Quicklinks
Prof. Dr. Dr. h.c. Michael Backes

Publications

Conference Papers

Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy
IEEE S&P
2019

Fidelius: Protecting User Secrets from Compromised Browsers
IEEE S&P
2019

MBeacon: Privacy-Preserving Beacons for DNA Methylation Data
NDSS
2019

ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models
NDSS
2019

Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse
USENIX-Security
2018

JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript
2018

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels
IEEE S&P
2018

Didn’t You Hear Me? — Towards More Successful Web Vulnerability Notifications
NDSS
2018

PRIMA: Privacy-Preserving Identity and Access Management at Internet-Scale
2018

Signatures with Flexible Public Key: Introducing Equivalence Classes for Public Keys
ASIACRYPT
2018

Dissecting Privacy Risks in Biomedical Data
IEEE EuroS&P
2018

The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
IEEE S&P
2018

Privacy-Preserving Similar Patient Queries for Combined Biomedical Data
2018

Stackelberg Planning: Towards Effective Leader-Follower State Space Search
AAAI
2018

Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
IEEE EuroS&P
2018

Tagvisor: A Privacy Advisor for Sharing Hashtags
WWW
2018

Linking Amplification DDoS Attacks to Booter Services
RAID
2017

Reconciling Privacy and Utility in Continuous-Time Diffusion Networks
CSF
2017

Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers
2017

Identifying Personal DNA Methylation Profiles by Genotype Inference
IEEE S&P
2017

Comparing the Usability of Cryptographic APIs
IEEE S&P
2017

Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security
IEEE S&P
2017

ARTist: The Android Runtime Instrumentation and Security Toolkit
IEEE EuroS&P
2017

A Novel Approach for Reasoning about Liveness in Cryptographic Protocols and its Application to Fair Exchange
IEEE EuroS&P
2017

LUNA: Quantifying and Leveraging Uncertainty in Android Malware Analysis through Bayesian Machine Learning
IEEE EuroS&P
2017

Efficient and Flexible Discovery of PHP Application Vulnerabilities
IEEE EuroS&P
2017

Who Controls the Internet? Analyzing Global Threats using Property Graph Traversals
WWW
2017

Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
NDSS
2017

Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code
NDSS
2017

How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security
USENIX-Security
2017

Seamless In-App Ad Blocking on Stock Android
2017

walk2friends: Inferring Social Links from Mobility Profiles.
CCS
2017

Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android
CCS
2017

Adversarial Examples for Malware Detection
ESORICS
2017

The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
CCS
2017

A Stitch in Time: Supporting Android Developers in Writing Secure Code
CCS
2017

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
CCS
2017

Simulating the Large-Scale Erosion of Genomic Privacy Over Time
2016

On Profile Linkability despite Anonymity in Social Media Systems
2016

Membership Privacy in MicroRNA-based Studies
CCS
2016

Reliable Third-Party Library Detection in Android and its Security Applications
CCS
2016

Computational Soundness for Dalvik Bytecode
CCS
2016

Identifying the Scan and Attack Infrastructures behind Amplification DDoS attacks
CCS
2016

Efficient Cryptographic Password Hardening Services From Partially Oblivious Commitments
CCS
2016

On the Feasibility of TTL-based Filtering for DRDoS Mitigation
RAID
2016

Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles
USENIX-Security
2016

On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis
USENIX-Security
2016

What Cannot be Read, Cannot be Leveraged? Revisiting Assumptions of JIT-ROP Defenses
USENIX-Security
2016

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
USENIX-Security
2016

Detecting Hardware-Assisted Virtualization
2016

R-Droid: Leveraging Android App Analysis with Static Slice Optimization
2016

RamCrypt: Kernel-based Address Space Encryption for User-mode Processes
2016

SoK: Lessons Learned From Android Security Research For Appified Software Platforms
IEEE S&P
2016

You Get Where You're Looking For: The Impact Of Information Sources On Code Security
IEEE S&P
2016

Implementation-level Analysis of the JavaScript Helios Voting Client
2016

How to Make ASLR Win the Clone Wars: Runtime Re-Randomization
NDSS
2016

POSTER: The ART of App Compartmentalization
CCS
2016

Anonymous RAM
ESORICS
2016

SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion
RAID
2016

POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications
CCS
2016

Your Choice MATor(s): Large-scale Quantitative Anonymity Assessment of Tor Path Selection Algorithms Against Structural Attacks
2015

POSTER: Towards Compiler-Assisted Taint Tracking on the Android Runtime (ART)
CCS
2015

POSTER: In the Net of the Spider - Measuring the Anonymity-Impact of Network-level Adversaries Against Tor
CCS
2015

Boxify: Full-fledged App Sandboxing for Stock Android
USENIX-Security
2015

Symbolic Malleable Zero-knowledge Proofs
CSF
2015

Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information
2015

ADSNARK: Nearly-Practical Privacy-Preserving Proofs on Authenticated Data
IEEE S&P
2015

PriCL: Creating a Precedent. A Framework for Reasoning about Privacy Case Law
2015

Fully Secure Inner-Product Proxy Re-Encryption with constant size Ciphertext
2015

Secrecy without Perfect Randomness: Cryptography with (Bounded) Weak Sources
2015

Computational Soundness for Interactive Primitves
ESORICS
2015

Scippa: System-Centric IPC Provenance on Android
ACSAC
2014

Android Security Framework: Extensible Multi-Layered Access Control on Android
ACSAC
2014

(Nothing else) MATor(s): Monitoring the Anonymity of Tor's Path Selection
CCS
2014

You Can Run but You Can't Read: Preventing Disclosure Exploits in Executable Code
CCS
2014

Lime: Data Lineage in the Malicious Environment
2014

Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing
USENIX-Security
2014

TUC: Time-sensitive and Modular Analysis of Anonymous Communication
CSF
2014

Asynchronous MPC with a Strict Honest Majority Using Non-equivocation
PODC
2014

WebTrust - A Comprehensive Authenticity and Integrity Framework for HTTP
2014

BackRef: Accountability in Anonymous Communication Networks
2014

X-pire 2.0 - A User-Controlled Expiration Date and Copy Protection Mechanism.
2014

Computational Soundness Results for ProVerif - Bridging the Gap from Trace Properties to Uniformity
2014

Verifiable Delegation of Computation on Outsourced Data
CCS
2013

Using Mobile Device Communication to Strengthen e-Voting Protocols
2013

AppGuard – Fine-grained Policy Enforcement for Untrusted Android Applications
2013

Differentially Private Smart Metering with Battery Recharging
2013

AnoA: A Framework For Analyzing Anonymous Communication Protocols
CSF
2013

Computational Soundness of Symbolic Zero-Knowledge Proofs: Weaker Assumptions and Mechanized Verification
2013

Preventing Side-Channel Leaks in Web Traffic: A Formal Approach
NDSS
2013

Asynchronous Computational VSS with Reduced Communication Complexity
2013

Privacy-Preserving Accountable Computation
ESORICS
2013

AnoA: A Framework for Analyzing Anonymous Communication Protocols
2013

Idea: Callee-Site Rewriting of Sealed System Libraries
2013

Computational Soundness without Protocol Restrictions
CCS
2012

Ace: An Efficient Key-Exchange Protocol for Onion Routing
2012

Brief announcement: distributed cryptography using trinc
PODC
2012

Verified Security of Merkle-Damgård
CSF
2012

ObliviAd: Provably Secure and Practical Online Behavioral Advertising
IEEE S&P
2012

Automated Synthesis of Secure Distributed Applications
NDSS
2012

Computational Soundness of Symbolic Zero-knowledge Proofs: Weaker Assumptions and Mechanized Verification
2012

On the Development and Formalization of an Extensible Code Generator for Real Life Security Protocols
2012

Adding query privacy to robust DHTs
2012

Provably Secure and Practical Onion Routing
CSF
2012

Diffusion-Based Image Compression in Steganography
2012

SAFE Extensibility of Data-Driven Web Applications
WWW
2012

A Security API for Distributed Social Networks
NDSS
2011

Non-Uniform Distributions in Quantitative Information-Flow
2011

Union and Intersection Types for Secure Protocol Implementations
2011

Automatically Verifying Typing Constraints for a Data Processing Language
2011

Computational Verifiable Secret Sharing Revisited
ASIACRYPT
2011

Securing social networks
PODC
2011

G2C: Cryptographic Protocols from Goal-Driven Specifications
2011

RatFish: A File Sharing Protocol Provably Secure Against Rational Users
2010

Speaker Recognition in Encrypted Voice-over-IP Traffic
2010

Acoustic Side-Channel Attacks of Printers
USENIX-Security
2010

Anonymity and Trust in Distributed Systems
PODC
2010

Anonymous Webs of Trust
2010

Computationally Sound Abstraction and Verification of Secure Multi-Party Computations
2010

Computationally Sound Verification of Source Code
CCS
2010

Tempest in a Teapot: Compromising Reflections Revisited
2009

CSAR: A practical and provable technique to make randomized systems accountable
NDSS
2009

Achieving Security Despite Compromise Using Zero-knowledge
CSF
2009

Anonymous and Censorship-resistant Content-sharing in Unstructured Overlays
2009

Anonymity and Censorship Resistance in Unstructured Overlay Networks
2009

CoSP: a general framework for computational soundness proofs
CCS
2009

Automatic Discovery and Quantification of Information Leaks
2009

Design and Verification of Anonymous Trust Protocols
2009

A Formal Language for Cryptographic Pseudocode
2008

Compromising Reflections or How to Read LCD Monitors Around the Corner
2008

OAEP is Secure Under Key-dependent Messages
2008

Brief Announcement: Anonymous and Censorship-resistant Content-sharing in Unstructured Overlays
PODC
2008

Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-calculus
CSF
2008

Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks
2008

CASPA: Causality-based Abstraction for Security Protocol Analysis
CAV
2008

Type-checking zero-knowledge
CCS
2008

Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol
IEEE S&P
2008

Computational Soundness of Symbolic Zero-Knowledge Proofs Against Active Attackers
CSF
2008

Limits of Constructive Security Proofs
2008

A Calculus of Challenges and Responses
2007

Causality-based Abstraction of Multiplicity in Security Protocols
CSF
2007

On Simulatability Soundness and Mapping Soundness of Symbolic Cryptography
2007

Information Flow in the Peer-Reviewing Process (extended abstract)
2007

On the Necessity of Rewinding in Secure Multiparty Computation
2007

Key-dependent Message Security under Active Attacks - BRSIM/UC-Soundness of Symbolic Encryption with Key Cycles
CSF
2007

Secure Key-Updating for Lazy Revocation
2006

Cryptographically Sound Security Proofs for Basic and Public-key Kerberos
2006

Conditional Reactive Simulatability
2006

Computationally Sound Secrecy Proofs by Mechanized Flow Analysis
CCS
2006

Symbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario
2006

On the Cryptographic Key Secrecy of the Strengthened Yahalom Protocol
2006

Formal Methods and Cryptography
2006

Limits of the Reactive Simulatability/UC of Dolev-Yao Models with Hashes
2006

Cryptographically Sound Theorem Proving
2006

Quantifying Probabilistic Information Flow in Computational Reactive Systems
2005

Public-Key Steganography with Active Attacks
2005

Lazy Revocation in Cryptographic File Systems
2005

Anonymous yet accountable access control
2005

Compositional Analysis of Contract Signing Protocols
2005

A Cryptographically Sound Dolev-Yao Style Security Proof of an Electronic Payment System
2005

Tailoring the Dolev-Yao Abstraction to Web Services Realities - A Comprehensive Wish List
2005

On Fairness in Simulatability-based Cryptographic Systems
2005

Limits of the Cryptographic Realization of Dolev-Yao-style XOR
2005

Relating Symbolic and Cryptographic Secrecy
2005

A Cryptographically Sound Dolev-Yao Style Security Proof of the Otway-Rees Protocol
2004

Efficient Comparison of Enterprise Privacy Policies
2004

Unification in Privacy Policy Evaluation - Translating EPAL to Prolog
2004

An Algebra for Composing Enterprise Privacy Policies
2004

How to Break and Repair a Universally Composable Signature Functionality
2004

Symmetric Encryption in a Simulatable Dolev-Yao Style Cryptographic Library
2004

A General Composition Theorem for Secure Reactive System
2004

Low-level Ideal Signatures and General Integrity Idealization
2004

Unifying Simulatability Definitions in Cryptographic Systems under Different Timing Assumptions (Extended Abstract)
2003

Reliable broadcast in a computational hybrid model with Byzantine faults, crashes, and recoveries
2003

Proactive Secure Message Transmission in Asynchronous Networks
2003

Cryptographically Sound and Machine-Assisted Verification of Security Protocols
2003

A Cryptographically Sound Security Proof of the Needham-Schroeder-Lowe Public-Key Protocol
2003

Intransitive Non-Interference for Cryptographic Purposes
2003

A Toolkit for Managing Enterprise Privacy Policies
2003

A Composable Cryptographic Library with Nested Operations
CCS
2003

Reactively Secure Signature Schemes
2003

Security in Business Process Engineering
2003

Symmetric Authentication Within a Simulatable Cryptographic Library
2003

From Absence of Certain Vulnerabilities towards Security Proofs - Pushing the Limits of Formal Verification
2003

Deriving Cryptographically Sound Implementations Using Composition and Formally Verified Bisimulation
2002

Computational Probabilistic Non-Interference
2002

Polynomial Fairness and Liveness
2002

Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy
IEEE S&P
2019

Fidelius: Protecting User Secrets from Compromised Browsers
IEEE S&P
2019

MBeacon: Privacy-Preserving Beacons for DNA Methylation Data
NDSS
2019

ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models
NDSS
2019

Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse
USENIX-Security
2018

JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript
2018

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels
IEEE S&P
2018

Didn’t You Hear Me? — Towards More Successful Web Vulnerability Notifications
NDSS
2018

PRIMA: Privacy-Preserving Identity and Access Management at Internet-Scale
2018

Signatures with Flexible Public Key: Introducing Equivalence Classes for Public Keys
ASIACRYPT
2018

Dissecting Privacy Risks in Biomedical Data
IEEE EuroS&P
2018

The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
IEEE S&P
2018

Privacy-Preserving Similar Patient Queries for Combined Biomedical Data
2018

Stackelberg Planning: Towards Effective Leader-Follower State Space Search
AAAI
2018

Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
IEEE EuroS&P
2018

Tagvisor: A Privacy Advisor for Sharing Hashtags
WWW
2018

Linking Amplification DDoS Attacks to Booter Services
RAID
2017

Reconciling Privacy and Utility in Continuous-Time Diffusion Networks
CSF
2017

Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers
2017

Identifying Personal DNA Methylation Profiles by Genotype Inference
IEEE S&P
2017

Comparing the Usability of Cryptographic APIs
IEEE S&P
2017

Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security
IEEE S&P
2017

ARTist: The Android Runtime Instrumentation and Security Toolkit
IEEE EuroS&P
2017

A Novel Approach for Reasoning about Liveness in Cryptographic Protocols and its Application to Fair Exchange
IEEE EuroS&P
2017

LUNA: Quantifying and Leveraging Uncertainty in Android Malware Analysis through Bayesian Machine Learning
IEEE EuroS&P
2017

Efficient and Flexible Discovery of PHP Application Vulnerabilities
IEEE EuroS&P
2017

Who Controls the Internet? Analyzing Global Threats using Property Graph Traversals
WWW
2017

Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
NDSS
2017

Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code
NDSS
2017

How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security
USENIX-Security
2017

Seamless In-App Ad Blocking on Stock Android
2017

walk2friends: Inferring Social Links from Mobility Profiles.
CCS
2017

Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android
CCS
2017

Adversarial Examples for Malware Detection
ESORICS
2017

The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
CCS
2017

A Stitch in Time: Supporting Android Developers in Writing Secure Code
CCS
2017

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
CCS
2017

Simulating the Large-Scale Erosion of Genomic Privacy Over Time
2016

On Profile Linkability despite Anonymity in Social Media Systems
2016

Membership Privacy in MicroRNA-based Studies
CCS
2016

Reliable Third-Party Library Detection in Android and its Security Applications
CCS
2016

Computational Soundness for Dalvik Bytecode
CCS
2016

Identifying the Scan and Attack Infrastructures behind Amplification DDoS attacks
CCS
2016

Efficient Cryptographic Password Hardening Services From Partially Oblivious Commitments
CCS
2016

On the Feasibility of TTL-based Filtering for DRDoS Mitigation
RAID
2016

Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles
USENIX-Security
2016

On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis
USENIX-Security
2016

What Cannot be Read, Cannot be Leveraged? Revisiting Assumptions of JIT-ROP Defenses
USENIX-Security
2016

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
USENIX-Security
2016

Detecting Hardware-Assisted Virtualization
2016

R-Droid: Leveraging Android App Analysis with Static Slice Optimization
2016

RamCrypt: Kernel-based Address Space Encryption for User-mode Processes
2016

SoK: Lessons Learned From Android Security Research For Appified Software Platforms
IEEE S&P
2016

You Get Where You're Looking For: The Impact Of Information Sources On Code Security
IEEE S&P
2016

Implementation-level Analysis of the JavaScript Helios Voting Client
2016

How to Make ASLR Win the Clone Wars: Runtime Re-Randomization
NDSS
2016

POSTER: The ART of App Compartmentalization
CCS
2016

Anonymous RAM
ESORICS
2016

SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion
RAID
2016

POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications
CCS
2016

Your Choice MATor(s): Large-scale Quantitative Anonymity Assessment of Tor Path Selection Algorithms Against Structural Attacks
2015

POSTER: Towards Compiler-Assisted Taint Tracking on the Android Runtime (ART)
CCS
2015

POSTER: In the Net of the Spider - Measuring the Anonymity-Impact of Network-level Adversaries Against Tor
CCS
2015

Boxify: Full-fledged App Sandboxing for Stock Android
USENIX-Security
2015

Symbolic Malleable Zero-knowledge Proofs
CSF
2015

Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information
2015

ADSNARK: Nearly-Practical Privacy-Preserving Proofs on Authenticated Data
IEEE S&P
2015

PriCL: Creating a Precedent. A Framework for Reasoning about Privacy Case Law
2015

Fully Secure Inner-Product Proxy Re-Encryption with constant size Ciphertext
2015

Secrecy without Perfect Randomness: Cryptography with (Bounded) Weak Sources
2015

Computational Soundness for Interactive Primitves
ESORICS
2015