| 2014 | 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014 |
| 2014 | A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks. Siegfried Rasthofer, Steven Arzt, Eric Bodden |
| 2014 | A Trusted Safety Verifier for Process Controller Code. Stephen E. McLaughlin, Saman A. Zonouz, Devin J. Pohly, Patrick D. McDaniel |
| 2014 | AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares. Jonas Zaddach, Luca Bruno, Aurélien Francillon, Davide Balzarotti |
| 2014 | AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable. Sanorita Dey, Nirupam Roy, Wenyuan Xu, Romit Roy Choudhury, Srihari Nelakuditi |
| 2014 | AirBag: Boosting Smartphone Resistance to Malware Infection. Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, Xuxian Jiang |
| 2014 | Amplification Hell: Revisiting Network Protocols for DDoS Abuse. Christian Rossow |
| 2014 | AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications. Mu Zhang, Heng Yin |
| 2014 | Auditable Version Control Systems. Bo Chen, Reza Curtmola |
| 2014 | Authentication Using Pulse-Response Biometrics. Kasper Bonne Rasmussen, Marc Roeschlin, Ivan Martinovic, Gene Tsudik |
| 2014 | Botcoin: Monetizing Stolen Cycles. Danny Yuxing Huang, Hitesh Dharmdasani, Sarah Meiklejohn, Vacha Dave, Chris Grier, Damon McCoy, Stefan Savage, Nicholas Weaver, Alex C. Snoeren, Kirill Levchenko |
| 2014 | Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks. Martin Georgiev, Suman Jana, Vitaly Shmatikov |
| 2014 | Copker: Computing with Private Keys without RAM. Le Guan, Jingqiang Lin, Bo Luo, Jiwu Jing |
| 2014 | CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers. Antonio Nappa, Zhaoyan Xu, M. Zubair Rafique, Juan Caballero, Guofei Gu |
| 2014 | DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck |
| 2014 | DSpin: Detecting Automatically Spun Content on the Web. Qing Zhang, David Y. Wang, Geoffrey M. Voelker |
| 2014 | Decentralized Anonymous Credentials. Christina Garman, Matthew Green, Ian Miers |
| 2014 | Detecting Logic Vulnerabilities in E-commerce Applications. Fangqi Sun, Liang Xu, Zhendong Su |
| 2014 | Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation. David Cash, Joseph Jaeger, Stanislaw Jarecki, Charanjit S. Jutla, Hugo Krawczyk, Marcel-Catalin Rosu, Michael Steiner |
| 2014 | Efficient Private File Retrieval by Combining ORAM and PIR. Travis Mayberry, Erik-Oliver Blass, Agnes Hui Chan |
| 2014 | Enhanced Certificate Transparency and End-to-End Encrypted Mail. Mark Dermot Ryan |
| 2014 | Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna |
| 2014 | From Very Weak to Very Strong: Analyzing Password-Strength Meters. Xavier de Carné de Carnavalet, Mohammad Mannan |
| 2014 | Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission. Younghwan Go, Eunyoung Jeong, Jongil Won, Yongdae Kim, Denis Foo Kune, KyoungSoo Park |
| 2014 | Gyrus: A Framework for User-Intent Monitoring of Text-based Networked Applications. Yeongjin Jang, Simon P. Chung, Bryan D. Payne, Wenke Lee |
| 2014 | Hardening Persona - Improving Federated Web Login. Michael Dietz, Dan S. Wallach |
| 2014 | Hybrid-Bridge: Efficiently Bridging the Semantic-Gap in VMI via Decoupled Execution and Training Memoization. Alireza Saberi, Yangchun Fu, Zhiqiang Lin |
| 2014 | Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android. Muhammad Naveed, Xiao-yong Zhou, Soteris Demetriou, Xiaofeng Wang, Carl A. Gunter |
| 2014 | Leveraging USB to Establish Host Identity Using Commodity Devices. Adam Bates, Ryan Leonard, Hannah Pruse, Daniel Lowd, Kevin R. B. Butler |
| 2014 | Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud. Arnar Birgisson, Joe Gibbs Politz, Úlfar Erlingsson, Ankur Taly, Michael Vrable, Mark Lentczner |
| 2014 | Nazca: Detecting Malware Distribution in Large-Scale Networks. Luca Invernizzi, Stanislav Miskovic, Ruben Torres, Christopher Kruegel, Sabyasachi Saha, Giovanni Vigna, Sung-Ju Lee, Marco Mellia |
| 2014 | Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings. Ajaya Neupane, Nitesh Saxena, Keya Kuruvilla, Michael Georgescu, Rajesh K. Kana |
| 2014 | No Direction Home: The True Cost of Routing Around Decoys. Amir Houmansadr, Edmund L. Wong, Vitaly Shmatikov |
| 2014 | On Semantic Patterns of Passwords and their Security Impact. Rafael Veras, Christopher Collins, Julie Thorpe |
| 2014 | On the Mismanagement and Maliciousness of Networks. Jing Zhang, Zakir Durumeric, Michael D. Bailey, Mingyan Liu, Manish Karir |
| 2014 | Persistent Data-only Malware: Function Hooks without Code. Sebastian Vogl, Jonas Pfoh, Thomas Kittel, Claudia Eckert |
| 2014 | PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces. Robert Templeman, Mohammed Korayem, David J. Crandall, Apu Kapadia |
| 2014 | Power Attack: An Increasing Threat to Data Centers. Zhang Xu, Haining Wang, Zichen Xu, Xiaorui Wang |
| 2014 | Practical Dynamic Searchable Encryption with Small Leakage. Emil Stefanov, Charalampos Papamanthou, Elaine Shi |
| 2014 | Practical Issues with TLS Client Certificate Authentication. Arnis Parsovs |
| 2014 | Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems. Matthias Schulz, Adrian Loch, Matthias Hollick |
| 2014 | Privacy through Pseudonymity in Mobile Telephony Systems. Myrto Arapinis, Loretta Ilaria Mancini, Eike Ritter, Mark Ryan |
| 2014 | Privacy-Preserving Distributed Stream Monitoring. Arik Friedman, Izchak Sharfman, Daniel Keren, Assaf Schuster |
| 2014 | ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks. Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding, Robert H. Deng |
| 2014 | SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps. David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin, Latifur Khan |
| 2014 | SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks. Dongseok Jang, Zachary Tatlock, Sorin Lerner |
| 2014 | Scambaiter: Understanding Targeted Nigerian Scams on Craigslist. Youngsam Park, Jackie Jones, Damon McCoy, Elaine Shi, Markus Jakobsson |
| 2014 | Screenmilker: How to Milk Your Android Screen for Secrets. Chia-Chi Lin, Hongyang Li, Xiao-yong Zhou, Xiaofeng Wang |
| 2014 | Selling off User Privacy at Auction. Lukasz Olejnik, Minh-Dung Tran, Claude Castelluccia |
| 2014 | Simulation of Built-in PHP Features for Precise Static Code Analysis. Johannes Dahse, Thorsten Holz |
| 2014 | Smartphones as Practical and Secure Location Verification Tokens for Payments. Claudio Marforio, Nikolaos Karapanos, Claudio Soriente, Kari Kostiainen, Srdjan Capkun |
| 2014 | The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. Rob Jansen, Florian Tschorsch, Aaron Johnson, Björn Scheuermann |
| 2014 | The Tangled Web of Password Reuse. Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, Xiaofeng Wang |
| 2014 | Toward Black-Box Detection of Logic Flaws in Web Applications. Giancarlo Pellegrino, Davide Balzarotti |
| 2014 | Two-Factor Authentication Resilient to Server Compromise Using Mix-Bandwidth Devices. Maliheh Shirvanian, Stanislaw Jarecki, Nitesh Saxena, Naveen Nathan |
| 2014 | Web PKI: Closing the Gap between Guidelines and Practices. Antoine Delignat-Lavaud, Martín Abadi, Andrew Birrell, Ilya Mironov, Ted Wobber, Yinglian Xie |