Publications

Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security. 45th IEEE Symposium on Security and Privacy (SP'24), 2024.
TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors. Financial Cryptography and Data Security (FC'23), 2023.
A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites. 30th Annual Network & Distributed System Security Symposium (NDSS'23), 2023.
Explanation Beats Context: The Effect of Timing & Rationales on Users' Runtime Permission Decisions. 30th USENIX Security Symposium (USENIX Sec'21), 2021.
Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework. 28th Annual Network & Distributed System Security Symposium (NDSS'21), 2021.
A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on Android. 31st USENIX Security Symposium (USENIX Security ‘21), 2021.
Up2Dep: Android Tool Support to Fix Insecure Code Dependencies. 36th Annual Computer Security Applications Conference (ACSAC'20), 2020.
Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication. 41st IEEE Symposium on Security and Privacy (SP ‘20), 2020.
Up-To-Crash: Evaluating Third-Party Library Updatability on Android. 4th IEEE European Symposium on Security and Privacy (EuroSP'19), 2019.
simTPM: User-centric TPM for Mobile Devices. 29th USENIX Security Symposium (USENIX Security ‘19), 2019.
Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy. 40th IEEE Symposium on Security and Privacy (SP ‘19), 2019.
Secure Multi-execution in Android. 34th Symposium on Applied Computing (SAC ‘19), 2019.
DroidCap: OS Support for Capability-based Permissions in Android. 26th Annual Network & Distributed System Security Symposium (NDSS ‘19), 2019.
The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators. 39th IEEE Symposium on Security and Privacy (SP ‘18), 2018.
Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. 28th USENIX Security Symposium (USENIX Security ‘18), 2018.
The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android. 24th ACM Conference on Computer and Communication Security (CCS'17), 2017.
Seamless In-App Ad Blocking on Stock Android. Mobile Security Technologies (MOST) 2017 Workshop, 2017.
Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android. 24th ACM Conference on Computer and Communication Security (CCS'17), 2017.
ARTist: The Android Runtime Instrumentation and Security Toolkit. 2nd IEEE European Symposium on Security and Privacy (EuroSP'17), 2017.
SoK: Lessons Learned From Android Security Research For Appified Software Platforms. 37th IEEE Symposium on Security and Privacy (SP'16), 2016.
Reliable Third-Party Library Detection in Android and its Security Applications. 23rd ACM Conference on Computer and Communications Security (CCS'16), 2016.
R-Droid: Leveraging Android App Analysis with Static Slice Optimization. 11th ACM Asia Conference on Computer and Communications Security (ASIACCS ‘16), 2016.
On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. 26th USENIX Security Symposium (USENIX Sec'16), 2016.
Boxify: Full-fledged App Sandboxing for Stock Android. 24th USENIX Security Symposium (USENIX Sec'15), 2015.
Scippa: System-Centric IPC Provenance on Android. 30th Annual Computer Security Applications Conference (ACSAC'14), 2014.
Android Security Framework: Extensible Multi-Layered Access Control on Android. 30th Annual Computer Security Applications Conference (ACSAC'14), 2014.
Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies. 22nd USENIX Security Symposium (USENIX Sec'13), 2013.
Client-controlled Cryptography-as-a-Service in the Cloud. 11th International Conference on Applied Cryptography and Network Security (ACNS'13), 2013.
Advances in Mobile Security. 8th Future Security 2013. Security Research Conference, 2013.
Towards Taming Privilege-Escalation Attacks on Android. 19th Annual Network & Distributed System Security Symposium (NDSS'12), 2012.
Softer Smartcards: Usable Cryptographic Tokens with Secure Execution. Financial Cryptography and Data Security (FC'12), 2012.
Twin Clouds: Secure Cloud Computing with Low Latency. Communications and Multimedia Security Conference (CMS'11), 2011.
Twin Clouds: An Architecture for Secure Cloud Computing (Extended Abstract). Workshop on Cryptography and Security in Clouds (CSC'11), 2011.
Scalable Trust Establishment with Software Reputation. 6th Annual Workshop on Scalable Trusted Computing (STC'11), 2011.
Practical and Lightweight Domain Isolation on Android. 1st ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM'11), 2011.
AmazonIA: When Elasticity Snaps Back. 18th ACM Conference on Computer and Communications Security (CCS'11), 2011.
TruWalletM: Secure Web Authentication on Mobile Platforms. 2nd Conference on Trusted Systems (INTRUST'10), 2010.
Implementing an Application-Specific Credential Platform Using Late-Launched Mobile Trusted Module. 5th Annual Workshop on Scalable Trusted Computing (STC'10), 2010.
Trust in a Small Package: Minimized MRTM Software Implementation for Mobile Secure Environments. 4th Annual Workshop on Scalable Trusted Computing (STC'09), 2009.