Publications

(2024). Zero-One Attack: Degrading Closed-Loop Neural Network Control Systems using State-Time Perturbations. In International Conference on Cyber-Physical Systems (ICCPS).

PDF Venue

(2024). Falsification using Reachability of Surrogate Koopman Models. In ACM International Conference on Hybrid Systems: Computation and Control (HSCC).

PDF Venue

(2024). Like, Comment, Get Scammed: Characterizing Comment Scams on Media Platforms. In Network and Distributed System Security Symposium (NDSS).

PDF Project Venue

(2023). Provable Observation Noise Robustness for Neural Network Control Systems. In Research Directions: Cyber-Physical Systems.

PDF Venue

(2023). Erebus: Access Control for Augmented Reality Systems. In USENIX Security Symposium (USENIX Sec).

PDF Source Document Venue Future Force

(2023). Scan Me If You Can: Understanding and Detecting Unwanted Vulnerability Scanning. In The Web Conference (WWW).

PDF Project Venue

(2023). Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs. In IEEE Access (ACCESS).

PDF Venue

(2022). On the Feasibility of Compressing Certifiably Robust Neural Networks. In Trustworthy and Socially Responsible Machine Learning (TSRML).

PDF Code Venue

(2022). Accelerating Certified Robustness Training via Knowledge Transfer. In Conference on Neural Information Processing Systems (NeurIPS).

PDF Code Venue Bytez

(2022). Transferring Adversarial Robustness Through Robust Representation Matching. In USENIX Security Symposium (USENIX Sec).

Preprint PDF Code Venue

(2022). Ares: A System-Oriented Wargame Framework for Adversarial ML. In IEEE Deep Learning And Security Workshop (DLS).

PDF Code Venue

(2021). Good Bot, Bad Bot: Characterizing Automated Browsing Activity. In IEEE Symposium on Security and Privacy (S&P).

PDF Venue Preview

(2020). Valve: Securing Function Workflows on Serverless Computing Platforms. In The Web Conference (WWW).

PDF Code Video Venue

(2020). An Intent-Based Automation Framework for Securing Dynamic Consumer IoT Infrastructures. In The Web Conference (WWW).

PDF Venue

(2020). Can Attention Masks Improve Adversarial Robustness?. In The AAAI-20 Workshop on Engineering Dependable and Secure Machine Learning Systems (EDSMLS).

PDF Venue

(2019). Protecting Visual Information in Augmented Reality from Malicious Application Developers. In ACM Workshop on Wearable Systems and Applications (WearSys).

PDF Venue

(2018). ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem. In USENIX Security Symposium (USENIX Sec).

PDF Venue Bleeping Computer

(2018). The State of Physical Attacks on Deep Learning Systems. In USENIX Summit on Hot Topics in Security (HotSec).

PDF Venue

(2018). Physical Adversarial Examples for Object Detectors. In USENIX Workshop on Offensive Technologies (WOOT).

Preprint PDF Venue

(2018). Robust Physical-World Attacks on Deep Learning Visual Classification. In Workshop on the Bright and Dark Sides of Computer Vision (CV-COPS).

Venue

(2018). Robust Physical-World Attacks on Deep Learning Visual Classification. In Conference on Computer Vision and Pattern Recognition (CVPR).

Preprint PDF Code Poster Video Venue Video 2

(2018). Caterpillar: Iterative Concolic Execution for Stateful Programs. In International KLEE Workshop on Symbolic Execution (KLEE).

PDF Slides Venue

(2018). Decentralized Action Integrity for Trigger-Action IoT Platforms. In Network and Distributed System Security Symposium (NDSS).

PDF Slides Video Venue

(2017). IFTTT vs. Zapier: A Comparative Study of Trigger-Action Programming Frameworks. In arXiv (1709.02788).

PDF Venue

(2017). Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges?. In IEEE Security & Privacy (S&P Magazine): Systems Attacks and Defenses.

Preprint PDF Venue

(2017). Heimdall: A Privacy-Respecting Implicit Preference Collection Framework. In ACM International Conference on Mobile Systems, Applications, and Services (MobiSys).

PDF Slides Video Venue

(2017). Tyche: A Risk-Based Permission Model for Smart Homes. In IEEE Cybersecurity Development Conference (SecDev).

Preprint PDF Venue

(2017). Securing Trigger-Action Platforms. In USENIX Summit on Hot Topics in Security (HotSec).

Slides Venue

(2017). Support for Security and Safety of Programmable IoT Systems. In ISSTA Workshop on Testing Embedded and Cyber-Physical Systems (TECPS).

Venue

(2017). The Security Implications of Permission Models of Smart Home Application Frameworks. In IEEE Security & Privacy (S&P Magazine), Volume 15, Issue 2.

PDF Venue

(2017). ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms. In Network and Distributed System Security Symposium (NDSS).

PDF Slides Venue

(2016). Towards Comprehensive Repositories of Opinions. In ACM Workshop on Hot Topics in Networks (HotNets).

PDF Venue

(2016). Applying the Opacified Computation Model to Enforce Information Flow Policies in IoT Applications. In IEEE Cybersecurity Development Conference (SecDev).

PDF Slides Venue

(2016). FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In USENIX Security Symposium (USENIX Sec).

PDF Slides Venue

(2016). Persistent Clocks for Batteryless Sensing Devices. In Transactions on Embedded Computing Systems (TECS).

PDF Venue

(2016). Approximate Flash Storage: A Feasibility Study. In Workshop on Approximate Computing Across the Stack (WAX).

PDF Code Slides Venue

(2015). Context-Specific Access Control: Conforming Permissions With User Expectations. In ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM).

PDF Slides Venue

(2015). Probable Cause: The Deanonymizing Effects of Approximate DRAM. In International Symposium on Computer Architecture (ISCA).

PDF Slides Venue

(2014). Stigmalware: Investigating the Prevalence of Malware in the Clinical Domain. In Poster and Short Talk session of IEEE Symposium on Security and Privacy (IEEE S&P).

Venue

(2014). Malware Prognosis: How to Do Malware Research in Medical Domain. In USENIX Workshop on Health Information Technologies (Health Tech).

PDF Slides Venue

(2014). Reliable Physical Unclonable Functions using Data Retention Voltage of SRAM Cells. In IEEE Transactions on CAD: Special Section on Hardware Security and Trust (TCAD).

PDF Venue

(2014). Refreshing Thoughts on DRAM: Power Saving vs. Data Integrity. In Workshop on Approximate Computing Across the System Stack (WACAS).

PDF Slides Venue

(2013). Under What Circumstances Are Insider Leaks Justified?. In Cyber Conflict Report.

PDF Slides Venue

(2013). Cyber Dimensions of State Repression. In Cyber Conflict Report.

PDF Slides Venue

(2013). WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices. In USENIX Workshop on Health Information Technologies (Health Tech).

PDF Venue MIT Tech Review

(2012). DRV-Fingerprinting: Using Data Retention Voltage of SRAM Cells for Chip Identification. In Workshop On RFID Security And Privacy (RFIDsec).

Preprint PDF Slides Venue Slides 2

(2012). TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices without Clocks. In USENIX Security Symposium (USENIX Sec).

PDF Slides Video Venue Microsoft research IEEE Spectrum SlashDot

(2012). TARDIS: Secure Time Keeping For Embedded Devices Without Clocks. In Poster and Short Talk session of IEEE Symposium on Security and Privacy (IEEE S&P).

PDF Poster Venue