Xavier de Carné de Carnavalet

Conference and journal papers

See my profile on the following platforms:
Google Scholar DBLP profile ORCID

2025

• Understanding Home Router Configuration Habits & Attitudes. J. Ye, X. de Carné de Carnavalet, L. Zhao, L. Wu, M. Zhang. ACM CHI Conference on Human Factors in Computing Systems (CHI'25), Yokohama, Japan, 2025. conference

2024

• Exposed by Default: A Security Analysis of Home Router Default Settings and Beyond. J. Ye, X. de Carné de Carnavalet, L. Zhao, M. Zhang, L. Wu, W. Zhang. Accepted in IEEE Internet of Things Journal (IEEE IoT-J). journal
• Towards Exploring Cross-Regional and Cross-Platform Differences in Login Throttling. M. Cai, X. de Carné de Carnavalet, S. Zhang, L. Zhao, M. Zhang. Nordic Conference on Secure IT systems (NordSec'24), Karlstad, Sweden, 2024. conference
• Detecting Command Injection Vulnerabilities in Linux-Based Embedded Firmware with LLM-based Taint Analysis of Library Functions. (Pre-print version: June 27, 2024). J. Ye, X. Fei, X. de Carné de Carnavalet, L. Zhao, L. Wu, M. Zhang. Elsevier Computers & Security, 144, 103971, September 2024. journal
• Exposed by Default: A Security Analysis of Home Router Default Settings. J. Ye, X. de Carné de Carnavalet, M. Zhang, L. Zhao, L. Wu, W. Zhang. ACM Symposium on Information, Computer and Communications Security (AsiaCCS'24), Singapore, 2024. conference
• Vulnerability reporting GitHub page

2023

• The Flaw Within: Identifying CVSS Score Discrepancies in the NVD. S. Zhang, M. Cai, M. Zhang, L. Zhao, X. de Carné de Carnavalet. IEEE International Conference on Cloud Computing Technology and Science (CloudCom'23), Napoli, Italy, 2023. conference
• A survey and analysis of TLS interception mechanisms and motivations. (Pre-print version: Dec. 27, 2022). X. de Carné de Carnavalet and Paul C. van Oorschot. ACM Computing Surveys (ACM CSUR), 55(13s), 1-40, July 2023. journal

2019

• Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS Ecosystem (Ph.D. thesis, July 24, 2019). thesis
• Privacy and Security Risks of "Not-a-Virus" Bundled Adware: The Wajam Case. X. de Carné de Carnavalet and M. Mannan. arXiv:1905.05224 (May 13, 2019). preprint
• Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security. (Pre-print version: Feb. 4, 2019, © IEEE). M. Zhang, X. de Carné de Carnavalet, L. Wang, A. Ragab. IEEE Transactions on Information Forensics and Security (TIFS), 14(9): 2315-2330 (September 2019). journal

2017

• Face recognition using multi-class Logical Analysis of Data. A. Ragab, X. de Carné de Carnavalet, S. Yacout, M-S. Ouali. Pattern Recognition and Image Analysis, volume 27, no. 2 (2017), pages 276-288. journal

2016

• Killed by Proxy: Analyzing Client-end TLS Interception Software. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'16), San Diego, CA, USA, 2016. conference

2015

• A Large-Scale Evaluation of High-Impact Password Strength Meters. (Pre-print version: Feb. 27, 2015, © ACM). X. de Carné de Carnavalet and M. Mannan. ACM Transactions on Information and System Security (TISSEC), 18(1): 1-32 (May 2015). journal

2014

• Challenges and Implications of Verifiable Builds for Security-Critical Open-Source Software. X. de Carné de Carnavalet and M. Mannan. Annual Computer Security Applications Conference (ACSAC'14), New Orleans, LA, USA, 2014. conference
  • Extended version (Dec. 10, 2014) tech report
  • How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries (Oct. 2013) tech report
    • Full-disclosure
• From Very Weak to Very Strong: Analyzing Password-Strength Meters. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'14), San Diego, CA, USA, 2014. conference
  • Extended version (Dec. 26, 2013) tech report
  • Project page with resources from this project (data + source code) project
  • M.A.Sc. thesis: A Large-scale Evaluation of High-impact Password Strength Meters (Apr. 7, 2014) thesis

Books

• Volume editor: Haixin Duan, Mourad Debbabi, Xavier de Carné de Carnavalet, Xiapu Luo, Xiaojiang Du, Man Ho Allen Au (Eds.). (2024). Security and Privacy in Communication Networks: 19th EAI International Conference, SecureComm 2023, Hong Kong, China, October 19–21, 2023, Proceedings, Part I & II. Springer Nature. https://doi.org/10.1007/978-3-031-64948-6 & https://link.springer.com/book/10.1007/978-3-031-64954-7