| 2016 | 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016. Thorsten Holz, Stefan Savage |
| 2016 | A Comprehensive Measurement Study of Domain Generating Malware. Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader, Elmar Gerhards-Padilla |
| 2016 | APISan: Sanitizing API Usages through Semantic Cross-Checking. Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, Mayur Naik |
| 2016 | ARMageddon: Cache Attacks on Mobile Devices. Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, Stefan Mangard |
| 2016 | All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption. Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou |
| 2016 | An Empirical Study of Textual Key-Fingerprint Representations. Sergej Dechand, Dominik Schürmann, Karoline Busse, Yasemin Acar, Sascha Fahl, Matthew Smith |
| 2016 | An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries. Dennis Andriesse, Xi Chen, Victor van der Veen, Asia Slowinska, Herbert Bos |
| 2016 | Ariadne: A Minimal Approach to State Continuity. Raoul Strackx, Frank Piessens |
| 2016 | AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels. Bradley Reaves, Logan Blue, Patrick Traynor |
| 2016 | Authenticated Network Time Synchronization. Benjamin Dowling, Douglas Stebila, Greg Zaverucha |
| 2016 | Automatically Detecting Error Handling Bugs Using Error Specifications. Suman Jana, Yuan Jochen Kang, Samuel Roth, Baishakhi Ray |
| 2016 | DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard |
| 2016 | DROWN: Breaking TLS Using SSLv2. Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, Yuval Shavitt |
| 2016 | Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage. Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, Michael Rushanan |
| 2016 | Defending against Malicious Peripherals with Cinch. Sebastian Angel, Riad S. Wahby, Max Howald, Joshua B. Leners, Michael Spilo, Zhen Sun, Andrew J. Blumberg, Michael Walfish |
| 2016 | Egalitarian Computing. Alex Biryukov, Dmitry Khovratovich |
| 2016 | Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, Bryan Ford |
| 2016 | Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks. William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor |
| 2016 | Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution. Peter Rindal, Mike Rosulek |
| 2016 | Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. Kyong-Tak Cho, Kang G. Shin |
| 2016 | Flip Feng Shui: Hammering a Needle in the Software Stack. Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, Herbert Bos |
| 2016 | FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, Atul Prakash |
| 2016 | Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis. Yousra Aafer, Xiao Zhang, Wenliang Du |
| 2016 | Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification. Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, Michael Backes |
| 2016 | Hidden Voice Commands. Nicholas Carlini, Pratyush Mishra, Tavish Vaidya, Yuankai Zhang, Micah Sherr, Clay Shields, David A. Wagner, Wenchao Zhou |
| 2016 | Identifying and Characterizing Sybils in the Tor Network. Philipp Winter, Roya Ensafi, Karsten Loesing, Nick Feamster |
| 2016 | Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016. Ada Lerner, Anna Kornfeld Simpson, Tadayoshi Kohno, Franziska Roesner |
| 2016 | Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software. Kurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-André Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, Elie Bursztein, Damon McCoy |
| 2016 | Lock It and Still Lose It - on the (In)Security of Automotive Remote Keyless Entry Systems. Flavio D. Garcia, David F. Oswald, Timo Kasper, Pierre Pavlidès |
| 2016 | Making USB Great Again with USBFILTER. Dave (Jing) Tian, Nolen Scaife, Adam Bates, Kevin R. B. Butler, Patrick Traynor |
| 2016 | Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services. Platon Kotzias, Leyla Bilge, Juan Caballero |
| 2016 | Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks. Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti |
| 2016 | Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud. Frederik Armknecht, Ludovic Barman, Jens-Matthias Bohli, Ghassan O. Karame |
| 2016 | OblivP2P: An Oblivious Peer-to-Peer Content Sharing System. Yaoqi Jia, Tarik Moataz, Shruti Tople, Prateek Saxena |
| 2016 | Oblivious Multi-Party Machine Learning on Trusted Processors. Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, Manuel Costa |
| 2016 | Off-Path TCP Exploits: Global Rate Limit Considered Dangerous. Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel |
| 2016 | On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. Michael Backes, Sven Bugiel, Erik Derr, Patrick D. McDaniel, Damien Octeau, Sebastian Weisgerber |
| 2016 | On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities. Santiago Torres-Arias, Anil Kumar Ammula, Reza Curtmola, Justin Cappos |
| 2016 | One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Radu Teodorescu |
| 2016 | Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants. Karel Bartos, Michal Sofka, Vojtech Franc |
| 2016 | PIkit: A New Kernel-Independent Processor-Interconnect Rootkit. WonJun Song, Hyunwoo Choi, Junhong Kim, Eunsoo Kim, Yongdae Kim, John Kim |
| 2016 | Poking Holes in Information Hiding. Angelos Oikonomopoulos, Elias Athanasopoulos, Herbert Bos, Cristiano Giuffrida |
| 2016 | Post-quantum Key Exchange - A New Hope. Erdem Alkim, Léo Ducas, Thomas Pöppelmann, Peter Schwabe |
| 2016 | Practical DIFC Enforcement on Android. Adwait Nadkarni, Benjamin Andow, William Enck, Somesh Jha |
| 2016 | Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys. Mathy Vanhoef, Frank Piessens |
| 2016 | Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles. Michael Backes, Pascal Berrang, Anna Hecksteden, Mathias Humbert, Andreas Keller, Tim Meyer |
| 2016 | Protecting Privacy of BLE Device Users. Kassem Fawaz, Kyu-Han Kim, Kang G. Shin |
| 2016 | Request and Conquer: Exposing Cross-Origin Resource Size. Tom van Goethem, Mathy Vanhoef, Frank Piessens, Wouter Joosen |
| 2016 | Sanctum: Minimal Hardware Extensions for Strong Software Isolation. Victor Costan, Ilia A. Lebedev, Srinivas Devadas |
| 2016 | Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images. Brendan Saltaformaggio, Rohit Bhatia, Xiangyu Zhang, Dongyan Xu, Golden G. Richard III |
| 2016 | Secure, Precise, and Fast Floating-Point Operations on x86 Processors. Ashay Rane, Calvin Lin, Mohit Tiwari |
| 2016 | Specification Mining for Intrusion Detection in Networked Control Systems. Marco Caselli, Emmanuele Zambon, Johanna Amann, Robin Sommer, Frank Kargl |
| 2016 | Stealing Machine Learning Models via Prediction APIs. Florian Tramèr, Fan Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart |
| 2016 | The Cut-and-Choose Game and Its Application to Cryptographic Protocols. Ruiyu Zhu, Yan Huang, Jonathan Katz, Abhi Shelat |
| 2016 | The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO. Kun Du, Hao Yang, Zhou Li, Hai-Xin Duan, Kehuan Zhang |
| 2016 | The Million-Key Question - Investigating the Origins of RSA Public Keys. Petr Svenda, Matús Nemec, Peter Sekan, Rudolf Kvasnovský, David Formánek, David Komárek, Vashek Matyás |
| 2016 | Thoth: Comprehensive Policy Compliance in Data Retrieval Systems. Eslam Elnikety, Aastha Mehta, Anjo Vahldiek-Oberwagner, Deepak Garg, Peter Druschel |
| 2016 | Towards Measuring and Mitigating Social Engineering Software Download Attacks. Terry Nelms, Roberto Perdisci, Manos Antonakakis, Mustaque Ahamad |
| 2016 | Tracing Information Flows Between Ad Exchanges Using Retargeted Ads. Muhammad Ahmad Bashir, Sajjad Arshad, William K. Robertson, Christo Wilson |
| 2016 | Trusted Browsers for Uncertain Times. David Kohlbrenner, Hovav Shacham |
| 2016 | UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. Amin Kharraz, Sajjad Arshad, Collin Mulliner, William K. Robertson, Engin Kirda |
| 2016 | Undermining Information Hiding (and What to Do about It). Enes Göktas, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, Herbert Bos |
| 2016 | Verifying Constant-Time Implementations. José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Michael Emmi |
| 2016 | Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos. Yi Xu, True Price, Jan-Michael Frahm, Fabian Monrose |
| 2016 | Website-Targeted False Content Injection by Network Operators. Gabi Nakibly, Jaime Schcolnik, Yossi Rubin |
| 2016 | What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses. Giorgi Maisuradze, Michael Backes, Christian Rossow |
| 2016 | You Are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and Behaviors. Neil Zhenqiang Gong, Bin Liu |
| 2016 | You've Got Vulnerability: Exploring Effective Vulnerability Notifications. Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael D. Bailey, Damon McCoy, Stefan Savage, Vern Paxson |
| 2016 | ZKBoo: Faster Zero-Knowledge for Boolean Circuits. Irene Giacomelli, Jesper Madsen, Claudio Orlandi |
| 2016 | fTPM: A Software-Only Implementation of a TPM Chip. Himanshu Raj, Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner, Kinshuman Kinshumann, Jork Löser, Dennis Mattoon, Magnus Nyström, David Robinson, Rob Spiger, Stefan Thom, David Wooten |
| 2016 | k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. Jamie Hayes, George Danezis |
| 2016 | zxcvbn: Low-Budget Password Strength Estimation. Daniel Lowe Wheeler |
| 2016 | überSpark: Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor. Amit Vasudevan, Sagar Chaki, Petros Maniatis, Limin Jia, Anupam Datta |