Conference Presentations
Google employees regularly present at security conferences around the world. We believe this sharing of research can improve collaboration, help advance the state of security, and ultimately make the Internet a safer place.
| Googler | Conference | Date | Presentation |
|---|---|---|---|
| Emily Schechter | LocoMocoSec | 2018-04 | The Trouble with URLs, and how Humans (Don't) Understand Site Identity |
| Łukasz Siewierski | Kaspersky SAS 2018 | 2018-03 | Android Anti-RE Choosing a Different Path |
| Ananth Raghunathan | Lattice Algorithms and Cryptography Workshop, FSTTCS 2017, IIT Kanpur | 2017-12 | Frodo: Take off the Ring! Practical Quantum-Secure Key Encapsulation from Lattices |
| Łukasz Siewierski | Botconf 2017 | 2017-12 | Thinking Outside of the (Sand)box |
| Megan Ruthven | Blackhat 2017 | 2017-07 | Fighting Targeted Malware in the Mobile Ecosystem |
| Bram Bonné, Sai Teja Peddinti, Igor Bilogrevic, Nina Taft | SOUPS 2017 | 2017-07 | Exploring decision making with Android’s runtime permission dialogs using in-context surveys |
| Felix Groebert | n/a | 2017-05 | Secure iOS application development |
| Michele Spagnuolo, Lukas Weichselbaum | OWASP AppSec Europe, Belfast + HitB, Amsterdam | 2017-05 | So we broke all CSPs... You won't guess what happened next! |
| Sebastian Lekies, Krzysztof Kotowicz, Eduardo Vela Nava | OWASP AppSec Europe, Belfast | 2017-05 | Breaking XSS mitigations via Script Gadgets |
| Tara Matthews, Kathleen O’Leary, Anna Turner, Manya Sleeper, Jill Palzkill Woelfer, Martin Shelton, Cori Manthorne, Elizabeth F. Churchill, Sunny Consolvo | CHI 2017 (https://chi2017.acm.org/) | 2017-05 | Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse |
| Krzysztof Kotowicz | RuhrSec, Bochum | 2017-05 | Secrets of Google VRP. A look from a different angle |
| Dan Austin | Zer0Con | 2017-04 | Your Move: Vulnerability Exploitation and Mitigation on Android |
| Max Moroz | FOSDEM 2017 | 2017-02 | Modern Fuzzing of Media-processing projects |
| Emily Schechter | Enigma | 2017-01 | Inside "MOAR TLS:" How we think about encouraging external HTTPS adoption on the web |
| Benjamin Kreuter | Real World Crypto | 2017-01 | Secure Multiparty Computation at Google |
| Max Moroz | ZeroNights 2016 | 2016-11 | Modern fuzzing of C/C++ Projects |
| Lukas Weichselbaum | DeepSec, Vienna | 2016-11 | CSP Is Dead, Long Live Strict CSP! |
| Emily Schechter | O'Reilly Security Amsterdam | 2016-11 | The case for HTTPS everywhere |
| Hunter King, August Huber | O'Reilly Security Amsterdam | 2016-11 | BeyondCorp: Five years of remote attestation |
| Robert Swiecki | PWNing Conference 2016 | 2016-11 | Control Flow Path Tracking for Security Researchers (pl) |
| Eric Lawrence | O'Reilly Security New York | 2016-11 | Migrating to HTTPS |
| Lukas Weichselbaum, Michele Spagnuolo, Sebastian Lekies, Artur Janc | ACM CCS, Vienna | 2016-10 | CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy |
| Ilya Mironov, Ananth Raghunathan | ACM CCS 2016 | 2016-10 | Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE |
| Martin Abadi, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, Li Zhang | ACM CCS 2016 | 2016-10 | Deep Learning with Differential Privacy |
| Thiébaud Weksteen | Ruxcon | 2016-10 | Firmware Biopsy |
| Gábor Molnár | Hacktivity 2016 | 2016-10 | War Stories from Google’s Vulnerability Reward Program |
| Gábor Molnár | Hacktivity | 2016-10 | War Stories from Google’s Vulnerability Reward Program |
| Jeff Vander Stoep | Linux Security Summit 2016 | 2016-08 | Android: Protecting the Kernel |
| Jorge Lucangeli Obes | Linux Security Summit 2016 | 2016-08 | Minijail: Running Untrusted Programs Safely |
| Kees Cook | Linux Security Summit 2016 | 2016-08 | The State of Kernel Self Protection Project |
| Michele Spagnuolo, Lukas Weichselbaum | OWASP AppSec Europe, Rome | 2016-06 | Making CSP great again! |
| Lukas Weichselbaum, Michele Spagnuolo | Area41, Zurich | 2016-06 | Breaking Bad CSP! |
| Nicolas Ruff | SSTIC 2016 | 2016-06 | Mac OS X System Integrity Protection |
| Dan Austin | Qualcomm Mobile Security Summit 2016 | 2016-05 | Overcoming Stagefright: Integer Overflow Protection in Android |
| Max Moroz | Positive Hack Days 2016 | 2016-05 | Scalable and Effective Fuzzing of Google Chrome Browser |
| Tara Matthews, Kerwell Liao, Anna Turner, Marianne Berkovich, Rob Reeder, Sunny Consolvo | CHI 2016 (ACM Conference on Human Factors in Computing Systems) | 2016-05 | “She’ll just grab any device that’s closer”: A Study of Everyday Device & Account Sharing in Households |
| Lukas Weichselbaum, Michele Spagnuolo, Artur Janc | IEEE SecDev, Boston | 2016-04 | Adopting Strict Content Security Policy for XSS Protection |
| Juan Lang, Alexei Czeskis, Dirk Balfanz and Marius Schilder | Twentieth International Conference on Financial Cryptography and Data Security | 2016-02 | Security Keys: Practical Cryptographic Second Factors for the Modern Web |
| Kosyta Serebryany | Enigma | 2016-02 | Sanitize, Fuzz, and Harden Your C++ Code |
| Christoph Kern | OWASP AppSec California | 2016-01 | Preventing Security Bugs through Software Design |
| Christoph Kern | German OWASP Day | 2015-12 | Technical Keynote: Robuste und Praktikable Ansätze zur Verhinderung von Sicherheitsdefekten |
| Nicolas Lidzborski | ACM IMC 2015 | 2015-10 | Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security |
| Jeff Vander Stoep | Linux Security Conference | 2015-08 | Ioctl Command Whitelisting in SELinux |
| Paul Lawrence and Mike Halcrow | Linux Security Conference | 2015-08 | Linux and Mobile Device Encryption |
| Christoph Kern | 25th USENIX Security Symposium | 2015-08 | Preventing Security Bugs through Software Design |
| Natalie Silvanovich | BlackHat USA | 2015-08 | Attacking ECMAScript Engines with Redefinition |
| Chris Evans and Natalie Silvanovich | Shakacon | 2015-07 | I am the 100% (terms and conditions apply) |
| Julien Tinnes | SSTIC 2015 | 2015-06 | Keynote: Security and engineering (in Chromium) |
| Nicolas Ruff | SSTIC 2015 | 2015-06 | RowHammer in 15' |
| Nicolas Ruff | Insomni'hack 2015 | 2015-03 | Security by Google |
| James Forshaw | Syscan/Infiltrate | 2015-03 | A Link to the Past |
| Chris Evans | CanSecWest | 2015-03 | Taming wild copies: from hopeless crash to working exploit |
| Emilia Kasper | Real World Crypto 2015 | 2015-01 | We <3 SSL |
| James Forshaw | Smoocon/Nullcon | 2015-01 | The Windows Sandbox Paradox |
| Michele Spagnuolo | Hack in the box: Malaysia | 2014-10 | Abusing JSONP with Rosetta Flash |
| Mateusz Jurczyk, Gynvael Coldwind | CONFidence 2013 | 2013-05 | Beyond MOV ADD XOR – the unusual and unexpected in x86 |
| Mateusz Jurczyk | NoSuchCon #1 | 2013-05 | Abusing the Windows Kernel: How to Crash an Operating System With Two Instructions |
| Mateusz Jurczyk, Gynvael Coldwind | SyScan 2013 | 2013-04 | Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns |
| Thomas Dullien | SyScan 2013 | 2013-04 | Checking the Boundaries of Static Analysis |
| Eduardo Vela | TetCon 2013 | 2013-01 | Tyranny of small decisions |
| Thai Duong | ekoparty | 2012-09 | The CRIME attack |
| Fermin Serna | Blackhat (Las Vegas) | 2012-07 | The Case of the Perfect Infoleak |
| Artur Janc | 28C3 | 2011-12 | Rootkits in your Web application |
| Felix Gröbert | 27c3 | 2010-12 | Automatic Identification of Cryptographic Primitives in Software |
| Eduardo Vela | OWASP AppSec | 2010-06 | Security and HTTP Redirects |
| Chris Evans | Conference on Cyber Conflict, CCDCOE | 2010-06 | The Future of Browser Security |
| Eduardo Vela | BlackHat Europe | 2010-04 | Universal XSS via IE8s XSS Filters |
| Tavis Ormandy, Julien Tinnes | CanSecWest, BlackHat USA | 2010-03 | There's a party at Ring0, and you're invited |
| Julien Tinnes, Tavis Ormandy | PacSec | 2009-11 | Virtualization security and the Intel privilege model |
| Julien Tinnes, Chris Evans | Hack in The Box (Malaysia), BlackHat Europe | 2009-10 | Security in Depth for Linux Software |
| Chris Evans, Billy Rios | PacSec, Hack in The Box (Dubai) | 2009-04 | Cross-domain leakiness |