We have 4 papers published at NDSS 2019! (Nick, Michalis, Nima, Anrin, Meng, Pierre, Radu)

gfjgtubvxcbc News

ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAM Anrin Chakraborti and Radu Sion (Stony Brook University) Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation Panagiotis Papadopoulos (FORTH-ICS, Greece); Panagiotis Ilia (FORTH-ICS); Michalis Polychronakis (Stony Brook University, USA); Evangelos Markatos, Sotiris Ioannidis, and Giorgos Vasiliadis (FORTH-ICS, Greece) Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support …

Amir and collaborators receive best paper award!

gfjgtubvxcbc News

Tyche: A new permission model to defend against smart home hacks With the use of many integrated smart devices, an app-driven home environment is now a reality. But this young technology faces many new challenges, in particular, how users grant apps permissions to operations on devices. Prompting user for permission to every individual operation can cause usability issues (too many …

Amir’s paper on Confusing Self-Driving Cars made it to Wired, Engadget, Car and Driver, CNET, Fortune and many others!

gfjgtubvxcbc News

“Robust Physical-World Attacks on Deep Learning Models”, Ivan Evtimov, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash, Amir Rahmati, Dawn Song (alphabetical order) (arXiv:1707.08945) [IEEE Spectrum] http://spectrum.ieee.org/cars-that-think/transportation/sensors/slight-street-sign-modifications-can-fool-machine-learning-algorithms [Yahoo News] https://sg.news.yahoo.com/researchers-demonstrate-limits-driverless-car-technology-151138885.html [Wired] https://www.wired.com/story/security-news-august-5-2017 [Engagdet] https://www.engadget.com/2017/08/06/altered-street-signs-confuse-self-driving-cars/ [Telegraph] http://www.telegraph.co.uk/technology/2017/08/07/graffiti-road-signs-could-trick-driverless-cars-driving-dangerously/ [Car and Driver] http://blog.caranddriver.com/researchers-find-a-malicious-way-to-meddle-with-autonomous-cars/ [CNET] https://www.cnet.com/roadshow/news/it-is-surprisingly-easy-to-bamboozle-a-self-driving-car/ [Digital Trends] https://www.digitaltrends.com/cars/self-driving-cars-confuse-stickers-signs/ [SCMagazine] https://www.scmagazine.com/subtle-manipulation-of-street-signs-can-fool-self-driving-cars-researchers-report/article/680146/ [Schneier on Security] https://www.schneier.com/blog/archives/2017/08/confusing_self.html [Ars Technica] https://arstechnica.com/cars/2017/09/hacking-street-signs-with-stickers-could-confuse-self-driving-cars/?amp=3D1 [Fortune] http://fortune.com/2017/09/02/researchers-show-how-simple-stickers-could-trick-self-driving-cars/

Amir gets papers in NDSS and MobiSys

gfjgtubvxcbc News

“Decentralized Action Integrity for Trigger-Action IoT Platforms”, Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, Atul Prakash, In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS’18). San Diego, CA, February 2018. “Heimdall: A Privacy-Respecting Implicit Preference Col lection Framework”, Amir Rahmati, Earlence Fernandes, Kevin Eykholt, Xinheng Chen, Atul Prakash, In the 15th ACM International Conference on Mobile Systems, Applications, …

Michalis got papers in Oakland, ACSAC, EuroS&P, and NDSS!

gfjgtubvxcbc News

Protecting COTS Binaries from Disclosure-guided Code Reuse Attacks Mingwei Zhang, Michalis Polychronakis, and R. Sekar. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC). December 2017, Orlando, FL. Compiler-assisted Code Randomization Hyungjoon Koo, Yaohui Chen, Long Lu, Vasileios P. Kemerlis and Michalis Polychronakis. To appear in Proceedings of the 39th IEEE Symposium on Security & Privacy (S&P). May …

Scott publishes two papers in DBSec and JCS

gfjgtubvxcbc News

Thang Bui, Scott D. Stoller, and Shikhar Sharma. Fast Distributed Evaluation of Stateful Attribute-Based Access Control Policies. In Proceedings of the 31st Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2017). Lecture Notes in Computer Science. Springer-Verlag, 2017 Scott D. Stoller and Thang Bui. Mining Hierarchical Temporal Roles with Multiple Metrics. Journal of Computer …

Omkant gets papers in Crypto and EuroCrypt!

gfjgtubvxcbc News

Incremental Program Obfuscation Sanjam Garg, Omkant Pandey CRYPTO 17 A New Approach To Black-Box Concurrent Secure Computation Sanjam Garg, Susumu Kiyoshima, Omkant Pandey EUROCRYPT 18

Nick gets 3 papers in WWW !

gfjgtubvxcbc News

Panning for gold.com: Understanding the dynamics of domain dropcatching, Najmeh Miramirkhani, Timothy Barron, Michael Ferdman, and Nick Nikiforakis to appear in the Web Conference (WWW), 2018 Abstract An event that is rarely considered by technical users and laymen alike is that of a domain name expiration. The massive growth in the registration of domain names is followed by daily, equally …

Nick gets 3 papers into CCS!

gfjgtubvxcbc News

https://www.cs.stonybrook.edu/about-us/News/Trifecta-PragSec-Lab-Three-papers-accepted-ACM-security-conference In their first paper titled Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers doctoral researchers Meng Luo and Oleksii Starov, guided by Assistant Professor Nima Honarmand and Nikiforakis, present their work on the first browser-agnostic framework for assessing the vulnerability of modern mobile browsers. By analyzing thousands of mobile browsers and exposing them to tens of thousands …

Michalis and Sekar get $3.5m ONR grant!

gfjgtubvxcbc News

The latest software development practices can turn out new programs and products in record time. However, with enhanced speed and convenience come “code bloat,” creating a larger attack surface with a proliferation of security vulnerabilities, just waiting for hackers. Recent advances in software development often result in the need for constant system updates or bug fixes. Failure to implement these …

Long gets NSF CAREER proposal!

gfjgtubvxcbc News

Rethinking Mobile Security in the New Age of App-as-a-Platform Sponsor: National Science Foundation Amount: $500,543 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652205 Congrats Long!

Scott gets new SACMAT paper published

gfjgtubvxcbc News

“Mining Relationship-Based Access Control Policies.” By Thang Bui (Ph.D. student), Scott D. Stoller (professor), and Jiajie Li (undergraduate). In 22nd ACM Symposium on Access Control Models and Technologies (SACMAT 2017), Indianapolis, June 2017.

3 new papers by Nick: Euro S&P, WWW x 2

gfjgtubvxcbc News

Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions, Oleksii Starov and Nick Nikiforakis Proceedings of the 26th International World Wide Web Conference (WWW), 2017 What’s in a Name? Understanding Profile Name Reuse on Twitter, Enrico Mariconti, Jeremiah Onaolapo, Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis and Gianluca Stringhini Proceedings of the 26th International World Wide Web …

2 new papers by NSI team (Michalis, Radu) at EuroS&P, PETS !

gfjgtubvxcbc News

Revisiting Browser Security in the Modern Era: New Data-only Attacks and Defenses Roman Rogowski, Micah Morton, Forrest Li, Kevin Z. Snow, Fabian Monrose, and Michalis Polychronakis. In Proceedings of the 2nd IEEE European Symposium on Security & Privacy (S&P). April 2017, Paris, France Anrin Chakraborti, Chen Chen, Radu Sion, “DataLair: Efficient Block Storage with Plausible Deniability against Multi-Snapshot Adversaries”, Privacy …

Omkant gets two EuroCrypt papers!

gfjgtubvxcbc News

Sanjam Garg, Susumu Kiyoshima, Omkant Pandey On the Exact Round Complexity of Self-Composable Two-Party Computation EUROCRYPT 2017 Sanjam Garg, Omkant Pandey, Akshayaram Srinivasan, Mark Zhandry Breaking the Sub-Exponential Barrier in Obfustopia EUROCRYPT 2017

Nick receives best paper award from NDSS 2017!

gfjgtubvxcbc News

Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis, Dial One for Scam: A Large-Scale Analysis of Technical Support Scams After more than one year of work and 3 rejections, getting the Distinguished Paper Award at #NDSS2017 feels nothing short of incredible… pic.twitter.com/oPPPGKHb1w — Nick Nikiforakis (@nicknikiforakis) March 1, 2017

NSI Team (Nick, Long, Michalis) has 3 papers at the S&P Security Symposium!

gfjgtubvxcbc News

Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64 Yaohui Chen, Dongli Zhang, Ruowen Wang, Ahmed Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen XHOUND: Quantifying the Fingerprintability of Browser Extensions, Oleksii Starov and Nick Nikiforakis to appear in the 38th IEEE Symposium on Security and Privacy (IEEE S&P), 2017 Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts, Najmeh Miramirkhani, …

Professor Scott Stoller and Ph.D. student Thang Bui receive the Best Paper Award

gfjgtubvxcbc News

Professor Scott Stoller and Ph.D. student Thang Bui received the Best Paper Award from the 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2016) in July 2016, for their paper on “Mining Hierarchical Temporal Roles with Multiple Metrics”. Role mining algorithms have potential to significantly reduce the cost of migration from low-level legacy …

Prof. Nikiforakis receives grant from Data Transparency Lab to build privacy-enhancing tool.

gfjgtubvxcbc News

PrivacyMeter: Real-time Privacy Quantification for the Web http://www.datatransparencylab.org/grantees2016.html The modern web is home to many online services that request and handle sensitive private information from their users. Previous research has shown how websites may leak user information, either due to poor programming practices, or through the intentional outsourcing of functionality to third-party service. Despite the magnitude of this problem, users …

Professor Omkant Pandey receives 2016 ACM CCS Test-of-Time Award!

gfjgtubvxcbc News

Professor Omkant Pandey, along with his co-authors Vipul Goyal, Amit Sahai, and Brent Waters, have won the 2016 ACM CCS Test-of-Time Award (Association for Computing Machinery; Computer and Communications Security) for their work on attribute based data encryption. Their paper, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, was one of two selected for the prestigious award. “The Test-of-Time …

Come to Cyber Day on December 12th!

gfjgtubvxcbc News

Cyber Day brings together experts in cyber security with the greater Stony Brook academic community for an inter-disciplinary dialogue on security and privacy in our digital lives. Join us, present your work, mingle, listen to the talks, or come just for the scenery! https://nationalsecurityinstitute.org/cyberday

Nick Nikiforakis and Nima Honarmand awarded $500k by NSF to study Emerging Attacks Against the Mobile Web

gfjgtubvxcbc News

TITLE TWC: Small: Emerging Attacks Against the Mobile Web and Novel Proxy Technologies for Their Containment INVESTIGATORS Nick Nikiforakis (Principal Investigator) Nima Honarmand (Co-Principal Investigator) ABSTRACT Users entrust their mobile devices with sensitive data, including business emails, as well as health and financial information. Thus, mobile devices have become an increasingly popular target for attackers. Mobile devices house powerful browsers …

Michalis Polychronakis and Nick Nikiforakis awarded $500k by NSF to combat environment-aware malware.

gfjgtubvxcbc News

TITLE TWC: Small: Combating Environment-aware Malware INVESTIGATORS Michalis Polychronakis (Principal Investigator) Nick Nikiforakis (Co-Principal Investigator) ABSTRACT Tools for dynamic detection of malicious software (“malware”), such as antivirus software, often create a protected “analysis environment” (or “sandbox”) in which to test suspicious software without risk to the computer system. Malware authors have responded by developing environment-awareness techniques, to enable their malware …

Long Lu’s papers to appear in IEEE S&P and ACM MobiSys

long News

Shreds: Fine-grained Execution Units with Private Memory Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P/Oakland’16).[acceptance rate 13.3% = 55/413] CASE: Comprehensive Application Security Enforcement on COTS Mobile Devices Suwen Zhu, Long Lu, Kapil Singh In Proceedings of the 14th International Conference on Mobile Systems, Applications, and Services (MobiSys …

Many of our faculty featured in the news!

gfjgtubvxcbc News

http://www.theregister.co.uk/2015/10/08/cloudpiercer_tool_lifts_ddos_protection_cloak_from_70_percent_of_sites/ http://www.techrepublic.com/article/ddos-mitigation-may-leave-your-site-even-more-vulnerable/ http://www.scmagazineuk.com/cloudpiercer-tool-discloses-ddos-defence-providers/article/444000/ http://www.wired.com/2015/04/app-hides-secret-messages-starcraft-style-games/ http://www.scmp.com/tech/apps-gaming/article/1775587/anti-censorship-technology-uses-online-video-games-bypass-chinese http://www.cnn.com/2015/10/25/asia/china-war-internet-great-firewall/

Nick Nikiforakis gets multiple paper published in WWW, NDSS, PETS

gfjgtubvxcbc News

No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells, Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, Nick Nikiforakis to appear in the Proceedings of the 25th International World Wide Web Conference (WWW), 2016 It’s Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services, Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens, Nick …

EuroS&P Paper: Castle: A Video Game-based Covert Channel

gfjgtubvxcbc News

Castle: A Video Game-based Covert Channel Abstract: The Internet has become a critical communication infrastructure for citizens to organize protests and express dissatisfaction with their governments. This fact has not gone unnoticed, with governments clamping down on this medium via censorship, and circumvention researchers working tirelessly to stay one step ahead. In this paper, we explore a promising new avenue …

$1.6m awarded by NSF to Prof. Long Lu in collaboration with SRI and UIC

gfjgtubvxcbc News

TITLE MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms ABSTRACT The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services. As a consequence of this …

$3m awarded by NSF to Prof. Phillipa Gill in collaboration with ICSI, the University of New Mexico, and Princeton University.

gfjgtubvxcbc News

TITLE TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistance ABSTRACT The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established …

4 papers + 1 tutorial at CCS 2015 !

gfjgtubvxcbc News

================================================= Nick got 3 papers into CCS 2015. Congrats Nick! “The Clock is Still Ticking: Timing Attacks in the Modern Web”, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis “Maneuvering Around Clouds: Bypassing Cloud-based Security Providers”, Thomas Vissers, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis “Drops for Stuff: An Analysis of Reshipping Mule Scams”, Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca …

Scott Stoller and Annie Liu receive $777k from U.S. Navy Office of Naval Research to study Algorithm Diversity for Resilent Systems

gfjgtubvxcbc News

TITLE Algorithm Diversity for Resilent Systems PIs Scott Stoller, Annie Liu ABSTRACT In cyberspace, as in many other domains, diversity provides resilience and is a robust defense against attacks. Many ways of varying computer programs have been proposed to produce diversity from a given initial program. However, these techniques do not vary the core or essence of a program—the algorithms …

Long Lu receives $400k in collaborative grant by NSF to develop a Comprehensive Understanding of Malware Delivery Mechanisms

gfjgtubvxcbc News

TITLE Developing a Comprehensive Understanding of Malware Delivery Mechanisms PIs Long Lu in collaboration with SRI and UIC ABSTRACT The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and …

Nick Nikiforakis and Long Lu received $500k from NSF to study Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures

gfjgtubvxcbc News

Nick Nikiforakis and Long Lu received $500k from NSF to study Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures. ABSTRACT The ability to track users and their online habits is essential to many online businesses, in particular, the advertisement industry. However, when pursued too aggressively, it intrudes on user privacy and even leads to online crimes. Recent research …

Nick Nikiforakis receives $67k from Cyber Research Institute to study Tools and Techniques for Understanding and Detecting Technical Support Scams

gfjgtubvxcbc News

Nick Nikiforakis receives $67k from Cyber Research Institute to study Tools and Techniques for Understanding and Detecting Technical Support Scams. ABSTRACT One of the most recent and understudied social engineering attacks targeting every day web users are technical support scams. In a technical support scam, potential victims are contacted by scammers who pose as technicians from large software companies. The …

Long Lu receives $512k from NSF to study Enabling Secure and Trustworthy Compartments in Mobile Applications

gfjgtubvxcbc News

TITLE Enabling Secure and Trustworthy Compartments in Mobile Applications ABSTRACT Society’s dependence on mobile technologies rapidly increases as we entrust mobile applications with more and more private information and capabilities. Existing security research follows a common threat model that treats apps as monolithic entities and only captures attack surface between apps. However, recent research reveals that app internal attacks are …

Don Porter and Radu Sion receive $500k in collaborative international research to study Practical Plausibly Deniable Encryption through Low-Level Storage Device Behavior

gfjgtubvxcbc News

TITLE Practical Plausibly Deniable Encryption through Low-Level Storage Device Behavior PIs Don Porter and Radu Sion, Stony Brook Dan Tsafrir, Technion ABSTRACT This project leverages low-level characteristics of flash and other emergent persistent memories to hide data with plausible deniability, improving performance and capacity over the state of the art. Plausibly deniable encryption is the ability to hide that a …

Radu Sion receives $500k from NSF in collaborative study with FIU to study Hardware-Enforced Information Authentication for Mobile Systems

gfjgtubvxcbc News

TITLE Sensorprint: Hardware-Enforced Information Authentication for Mobile Systems PIs Radu Sion, Stony Brook Bogdan Carbunar, FIU ABSTRACT Today’s societies are intrinsically and inextricably fused through a vast set of technology-driven networks, mostly mobile-based. Individuals equipped with feature-rich mobile devices effectively become the real-time eyes of the rest of the world, providing invaluable insights into remote, hard to access sites and …

Polychronakis, Lu, and Sekar Awarded $821k by ONR

long News

NSI researchers, Michalis Polychronakis, Long Lu, and R. Sekar, were awarded $821,836 by the Office of Naval Research, for their collaborative research project named “Software Diversification for Attack Prevention and Forecasting”.

Phillipa Gill awarded $173k in collaborative research (with Alberto Dainotti) on Detecting and Characterizing Internet Traffic Interception based on BGP Hijacking

gfjgtubvxcbc News

TITLE TWC: TTP Option: Small: Collaborative: Detecting and Characterizing Internet Traffic Interception Based on BGP Hijacking ABSTRACT Recent reports have highlighted incidents of massive Internet traffic interception executed by re-routing Border Gateway Protocol (BGP) paths across the globe (affecting banks, governments, entire network service providers, etc.). The potential impact of these attacks can range from massive eavesdropping to identity-spoofing or …

Scott Stoller awarded $341k To Explore Trustworthy Access Control Policies

gfjgtubvxcbc News

TITLE TWC: Small: Towards Trustworthy Access Control Policies ABSTRACT Getting access control policies right is challenging, especially in large organizations. This project is developing techniques and tools to support efficient and trustworthy administration of Attribute-Based Access Control (ABAC) policies. ABAC is a flexible, high-level, and increasingly popular security policy framework. ABAC promises long-term cost savings through reduced administrative effort, but …

Five papers accepted at NDSS 2015

nick News

Five of of our recent work was accepted at NDSS 2015:   Parking Sensors: Analyzing and Detecting Parked Domains, Thomas Vissers, Wouter Joosen, Nick Nikiforakis Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse, Pieter Agten, Wouter Joosen, Frank Piessens, Nick Nikiforakis Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting Kangjie …

Sumeet Bajaj PhD Defense: Sumeet Bajaj,”Regulatory Compliance in Data Management”

gfjgtubvxcbc News

Achieving Regulatory Compliance in Data Management Sumeet Vijay Bajaj 11:15am CSE2311 Regulations mandate consistent procedures for information access, processing, and storage. In the United States alone, over 10,000 data management regulations exist in the financial, life sciences, health care and government sectors. A recurrent theme in data management regulations is the need for regulatory compliant storage to ensure data confidentiality, …

L. Akoglu and Y. Choi NSF-awarded $600,000 to fight opinion fraud!

gfjgtubvxcbc News

III: Medium: Collaborative Research: Collective Opinion Fraud Detection: Identifying and Integrating Cues from Language, Behavior, and Networks Given user reviews on Web sites such as Yelp, Amazon, and TripAdvisor, which ones should one trust? Online reviews have become an important resource for public opinion sharing. They influence our decisions over an extremely wide spectrum of daily and professional activities: e.g., …

Long Lu was awarded $500k by the National Science Foundation

gfjgtubvxcbc News

Enabling Secure and Trustworthy Compartments in Mobile Applications Society’s dependence on mobile technologies rapidly increases as we entrust mobile applications with more and more private information and capabilities. Existing security research follows a common threat model that treats apps as monolithic entities and only captures attack surface between apps. However, recent research reveals that app internal attacks are emerging quickly …

Annie Liu and Scott Stoller Awarded $1.5M from NSF

radusion News

Yanhong Annie Liu and Scott Stoller, professors in the Department of Computer Science at Stony Brook University, have been awarded $1.5 million from the National Science Foundation for their research project “From Clarity to Efficiency for Distributed Algorithms.” The funding is a four-year computing and communication foundations grant following a two-year exploratory research grant. Liu has been doing research on …