USENIX Sec 2015 67 papers accepted. Updated on 2023-10-06. You can find the lastest information here. Post-Mortem of a Zombie: Conficker Cleanup After Six Years. Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World. Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem. All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS. Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS. Eclipse Attacks on Bitcoin's Peer-to-Peer Network. Protocol State Fuzzing of TLS Implementations. Verified Correctness and Security of OpenSSL HMAC. Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation. To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections. Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity. Automatic Generation of Data-Oriented Exploits. De-anonymizing Programmers via Code Stylometry. RAPTOR: Routing Attacks on Privacy in Tor. Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services. SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization. Under-Constrained Symbolic Execution: Correctness Checking for Real Code. TaintPipe: Pipelined Symbolic Taint Analysis. Type Casting Verification: Stopping an Emerging Attack Vector. Trustworthy Whole-System Provenance for the Linux Kernel. Securing Self-Virtualizing Ethernet Devices. EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning. Marionette: A Programmable Network Traffic Obfuscation System. CONIKS: Bringing Key Transparency to End Users. Investigating the Computer Security Practices and Needs of Journalists. Constants Count: Practical Improvements to Oblivious RAM. Raccoon: Closing Digital Side-Channels through Obfuscated Execution. M2R: Enabling Stronger Privacy in MapReduce Computation. Measuring Real-World Accuracies and Biases in Modeling Password Guessability. Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound. Android Permissions Remystified: A Field Study on Contextual Integrity. Phasing: Private Set Intersection Using Permutation-based Hashing. Faster Secure Computation through Automatic Parallelization. The Pythia PRF Service. EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services. Trends and Lessons from Three Years Fighting Malicious Extensions. Meerkat: Detecting Website Defacements through Image-based Object Recognition. Recognizing Functions in Binaries with Neural Networks. Reassembleable Disassembling. How the ELF Ruined Christmas. Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale. You Shouldn't Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps. Boxify: Full-fledged App Sandboxing for Stock Android. Cookies Lack Integrity: Real-World Implications. The Unexpected Dangers of Dynamic JavaScript. ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities. Anatomization and Protection of Mobile Apps' Location Privacy Threats. LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors. PowerSpy: Location Tracking Using Mobile Device Power Analysis. In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services. Bohatei: Flexible and Elastic DDoS Defense. Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge. GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies. Thermal Covert Channels on Multi-core Platforms. Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. A Placement Vulnerability Study in Multi-Tenant Public Clouds. A Measurement Study on Co-residence Threat inside the Cloud. Towards Discovering and Understanding Task Hijacking in Android. Cashtags: Protecting the Input and Display of Sensitive Data. SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps. UIPicker: User-Input Privacy Identification in Mobile Applications. Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths. Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits. Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence.