Typed and Confused: Studying the Unexpected Dangers of Gradual Typing
Dominic Troppmann, Aurore Fass, and Cristian-Alexandru Staicu
In IEEE/ACM International Conference on Automated Software Engineering (ASE), October 2024
Paper Code
Acceptance rate: 26% (155/587 full research papers)
Publications and Conference Talks
When Adversarial Perturbations meet Concept Drift: an Exploratory Analysis on ML-NIDS
Giovanni Apruzzese, Aurore Fass, and Fabio Pierazzi
In ACM AISec (CCS Workshop on Artificial Intelligence and Security), October 2024
Paper Code
Acceptance rate: 25% (18/72 full research papers)
Peeking through the window: Fingerprinting Browser Extensions through Page-Visible Execution Traces and Interactions
Shubham Agarwal, Aurore Fass, and Ben Stock
In ACM CCS, October 2024
Paper Code
Acceptance rate: 18% (129/710 full research papers, Cycle A)
What is in the Chrome Web Store? Investigating Security-Noteworthy Browser Extensions
Sheryl Hsu, Manda Tran, and Aurore Fass
In ACM AsiaCCS, July 2024
Paper Media coverage
Acceptance rate: 22% (65/301 full research papers)
Cloud Watching: Understanding Attacks Against Cloud-Hosted Services
Liz Izhikevich, Manda Tran, Michalis Kallitsis, Aurore Fass, and Zakir Durumeric
In ACM Internet Measurement Conference (IMC), October 2023
Paper
Acceptance rate: 25% (52/208 full research papers)
A World Wide View of Browsing the World Wide Web
Kimberly Ruth, Aurore Fass, Jonathan Azose, Mark Pearson, Emma Thomas, Caitlin Sadowski, and Zakir Durumeric
In ACM Internet Measurement Conference (IMC), October 2022
Paper
Acceptance rate: 26% (56/212 full research papers)
DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale
Aurore Fass, Doliere Francis Some, Michael Backes, and Ben Stock
In ACM CCS, November 2021
Paper Code Slides Teaser Recording Media coverage
Acceptance rate: 23% (131/564 full research papers, May cycle)
Statically Detecting JavaScript Obfuscation and Minification Techniques in the Wild
Marvin Moog, Markus Demmel, Michael Backes, and Aurore Fass
In Dependable Systems and Networks (DSN), June 2021
Paper Code Slides Recording
Acceptance rate: 16% (48/295 full research papers)
Studying JavaScript Security Through Static Analysis
Aurore Fass
In PhD Thesis, Saarland University, October 2020
Paper Summary Code
JStap: A Static Pre-Filter for Malicious JavaScript Detection
Aurore Fass, Michael Backes, and Ben Stock
In Annual Computer Security Applications Conference (ACSAC), December 2019
Paper Code Slides
Acceptance rate: 23% (60/266 full research papers)
HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs
Aurore Fass, Michael Backes, and Ben Stock
In ACM CCS, November 2019
Paper Code Slides Teaser Recording
Acceptance rate: 14% (32/225 full research papers, February cycle)
JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript
Aurore Fass, Robert Krawczyk, Michael Backes, and Ben Stock
In Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), June 2018
Paper Code
Acceptance rate: 32% (18/56 full research papers)
Additional Talks
Dos and Don’ts of Reviewing
- Nov 2024: Keynote at the Winter School, WinterHack 2024. Bochum, Germany. Slides
Browser Extension (In)Security
- Dec 2024: Spirals Seminar at Inria Lille. Lille, France. Slides
- Jun 2024: GDR Information Security. Rennes, France. Slides
DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale
- Nov 2023: Workshop at INRIA. Paris, France. Slides
- Jul 2022: Berkeley Security Seminar. Berkeley, CA, U.S.
- May 2022: RuhrSec. Bochum, Germany. Recording
- Apr 2022: Stanford Computer Forum – Security Workshop. Stanford, CA, U.S. Recording Slides
- Nov 2021: Stanford Security Lunch. Stanford, CA, U.S.
Studying JavaScript Security Through Static Analysis
- Apr 2024: PEPR Cyber – Project DefMal Webinar (France). Remote (extended version).
- Mar 2022: Palo Alto Networks (CA, U.S.). Remote (extended version).
- Jun 2021: Spirals Webinar at Inria Lille (France). Remote.
- May 2021: PhD Defense. Remote.
Statically Analyzing Malicious JavaScript in the Wild
- Mar 2021: Webinar at LORIA (France). Remote.
- Dec 2020: BINSEC Webinar at CEA (France). Remote.
HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs
- May 2020: RuhrSec. Remote. Recording
- Mar 2019: Grande Region Security and Reliability Day (GRSRD). Nancy, France.
- Feb 2019: MADWeb. San Diego, CA, U.S.
JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript
- Nov 2018: Blackhoodie. Berlin, Germany. Slides
- Jun 2018: Malware Meeting at LORIA. Nancy, France.
- Mar 2018: Grande Region Security and Reliability Day (GRSRD). Saarbruecken, Germany.
Automated Clustering of File Samples for the Detection of Malware Contained in Obfuscated Script-Code
- Jan 2018: Lecture at Hochschule Bonn-Rhein-Sieg. Sankt Augustin, Germany.
- Sep 2017: Master Thesis Defense at TELECOM Nancy. Nancy, France.
- Sep 2017: Talk at the German Federal Office for Information Security (BSI). Bonn, Germany.
- Jul 2017: Talk at genua. Muenchen, Germany.
- Jul 2017: Talk at CISPA. Saarbruecken, Germany.
Non-Academic Talks
- Sep 2021: Inspiring career path speech (~400 people) at TELECOM Nancy 30th anniversary (France). Remote.
- Dec 2017: Valedictorian speech (~500 people) at TELECOM Nancy graduation ceremony. Nancy, France.