@inproceedings {287268, author = {Cristian-Alexandru Staicu and Sazzadur Rahaman and {\'A}gnes Kiss and Michael Backes}, title = {Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {6133--6150}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/staicu}, publisher = {USENIX Association}, month = aug } @inproceedings {291050, author = {Min Chen and Zhikun Zhang and Tianhao Wang and Michael Backes and Yang Zhang}, title = {{FACE-AUDITOR}: Data Auditing in Facial Recognition Systems}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {7195--7212}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/chen-min}, publisher = {USENIX Association}, month = aug } @inproceedings {285419, author = {Haiming Wang and Zhikun Zhang and Tianhao Wang and Shibo He and Michael Backes and Jiming Chen and Yang Zhang}, title = {{PrivTrace}: Differentially Private Trajectory Synthesis by Adaptive Markov Models}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {1649--1666}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/wang-haiming}, publisher = {USENIX Association}, month = aug } @inproceedings {291056, author = {Wai Man Si and Michael Backes and Yang Zhang and Ahmed Salem}, title = {{Two-in-One}: A Model Hijacking Attack Against Text Generation Models}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {2223--2240}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/si}, publisher = {USENIX Association}, month = aug } @inproceedings {285407, author = {Zheng Li and Ning Yu and Ahmed Salem and Michael Backes and Mario Fritz and Yang Zhang}, title = {{UnGANable}: Defending Against {GAN-based} Face Manipulation}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {7213--7230}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/li-zheng}, publisher = {USENIX Association}, month = aug } @inproceedings {281210, author = {Lukas Bieringer and Kathrin Grosse and Michael Backes and Battista Biggio and Katharina Krombholz}, title = {Industrial practitioners{\textquoteright} mental models of adversarial machine learning}, booktitle = {Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)}, year = {2022}, isbn = {978-1-939133-30-4}, address = {Boston, MA}, pages = {97--116}, url = {https://www.usenix.org/conference/soups2022/presentation/bieringer}, publisher = {USENIX Association}, month = aug } @inproceedings {277160, author = {Zhikun Zhang and Min Chen and Michael Backes and Yun Shen and Yang Zhang}, title = {Inference Attacks Against Graph Neural Networks}, booktitle = {31st USENIX Security Symposium (USENIX Security 22)}, year = {2022}, isbn = {978-1-939133-31-1}, address = {Boston, MA}, pages = {4543--4560}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-zhikun}, publisher = {USENIX Association}, month = aug } @inproceedings {277098, author = {Yugeng Liu and Rui Wen and Xinlei He and Ahmed Salem and Zhikun Zhang and Michael Backes and Emiliano De Cristofaro and Mario Fritz and Yang Zhang}, title = {{ML-Doctor}: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models}, booktitle = {31st USENIX Security Symposium (USENIX Security 22)}, year = {2022}, isbn = {978-1-939133-31-1}, address = {Boston, MA}, pages = {4525--4542}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/liu-yugeng}, publisher = {USENIX Association}, month = aug } @inproceedings {272304, author = {Jie Huang and Michael Backes and Sven Bugiel}, title = {A11y and Privacy don{\textquoteright}t have to be mutually exclusive: Constraining Accessibility Service Misuse on Android}, booktitle = {30th USENIX Security Symposium (USENIX Security 21)}, year = {2021}, isbn = {978-1-939133-24-3}, pages = {3631--3648}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/huang}, publisher = {USENIX Association}, month = aug } @inproceedings {274558, author = {Yusra Elbitar and Michael Schilling and Trung Tin Nguyen and Michael Backes and Sven Bugiel}, title = {Explanation Beats Context: The Effect of Timing \& Rationales on Users{\textquoteright} Runtime Permission Decisions}, booktitle = {30th USENIX Security Symposium (USENIX Security 21)}, year = {2021}, isbn = {978-1-939133-24-3}, pages = {785--802}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/elbitar}, publisher = {USENIX Association}, month = aug } @inproceedings {272124, author = {Zhikun Zhang and Tianhao Wang and Ninghui Li and Jean Honorio and Michael Backes and Shibo He and Jiming Chen and Yang Zhang}, title = {{PrivSyn}: Differentially Private Data Synthesis}, booktitle = {30th USENIX Security Symposium (USENIX Security 21)}, year = {2021}, isbn = {978-1-939133-24-3}, pages = {929--946}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/zhang-zhikun}, publisher = {USENIX Association}, month = aug } @inproceedings {274614, author = {Trung Tin Nguyen and Michael Backes and Ninja Marnau and Ben Stock}, title = {Share First, Ask Later (or Never?) Studying Violations of {GDPR{\textquoteright}s} Explicit Consent in Android Apps}, booktitle = {30th USENIX Security Symposium (USENIX Security 21)}, year = {2021}, isbn = {978-1-939133-24-3}, pages = {3667--3684}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/nguyen}, publisher = {USENIX Association}, month = aug } @inproceedings {263820, author = {Xinlei He and Jinyuan Jia and Michael Backes and Neil Zhenqiang Gong and Yang Zhang}, title = {Stealing Links from Graph Neural Networks}, booktitle = {30th USENIX Security Symposium (USENIX Security 21)}, year = {2021}, isbn = {978-1-939133-24-3}, pages = {2669--2686}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/he-xinlei}, publisher = {USENIX Association}, month = aug } @inproceedings {263848, author = {Marten Oltrogge and Nicolas Huaman and Sabrina Amft and Yasemin Acar and Michael Backes and Sascha Fahl}, title = {Why Eve and Mallory Still Love Android: Revisiting {TLS} ({In)Security} in Android Applications}, booktitle = {30th USENIX Security Symposium (USENIX Security 21)}, year = {2021}, isbn = {978-1-939133-24-3}, pages = {4347--4364}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/oltrogge}, publisher = {USENIX Association}, month = aug } @inproceedings {251564, author = {Stefano Calzavara and Sebastian Roth and Alvise Rabitti and Michael Backes and Ben Stock}, title = {A Tale of Two Headers: A Formal Analysis of Inconsistent {Click-Jacking} Protection on the Web}, booktitle = {29th USENIX Security Symposium (USENIX Security 20)}, year = {2020}, isbn = {978-1-939133-17-5}, pages = {683--697}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/calzavara}, publisher = {USENIX Association}, month = aug } @inproceedings {247690, author = {Ahmed Salem and Apratim Bhattacharya and Michael Backes and Mario Fritz and Yang Zhang}, title = {{Updates-Leak}: Data Set Inference and Reconstruction Attacks in Online Learning}, booktitle = {29th USENIX Security Symposium (USENIX Security 20)}, year = {2020}, isbn = {978-1-939133-17-5}, pages = {1291-1308}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/salem}, publisher = {USENIX Association}, month = aug } @inproceedings {217593, author = {Sanam Ghorbani Lyastani and Michael Schilling and Sascha Fahl and Michael Backes and Sven Bugiel}, title = {Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse}, booktitle = {27th USENIX Security Symposium (USENIX Security 18)}, year = {2018}, isbn = {978-1-939133-04-5}, address = {Baltimore, MD}, pages = {203--220}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/lyastani}, publisher = {USENIX Association}, month = aug } @inproceedings {203860, author = {Ben Stock and Martin Johns and Marius Steffens and Michael Backes}, title = {How the Web Tangled Itself: Uncovering the History of {Client-Side} Web ({In)Security}}, booktitle = {26th USENIX Security Symposium (USENIX Security 17)}, year = {2017}, isbn = {978-1-931971-40-9}, address = {Vancouver, BC}, pages = {971--987}, url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/stock}, publisher = {USENIX Association}, month = aug } @inproceedings {205863, author = {Christian Stransky and Yasemin Acar and Duc Cuong Nguyen and Dominik Wermke and Doowon Kim and Elissa M. Redmiles and Michael Backes and Simson Garfinkel and Michelle L. Mazurek and Sascha Fahl}, title = {Lessons Learned from Using an Online Platform to Conduct {Large-Scale}, Online Controlled Security Experiments with Software Developers}, booktitle = {10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 17)}, year = {2017}, address = {Vancouver, BC}, url = {https://www.usenix.org/conference/cset17/workshop-program/presentation/stransky}, publisher = {USENIX Association}, month = aug } @inproceedings {197193, author = {Michael Backes and Sven Bugiel and Erik Derr and Patrick McDaniel and Damien Octeau and Sebastian Weisgerber}, title = {On Demystifying the Android Application Framework: {Re-Visiting} Android Permission Specification Analysis}, booktitle = {25th USENIX Security Symposium (USENIX Security 16)}, year = {2016}, isbn = {978-1-931971-32-4}, address = {Austin, TX}, pages = {1101--1118}, url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/backes_android}, publisher = {USENIX Association}, month = aug } @inproceedings {197118, author = {Ben Stock and Giancarlo Pellegrino and Christian Rossow and Martin Johns and Michael Backes}, title = {Hey, You Have a Problem: On the Feasibility of {Large-Scale} Web Vulnerability Notification}, booktitle = {25th USENIX Security Symposium (USENIX Security 16)}, year = {2016}, isbn = {978-1-931971-32-4}, address = {Austin, TX}, pages = {1015--1032}, url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/stock}, publisher = {USENIX Association}, month = aug } @inproceedings {197195, author = {Michael Backes and Pascal Berrang and Anna Hecksteden and Mathias Humbert and Andreas Keller and Tim Meyer}, title = {Privacy in Epigenetics: Temporal Linkability of {MicroRNA} Expression Profiles}, booktitle = {25th USENIX Security Symposium (USENIX Security 16)}, year = {2016}, isbn = {978-1-931971-32-4}, address = {Austin, TX}, pages = {1223--1240}, url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/backes_epigenetics}, publisher = {USENIX Association}, month = aug } @inproceedings {197124, author = {Giorgi Maisuradze and Michael Backes and Christian Rossow}, title = {What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of {JIT-ROP} Defenses}, booktitle = {25th USENIX Security Symposium (USENIX Security 16)}, year = {2016}, isbn = {978-1-931971-32-4}, address = {Austin, TX}, pages = {139--156}, url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/maisuradze}, publisher = {USENIX Association}, month = aug } @inproceedings {190928, author = {Michael Backes and Sven Bugiel and Christian Hammer and Oliver Schranz and Philipp von Styp-Rekowsky}, title = {Boxify: Full-fledged App Sandboxing for Stock Android}, booktitle = {24th USENIX Security Symposium (USENIX Security 15)}, year = {2015}, isbn = {978-1-939133-11-3}, address = {Washington, D.C.}, pages = {691--706}, url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/backes}, publisher = {USENIX Association}, month = aug } @inproceedings {184465, author = {Michael Backes and Stefan N{\"u}rnberger}, title = {Oxymoron: Making {Fine-Grained} Memory Randomization Practical by Allowing Code Sharing}, booktitle = {23rd USENIX Security Symposium (USENIX Security 14)}, year = {2014}, isbn = {978-1-931971-15-7}, address = {San Diego, CA}, pages = {433--447}, url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/backes}, publisher = {USENIX Association}, month = aug } @inproceedings {267213, author = {Michael Backes and Saarland University and Max Planck Institute for Software Systems (MPI-SWS) and Markus D{\"u}rmuth and Sebastian Gerling and Manfred Pinkal and Caroline Sporleder}, title = {Acoustic {Side-Channel} Attacks on Printers}, booktitle = {19th USENIX Security Symposium (USENIX Security 10)}, year = {2010}, address = {Washington, DC}, url = {https://www.usenix.org/conference/usenixsecurity10/acoustic-side-channel-attacks-printers}, publisher = {USENIX Association}, month = aug }