Items where Author is "Stock, Ben"

Up a level
Export as [feed] Atom [feed] RSS 1.0 [feed] RSS 2.0
Group by: Item Type | No Grouping
Number of items: 43.

Conference or Workshop Item (A Paper)

Hantke, Florian and Calzavara, Stefano and Wilhelm, Moritz and Rabitti, Alvise and Stock, Ben
(2023) You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements.
In: ACM CCS 2023.
Conference: CCS ACM Conference on Computer and Communications Security

Blechschmidt, Birk and Stock, Ben
(2023) Extended Hell(o): A Comprehensive Large-Scale Study on Email Confidentiality and Integrity Mechanisms in the Wild.
In: USENIX Security Symposium.
Conference: USENIX-Security Usenix Security Symposium

Utz, Christine and Michels, Matthias and Degeling, Martin and Marnau, Ninja and Stock, Ben
(2023) Comparing Large-Scale Privacy and Security Notifications.
In: PETS 2023, July 10–15, 2023, Lausanne, Switzerland.
Conference: PETS Privacy Enhancing Technologies Symposium (was International Workshop of Privacy Enhancing Technologies)
(In Press)

Rautenstrauch, Jannis and Pellegrino, Giancarlo and Stock, Ben
(2023) The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web.
In: 44th IEEE Symposium on Security and Privacy.
Conference: SP IEEE Symposium on Security and Privacy

Wi, Seongil and Nguyen, Trung Tin and Kim, Jiwhan and Stock, Ben and Son, Sooel
(2023) DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing.
In: NDSS.
Conference: NDSS Network and Distributed System Security Symposium

Nguyen, Trung Tin and Backes, Michael and Stock, Ben
(2022) Freely Given Consent? Studying Consent Notice of Third-Party Tracking and Its Violations of GDPR in Android Apps.
In: The 29th ACM Conference on Computer and Communications Security (CCS), November 7-11, 2022, Los Angeles, U.S.A..
Conference: CCS ACM Conference on Computer and Communications Security
(In Press)

Hantke, Florian and Stock, Ben
(2022) HTML Violations and Where to Find Them: A Longitudinal Analysis of Specification Violations in HTML.
In: ACM Internet Measurement Conference.
Conference: IMC Internet Measurement Conference

Roth, Sebastian and Calzavara, Stefano and Wilhelm, Moritz and Rabitti, Alvise and Stock, Ben
(2022) The Security Lottery: Measuring Client-Side Web Security Inconsistencies.
In: 31st USENIX Security Symposium.
Conference: USENIX-Security Usenix Security Symposium

Klein, David and Barber, Thomas and Bensalim, Souphiane and Stock, Ben and Johns, Martin
(2022) Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions.
In: IEEE European Symposium on Security and Privacy.
Conference: EuroS&P IEEE European Symposium on Security and Privacy

Stolz, Peter and Roth, Sebastian and Stock, Ben
(2022) To hash or not to hash: A security assessment of CSP’s unsafe-hashes expression.
In: SecWeb Workshop, May 26, 2022, San Francisco.
Conference: IEEE SPW IEEE Symposium on Security and Privacy Workshops

Roth, Sebastian and Gröber, Lea and Backes, Michael and Krombholz, Katharina and Stock, Ben
(2021) 12 Angry Developers – A Qualitative Study on Developers’ Struggles with CSP.
In: ACM CCS 2021.
Conference: CCS ACM Conference on Computer and Communications Security

Fass, Aurore and Somé, Dolière Francis and Backes, Michael and Stock, Ben
(2021) DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale.
In: ACM CCS 2021.
Conference: CCS ACM Conference on Computer and Communications Security

Nguyen, Trung Tin and Backes, Michael and Marnau, Ninja and Stock, Ben
(2021) Share First, Ask Later (or Never?) - Studying Violations of GDPR's Explicit Consent in Android Apps.
In: USENIX Security Symposium.
Conference: USENIX-Security Usenix Security Symposium

Meiser, Gordon and Laperdrix, Pierre and Stock, Ben
(2021) Careful Who You Trust: Studying the Pitfalls of Cross-Origin Communication.
In: AsiaCCS 2021.
Conference: ASIACCS ACM ASIA Conference on Computer and Communications Security

Calzavara, Stefano and Urban, Tobias and Tatang, Dennis and Steffens, Marius and Stock, Ben
(2021) Reining in the Web's Inconsistencies with Site Policy.
In: Network and Distributed Systems Security (NDSS) Symposium 2021.
Conference: NDSS Network and Distributed System Security Symposium

Steffens, Marius and Musch, Marius and Johns, Martin and Stock, Ben
(2021) Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI.
In: Network and Distributed Systems Security (NDSS) Symposium 2021.
Conference: NDSS Network and Distributed System Security Symposium

Steffens, Marius and Stock, Ben
(2020) PMForce: Systematically Analyzing PostMessage Handlers at Scale.
In: ACM CCS 2020.
Conference: CCS ACM Conference on Computer and Communications Security

Calzavara, Stefano and Roth, Sebastian and Rabitti, Alvise and Backes, Michael and Stock, Ben
(2020) A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web.
In: Proceedings of the 29th USENIX Security Symposium.
Conference: USENIX-Security Usenix Security Symposium

Roth, Sebastian and Backes, Michael and Stock, Ben
(2020) Assessing the Impact of Script Gadgets on CSP at Scale.
In: AsiaCCS 2020.
Conference: ASIACCS ACM ASIA Conference on Computer and Communications Security

Roth, Sebastian and Barron, Timothy and Calzavara, Stefano and Nikiforakis, Nick and Stock, Ben
(2020) Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies.
In: NDSS 2020.
Conference: NDSS Network and Distributed System Security Symposium

Fass, Aurore and Backes, Michael and Stock, Ben
(2019) JStap: A Static Pre-Filter for Malicious JavaScript Detection.
In: Annual Computer Security Applications Conference (ACSAC 2019).
Conference: ACSAC Annual Computer Security Applications Conference

Fass, Aurore and Backes, Michael and Stock, Ben
(2019) HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs.
In: ACM Conference on Computer and Communications Security (CCS 2019).
Conference: CCS ACM Conference on Computer and Communications Security

Musch, Marius and Steffens, Marius and Roth, Sebastian and Stock, Ben and Johns, Martin
(2019) ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices.
In: AsiaCCS.
Conference: ASIACCS ACM ASIA Conference on Computer and Communications Security

Steffens, Marius and Rossow, Christian and Johns, Martin and Stock, Ben
(2019) Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.
In: NDSS Symposium 2019.
Conference: NDSS Network and Distributed System Security Symposium

Fass, Aurore and Krawczyk, Robert and Backes, Michael and Stock, Ben
(2018) JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript.
In: Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '18).
Conference: DIMVA GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Stock, Ben and Pellegrino, Giancarlo and Li, Frank and Backes, Michael and Rossow, Christian
(2018) Didn’t You Hear Me? — Towards More Successful Web Vulnerability Notifications.
In: Proceedings of the 25th Annual Symposium on Network and Distributed System Security (NDSS '18)..
Conference: NDSS Network and Distributed System Security Symposium

Backes, Michael and Rieck, Konrad and Skoruppa, Malte and Stock, Ben and Yamaguchi, Fabian
(2017) Efficient and Flexible Discovery of PHP Application Vulnerabilities.
In: Proceedings of the 2nd IEEE European Symposium on Security and Privacy (Euro S&P '17).
Conference: EuroS&P IEEE European Symposium on Security and Privacy

Stock, Ben and Johns, Martin and Steffens, Marius and Backes, Michael
(2017) How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security.
In: Proceedings of the 26th USENIX Security Symposium (USENIX Security '17).
Conference: USENIX-Security Usenix Security Symposium

Backes, Michael and Holz, Thorsten and Rossow, Christian and Rytilahti, Teemu and Simeonovski, Milivoj and Stock, Ben
(2016) On the Feasibility of TTL-based Filtering for DRDoS Mitigation.
In: RAID 2016, 19th International Symposium on Research in Attacks, Intrusions and Defenses.
Conference: RAID The International Symposium on Research in Attacks, Intrusions and Defenses (was International Symposium on Recent Advances in Intrusion Detection)

Stock, Ben and Pellegrino, Giancarlo and Rossow, Christian and Johns, Martin and Backes, Michael
(2016) Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification.
In: Proceedings of the 25th USENIX Security Symposium (USENIX Security '16).
Conference: USENIX-Security Usenix Security Symposium

Stock, Ben and Livshits, Benjamin and Zorn, Benjamin
(2016) Kizzle: A Signature Compiler for Detecting Exploit Kits.
In: The 46th Annual IEEE/IFIP Conference on Dependable Systems and Networks.
Conference: DSN IEEE/IFIP International Conference on Dependable Systems and Networks

Stock, Ben and Pellegrino, Giancarlo and Rossow, Christian and Johns, Martin and Backes, Michael
(2016) POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications.
In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016.
Conference: CCS ACM Conference on Computer and Communications Security

Stock, Ben and Kaiser, Bernd and Pfistner, Stephan and Lekies, Sebastian and Johns, Martin
(2015) From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting.
In: Proceedings of the 22nd ACM Conference on Computer and Communications Security.
Conference: CCS ACM Conference on Computer and Communications Security

Lekies, Sebastian and Stock, Ben and Wentzel, Martin and Johns, Martin
(2015) The Unexpected Dangers of Dynamic JavaScript.
In: 24th USENIX Security Symposium (USENIX Security 15).
Conference: USENIX-Security Usenix Security Symposium

Stock, Ben and Lekies, Sebastian and Mueller, Tobias and Spiegel, Patrick and Johns, Martin
(2014) Precise Client-side Protection against DOM-based Cross-Site Scripting.
In: 23rd USENIX Security Symposium (USENIX Security 14).
Conference: USENIX-Security Usenix Security Symposium

Stock, Ben and Lekies, Sebastian and Johns, Martin
(2014) DOM-basiertes Cross-Site Scripting im Web: Reise in ein unerforschtes Land.
In: Sicherheit.

Stock, Ben and Johns, Martin
(2014) Protecting Users Against XSS-based Password Manager Abuse.
In: Proceedings of the 9th ACM symposium on Information, computer and communications security.
Conference: CCS ACM Conference on Computer and Communications Security

Lekies, Sebastian and Stock, Ben and Johns, Martin
(2013) 25 Million Flows Later - Large-scale Detection of DOM-based XSS.
In: 20th ACM Conference on Computer and Communications Security Berlin 4.11.2013.
Conference: CCS ACM Conference on Computer and Communications Security

Johns, Martin and Lekies, Sebastian and Stock, Ben
(2013) Eradicating DNS Rebinding with the Extended Same-Origin Policy.
In: 22nd USENIX Security Symposium.
Conference: USENIX-Security Usenix Security Symposium

Stock, Ben and Goebel, Jan and Engelberth, Markus and Freiling, Felix C. and Holz, Thorsten
(2009) Walowdac-analysis of a peer-to-peer botnet.
In: Computer Network Defense (EC2ND), 2009 European Conference on.

Article

Di Tizio, Giorgio and Speicher, Patrick and Simeonovski, Milivoj and Backes, Michael and Stock, Ben and Künnemann, Robert
(2022) Pareto-Optimal Defenses for the Web Infrastructure: Theory and Practice.
ACM Transactions on Privacy and Security, 1 (1). ISSN 2471-2566

Thesis

Stock, Ben
(2013) Implementing low-level browser-based security functionality.
Masters thesis, UNSPECIFIED.

Stock, Ben
(2009) P2P-Botnetz-Analyse--Waledac.
Bachelors thesis, UNSPECIFIED.

This list was generated on Fri Mar 29 06:42:09 2024 CET.