| 2014 | A Bayesian Approach to Privacy Enforcement in Smartphones. Omer Tripp, Julia Rubin |
| 2014 | A Large-Scale Analysis of the Security of Embedded Firmwares. Andrei Costin, Jonas Zaddach, Aurélien Francillon, Davide Balzarotti |
| 2014 | A Large-Scale Empirical Analysis of Chinese Web Passwords. Zhigong Li, Weili Han, Wenyuan Xu |
| 2014 | A Look at Targeted Attacks Through the Lense of an NGO. Stevens Le Blond, Adina Uritesc, Cédric Gilbert, Zheng Leong Chua, Prateek Saxena, Engin Kirda |
| 2014 | ASM: A Programmable Interface for Extending Android Security. Stephan Heuser, Adwait Nadkarni, William Enck, Ahmad-Reza Sadeghi |
| 2014 | Ad-Hoc Secure Two-Party Computation on Mobile Devices using Hardware Tokens. Daniel Demmler, Thomas Schneider, Michael Zohner |
| 2014 | An Internet-Wide View of Internet-Wide Scanning. Zakir Durumeric, Michael D. Bailey, J. Alex Halderman |
| 2014 | Automatically Detecting Vulnerable Websites Before They Turn Malicious. Kyle Soska, Nicolas Christin |
| 2014 | BYTEWEIGHT: Learning to Recognize Functions in Binary Code. Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, David Brumley |
| 2014 | BareCloud: Bare-metal Analysis-based Evasive Malware Detection. Dhilung Kirat, Giovanni Vigna, Christopher Kruegel |
| 2014 | Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components. Manuel Egele, Maverick Woo, Peter Chapman, David Brumley |
| 2014 | Brahmastra: Driving Apps to Test the Security of Third-Party Components. Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, David Wetherall |
| 2014 | Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns. Jonathan L. Dautrich Jr., Emil Stefanov, Elaine Shi |
| 2014 | Cardinal Pill Testing of System Virtual Machines. Hao Shi, Abdulla Alwabel, Jelena Mirkovic |
| 2014 | DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse. Brendan Saltaformaggio, Zhongshu Gu, Xiangyu Zhang, Dongyan Xu |
| 2014 | Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data. Sebastian Vogl, Robert Gawlik, Behrad Garmany, Thomas Kittel, Jonas Pfoh, Claudia Eckert, Thorsten Holz |
| 2014 | Effective Attacks and Provable Defenses for Website Fingerprinting. Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, Ian Goldberg |
| 2014 | Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM. Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, Geoff Pike |
| 2014 | Exit from Hell? Reducing the Impact of Amplification DDoS Attacks. Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz |
| 2014 | FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. Yuval Yarom, Katrina Falkner |
| 2014 | Faster Private Set Intersection Based on OT Extension. Benny Pinkas, Thomas Schneider, Michael Zohner |
| 2014 | From the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television. Yossef Oren, Angelos D. Keromytis |
| 2014 | Gyrophone: Recognizing Speech from Gyroscope Signals. Yan Michalevsky, Dan Boneh, Gabi Nakibly |
| 2014 | Hulk: Eliciting Malicious Behavior in Browser Extensions. Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, Vern Paxson |
| 2014 | JIGSAW: Protecting Resource Access by Inferring Programmer Expectations. Hayawardh Vijayakumar, Xinyang Ge, Mathias Payer, Trent Jaeger |
| 2014 | LibFTE: A Toolkit for Constructing Practical, Format-Abiding Encryption Schemes. Daniel Luchaup, Kevin P. Dyer, Somesh Jha, Thomas Ristenpart, Thomas Shrimpton |
| 2014 | Man vs. Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers. Gang Wang, Tianyi Wang, Haitao Zheng, Ben Y. Zhao |
| 2014 | Mimesis Aegis: A Mimicry Privacy Shield-A System's Approach to Data Privacy on Public Cloud. Billy Lau, Simon P. Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, Alexandra Boldyreva |
| 2014 | Never Been KIST: Tor's Congestion Management Blossoms with Kernel-Informed Socket Transport. Rob Jansen, John Geddes, Chris Wacek, Micah Sherr, Paul F. Syverson |
| 2014 | On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications. Nikolaos Karapanos, Srdjan Capkun |
| 2014 | On the Feasibility of Large-Scale Infections of iOS Devices. Tielei Wang, Yeongjin Jang, Yizheng Chen, Simon P. Chung, Billy Lau, Wenke Lee |
| 2014 | On the Practical Exploitability of Dual EC in TLS Implementations. Stephen Checkoway, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, Hovav Shacham, Matthew Fredrikson |
| 2014 | Optimizing Seed Selection for Fuzzing. Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, David Brumley |
| 2014 | Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing. Michael Backes, Stefan Nürnberger |
| 2014 | Password Managers: Attacks and Defenses. David Silver, Suman Jana, Dan Boneh, Eric Yawei Chen, Collin Jackson |
| 2014 | Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. Dinei Florêncio, Cormac Herley, Paul C. van Oorschot |
| 2014 | Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks. Qi Alfred Chen, Zhiyun Qian, Zhuoqing Morley Mao |
| 2014 | Precise Client-side Protection against DOM-based Cross-Site Scripting. Ben Stock, Sebastian Lekies, Tobias Mueller, Patrick Spiegel, Martin Johns |
| 2014 | Preventing Cryptographic Key Leakage in Cloud Virtual Machines. Erman Pattuk, Murat Kantarcioglu, Zhiqiang Lin, Huseyin Ulusoy |
| 2014 | Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon M. Lin, David Page, Thomas Ristenpart |
| 2014 | Privee: An Architecture for Automatically Analyzing Web Privacy Policies. Sebastian Zimmeck, Steven M. Bellovin |
| 2014 | Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014. Kevin Fu, Jaeyeon Jung |
| 2014 | ROP is Still Dangerous: Breaking Modern Defenses. Nicholas Carlini, David A. Wagner |
| 2014 | Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. Christopher Meyer, Juraj Somorovsky, Eugen Weiss, Jörg Schwenk, Sebastian Schinzel, Erik Tews |
| 2014 | SDDR: Light-Weight, Secure Mobile Encounters. Matthew Lentz, Viktor Erdélyi, Paarijaat Aditya, Elaine Shi, Peter Druschel, Bobby Bhattacharjee |
| 2014 | SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities. Yuchen Zhou, David Evans |
| 2014 | Scheduler-based Defenses against Cross-VM Side-channels. Venkatanathan Varadarajan, Thomas Ristenpart, Michael M. Swift |
| 2014 | Security Analysis of a Full-Body Scanner. Keaton Mowery, Eric Wustrow, Tom Wypych, Corey Singleton, Chris Comfort, Eric Rescorla, J. Alex Halderman, Hovav Shacham, Stephen Checkoway |
| 2014 | Size Does Matter: Why Using Gadget-Chain Length to Prevent Code-Reuse Attacks is Hard. Enes Göktas, Elias Athanasopoulos, Michalis Polychronakis, Herbert Bos, Georgios Portokalidis |
| 2014 | SpanDex: Secure Password Tracking for Android. Landon P. Cox, Peter Gilbert, Geoffrey Lawler, Valentin Pistol, Ali Razeen, Bi Wu, Sai Cheemalapati |
| 2014 | Static Detection of Second-Order Vulnerabilities in Web Applications. Johannes Dahse, Thorsten Holz |
| 2014 | Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, Fabian Monrose |
| 2014 | Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture. Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza |
| 2014 | TRUESET: Faster Verifiable Set Computations. Ahmed E. Kosba, Dimitrios Papadopoulos, Charalampos Papamanthou, Mahmoud F. Sayed, Elaine Shi, Nikos Triandopoulos |
| 2014 | TapDance: End-to-Middle Anticensorship without Flow Blocking. Eric Wustrow, Colleen Swanson, J. Alex Halderman |
| 2014 | Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware. Seth Hardy, Masashi Crete-Nishihata, Katharine Kleemola, Adam Senft, Byron Sonne, Greg Wiseman, Phillipa Gill, Ronald J. Deibert |
| 2014 | Telepathwords: Preventing Weak Passwords by Reading Users' Minds. Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, Stuart E. Schechter |
| 2014 | The Emperor's New Password Manager: Security Analysis of Web-based Password Managers. Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song |
| 2014 | The Long "Taile" of Typosquatting Domain Names. Janos Szurdi, Balazs Kocso, Gabor Cseh, Jonathan M. Spring, Márk Félegyházi, Chris Kanich |
| 2014 | Towards Detecting Anomalous User Behavior in Online Social Networks. Bimal Viswanath, Muhammad Ahmad Bashir, Mark Crovella, Saikat Guha, Krishna P. Gummadi, Balachander Krishnamurthy, Alan Mislove |
| 2014 | Towards Reliable Storage of 56-bit Secrets in Human Memory. Joseph Bonneau, Stuart E. Schechter |
| 2014 | Understanding the Dark Side of Domain Parking. Sumayah A. Alrwais, Kan Yuan, Eihal Alowaisheq, Zhou Li, Xiaofeng Wang |
| 2014 | When Governments Hack Opponents: A Look at Actors and Technology. William R. Marczak, John Scott-Railton, Morgan Marquis-Boire, Vern Paxson |
| 2014 | X-Force: Force-Executing Binary Programs for Security Applications. Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, Zhendong Su |
| 2014 | XRay: Enhancing the Web's Transparency with Differential Correlation. Mathias Lécuyer, Guillaume Ducoffe, Francis Lan, Andrei Papancea, Theofilos Petsios, Riley Spahn, Augustin Chaintreau, Roxana Geambasu |
| 2014 | ZØ: An Optimizing Distributing Zero-Knowledge Compiler. Matthew Fredrikson, Benjamin Livshits |
| 2014 | iSeeYou: Disabling the MacBook Webcam Indicator LED. Matthew Brocker, Stephen Checkoway |
| 2014 | ret2dir: Rethinking Kernel Isolation. Vasileios P. Kemerlis, Michalis Polychronakis, Angelos D. Keromytis |