Madiba Security Research Group

Concordia Institute for Information Systems Engineering
Faculty of Engineering and Computer Science

Full publications list:      M. Mannan    J. Clark   
List of CVEs:      CVEs   

Selected Publications

WWW 2023 All Your Shops Are Belong to Us: Security Weaknesses in E-commerce Platforms
USENIX Security 2023 "My Privacy for their Security": Employees' Privacy Perspectives and Expectations when using Enterprise Security Software
ACM CCS 2022 Hidden in Plain Sight: Exploring Encrypted Channels in Android Apps
WWW 2022 Et tu, Brute? Privacy Analysis of Government Websites and Mobile Apps
ASIACCS 2022 On Measuring Vulnerable JavaScript Functions in the Wild
ACSAC 2020 Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions
USENIX Security 2020 Chaperone: Real-time Locking and Loss Prevention for Smartphones
ISOC NDSS 2019 TEE-aided Write Protection Against Privileged Data Tampering
FC 2019 One-Time Programs made Practical
WWW 2018 SafeKeeper: Protecting Web Passwords using Trusted Execution Environments
ACM CCS 2016 Hypnoguard: Protecting Secrets across Sleep-wake Cycles
IEEE TIFS 2016 Deceptive Deletion Triggers under Coercion
ISOC NDSS 2016 Killed by Proxy: Analyzing Client-end TLS Interception Software
ACM CCS 2015 Provisions: Privacy-preserving Proofs of Solvency for Bitcoin Exchanges
ACM TISSEC 2015 Large-Scale Evaluation of High-Impact Password Strength Meters
IEEE S&P 2015 Research Perspectives and Challenges for Bitcoin and Cryptocurrencies
IEEE TDSC 2014 Mobiflage: Deniable Storage Encryption for Mobile Devices
IEEE S&P 2013 SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements
FC 2012 CommitCoin: Carbon Dating Commitments with Bitcoin
ACM CCS 2011 Unicorn: Two-Factor Attestation for Data Security
USENIX Security 2010 Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy

Publications with CVE-IDs

On Detecting and Measuring Exploitable JavaScript Functions in Real-World Applications. Maryna Kluban, Mohammad Mannan, Amr Youssef. ACM Transactions on Privacy and Security (accepted Oct 2023).
All Your Shops Are Belong to Us: Security Weaknesses in E-commerce Platforms. Rohan Pagey, Mohammad Mannan, Amr Youssef. The Web Conference (WWW 2023), Apr 30 - May 4, 2023, Austin, TX, USA.
Security Weaknesses in IoT Management Platforms. Bhaskar Tejaswi, Mohammad Mannan, Amr Youssef. IEEE Internet of Things Journal, accepted June 2023.
Silver Surfers on the Tech Wave: Privacy Analysis of Android Apps for the Elderly. Pranay Kapoor, Rohan Pagey, Mohammad Mannan, Amr Youssef. EAI International Conference on Security and Privacy in Communication Networks (SecureComm), Oct 17-19, 2022, Online.
SAUSAGE: Security Analysis of Unix domain Socket usAGE in Android. Mounir Elgharabawy, Blas Kojusner, M. Mannan, Kevin R. B. Butler, Byron Williams, and A. Youssef. IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2022), June 6-10, 2022, Genoa, Italy.