Amir Rahmati

Amir Rahmati

Assistant Professor

Stony Brook University

Biography

Amir Rahmati /æ’mi:r ræh’mæti/ (written as امیر رحمتی in Persian) is an Assistant Professor in the Department of Computer Science at Stony Brook University. He is the director of Ethos Security and Privacy lab and a member of Stony Brook National Security Institute. Amir’s research broadly focuses on system security. He is particularly interested in the security and privacy challenges of emerging technologies, including IoT, AR, and ML systems.

Teaching

.js-id-current
CSE360: Software Security
Stony Brook University - Fall 2023
CSE509: System Security
Stony Brook University - Fall 2023
CSE360: Software Security
Stony Brook University - Fall 2022
CSE508: Network Security
Stony Brook University - Fall 2022
CSE508: Network Security
Stony Brook University - Spring 2022
CSE360: Software Security
Stony Brook University - Fall 2021
CSE331: Computer Security Fundamentals
Stony Brook University - Fall 2020
CSE508: Network Security
Stony Brook University - Fall 2019
CSE508: Network Security
Stony Brook University - Fall 2018
CSE588: Computer & Network Security
University of Michigan - Winter 2017

Ethos Lab

Ethos Lab

I lead the Ethos lab at Stony Brook University. In Ethos lab, we focus on improving the security of emerging technologies, such as Internet of Things (IoT) devices and Cyber-Physical systems. Our work involves designing, building, and evaluating systems that tackle security challenges in these domains. As we move towards a world where many resource- and energy-limited devices have access to our data & activities, our research creates an avenue for these devices to incorporate security in their design.

Lab Members

Avatar

Abisheka Pitumpe

Ph.D. Student (2023-Current)

Avatar

Pratik Vaishnavi

Ph.D. Student (2018-Current)

Avatar

Sanket Goutam

Ph.D. Student (2021-Current)

Avatar

Veena Krish

Ph.D. Student (2019-Current)

Avatar

You?

_

Alumni

Avatar

Xigao Li

Ph.D. Student (2018-2023)

Prospective Students

I’m looking for students with diverse backgrounds and expertise to work on challenging research problems across the system stack.

  • Do you like designing and developing elegant systems that tackle real-world problems?
  • Do you have expertise in hardware, software, machine learning, UX, or network protocols and measurement?
  • Are you passionate about security and privacy?

If your answer to these questions is yes, there may be a place for you in my group.

Interested? Fill out this form and tell me about yourself. Then, apply to our graduate program.

Publications

(2024). Zero-One Attack: Degrading Closed-Loop Neural Network Control Systems using State-Time Perturbations. In International Conference on Cyber-Physical Systems (ICCPS).

PDF Venue

(2024). Falsification using Reachability of Surrogate Koopman Models. In ACM International Conference on Hybrid Systems: Computation and Control (HSCC).

PDF Venue

(2024). Like, Comment, Get Scammed: Characterizing Comment Scams on Media Platforms. In Network and Distributed System Security Symposium (NDSS).

PDF Project Venue

(2023). Provable Observation Noise Robustness for Neural Network Control Systems. In Research Directions: Cyber-Physical Systems.

PDF Venue

(2023). Erebus: Access Control for Augmented Reality Systems. In USENIX Security Symposium (USENIX Sec).

PDF Source Document Venue Future Force

(2023). Scan Me If You Can: Understanding and Detecting Unwanted Vulnerability Scanning. In The Web Conference (WWW).

PDF Project Venue

(2023). Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs. In IEEE Access (ACCESS).

PDF Venue

(2022). Accelerating Certified Robustness Training via Knowledge Transfer. In Conference on Neural Information Processing Systems (NeurIPS).

PDF Code Venue Bytez

(2022). On the Feasibility of Compressing Certifiably Robust Neural Networks. In Trustworthy and Socially Responsible Machine Learning (TSRML).

PDF Code Venue

(2022). Transferring Adversarial Robustness Through Robust Representation Matching. In USENIX Security Symposium (USENIX Sec).

Preprint PDF Code Venue

(2022). Ares: A System-Oriented Wargame Framework for Adversarial ML. In IEEE Deep Learning And Security Workshop (DLS).

PDF Code Venue

(2021). Good Bot, Bad Bot: Characterizing Automated Browsing Activity. In IEEE Symposium on Security and Privacy (S&P).

PDF Venue Preview

(2020). An Intent-Based Automation Framework for Securing Dynamic Consumer IoT Infrastructures. In The Web Conference (WWW).

PDF Venue

(2020). Valve: Securing Function Workflows on Serverless Computing Platforms. In The Web Conference (WWW).

PDF Code Video Venue

(2020). Can Attention Masks Improve Adversarial Robustness?. In The AAAI-20 Workshop on Engineering Dependable and Secure Machine Learning Systems (EDSMLS).

PDF Venue

(2019). Protecting Visual Information in Augmented Reality from Malicious Application Developers. In ACM Workshop on Wearable Systems and Applications (WearSys).

PDF Venue

(2018). ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem. In USENIX Security Symposium (USENIX Sec).

PDF Venue Bleeping Computer

(2018). The State of Physical Attacks on Deep Learning Systems. In USENIX Summit on Hot Topics in Security (HotSec).

PDF Venue

(2018). Physical Adversarial Examples for Object Detectors. In USENIX Workshop on Offensive Technologies (WOOT).

Preprint PDF Venue

(2018). Robust Physical-World Attacks on Deep Learning Visual Classification. In Workshop on the Bright and Dark Sides of Computer Vision (CV-COPS).

Venue

(2018). Robust Physical-World Attacks on Deep Learning Visual Classification. In Conference on Computer Vision and Pattern Recognition (CVPR).

Preprint PDF Code Poster Video Venue Video 2

(2018). Caterpillar: Iterative Concolic Execution for Stateful Programs. In International KLEE Workshop on Symbolic Execution (KLEE).

PDF Slides Venue

(2018). Decentralized Action Integrity for Trigger-Action IoT Platforms. In Network and Distributed System Security Symposium (NDSS).

PDF Slides Video Venue

(2017). IFTTT vs. Zapier: A Comparative Study of Trigger-Action Programming Frameworks. In arXiv (1709.02788).

PDF Venue

(2017). Heimdall: A Privacy-Respecting Implicit Preference Collection Framework. In ACM International Conference on Mobile Systems, Applications, and Services (MobiSys).

PDF Slides Video Venue

(2017). Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges?. In IEEE Security & Privacy (S&P Magazine): Systems Attacks and Defenses.

Preprint PDF Venue

(2017). Securing Trigger-Action Platforms. In USENIX Summit on Hot Topics in Security (HotSec).

Slides Venue

(2017). Tyche: A Risk-Based Permission Model for Smart Homes. In IEEE Cybersecurity Development Conference (SecDev).

Preprint PDF Venue

(2017). Support for Security and Safety of Programmable IoT Systems. In ISSTA Workshop on Testing Embedded and Cyber-Physical Systems (TECPS).

Venue

(2017). The Security Implications of Permission Models of Smart Home Application Frameworks. In IEEE Security & Privacy (S&P Magazine), Volume 15, Issue 2.

PDF Venue

(2017). ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms. In Network and Distributed System Security Symposium (NDSS).

PDF Slides Venue

(2016). Towards Comprehensive Repositories of Opinions. In ACM Workshop on Hot Topics in Networks (HotNets).

PDF Venue

(2016). Applying the Opacified Computation Model to Enforce Information Flow Policies in IoT Applications. In IEEE Cybersecurity Development Conference (SecDev).

PDF Slides Venue

(2016). FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In USENIX Security Symposium (USENIX Sec).

PDF Slides Venue

(2016). Persistent Clocks for Batteryless Sensing Devices. In Transactions on Embedded Computing Systems (TECS).

PDF Venue

(2016). Approximate Flash Storage: A Feasibility Study. In Workshop on Approximate Computing Across the Stack (WAX).

PDF Code Slides Venue

(2015). Context-Specific Access Control: Conforming Permissions With User Expectations. In ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM).

PDF Slides Venue

(2015). Probable Cause: The Deanonymizing Effects of Approximate DRAM. In International Symposium on Computer Architecture (ISCA).

PDF Slides Venue

(2014). Malware Prognosis: How to Do Malware Research in Medical Domain. In USENIX Workshop on Health Information Technologies (Health Tech).

PDF Slides Venue

(2014). Stigmalware: Investigating the Prevalence of Malware in the Clinical Domain. In Poster and Short Talk session of IEEE Symposium on Security and Privacy (IEEE S&P).

Venue

(2014). Reliable Physical Unclonable Functions using Data Retention Voltage of SRAM Cells. In IEEE Transactions on CAD: Special Section on Hardware Security and Trust (TCAD).

PDF Venue

(2014). Refreshing Thoughts on DRAM: Power Saving vs. Data Integrity. In Workshop on Approximate Computing Across the System Stack (WACAS).

PDF Slides Venue

(2013). Under What Circumstances Are Insider Leaks Justified?. In Cyber Conflict Report.

PDF Slides Venue

(2013). Cyber Dimensions of State Repression. In Cyber Conflict Report.

PDF Slides Venue

(2013). WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices. In USENIX Workshop on Health Information Technologies (Health Tech).

PDF Venue MIT Tech Review

(2012). DRV-Fingerprinting: Using Data Retention Voltage of SRAM Cells for Chip Identification. In Workshop On RFID Security And Privacy (RFIDsec).

Preprint PDF Slides Venue Slides 2

(2012). TARDIS: Secure Time Keeping For Embedded Devices Without Clocks. In Poster and Short Talk session of IEEE Symposium on Security and Privacy (IEEE S&P).

PDF Poster Venue

(2012). TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices without Clocks. In USENIX Security Symposium (USENIX Sec).

PDF Slides Video Venue Microsoft research IEEE Spectrum SlashDot