| 2011 | "Mix-in-Place" anonymous networking using secure function evaluation. Nilesh Nipane, Italo Dacosta, Patrick Traynor |
| 2011 | "Super nodes" in Tor: existence and security implication. Chenglong Li, Yibo Xue, Yingfei Dong, Dongsheng Wang |
| 2011 | A peel of onion. Paul F. Syverson |
| 2011 | A server- and browser-transparent CSRF defense for web 2.0 applications. Riccardo Pelizzi, R. Sekar |
| 2011 | ASIDE: IDE support for web application security. Jing Xie, Bill Chu, Heather Richter Lipford, John T. Melton |
| 2011 | AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements. Xinshu Dong, Minh Tran, Zhenkai Liang, Xuxian Jiang |
| 2011 | An empirical study of visual security cues to prevent the SSLstripping attack. Dongwan Shin, Rodrigo Lopes |
| 2011 | Attacks on WebView in the Android system. Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, Heng Yin |
| 2011 | Automated remote repair for mobile malware. Yacin Nadji, Jonathon T. Giffin, Patrick Traynor |
| 2011 | BLOCK: a black-box approach for detection of state violation attacks towards web applications. Xiaowei Li, Yuan Xue |
| 2011 | BareBox: efficient malware analysis on bare-metal. Dhilung Kirat, Giovanni Vigna, Christopher Kruegel |
| 2011 | Detecting and resolving privacy conflicts for collaborative data sharing in online social networks. Hongxin Hu, Gail-Joon Ahn, Jan Jorgensen |
| 2011 | Detecting malware's failover C&C strategies with squeeze. Matthias Neugschwandtner, Paolo Milani Comparetti, Christian Platzer |
| 2011 | Distilling critical attack graph surface iteratively through minimum-cost SAT solving. Heqing Huang, Su Zhang, Xinming Ou, Atul Prakash, Karem A. Sakallah |
| 2011 | Don't Bump, Shake on It: the exploitation of a popular accelerometer-based smart phone exchange and its secure replacement. Ahren Studer, Timothy Passaro, Lujo Bauer |
| 2011 | Dynamic sample size detection in continuous authentication using sequential sampling. Ahmed Awad E. Ahmed, Issa Traoré |
| 2011 | Enabling secure VM-vTPM migration in private clouds. Boris Danev, Ramya Jayaram Masti, Ghassan Karame, Srdjan Capkun |
| 2011 | Exploring the potential benefits of expanded rate limiting in Tor: slow and steady wins the race with Tortoise. W. Brad Moore, Chris Wacek, Micah Sherr |
| 2011 | Exposing invisible timing-based traffic watermarks with BACKLIT. Xiapu Luo, Peng Zhou, Junjie Zhang, Roberto Perdisci, Wenke Lee, Rocky K. C. Chang |
| 2011 | FORECAST: skimming off the malware cream. Matthias Neugschwandtner, Paolo Milani Comparetti, Grégoire Jacob, Christopher Kruegel |
| 2011 | Facing the facts about image type in recognition-based graphical passwords. Max Hlywa, Robert Biddle, Andrew S. Patrick |
| 2011 | From prey to hunter: transforming legacy embedded devices into exploitation sensor grids. Ang Cui, Jatin Kataria, Salvatore J. Stolfo |
| 2011 | Hit 'em where it hurts: a live security exercise on cyber situational awareness. Adam Doupé, Manuel Egele, Benjamin Caillat, Gianluca Stringhini, Gorkem Yakin, Ali Zand, Ludovico Cavedon, Giovanni Vigna |
| 2011 | Improving robustness of DNS to software vulnerabilities. Ahmed Khurshid, Firat Kiyak, Matthew Caesar |
| 2011 | Key escrow from a safe distance: looking back at the Clipper Chip. Matt Blaze |
| 2011 | Mitigating code-reuse attacks with control-flow locking. Tyler K. Bletsch, Xuxian Jiang, Vincent W. Freeh |
| 2011 | Nexat: a history-based approach to predict attacker actions. Casey Cipriano, Ali Zand, Amir Houmansadr, Christopher Kruegel, Giovanni Vigna |
| 2011 | PhorceField: a phish-proof password ceremony. Michael Hart, Claude Castille, Manoj Harpalani, Jonathan Toohill, Rob Johnson |
| 2011 | Private search in the real world. Vasilis Pappas, Mariana Raykova, Binh Vo, Steven M. Bellovin, Tal Malkin |
| 2011 | RIPE: runtime intrusion prevention evaluator. John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, Wouter Joosen |
| 2011 | Reliable telemetry in white spaces using remote attestation. Omid Fatemieh, Michael LeMay, Carl A. Gunter |
| 2011 | SEMAGE: a new image-based two-factor CAPTCHA. Shardul Vikram, Yinan Fan, Guofei Gu |
| 2011 | Security through amnesia: a software-based solution to the cold boot attack on disk encryption. Patrick Simmons |
| 2011 | Smart metering de-pseudonymization. Marek Jawurek, Martin Johns, Konrad Rieck |
| 2011 | Social snapshots: digital forensics for online social networks. Markus Huber, Martin Mulazzani, Manuel Leithner, Sebastian Schrittwieser, Gilbert Wondracek, Edgar R. Weippl |
| 2011 | Static detection of malicious JavaScript-bearing PDF documents. Pavel Laskov, Nedim Srndic |
| 2011 | The science of cyber security experimentation: the DETER project. Terry Benzel |
| 2011 | The socialbot network: when bots socialize for fame and money. Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu |
| 2011 | Tracking payment card data flow using virtual machine state introspection. Jennia Hizver, Tzi-cker Chiueh |
| 2011 | Twenty-Seventh Annual Computer Security Applications Conference, ACSAC 2011, Orlando, FL, USA, 5-9 December 2011 Robert H'obbes' Zakon, John P. McDermott, Michael E. Locasto |
| 2011 | Understanding the prevalence and use of alternative plans in malware with network games. Yacin Nadji, Manos Antonakakis, Roberto Perdisci, Wenke Lee |
| 2011 | WebJail: least-privilege integration of third-party components in web mashups. Steven Van Acker, Philippe De Ryck, Lieven Desmet, Frank Piessens, Wouter Joosen |
| 2011 | deRop: removing return-oriented programming from malware. Kangjie Lu, Dabi Zou, Weiping Wen, Debin Gao |