Ben Stock

Publication Activity (10 Years)

Years Active: 2011-2024
Publications (10 Years): 40

Top Topics

Constantly Growing

Pareto Optimality

Automated Discovery

Policy Enforcement

Top Venues

USENIX Security Symposium

Publications

Jannis Rautenstrauch, Ben Stock
Who's Breaking the Rules? Studying Conformance to the HTTP Specifications and its Security Impact. AsiaCCS (2024)
Sebastian Roth, Lea Gröber, Philipp Baus, Katharina Krombholz, Ben Stock
Trust Me If You Can - How Usable Is Trusted Types In Practice? USENIX Security Symposium (2024)
Seongil Wi, Trung Tin Nguyen, Jihwan Kim, Ben Stock, Sooel Son
DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing. NDSS (2023)
Giorgio Di Tizio, Patrick Speicher, Milivoj Simeonovski, Michael Backes, Ben Stock, Robert Künnemann
Pareto-optimal Defenses for the Web Infrastructure: Theory and Practice. ACM Trans. Priv. Secur. 26 (2) (2023)
Birk Blechschmidt, Ben Stock
Extended Hell(o): A Comprehensive Large-Scale Study on Email Confidentiality and Integrity Mechanisms in the Wild. USENIX Security Symposium (2023)
Jannis Rautenstrauch, Giancarlo Pellegrino, Ben Stock
The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web. SP (2023)
Leon Trampert, Ben Stock, Sebastian Roth
Honey, I Cached our Security Tokens Re-usage of Security Tokens in the Wild. RAID (2023)
Christine Utz, Matthias Michels, Martin Degeling, Ninja Marnau, Ben Stock
Comparing Large-Scale Privacy and Security Notifications. Proc. Priv. Enhancing Technol. 2023 (3) (2023)
Florian Hantke, Stefano Calzavara, Moritz Wilhelm, Alvise Rabitti, Ben Stock
You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements. CCS (2023)
Florian Hantke, Ben Stock
HTML violations and where to find them: a longitudinal analysis of specification violations in HTML. IMC (2022)
David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock, Martin Johns
Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions. EuroS&P (2022)
Trung Tin Nguyen, Michael Backes, Ben Stock
Freely Given Consent?: Studying Consent Notice of Third-Party Tracking and Its Violations of GDPR in Android Apps. CCS (2022)
Peter Stolz, Sebastian Roth, Ben Stock
To hash or not to hash: A security assessment of CSP's unsafe-hashes expression. SP Workshops (2022)
Sebastian Roth, Stefano Calzavara, Moritz Wilhelm, Alvise Rabitti, Ben Stock
The Security Lottery: Measuring Client-Side Web Security Inconsistencies. USENIX Security Symposium (2022)
Sebastian Roth, Lea Gröber, Michael Backes, Katharina Krombholz, Ben Stock
12 Angry Developers - A Qualitative Study on Developers' Struggles with CSP. CCS (2021)
Marius Steffens, Marius Musch, Martin Johns, Ben Stock
Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI. NDSS (2021)
Stefano Calzavara, Tobias Urban, Dennis Tatang, Marius Steffens, Ben Stock
Reining in the Web's Inconsistencies with Site Policy. NDSS (2021)
Trung Tin Nguyen, Michael Backes, Ninja Marnau, Ben Stock
Share First, Ask Later (or Never?) Studying Violations of GDPR's Explicit Consent in Android Apps. USENIX Security Symposium (2021)
Gordon Meiser, Pierre Laperdrix, Ben Stock
Careful Who You Trust: Studying the Pitfalls of Cross-Origin Communication. AsiaCCS (2021)
Aurore Fass, Dolière Francis Somé, Michael Backes, Ben Stock
DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale. CCS (2021)
Stefano Calzavara, Sebastian Roth, Alvise Rabitti, Michael Backes, Ben Stock
A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web. USENIX Security Symposium (2020)
Stefano Calzavara, Ben Stock
SecWeb 2020 Preface. EuroS&P Workshops (2020)
Sebastian Roth, Timothy Barron, Stefano Calzavara, Nick Nikiforakis, Ben Stock
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies. NDSS (2020)
Sebastian Roth, Michael Backes, Ben Stock
Assessing the Impact of Script Gadgets on CSP at Scale. AsiaCCS (2020)
Marius Steffens, Ben Stock
PMForce: Systematically Analyzing postMessage Handlers at Scale. CCS (2020)
Aurore Fass, Michael Backes, Ben Stock
JStap: a static pre-filter for malicious JavaScript detection. ACSAC (2019)
Marius Musch, Marius Steffens, Sebastian Roth, Ben Stock, Martin Johns
ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices. AsiaCCS (2019)
Marius Steffens, Christian Rossow, Martin Johns, Ben Stock
Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. NDSS (2019)
Aurore Fass, Michael Backes, Ben Stock
HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs. CCS (2019)
Aurore Fass, Robert P. Krawczyk, Michael Backes, Ben Stock
JaSt: Fully Syntactic Detection of Malicious (Obfuscated) JavaScript. DIMVA (2018)
Ben Stock, Giancarlo Pellegrino, Frank Li, Michael Backes, Christian Rossow
Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications. NDSS (2018)
Ben Stock, Martin Johns, Marius Steffens, Michael Backes
How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security. USENIX Security Symposium (2017)
Michael Backes, Konrad Rieck, Malte Skoruppa, Ben Stock, Fabian Yamaguchi
Efficient and Flexible Discovery of PHP Application Vulnerabilities. EuroS&P (2017)
Michael Backes, Thorsten Holz, Christian Rossow, Teemu Rytilahti, Milivoj Simeonovski, Ben Stock
On the Feasibility of TTL-Based Filtering for DRDoS Mitigation. RAID (2016)
Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, Michael Backes
POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications. CCS (2016)
Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, Michael Backes
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification. USENIX Security Symposium (2016)
Ben Stock, Benjamin Livshits, Benjamin G. Zorn
Kizzle: A Signature Compiler for Detecting Exploit Kits. DSN (2016)
Ben Stock, Martin Johns
Client-Side XSS in Theorie und Praxis. Datenschutz und Datensicherheit 40 (11) (2016)
Sebastian Lekies, Ben Stock, Martin Wentzel, Martin Johns
The Unexpected Dangers of Dynamic JavaScript. USENIX Security Symposium (2015)
Ben Stock, Stephan Pfistner, Bernd Kaiser, Sebastian Lekies, Martin Johns
From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting. CCS (2015)
Ben Stock, Sebastian Lekies, Martin Johns
DOM-basiertes Cross-Site Scripting im Web: Reise in ein unerforschtes Land. Sicherheit (2014)
Ben Stock, Sebastian Lekies, Tobias Mueller, Patrick Spiegel, Martin Johns
Precise Client-side Protection against DOM-based Cross-Site Scripting. USENIX Security Symposium (2014)
Ben Stock, Martin Johns
Protecting users against XSS-based password manager abuse. AsiaCCS (2014)
Sebastian Lekies, Ben Stock, Martin Johns
25 million flows later: large-scale detection of DOM-based XSS. CCS (2013)
Martin Johns, Sebastian Lekies, Ben Stock
Eradicating DNS Rebinding with the Extended Same-origin Policy. USENIX Security Symposium (2013)
Zinaida Benenson, Andreas Dewald, Hans-Georg Eßer, Felix C. Freiling, Tilo Müller, Christian Moch, Stefan Vömel, Sebastian Schinzel, Michael Spreitzenbarth, Ben Stock, Johannes Stüttgen
Exploring the Landscape of Cybercrime. SysSec@DIMVA (2011)