theme image

Publications

Full list of my academic papers.

Bibtex Citation

@inproceedings{ BURSZTEIN2007A,title = {A logical framework for evaluating network resilience against faults and attacks},author = {"Elie, Bursztein" and "Jean, Goubault-Larrecq"},booktitle = {12th Asian Computing Science Conference},year = {2007},organization = {Springer}}/n@inproceedings{ THOMAS2015AD,title = {Ad injection at scale: assessing deceptive advertisement modifications},author = {"Kurt, Thomas" and "Elie, Bursztein" and "Chris, Grier" and "Grant, Ho" and "Nav, Jagpal" and "Alexandros, Kapravelos" and "Damon, McCoy" and "Antonio, Nappa" and "Vern, Paxson" and "Paul, Pearce" and "Niels, Provos" and "Moheeb, Abu Rajab"},booktitle = {Security and Privacy},year = {2015},organization = {IEEE}}/n@inproceedings{ AGGARWAL2010AN,title = {An analysis of private browsing modes in modern browsers},author = {"Gaurav, Aggarwal" and "Elie, Bursztein" and "Collin, Jackson" and "Dan, Boneh"},booktitle = {Usenix Security},year = {2010},organization = {Usenix}}/n@inproceedings{ RYDSTEDT2010BUSTING,title = {Busting frame busting a study of clickjacking vulnerabilities on popular sites},author = {"Gustav, Rydstedt" and "Elie, Bursztein" and "Dan, Boneh" and "Collin, Jackson"},booktitle = {Web 2.0 Security and Privacy},year = {2010},organization = {IEEE}}/n@inproceedings{ TEJA PEDDINTI2014CLOAK,title = {Cloak and swagger: understanding data sensitivity through the lens of user anonymity},author = {"Sai, Teja Peddinti" and "Aleksandra, Korolova" and "Elie, Bursztein" and "Geetanjali, Sampemane"},booktitle = {Security And Privacy},year = {2014},organization = {IEEE}}/n@inproceedings{ INVERNIZZI2016CLOAK,title = {Cloak of visibility: detecting when machines browse a different web},author = {"Luca, Invernizzi" and "Kurt, Thomas" and "Alexandros, Kapravelos" and "Oxana, Comanescu" and "Jean-Michel, Picod" and "Elie, Bursztein"},booktitle = {Security and Privacy},year = {2016},organization = {IEEE}}/n@inproceedings{ THOMAS2017DATA,title = {Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials},author = {"Kurt, Thomas" and "Frank, Li" and "Ali, Zand" and "Jacob, Barrett" and "Juri, Ranieri" and "Luca, Invernizzi" and "Yarik, Markov" and "Oxana, Comanescu" and "Vijay, Eranti" and "Angelika, Moscicki" and "Daniel, Margolis" and "Vern, Paxson" and "Elie, Bursztein"},booktitle = {Computer and Communications Security},year = {2017},organization = {ACM}}/n@inproceedings{ KARUNAKARAN2018DATA,title = {Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data},author = {"Sowmya, Karunakaran" and "Kurt, Thomas" and "Elie, Bursztein" and "Oxana, Comanescu"},booktitle = {Symposium on Usable Security and Privacy},year = {2018},organization = {Usenix}}/n@inproceedings{ BURSZTEIN2009DECAPTCHA,title = {Decaptcha breaking 75% of ebay audio captchas},author = {"Elie, Bursztein" and "Steven, Bethard"},booktitle = {3rd USENIX Workshop On Offensive Technologies},year = {2009},organization = {Usenix}}/n@inproceedings{NANDESIGNING,title = {Designing Toxic Content Classification for a Diversity of Perspectives},author = {"Deepak Kumar" and "Patrick Gage Kelley" and "Sunny Consolvo" and "Joshua Mason" and "Elie Bursztein" and "Zakir Durumeric" and "Kurt Thomas" and "Michael Bailey"},booktitle = {SOUPS},year = {2021},organization = {Usenix}}/n@inproceedings{ THOMAS2014DIALING,title = {Dialing back abuse on phone verified accounts},author = {"Kurt, Thomas" and "Dmytro, Latskiv" and "Elie, Bursztein" and "Tadek, Pietraszek" and "Chris, Grier" and "Damon, McCoy"},booktitle = {Conference on Computer and Communications Security},year = {2014},organization = {AMC}}/n@inproceedings{ BURSZTEIN2014EASY,title = {Easy does it: more usable captchas},author = {"Elie, Bursztein" and "Angelika, Moscicki" and "Celine, Fabry" and "Steven, Bethard" and "John C., Mitchell" and "Dan, Jurafsky"},booktitle = {Conference on Human Factors in Computing Systems},year = {2014},organization = {ACM}}/n@inproceedings{ BURSZTEIN2008EXTENDING,title = {Extending anticipation games with location penalty and timeline},author = {"Elie, Bursztein"},booktitle = {Revised Selected Papers of the 5th International Workshop on Formal Aspects in Security and Trust},year = {2008},organization = {IEEE}}/n@inproceedings{ RYDSTEDT2010FRAMING,title = {Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks},author = {"Gustav, Rydstedt" and "Baptiste, Gourdin" and "Elie, Bursztein" and "Dan, Boneh"},booktitle = {Workshop On Offensive Technologies},year = {2010},organization = {Usenix}}/n@inproceedings{ THOMAS2015FRAMING,title = {Framing dependencies introduced by underground commoditization},author = {"Kurt, Thomas" and "Danny, Huang" and "David, Wang" and "Elie, Bursztein" and "Chris, Grier" and "Thomas J., Holt" and "Christopher, Kruegel" and "Damon, McCoy" and "Stefan, Savage" and "Giovanni, Vigna"},booktitle = {Workshop on Economics of Information Security},year = {2015},organization = {WEIS}}/n@inproceedings{NANGENERALIZED,title = {Generalized Power Attacks against Crypto Hardware using Long-Range Deep Learning},author = {"Elie Bursztein" and "Luca Invernizzi" and "Karel Král" and "Daniel Moghimi" and "Jean-Michel Picod" and "Marina Zhang"},booktitle = {Cryptographic Hardware and Embedded Systems},year = {2024},organization = {ICAR}}/n@inproceedings{ BURSZTEIN2014HANDCRAFTED,title = {Handcrafted fraud and extortion: manual account hijacking in the wild},author = {"Elie, Bursztein" and "Borbala, Benko" and "Daniel, Margolis" and "Tadek, Pietraszek" and "Andy, Archer" and "Allan, Aquino" and "Andreas, Pitsillidis" and "Stefan, Savage"},booktitle = {Internet Measurement Conference},year = {2014},organization = {AMC}}/n@inproceedings{ BURSZTEIN2010HOW,title = {How good are humans at solving captchas a large scale evaluation},author = {"Elie, Bursztein" and "Steven, Bethard" and "Celine, Fabry" and "Dan, Jurafsky" and "John C., Mitchell"},booktitle = {Security and Privacy},year = {2010},organization = {IEEE}}/n@inproceedings{NANHYBRID,title = {Hybrid Post-Quantum Signatures in Hardware Security Keys},author = {"Diana Ghinea" and "Fabian Kaczmarczyck" and "Jennifer Pullman" and "Julien Cretin" and "Stefan Kolbl" and "Rafael Misoczki" and "Jean-Michel Picod" and "Luca Invernizzi" and "Elie Bursztein"},booktitle = {International Conference on Applied Cryptography and Network Security},year = {2023},organization = {Spring}}/n@inproceedings{ BURSZTEIN2016I,title = {I am a legend hacking hearthstone using statistical learning methods},author = {"Elie, Bursztein"},booktitle = {Computational Intelligence and Games conference},year = {2016},organization = {IEEE}}/n@inproceedings{ THOMAS2016INVESTIGATING,title = {Investigating commercial pay-per-install and the distribution of unwanted software},author = {"Kurt, Thomas" and "Juan A. Elices, Crespo" and "Ryan, Rasti" and "Jean-Michel, Picod" and "Cait, Phillips" and "Marc-Andre, Decoste" and "Chris, Sharp" and "Fabio, Tirelo" and "Ali, Tofigh" and "Marc-Antoine, Courteau" and "Lucas, Ballard" and "Robert, Shield" and "Nav, Jagpal" and "Moheeb, Abu Rajab" and "Panayiotis, Mavrommatis" and "Niels, Provos" and "Elie, Bursztein" and "Damon, McCoy"},booktitle = {Usenix Security},year = {2016},organization = {Usenix}}/n@inproceedings{ THOMAS2022IT'S,title = {It's common and a part of being a content creator: Understanding How Creators Experience and Cope with Hate and Harassment Online},author = {"Kurt, Thomas" and "Patrick Gage Kelley" and "Sunny Consolvo" and "Patrawat Samermit" and "Elie, Bursztein"},booktitle = {Conference on Human Factors in Computing Systems},year = {2022},organization = {ACM}}/n@inproceedings{ BOJINOV2010KAMOUFLAGE,title = {Kamouflage loss-resistant password management},author = {"Hristo, Bojinov" and "Elie, Bursztein" and "Dan, Boneh" and "Xavier, Boyen"},booktitle = {European Symposium On Research In Computer Security},year = {2010},organization = {IEEE}}/n@inproceedings{NANLEVERAGING,title = {Leveraging Virtual Reality to Enhance Diversity and Inclusion training at Google},author = {"Elie Bursztein" and "Karla Brown" and "Patrick Gage Kelley" and "Leonie Sanderson"},booktitle = {Conference on Human Factors in Computing Systems},year = {2024},organization = {ACM}}/n@inproceedings{ DURUMERIC2015NEITHER,title = {Neither snow nor rain nor mitm . . . an empirical analysis of email delivery security},author = {"Zakir, Durumeric" and "David, Adrian" and "Ariana, Mirian" and "James, Kasten" and "Elie, Bursztein" and "Nicolas, Lidzborski" and "Kurt, Thomas" and "Vijay, Eranti" and "Michael, Bailey" and "J. Alex, Halderman"},booktitle = {IMC},year = {2015},organization = {ACM}}/n@inproceedings{ BURSZTEIN2008NETQI,title = {Netqi a model checker for anticipation game},author = {"Elie, Bursztein"},booktitle = {6th International Symposium on Automated Technology for Verification and Analysis},year = {2008},organization = {Springer}}/n@inproceedings{ SCHWANDA SOSIK2014ONLINE,title = {Online microsurveys for user experience research},author = {"Victoria, Schwanda Sosik" and "Elie, Bursztein" and "Sunny, Consolvo" and "David, Huffaker" and "Gueorgi, Kossinets" and "Kerwell, Liao" and "Paul, McDonald" and "Aaron, Sedley"},booktitle = {Human Factors in Computing Systems},year = {2014},organization = {ACM}}/n@inproceedings{ BURSZTEIN2011OPENCONFLICT,title = {Openconflict preventing real time map hacks in online games},author = {"Elie, Bursztein" and "Jocelyn, Lagarenne" and "Mike, Hamburg" and "Dan, Boneh"},booktitle = {Security and Privacy},year = {2011},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2016PICASSO:,title = {Picasso: Lightweight Device Class Fingerprinting for Web Clients},author = {"Elie, Bursztein" and "Artem, Malyshey" and "Tadek, Pietraszek" and "Kurt, Thomas"},booktitle = {Workshop on Security and Privacy in Smartphones and Mobile Devices},year = {2016},organization = {ACM}}/n@inproceedings{ HUANG2017PINNING,title = {Pinning Down Abuse on Google Maps},author = {"Danny Y., Huang" and "Doug, Grundman" and "Kurt, Thomas" and "Abhishek, Kumar" and "Elie, Bursztein" and "Kirill, Levchenko" and "Alex C., Snoeren"},booktitle = {World Wide Web},year = {2017},organization = {WWW}}/n@inproceedings{ BURSZTEIN2008PROBABILISTIC,title = {Probabilistic protocol identification for hard to classify protocol},author = {"Elie, Bursztein"},booktitle = {2nd International Workshop on Information Security Theory and Practices},year = {2008},organization = {Springer}}/n@inproceedings{ THOMAS2019PROTECTING,title = {Protecting accounts from credential stuffing with password breach alerting},author = {"Kurt, Thomas" and "Jennifer, Pullman" and "Kevin, Yeo" and "Ananth, Raghunathan" and "Patrick, Gage Kelley" and "Luca, Invernizzi" and "Borbala, Benko" and "Tadek, Pietraszek" and "Sarvar, Patel" and "Dan, Boneh" and "Elie, Bursztein"},booktitle = {Proceedings of the USENIX Security Symposium},year = {2019},organization = {Usenix}}/n@inproceedings{ BURSZTEIN2011RECLAIMING,title = {Reclaiming the blogosphere talkback a secure linkback protocol for weblogs},author = {"Elie, Bursztein" and "Baptiste, Gourdin" and "John C., Mitchell"},booktitle = {European Symposium on Research in Computer Security},year = {2011},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2010RECOVERING,title = {Recovering windows secrets and efs certificates offline},author = {"Elie, Bursztein" and "Jean-Michel, Picod"},booktitle = {Workshop On Offensive Technologies},year = {2010},organization = {Usenix}}/n@inproceedings{ LI2016REMEDYING,title = {Remedying web hijacking notification effectiveness and webmaster comprehension},author = {"Frank, Li" and "Grant, Ho" and "Eric, Kuan" and "Yuan, Niu" and "Lucas, Ballard" and "Kurt, Thomas" and "Elie, Bursztein" and "Vern, Paxson"},booktitle = {Word Wide Web},year = {2016},organization = {WWW}}/n@inproceedings{ BURSZTEIN2019RETHINKING,title = {Rethinking the detection of child sexual abuse imagery on the Internet},author = {"Elie, Bursztein" and "Travis, Bright" and "Michelle, DeLaune" and "David M., Eliff" and "Nick, Hsu" and "Lindsey, Olson" and "John, Shehan" and "Madhukar, Thakur" and "Kurt, Thomas"},booktitle = {World Wide Web},year = {2019},organization = {WWW}}/n@inproceedings{NANRETSIM:,title = {RETSim: Resilient and Efficient Text Similarity},author = {"Marina Zhang" and "Owen Vallis" and "Aysegul Bumin" and "Tanay Vakharia" and "Elie Bursztein"},booktitle = {International Conference on Learning Representations},year = {2024},organization = {ICLR}}/n@inproceedings{ BURSZTEIN2023RETVEC:,title = {RETVec: Resilient and Efficient Text Vectorizer},author = {"Elie, Bursztein" and "Marina, Zhang" and "Owen, Vallis" and "Xinyu, Jia" and "Alexandros, Kapravelos" and "Alexey, Kurakin"},booktitle = {Neural Information Processing Systems},year = {2023},organization = {NeurIPS}}/n@inproceedings{ BONNEAU2015SECRETS,,title = {Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google},author = {"Joseph, Bonneau" and "Elie, Bursztein" and "Ilan, Caron" and "Rob, Jackson" and "Mike, Williamson"},booktitle = {22nd international conference on World Wide Web},year = {2015},organization = {ACM}}/n@inproceedings{ BURSZTEIN2012SESSIONJUGGLER,title = {Sessionjuggler secure web login from an untrusted terminal using session hijacking},author = {"Elie, Bursztein" and "Chinmay, Soman" and "Dan, Boneh" and "John C., Mitchell"},booktitle = {World Wide Web},year = {2012},organization = {WWW}}/n@inproceedings{NANSOK:,title = {SoK: Hate, Harassment, and the Changing Landscape of Online Abuse},author = {"Kurt Thomas" and "Devdatta Akhawe" and "Michael Bailey" and "Dan Boneh" and "Elie Bursztein" and "Sunny Consolvo" and "Nicola Dell" and "Zakir Durumeric" and "Patrick Gage Kelley" and "Deepak Kumar" and "Damon McCoy" and "Sarah Meiklejohn" and "Thomas Ristenpart" and "Gianluca Stringhini"},booktitle = {Security and Privacy},year = {2021},organization = {IEEE}}/n@inproceedings{NANSPOTLIGHT:,title = {Spotlight: Malware Lead Generation At Scale},author = {"Fabian Kaczmarczyck" and "Bernhard Grill" and "Luca Invernizzi" and "Jennifer Pullman" and "Cecilia M. Procopiuc" and "David Tao" and "Borbala Benko" and "Elie Bursztein"},booktitle = {Proceedings of Annual Computer Security Applications Conference},year = {2020},organization = {ACM}}/n@inproceedings{ BAU2010STATE,title = {State of the art automated black-box web application vulnerability testing},author = {"Jason, Bau" and "Elie, Bursztein" and "Divij, Gupta" and "John C., Mitchell"},booktitle = {Security and Privacy},year = {2010},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2011TEXT-BASED,title = {Text-based captcha strengths and weaknesses},author = {"Elie, Bursztein" and "Matthieu, Martin" and "John C., Mitchell"},booktitle = {Computer and Communications Security},year = {2011},organization = {ACM}}/n@inproceedings{ THOMAS2016THE,title = {The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges},author = {"Kurt, Thomas" and "Rony, Amira" and "Adi, Ben-Yoash" and "Ori, Folger" and "Amir, Hardon" and "Ari, Berger" and "Elie, Bursztein" and "Michael, Bailey"},booktitle = {Research in Attacks, Intrusions, and Defenses},year = {2016},organization = {Springer}}/n@inproceedings{ BOJINOV2010THE,title = {The emergence of cross channel scripting},author = {"Hristo, Bojinov" and "Elie, Bursztein" and "Dan, Boneh"},booktitle = {Communications of the ACM Journal},year = {2010},organization = {ACM}}/n@inproceedings{ BURSZTEIN2014THE,title = {The end is nigh: generic solving of text-based captchas},author = {"Elie, Bursztein" and "Jonathan, Aigrain" and "Angelika, Mosciki" and "John, Mitchell"},booktitle = {Workshop on Offensive Technology},year = {2014},organization = {Usenix}}/n@inproceedings{ BURSZTEIN2011THE,title = {The failure of noise-based non-continuous audio captchas},author = {"Elie, Bursztein" and "Romain, Bauxis" and "Hristo, Paskov" and "Daniele, Perito" and "Celine, Fabry" and "John C., Mitchell"},booktitle = {Security and Privacy},year = {2011},organization = {IEEE}}/n@inproceedings{ STEVENS2017THE,title = {The first collision for full SHA-1},author = {"Marc, Stevens" and "Elie, Bursztein" and "Pierre, Karpman" and "Ange, Albertini" and "Yarik, Markov"},booktitle = {Crypto},year = {2017},organization = {IACR}}/n@inproceedings{ DURUMERIC2017THE,title = {The Security Impact of HTTPS Interception},author = {"Zakir, Durumeric" and "Zane, Ma" and "Drew, Springall" and "Richard, Barnes" and "Nick, Sullivan" and "Elie, Bursztein" and "Michael, Bailey" and "J Alex, Halderman" and "Vern, Paxson"},booktitle = {Network and Distributed Systems Symposium},year = {2017},organization = {Internet Society}}/n@inproceedings{ SAMBASIVAN2019THEY,title = {They Don't Leave Us Alone Anywhere We Go - Gender and Digital Abuse in South Asia},author = {"Nithya, Sambasivan" and "Amna, Batool" and "Nova, Ahmed" and "Tara, Matthews" and "Kurt, Thomas" and "Laura, Sanely Gaytán-Lugo" and "David, Nemer" and "Elie, Bursztein" and "Elizabeth, Churchill" and "Sunny, Consolvo"},booktitle = {CHI Conference on Human Factors in Computing Systems},year = {2019},organization = {ACM}}/n@inproceedings{NANFIVE,title = {Five years of the Right to Be Forgotten},author = {"Theo Bertram" and "Elie Bursztein" and "Stephanie Caro" and "Hubert Chao" and "Rutledge Chin Feman" and "Peter Fleischer" and "Albin Gustafsson" and "Jess Hemerly" and "Chris Hibbert" and "Luca Invernizzi" and "Lanah Kammourieh Donnelly" and "Jason Ketover" and "Jay Laefer" and "Paul Nicholas" and "Yuan Niu" and "Harjinder Obhi" and "David Price" and "Andrew Strait" and "Kurt Thomas" and "Al Verney"},booktitle = {Computer and Communications Security},year = {2019},organization = {ACM}}/n@inproceedings{ BURSZTEIN2007TIME,title = {Time has something to tell us about network address translation},author = {"Elie, Bursztein"},booktitle = {12th Nordic Workshop on Secure IT Systems},year = {2007},organization = {Springer}}/n@inproceedings{ GOURDIN2011TOWARDS,title = {Towards secure embedded web interfaces},author = {"Baptiste, Gourdin" and "Chinmay, Soman" and "Hristo, Bojinov" and "Elie, Bursztein"},booktitle = {Usenix Security},year = {2011},organization = {Usenix}}/n@inproceedings{ BURSZTEIN2009TRACKBACK,title = {Trackback spam abuse and prevention},author = {"Elie, Bursztein" and "Peifung E., Lam" and "John C., Mitchell"},booktitle = {Cloud Computing Security Workshop},year = {2009},organization = {ACM}}/n@inproceedings{ YUXING HUANG2018TRACKING,title = {Tracking desktop ransomware payments end to end },author = {"Danny, Yuxing Huang" and "Maxwell, Aliapoulios" and "Vector, Guo" and "Luca, Invernizzi" and "Kylie, McRoberts" and "Elie, Bursztein" and "Jonathan, Levin" and "Kirill, Levchenko" and "Alex, C. Snoeren" and "Damon, McCoy"},booktitle = {Security and Privacy},year = {2018},organization = {IEEE}}/n@inproceedings{ ANTONAKAKIS2017UNDERSTANDING,title = {Understanding the Mirai Botnet},author = {"Manos, Antonakakis" and "Tim, April" and "Michael, Bailey" and "Matt, Bernhard" and "Elie, Bursztein" and "Jaime, Cochran" and "Zakir, Durumeric" and "J. Alex, Halderman" and "Luca, Invernizzi" and "Michalis, Kallitsis" and "Deepak, Kumar" and "Chaz, Lever" and "Zane, Ma" and "Joshua, Mason" and "Damian, Menscher" and "Chad, Seaman" and "Nick, Sullivan" and "Kurt, Thomas" and "Yi, Zhou"},booktitle = {Usenix Security},year = {2017},organization = {Usenix}}/n@inproceedings{ TISCHER2016USERS,title = {Users really do plug in usb drives they find},author = {"Matthew, Tischer" and "Zakir, Durumeric" and "Sam, Foster" and "Sunny, Duan" and "Alec, Mori" and "Elie, Bursztein" and "Michael, Bailey"},booktitle = {Security and Privacy},year = {2016},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2009USING,title = {Using strategy objectives for network security analysis},author = {"Elie, Bursztein" and "John C., Mitchell"},booktitle = {5th China International Conference on Information Security and Cryptology},year = {2009},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2010WEBSECLAB,title = {Webseclab security education workbench},author = {"Elie, Bursztein" and "Baptiste, Gourdin" and "Celine, Fabry" and "Jason, Bau" and "Gustav, Rydstedt" and "Hristo, Bojinov" and "Dan, Boneh" and "John C., Mitchell"},booktitle = {Cyber Security Experimentation and Test},year = {2010},organization = {Usenix}}/n@inproceedings{NANWHO,title = {Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk},author = {"Camelia Simoiu" and "Ali Zand" and "Kurt Thomas" and "Elie Bursztein"},booktitle = {Internet Measurement Conference},year = {2020},organization = {ACM}}/n@inproceedings{NANWHY,title = {Why wouldn't someone think of democracy as a target? Security practices & challenges of people involved with U.S. political campaigns"},author = {"Sunny Consolvo" and "Patrick Gage Kelley" and "Tara Matthews" and "Kurt Thomas" and "Lee Dunn" and "Elie Bursztein"},booktitle = {Usenix Security},year = {2021},organization = {Usenix}}/n@inproceedings{ BOJINOV2009XCS,title = {Xcs cross channel scripting and its impact on web applications},author = {"Hristo, Bojinov" and "Elie, Bursztein" and "Dan, Boneh"},booktitle = {Computer and Communications Security},year = {2009},organization = {ACM}}/n

publications logo
Generalized Power Attacks against Crypto Hardware using Long-Range Deep Learning
cryptography

Generalized Power Attacks against Crypto Hardware using Long-Range Deep Learning

CHES 2024

Leveraging Virtual Reality to Enhance Diversity and Inclusion training at Google
user experience

Leveraging Virtual Reality to Enhance Diversity and Inclusion training at Google

CHI 2024

RETSim: Resilient and Efficient Text Similarity
AI

RETSim: Resilient and Efficient Text Similarity

ICLR 2024

RETVec: Resilient and Efficient Text Vectorizer
AI

RETVec: Resilient and Efficient Text Vectorizer

NeurIPS 2023

Hybrid Post-Quantum Signatures in Hardware Security Keys
cryptography

Hybrid Post-Quantum Signatures in Hardware Security Keys

ACNS 2023

It's common and a part of being a content creator: Understanding How Creators Experience and Cope with Hate and Harassment Online
user experience

It's common and a part of being a content creator: Understanding How Creators Experience and Cope with Hate and Harassment Online

CHI 2022

Designing Toxic Content Classification for a Diversity of Perspectives
cybersecurity

Designing Toxic Content Classification for a Diversity of Perspectives

SOUPS 2021

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse
cybersecurity

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

S&P 2021

Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk
cybersecurity

Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk

IMC 2020

Why wouldn't someone think of democracy as a target? Security practices & challenges of people involved with U.S. political campaigns"
cybersecurity

Why wouldn't someone think of democracy as a target? Security practices & challenges of people involved with U.S. political campaigns"

Usenix Security 2021

Spotlight: Malware Lead Generation At Scale
security

Spotlight: Malware Lead Generation At Scale

ACSAC 2020

Five years of the Right to Be Forgotten
web

Five years of the Right to Be Forgotten

CCS 2019

Protecting accounts from credential stuffing with password breach alerting
security

Protecting accounts from credential stuffing with password breach alerting

Usenix Security 2019

Rethinking the detection of child sexual abuse imagery on the Internet
ai

Rethinking the detection of child sexual abuse imagery on the Internet

WWW 2019

They Don't Leave Us Alone Anywhere We Go - Gender and Digital Abuse in South Asia
user experience

They Don't Leave Us Alone Anywhere We Go - Gender and Digital Abuse in South Asia

CHI 2019

Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data
security

Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data

SOUPS 2018

Tracking desktop ransomware payments end to end
security

Tracking desktop ransomware payments end to end

S&P 2018

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials
anti-abuse

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

CCS 2017

The first collision for full SHA-1
security

The first collision for full SHA-1

Crypto 2017

Understanding the Mirai Botnet
network security

Understanding the Mirai Botnet

Usenix Security 2017

Pinning Down Abuse on Google Maps
anti-abuse

Pinning Down Abuse on Google Maps

WWW 2017

The Security Impact of HTTPS Interception
web security

The Security Impact of HTTPS Interception

NDSS 2017

Picasso: Lightweight Device Class Fingerprinting for Web Clients
anti-abuse

Picasso: Lightweight Device Class Fingerprinting for Web Clients

SPSM 2016

I am a legend hacking hearthstone using statistical learning methods
video game

I am a legend hacking hearthstone using statistical learning methods

CIG 2016

The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges
anti-abuse

The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges

RAID 2016

Investigating commercial pay-per-install and the distribution of unwanted software
anti-abuse

Investigating commercial pay-per-install and the distribution of unwanted software

Usenix Security 2016

Cloak of visibility: detecting when machines browse a different web
anti-abuse

Cloak of visibility: detecting when machines browse a different web

S&P 2016

Remedying web hijacking notification effectiveness and webmaster comprehension
web security

Remedying web hijacking notification effectiveness and webmaster comprehension

WWW 2016

Users really do plug in usb drives they find
security

Users really do plug in usb drives they find

S&P 2016

Neither snow nor rain nor mitm . . . an empirical analysis of email delivery security
network security

Neither snow nor rain nor mitm . . . an empirical analysis of email delivery security

IMC 2015

Framing dependencies introduced by underground commoditization
anti-abuse

Framing dependencies introduced by underground commoditization

WEIS 2015

Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google
anti-abuse

Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google

WWW 2015

Ad injection at scale: assessing deceptive advertisement modifications
anti-abuse

Ad injection at scale: assessing deceptive advertisement modifications

S&P 2015

Handcrafted fraud and extortion: manual account hijacking in the wild
anti-abuse

Handcrafted fraud and extortion: manual account hijacking in the wild

IMC 2014

Dialing back abuse on phone verified accounts
anti-abuse

Dialing back abuse on phone verified accounts

CCS 2014

The end is nigh: generic solving of text-based captchas
web security

The end is nigh: generic solving of text-based captchas

WOOT 2014

Cloak and swagger: understanding data sensitivity through the lens of user anonymity
privacy

Cloak and swagger: understanding data sensitivity through the lens of user anonymity

S&P 2014

Easy does it: more usable captchas
user experience

Easy does it: more usable captchas

CHI 2014

Online microsurveys for user experience research
user experience

Online microsurveys for user experience research

CHI 2014

Sessionjuggler secure web login from an untrusted terminal using session hijacking
web security

Sessionjuggler secure web login from an untrusted terminal using session hijacking

WWW 2012

Text-based captcha strengths and weaknesses
web security

Text-based captcha strengths and weaknesses

CCS 2011

Reclaiming the blogosphere talkback a secure linkback protocol for weblogs
web security

Reclaiming the blogosphere talkback a secure linkback protocol for weblogs

ESORICS 2011

Towards secure embedded web interfaces
web security

Towards secure embedded web interfaces

Usenix Security 2011

Openconflict preventing real time map hacks in online games
video game

Openconflict preventing real time map hacks in online games

S&P 2011

The failure of noise-based non-continuous audio captchas
web security

The failure of noise-based non-continuous audio captchas

S&P 2011

Kamouflage loss-resistant password management
security

Kamouflage loss-resistant password management

ESORICS 2010

An analysis of private browsing modes in modern browsers
privacy

An analysis of private browsing modes in modern browsers

Usenix Security 2010

Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks
hacking

Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks

WOOT 2010

Recovering windows secrets and efs certificates offline
hacking

Recovering windows secrets and efs certificates offline

WOOT 2010

Webseclab security education workbench
web security

Webseclab security education workbench

CEST 2010

The emergence of cross channel scripting
web security

The emergence of cross channel scripting

CACM 2010

Busting frame busting a study of clickjacking vulnerabilities on popular sites
web security

Busting frame busting a study of clickjacking vulnerabilities on popular sites

W2SP 2010

How good are humans at solving captchas a large scale evaluation
web security

How good are humans at solving captchas a large scale evaluation

S&P 2010

State of the art automated black-box web application vulnerability testing
web security

State of the art automated black-box web application vulnerability testing

S&P 2010

Using strategy objectives for network security analysis
network security

Using strategy objectives for network security analysis

Inscrypt 2009

Trackback spam abuse and prevention
web security

Trackback spam abuse and prevention

CCSW 2009

Xcs cross channel scripting and its impact on web applications
web security

Xcs cross channel scripting and its impact on web applications

CCS 2009

Decaptcha breaking 75% of ebay audio captchas
web security

Decaptcha breaking 75% of ebay audio captchas

WOOT 2009

Extending anticipation games with location penalty and timeline
network security

Extending anticipation games with location penalty and timeline

FAST 2008

Netqi a model checker for anticipation game
network security

Netqi a model checker for anticipation game

ATVA 2008

Probabilistic protocol identification for hard to classify protocol
network security

Probabilistic protocol identification for hard to classify protocol

WISTP 2008

A logical framework for evaluating network resilience against faults and attacks
network security

A logical framework for evaluating network resilience against faults and attacks

ASIAN 2007

Time has something to tell us about network address translation
network security

Time has something to tell us about network address translation

NordSec 2007

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.