Publications

Bibtex Citation

@inproceedings{ BURSZTEIN2007A,title = {A logical framework for evaluating network resilience against faults and attacks},author = {"Elie, Bursztein" and "Jean, Goubault-Larrecq"},booktitle = {12th Asian Computing Science Conference},year = {2007},organization = {Springer}}/n@inproceedings{ THOMAS2015AD,title = {Ad injection at scale: assessing deceptive advertisement modifications},author = {"Kurt, Thomas" and "Elie, Bursztein" and "Chris, Grier" and "Grant, Ho" and "Nav, Jagpal" and "Alexandros, Kapravelos" and "Damon, McCoy" and "Antonio, Nappa" and "Vern, Paxson" and "Paul, Pearce" and "Niels, Provos" and "Moheeb, Abu Rajab"},booktitle = {Security and Privacy},year = {2015},organization = {IEEE}}/n@inproceedings{ AGGARWAL2010AN,title = {An analysis of private browsing modes in modern browsers},author = {"Gaurav, Aggarwal" and "Elie, Bursztein" and "Collin, Jackson" and "Dan, Boneh"},booktitle = {Usenix Security},year = {2010},organization = {Usenix}}/n@inproceedings{ RYDSTEDT2010BUSTING,title = {Busting frame busting a study of clickjacking vulnerabilities on popular sites},author = {"Gustav, Rydstedt" and "Elie, Bursztein" and "Dan, Boneh" and "Collin, Jackson"},booktitle = {Web 2.0 Security and Privacy},year = {2010},organization = {IEEE}}/n@inproceedings{ TEJA PEDDINTI2014CLOAK,title = {Cloak and swagger: understanding data sensitivity through the lens of user anonymity},author = {"Sai, Teja Peddinti" and "Aleksandra, Korolova" and "Elie, Bursztein" and "Geetanjali, Sampemane"},booktitle = {Security And Privacy},year = {2014},organization = {IEEE}}/n@inproceedings{ INVERNIZZI2016CLOAK,title = {Cloak of visibility: detecting when machines browse a different web},author = {"Luca, Invernizzi" and "Kurt, Thomas" and "Alexandros, Kapravelos" and "Oxana, Comanescu" and "Jean-Michel, Picod" and "Elie, Bursztein"},booktitle = {Security and Privacy},year = {2016},organization = {IEEE}}/n@inproceedings{ THOMAS2017DATA,title = {Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials},author = {"Kurt, Thomas" and "Frank, Li" and "Ali, Zand" and "Jacob, Barrett" and "Juri, Ranieri" and "Luca, Invernizzi" and "Yarik, Markov" and "Oxana, Comanescu" and "Vijay, Eranti" and "Angelika, Moscicki" and "Daniel, Margolis" and "Vern, Paxson" and "Elie, Bursztein"},booktitle = {Computer and Communications Security},year = {2017},organization = {ACM}}/n@inproceedings{ KARUNAKARAN2018DATA,title = {Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data},author = {"Sowmya, Karunakaran" and "Kurt, Thomas" and "Elie, Bursztein" and "Oxana, Comanescu"},booktitle = {Symposium on Usable Security and Privacy},year = {2018},organization = {Usenix}}/n@inproceedings{ BURSZTEIN2009DECAPTCHA,title = {Decaptcha breaking 75% of ebay audio captchas},author = {"Elie, Bursztein" and "Steven, Bethard"},booktitle = {3rd USENIX Workshop On Offensive Technologies},year = {2009},organization = {Usenix}}/n@inproceedings{NANDESIGNING,title = {Designing Toxic Content Classification for a Diversity of Perspectives},author = {"Deepak Kumar" and "Patrick Gage Kelley" and "Sunny Consolvo" and "Joshua Mason" and "Elie Bursztein" and "Zakir Durumeric" and "Kurt Thomas" and "Michael Bailey"},booktitle = {SOUPS},year = {2021},organization = {Usenix}}/n@inproceedings{ THOMAS2014DIALING,title = {Dialing back abuse on phone verified accounts},author = {"Kurt, Thomas" and "Dmytro, Latskiv" and "Elie, Bursztein" and "Tadek, Pietraszek" and "Chris, Grier" and "Damon, McCoy"},booktitle = {Conference on Computer and Communications Security},year = {2014},organization = {AMC}}/n@inproceedings{ BURSZTEIN2014EASY,title = {Easy does it: more usable captchas},author = {"Elie, Bursztein" and "Angelika, Moscicki" and "Celine, Fabry" and "Steven, Bethard" and "John C., Mitchell" and "Dan, Jurafsky"},booktitle = {Conference on Human Factors in Computing Systems},year = {2014},organization = {ACM}}/n@inproceedings{ BURSZTEIN2008EXTENDING,title = {Extending anticipation games with location penalty and timeline},author = {"Elie, Bursztein"},booktitle = {Revised Selected Papers of the 5th International Workshop on Formal Aspects in Security and Trust},year = {2008},organization = {IEEE}}/n@inproceedings{ RYDSTEDT2010FRAMING,title = {Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks},author = {"Gustav, Rydstedt" and "Baptiste, Gourdin" and "Elie, Bursztein" and "Dan, Boneh"},booktitle = {Workshop On Offensive Technologies},year = {2010},organization = {Usenix}}/n@inproceedings{ THOMAS2015FRAMING,title = {Framing dependencies introduced by underground commoditization},author = {"Kurt, Thomas" and "Danny, Huang" and "David, Wang" and "Elie, Bursztein" and "Chris, Grier" and "Thomas J., Holt" and "Christopher, Kruegel" and "Damon, McCoy" and "Stefan, Savage" and "Giovanni, Vigna"},booktitle = {Workshop on Economics of Information Security},year = {2015},organization = {WEIS}}/n@inproceedings{NANGENERALIZED,title = {Generalized Power Attacks against Crypto Hardware using Long-Range Deep Learning},author = {"Elie Bursztein" and "Luca Invernizzi" and "Karel Král" and "Daniel Moghimi" and "Jean-Michel Picod" and "Marina Zhang"},booktitle = {Cryptographic Hardware and Embedded Systems},year = {2024},organization = {ICAR}}/n@inproceedings{ BURSZTEIN2014HANDCRAFTED,title = {Handcrafted fraud and extortion: manual account hijacking in the wild},author = {"Elie, Bursztein" and "Borbala, Benko" and "Daniel, Margolis" and "Tadek, Pietraszek" and "Andy, Archer" and "Allan, Aquino" and "Andreas, Pitsillidis" and "Stefan, Savage"},booktitle = {Internet Measurement Conference},year = {2014},organization = {AMC}}/n@inproceedings{ BURSZTEIN2010HOW,title = {How good are humans at solving captchas a large scale evaluation},author = {"Elie, Bursztein" and "Steven, Bethard" and "Celine, Fabry" and "Dan, Jurafsky" and "John C., Mitchell"},booktitle = {Security and Privacy},year = {2010},organization = {IEEE}}/n@inproceedings{NANHYBRID,title = {Hybrid Post-Quantum Signatures in Hardware Security Keys},author = {"Diana Ghinea" and "Fabian Kaczmarczyck" and "Jennifer Pullman" and "Julien Cretin" and "Stefan Kolbl" and "Rafael Misoczki" and "Jean-Michel Picod" and "Luca Invernizzi" and "Elie Bursztein"},booktitle = {International Conference on Applied Cryptography and Network Security},year = {2023},organization = {Spring}}/n@inproceedings{ BURSZTEIN2016I,title = {I am a legend hacking hearthstone using statistical learning methods},author = {"Elie, Bursztein"},booktitle = {Computational Intelligence and Games conference},year = {2016},organization = {IEEE}}/n@inproceedings{ THOMAS2016INVESTIGATING,title = {Investigating commercial pay-per-install and the distribution of unwanted software},author = {"Kurt, Thomas" and "Juan A. Elices, Crespo" and "Ryan, Rasti" and "Jean-Michel, Picod" and "Cait, Phillips" and "Marc-Andre, Decoste" and "Chris, Sharp" and "Fabio, Tirelo" and "Ali, Tofigh" and "Marc-Antoine, Courteau" and "Lucas, Ballard" and "Robert, Shield" and "Nav, Jagpal" and "Moheeb, Abu Rajab" and "Panayiotis, Mavrommatis" and "Niels, Provos" and "Elie, Bursztein" and "Damon, McCoy"},booktitle = {Usenix Security},year = {2016},organization = {Usenix}}/n@inproceedings{ THOMAS2022IT'S,title = {It's common and a part of being a content creator: Understanding How Creators Experience and Cope with Hate and Harassment Online},author = {"Kurt, Thomas" and "Patrick Gage Kelley" and "Sunny Consolvo" and "Patrawat Samermit" and "Elie, Bursztein"},booktitle = {Conference on Human Factors in Computing Systems},year = {2022},organization = {ACM}}/n@inproceedings{ BOJINOV2010KAMOUFLAGE,title = {Kamouflage loss-resistant password management},author = {"Hristo, Bojinov" and "Elie, Bursztein" and "Dan, Boneh" and "Xavier, Boyen"},booktitle = {European Symposium On Research In Computer Security},year = {2010},organization = {IEEE}}/n@inproceedings{NANLEVERAGING,title = {Leveraging Virtual Reality to Enhance Diversity and Inclusion training at Google},author = {"Elie Bursztein" and "Karla Brown" and "Patrick Gage Kelley" and "Leonie Sanderson"},booktitle = {Conference on Human Factors in Computing Systems},year = {2024},organization = {ACM}}/n@inproceedings{ DURUMERIC2015NEITHER,title = {Neither snow nor rain nor mitm . . . an empirical analysis of email delivery security},author = {"Zakir, Durumeric" and "David, Adrian" and "Ariana, Mirian" and "James, Kasten" and "Elie, Bursztein" and "Nicolas, Lidzborski" and "Kurt, Thomas" and "Vijay, Eranti" and "Michael, Bailey" and "J. Alex, Halderman"},booktitle = {IMC},year = {2015},organization = {ACM}}/n@inproceedings{ BURSZTEIN2008NETQI,title = {Netqi a model checker for anticipation game},author = {"Elie, Bursztein"},booktitle = {6th International Symposium on Automated Technology for Verification and Analysis},year = {2008},organization = {Springer}}/n@inproceedings{ SCHWANDA SOSIK2014ONLINE,title = {Online microsurveys for user experience research},author = {"Victoria, Schwanda Sosik" and "Elie, Bursztein" and "Sunny, Consolvo" and "David, Huffaker" and "Gueorgi, Kossinets" and "Kerwell, Liao" and "Paul, McDonald" and "Aaron, Sedley"},booktitle = {Human Factors in Computing Systems},year = {2014},organization = {ACM}}/n@inproceedings{ BURSZTEIN2011OPENCONFLICT,title = {Openconflict preventing real time map hacks in online games},author = {"Elie, Bursztein" and "Jocelyn, Lagarenne" and "Mike, Hamburg" and "Dan, Boneh"},booktitle = {Security and Privacy},year = {2011},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2016PICASSO:,title = {Picasso: Lightweight Device Class Fingerprinting for Web Clients},author = {"Elie, Bursztein" and "Artem, Malyshey" and "Tadek, Pietraszek" and "Kurt, Thomas"},booktitle = {Workshop on Security and Privacy in Smartphones and Mobile Devices},year = {2016},organization = {ACM}}/n@inproceedings{ HUANG2017PINNING,title = {Pinning Down Abuse on Google Maps},author = {"Danny Y., Huang" and "Doug, Grundman" and "Kurt, Thomas" and "Abhishek, Kumar" and "Elie, Bursztein" and "Kirill, Levchenko" and "Alex C., Snoeren"},booktitle = {World Wide Web},year = {2017},organization = {WWW}}/n@inproceedings{ BURSZTEIN2008PROBABILISTIC,title = {Probabilistic protocol identification for hard to classify protocol},author = {"Elie, Bursztein"},booktitle = {2nd International Workshop on Information Security Theory and Practices},year = {2008},organization = {Springer}}/n@inproceedings{ THOMAS2019PROTECTING,title = {Protecting accounts from credential stuffing with password breach alerting},author = {"Kurt, Thomas" and "Jennifer, Pullman" and "Kevin, Yeo" and "Ananth, Raghunathan" and "Patrick, Gage Kelley" and "Luca, Invernizzi" and "Borbala, Benko" and "Tadek, Pietraszek" and "Sarvar, Patel" and "Dan, Boneh" and "Elie, Bursztein"},booktitle = {Proceedings of the USENIX Security Symposium},year = {2019},organization = {Usenix}}/n@inproceedings{ BURSZTEIN2011RECLAIMING,title = {Reclaiming the blogosphere talkback a secure linkback protocol for weblogs},author = {"Elie, Bursztein" and "Baptiste, Gourdin" and "John C., Mitchell"},booktitle = {European Symposium on Research in Computer Security},year = {2011},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2010RECOVERING,title = {Recovering windows secrets and efs certificates offline},author = {"Elie, Bursztein" and "Jean-Michel, Picod"},booktitle = {Workshop On Offensive Technologies},year = {2010},organization = {Usenix}}/n@inproceedings{ LI2016REMEDYING,title = {Remedying web hijacking notification effectiveness and webmaster comprehension},author = {"Frank, Li" and "Grant, Ho" and "Eric, Kuan" and "Yuan, Niu" and "Lucas, Ballard" and "Kurt, Thomas" and "Elie, Bursztein" and "Vern, Paxson"},booktitle = {Word Wide Web},year = {2016},organization = {WWW}}/n@inproceedings{ BURSZTEIN2019RETHINKING,title = {Rethinking the detection of child sexual abuse imagery on the Internet},author = {"Elie, Bursztein" and "Travis, Bright" and "Michelle, DeLaune" and "David M., Eliff" and "Nick, Hsu" and "Lindsey, Olson" and "John, Shehan" and "Madhukar, Thakur" and "Kurt, Thomas"},booktitle = {World Wide Web},year = {2019},organization = {WWW}}/n@inproceedings{NANRETSIM:,title = {RETSim: Resilient and Efficient Text Similarity},author = {"Marina Zhang" and "Owen Vallis" and "Aysegul Bumin" and "Tanay Vakharia" and "Elie Bursztein"},booktitle = {International Conference on Learning Representations},year = {2024},organization = {ICLR}}/n@inproceedings{ BURSZTEIN2023RETVEC:,title = {RETVec: Resilient and Efficient Text Vectorizer},author = {"Elie, Bursztein" and "Marina, Zhang" and "Owen, Vallis" and "Xinyu, Jia" and "Alexandros, Kapravelos" and "Alexey, Kurakin"},booktitle = {Neural Information Processing Systems},year = {2023},organization = {NeurIPS}}/n@inproceedings{ BONNEAU2015SECRETS,,title = {Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google},author = {"Joseph, Bonneau" and "Elie, Bursztein" and "Ilan, Caron" and "Rob, Jackson" and "Mike, Williamson"},booktitle = {22nd international conference on World Wide Web},year = {2015},organization = {ACM}}/n@inproceedings{ BURSZTEIN2012SESSIONJUGGLER,title = {Sessionjuggler secure web login from an untrusted terminal using session hijacking},author = {"Elie, Bursztein" and "Chinmay, Soman" and "Dan, Boneh" and "John C., Mitchell"},booktitle = {World Wide Web},year = {2012},organization = {WWW}}/n@inproceedings{NANSOK:,title = {SoK: Hate, Harassment, and the Changing Landscape of Online Abuse},author = {"Kurt Thomas" and "Devdatta Akhawe" and "Michael Bailey" and "Dan Boneh" and "Elie Bursztein" and "Sunny Consolvo" and "Nicola Dell" and "Zakir Durumeric" and "Patrick Gage Kelley" and "Deepak Kumar" and "Damon McCoy" and "Sarah Meiklejohn" and "Thomas Ristenpart" and "Gianluca Stringhini"},booktitle = {Security and Privacy},year = {2021},organization = {IEEE}}/n@inproceedings{NANSPOTLIGHT:,title = {Spotlight: Malware Lead Generation At Scale},author = {"Fabian Kaczmarczyck" and "Bernhard Grill" and "Luca Invernizzi" and "Jennifer Pullman" and "Cecilia M. Procopiuc" and "David Tao" and "Borbala Benko" and "Elie Bursztein"},booktitle = {Proceedings of Annual Computer Security Applications Conference},year = {2020},organization = {ACM}}/n@inproceedings{ BAU2010STATE,title = {State of the art automated black-box web application vulnerability testing},author = {"Jason, Bau" and "Elie, Bursztein" and "Divij, Gupta" and "John C., Mitchell"},booktitle = {Security and Privacy},year = {2010},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2011TEXT-BASED,title = {Text-based captcha strengths and weaknesses},author = {"Elie, Bursztein" and "Matthieu, Martin" and "John C., Mitchell"},booktitle = {Computer and Communications Security},year = {2011},organization = {ACM}}/n@inproceedings{ THOMAS2016THE,title = {The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges},author = {"Kurt, Thomas" and "Rony, Amira" and "Adi, Ben-Yoash" and "Ori, Folger" and "Amir, Hardon" and "Ari, Berger" and "Elie, Bursztein" and "Michael, Bailey"},booktitle = {Research in Attacks, Intrusions, and Defenses},year = {2016},organization = {Springer}}/n@inproceedings{ BOJINOV2010THE,title = {The emergence of cross channel scripting},author = {"Hristo, Bojinov" and "Elie, Bursztein" and "Dan, Boneh"},booktitle = {Communications of the ACM Journal},year = {2010},organization = {ACM}}/n@inproceedings{ BURSZTEIN2014THE,title = {The end is nigh: generic solving of text-based captchas},author = {"Elie, Bursztein" and "Jonathan, Aigrain" and "Angelika, Mosciki" and "John, Mitchell"},booktitle = {Workshop on Offensive Technology},year = {2014},organization = {Usenix}}/n@inproceedings{ BURSZTEIN2011THE,title = {The failure of noise-based non-continuous audio captchas},author = {"Elie, Bursztein" and "Romain, Bauxis" and "Hristo, Paskov" and "Daniele, Perito" and "Celine, Fabry" and "John C., Mitchell"},booktitle = {Security and Privacy},year = {2011},organization = {IEEE}}/n@inproceedings{ STEVENS2017THE,title = {The first collision for full SHA-1},author = {"Marc, Stevens" and "Elie, Bursztein" and "Pierre, Karpman" and "Ange, Albertini" and "Yarik, Markov"},booktitle = {Crypto},year = {2017},organization = {IACR}}/n@inproceedings{ DURUMERIC2017THE,title = {The Security Impact of HTTPS Interception},author = {"Zakir, Durumeric" and "Zane, Ma" and "Drew, Springall" and "Richard, Barnes" and "Nick, Sullivan" and "Elie, Bursztein" and "Michael, Bailey" and "J Alex, Halderman" and "Vern, Paxson"},booktitle = {Network and Distributed Systems Symposium},year = {2017},organization = {Internet Society}}/n@inproceedings{ SAMBASIVAN2019THEY,title = {They Don't Leave Us Alone Anywhere We Go - Gender and Digital Abuse in South Asia},author = {"Nithya, Sambasivan" and "Amna, Batool" and "Nova, Ahmed" and "Tara, Matthews" and "Kurt, Thomas" and "Laura, Sanely Gaytán-Lugo" and "David, Nemer" and "Elie, Bursztein" and "Elizabeth, Churchill" and "Sunny, Consolvo"},booktitle = {CHI Conference on Human Factors in Computing Systems},year = {2019},organization = {ACM}}/n@inproceedings{NANFIVE,title = {Five years of the Right to Be Forgotten},author = {"Theo Bertram" and "Elie Bursztein" and "Stephanie Caro" and "Hubert Chao" and "Rutledge Chin Feman" and "Peter Fleischer" and "Albin Gustafsson" and "Jess Hemerly" and "Chris Hibbert" and "Luca Invernizzi" and "Lanah Kammourieh Donnelly" and "Jason Ketover" and "Jay Laefer" and "Paul Nicholas" and "Yuan Niu" and "Harjinder Obhi" and "David Price" and "Andrew Strait" and "Kurt Thomas" and "Al Verney"},booktitle = {Computer and Communications Security},year = {2019},organization = {ACM}}/n@inproceedings{ BURSZTEIN2007TIME,title = {Time has something to tell us about network address translation},author = {"Elie, Bursztein"},booktitle = {12th Nordic Workshop on Secure IT Systems},year = {2007},organization = {Springer}}/n@inproceedings{ GOURDIN2011TOWARDS,title = {Towards secure embedded web interfaces},author = {"Baptiste, Gourdin" and "Chinmay, Soman" and "Hristo, Bojinov" and "Elie, Bursztein"},booktitle = {Usenix Security},year = {2011},organization = {Usenix}}/n@inproceedings{ BURSZTEIN2009TRACKBACK,title = {Trackback spam abuse and prevention},author = {"Elie, Bursztein" and "Peifung E., Lam" and "John C., Mitchell"},booktitle = {Cloud Computing Security Workshop},year = {2009},organization = {ACM}}/n@inproceedings{ YUXING HUANG2018TRACKING,title = {Tracking desktop ransomware payments end to end },author = {"Danny, Yuxing Huang" and "Maxwell, Aliapoulios" and "Vector, Guo" and "Luca, Invernizzi" and "Kylie, McRoberts" and "Elie, Bursztein" and "Jonathan, Levin" and "Kirill, Levchenko" and "Alex, C. Snoeren" and "Damon, McCoy"},booktitle = {Security and Privacy},year = {2018},organization = {IEEE}}/n@inproceedings{ ANTONAKAKIS2017UNDERSTANDING,title = {Understanding the Mirai Botnet},author = {"Manos, Antonakakis" and "Tim, April" and "Michael, Bailey" and "Matt, Bernhard" and "Elie, Bursztein" and "Jaime, Cochran" and "Zakir, Durumeric" and "J. Alex, Halderman" and "Luca, Invernizzi" and "Michalis, Kallitsis" and "Deepak, Kumar" and "Chaz, Lever" and "Zane, Ma" and "Joshua, Mason" and "Damian, Menscher" and "Chad, Seaman" and "Nick, Sullivan" and "Kurt, Thomas" and "Yi, Zhou"},booktitle = {Usenix Security},year = {2017},organization = {Usenix}}/n@inproceedings{ TISCHER2016USERS,title = {Users really do plug in usb drives they find},author = {"Matthew, Tischer" and "Zakir, Durumeric" and "Sam, Foster" and "Sunny, Duan" and "Alec, Mori" and "Elie, Bursztein" and "Michael, Bailey"},booktitle = {Security and Privacy},year = {2016},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2009USING,title = {Using strategy objectives for network security analysis},author = {"Elie, Bursztein" and "John C., Mitchell"},booktitle = {5th China International Conference on Information Security and Cryptology},year = {2009},organization = {IEEE}}/n@inproceedings{ BURSZTEIN2010WEBSECLAB,title = {Webseclab security education workbench},author = {"Elie, Bursztein" and "Baptiste, Gourdin" and "Celine, Fabry" and "Jason, Bau" and "Gustav, Rydstedt" and "Hristo, Bojinov" and "Dan, Boneh" and "John C., Mitchell"},booktitle = {Cyber Security Experimentation and Test},year = {2010},organization = {Usenix}}/n@inproceedings{NANWHO,title = {Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk},author = {"Camelia Simoiu" and "Ali Zand" and "Kurt Thomas" and "Elie Bursztein"},booktitle = {Internet Measurement Conference},year = {2020},organization = {ACM}}/n@inproceedings{NANWHY,title = {Why wouldn't someone think of democracy as a target? Security practices & challenges of people involved with U.S. political campaigns"},author = {"Sunny Consolvo" and "Patrick Gage Kelley" and "Tara Matthews" and "Kurt Thomas" and "Lee Dunn" and "Elie Bursztein"},booktitle = {Usenix Security},year = {2021},organization = {Usenix}}/n@inproceedings{ BOJINOV2009XCS,title = {Xcs cross channel scripting and its impact on web applications},author = {"Hristo, Bojinov" and "Elie, Bursztein" and "Dan, Boneh"},booktitle = {Computer and Communications Security},year = {2009},organization = {ACM}}/n