Publications

Automated Generation of Models for Fast and Precise Detection of HTTP-Based Malware

2014 - Apostolis Zarras, Antonis Papadogiannakis, Robert Gawlik, Thorsten Holz

12th Annual Conference on Privacy, Security and Trust (PST), Toronto, Canada, July 2014 [PDF]

Communication Reduced Interaction Protocol between Customer, Charging Station, and Charging Station Management System

2014 - Karl-Heinz Krempels, Christoph Terwelp, Stefan Wüller, Tilman Frosch, Sevket Gökay

3rd International Conference on Smart Grids and Green IT Systems (SMARTGREENS 2014), Barcelona, Spain, April 2014

Continuous Authentication on Mobile Devices by Analysis of Typing Motion Behavior

2014 - Hugo Gascon, Sebastian Uellenbeck, Christopher Wolf, Konrad Rieck

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Vienna, Austria, March 2014 [PDF]

GraphNeighbors: Hampering Shoulder-Surfing Attacks on Smartphones

2014 - Irfan Altiok, Sebastian Uellenbeck, Thorsten Holz

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Vienna, Austria, March 2014 [PDF]

Simulation of Built-in PHP features for Precise Static Code Analysis

2014 - Johannes Dahse, Thorsten Holz

Annual Network & Distributed System Security Symposium (NDSS), San Diego, February 2014 [PDF]

Control-Flow Restrictor: Compiler-based CFI for iOS

2013 - Jannik Pewny, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013 [PDF]

k-subscription: Privacy-Preserving Microblogging Browsing through Obfuscation

2013 - Panagiotis Papadopoulos, Antonis Papadogiannakis, Michalis Polychronakis, Apostolis Zarras, Thorsten Holz, Evangelos P. Markatos

29th Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013 [PDF]

PRIME: Private RSA Infrastructure for Memory-less Encryption

2013 - Behrad Garmany, Tilo Müller

Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013 - **Best Paper Award** [PDF]

Towards Reducing the Attack Surface of Software Backdoors

2013 - Felix Schuster, Thorsten Holz

20th ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013 [PDF]

Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns

2013 - Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, Thorsten Holz

ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013 [PDF]

mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations

2013 - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang

20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013 [PDF]

Mobile Malware Detection Based on Energy Fingerprints - A Dead End?

2013 - Johannes Hoffmann, Stephan Neumann, Thorsten Holz

Research in Attacks, Intrusions and Defenses (RAID) Symposium, St. Lucia, October 2013 [PDF]

POSTER: On the Usability of Secure GUIs

2013 - Atanas Filyanov, Aysegül Nas, Melanie Volkamer, Marcel Winandy

9th Symposium on Usable Privacy and Security (SOUPS 2013), Newcastle, UK, July 24-26, 2013. [Extended Abstract] [Poster]

Preventing Backdoors In Server Applications With A Separated Software Architecture (Short Paper)

2013 - Felix Schuster, Stefan Rüster, Thorsten Holz

10th Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Berlin, July 2013 [PDF]

Standardorientierte Speicherung von verschlüsselten Dokumenten in einem XDS-Repository

2013 - Lennart Köster, Fatih Korkmaz, Marcel Winandy

Proceedings of the eHealth2013, May 23-24, Vienna, Austria, OCG, 2013.

Practical Timing Side Channel Attacks Against Kernel Space ASLR

2013 - Ralf Hund, Carsten Willems, Thorsten Holz

IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, May 2013 [pdf]

MobileSandbox: Ein Analyseframework für Android Applikationen

2013 - Michael Spreitzenbarth, Johannes Hoffmann, Hanno Lemoine, Thomas Schreck, Florian Echtler

Proceedings of the 13th Deutscher IT-Sicherheitskongress, Bonn, Germany, 2013 [PDF]

PSiOS: Bring Your Own Privacy & Security to iOS Devices

2013 - Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz

ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hangzhou, China, May 2013 - **Distinguished Paper Award** [pdf]

Mobile-Sandbox: Looking Deeper into Android Applications

2013 - Michael Spreitzenbarth, Florian Echtler, Thomas Schreck, Felix C. Freiling, Johannes Hoffmann

28th In­ter­na­tio­nal ACM Sym­po­si­um on Ap­p­lied Com­pu­ting (SAC), Coimbra, Portugal, March 2013 [pdf]

Slicing Droids: Program Slicing for Smali Code

2013 - Johannes Hoffmann, Martin Ussath, Michael Spreitzenbarth, Thorsten Holz

28th In­ter­na­tio­nal ACM Sym­po­si­um on Ap­p­lied Com­pu­ting (SAC), Co­im­bra, Por­tu­gal, March 2013 [pdf]

Down to the Bare Metal: Using Processor Features for Binary Analysis

2012 - Carsten Willems, Ralf Hund, Amit Vasudevan, Andreas Fobian, Dennis Felsch, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012 [pdf]

Using Memory Management to Detect and Extract Illegitimate Code for Malware Analysis

2012 - Carsten Willems, Felix C. Freiling, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012 [pdf]

PermissionWatcher: Creating User Awareness of Application Permissions in Mobile Systems

2012 - Eric Struse, Julian Seifert, Sebastian Uellenbeck, Enrico Rukzio, Christopher Wolf

International Joint Conference on Ambient Intelligence (AmI), Pisa, Italy, November 2012 [pdf]

Applying a Security Kernel Framework to Smart Meter Gateways

2012 - Michael Gröne, Marcel Winandy

ISSE 2012 Securing Electronic Business Processes, Highlights of the Information Security Solutions Europe 2012 Conference, pp. 252-259, Springer Vieweg, 2012.

Scriptless Attacks – Stealing the Pie Without Touching the Sill

2012 - Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk

19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012 [PDF]

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

2012 - Agnes Gawlik, Lennart Köster, Hiva Mahmoodi, Marcel Winandy

Amsterdam Privacy Conference (APC 2012), Workshop on Engineering EHR Solutions (WEES), 2012, Available at SSRN: http://ssrn.com/abstract=2457987 [online] [PDF]

B@bel: Leveraging Email Delivery for Spam Mitigation

2012 - Gianluca Stringhini, Manuel Egele, Apostolis Zarras, Thorsten Holz, Christopher Kruegel, Giovanni Vigna

21st USENIX Security Symposium, Bellevue, WA, USA, August 2012 [PDF]

On the Fragility and Limitations of Current Browser-provided Clickjacking Protection Schemes

2012 - Sebastian Lekies, Mario Heiderich, Dennis Appelt, Thorsten Holz, Martin Johns

6th USENIX Workshop on Offensive Technologies (WOOT), Bellevue, WA, August 2012 [PDF]

SmartProxy: Secure Smartphone-Assisted Login on Compromised Machines

2012 - Johannes Hoffmann, Sebastian Uellenbeck, Thorsten Holz

9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Heraklion, Greece, July 2012 [PDF]

Don’t Trust Satellite Phones: A Security Analysis of Two Satphone Standards

2012 - Benedikt Driessen, Ralf Hund, Carsten Willems, Chris­tof Paar, Thorsten Holz

IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, May 2012 - **Best Paper Award** [More Info] [PDF]

Tracking DDoS Attacks: Insights into the Business of Disrupting the Web

2012 - Armin Büscher, Thorsten Holz

5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Jose, CA, April 2012 [PDF]

Analyse und Vergleich von BckR2D2-I und II

2012 - Andreas Dewald, Felix Freiling, Thomas Schreck, Michael Spreitzenbarth, Johannes Stüttgen, Stefan Vömel, Carsten Willems

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Darmstadt, Ger­ma­ny, März 2012 [Technical Report]

MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones

2012 - Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi

Annual Network & Distributed System Security Symposium (NDSS), San Diego, February 2012 [PDF]

Flexible Patient-Controlled Security for Electronic Health Records

2012 - Thomas Hupperich, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

ACM SIGHIT International Symposium on Health Informatics (IHI), Miami, January 2012 [PDF]

Understanding Fraudulent Activities in Online Ad Exchanges

2011 - Brett Stone-Gross, Ryan Stevens, Apostolis Zarras, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna

11th ACM SIGCOMM Internet Measurement Conference (IMC), Berlin, Germany, November 2011 [PDF]

Crouching Tiger - Hidden Payload: Security Risks of Scalable Vectors Graphics

2011 - Mario Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz

18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011 [PDF]

POSTER: Control-Flow Integrity for Smartphones.

2011 - Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi, Thomas Fischer

18th ACM Conference on Computer and Communications Security (CCS'11) [Poster]

Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones

2011 - Lucas Davi, Alexandra Dmitrienko, Christoph Kowalski, Marcel Winandy

STC '11: Proceedings of the 6th ACM Workshop on Scalable Trusted Computing, pp. 49-58, ACM, 2011.

TrumanBox: Improving Dynamic Malware Analysis by Emulating the Internet

2011 - Christian Gorecki, Felix C. Freiling, Marc Kührer, Thorsten Holz

13th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Grenoble, France, October 2011 [PDF]

The Bug that made me President: A Browser- and Web-Security Case Study on Helios Voting

2011 - Mario Heiderich, Tilman Frosch, Marcus Niemietz, Jörg Schwenk

International Conference on E-voting and Identity (VoteID), 2011, Tallinn, Estonia, September 2011 [Website]

Automated Identification of Cryptographic Primitives in Binary Programs

2011 - Felix Gröbert, Carsten Willems, Thorsten Holz

14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011 [PDF]

IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM

2011 - Mario Heiderich, Tilman Frosch, Thorsten Holz

14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011 [PDF]

BotMagnifier: Locating Spambots on the Internet

2011 - Gianluca Stringhini, Thorsten Holz, Brett Stone-Gross, Christopher Kruegel, Giovanni Vigna

USENIX Security Symposium, San Francisco, CA, August 2011 [PDF]

Jackstraws: Picking Command and Control Connections from Bot Traffic

2011 - Gregoire Jacob, Ralf Hund, Christopher Kruegel, Thorsten Holz

USENIX Security Symposium, San Francisco, CA, August 2011 [PDF]

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

2011 - Atanas Filyanov, Jonathan M. McCune, Ahmad-Reza Sadeghi, Marcel Winandy

IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN 2011), pp. 1-12. IEEE Computer Society, 2011. [pdf]

Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices

2011 - Michael Becher , Felix C. Freiling, Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, Christopher Wolf

IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2011 [PDF]

MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients

2011 - Ammar Alkassar, Biljana Cubaleska, Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Med-e-Tel - Global Telemedicine and eHealth Updates: Knowledge Resources, Vol 4., pp. 385-389, ISfTeH, Luxembourg, 2011. [PDF]

The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns

2011 - Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, Giovanni Vigna

USE­NIX Work­shop on Lar­ge-Sca­le Ex­ploits and Emer­gent Thre­ats (LEET), Boston, MA, March 2011 [PDF]

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

2011 - Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy

6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), ACM, 2011.

A Security Architecture for Accessing Health Records on Mobile Phones.

2011 - Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

Proceedings of the 4th International Conference on Health Informatics (HEALTHINF 2011), pp. 87-96, SciTePress, 2011. [PDF] [Bibtex]
Page: