USENIX Sec 2015

67 papers accepted.

Updated on 2023-10-06.

You can find the lastest information here.

---

Post-Mortem of a Zombie: Conficker Cleanup After Six Years.

Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World.

Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem.

All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS.

Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS.

Eclipse Attacks on Bitcoin's Peer-to-Peer Network.

Protocol State Fuzzing of TLS Implementations.

Verified Correctness and Security of OpenSSL HMAC.

Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation.

To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections.

Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception.

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity.

Automatic Generation of Data-Oriented Exploits.

De-anonymizing Programmers via Code Stylometry.

RAPTOR: Routing Attacks on Privacy in Tor.

Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services.

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization.

Under-Constrained Symbolic Execution: Correctness Checking for Real Code.

TaintPipe: Pipelined Symbolic Taint Analysis.

Type Casting Verification: Stopping an Emerging Attack Vector.

Trustworthy Whole-System Provenance for the Linux Kernel.

Securing Self-Virtualizing Ethernet Devices.

EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning.

Marionette: A Programmable Network Traffic Obfuscation System.

CONIKS: Bringing Key Transparency to End Users.

Investigating the Computer Security Practices and Needs of Journalists.

Constants Count: Practical Improvements to Oblivious RAM.

Raccoon: Closing Digital Side-Channels through Obfuscated Execution.

M2R: Enabling Stronger Privacy in MapReduce Computation.

Measuring Real-World Accuracies and Biases in Modeling Password Guessability.

Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound.

Android Permissions Remystified: A Field Study on Contextual Integrity.

Phasing: Private Set Intersection Using Permutation-based Hashing.

Faster Secure Computation through Automatic Parallelization.

The Pythia PRF Service.

EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services.

Trends and Lessons from Three Years Fighting Malicious Extensions.

Meerkat: Detecting Website Defacements through Image-based Object Recognition.

Recognizing Functions in Binaries with Neural Networks.

Reassembleable Disassembling.

How the ELF Ruined Christmas.

Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale.

You Shouldn't Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps.

Boxify: Full-fledged App Sandboxing for Stock Android.

Cookies Lack Integrity: Real-World Implications.

The Unexpected Dangers of Dynamic JavaScript.

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities.

Anatomization and Protection of Mobile Apps' Location Privacy Threats.

LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors.

PowerSpy: Location Tracking Using Mobile Device Power Analysis.

In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services.

Bohatei: Flexible and Elastic DDoS Defense.

Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge.

GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies.

Thermal Covert Channels on Multi-core Platforms.

Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors.

Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches.

A Placement Vulnerability Study in Multi-Tenant Public Clouds.

A Measurement Study on Co-residence Threat inside the Cloud.

Towards Discovering and Understanding Task Hijacking in Android.

Cashtags: Protecting the Input and Display of Sensitive Data.

SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps.

UIPicker: User-Input Privacy Identification in Mobile Applications.

Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents.

WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths.

Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits.

Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence.