This page contains the list of publications of our group.
Please check
individual webpages for the list
of publications of each member (including the papers published with previous affiliations).
Lost in the Loader: The Many Faces of the Windows PE File FormatSymposium on Research in Attacks, Intrusion, and Defenses (RAID) , San Sebastian
When Malware Changed Its Mind: Characterizing the Variability of Malicious and Unwanted Program Behaviors at Scale29th USENIX Security Symposium (USENIX Security 21) , Boston, MAWinner of the Best Paper Award for 2021 -- CSAW
Understanding Screaming Channels: From a Detailed Analysis to Improved AttacksIACR Transactions on Cryptographic Hardware and Embedded Systems (CHES 2020)Google Bughunter Hall of Fame Honorable Mention
SoC Security Evaluation: Reflections on Methodology and ToolingIEEE Design and Test
Finding software bugs in embedded devicesSecurity of Ubiquitous Computing Systems (Book Chapter) (to appear)
Using Loops For Malware Classification Resilient to Feature-unaware PerturbationsProceedings of the Annual Computer Security Applications Conference (ACSAC) , San Juan, Puerto Rico (acceptance rate: 22.1%)
Phishing Attacks on Modern AndroidProceedings of the 25th ACM conference on Computer and communications security (CCS) , Toronto, Canada (acceptance rate: 16.6%)
ClickShield: Are You Hiding Something? Towards Eradicating Clickjacking on AndroidProceedings of the 25th ACM conference on Computer and communications security (CCS) , Toronto, Canada (acceptance rate: 16.6%)
GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARMDetection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Paris, France (acceptance rate: 30.5%)
In the Compression Hornet's Nest: A Security Study of Data Compression in Network ServicesProceedings of the 24rd USENIX Security Symposium (USENIX Security) (acceptance rate: 15.7%)
A Large Scale Analysis of the Security of Embedded FirmwaresProceedings of the 23rd USENIX Security Symposium (USENIX Security) (acceptance rate: 19.0%)
An authentication flaw in browser-based Single Sign-On protocols: Impact and remediationsComputers \& Security
How can we determine if a device is infected or not?
Have things changed now? An empirical study on input validation vulnerabilities in web applicationsJournal on Computers & Security
A Summary of Two Practical Attacks Against Social NetworksTrustworthy Internet (Book Chapter)