| 2015 | 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015. Jaeyeon Jung, Thorsten Holz |
| 2015 | A Measurement Study on Co-residence Threat inside the Cloud. Zhang Xu, Haining Wang, Zhenyu Wu |
| 2015 | A Placement Vulnerability Study in Multi-Tenant Public Clouds. Venkatanathan Varadarajan, Yinqian Zhang, Thomas Ristenpart, Michael M. Swift |
| 2015 | All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS. Mathy Vanhoef, Frank Piessens |
| 2015 | Anatomization and Protection of Mobile Apps' Location Privacy Threats. Kassem Fawaz, Huan Feng, Kang G. Shin |
| 2015 | Android Permissions Remystified: A Field Study on Contextual Integrity. Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David A. Wagner, Konstantin Beznosov |
| 2015 | Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS. Christina Garman, Kenneth G. Paterson, Thyla van der Merwe |
| 2015 | Automatic Generation of Data-Oriented Exploits. Hong Hu, Zheng Leong Chua, Sendroiu Adrian, Prateek Saxena, Zhenkai Liang |
| 2015 | Bohatei: Flexible and Elastic DDoS Defense. Seyed Kaveh Fayaz, Yoshiaki Tobioka, Vyas Sekar, Michael D. Bailey |
| 2015 | Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge. Bradley Reaves, Ethan Shernan, Adam Bates, Henry Carter, Patrick Traynor |
| 2015 | Boxify: Full-fledged App Sandboxing for Stock Android. Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, Philipp von Styp-Rekowsky |
| 2015 | CONIKS: Bringing Key Transparency to End Users. Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, Michael J. Freedman |
| 2015 | Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. Daniel Gruss, Raphael Spreitzer, Stefan Mangard |
| 2015 | Cashtags: Protecting the Input and Display of Sensitive Data. Michael Mitchell, An-I Andy Wang, Peter L. Reiher |
| 2015 | Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services. Albert Kwon, Mashael AlSabah, David Lazar, Marc Dacier, Srinivas Devadas |
| 2015 | Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. Yang Liu, Armin Sarabi, Jing Zhang, Parinaz Naghizadeh, Manish Karir, Michael D. Bailey, Mingyan Liu |
| 2015 | Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception. Frederico Araujo, Kevin W. Hamlen |
| 2015 | Constants Count: Practical Improvements to Oblivious RAM. Ling Ren, Christopher W. Fletcher, Albert Kwon, Emil Stefanov, Elaine Shi, Marten van Dijk, Srinivas Devadas |
| 2015 | Control-Flow Bending: On the Effectiveness of Control-Flow Integrity. Nicholas Carlini, Antonio Barresi, Mathias Payer, David A. Wagner, Thomas R. Gross |
| 2015 | Cookies Lack Integrity: Real-World Implications. Xiaofeng Zheng, Jian Jiang, Jinjin Liang, Hai-Xin Duan, Shuo Chen, Tao Wan, Nicholas Weaver |
| 2015 | De-anonymizing Programmers via Code Stylometry. Aylin Caliskan Islam, Richard E. Harang, Andrew Liu, Arvind Narayanan, Clare R. Voss, Fabian Yamaguchi, Rachel Greenstadt |
| 2015 | EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning. Ruowen Wang, William Enck, Douglas S. Reeves, Xinwen Zhang, Peng Ning, Dingbang Xu, Wu Zhou, Ahmed M. Azab |
| 2015 | EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services. Gianluca Stringhini, Pierre Mourlanne, Grégoire Jacob, Manuel Egele, Christopher Kruegel, Giovanni Vigna |
| 2015 | Eclipse Attacks on Bitcoin's Peer-to-Peer Network. Ethan Heilman, Alison Kendler, Aviv Zohar, Sharon Goldberg |
| 2015 | Faster Secure Computation through Automatic Parallelization. Niklas Büscher, Stefan Katzenbeisser |
| 2015 | Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale. Kai Chen, Peng Wang, Yeonjoon Lee, Xiaofeng Wang, Nan Zhang, Heqing Huang, Wei Zou, Peng Liu |
| 2015 | GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies. Mordechai Guri, Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirsky, Yuval Elovici |
| 2015 | How the ELF Ruined Christmas. Alessandro Di Federico, Amat Cama, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna |
| 2015 | In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services. Giancarlo Pellegrino, Davide Balzarotti, Stefan Winter, Neeraj Suri |
| 2015 | Investigating the Computer Security Practices and Needs of Journalists. Susan E. McGregor, Polina Charters, Tobin Holliday, Franziska Roesner |
| 2015 | LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors. Huan Feng, Kassem Fawaz, Kang G. Shin |
| 2015 | M2R: Enabling Stronger Privacy in MapReduce Computation. Tien Tuan Anh Dinh, Prateek Saxena, Ee-Chien Chang, Beng Chin Ooi, Chunwang Zhang |
| 2015 | Marionette: A Programmable Network Traffic Obfuscation System. Kevin P. Dyer, Scott E. Coull, Thomas Shrimpton |
| 2015 | Measuring Real-World Accuracies and Biases in Modeling Password Guessability. Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, Richard Shay |
| 2015 | Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem. Kyle Soska, Nicolas Christin |
| 2015 | Meerkat: Detecting Website Defacements through Image-based Object Recognition. Kevin Borgolte, Christopher Kruegel, Giovanni Vigna |
| 2015 | Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World. Bradley Reaves, Nolen Scaife, Adam Bates, Patrick Traynor, Kevin R. B. Butler |
| 2015 | Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence. Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, Davide Balzarotti |
| 2015 | Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation. David Kaloper-Mersinjak, Hannes Mehnert, Anil Madhavapeddy, Peter Sewell |
| 2015 | Phasing: Private Set Intersection Using Permutation-based Hashing. Benny Pinkas, Thomas Schneider, Gil Segev, Michael Zohner |
| 2015 | Post-Mortem of a Zombie: Conficker Cleanup After Six Years. Hadi Asghari, Michael Ciere, Michel J. G. van Eeten |
| 2015 | PowerSpy: Location Tracking Using Mobile Device Power Analysis. Yan Michalevsky, Aaron Schulman, Gunaa Arumugam Veerapandian, Dan Boneh, Gabi Nakibly |
| 2015 | Protocol State Fuzzing of TLS Implementations. Joeri de Ruiter, Erik Poll |
| 2015 | RAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal |
| 2015 | Raccoon: Closing Digital Side-Channels through Obfuscated Execution. Ashay Rane, Calvin Lin, Mohit Tiwari |
| 2015 | Reassembleable Disassembling. Shuai Wang, Pei Wang, Dinghao Wu |
| 2015 | Recognizing Functions in Binaries with Neural Networks. Eui Chul Richard Shin, Dawn Song, Reza Moazzezi |
| 2015 | Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors. Yunmok Son, Hocheol Shin, Dongkwan Kim, Young-Seok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, Yongdae Kim |
| 2015 | SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps. Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, Guofei Jiang |
| 2015 | SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization. Shouling Ji, Weiqing Li, Prateek Mittal, Xin Hu, Raheem A. Beyah |
| 2015 | Securing Self-Virtualizing Ethernet Devices. Igor Smolyar, Muli Ben-Yehuda, Dan Tsafrir |
| 2015 | Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound. Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, Srdjan Capkun |
| 2015 | TaintPipe: Pipelined Symbolic Taint Analysis. Jiang Ming, Dinghao Wu, Gaoyao Xiao, Jun Wang, Peng Liu |
| 2015 | The Pythia PRF Service. Adam Everspaugh, Rahul Chatterjee, Samuel Scott, Ari Juels, Thomas Ristenpart |
| 2015 | The Unexpected Dangers of Dynamic JavaScript. Sebastian Lekies, Ben Stock, Martin Wentzel, Martin Johns |
| 2015 | Thermal Covert Channels on Multi-core Platforms. Ramya Jayaram Masti, Devendra Rai, Aanjhan Ranganathan, Christian Müller, Lothar Thiele, Srdjan Capkun |
| 2015 | To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections. Marten Oltrogge, Yasemin Acar, Sergej Dechand, Matthew Smith, Sascha Fahl |
| 2015 | Towards Discovering and Understanding Task Hijacking in Android. Chuangang Ren, Yulong Zhang, Hui Xue, Tao Wei, Peng Liu |
| 2015 | Trends and Lessons from Three Years Fighting Malicious Extensions. Nav Jagpal, Eric Dingle, Jean-Philippe Gravel, Panayiotis Mavrommatis, Niels Provos, Moheeb Abu Rajab, Kurt Thomas |
| 2015 | Trustworthy Whole-System Provenance for the Linux Kernel. Adam Bates, Dave Tian, Kevin R. B. Butler, Thomas Moyer |
| 2015 | Type Casting Verification: Stopping an Emerging Attack Vector. Byoungyoung Lee, Chengyu Song, Taesoo Kim, Wenke Lee |
| 2015 | UIPicker: User-Input Privacy Identification in Mobile Applications. Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou, Guofei Gu, Xiaofeng Wang |
| 2015 | Under-Constrained Symbolic Execution: Correctness Checking for Real Code. David A. Ramos, Dawson R. Engler |
| 2015 | Verified Correctness and Security of OpenSSL HMAC. Lennart Beringer, Adam Petcher, Katherine Q. Ye, Andrew W. Appel |
| 2015 | Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits. Carl Sabottke, Octavian Suciu, Tudor Dumitras |
| 2015 | WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths. Terry Nelms, Roberto Perdisci, Manos Antonakakis, Mustaque Ahamad |
| 2015 | You Shouldn't Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps. Jin Chen, Haibo Chen, Erick Bauman, Zhiqiang Lin, Binyu Zang, Haibing Guan |
| 2015 | ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities. Michael Weissbacher, William K. Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna |