CS 858 Reading List

• This reading list contains more papers than what we will be able to read and discuss in class. The actual list of presented papers will be chosen based on people's interests. Feel free to read the remaining papers on your own, like to choose a course project.
• The order in which we will discuss the papers in class will likely not correspond to the order below.
• The PDFs and their abstracts are also available in the bidding system.
• If you try to download a local copy below from a non-uWaterloo host, you will have to authenticate using your WatIAM credentials. You can also download a file with all the papers.

Examining Permissions

• On Lightweight Mobile Phone Application Certification. Enck et al., CCS 2009. [local]
• Android Permissions Demystified. Felt et al., CCS 2011. [local]

Detecting Privacy Leaks

• TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Enck et al., OSDI 2010. [local]
• PiOS: Detecting Privacy Leaks in iOS Applications. Egele et al., NDSS 2011. [local]

Managing Privacy Leaks I

• “These Aren’t the Droids You’re Looking For”: Retrofitting Android to Protect Data from Imperious Applications. Hornyack et al., CCS 2011. [local]
• Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications. Jeon et al., SPSM 2012. [local]

Managing Privacy Leaks II

• Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies. Bugiel et al., USENIX Security 2013. [local]
• “Little Brothers Watching You:” Raising Awareness of Data Leaks on Smartphones. Balebako et al., SOUPS 2013. [local]

Studying Users and Permissions

• Android Permissions: User Attention, Comprehension, and Behavior. Felt et al., SOUPS 2012. [local]
• Privacy as Part of the App Decision-Making Process. Kelley et al., CHI 2013. [local]

Crowdsourcing Permission Expectations

• Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing. Lin et al., Ubicomp 2012. [local]
• ProtectMyPrivacy: Detecting and Mitigating Privacy Leaks on iOS Devices Using Crowdsourcing. Agarwal et al., MobiSys 2013. [local]

Privilege Escalation

• Permission Re-Delegation: Attacks and Defenses. Felt et al., USENIX Security 2011. [local]
• QUIRE: Lightweight Provenance for Smart Phone Operating Systems. Dietz et al., USENIX Security 2011. [local]

Advertising

• AdSplit: Separating Smartphone Advertising from Applications. Shekhar et al., USENIX Security 2012. [local]
• AdDroid: privilege separation for applications and advertisers in Android. Pearce et al., ASIACCS 2012. [local]

Control-flow Attacks

• Jekyll on iOS: When Benign Apps Become Evil. Wang et al., USENIX Security 2013. [local]
• MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones. Davi et al., NDSS 2012. [local]

Side-channel and Covert-channel Attacks

• TapLogger: Inferring User Inputs On Smartphone Touchscreens Using On-board Motion Sensors. Xu et al., WiSec 2012. [local]
• Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. Schlegel et al., NDSS 2011. [local]

Device Theft

• Keypad: An Auditing File System for Theft-Prone Devices. Geambasu et al., EuroSys 2011. [local]
• CleanOS: Limiting Mobile Data Exposure with Idle Eviction. Tang et al., OSDI 2012. [local]

New Architectures I

• Cells: A Virtual Mobile Smartphone Architecture. Andrus et al., SOSP 2011. [local]
• πBox: A Platform for Privacy-Preserving Apps. Lee et al., NSDI 2013. [local]

New Architectures II

• Koi: A Location-Privacy Platform for Smartphone Apps. Guha et al., NSDI 2012. [local]
• Opaak: Using Mobile Phones to Limit Anonymous Identities Online. Maganis et al., MobisSys 2012. [local]

Studying Users

• Goldilocks and the Two Mobile Devices: Going Beyond All-Or-Nothing Access to a Device’s Applications. Hayashi et al., SOUPS 2012. [local]
• Choice Architecture and Smartphone Privacy: There’s A Price for That. Egelman et al., WEIS 2012. [local]

Authentication

• Progressive Authentication: Deciding When to Authenticate on Mobile Phones. Riva et al., USENIX Security 2012. [local]
• Unobservable Re-authentication for Smartphones. Li et al., NDSS 2013. [local]

Privacy-preserving Data Processing

• Cloud-Enabled Privacy-Preserving Collaborative Learning for Mobile Sensing. Liu et al., SenSys 2012. [local]
• MaskIt: Privately Releasing User Context Streams for Personalized Mobile Applications. Götz et al., SIGMOD 2012. [local]

SSL / Cryptography

• Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security. Fahl et al., CCS 2012. [local]
• MITHYS: Mind The Hand You Shake - Protecting mobile devices from SSL usage vulnerabilities. Conti et al., STM 2013. [local]
• An Empirical Study of Cryptographic Misuse in Android Applications. Egele et al., CCS 2013. [local]

Location Sharing

• Adaptive Information-Sharing for Privacy-Aware Mobile Social Networks. Bilogrevic et al., Ubicomp 2013. [local]
• Privacy Manipulation and Acclimation in a Location Sharing Application. Wilson et al., Ubicomp 2013. [local]

Last updated: 2013-11-09 13:53:18 -0500 [validate xhtml]