Publications

ACE: A Security Architecture for LLM-Integrated App Systems. Evan Li, Tushin Mallick, Evan Rose, William Robertson, Alina Oprea, and Cristina Nita-Rotaru. Proceedings of the ISOC Network and Distributed System Security Symposium. February 2026.
Target-Centric Firmware Rehosting With Penguin. Andrew Fasano, Zachary Estrada, Luke Craig, Ben Levy, Jordan McLeod, Jacques Becker, Caden Kline, Elysia Witham, Cole DiLorenzo, Ali Bobi, Dinko Dermendzhiev, Tim Leek, and William Robertson. Proceedings of the Workshop on Binary Analysis Research. February 2025.
A Viewpoint: Safer Heaps With Practical Architectural Security Primitives. William Robertson, and Manuel Egele. IEEE Security & Privacy, 22(4). July 2024.
Hypervisor Dissociative Execution: Programming Guests for Monitoring, Management, and Security. Andrew Fasano, Zak Estrada, Tim Leek, and William Robertson. Proceedings of the Annual Computer Security Applications Conference. January 2024.
Black-Box Attacks Against Neural Binary Function Detection. Joshua Bundt, Michael Davinroy, Ioannis Agadakos, Alina Oprea, and William Robertson. Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses. September 2023.
ThreadLock: Native Principal Isolation Through Memory Protection Keys. William Blair, William Robertson, and Manuel Egele. Proceedings of the ACM Asia Conference on Computer and Communications Security. July 2023.
HotFuzz: Discovering Temporal and Spatial Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing. William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, and Manuel Egele. ACM Transactions on Privacy and Security, 25(4). November 2022.
MPKAlloc: Efficient Heap Meta-Data Integrity Through Hardware Memory Protection Keys. William Blair, William Robertson, and Manuel Egele. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. January 2022.
Bypassing Memory Safety Mechanisms Through Speculative Control Flow Hijacks. Andrea Mambretti, Alexandra Sandulescu, Alessandro Sorniotti, William Robertson, Engin Kirda, and Anil Kurmus. Proceedings of the IEEE European Symposium on Security and Privacy. September 2021.
SoK: Enabling Security Analyses of Embedded Systems via Rehosting. Andrew Fasano, Tiemoko Ballo, Marius Muench, Tim Leek, Alexander Bulekov, Brendan Dolan-Gavitt, Manuel Egele, Aurélien Francillon, Long Lu, Nick Gregory, Davide Balzarotti, and William Robertson. Proceedings of the ACM Asia Conference on Computer and Communications Security. May 2021.
Evaluating Synthetic Bugs. Joshua Bundt, Andrew Fasano, Brendan Dolan-Gavitt, William Robertson, and Tim Leek. Proceedings of the ACM Asia Conference on Computer and Communications Security. January 2021.
PyPANDA: Taming the PANDAmonium of Whole System Dynamic Analysis. Luke Craig, Andrew Fasano, Tiemoko Ballo, Tim Leek, Brendan Dolan-Gavitt, and William Robertson. Proceedings of the Workshop on Binary Analysis Research. January 2021.
Cached and Confused: Web Cache Deception in the Wild. Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. Proceedings of the USENIX Security Symposium. August 2020.
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing. William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, and Manuel Egele. Proceedings of the ISOC Network and Distributed System Security Symposium. February 2020.
What's in an Exploit? an Empirical Analysis of Reflected Server XSS Exploitation Techniques. Ahmet Salih Buyukkayhan, Can Gemicioglu, Tobias Lauinger, Alina Oprea, William Robertson, and Engin Kirda. Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses. January 2020.
Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations. Andrea Mambretti, Matthias Neugschwandtner, Alessandro Sorniotti, Engin Kirda, William Robertson, and Anil Kurmus. Proceedings of the Annual Computer Security Applications Conference. December 2019.
A Longitudinal Analysis of the Ads.txt Standard. Muhammad Ahmad Bashir, Sajjad Arshad, Engin Kirda, William Robertson, and Christo Wilson. Proceedings of the Internet Measurement Conference. October 2019.
It's Not What It Looks Like: Measuring Attacks and Defensive Registrations of Homograph Domains. Florian Quinkert, Tobias Lauinger, William Robertson, Engin Kirda, and Thorsten Holz. Proceedings of the IEEE Conference on Communications and Network Security. June 2019.
USBESAFE: An End-Point Solution to Protect Against USB-Based Attacks. Amin Kharraz, Brandon L Daley, Graham Z Baker, William Robertson, and Engin Kirda. Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses. January 2019.
Clustering and the Weekend Effect: Recommendations for the Use of Top Domain Lists in Security Research. Walter Rweyemamu, Tobias Lauinger, Christo Wilson, William Robertson, and Engin Kirda. Proceedings of the International Conference on Passive and Active Measurement. January 2019.
Getting Under Alexa’s Umbrella: Infiltration Attacks Against Internet Top Domain Lists. Walter Rweyemamu, Tobias Lauinger, Christo Wilson, William Robertson, and Engin Kirda. Proceedings of the International Conference on Information Security. January 2019.
On the Effectiveness of Type-Based Control Flow Integrity. Reza Mirzazade Farkhani, Saman Jafari, Sajjad Arshad, William Robertson, Engin Kirda, and Hamed Okhravi. Proceedings of the Annual Computer Security Applications Conference. December 2018.
How Tracking Companies Circumvented Ad Blockers Using WebSockets. Muhammad Ahmad Bashir, Sajjad Arshad, Engin Kirda, William Robertson, and Christo Wilson. Proceedings of the Internet Measurement Conference. October 2018.
Surveylance: Automatically Detecting Online Survey Scams. A. Kharraz, W. Robertson, and E. Kirda. Proceedings of the IEEE Symposium on Security and Privacy. May 2018.
Eraser: Your Data Won't Be Back. Kaan Onarlioglu, William Robertson, and Engin Kirda. Proceedings of the IEEE European Symposium on Security and Privacy. April 2018.
Large-Scale Analysis of Style Injection by Relative Path Overwrite. Sajjad Arshad, Seyed Ali Mirheidari, Tobias Lauinger, Bruno Crispo, Engin Kirda, and William Robertson. Proceedings of the Web Conference. January 2018.
From Deletion to Re-Registration in Zero Seconds: Domain Registrar Behaviour During the Drop. Tobias Lauinger, Ahmet S Buyukkayhan, Abdelberi Chaabane, William Robertson, and Engin Kirda. Proceedings of the ACM Internet Measurement Conference. January 2018.
Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions. Sajjad Arshad, Amin Kharraz, and William Robertson. Proceedings of the International Conference on Financial Cryptography and Data Security. January 2017.
Lens on the Endpoint: Hunting for Malicious Software Through Endpoint Data Analysis. Ahmet Salih Buyukkayhan, Alina Oprea, Zhou Li, and William Robertson. Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses. January 2017.
CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, and Engin Kirda. Proceedings of the International Conference on Financial Cryptography and Data Security. January 2017.
Semi-Automated Discovery of Server-Based Information Oversharing Vulnerabilities in Android Applications. William Koch, Abdelberi Chaabane, Manuel Egele, William Robertson, and Engin Kirda. Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis. January 2017.
Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers. Tobias Lauinger, Abdelberi Chaabane, Ahmet Salih Buyukkayhan, Kaan Onarlioglu, and William Robertson. Proceedings of the USENIX Security Symposium. January 2017.
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. Proceedings of the ISOC Network and Distributed System Security Symposium. January 2017.
Ex-Ray: Detection of History-Leaking Browser Extensions. Michael Weissbacher, Enrico Mariconti, Guillermo Suarez-Tangil, Gianluca Stringhini, William Robertson, and Engin Kirda. Proceedings of the Annual Computer Security Applications Conference. January 2017.
WHOIS Lost in Translation: (Mis)Understanding Domain Name Expiration and Re-Registration. Tobias Lauinger, Kaan Onarlioglu, Abdelberi Chaabane, William Robertson, and Engin Kirda. Proceedings of the Internet Measurement Conference. November 2016.
EmailProfiler: Spearphishing Filtering With Header and Stylometric Features of Emails. Sevtap Duman, Kubra Kalkan-Cakmakci, Manuel Egele, William Robertson, and Engin Kirda. Proceedings of the Annual Computer Software and Applications Conference (COMPSAC). June 2016.
Overhaul: Input-Driven Access Control for Better Privacy on Traditional Operating Systems. Kaan Onarlioglu, William Robertson, and Engin Kirda. Proceedings of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). June 2016.
LAVA: Large-Scale Automated Vulnerability Addition. Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Timothy Leek, Andrea Mambretti, William Robertson, Frederick Ulrich, and Ryan Whelan. Proceedings of the IEEE Symposium on Security and Privacy. May 2016.
TriggerScope: Towards Detecting Logic Bombs in Android Applications. Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. Proceedings of the IEEE Symposium on Security and Privacy. May 2016.
Identifying Extension-Based Ad Injection via Fine-Grained Web Content Provenance. Sajjad Arshad, Amin Kharraz, and William Robertson. Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses. January 2016.
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads. Muhammad Ahmad Bashir, Sajjad Arshad, Christo Wilson, and William Robertson. Proceedings of the USENIX Security Symposium. January 2016.
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. Amin Kharraz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. Proceedings of the USENIX Security Symposium. January 2016.
Trellis: Privilege Separation for Multi-User Applications Made Easy. Andrea Mambretti, Kaan Onarlioglu, Collin Mulliner, William Robertson, Engin Kirda, Federico Maggi, and Stefano Zanero. Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses. January 2016.
Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices. Matthias Neugschwandtner, Collin Mulliner, William Robertson, and Engin Kirda. Proceedings of the International Conference on Trust and Trustworthy Computing. January 2016.
CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities. Ahmet Salih Buyukkayhan, Kaan Onarlioglu, William Robertson, and Engin Kirda. Proceedings of the ISOC Network and Distributed System Security Symposium. January 2016.
SENTINEL: Securing Legacy Firefox Extensions. Kaan Onarlioglu, Ahmet Salih Buyukkayhan, William Robertson, and Engin Kirda. Computers & Security, 49(). March 2015.
On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users. Yanick Fratantonio, Antonio Bianchi, William Robertson, Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. Proceedings of the Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. January 2015.
Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks. Amin Kharraz, William Robertson, Davide Balzarotti, Leyla Bilge, and Engin Kirda. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. January 2015.
BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications. Ahmet Talha Ozcan, Can Gemicioglu, Kaan Onarlioglu, Michael Weissbacher, Collin Mulliner, William Robertson, and Engin Kirda. Proceedings of the International Conference on Financial Cryptography and Data Security. January 2015.
ZigZag: Automatically Hardening Web Applications Against Client-Side Validation Vulnerabilities. Michael Weissbacher, William Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. Proceedings of the USENIX Security Symposium. January 2015.
TrueClick: Automatically Distinguishing Trick Banners From Genuine Download Links. Sevtap Duman, Kaan Onarlioglu, Ali Osman Ulusoy, William Robertson, and Engin Kirda. Proceedings of the Annual Computer Security Applications Conference. December 2014.
Optical Delusions: A Study of Malicious QR Codes in the Wild. Amin Kharraz, Engin Kirda, William Robertson, Davide Balzarotti, and Aurelien Francillon. Proceedings of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks. June 2014.
VirtualSwindle: An Automated Attack Against In-App Billing on Android. Collin Mulliner, William Robertson, and Engin Kirda. Proceedings of the ACM Asia Symposium on Information, Computer and Communications Security. June 2014.
Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces. Collin Mulliner, William Robertson, and Engin Kirda. Proceedings of the IEEE Symposium on Security and Privacy. May 2014.
Why Is CSP Failing? Trends and Challenges in CSP Adoption. Michael Weissbacher, Tobias Lauinger, and William Robertson. Research in Attacks, Intrusions and Defenses. January 2014.
PatchDroid: Scalable Third-Party Security Patches for Android Devices. Collin Mulliner, Jon Oberheide, William Robertson, and Engin Kirda. Proceedings of the Annual Computer Security Applications Conference. December 2013.
Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks. Ting-Fang Yen, Alina Oprea, Kaan Onarlioglu, Todd Leetham, William Robertson, Ari Juels, and Engin Kirda. Proceedings of the Annual Computer Security Applications Conference. December 2013.
PrivExec: Private Execution as an Operating System Service. Kaan Onarlioglu, Collin Mulliner, William Robertson, and Engin Kirda. Proceedings of the IEEE Symposium on Security and Privacy. May 2013.
A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication. Aldo Cassola, William Robertson, Engin Kirda, and Guevara Noubir. Proceedings of the ISOC Network and Distributed System Security Symposium. January 2013.
Holiday Pictures or Blockbuster Movies? Insights Into Copyright Infringement in User Uploads to One-Click File Hosters. Tobias Lauinger, Kaan Onarlioglu, Abdelberi Chaabane, Engin Kirda, William Robertson, and Mohamed Ali Kaafar. Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses. January 2013.
Securing Legacy Firefox Extensions With SENTINEL. Kaan Onarlioglu, Mustafa Battal, William Robertson, and Engin Kirda. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. January 2013.
TRESOR-HUNT: Attacking CPU-Bound Encryption. Erik-Oliver Blass, and William Robertson. Proceedings of the Annual Computer Security Applications Conference. December 2012.
Preventing Input Validation Vulnerabilities in Web Applications Through Automated Type Analysis. Theodoor Scholte, William Robertson, Davide Balzarotti, and Engin Kirda. Proceedings of the IEEE Computer Software and Applications Conference. July 2012.
An Empirical Analysis of Input Validation Mechanisms in Web Applications and Languages. Theodoor Scholte, William Robertson, Davide Balzarotti, and Engin Kirda. Proceedings of the Annual ACM Symposium on Applied Computing. March 2012.
Disclosure: Detecting Botnet Command and Control Servers Through Large-Scale NetFlow Analysis. Leyla Bilge, Davide Balzarotti, William Robertson, Engin Kirda, and Christopher Kruegel. Proceedings of the Annual Computer Security Applications Conference. January 2012.
An Experience in Testing the Security of Real-World Electronic Voting Systems. Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, Richard Kemmerer, William Robertson, Fredrik Valeur, and Giovanni Vigna. IEEE Transactions on Software Engineering, 36(4). July 2010.
Effective Anomaly Detection With Scarce Training Data. William K. Robertson, F. Maggi, C. Krügel, and G. Vigna. Proceedings of the ISOC Network and Distributed System Security Symposium. January 2010.
Reducing Errors in the Anomaly-Based Detection of Web-Based Attacks Through the Combined Analysis of Web Requests and SQL Queries. Giovanni Vigna, Fredrik Valeur, Davide Balzarotti, William Robertson, Christopher Kruegel, and Engin Kirda. Journal of Computer Security, 17(3). April 2009.
Protecting a Moving Target: Addressing Web Application Concept Drift. Federico Maggi, William Robertson, Christopher Kruegel, and Giovanni Vigna. Proceedings of the International Symposium on Recent Advances in Intrusion Detection. January 2009.
Static Enforcement of Web Application Integrity Through Strong Typing. William Robertson, and Giovanni Vigna. Proceedings of the USENIX Security Symposium. January 2009.
Are Your Votes Really Counted? Testing the Security of Real-World Electronic Voting Systems. Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, Richard Kemmerer, William Robertson, Fredrik Valeur, and Giovanni Vigna. Proceedings of the International Symposium on Software Testing and Analysis. January 2008.
Improving Signature Testing Through Dynamic Data Flow Analysis. Christopher Kruegel, Davide Balzarotti, William Robertson, and Giovanni Vigna. Proceedings of the Annual Computer Security Applications Conference. December 2007.
Exploiting Execution Context for the Detection of Anomalous System Calls. Darren Mutz, William Robertson, Giovanni Vigna, and Richard Kemmerer. Proceedings of the International Symposium on Recent Advances in Intrusion Detection. September 2007.
Polymorphic Worm Detection Using Structural Information of Executables. Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, and Giovanni Vigna. Proceedings of the International Symposium on Recent Advances in Intrusion Detection. January 2006.
Using Generalization and Characterization Techniques in the Anomaly-Based Detection of Web Attacks. William Robertson, Giovanni Vigna, Christopher Kruegel, and Richard A Kemmerer. Proceedings of the ISOC Network and Distributed System Security Symposium. January 2006.
A Multi-Model Approach to the Detection of Web-Based Attacks. Christopher Kruegel, Giovanni Vigna, and William Robertson. Computer Networks, 48(5). August 2005.
Automating Mimicry Attacks Using Static Binary Analysis. Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, and Giovanni Vigna. Proceedings of the USENIX Security Symposium. January 2005.
Reverse Engineering of Network Signatures. Darren Mutz, Christopher Kruegel, William Robertson, Giovanni Vigna, and Richard Kemmerer. Proceedings of the AusCERT Cyber Security Conference. January 2005.
Using Alert Verification to Identify Successful Intrusion Attempts. Christopher Kruegel, William Robertson, and Giovanni Vigna. PIK - Praxis der Informationsverarbeitung und Kommunikation, 27(4). December 2004.
Testing Network-Based Intrusion Detection Signatures Using Mutant Exploits. Giovanni Vigna, William Robertson, and Davide Balzarotti. Proceedings of the ACM Conference on Computer and Communications Security. October 2004.
Alert Veriﬁcation Determining the Success of Intrusion Attempts. Christopher Kruegel, and William Robertson. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. January 2004.
Detecting Kernel-Level Rootkits Through Binary Analysis. Christopher Kruegel, William Robertson, and Giovanni Vigna. Proceedings of the Annual Computer Security Applications Conference. January 2004.
Static Disassembly of Obfuscated Binaries. Christopher Kruegel, William Robertson, Fredrik Valeur, and Giovanni Vigna. Proceedings of the USENIX Security Symposium. January 2004.
Topology-Based Detection of Anomalous BGP Messages. Christopher Kruegel, Darren Mutz, William Robertson, and Fredrik Valeur. Proceedings of the International Symposium on Recent Advances in Intrusion Detection. January 2003.
Run-Time Detection of Heap-Based Overflows. William Robertson, Christopher Kruegel, Darren Mutz, and Fredrik Valeur. Proceedings of the USENIX Large Installation Systems Administration Conference. January 2003.
A Stateful Intrusion Detection System for World-Wide Web Servers. Giovanni Vigna, William Robertson, Vishal Kher, and Richard A. Kemmerer. Proceedings of the Annual Computer Security Applications Conference. January 2003.