Teaching

CSE508: Network Security

Stony Brook University - Fall 2018

EECS 588: Computer & Network Security

University of Michigan - Winter 2017

Ethos Lab

Ethos Lab

I lead the Ethos lab at Stony Brook University. In Ethos lab, we focus on improving the security of emerging technologies, such as Internet of Things (IoT) devices and Cyber-Physical systems. Our work involves designing, building, and evaluating systems that tackle security challenges in these domains. As we move towards a world where many resource- and energy-limited devices have access to our data & activities, our research creates an avenue for these devices to incorporate security in their design.

Prospective Students

I’m looking for students with diverse backgrounds and expertise to work on challenging research problems across the system stack.

  • Do you like designing and developing elegant systems that tackle real-world problems?
  • Do you have expertise in hardware, software, machine learning, UX, or network protocols and measurement?
  • Are you passionate about security and privacy?

If your answer to these questions is yes, there may be a place for you in my group.

Interested? Fill out this form.

Publications

Tyche: A Risk-Based Permission Model for Smart Homes IEEE Cybersecurity Development Conference (SecDev), 2018.

Preprint PDF Venue

Physical Adversarial Examples for Object Detectors USENIX Workshop on Offensive Technologies (WOOT), 2018.

Preprint PDF Venue

ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem USENIX Security Symposium (USENIX Sec), 2018.

PDF Venue

Robust Physical-World Attacks on Deep Learning Visual Classification Conference on Computer Vision and Pattern Recognition (CVPR), 2018.

Preprint PDF Code Poster Venue Video Video 2

Robust Physical-World Attacks on Deep Learning Visual Classification Workshop on the Bright and Dark Sides of Computer Vision (CV-COPS), 2018.

Venue

Caterpillar: Iterative Concolic Execution for Stateful Programs International KLEE Workshop on Symbolic Execution (KLEE), 2018.

PDF Slides Venue

Decentralized Action Integrity for Trigger-Action IoT Platforms Network and Distributed System Security Symposium (NDSS), 2018.

Preprint PDF Slides Video Venue

IFTTT vs. Zapier: A Comparative Study of Trigger-Action Programming Frameworks arXiv (1709.02788), 2017.

Preprint

Heimdall: A Privacy-Respecting Implicit Preference Collection Framework ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), 2017.

PDF Slides Video Venue

Securing Trigger-Action Platforms USENIX Summit on Hot Topics in Security (HotSec), 2017.

Slides Venue

Support for Security and Safety of Programmable IoT Systems ISSTA Workshop on Testing Embedded and Cyber-Physical Systems (TECPS), 2017.

Venue

Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges? IEEE Security & Privacy (S&P Magazine): Systems Attacks and Defenses, 2017.

Preprint PDF Venue

The Security Implications of Permission Models of Smart Home Application Frameworks IEEE Security & Privacy (S&P Magazine), Volume 15, Issue 2, 2017.

PDF Venue

ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms Network and Distributed System Security Symposium (NDSS), 2017.

PDF Slides Venue

Towards Comprehensive Repositories of Opinions ACM Workshop on Hot Topics in Networks (HotNets), 2016.

PDF Venue

Applying the Opacified Computation Model to Enforce Information Flow Policies in IoT Applications IEEE Cybersecurity Development Conference (SecDev), 2016.

PDF Slides Venue

FlowFence: Practical Data Protection for Emerging IoT Application Frameworks USENIX Security Symposium (USENIX Sec), 2016.

PDF Slides Venue

Persistent Clocks for Batteryless Sensing Devices Transactions on Embedded Computing Systems (TECS), 2016.

PDF Venue

Approximate Flash Storage: A Feasibility Study Workshop on Approximate Computing Across the Stack (WAX), 2016.

PDF Code Slides Venue

Context-Specific Access Control: Conforming Permissions With User Expectations ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2015.

PDF Slides Venue

Probable Cause: The Deanonymizing Effects of Approximate DRAM International Symposium on Computer Architecture (ISCA), 2015.

PDF Slides Venue

Malware Prognosis: How to Do Malware Research in Medical Domain USENIX Workshop on Health Information Technologies (Health Tech), 2014.

PDF Slides Venue

Reliable Physical Unclonable Functions using Data Retention Voltage of SRAM Cells IEEE Transactions on CAD: Special Section on Hardware Security and Trust (TCAD), 2014.

PDF Venue

Stigmalware: Investigating the Prevalence of Malware in the Clinical Domain Poster and Short Talk session of IEEE Symposium on Security and Privacy (IEEE S&P), 2014.

Venue

Refreshing Thoughts on DRAM: Power Saving vs. Data Integrity Workshop on Approximate Computing Across the System Stack (WACAS), 2014.

PDF Slides Venue

Under What Circumstances Are Insider Leaks Justified? Cyber Conflict Report, 2013.

PDF Slides Venue

Cyber Dimensions of State Repression Cyber Conflict Report, 2013.

PDF Slides Venue

WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices USENIX Workshop on Health Information Technologies (Health Tech), 2013.

PDF Venue MIT Tech Review

TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices without Clocks USENIX Security Symposium (USENIX Sec), 2012.

PDF Slides Video Venue Microsoft Research IEEE Spectrum SlashDot

DRV-Fingerprinting: Using Data Retention Voltage of SRAM Cells for Chip Identification Workshop On RFID Security And Privacy (RFIDsec), 2012.

PDF Slides Slides 2 Venue

TARDIS: Secure Time Keeping For Embedded Devices Without Clocks Poster and Short Talk session of IEEE Symposium on Security and Privacy (IEEE S&P), 2012.

PDF Poster Venue