Prof. Michalis Polychronakis and team break critical AMD security tech!

gfjgtubvxcbcNews

Evil hypervisors can work out what apps are running, extract data from encrypted guests “In a paper [PDF] presented Tuesday at the ACM Asia Conference on Computer and Communications Security in Auckland, New Zealand, computer scientists Jan Werner (UNC Chapel Hill), Joshua Mason (University of Illinois), Manos Antonakakis (Georgia Tech), Michalis Polychronakis (Stony Brook University), and Fabian Monrose (UNC Chapel …

Amir’s work exhibited in the London Science Museum!

gfjgtubvxcbcNews

Work Prof. Amir Rahmati and his students used in their 2018 CVPR paper “Robust Physical-World Attacks on Deep Learning Visual Classification” is now on display at London Science Museum as part of of a special exhibition on autonomous driving! https://www.sciencemuseum.org.uk/see-and-do/driverless-who-is-in-control

The NSI team publishes 6 more cool papers!

gfjgtubvxcbcNews

Thang Bui, Scott D. Stoller, and Jiajie Li, Greedy and Evolutionary Algorithms for Mining Relationship-Based Access Control Policies. Computers & Security, 80:317-333, January 2019. Thang Bui, Scott D. Stoller, and Jiajie Li, Mining Relationship-Based Access Control Policies from Incomplete and Noisy Data. In Proceedings of the 11th International Symposium on Foundations & Practice of Security (FPS 2018), volume 11358 of …

We have 4 papers published at NDSS 2019! (Nick, Michalis, Nima, Anrin, Meng, Pierre, Radu)

gfjgtubvxcbcNews

ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAM Anrin Chakraborti and Radu Sion (Stony Brook University) Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation Panagiotis Papadopoulos (FORTH-ICS, Greece); Panagiotis Ilia (FORTH-ICS); Michalis Polychronakis (Stony Brook University, USA); Evangelos Markatos, Sotiris Ioannidis, and Giorgos Vasiliadis (FORTH-ICS, Greece) Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support …

Amir and collaborators receive best paper award!

gfjgtubvxcbcNews

Tyche: A new permission model to defend against smart home hacks With the use of many integrated smart devices, an app-driven home environment is now a reality. But this young technology faces many new challenges, in particular, how users grant apps permissions to operations on devices. Prompting user for permission to every individual operation can cause usability issues (too many …

Amir’s paper on Confusing Self-Driving Cars made it to Wired, Engadget, Car and Driver, CNET, Fortune and many others!

gfjgtubvxcbcNews

“Robust Physical-World Attacks on Deep Learning Models”, Ivan Evtimov, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash, Amir Rahmati, Dawn Song (alphabetical order) (arXiv:1707.08945) [IEEE Spectrum] http://spectrum.ieee.org/cars-that-think/transportation/sensors/slight-street-sign-modifications-can-fool-machine-learning-algorithms [Yahoo News] https://sg.news.yahoo.com/researchers-demonstrate-limits-driverless-car-technology-151138885.html [Wired] https://www.wired.com/story/security-news-august-5-2017 [Engagdet] https://www.engadget.com/2017/08/06/altered-street-signs-confuse-self-driving-cars/ [Telegraph] http://www.telegraph.co.uk/technology/2017/08/07/graffiti-road-signs-could-trick-driverless-cars-driving-dangerously/ [Car and Driver] http://blog.caranddriver.com/researchers-find-a-malicious-way-to-meddle-with-autonomous-cars/ [CNET] https://www.cnet.com/roadshow/news/it-is-surprisingly-easy-to-bamboozle-a-self-driving-car/ [Digital Trends] https://www.digitaltrends.com/cars/self-driving-cars-confuse-stickers-signs/ [SCMagazine] https://www.scmagazine.com/subtle-manipulation-of-street-signs-can-fool-self-driving-cars-researchers-report/article/680146/ [Schneier on Security] Confusing Self-Driving Cars by Altering Road Signs [Ars …

Amir gets papers in NDSS and MobiSys

gfjgtubvxcbcNews

“Decentralized Action Integrity for Trigger-Action IoT Platforms”, Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, Atul Prakash, In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS’18). San Diego, CA, February 2018. “Heimdall: A Privacy-Respecting Implicit Preference Col lection Framework”, Amir Rahmati, Earlence Fernandes, Kevin Eykholt, Xinheng Chen, Atul Prakash, In the 15th ACM International Conference on Mobile Systems, Applications, …

Michalis got papers in Oakland, ACSAC, EuroS&P, and NDSS!

gfjgtubvxcbcNews

Protecting COTS Binaries from Disclosure-guided Code Reuse Attacks Mingwei Zhang, Michalis Polychronakis, and R. Sekar. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC). December 2017, Orlando, FL. Compiler-assisted Code Randomization Hyungjoon Koo, Yaohui Chen, Long Lu, Vasileios P. Kemerlis and Michalis Polychronakis. To appear in Proceedings of the 39th IEEE Symposium on Security & Privacy (S&P). May …

Scott publishes two papers in DBSec and JCS

gfjgtubvxcbcNews

Thang Bui, Scott D. Stoller, and Shikhar Sharma. Fast Distributed Evaluation of Stateful Attribute-Based Access Control Policies. In Proceedings of the 31st Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2017). Lecture Notes in Computer Science. Springer-Verlag, 2017 Scott D. Stoller and Thang Bui. Mining Hierarchical Temporal Roles with Multiple Metrics. Journal of Computer …

Omkant gets papers in Crypto and EuroCrypt!

gfjgtubvxcbcNews

Incremental Program Obfuscation Sanjam Garg, Omkant Pandey CRYPTO 17 A New Approach To Black-Box Concurrent Secure Computation Sanjam Garg, Susumu Kiyoshima, Omkant Pandey EUROCRYPT 18

Nick gets 3 papers in WWW !

gfjgtubvxcbcNews

Panning for gold.com: Understanding the dynamics of domain dropcatching, Najmeh Miramirkhani, Timothy Barron, Michael Ferdman, and Nick Nikiforakis to appear in the Web Conference (WWW), 2018 Abstract An event that is rarely considered by technical users and laymen alike is that of a domain name expiration. The massive growth in the registration of domain names is followed by daily, equally …

Nick gets 3 papers into CCS!

gfjgtubvxcbcNews

https://www.cs.stonybrook.edu/about-us/News/Trifecta-PragSec-Lab-Three-papers-accepted-ACM-security-conference In their first paper titled Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers doctoral researchers Meng Luo and Oleksii Starov, guided by Assistant Professor Nima Honarmand and Nikiforakis, present their work on the first browser-agnostic framework for assessing the vulnerability of modern mobile browsers. By analyzing thousands of mobile browsers and exposing them to tens of thousands …

Michalis and Sekar get $3.5m ONR grant!

gfjgtubvxcbcNews

The latest software development practices can turn out new programs and products in record time. However, with enhanced speed and convenience come “code bloat,” creating a larger attack surface with a proliferation of security vulnerabilities, just waiting for hackers. Recent advances in software development often result in the need for constant system updates or bug fixes. Failure to implement these …

Long gets NSF CAREER proposal!

gfjgtubvxcbcNews

Rethinking Mobile Security in the New Age of App-as-a-Platform Sponsor: National Science Foundation Amount: $500,543 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652205 Congrats Long!

Scott gets new SACMAT paper published

gfjgtubvxcbcNews

“Mining Relationship-Based Access Control Policies.” By Thang Bui (Ph.D. student), Scott D. Stoller (professor), and Jiajie Li (undergraduate). In 22nd ACM Symposium on Access Control Models and Technologies (SACMAT 2017), Indianapolis, June 2017.

3 new papers by Nick: Euro S&P, WWW x 2

gfjgtubvxcbcNews

Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions, Oleksii Starov and Nick Nikiforakis Proceedings of the 26th International World Wide Web Conference (WWW), 2017 What’s in a Name? Understanding Profile Name Reuse on Twitter, Enrico Mariconti, Jeremiah Onaolapo, Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis and Gianluca Stringhini Proceedings of the 26th International World Wide Web …

2 new papers by NSI team (Michalis, Radu) at EuroS&P, PETS !

gfjgtubvxcbcNews

Revisiting Browser Security in the Modern Era: New Data-only Attacks and Defenses Roman Rogowski, Micah Morton, Forrest Li, Kevin Z. Snow, Fabian Monrose, and Michalis Polychronakis. In Proceedings of the 2nd IEEE European Symposium on Security & Privacy (S&P). April 2017, Paris, France Anrin Chakraborti, Chen Chen, Radu Sion, “DataLair: Efficient Block Storage with Plausible Deniability against Multi-Snapshot Adversaries”, Privacy …

Omkant gets two EuroCrypt papers!

gfjgtubvxcbcNews

Sanjam Garg, Susumu Kiyoshima, Omkant Pandey On the Exact Round Complexity of Self-Composable Two-Party Computation EUROCRYPT 2017 Sanjam Garg, Omkant Pandey, Akshayaram Srinivasan, Mark Zhandry Breaking the Sub-Exponential Barrier in Obfustopia EUROCRYPT 2017

Nick receives best paper award from NDSS 2017!

gfjgtubvxcbcNews

Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis, Dial One for Scam: A Large-Scale Analysis of Technical Support Scams After more than one year of work and 3 rejections, getting the Distinguished Paper Award at #NDSS2017 feels nothing short of incredible… pic.twitter.com/oPPPGKHb1w — Nick Nikiforakis (@nicknikiforakis) March 1, 2017

NSI Team (Nick, Long, Michalis) has 3 papers at the S&P Security Symposium!

gfjgtubvxcbcNews

Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64 Yaohui Chen, Dongli Zhang, Ruowen Wang, Ahmed Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen XHOUND: Quantifying the Fingerprintability of Browser Extensions, Oleksii Starov and Nick Nikiforakis to appear in the 38th IEEE Symposium on Security and Privacy (IEEE S&P), 2017 Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts, Najmeh Miramirkhani, …

Professor Scott Stoller and Ph.D. student Thang Bui receive the Best Paper Award

gfjgtubvxcbcNews

Professor Scott Stoller and Ph.D. student Thang Bui received the Best Paper Award from the 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2016) in July 2016, for their paper on “Mining Hierarchical Temporal Roles with Multiple Metrics”. Role mining algorithms have potential to significantly reduce the cost of migration from low-level legacy …

Prof. Nikiforakis receives grant from Data Transparency Lab to build privacy-enhancing tool.

gfjgtubvxcbcNews

PrivacyMeter: Real-time Privacy Quantification for the Web http://www.datatransparencylab.org/grantees2016.html The modern web is home to many online services that request and handle sensitive private information from their users. Previous research has shown how websites may leak user information, either due to poor programming practices, or through the intentional outsourcing of functionality to third-party service. Despite the magnitude of this problem, users …

Professor Omkant Pandey receives 2016 ACM CCS Test-of-Time Award!

gfjgtubvxcbcNews

Professor Omkant Pandey, along with his co-authors Vipul Goyal, Amit Sahai, and Brent Waters, have won the 2016 ACM CCS Test-of-Time Award (Association for Computing Machinery; Computer and Communications Security) for their work on attribute based data encryption. Their paper, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, was one of two selected for the prestigious award. “The Test-of-Time …

Come to Cyber Day on December 12th!

gfjgtubvxcbcNews

Cyber Day brings together experts in cyber security with the greater Stony Brook academic community for an inter-disciplinary dialogue on security and privacy in our digital lives. Join us, present your work, mingle, listen to the talks, or come just for the scenery! https://nationalsecurityinstitute.org/cyberday

Nick Nikiforakis and Nima Honarmand awarded $500k by NSF to study Emerging Attacks Against the Mobile Web

gfjgtubvxcbcNews

TITLE TWC: Small: Emerging Attacks Against the Mobile Web and Novel Proxy Technologies for Their Containment INVESTIGATORS Nick Nikiforakis (Principal Investigator) Nima Honarmand (Co-Principal Investigator) ABSTRACT Users entrust their mobile devices with sensitive data, including business emails, as well as health and financial information. Thus, mobile devices have become an increasingly popular target for attackers. Mobile devices house powerful browsers …

Michalis Polychronakis and Nick Nikiforakis awarded $500k by NSF to combat environment-aware malware.

gfjgtubvxcbcNews

TITLE TWC: Small: Combating Environment-aware Malware INVESTIGATORS Michalis Polychronakis (Principal Investigator) Nick Nikiforakis (Co-Principal Investigator) ABSTRACT Tools for dynamic detection of malicious software (“malware”), such as antivirus software, often create a protected “analysis environment” (or “sandbox”) in which to test suspicious software without risk to the computer system. Malware authors have responded by developing environment-awareness techniques, to enable their malware …

Many of our faculty featured in the news!

gfjgtubvxcbcNews

http://www.theregister.co.uk/2015/10/08/cloudpiercer_tool_lifts_ddos_protection_cloak_from_70_percent_of_sites/ http://www.techrepublic.com/article/ddos-mitigation-may-leave-your-site-even-more-vulnerable/ http://www.scmagazineuk.com/cloudpiercer-tool-discloses-ddos-defence-providers/article/444000/ http://www.wired.com/2015/04/app-hides-secret-messages-starcraft-style-games/ http://www.scmp.com/tech/apps-gaming/article/1775587/anti-censorship-technology-uses-online-video-games-bypass-chinese http://www.cnn.com/2015/10/25/asia/china-war-internet-great-firewall/

Nick Nikiforakis gets multiple paper published in WWW, NDSS, PETS

gfjgtubvxcbcNews

No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells, Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, Nick Nikiforakis to appear in the Proceedings of the 25th International World Wide Web Conference (WWW), 2016 It’s Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services, Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens, Nick …

EuroS&P Paper: Castle: A Video Game-based Covert Channel

gfjgtubvxcbcNews

Castle: A Video Game-based Covert Channel Abstract: The Internet has become a critical communication infrastructure for citizens to organize protests and express dissatisfaction with their governments. This fact has not gone unnoticed, with governments clamping down on this medium via censorship, and circumvention researchers working tirelessly to stay one step ahead. In this paper, we explore a promising new avenue …

$1.6m awarded by NSF to Prof. Long Lu in collaboration with SRI and UIC

gfjgtubvxcbcNews

TITLE MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms ABSTRACT The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services. As a consequence of this …

$3m awarded by NSF to Prof. Phillipa Gill in collaboration with ICSI, the University of New Mexico, and Princeton University.

gfjgtubvxcbcNews

TITLE TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistance ABSTRACT The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established …

4 papers + 1 tutorial at CCS 2015 !

gfjgtubvxcbcNews

================================================= Nick got 3 papers into CCS 2015. Congrats Nick! “The Clock is Still Ticking: Timing Attacks in the Modern Web”, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis “Maneuvering Around Clouds: Bypassing Cloud-based Security Providers”, Thomas Vissers, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis “Drops for Stuff: An Analysis of Reshipping Mule Scams”, Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca …

Scott Stoller and Annie Liu receive $777k from U.S. Navy Office of Naval Research to study Algorithm Diversity for Resilent Systems

gfjgtubvxcbcNews

TITLE Algorithm Diversity for Resilent Systems PIs Scott Stoller, Annie Liu ABSTRACT In cyberspace, as in many other domains, diversity provides resilience and is a robust defense against attacks. Many ways of varying computer programs have been proposed to produce diversity from a given initial program. However, these techniques do not vary the core or essence of a program—the algorithms …

Long Lu receives $400k in collaborative grant by NSF to develop a Comprehensive Understanding of Malware Delivery Mechanisms

gfjgtubvxcbcNews

TITLE Developing a Comprehensive Understanding of Malware Delivery Mechanisms PIs Long Lu in collaboration with SRI and UIC ABSTRACT The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and …

Nick Nikiforakis and Long Lu received $500k from NSF to study Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures

gfjgtubvxcbcNews

Nick Nikiforakis and Long Lu received $500k from NSF to study Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures. ABSTRACT The ability to track users and their online habits is essential to many online businesses, in particular, the advertisement industry. However, when pursued too aggressively, it intrudes on user privacy and even leads to online crimes. Recent research …

Nick Nikiforakis receives $67k from Cyber Research Institute to study Tools and Techniques for Understanding and Detecting Technical Support Scams

gfjgtubvxcbcNews

Nick Nikiforakis receives $67k from Cyber Research Institute to study Tools and Techniques for Understanding and Detecting Technical Support Scams. ABSTRACT One of the most recent and understudied social engineering attacks targeting every day web users are technical support scams. In a technical support scam, potential victims are contacted by scammers who pose as technicians from large software companies. The …

Long Lu receives $512k from NSF to study Enabling Secure and Trustworthy Compartments in Mobile Applications

gfjgtubvxcbcNews

TITLE Enabling Secure and Trustworthy Compartments in Mobile Applications ABSTRACT Society’s dependence on mobile technologies rapidly increases as we entrust mobile applications with more and more private information and capabilities. Existing security research follows a common threat model that treats apps as monolithic entities and only captures attack surface between apps. However, recent research reveals that app internal attacks are …

Don Porter and Radu Sion receive $500k in collaborative international research to study Practical Plausibly Deniable Encryption through Low-Level Storage Device Behavior

gfjgtubvxcbcNews

TITLE Practical Plausibly Deniable Encryption through Low-Level Storage Device Behavior PIs Don Porter and Radu Sion, Stony Brook Dan Tsafrir, Technion ABSTRACT This project leverages low-level characteristics of flash and other emergent persistent memories to hide data with plausible deniability, improving performance and capacity over the state of the art. Plausibly deniable encryption is the ability to hide that a …

Radu Sion receives $500k from NSF in collaborative study with FIU to study Hardware-Enforced Information Authentication for Mobile Systems

gfjgtubvxcbcNews

TITLE Sensorprint: Hardware-Enforced Information Authentication for Mobile Systems PIs Radu Sion, Stony Brook Bogdan Carbunar, FIU ABSTRACT Today’s societies are intrinsically and inextricably fused through a vast set of technology-driven networks, mostly mobile-based. Individuals equipped with feature-rich mobile devices effectively become the real-time eyes of the rest of the world, providing invaluable insights into remote, hard to access sites and …

Phillipa Gill awarded $173k in collaborative research (with Alberto Dainotti) on Detecting and Characterizing Internet Traffic Interception based on BGP Hijacking

gfjgtubvxcbcNews

TITLE TWC: TTP Option: Small: Collaborative: Detecting and Characterizing Internet Traffic Interception Based on BGP Hijacking ABSTRACT Recent reports have highlighted incidents of massive Internet traffic interception executed by re-routing Border Gateway Protocol (BGP) paths across the globe (affecting banks, governments, entire network service providers, etc.). The potential impact of these attacks can range from massive eavesdropping to identity-spoofing or …

Scott Stoller awarded $341k To Explore Trustworthy Access Control Policies

gfjgtubvxcbcNews

TITLE TWC: Small: Towards Trustworthy Access Control Policies ABSTRACT Getting access control policies right is challenging, especially in large organizations. This project is developing techniques and tools to support efficient and trustworthy administration of Attribute-Based Access Control (ABAC) policies. ABAC is a flexible, high-level, and increasingly popular security policy framework. ABAC promises long-term cost savings through reduced administrative effort, but …

IARPA Cyber-attack Automated Unconventional Sensor Environment (CAUSE)

gfjgtubvxcbcFunding

The IARPA Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program seeks to develop cyber-attack forecasting methods and detect emerging cyber phenomena to assist cyber defenders with the earliest detection of a cyber-attack (e.g., Distributed Denial of Service (DDoS), successful spearphishing, successful drive-by, remote exploitation, unauthorized access, reconnaissance). The CAUSE Program aims to develop and validate unconventional multi-disciplined sensor technology (e.g., actor …

DARPA-BAA-15-15: Transparent Computing (TC)

gfjgtubvxcbcFunding

DARPA is soliciting innovative research proposals in the area of understanding complex distributed computing environments towards exposing and stopping advanced cyber adversaries (also referred to as Advanced Persistent Threats, or APTs). The Transparent Computing (TC) program aims to make currently opaque computing systems transparent by providing high-fidelity visibility into component interactions during system operation across all layers of software abstraction, …

Air Force Research Laboratory

gfjgtubvxcbcFunding

The Air Force Research Laboratory invites whitepapers to support Innovative Approaches for Applied Projects in Four Research Areas of Information Science and Technology: · Autonomy, C2 Planning, and Decision Support; · Processing and Exploitation; · Cyber Science and Technology; and, · Connectivity and Dissemination. Approximately $2 million may be made available to support multiple awards. Eligibility is unrestricted domestically. Whitepapers …

DARPA 2014

gfjgtubvxcbcFunding

CFAR https://www.fbo.gov/index?s=opportunity&mode=form&id=43b09e88c3b8289cb4cbf63b402f46c5&tab=core&_cview=1 “Binary Transformation (TA-1) systems will transform Applications to Defend (ATDs) into variants with diverse binary structures. The Cyber Fault Tolerant Architecture (TA-2) will run multiple variants in parallel and compare their behaviors regularly. The variants should behave differently when attacked. The system will react to attacks by restarting with new variants.” SafeWare https://www.fbo.gov/index?s=opportunity&mode=form&id=a303af332a90b1e84fdb91d7dd382396&tab=core&_cview=0 “The goal of the SafeWare …

Sumeet Bajaj PhD Defense: Sumeet Bajaj,”Regulatory Compliance in Data Management”

gfjgtubvxcbcNews

Achieving Regulatory Compliance in Data Management Sumeet Vijay Bajaj 11:15am CSE2311 Regulations mandate consistent procedures for information access, processing, and storage. In the United States alone, over 10,000 data management regulations exist in the financial, life sciences, health care and government sectors. A recurrent theme in data management regulations is the need for regulatory compliant storage to ensure data confidentiality, …

L. Akoglu and Y. Choi NSF-awarded $600,000 to fight opinion fraud!

gfjgtubvxcbcNews

III: Medium: Collaborative Research: Collective Opinion Fraud Detection: Identifying and Integrating Cues from Language, Behavior, and Networks Given user reviews on Web sites such as Yelp, Amazon, and TripAdvisor, which ones should one trust? Online reviews have become an important resource for public opinion sharing. They influence our decisions over an extremely wide spectrum of daily and professional activities: e.g., …

Long Lu was awarded $500k by the National Science Foundation

gfjgtubvxcbcNews

Enabling Secure and Trustworthy Compartments in Mobile Applications Society’s dependence on mobile technologies rapidly increases as we entrust mobile applications with more and more private information and capabilities. Existing security research follows a common threat model that treats apps as monolithic entities and only captures attack surface between apps. However, recent research reveals that app internal attacks are emerging quickly …