Selected Publications
WWW 2023 All Your Shops Are Belong to Us: Security Weaknesses in E-commerce Platforms
USENIX Security 2023 "My Privacy for their Security": Employees' Privacy Perspectives and Expectations when using Enterprise Security Software
ACM CCS 2022 Hidden in Plain Sight: Exploring Encrypted Channels in Android Apps
ASIACRYPT 2022 Short-lived Zero-Knowledge Proofs and Signatures
WWW 2022 Et tu, Brute? Privacy Analysis of Government Websites and Mobile Apps
ASIACCS 2022 On Measuring Vulnerable JavaScript Functions in the Wild
FC 2021 Securing Email: a Stakeholder-based Analysis
ACSAC 2020 Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions
USENIX Security 2020 Chaperone: Real-time Locking and Loss Prevention for Smartphones
ISOC NDSS 2019 TEE-aided Write Protection Against Privileged Data Tampering
FC 2019 One-Time Programs made Practical
WWW 2018 SafeKeeper: Protecting Web Passwords using Trusted Execution Environments
CACM 2017 Bitcoin's Academic Pedigree
ACM CCS 2016 Hypnoguard: Protecting Secrets across Sleep-wake Cycles
IEEE TIFS 2016 Deceptive Deletion Triggers under Coercion
ISOC NDSS 2016 Killed by Proxy: Analyzing Client-end TLS Interception Software
ACM CCS 2015 Provisions: Privacy-preserving Proofs of Solvency for Bitcoin Exchanges
ACM TISSEC 2015 Large-Scale Evaluation of High-Impact Password Strength Meters
IEEE S&P 2015 Research Perspectives and Challenges for Bitcoin and Cryptocurrencies
IEEE TDSC 2014 Mobiflage: Deniable Storage Encryption for Mobile Devices
IEEE S&P 2013 SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements
FC 2012 CommitCoin: Carbon Dating Commitments with Bitcoin
ACM CCS 2011 Unicorn: Two-Factor Attestation for Data Security
USENIX Security 2010 Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy
Publications with CVE-IDs
On Detecting and Measuring Exploitable JavaScript Functions in Real-World Applications. Maryna Kluban, Mohammad Mannan, Amr Youssef. ACM Transactions on Privacy and Security (accepted Oct 2023).
- CVE-2021-44906 (CVSS base score: 9.8/10, Critical)
- CVE-2021-44908 (CVSS base score: 9.8/10, Critical)
- CVE-2022-37257 (CVSS base score: 9.8/10, Critical)
- CVE-2022-37258 (CVSS base score: 9.8/10, Critical)
- CVE-2022-37264 (CVSS base score: 9.8/10, Critical)
- CVE-2022-37265 (CVSS base score: 9.8/10, Critical)
- CVE-2022-37266 (CVSS base score: 9.8/10, Critical)
- CVE-2021-42581 (CVSS base score: 9.1/10, Critical)
- CVE-2021-43138 (CVSS base score: 7.8/10, High)
- CVE-2022-37259 (CVSS base score: 7.5/10, High)
- CVE-2022-37260 (CVSS base score: 7.5/10, High)
- CVE-2022-37262 (CVSS base score: 7.5/10, High)
All Your Shops Are Belong to Us: Security Weaknesses in E-commerce Platforms. Rohan Pagey, Mohammad Mannan, Amr Youssef. The Web Conference (WWW 2023), Apr 30 - May 4, 2023, Austin, TX, USA.
- CVE-2022-33077 (CVSS base score: 7.5/10, High)
- CVE-2019-25060 (CVSS base score: 5.3/10, Medium)
Security Weaknesses in IoT Management Platforms. Bhaskar Tejaswi, Mohammad Mannan, Amr Youssef. IEEE Internet of Things Journal, accepted June 2023.
- CVE-2022-31860 (CVSS base score: 9.8/10, Critical)
- CVE-2022-34020 (CVSS base score: 8.8/10, High)
- CVE-2022-35135 (CVSS base score: 8.8/10, High)
- CVE-2022-34022 (CVSS base score: 7.2/10, High)
- CVE-2022-35136 (CVSS base score: 6.5/10, Medium)
- CVE-2022-31861 (CVSS base score: 5.4/10, Medium)
- CVE-2022-35137 (CVSS base score: 5.4/10, Medium)
- CVE-2022-34021 (CVSS base score: 5.4/10, Medium)
- CVE-2022-35612 (CVSS base score: 5.4/10, Medium)
- CVE-2022-35134 (CVSS base score: 5.4/10, Medium)
- CVE-2022-35611 (CVSS base score: 4.3/10, Medium)
Silver Surfers on the Tech Wave: Privacy Analysis of Android Apps for the Elderly. Pranay Kapoor, Rohan Pagey, Mohammad Mannan, Amr Youssef. EAI International Conference on Security and Privacy in Communication Networks (SecureComm), Oct 17-19, 2022, Online.
- CVE-2022-30083 (CVSS base score: 9.8/10, Critical)
SAUSAGE: Security Analysis of Unix domain Socket usAGE in Android. Mounir Elgharabawy, Blas Kojusner, M. Mannan, Kevin R. B. Butler, Byron Williams, and A. Youssef. IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2022), June 6-10, 2022, Genoa, Italy.
- CVE-2021-25461 (CVSS base score: 7.8/10, High)