Security and Privacy Symposium 2014

• Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections, pdf
  Zhou Li, Sumayah Alrwais, XiaoFeng Wang, Eihal Alowaisheq
• Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities, pdf
  Sangho Lee, Youngsok Kim, Jangwoo Kim, Jong Kim
• All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API, pdf,
  Yuan Tian, Ying-Chuan Liu, Amar Bhosale, Lin-Shung Huang, Patrick Tague, Collin Jackson
• Chip and Skim: Cloning EMV Cards with the Pre-play Attack, pdf
  Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, Ross Anderson
• When HTTPS Meets CDN: A Case of Authentication in Delegated Service, pdf,
  Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li, Tao Wan, Jianping Wu
• Analyzing Forged SSL Certificates in the Wild, pdf
  Lin-Shung Huang, Alex Rice, Erling Ellingsen, Collin Jackson
• Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS, pdf
  Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Alfredo Pironti, Pierre-Yves Strub
• Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations, pdf
  Chad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, Vitaly Shmatikov
• Automating Isolation and Least Privilege in Web Services, pdf
  Aaron Blankstein, Michael J. Freedman
• Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces, pdf
  Collin Mulliner, William Robertson, Engin Kirda
• Automated Analysis of Security Protocols with Global State, pdf
  Steve Kremer, Robert Künnemann
• Automated Verification of Group Key Agreement Protocols, pdf
  Benedikt Schmidt, Ralf Sasse, Cas Cremers, David Basin
• Practical Evasion of a Learning-Based Classifier: A Case Study, pdf,
  Nedim Šrndič, Pavel Laskov Doppelgänger Finder: Taking Stylometry to the Underground, pdf,
  Sadia Afroz, Aylin Caliskan-Islam, Ariel Stolerman, Rachel Greenstadt, Damon McCoy
• Hacking Blind, pdf,
  Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazières, Dan Boneh
• Framing Signals - A Return to Portable Shellcode, pdf,
  Erik Bosman, Herbert Bos
• Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains, pdf,
  James Mickens
• SoK: Automated Software Diversity, pdf,
  Per Larsen, Andrei Homescu, Stefan Brunthaler, Michael Franz
• KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels, pdf,
  John Criswell, Nathan Dautenhahn, Vikram Adve
• Dancing with Giants: Wimpy Kernels for On-Demand Isolated I/O, pdf,
  Zongwei Zhou, Miao Yu, Virgil D. Gligor
• Bootstrapping Privacy Compliance in Big Data Systems, pdf,
  Shayak Sen, Saikat Guha, Anupam Datta, Sriram K. Rajamani, Janice Tsai, Jeannette M. Wing
• Formal Analysis of Chaumian Mix Nets with Randomized Partial Checking, pdf,
  Ralf Küsters, Tomasz Truderung, Andreas Vogt
• Blind Seer: A Scalable Private DBMS, pdf,
  Vasilis Pappas, Fernando Krell, Binh Vo, Vladimir Kolesnikov, Tal Malkin, Seung Geol Choi, Wesley George, Angelos Keromytis, Steve Bellovin
• ANONIZE: A Large-Scale Anonymous Survey System, pdf,
  Susan Hohenberger, Steven Myers, Rafael Pass, abhi shelat
• Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating, pdf,
  Luyi Xing, Xiaorui Pan, Rui Wang, Kan Yuan, XiaoFeng Wang
• The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations, pdf,
  Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed, XiaoFeng Wang
• From Zygote to Morula: Fortifying Weakened ASLR on Android, pdf,
  Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, Wenke Lee
• Secure Multiparty Computations on Bitcoin, pdf,
  Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Lukasz Mazurek
• Zerocash: Decentralized Anonymous Payments from Bitcoin, pdf,
  Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza
• Permacoin: Repurposing Bitcoin Work for Data Preservation, pdf,
  Andrew Miller, Ari Juels, Elaine Shi, Bryan Parno, Jonathan Katz
• Cloak and Swagger: Understanding Data Sensitivity through the Lens of User Anonymity, pdf,
  Sai Teja Peddinti, Aleksandra Korolova, Elie Bursztein, Geetanjali Sampemane
• Stopping a Rapid Tornado with a Puff, pdf,
  José Lopes, Nuno Neves
• SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks, pdf,
  Michael Rushanan, Aviel D. Rubin, Denis Foo Kune, Colleen M. Swanson
• Quantifying Information Flow for Dynamic Secrets, pdf,
  Piotr Mardziel, Mario S. Alvim, Michael Hicks, Michael R. Clarkson
• Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG, pdf,
  Adam Everspaugh, Yan Zhai, Robert Jellinek, Thomas Ristenpart, Michael Swift
• Out of Control: Overcoming Control-Flow Integrity, pdf,
  Enes Göktas, Elias Athanasopoulos, Herbert Bos, Georgios Portokalidis
• Modeling and Discovering Vulnerabilities with Code Property Graphs, pdf,
  Fabian Yamaguchi, Nico Golde, Daniel Arp, Konrad Rieck
• SoK: Introspections on Trust and the Semantic Gap, pdf,
  Bhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E. Porter, Radu Sion
• Automating Efficient RAM-Model Secure Computation, pdf,
  Chang Liu, Yan Huang, Elaine Shi, Jonathan Katz, Michael Hicks
• Dynamic Searchable Encryption via Blind Storage, pdf,
  Muhammad Naveed, Manoj Prabhakaran, Carl A. Gunter
• Wysteria: A Programming Language for Generic, Mixed-Mode Multiparty Computations, pdf,
  Aseem Rastogi, Matthew A. Hammer, Michael Hicks
• An Expressive Model for the Web Infrastructure: Definition and Application to the Browser ID SSO System, pdf,
  Daniel Fett, Ralf Küsters, Guido Schmitz
• A Study of Probabilistic Password Models, pdf,
  Jerry Ma, Weining Yang, Min Luo, Ninghui Li
• ZEBRA: Zero-Effort Bilateral Recurring Authentication, pdf,
  Shrirang Mare, Andrés Molina-Markham, Cory Cornelius, Ronald Peterson, David Kotz