| 2012 | 28th Annual Computer Security Applications Conference, ACSAC 2012, Orlando, FL, USA, 3-7 December 2012 Robert H'obbes' Zakon |
| 2012 | Abusing cloud-based browsers for fun and profit. Vasant Tendulkar, Ryan Snyder, Joe Pletcher, Kevin R. B. Butler, Ashwin Shashidharan, William Enck |
| 2012 | All your face are belong to us: breaking Facebook's social authentication. Iasonas Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos D. Keromytis, Stefano Zanero |
| 2012 | Analysis of the communication between colluding applications on modern smartphones. Claudio Marforio, Hubert Ritzdorf, Aurélien Francillon, Srdjan Capkun |
| 2012 | Augmenting vulnerability analysis of binary code. Sean Heelan, Agustin Gianni |
| 2012 | BetterAuth: web authentication revisited. Martin Johns, Sebastian Lekies, Bastian Braun, Benjamin Flesch |
| 2012 | Biometric authentication on a mobile device: a study of user effort, error and task disruption. Shari Trewin, Calvin Swart, Larry Koved, Jacquelyn Martino, Kapil Singh, Shay Ben-David |
| 2012 | Building better passwords using probabilistic techniques. Shiva Houshmand, Sudhir Aggarwal |
| 2012 | Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service. Shuang Zhao, Patrick P. C. Lee, John C. S. Lui, Xiaohong Guan, Xiaobo Ma, Jing Tao |
| 2012 | Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks. Eitaro Shioji, Yuhei Kawakoya, Makoto Iwamura, Takeo Hariu |
| 2012 | CodeShield: towards personalized application whitelisting. Christopher S. Gates, Ninghui Li, Jing Chen, Robert W. Proctor |
| 2012 | Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis. Leyla Bilge, Davide Balzarotti, William K. Robertson, Engin Kirda, Christopher Kruegel |
| 2012 | Dissecting ghost clicks: ad fraud via misdirected human clicks. Sumayah A. Alrwais, Alexandre Gerber, Christopher W. Dunn, Oliver Spatscheck, Minaxi Gupta, Eric Osterweil |
| 2012 | Distributed application tamper detection via continuous software updates. Christian S. Collberg, Sam Martin, Jonathan Myers, Jasvir Nagra |
| 2012 | Down to the bare metal: using processor features for binary analysis. Carsten Willems, Ralf Hund, Andreas Fobian, Dennis Felsch, Thorsten Holz, Amit Vasudevan |
| 2012 | Efficient protection of kernel data structures via object partitioning. Abhinav Srivastava, Jonathon T. Giffin |
| 2012 | Enabling private conversations on Twitter. Indrajeet Singh, Michael Butkiewicz, Harsha V. Madhyastha, Srikanth V. Krishnamurthy, Sateesh Addepalli |
| 2012 | Enabling trusted scheduling in embedded systems. Ramya Jayaram Masti, Claudio Marforio, Aanjhan Ranganathan, Aurélien Francillon, Srdjan Capkun |
| 2012 | Generalized vulnerability extrapolation using abstract syntax trees. Fabian Yamaguchi, Markus Lottmann, Konrad Rieck |
| 2012 | Hi-Fi: collecting high-fidelity whole-system provenance. Devin J. Pohly, Stephen E. McLaughlin, Patrick D. McDaniel, Kevin R. B. Butler |
| 2012 | Iris: a scalable cloud file system with efficient integrity checks. Emil Stefanov, Marten van Dijk, Ari Juels, Alina Oprea |
| 2012 | JSand: complete client-side sandboxing of third-party JavaScript without browser modifications. Pieter Agten, Steven Van Acker, Yoran Brondsema, Phu H. Phung, Lieven Desmet, Frank Piessens |
| 2012 | Jarhead analysis and detection of malicious Java applets. Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna |
| 2012 | Lines of malicious code: insights into the malicious software industry. Martina Lindorfer, Alessandro Di Federico, Federico Maggi, Paolo Milani Comparetti, Stefano Zanero |
| 2012 | Malicious PDF detection using metadata and structural features. Charles Smutz, Angelos Stavrou |
| 2012 | On automated image choice for secure and usable graphical passwords. Paul Dunphy, Patrick Olivier |
| 2012 | One year of SSL internet measurement. Olivier Levillain, Arnaud Ébalard, Benjamin Morin, Hervé Debar |
| 2012 | Permission evolution in the Android ecosystem. Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, Michalis Faloutsos |
| 2012 | Practicality of accelerometer side channels on smartphones. Adam J. Aviv, Benjamin Sapp, Matt Blaze, Jonathan M. Smith |
| 2012 | Securing untrusted code via compiler-agnostic binary rewriting. Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin |
| 2012 | Security economics: a personal perspective. Ross J. Anderson |
| 2012 | Self-healing multitier architectures using cascading rescue points. Angeliki Zavou, Georgios Portokalidis, Angelos D. Keromytis |
| 2012 | SensorSift: balancing sensor data privacy and utility in automated face understanding. Miro Enev, Jaeyeon Jung, Liefeng Bo, Xiaofeng Ren, Tadayoshi Kohno |
| 2012 | Separation virtual machine monitors. John P. McDermott, Bruce E. Montrose, Margery Li, James Kirby, Myong H. Kang |
| 2012 | TRESOR-HUNT: attacking CPU-bound encryption. Erik-Oliver Blass, William Robertson |
| 2012 | Tapas: design, implementation, and usability evaluation of a password manager. Daniel McCarney, David Barrera, Jeremy Clark, Sonia Chiasson, Paul C. van Oorschot |
| 2012 | ThinAV: truly lightweight mobile cloud-based anti-malware. Chris Jarabek, David Barrera, John Aycock |
| 2012 | Towards network containment in malware analysis systems. Mariano Graziano, Corrado Leita, Davide Balzarotti |
| 2012 | Transforming commodity security policies to enforce Clark-Wilson integrity. Divya Muthukumaran, Sandra Julieta Rueda, Nirupama Talele, Hayawardh Vijayakumar, Jason Teutsch, Trent Jaeger |
| 2012 | TrueErase: per-file secure deletion for the storage data path. Sarah M. Diesburg, Christopher R. Meyers, Mark J. Stanovich, Michael Mitchell, Justin Marshall, Julia Gould, An-I Andy Wang, Geoff Kuenning |
| 2012 | Trust engineering: rejecting the tyranny of the weakest link. Susan D. Alexander |
| 2012 | Twitter games: how successful spammers pick targets. Vasumathi Sridharan, Vaibhav Shankar, Minaxi Gupta |
| 2012 | Using automated model analysis for reasoning about security of web protocols. Apurva Kumar |
| 2012 | Using memory management to detect and extract illegitimate code for malware analysis. Carsten Willems, Felix C. Freiling, Thorsten Holz |
| 2012 | VAMO: towards a fully automated malware clustering validity analysis. Roberto Perdisci, Man Chon U |
| 2012 | When hardware meets software: a bulletproof solution to forensic memory acquisition. Alessandro Reina, Aristide Fattori, Fabio Pagani, Lorenzo Cavallaro, Danilo Bruschi |
| 2012 | XIAO: tuning code clones at hands of engineers in practice. Yingnong Dang, Dongmei Zhang, Song Ge, Chengyun Chu, Yingjun Qiu, Tao Xie |