Cloud Watching: Understanding Attacks Against Cloud-Hosted Services
Liz Izhikevich, Manda Tran, Michalis Kallitsis, Aurore Fass, and Zakir Durumeric
In ACM Internet Measurement Conference (IMC), October 2023
Paper
Acceptance rate: 25% (52/208 full research papers)
Publications and Conference Talks
A World Wide View of Browsing the World Wide Web
Kimberly Ruth, Aurore Fass, Jonathan Azose, Mark Pearson, Emma Thomas, Caitlin Sadowski, and Zakir Durumeric
In ACM Internet Measurement Conference (IMC), October 2022
Paper
Acceptance rate: 26% (56/212 full research papers)
DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale
Aurore Fass, Doliere Francis Some, Michael Backes, and Ben Stock
In ACM CCS, November 2021
Paper Code Slides Teaser Recording
Acceptance rate: 23% (131/564 full research papers, May cycle)
Statically Detecting JavaScript Obfuscation and Minification Techniques in the Wild
Marvin Moog, Markus Demmel, Michael Backes, and Aurore Fass
In Dependable Systems and Networks (DSN), June 2021
Paper Code Slides Recording
Acceptance rate: 16% (48/295 full research papers)
Studying JavaScript Security Through Static Analysis
Aurore Fass
In PhD Thesis, Saarland University, October 2020
Paper Summary Code
JStap: A Static Pre-Filter for Malicious JavaScript Detection
Aurore Fass, Michael Backes, and Ben Stock
In Annual Computer Security Applications Conference (ACSAC), December 2019
Paper Code Slides
Acceptance rate: 23% (60/266 full research papers)
HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs
Aurore Fass, Michael Backes, and Ben Stock
In ACM CCS, November 2019
Paper Code Slides Teaser Recording
Acceptance rate: 14% (32/225 full research papers, February cycle)
JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript
Aurore Fass, Robert Krawczyk, Michael Backes, and Ben Stock
In Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), June 2018
Paper Code
Acceptance rate: 32% (18/56 full research papers)
Additional Talks
DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale
- Nov 2023: Workshop at INRIA. Paris, France. Slides
- Jul 2022: Berkeley Security Seminar. Berkeley, CA, U.S.
- May 2022: RuhrSec. Bochum, Germany. Recording
- Apr 2022: Stanford Computer Forum – Security Workshop. Stanford, CA, U.S. Recording Slides
- Nov 2021: Stanford Security Lunch. Stanford, CA, U.S.
Studying JavaScript Security Through Static Analysis
- Mar 2022: Palo Alto Networks (CA, U.S.). Remote. (extended version)
- Jun 2021: Spirals Webinar at Inria Lille (France). Remote.
- May 2021: PhD Defense. Remote.
Statically Analyzing Malicious JavaScript in the Wild
- Mar 2021: Webinar at LORIA (France). Remote.
- Dec 2020: BINSEC Webinar at CEA (France). Remote.
HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs
- May 2020: RuhrSec. Remote. Recording
- Mar 2019: Grande Region Security and Reliability Day (GRSRD). Nancy, France.
- Feb 2019: MADWeb. San Diego, CA, U.S.
JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript
- Nov 2018: Blackhoodie. Berlin, Germany. Slides
- Jun 2018: Malware Meeting at LORIA. Nancy, France.
- Mar 2018: Grande Region Security and Reliability Day (GRSRD). Saarbruecken, Germany.
Automated Clustering of File Samples for the Detection of Malware Contained in Obfuscated Script-Code
- Jan 2018: Lecture at Hochschule Bonn-Rhein-Sieg. Sankt Augustin, Germany.
- Sep 2017: Master Thesis Defense at TELECOM Nancy. Nancy, France.
- Sep 2017: Talk at the German Federal Office for Information Security (BSI). Bonn, Germany.
- Jul 2017: Talk at genua. Muenchen, Germany.
- Jul 2017: Talk at CISPA. Saarbruecken, Germany.
Non-Academic Talks
- Sep 2021: Inspiring career path speech (~400 people) at TELECOM Nancy 30th anniversary (France). Remote.
- Dec 2017: Valedictorian speech (~500 people) at TELECOM Nancy graduation ceremony. Nancy, France.