My research interests span across network security and privacy, web security, Internet measurement, passwords and authentication, software and firmware security, and applications of machine learning to security.
Mailing address:
PQ806, Mong Man Wai building, The Hong Kong Polytechnic University
11 Yuk Choi Rd, Hung Hom, Kowloon, Hong Kong
📧
ORCID
DBLP profile
@xavier2dc
> Looking for highly motivated PhD/MPhil students, Research Assistants with a B.Sc. or Master's, in the areas of Network/Web Security and Privacy, Passwords and Authentication, Internet Measurement, and Firmware Security. Please contact me if you are interested.
Publications
- Privacy and Security Risks of "Not-a-Virus" Bundled Adware: The Wajam Case. X. de Carné de Carnavalet and M. Mannan. arXiv:1905.05224 (May 13, 2019). preprint
-
Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security. (Pre-print version: Feb. 4, 2019, © IEEE). M. Zhang, X. de Carné de Carnavalet, L. Wang, A. Ragab. IEEE Transactions on Information Forensics and Security (TIFS), 14(9): 2315-2330 (September 2019). journal
-
Root Agency dummy root certificate trusted by Net Nanny and Untangle NG Firewall (Nov. 28, 2018). project
-
Face recognition using multi-class Logical Analysis of Data. A. Ragab, X. de Carné de Carnavalet, S. Yacout, M-S. Ouali. Pattern Recognition and Image Analysis volume 27, no. 2 (2017), pages 276-288. journal
-
Killed by Proxy: Analyzing Client-end TLS Interception Software. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'16), San Diego, CA, USA, 2016. conference
-
A Large-Scale Evaluation of High-Impact Password Strength Meters. (Pre-print version: Feb. 27, 2015, © ACM). X. de Carné de Carnavalet and M. Mannan. ACM Transactions on Information and System Security (TISSEC), 18(1): 1-32 (May 2015). journal
-
Challenges and Implications of Verifiable Builds for Security-Critical Open-Source Software. X. de Carné de Carnavalet and M. Mannan. Annual Computer Security Applications Conference (ACSAC'14), New Orleans, LA, USA, 2014. conference
-
From Very Weak to Very Strong: Analyzing Password-Strength Meters. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'14), San Diego, CA, USA, 2014. conference
- Windows 7/8 admin account installation password stored in the clear in LSA Secrets (July 11, 2013). tech report