Talk: International Conference on Financial Cryptography and Data Security (FC), Grenada; 2021-03-01 - 2021-03-05; in: "Proceedings of the 25th International Conference on Financial Cryptography and Data Security", (2021)
- FWS: Analyzing, Maintaining and Transcompiling Firewalls / C. Bodei, L. Ceragioli, P. Degano, R. Focardi, L. Galletta, F. Luccio, M. Tempesta, L. Veronese / Journal of Computer Security, 29 (2021), 1; 77 - 134
- The One-More Discrete Logarithm Assumption in the Generic Group Model / B. Bauer, G. Fuchsbauer, A. Plouviez / in: "Advances in Cryptology - ASIACRYPT 2021", Lecture Notes in Computer Science, vol 13093; Springer, Springer Link, 2021, ISBN: 978-3-030-92067-8, 587 - 617
- Cross-Layer Deanonymization Methods in the Lightning Protocol / M. Romiti, F. Victor, P. Moreno-Sanchez, P. Nordholt, B. Haslhofer, M. Maffei / in: "Financial Cryptography and Data Security", LNCS, volume 12674; issued by: Springer Verlag; Springer LNCS, Berlin Heidelberg, 2021, ISBN: 978-3-662-64321-1, 187 - 204
- Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM´s TrustZone / D. Quarta, M. Ianni, A. Machiry, Y. Fratantonio, E. Gustafson, D. Balzarotti, M. Lindorfer, G. Vigna, C. Krügel / in: "Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks (Checkmate ´21)", ACM (ed.); issued by: ACM; ACM, New York, 2021, ISBN: 978-1-4503-8552-7
- Nonce-Misuse Security of the SAEF Authenticated Encryption Mode / E. Andreeva, A. Bhati, D. Vizár / in: "27th International Conference, Halifax, NS, Canada (Virtual Event), October 21-23, 2020", Lecture Notes in Computer Science, vol 12804; issued by: Springer; Springer LNCS, Cham, 2021, ISBN: 978-3-030-81651-3, 512 - 534
- Optimized Software Implementations for the Lightweight Encryption Scheme ForkAE / E. Andreeva, A. Deprez, J. Bermudo Mera, A. Karmakar, A. Purnal / in: "CARDIS: International Conference on Smart Card Research and Advanced Applications", LNCS, volume 12609; issued by: Springer; Springer, Cham, 2021, ISBN: 978-3-030-68486-0, 68 - 83
- Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions / E. Andreeva, A. Roy, J. Sauer / in: "27th International Conference, Halifax, NS, Canada (Virtual Event), October 21-23, 2020", LNCS, volume 12804; issued by: Springer; Springer LNCS, Cham, 2021, ISBN: 978-3-030-81651-3, 273 - 300
- Compactness of Hashing Modes and Efficiency Beyond Merkle Tree / E. Andreeva, R. Bhattacharyya, A. Roy / in: "Advances in Cryptology - EUROCRYPT 2021", LNCS, volume 12697; issued by: Springer; Springer, Cham, 2021, ISBN: 978-3-030-77885-9, 92 - 123
- Not All Bugs Are Created Equal, But Robust Reachability Can Tell The Difference / G. Girol, B. Farinier, S. Bardin / in: "Computer Aided Verification - 33rd International Conference", vol 12759; Springer LNCS, 2021, ISBN: 978-3-030-81684-1, 669 - 693
- Transferable E-cash: A Cleaner Model and the First Practical Instantiation / B. Bauer, G. Fuchsbauer, C. Qian / in: "Public-Key Cryptography - PKC 2021", 2; Springer, 2021, 559 - 590
2020
- eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts / C. Schneidewind, I. Grishchenko, M. Scherer, M. Maffei / Talk: ACM Conference on Computer and Communications Security (CCS), Orlando; 2020-11-09 - 2020-11-13; in: "CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security", Association for Computing Machinery ACM, (2020), ISBN: 978-1-4503-7089-9; 621 - 640
- A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network / S. Tikhomirov, P. Moreno-Sanchez, M. Maffei / Talk: IEEE Security & Privacy On The Blockchain, Genova; 2020-11-07 - 2020-11-11; in: "2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)", IEEE, (2020), ISBN: 978-1-7281-8598-9; 387 - 396
- The Good, the Bad and the Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts / C. Schneidewind, M. Scherer, M. Maffei / Talk: International Symposium on Leveraging Applications of Formal Methods (ISoLA), Rhodes; 2020-10-20 - 2020-10-30; in: "International Symposium On Leveraging Applications of Formal Methods, Verification and Validation", Springer, 7609 (2020), ISBN: 978-3-642-34025-3; 1 - 20
- Bulwark: Holistic and Verified Security Monitoring of Web Protocols / L. Veronese, S. Calzavara, L. Compagna / Talk: European Symposium on Research in Computer Security (ESORICS), Guildford, United Kingdom; 2020-09-14 - 2020-09-18; in: "ESORICS 2020: Computer Security", Springer, Lecture Notes in Computer Science, vol 12308 (2020), ISBN: 978-3-030-58950-9; 23 - 41
- The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications / D. Somé, M. Squarcina, S. Calzavara, M. Maffei / Talk: EuroS&P 2020 SecWeb Workshop, Genova, IT; 2020-09-11
- Formalizing Graph Trail Properties in Isabelle/HOL / L. Kovacs, Hanna Lachnitt, S. Szeider / Talk: International Conference on Intelligent Computer Mathematics (CICM), Bertinoro, Forli, Italy; 2020-07-26 - 2020-07-31; in: "CICM 2020: Intelligent Computer Mathematics", LNCS, 12236 (2020), ISBN: 978-3-030-53518-6; 190 - 205
- Language-Based Web Session Integrity / S. Calzavara, R. Focardi, N. Grimm, M. Maffei, M. Tempesta / Talk: IEEE Computer Security Foundations Symposium, New York; 2020-06-22 - 2020-06-25; in: "33rd IEEE Computer Security Foundations Symposium", IEEE Computer Society, Washington DC (2020), ISBN: 978-1-5386-3217-8; 107 - 122
- Secrets in Source Code: Reducing False Positives using Machine Learning / A. Saha, T. Denning, V. Srikumar, S.K. Kasera / in: "2020 International Conference on COMmunication Systems & NETworkS (COMSNETS)", IEEE Xplore Digital Library, 2020, ISBN: 978-1-7281-3187-0, 168 - 175
- A Voting-Based Blockchain Interoperability Oracle / G. Scaffino, S. Schulte, M. Sober, C. Spanring / in: "4th IEEE Blockchain 2021", IEEE, 2020
- Filter List Generation for Underserved Regions / A. Sjösten, P. Snyder, A. Pastor, P. Papadopoulos, B. Livshits / in: "The Web Conference 2020", ACM/IW3C2, 2020, ISBN: 978-1-4503-7023-3, 1682 - 1692
- FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic / T. van Ede, R. Bortolameotti, A. Continella, J. Ren, D. Dubois, M. Lindorfer, D. Choffnes, M. van Steen, A. Peter / in: "Network and Distributed System Security Symposium (NDSS)", Internet Society, 2020, ISBN: 1-891562-61-4
- Simpler Constructions of Asymmetric Primitives from Obfuscation / P. Farshim, G. Fuchsbauer, A. Passelegue / in: "Progress in Cryptology - INDOCRYPT 2020", Springer, 2020, 715 - 738
- A Classification of Computational Assumptions in the Algebraic Group Model / B. Bauer, G. Fuchsbauer, J. Loss / in: "Advances in Cryptology - CRYPTO 2020", Springer, 2020, 121 - 151
- Double-Authentication-Preventing Signatures in the Standard Model / D. Catalano, G. Fuchsbauer, A. Soleimanian / in: "Security and Cryptography for Networks - SCN 2020", Springer, 2020, 338 - 358
- Efficient Signatures on Randomizable Ciphertexts / B. Bauer, G. Fuchsbauer / in: "Security and Cryptography for Networks - SCN 2020", Springer, 2020, 359 - 381
- Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model / G. Fuchsbauer, A. Plouviez, Y. Seurin / in: "Advances in Cryptology - EUROCRYPT 2020", Springer, 2020, 63 - 95
- TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records / O. van der Toorn, R. van Rijswijk-Deij, T. Fiebig, M. Lindorfer, A. Sperotto / in: "International Workshop on Traffic Measurements for Cybersecurity (WTMC)", IEEE, 2020, ISBN: 978-1-7281-8598-9
- When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features / H. Aghakhani, F. Gritti, F. Mecca, M. Lindorfer, S. Ortolani, D. Balzarotti, G. Vigna, C. Krügel / in: "Network and Distributed System Security Symposium (NDSS)", Internet Society, 2020, ISBN: 1-891562-61-4
- Generalized Bitcoin-Compatible Channels / L. Aumayr, O. Ersoy, A. Erwig, S. Faust, K. Hostáková, M. Maffei, P. Moreno-Sanchez, S. Riahi / Report for Cryptology ePrint Archive; Report No. 2020/476, 2020; 35 pages
2019
- Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / C. Egger, M. Maffei, P. Moreno-Sanchez / Talk: ACM Conference on Computer and Communications Security (CCS), London; 2019-11-11 - 2019-11-15; in: "ACM Conference on Computer and Communications Security", ACM (ed.); ACM, (2019), ISBN: 978-1-4503-6747-9; 801 - 815
- Verifying Relational Properties using Trace Logic / G. Barthe, R. Eilers, P. Georgiou, B. Gleiss, L. Kovacs, M. Maffei / Talk: International Conference on Formal Methods in Computer Aided Design (FMCAD) 2019, San Jose, US; 2019-10-22 - 2019-10-25; in: "Proceedings of Formal Methods in Computer Aided Design (FMCAD)", B. Clark, J. Yang (ed.); IEEE, https://ieeexplore.ieee.org/xpl/conhome/8891869/proceeding (2019), ISBN: 978-0-9835678-9-9; 170 - 178
- Trace Reasoning for Formal Verification using the First-Order Superposition Calculus / P. Georgiou, B. Gleiss, L. Kovacs, M. Maffei / Poster: FMCAD 2019 Student Forum, San Jose, US; 2019-10-22 - 2019-10-25
- Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / G. Malavolta, P. Moreno-Sanchez, C. Schneidewind, A. Kate, M. Maffei / Talk: ACM Advances in Financial Technologies AFT 2019, Zurich, Switzerland (invited); 2019-10-21 - 2019-10-23
- Atomic Multi-Channel Updates with Constant Collateralin Bitcoin-Compatible Payment-Channel Networks / C. Egger, P. Moreno-Sanchez, M. Maffei / Talk: Scaling Bitcoin, Israel, Tel Aviv (invited); 2019-09-11 - 2019-09-12; in: "Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security", New York (2019), ISBN: 978-1-4503-6747-9; 801 - 815
- Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / G. Malavolta, P. Moreno-Sanchez, C. Schneidewind, A. Kate, M. Maffei / Talk: Network and Distributed System Security Symposium (NDSS), San Diego, CA, US; 2019-02-24 - 2019-02-27; in: "Proceedings of 2019 Network and Distributed System Security Symposium", Reston (2019), ISBN: 1-891562-55-x; 1 - 15
- Group ORAM for Privacy and AccessControl in Outsourced Personal Records / M. Maffei, G. Malavolta, M. Reinert, D. Schröder / Journal of Computer Security, vol. 27 (2019), no. 1; 1 - 47
- Reversible Proofs of Sequential Work / K. Pietrzak, M. Walter, K. Klein, C. Kamath, H. Abusalah / in: "Advances in Cryptology - EUROCRYPT 2019", volume 11476; issued by: Springer; Springer LNCS, 2019, ISBN: 978-3-030-17652-5, 277 - 291
- Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks / A. Sjösten, S. Van Acker, P. Picazo-Sanchez, A. Sabelfeld / in: "26th Annual Network and Distributed System Security Symposium", The Internet Society, 2019, ISBN: 1-891562-55-x, 1 - 15
- Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages / E. Andreeva, J. Lallemand, A. Purnal, R. Reyhanitabar, A. Roy, D. Vizár / in: "Advances in Cryptology - ASIACRYPT 2019", issued by: Springer; Springer LNCS, Cham, 2019, ISBN: 978-3-030-34620-1, 153 - 182
- Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem / S. Calzavara, R. Focardi, M. Nemec, A. Rabitti, M. Squarcina / in: "2019 IEEE Symposium on Security and Privacy (SP)", issued by: IEEE; IEEE, 2019, ISBN: 978-1-5386-6661-6, 281 - 298
- Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges / D. Lu, P. Moreno-Sanchez, A. Zeryihun, S. Bajpayi, S. Yin, K. Feldman, J. Kosofsky, P. Mitra, A. Kate / in: "2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON)", issued by: IEEE; IEEE Computer Society, USA, 2019, ISBN: 978-1-7281-1264-0, 39 - 48
- From Firewalls to Functions and Back / L. Ceragioli, L. Galletta, M. Tempesta / in: "Proceedings of the Third Italian Conference on Cyber Security", 2315; issued by: CEUR-WS.org; CEUR-Proceedings, Aachen, 2019, ISSN: 1613-0073, Paper ID 4, 13 pages
- Gathering of robots in a ring with mobile faults / S. Das, R. Focardi, F. Luccio, E. Markou, M. Squarcina / Theoretical Computer Science, Volume 764 (2019), Volume 764; 42 pages
2018
- Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions / S. Roos, P. Moreno-Sanchez, A. Kate, I. Goldberg / Talk: Network and Distributed System Security Symposium (NDSS), San Diego; 2018-02-18 - 2018-02-21; in: "25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018", Reston (2018), ISBN: 1-1891562-49-5; 1 - 15
- Mind Your Keys? A Security Evaluation of Java Keystores / R. Focardi, M. Squarcina, G. Steel, M. Palmarini, M. Tempesta / Talk: Network and Distributed System Security Symposium (NDSS), San Diego; 2018-02-18 - 2018-02-21; in: "Proceedings of 2019 Network and Distributed System Security Symposium", (2018), ISBN: 1-891562-49-5; 1 - 15
- ClearChart: Ensuring integrity of consumer ratings in online marketplaces / P. Moreno-Sanchez, U. Mahmood, A. Kate / Computers & Security, Computers & Security 78 (2018), Volume 78; 90 - 102
- Functional Credentials / D. Deuber, M. Maffei, G. Malavolta, M. Rabkin, D. Schröder, M. Simkin / in: "Proceedings on Privacy Enhancing Technologies", Volume 2018: Issue 2; issued by: De Gruyter Open; Walter de Gruyter GmbH, Berlin, 2018, 64 - 84
- Simple Password Hardened Encryption Services / M. Maffei, M. Reinert, R. Lai, C. Egger, S. Chow, D. Schröder / in: "Proceedings of the 27th USENIX Security Symposium", 27th; issued by: USENIX Association Berkley, CA, USA; USENIX, 2018, ISBN: 978-1-931971-46-1, 1405 - 1421
- Mind Your Credit: Assessing the Health of the Ripple Credit Network / P. Moreno-Sanchez, N. Modi, R. Songhela, A. Kate, S. Fahmy / in: "Proceedings of the 2018 World Wide Web Conference", Volume 2018; issued by: International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018; ACM Digital Library, Schwitzerland, 2018, ISBN: 978-1-4503-5639-8, 329 - 338
- Information Flow Tracking for Side-Effectful Libraries / A. Sjösten, D. Hedin, A. Sabelfeld / in: "International Conference on Formal Techniques for Distributed Objects, Components, and Systems", Springer, 2018, ISBN: 978-3-319-92611-7, 141 - 160
- Subset Predicate Encryption and its Applications / J. Katz, M. Maffei, G. Malavolta, D. Schröder / in: "Cryptology and Network Security", LNCS 11261; Springer International Publishing, Cham, Switzerland, 2018, ISBN: 978-3-030-02640-0, 115 - 134
- Surviving the Web: A Journey into Web Session Security (Extended Abstract) / S. Calzavara, M. Squarcina, R. Focardi, M. Tempesta / in: "Proceedings of the 2018 World Wide Web Conference", issued by: International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018; ACM, Schwitzerland, 2018, ISBN: 978-1-4503-5640-4, 451 - 455
- Language-Independent Synthesis of Firewall Policies / C. Bodei, P. Degano, L. Galletta, R. Focardi, M. Tempesta, L. Veronese / in: "2018 IEEE European Symposium on Security and Privacy (EuroS&P 2018)", issued by: Institute of Electrical and Electronics Engineers ( IEEE ); IEEE, 2018, ISBN: 978-1-5386-4228-3, 92 - 106
- A Monadic Framework for Relational Verification: Applied to Information Security, Program Equivalence, and Optimization. / N. Grimm, K. Maillard, C. Fournet, C. Hritcu, M. Maffei, J. Protzenko, T. Ramananandro, N. Swamy, S. Zanella-Béguelin / in: "Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs", ACM Digital Library, New York, 2018, ISBN: 978-1-4503-5586-5, 130 - 145
- Foundations and Tools for the Static Analysis of Ethereum Smart Contracts / I. Gishchenko, M. Maffei, C. Schneidewind / in: "Proceedings of the 30th International Conference on Computer-Aided Verification", LNCS 10981; G. Weissenbacher, H. Chockler (ed.); issued by: Springer, Cham; Springer Open, 2018, ISBN: 978-3-319-96145-3, 51 - 78
- Transcompiling Firewalls / C. Bodei, P. Degano, R. Focardi, L. Galletta, M. Tempesta / in: "Principles of Security and Trust: 7th International Conference, POST 2018 Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018 Thessaloniki, Greece, April 14-20, 2018, Proceedings", LNCS 10804; issued by: ETAPS; Springer International Publishing AG, Cham, 2018, ISBN: 978-3-319-89721-9, 303 - 324
- MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense / R. Konoth, E. Vineti, V. Moonsamy, M. Lindorfer, C. Krügel, H. Bos, G. Vigna / in: "Proceedings of the 2018 ACM Conference on Computer and Communications Security (CCS)", ACM (ed.); ACM, 2018, ISBN: 978-1-4503-5693-0, 1714 - 1730
- Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications / E. Pan, J. Ren, M. Lindorfer, C. Wilson, D. Choffnes / in: "Privacy Enhancing Technologies Symposium (PETS)", DeGruyter, 4, 2018, 33 - 50
- GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM / V. van der Veen, M. Lindorfer, Y. Fratantonio, H. Padmanabha Pillai, G. Vigna, C. Krügel, H. Bos, K. Razavi / in: "Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)", Springer, 2018, ISBN: 978-3-319-93410-5, 92 - 113
- Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions / J. Ren, M. Lindorfer, D. Dubois, A. Rao, D. Choffnes, N. Vallina-Rodriguez / in: "Network and Distributed System Security Symposium (NDSS)", Internet Society, 2018
- UniTraX: Protecting Data Privacy with Discoverable Biases / M. Maffei, R. Munz, F. Eigner, P. Francis, D. Garg / in: "Principles of Security and Trust", LNCS 10804; Springer, Lecture Notes in Computer Science, Schwitzerland, 2018, ISBN: 978-3-319-89721-9, 278 - 299
- Equivalence Properties by Typing in Cryptographic Branching Protocols / V. Cortier, N. Grimm, J. Lallemand, M. Maffei / in: "Principles of Security and Trust", LNCS 10804; issued by: Springer, Cham; Springer LNCS, Schwitzerland, 2018, ISBN: 978-3-319-89721-9, 160 - 187
- A Semantic Framework for the Security Analysis of Ethereum smart contracts. / I. Grishchenko, C. Schneidewind, M. Maffei / in: "Principles of Security and Trust", LNCS 10804; issued by: Springer Link; Springer Open, Schwitzerland, 2018, ISBN: 978-3-319-89721-9, 243 - 269
- WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring / S. Calzavara, M. Maffei, C. Schneidewind, M. Tempesta, M. Squarcina / in: "Proceedings of the 27th USENIX Security Symposium", 27th; issued by: USENIX Association Berkley, CA, USA; USENIX, 2018, ISBN: 978-1-931971-46-1, 1493 - 1510
- Firewall Management With FireWall Synthesizer / M. Tempesta, C. Bodei, P. Degano, R. Forcardi, L. Galletta, L. Veronese / in: "keiner", issued by: Italian Conference on CyberSecurity (ITASEC); ITASEC, 2018, 1 pages
2017
- A Type System for Privacy Properties / M. Maffei, J. Lallemand, V. Cortier, N. Grimm / Talk: ACM CCS 2017 Conference on Computer and Communications Security, Dallas, USA; 2017-10-30 - 2017-11-03; in: "CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security", ACM Digital Library, New York (2017), ISBN: 978-1-4503-4946-8; 409 - 423
- A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications / M. Maffei, S. Calzavara, I. Grishchenko, A. Koutsos / Talk: IEEE Computer Security Foundations Symposium, Santa Barbara, USA; 2017-08-21 - 2017-08-25; in: "IEEE 30th Computer Security Foundations Symposium CSF 2017", IEEE Xplore Digital Library, (2017), ISBN: 978-1-5386-3217-8; Paper ID 3, 15 pages
- Run-Time Attack Detection in Cryptographic APIs / M. Squarcina, R. Focardi / Talk: IEEE Computer Security Foundations Symposium, Santa Barbara, USA; 2017-08-21 - 2017-08-25; in: "Run-Time Attack Detection in Cryptographic APIs", IEEE Xplore Digital Library, (2017), ISBN: 978-1-5386-3217-8; 176 - 188
- Principles of Security and Trust / M. Maffei, M. Ryan, P. Ah-Fat, M. Alabbad, M. Alvim, Z. Aslanyan, N. Atzei, K. Babel, M. Bartoletti, L. Bauer, A. Blot, S. Bursuc, P. Cañones, G. Casini, V. Cheval, T. Cimoli, M. Cramer, J. Dreier, C. Duménil, D. Hedin, M. Hicks, M. Huth, L. Jia, C. Johansen, O. Jones, R. Khedri, B. Köpf, S. Kremer, P. Laud, P. Mardziel, F. Nielson, M. Pettai, F. Piessens, W. Rafnsson, J. Reineke, A. Sabelfeld, R. Sasse, T. Terauchi, S. Xu, M. Yamamoto, A. Sjösten / Springer-Verlag, Berlin, Heidelberg, 2017, ISBN: 978-3-662-54454-9; 321 pages
- Surviving the Web: A Journey into Web Session Security / S. Calzavara, M. Squarcina, M. Tempesta, R. Focardi / Acm Computing Surveys, Volume 50 Issue 1 (2017), 13; 1 - 34
- On the Security of Frequency-Hiding Order-Preserving Encryption / M. Reinert, D. Schröder, M. Maffei / in: "Cryptology and Network Security", Lecture Notes in Computer Science, vol 11261; Springer International Publishing, Cham, Switzerland, 2017, ISBN: 978-3-030-02640-0, 51 - 70
- A Principled Approach to Tracking Information Flow in the Presence of Libraries / D. Hedin, A. Sjösten, F. Piessens, A. Sabelfeld / in: "6th International Conference on Principles of Security and Trust", Springer, 2017, ISBN: 978-3-662-54454-9, 49 - 70
- Discovering Browser Extensions via Web Accessible Resources / A. Sjösten, S. Van Acker, A. Sabelfeld / in: "7th ACM Conference on Data and Application Security and Privacy", ACM, 2017, ISBN: 978-1-4503-4523-1, 329 - 336
- Maliciously Secure Multi-Client ORAM / G. Malavolta, M. Reinert, D. Schröder, M. Maffei / in: "Applied Cryptography and Network Security", LNCS 10355; D. Gollmann, A. Miyaji, H. Kikuchi (ed.); © Springer International Publishing AG 2017, Cham, 2017, ISBN: 978-3-319-61203-4, 645 - 664
- Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis / A. Continella, Y. Fratantonio, M. Lindorfer, A. Puccetti, A. Zand, C. Krügel, G. Vigna / in: "Network and Distributed System Security Symposium (NDSS)", Internet Society, 2017
- SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks / M. Maffei, P. Moreno-Sanchez, A. Kate, G. Malavolta / in: "2017 Network and Distributed System Security Symposium", Internet Society, Reston, Virginia, USA, 2017, ISBN: 1-891562-46-0, 1 - 15
- Concurrency and Privacy with Payment-Channel Networks / M. Maffei, A. Kate, G. Malavolta, P. Moreno-Sanchez, S. Ravi / in: "CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security", ACM Digital Library, New York, 2017, ISBN: 978-1-4503-4946-8, 455 - 471
2016
- Drammer: Deterministic Rowhammer Attacks on Mobile Platforms / V. van der Veen, Y. Fratantonio, M. Lindorfer, D. Gruss, C. Maurice, G. Vigna, H. Bos, K. Razavi, C. Giuffrida / in: "ACM Conference on Computer and Communications Security (CCS)", ACM, 2016, ISBN: 978-1-4503-4139-4, 1675 - 1689
- ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic / J. Ren, A. Rao, M. Lindorfer, A. Legout, D. Choffnes / in: "International Conference on Mobile Systems, Applications and Services (MobiSys)", ACM, 2016, 361 - 374
- CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes / P. Carter, C. Mulliner, M. Lindorfer, W. Robertson, E. Kirda / in: "International Conference on Financial Cryptography and Data Security (FC)", Springer, 2016, ISBN: 978-3-662-54969-8, 231 - 249
2015
- Open problems in hash function security / E. Andreeva, B. Mennink, B. Preneel / Designs Codes and Cryptography, 77 (2015), 611 - 631
- Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis / M. Lindorfer, M. Neugschwandtner, Ch. Platzer / in: "Proceedings of the IEEE 39th Annual Computer Software and Applications Conference (COMPSAC)", IEEE, 2015, ISBN: 978-1-4673-6564-2, 422 - 433
2014
- Provably Sound Browser-Based Enforcement of Web Session Integrity / S. Calzavara, R. Focardi, W. Khan, M. Tempesta / in: "2014 IEEE 27th Computer Security Foundations Symposium", IEEE Computer Society, 2014, ISBN: 978-1-4799-4290-9, 366 - 380
- Enter Sandbox: Android Sandbox Comparison / S. Neuner, v. Victor, M. Lindorfer, M. Huber, M. Georg, M. Mulazzani, E. Weippl / in: "Proceedings of the IEEE Mobile Security Technologies Workshop (MoST)", IEEE, 2014
- Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images / Ch. Platzer, M. Stütz, M. Lindorfer / in: "Proceedings of the 2nd International Workshop on Security and Forensics in Communication Systems (ASIACCS-SFCS)", IEEE, 2014, ISBN: 978-1-4503-2802-9, 45 - 56
- AndRadar: Fast Discovery of Android Applications in Alternative Markets / M. Lindorfer, V. Volanis, A. Sisto, M. Neugschwandtner, E. Athanasopoulos, F. Maggi, Ch. Platzer, S. Zanero, S. Ioannidis / in: "Proceedings of the 11th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)", Springer, LNCS 8550, 2014, ISBN: 978-3-319-08508-1, 51 - 71
- Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors / M. Lindorfer, M. Neugschwandtner, L. Weichselbaum, Y. Fratantonio, V. van der Veen, Ch. Platzer / in: "Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)", IEEE, 2014, ISBN: 978-1-4799-8308-7, 3 - 17
2013
- POSTER: Cross-Platform Malware: Write Once, Infect Everywhere / M. Lindorfer, M. Neumayr, J. Caballero, Ch. Platzer / Poster: ACM Conference on Computer and Communications Security (CCS), Berlin; 2013-11-04 - 2013-11-08; in: "ACM Conference on Computer and Communications Security (CCS)", (2013)
- A View to a Kill: WebView Exploitation / M. Neugschwandtner, M. Lindorfer, Ch. Platzer / in: "USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)", USENIX, 2013
- Take a Bite - Finding the Worm in the Apple / M. Lindorfer, B. Miller, M. Neugschwandtner, Ch. Platzer / in: "International Conference on Information, Communications and Signal Processing (ICICS)", IEEE, 2013
2012
- Lines of Malicious Code: Insights Into the Malicious Software Industry / M. Lindorfer, A. Di Federico, F. Maggi, P. Milani Comparetti, S. Zanero / in: "Proceedings of the 28th Annual Computer Security Applications Conference", ACM, New York, 2012, ISBN: 978-1-4503-1312-4, 349 - 358
2011
- Detecting Environment-Sensitive Malware / M. Lindorfer, C. Kolbitsch, P. Milani Comparetti / in: "Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (2011)", Springer, 2011, ISBN: 978-3-642-23643-3
Theses
Note: Due to the rollout of TU Wien’s new publication database, the list below may be slightly outdated. Once APIs for the new database have been released, everything will be up to date again.
- Analysis of Decentralized Mixing Services in the Greater Bitcoin Ecosystem / Master Thesis by J. Stockinger / Supervisor: M. Maffei, B. Haslhofer; Institut of Logic and Computation, Security and Privacy, 2021; final examination: 2021-10-07
- Privacy Preserving Authenticated Key Exchange - Modelling, Constructions, Proofs and Verification using Tamarin / Master Thesis by A Weninger / Supervisor: M. Maffei, D. Slamanig; Institut of Logic and Computation, Security and Privacy, 2021; final examination: 2021-08-27
- Adaptor Signature Based Atomic Swaps Between Bitcoin and a Mimblewimble Based Cryptocurrency / Master Thesis by J. Abfalter / Supervisor: M. Maffei, P. Moreno-Sanchez; Institut of Logic and Computation, Security and Privacy, 2021; final examination: 2021-07-01
- Foundations for the Security Analysis of Distributed Blockchain Applications / Doctoral Thesis by C. Schneidewind / Supervisor, Reviewer: M. Maffei, A. Gervais, B. Scholz; Institut of Logic and Computation, Security and Privacy, 2021; oral examination: 2021-05-28
- Static and Dynamic Enforcement of Security via Relational Reasoning / Doctoral Thesis by N. Grimm / Supervisor, Reviewer: M. Maffei, F. Piessens, G. Barthe; Institut of Logic and Computation, Security and Privacy, 2021; oral examination: 2021-03-15
- Static Analysis of Low-Level Code / Doctoral Thesis by I. Grishchenko / Supervisor, Reviewer: M. Maffei, G. Weissenbacher, A. Sabelfeld, K. Bhargavan; Institut of Logic and Computation, Security and Privacy, 2021; oral examination: 2021-01-25
- Payment Channel Network Analysis with Focus on Lightning Network / Master Thesis by P. Holzer / Supervisor: M. Maffei, B. Haslhofer; Institut of Logic and Computation, Security and Privacy, 2020; final examination: 2020-05-29
- Static Amalysis of eWASM Contracts / Master Thesis by A. Schwarz / Supervisor: C. Schneidewind, M. Maffei; Institut of Logic and Computation, Security and Privacy, 2020; final examination: 2020-01-15
- Automated Prognosis of the Development of Cryptocurrency Prices / Master Thesis by L. Aumayr / Supervisor: H. Eidenberger; Visual Computing and Human-Centered Technology, 2019; final examination: 2019-06
- Theoretical and Practical Smart Contracts Realization of an Investment Fund / Master Thesis by J. Schneider / Supervisor: M. Maffei, C. Schneidewind, I. Grishchenko; Institut of Logic and Computation, Security and Privacy, 2018; final examination: 2018-08-31
- Malware Through the Looking Glass: Malware Analysis in an Evolving Threat Landscape / Doctoral Thesis by M. Lindorfer / Supervisor, Reviewer: E. Weippl, T. Holz, E. Kirda; Institut für Rechnergestützte Automation, 2016; oral examination: 2016-02-02
- Current State of Browser Extension Security and Extension-based Malware / Master Thesis by M. Neumayr / Supervisor: W. Kastner, M. Lindorfer; Rechnergestützte Automation, 2015; final examination: 2015-04-14
- Detecting Environment-Sensitive Malware / Master Thesis by M. Lindorfer / Supervisor: E. Kirda, P. Milani Comparetti, C. Kolbitsch; Institut für Rechnergestützte Automation, 2011
And more…
Soon, this page will include additional information such as reference projects, conferences, events, and other research activities.
Until then, please visit Security and Privacy’s research profile in TISS .