CS 858 Reading List

• This reading list contains more papers than what we will be able to read and discuss in class. The actual list of presented papers will be chosen based on people's interests. Feel free to read the remaining papers on your own, like to choose a course project.
• The order in which we will discuss the papers in class will likely not correspond to the order below.
• The PDFs and their abstracts are also available in the bidding system.
• If you try to download a local copy below from a non-uWaterloo host, you will have to authenticate using your WatIAM credentials. You can also download a file with all the papers.

Implicitly Authenticating Smartphone Users

• Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes. H. Khan, U. Hengartner, and D. Vogel, MobiSys 2016. [abstract] [local]

Distributing Security Tasks among Multiple Collaborating Devices

• Low-Cost Mitigation Against Cold Boot Attacks for an Authentication Token. I. Goldberg, G. Jenkinson, and F. Stajano, ACNS 2016. [abstract] [local]
• Shatter: Using Threshold Cryptography to Protect Single Users with Multiple Devices. E. Atwater and U. Hengartner, WiSec 2016. [abstract] [local]

Analyzing Network Traffic for Information Leaks

• PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices. Y. Song and U. Hengartner, SPSM 2015. [abstract] [local]
• ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. J. Ren, A. Rao, M. Lindorfer, A. Legout, and D. Choffnes, MobiSys 2016. [abstract] [local]

Distinguishing Between Legitimate and Illegitimate Information Leaks

• Covert Communication in Mobile Applications. J. Rubin, M.I. Gordon, N. Nguyen, and M. Rinard, ASE 2015. [abstract] [local]
• Using text mining to infer the purpose of permission use in mobile apps. H. Wang, J. Hong, and Y. Guo, UbiComp 2015. [abstract] [local]

Studying Users (Un)Locking Smartphones

• Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors. S. Egelman, S. Jain, R.S. Portnoff, K. Liao, S. Consolvo, and D. Wagner, CCS 2014. [abstract] [local]
• The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens. M. Harbach, A. De Luca, and S. Egelman, CHI 2016. [abstract] [local]

Studying Deployed Smartphone Authentication Schemes

• Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption. C. Bhagavatula, B. Ur, K. Iacovino, S.M. Kywey, L.F. Cranor, and M. Savvides, USEC 2015. [abstract] [local]
• Usability and Security of Text Passwords on Mobile Devices. W. Melicher, D. Kurilova, S.M. Segreti, P. Kalvani, R. Shay, B. Ur, L. Bauer, N. Christin, L. F. Cranor, and M.L. Mazurek, CHI 2016. [abstract] [local]

Improving Smartphone Authentication

• Learning Assigned Secrets for Unlocking Mobile Devices. S. Schechter and J. Bonneau, SOUPS 2015. [abstract] [local]
• User-generated free-form gestures for authentication: security and memorability. M. Sherman, G. Clark, Y. Yang, S. Sugrim, A. Modig, J. Lindqvist, A. Oulasvirta, and T. Roos, MobiSys 2014. [abstract] [local]

Giving Up on All-or-Nothing Authentication

• Progressive Authentication: Deciding When to Authenticate on Mobile Phones. O. Riva, C. Qin, K. Strauss, and D. Lymberopoulos, USENIX Security 2012. [abstract] [local]
• SnapApp: Reducing Authentication Overhead with a Time-Constrained Fast Unlock Option. D. Buschek, F. Hartmann, E. von Zezschwitz, A. De Luca, and F. Alt, CHI 2016. [abstract] [local]

Attacking Geo-Social Services

• Where's Wally?: Precise User Discovery Attacks in Location Proximity Services. I. Polakis, G. Argyros, T. Petsios, S. Sivakom, and A.D. Keromytis, CCS 2015. [abstract] [local]
• Defending against Sybil Devices in Crowdsourced Mapping Services. G. Wang, B. Wang, T. Wang, A. Nika, H. Zheng, and B.Y. Zhao, MobiSys 2016. [abstract] [local]

Tracking People and their Devices

• Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms. M. Vanhoef, C. Matte, M. Cunche, L.S. Cardoso, and F. Piessens, ASICACCS 2016. [abstract] [local]
• On the Inference of User Paths from Anonymized Mobility Data. G. Tsoukaneri, G. Theodorakopoulos, H. Leather, and M.K. Marina, EuroS&P 2016. [abstract] [local]

More Tracking and Defending Against Tracking

• Inferring User Routes and Locations Using Zero-Permission Mobile Sensors. S. Narain, T.D. Vo-Huu, K. Block, and G. Noubir, Oakland 2016. [abstract] [local]
• Anatomization and Protection of Mobile Apps' Location Privacy Threats. K. Fawaz, H. Feng, and K.G. Shin, USENIX Security 2015. [abstract] [local]

Inferring User Input using Side Channels

• Slogger: Smashing Motion-based Touchstroke Logging with Transparent System Noise. P. Shrestha, M. Mohamed, and N. Saxena, WiSec 2016. [abstract] [local]
• Don't Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards. L. Simon, W. Xu, and R. Anderson, PETS 2016. [abstract] [local]

Studying and Helping App Developers

• Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World. B. Reaves, N. Scaife, A. Bates, P. Traynor, and K.R.B. Butler, USENIX Security 2015. [abstract] [local]
• Rethinking SSL development in an appified world. S. Fahl, M. Harbach, H. Perl, M. Koetter, and M. Smith, CCS 2013. [abstract] [local]

Studying Users Interacting with Permissions

• Android permissions: user attention, comprehension, and behavior. A.P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, SOUPS 2012. [abstract] [local]
• Android Permissions Remystified: A Field Study on Contextual Integrity. P. Wijesekera, A. Baokar, A. Hosseini, S. Egelman, D. Wagner, and K. Beznosov, USENIX Security 2015. [abstract] [local]

Developing Better Ways to Inform Users

• Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions. B. Liu, M. Schaarup Andersen, F. Schaub, H. Almuhimedi, S. Zhang, N. Sadeh, A. Acquisti, and Y. Agarwal, SOUPS 2016. [abstract] [local]
• The Impact of Timing on the Salience of Smartphone App Privacy Notices. R. Balebako, F. Schaub, I. Adjerid, A. Acquisti, and L. Cranor, SPSM 2015. [abstract] [local]

Introducing Android and Android Security

• On lightweight mobile phone application certification. W. Enck, M. Ongtang, and P. McDaniel, CCS 2009. [abstract] [local]
• A Study of Android Application Security. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, USENIX Security 2011. [abstract] [local]

Developing Taint Analysis for Android

• TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. W. Enck, P. Gilbert, B.-G. Chun, L.P. Cox, J. Jung, P. McDaniel, and A.N. Sheth, OSDI 2010. [abstract] [local]
• FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, PLDI 2014. [abstract] [local]

Analyzing Android Inter-Component Communication

• Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis. D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon, USENIX Security 2013. [abstract] [local]
• Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis. D. Octeau, S. Jha, M. Dering, P. McDaniel, A. Bartel, L. Li, J. Klein, and Y. Le Traon, POPL 2016. [abstract] [local]

Sandboxing Libraries and Apps

• Boxify: Full-fledged App Sandboxing for Stock Android. M. Backes, S. Bugiel, C. Hammer, O. Schranz, and P. von Styp-Rekowsky, USENIX Security 2015. [abstract] [local]
• FLEXDROID: Enforcing In-App Privilege Separation in Android. J. Seo, D. Kim, D. Cho, I. Shin, and T. Kim, NDSS 2016. [abstract] [local]

Studying Mobile, Targeted Advertising

• MAdScope: Characterizing Mobile In-App Targeted Ads. S. Nath, MobiSys 2015. [abstract] [local]
• The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads. W. Meng, R. Ding, S.P. Chung, S. Han, and W. Lee, NDSS 2016. [abstract] [local]

Developing Context-Aware Privacy Mechanisms

• I-Pic: A Platform for Privacy-Compliant Image Capture. P. Aditya, R. Sen, P. Druschel, S.J. Oh, R. Benenson, M. Fritz, B. Schiele, B. Bhattacharjee, and T.T. Wu, MobiSys 2016. [abstract] [local]
• ipShield: A Framework For Enforcing Context-Aware Privacy. S. Chakraborty, C. Shen, K.R. Raghavan, Y. Shoukry, M. Millar, and M. Srivastava, NSDI 2014. [abstract] [local]

Hacking the OS and Below

• Viola: Trustworthy Sensor Notifications for Enhanced Privacy on Mobile Systems. S. S. Mirzamohammadi and A.A. Sani, MobiSys 2016. [abstract] [local]
• Protecting Data on Smartphones and Tablets from Memory Attacks. P. Colp, J. Zhang, J. Gleeson, S. Suneja, E. de Lara, H. Raj, S. Saroiu, and A. Wolman, ASPLOS 2015. [abstract] [local]

Last updated: 2016-09-23 14:20:34 -0400 [validate xhtml]