Security & Privacy TU Wien

Publications

2020

Language-Based Web Session Integrity / S. Calzavara, R. Focardi, N. Grimm, M. Maffei, M. Tempesta / Talk: IEEE Computer Security Foundations Symposium, New York; 2020-06-22 - 2020-06-25; in: "33rd IEEE Computer Security Foundations Symposium", IEEE Computer Society, Washington DC (2020), ISBN: 978-1-5386-3217-8
The Good, the Bad and the Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts / M. Maffei, M. Scherer, C. Schneidewind / accepted as talk for: International Symposium on Leveraging Applications of Formal Methods (ISoLA), Rhodes; 2020-10-20 - 2020-10-30; in: "International Symposium On Leveraging Applications of Formal Methods, Verification and Validation", Springer, 7609 (2020), ISBN: 978-3-642-34025-3
A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network / S. Tikhomirov, P. Moreno-Sanchez, M. Maffei / accepted as talk for: IEEE Security & Privacy On The Blockchain, Genova; 2020-11-07 - 2020-11-11; in: "IEEE Security & Privacy On The Blockchain"
eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts / M. Maffei, M. Scherer, C. Schneidewind / accepted as talk for: ACM Conference on Computer and Communications Security (CCS), Orlando; 2020-11-09 - 2020-11-13; in: "CCS", ACM, (2020)

2019

Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / G. Malavolta, P. Moreno-Sanchez, C. Schneidewind, A. Kate, M. Maffei / Talk: Network and Distributed System Security Symposium (NDSS), San Diego, CA, US; 2019-02-24 - 2019-02-27; in: "Proceedings of 2019 Network and Distributed System Security Symposium", Reston (2019), ISBN: 1-891562-55-x; 1 - 15
Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability / G. Malavolta, P. Moreno-Sanchez, C. Schneidewind, A. Kate, M. Matteo / Talk: ACM Advances in Financial Technologies AFT 2019, Zurich, Switzerland (invited); 2019-10-21 - 2019-10-23
Atomic Multi-Channel Updates with Constant Collateralin Bitcoin-Compatible Payment-Channel Networks / C. Egger, P. Moreno-Sanchez, M. Matteo / Talk: Scaling Bitcoin, Israel, Tel Aviv (invited); 2019-09-11 - 2019-09-12; in: "Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security", New York (2019), ISBN: 978-1-4503-6747-9; 801 - 815
Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks / C. Egger, M. Maffei, P. Moreno-Sanchez / Talk: ACM Conference on Computer and Communications Security (CCS), London; 2019-11-11 - 2019-11-15; in: "ACM Conference on Computer and Communications Security", ACM (ed.); ACM, (2019), 801 - 815
Trace Reasoning for Formal Verification using the First-Order Superposition Calculus / P. Georgiou, B. Gleiss, L. Kovacs, M. Maffei / Poster: FMCAD 2019 Student Forum, San Jose, US; 2019-10-22 - 2019-10-25
Reducing Automotive Counterfeiting usingBlockchain: Benefits and Challenges / D. Lu, P. Moreno-Sanchez, A. Zeryihun, S. Bajpayi, S. Yin, K. Feldman, J. Kosofsky, P. Mitra, A. Kate / in: "2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON)", issued by: IEEE; IEEE Computer Society, USA, 2019, ISBN: 978-1-7281-1264-0, 39 - 48
Gathering of robots in a ring with mobile faults / S. Das, R. Focardi, F. Luccio, E. Markou, M. Squarcina / Theoretical Computer Science, Volume 764 (2019), Volume 764; 42 pages
Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem / S. Calzavara, R. Focardi, M. Nemec, A. Rabitti, M. Squarcina / in: "2019 IEEE Symposium on Security and Privacy (SP)", issued by: IEEE; IEEE, 2019, ISBN: 978-1-5386-6661-6, 281 - 298
Group ORAM for Privacy and AccessControl in Outsourced Personal Records / M. Maffei, G. Malavolta, M. Reinert, D. Schröder / Journal of Computer Security, vol. 27 (2019), no. 1; 1 - 47
Verifying Relational Properties using Trace Logic / G. Barthe, R. Eilers, P. Georgiou, B. Gleiss, L. Kovacs, M. Maffei / Talk: International Conference on Formal Methods in Computer Aided Design (FMCAD) 2019, San Jose, US; 2019-10-22 - 2019-10-25; in: "Proceedings of Formal Methods in Computer Aided Design (FMCAD)", B. Clark, J. Yang (ed.); IEEE, https://ieeexplore.ieee.org/xpl/conhome/8891869/proceeding (2019), ISBN: 978-0-9835678-9-9; 170 - 178
From Firewalls to Functions and Back / L. Ceragioli, L. Galletta, M. Tempesta / in: "Proceedings of the Third Italian Conference on Cyber Security", 2315; issued by: CEUR-WS.org; CEUR-Proceedings, Aachen, 2019, ISSN: 1613-0073, Paper ID 4, 13 pages

2018

Surviving the Web: A Journey into Web Session Security (Extended Abstract) / S. Calzavara, M. Squarcina, R. Focardi, M. Tempesta / in: "Proceedings of the 2018 World Wide Web Conference", issued by: International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018; ACM, Schwitzerland, 2018, ISBN: 978-1-4503-5640-4, 451 - 455
Equivalence Properties by Typing in Cryptographic Branching Protocols / V. Cortier, N. Grimm, J. Lallemand, M. Maffei / in: "Principles of Security and Trust", LNCS 10804; issued by: Springer, Cham; Springer LNCS, Schwitzerland, 2018, ISBN: 978-3-319-89721-9, 160 - 187
UniTraX: Protecting Data Privacy with Discoverable Biases / M. Maffei, R. Munz, F. Eigner, P. Francis, D. Garg / in: "Principles of Security and Trust", LNCS 10804; Springer, Lecture Notes in Computer Science, Schwitzerland, 2018, ISBN: 978-3-319-89721-9, 278 - 299
A Monadic Framework for Relational Verification: Applied to Information Security, Program Equivalence, and Optimization. / N. Grimm, K. Maillard, C. Fournet, C. Hritcu, M. Maffei, J. Protzenko, T. Ramananandro, N. Swamy, S. Zanella-Béguelin / in: "Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs", ACM Digital Library, New York, 2018, ISBN: 978-1-4503-5586-5, 130 - 145
Functional Credentials / D. Deuber, M. Maffei, G. Malavolta, M. Rabkin, D. Schröder, M. Simkin / in: "Proceedings on Privacy Enhancing Technologies", Volume 2018: Issue 2; issued by: De Gruyter Open; Walter de Gruyter GmbH, Berlin, 2018, 64 - 84
Simple Password Hardened Encryption Services / M. Maffei, M. Reinert, R. Lai, C. Egger, S. Chow, D. Schröder / in: "Proceedings of the 27th USENIX Security Symposium", 27th; issued by: USENIX Association Berkley, CA, USA; USENIX, 2018, ISBN: 978-1-931971-46-1, 1405 - 1421
WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring / S. Calzavara, M. Maffei, C. Schneidewind, M. Tempesta, M. Squarcina / in: "Proceedings of the 27th USENIX Security Symposium", 27th; issued by: USENIX Association Berkley, CA, USA; USENIX, 2018, ISBN: 978-1-931971-46-1, 1493 - 1510
GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM / V. van der Veen, M. Lindorfer, Y. Fratantonio, H. Padmanabha Pillai, G. Vigna, C. Krügel, H. Bos, K. Razavi / in: "Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)", Springer, 2018, ISBN: 978-3-319-93410-5, 92 - 113
MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense / R. Konoth, E. Vineti, V. Moonsamy, M. Lindorfer, C. Krügel, H. Bos, G. Vigna / in: "Proceedings of the 2018 ACM Conference on Computer and Communications Security (CCS)", ACM (ed.); ACM, 2018, ISBN: 978-1-4503-5693-0, 1714 - 1730
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications / E. Pan, J. Ren, M. Lindorfer, C. Wilson, D. Choffnes / in: "Privacy Enhancing Technologies Symposium (PETS)", DeGruyter, 4, 2018, 33 - 50
Mind Your Credit: Assessing the Health of the Ripple Credit Network / P. Moreno-Sanchez, N. Modi, R. Songhela, A. Kate, S. Fahmy / in: "Proceedings of the 2018 World Wide Web Conference", Volume 2018; issued by: International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018; ACM Digital Library, Schwitzerland, 2018, ISBN: 978-1-4503-5639-8, 329 - 338
ClearChart: Ensuring integrity of consumer ratings in online marketplaces / P. Moreno-Sanchez, U. Mahmood, A. Kate / Computers & Security, Computers & Security 78 (2018), Volume 78; 90 - 102
Foundations and Tools for the Static Analysis of Ethereum Smart Contracts / I. Gishchenko, M. Maffei, C. Schneidewind / in: "Proceedings of the 30th International Conference on Computer-Aided Verification", LNCS 10981; G. Weissenbacher, H. Chockler (ed.); issued by: Springer, Cham; Springer Open, 2018, ISBN: 978-3-319-96145-3, 51 - 78
Firewall Management With FireWall Synthesizer / M. Tempesta, C. Bodei, P. Degano, R. Forcardi, L. Galletta, L. Veronese / in: "keiner", issued by: Italian Conference on CyberSecurity (ITASEC); ITASEC, 2018, 1 pages
Language-Independent Synthesis of Firewall Policies / C. Bodei, P. Degano, L. Galletta, R. Focardi, M. Tempesta, L. Veronese / in: "2018 IEEE European Symposium on Security and Privacy (EuroS&P 2018)", issued by: Institute of Electrical and Electronics Engineers ( IEEE ); IEEE, 2018, ISBN: 978-1-5386-4228-3, 92 - 106
Mind Your Keys? A Security Evaluation of Java Keystores / R. Focardi, M. Squarcina, G. Steel, M. Palmarini, M. Tempesta / Talk: Network and Distributed System Security Symposium (NDSS), San Diego; 2018-02-18 - 2018-02-21; in: "Proceedings of 2019 Network and Distributed System Security Symposium", (2018), 1-1891562-49-5; 1 - 15
Theoretical and Prctical Smart Contracs Realization of an Investment Fund / J. Schneider / Supervisor: M. Matteo, C. Schneidewind; Institut of LOgic and Computation, Security and Privacy, 2018; final examination: 2018-08-31
A Semantic Framework for the Security Analysis of Ethereum smart contracts. / I. Grishchenko, C. Schneidewind, M. Maffei / in: "Principles of Security and Trust", LNCS 10804; issued by: Springer Link; Springer Open, Schwitzerland, 2018, ISBN: 978-3-319-89721-9, 243 - 269
Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions / J. Ren, M. Lindorfer, D. Dubois, A. Rao, D. Choffnes, N. Vallina-Rodriguez / in: "Network and Distributed System Security Symposium (NDSS)", Internet Society, 2018
Transcompiling Firewalls / C. Bodei, P. Degano, R. Focardi, L. Galletta, M. Tempesta / in: "Principles of Security and Trust: 7th International Conference, POST 2018 Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018 Thessaloniki, Greece, April 14-20, 2018, Proceedings", LNCS 10804; issued by: ETAPS; Springer International Publishing AG, Cham, 2018, ISBN: 978-3-319-89721-9, 303 - 324

2017

On the Security of Frequency-Hiding Order-Preserving Encryption / M. Matteo, M. Reinert, D. Schröder / accepted for publication in: "Cryptology and Network Security", Springer International Publishing, Cham, Switzerland, 2017, 1 - 20
A Type System for Privacy Properties / M. Matteo, N. Grimm, J. Lallemand, V. Cortier / Talk: ACM CCS 2017 Conference on Computer and Communications Security, Dallas, USA; 2017-10-30 - 2017-11-03; in: "CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security", ACM Digital Library, New York (2017), ISBN: 978-1-4503-4946-8; 409 - 423
Concurrency and Privacy with Payment-Channel Networks / M. Matteo, A. Kate, G. Malavolta, P. Moreno-Sanchez, S. Ravi / in: "CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security", ACM Digital Library, New York, 2017, ISBN: 978-1-4503-4946-8, 455 - 471
A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications / M. Matteo, S. Calzavara, I. Grishchenko, A. Koutsos / Talk: IEEE Computer Security Foundations Symposium, Santa Barbara, USA; 2017-08-21 - 2017-08-25; in: "IEEE 30th Computer Security Foundations Symposium CSF 2017", IEEE Xplore Digital Library, (2017), ISBN: 978-1-5386-3217-8; Paper ID 3, 15 pages
Maliciously Secure Multi-Client ORAM / M. Matteo, G. Malavolta, M. Reinert, D. Schröder / in: "Applied Cryptography and Network Security", LNCS 10355; D. Gollmann, A. Miyaji, H. Kikuchi (ed.); © Springer International Publishing AG 2017, Cham, 2017, ISBN: 978-3-319-61203-4, 645 - 664
Surviving the Web: A Journey into Web Session Security / S. Calzavara, M. Squarcina, M. Tempesta, R. Focardi / Acm Computing Surveys, Volume 50 Issue 1 (2017), 13; 1 - 34
SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks / M. Matteo, P. Moreno-Sanchez, A. Kate, G. Malavolta / in: "2017 Network and Distributed System Security Symposium", Internet Society, Reston, Virginia, USA, 2017, ISBN: 1-891562-46-0, 1 - 15
Principles of Security and Trust / M. Matteo, M. Ryan, P. Ah-Fat, M. Alabbad, M. Alvim, Z. Aslanyan, N. Atzei, K. Babel, M. Bartoletti, L. Bauer, A. Blot, S. Bursuc, P. Cañones, G. Casini, V. Cheval, T. Cimoli, M. Cramer, J. Dreier, C. Duménil, D. Hedin, M. Hicks, M. Huth, L. Jia, C. Johansen, O. Jones, R. Khedri, B. Köpf, S. Kremer, P. Laud, P. Mardziel, F. Nielson, M. Pettai, F. Piessens, W. Rafnsson, J. Reineke, A. Sabelfeld, R. Sasse, A. Sjösten, T. Terauchi, S. Xu, M. Yamamoto / Springer-Verlag, Berlin, Heidelberg, 2017, ISBN: 978-3-662-54454-9; 1 pages
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis / A. Continella, Y. Fratantonio, M. Lindorfer, A. Puccetti, A. Zand, C. Krügel, G. Vigna / in: "Network and Distributed System Security Symposium (NDSS)", Internet Society, 2017
A Type System for Privacy Properties / M. Matteo, N. Grimm, J. Lallemand, V. Cortier / Talk: ACM CCS 2017 Conference on Computer and Communications Security, Dallas, USA; 2017-10-30 - 2017-11-03; in: "CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security", ACM Digital Library, New York (2017), ISBN: 978-1-4503-4946-8; 409 - 423
Subset Predicate Encryption and its Applications / M. Matteo, J. Katz / in: "Cryptology and Network Security", Springer International Publishing, Cham, Switzerland, 2017, 1 - 20

2016

Malware Through the Looking Glass: Malware Analysis in an Evolving Threat Landscape / M. Lindorfer / Supervisor, Reviewer: E. Weippl, T. Holz, E. Kirda; Institut für Rechnergestützte Automation, 2016; oral examination: 2016-02-02
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic / J. Ren, A. Rao, M. Lindorfer, A. Legout, D. Choffnes / in: "International Conference on Mobile Systems, Applications and Services (MobiSys)", ACM, 2016, 361 - 374
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms / V. van der Veen, Y. Fratantonio, M. Lindorfer, D. Gruss, C. Maurice, G. Vigna, H. Bos, K. Razavi, C. Giuffrida / in: "ACM Conference on Computer and Communications Security (CCS)", ACM, 2016, ISBN: 978-1-4503-4139-4, 1675 - 1689
CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes / P. Carter, C. Mulliner, M. Lindorfer, W. Robertson, E. Kirda / in: "International Conference on Financial Cryptography and Data Security (FC)", Springer, 2016, ISBN: 978-3-662-54969-8, 231 - 249

2015

Current State of Browser Extension Security and Extension-based Malware / M. Neumayr / Supervisor: W. Kastner, M. Lindorfer; Rechnergestützte Automation, 2015; final examination: 2015-04-14
Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis / M. Lindorfer, M. Neugschwandtner, Ch. Platzer / in: "Proceedings of the IEEE 39th Annual Computer Software and Applications Conference (COMPSAC)", IEEE, 2015, ISBN: 978-1-4673-6564-2, 422 - 433

2014

Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors / M. Lindorfer, M. Neugschwandtner, L. Weichselbaum, Y. Fratantonio, V. van der Veen, Ch. Platzer / in: "Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)", IEEE, 2014, ISBN: 978-1-4799-8308-7, 3 - 17
Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images / Ch. Platzer, M. Stütz, M. Lindorfer / in: "Proceedings of the 2nd International Workshop on Security and Forensics in Communication Systems (ASIACCS-SFCS)", IEEE, 2014, ISBN: 978-1-4503-2802-9, 45 - 56
Enter Sandbox: Android Sandbox Comparison / S. Neuner, v. Victor, M. Lindorfer, M. Huber, M. Georg, M. Mulazzani, E. Weippl / in: "Proceedings of the IEEE Mobile Security Technologies Workshop (MoST)", IEEE, 2014
AndRadar: Fast Discovery of Android Applications in Alternative Markets / M. Lindorfer, V. Volanis, A. Sisto, M. Neugschwandtner, E. Athanasopoulos, F. Maggi, Ch. Platzer, S. Zanero, S. Ioannidis / in: "Proceedings of the 11th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)", Springer, LNCS 8550, 2014, ISBN: 978-3-319-08508-1, 51 - 71
Provably Sound Browser-Based Enforcement of Web Session Integrity / S. Calzavara, R. Focardi, W. Khan, M. Tempesta / in: "2014 IEEE 27th Computer Security Foundations Symposium", IEEE Computer Society, 2014, ISBN: 978-1-4799-4290-9, 366 - 380

2013

Take a Bite - Finding the Worm in the Apple / M. Lindorfer, B. Miller, M. Neugschwandtner, Ch. Platzer / in: "International Conference on Information, Communications and Signal Processing (ICICS)", IEEE, 2013
POSTER: Cross-Platform Malware: Write Once, Infect Everywhere / M. Lindorfer, M. Neumayr, J. Caballero, Ch. Platzer / Poster: ACM Conference on Computer and Communications Security (CCS), Berlin; 2013-11-04 - 2013-11-08; in: "ACM Conference on Computer and Communications Security (CCS)", (2013)
A View to a Kill: WebView Exploitation / M. Neugschwandtner, M. Lindorfer, Ch. Platzer / in: "USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)", USENIX, 2013

2012

Lines of Malicious Code: Insights Into the Malicious Software Industry / M. Lindorfer, A. Di Federico, F. Maggi, P. Milani Comparetti, S. Zanero / in: "Proceedings of the 28th Annual Computer Security Applications Conference", ACM, New York, 2012, ISBN: 978-1-4503-1312-4, 349 - 358

2011

Detecting Environment-Sensitive Malware / M. Lindorfer / Supervisor: E. Kirda, P. Milani Comparetti, C. Kolbitsch; Institut für Rechnergestützte Automation, 2011
Detecting Environment-Sensitive Malware / M. Lindorfer, C. Kolbitsch, P. Milani Comparetti / in: "Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (2011)", Springer, 2011, ISBN: 978-3-642-23643-3