Publications

October 15th, 2017

My Google Scholar profile is available here.

Conference Publications

Ex-Ray: Detection of History-Leaking Browser Extensions
Michael Weissbacher, Enrico Mariconti, Guillermo Suarez-Tangil, Gianluca Stringhini, William Robertson, Engin Kirda
Annual Computer Security Applications Conference (ACSAC)
San Juan, Puerto Rico
Paper. Bibtex.
Acceptance rate: 19.7%, 48/244

Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna
ACM Conference on Computer and Communications Security (CCS)
Dallas, Texas, USA, October 2017
Paper. Bibtex.
Acceptance rate: 17.9%, 151/843

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Michael Weissbacher, William Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna
USENIX Security Symposium (USENIX)
Washington DC, USA, August 2015
Paper. Bibtex. Slides.
Acceptance rate: 15.7%, 67/426

BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications
Ahmet Talha Ozcan, Can Gemicioglu, Kaan Onarlioglu, Michael Weissbacher, Collin Mulliner, William Robertson, Engin Kirda.
Financial Cryptography and Data Security (FC)
Isla Verde, Puerto Rico, January 2015
Paper. Bibtex. Slides.
Acceptance rate: 25%, 23/92

Why is CSP Failing? Trends and Challenges in CSP Adoption
Michael Weissbacher, Tobias Lauinger, William Robertson
International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Gothenburg, Sweden, September 2014
Paper. Blog post about the paper. Bibtex. Slides.
Acceptance rate: 19.4%, 22/113

Theses

ZigZag – Hardening Web Applications against CSV Attacks
Masters Thesis. Vienna, Austria, August 2014
Paper.

Searching in Anubis Reports
Technical Report (Bachelors Thesis). Vienna, Austria, December 2011
Paper. Anubis project website.

Talks

Ex-Ray: Finding Browser Extensions That Spy on Your Browsing Habits
Michael Weissbacher
OWASP Boston Application Security Conference (BASC), Burlington, MA, USA, October 2017

Content Security Policy. How to Reap Benefits and Avoid Pitfalls
Michael Weissbacher
Paperlesspost, New York, NY, USA, November 2015

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Michael Weissbacher
Seminar On practical Security (SOS), Boston University, Boston, MA, USA, August 2015

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Michael Weissbacher
Office of Naval Research (ONR) meeting, Penn State ARL, Reston, VA, USA, June 2015

Why is CSP Failing? Trends and Challenges in CSP Adoption
Michael Weissbacher
OWASP Boston Application Security Conference (BASC), Cambridge, MA, USA, October 2014

Why is CSP Failing? Trends and Challenges in CSP Adoption
Michael Weissbacher
EURECOM Seminars, Antibes, France, September 2014

Press

  • Threatpost article regarding GMail and CSP. December 2014
  • Threatpost article on our CSP paper. July 2014

Trivia

Fun fact: a blog post from 2011 ended up in a book on memory forensics and multiple slide sets. Even today it is the most visited section of my website.