Long gets NSF CAREER proposal!

gfjgtubvxcbc News

Rethinking Mobile Security in the New Age of App-as-a-Platform Sponsor: National Science Foundation Amount: $500,543 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652205 Congrats Long!

Scott gets new SACMAT paper published

gfjgtubvxcbc News

“Mining Relationship-Based Access Control Policies.” By Thang Bui (Ph.D. student), Scott D. Stoller (professor), and Jiajie Li (undergraduate). In 22nd ACM Symposium on Access Control Models and Technologies (SACMAT 2017), Indianapolis, June 2017.

3 new papers by Nick: Euro S&P, WWW x 2

gfjgtubvxcbc News

Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions, Oleksii Starov and Nick Nikiforakis Proceedings of the 26th International World Wide Web Conference (WWW), 2017 What’s in a Name? Understanding Profile Name Reuse on Twitter, Enrico Mariconti, Jeremiah Onaolapo, Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis and Gianluca Stringhini Proceedings of the 26th International World Wide Web …

2 new papers by NSI team (Michalis, Radu) at EuroS&P, PETS !

gfjgtubvxcbc News

Revisiting Browser Security in the Modern Era: New Data-only Attacks and Defenses Roman Rogowski, Micah Morton, Forrest Li, Kevin Z. Snow, Fabian Monrose, and Michalis Polychronakis. In Proceedings of the 2nd IEEE European Symposium on Security & Privacy (S&P). April 2017, Paris, France Anrin Chakraborti, Chen Chen, Radu Sion, “DataLair: Efficient Block Storage with Plausible Deniability against Multi-Snapshot Adversaries”, Privacy …

Omkant gets two EuroCrypt papers!

gfjgtubvxcbc News

Sanjam Garg, Susumu Kiyoshima, Omkant Pandey On the Exact Round Complexity of Self-Composable Two-Party Computation EUROCRYPT 2017 Sanjam Garg, Omkant Pandey, Akshayaram Srinivasan, Mark Zhandry Breaking the Sub-Exponential Barrier in Obfustopia EUROCRYPT 2017

Nick receives best paper award from NDSS 2017!

gfjgtubvxcbc News

Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis, Dial One for Scam: A Large-Scale Analysis of Technical Support Scams After more than one year of work and 3 rejections, getting the Distinguished Paper Award at #NDSS2017 feels nothing short of incredible… pic.twitter.com/oPPPGKHb1w — Nick Nikiforakis (@nicknikiforakis) March 1, 2017

NSI Team (Nick, Long, Michalis) has 3 papers at the S&P Security Symposium!

gfjgtubvxcbc News

Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64 Yaohui Chen, Dongli Zhang, Ruowen Wang, Ahmed Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen XHOUND: Quantifying the Fingerprintability of Browser Extensions, Oleksii Starov and Nick Nikiforakis to appear in the 38th IEEE Symposium on Security and Privacy (IEEE S&P), 2017 Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts, Najmeh Miramirkhani, …

Professor Scott Stoller and Ph.D. student Thang Bui receive the Best Paper Award

gfjgtubvxcbc News

Professor Scott Stoller and Ph.D. student Thang Bui received the Best Paper Award from the 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2016) in July 2016, for their paper on “Mining Hierarchical Temporal Roles with Multiple Metrics”. Role mining algorithms have potential to significantly reduce the cost of migration from low-level legacy …

Prof. Nikiforakis receives grant from Data Transparency Lab to build privacy-enhancing tool.

gfjgtubvxcbc News

PrivacyMeter: Real-time Privacy Quantification for the Web http://www.datatransparencylab.org/grantees2016.html The modern web is home to many online services that request and handle sensitive private information from their users. Previous research has shown how websites may leak user information, either due to poor programming practices, or through the intentional outsourcing of functionality to third-party service. Despite the magnitude of this problem, users …

Professor Omkant Pandey receives 2016 ACM CCS Test-of-Time Award!

gfjgtubvxcbc News

Professor Omkant Pandey, along with his co-authors Vipul Goyal, Amit Sahai, and Brent Waters, have won the 2016 ACM CCS Test-of-Time Award (Association for Computing Machinery; Computer and Communications Security) for their work on attribute based data encryption. Their paper, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, was one of two selected for the prestigious award. “The Test-of-Time …

Come to Cyber Day on December 12th!

gfjgtubvxcbc News

Cyber Day brings together experts in cyber security with the greater Stony Brook academic community for an inter-disciplinary dialogue on security and privacy in our digital lives. Join us, present your work, mingle, listen to the talks, or come just for the scenery! https://nationalsecurityinstitute.org/cyberday

Nick Nikiforakis and Nima Honarmand awarded $500k by NSF to study Emerging Attacks Against the Mobile Web

gfjgtubvxcbc News

TITLE TWC: Small: Emerging Attacks Against the Mobile Web and Novel Proxy Technologies for Their Containment INVESTIGATORS Nick Nikiforakis (Principal Investigator) Nima Honarmand (Co-Principal Investigator) ABSTRACT Users entrust their mobile devices with sensitive data, including business emails, as well as health and financial information. Thus, mobile devices have become an increasingly popular target for attackers. Mobile devices house powerful browsers …

Michalis Polychronakis and Nick Nikiforakis awarded $500k by NSF to combat environment-aware malware.

gfjgtubvxcbc News

TITLE TWC: Small: Combating Environment-aware Malware INVESTIGATORS Michalis Polychronakis (Principal Investigator) Nick Nikiforakis (Co-Principal Investigator) ABSTRACT Tools for dynamic detection of malicious software (“malware”), such as antivirus software, often create a protected “analysis environment” (or “sandbox”) in which to test suspicious software without risk to the computer system. Malware authors have responded by developing environment-awareness techniques, to enable their malware …

Long Lu’s papers to appear in IEEE S&P and ACM MobiSys

long News

Shreds: Fine-grained Execution Units with Private Memory Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P/Oakland’16).[acceptance rate 13.3% = 55/413] CASE: Comprehensive Application Security Enforcement on COTS Mobile Devices Suwen Zhu, Long Lu, Kapil Singh In Proceedings of the 14th International Conference on Mobile Systems, Applications, and Services (MobiSys …

Many of our faculty featured in the news!

gfjgtubvxcbc News

http://www.theregister.co.uk/2015/10/08/cloudpiercer_tool_lifts_ddos_protection_cloak_from_70_percent_of_sites/ http://www.techrepublic.com/article/ddos-mitigation-may-leave-your-site-even-more-vulnerable/ http://www.scmagazineuk.com/cloudpiercer-tool-discloses-ddos-defence-providers/article/444000/ http://www.wired.com/2015/04/app-hides-secret-messages-starcraft-style-games/ http://www.scmp.com/tech/apps-gaming/article/1775587/anti-censorship-technology-uses-online-video-games-bypass-chinese http://www.cnn.com/2015/10/25/asia/china-war-internet-great-firewall/

Nick Nikiforakis gets multiple paper published in WWW, NDSS, PETS

gfjgtubvxcbc News

No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells, Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, Nick Nikiforakis to appear in the Proceedings of the 25th International World Wide Web Conference (WWW), 2016 It’s Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services, Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens, Nick …

EuroS&P Paper: Castle: A Video Game-based Covert Channel

gfjgtubvxcbc News

Castle: A Video Game-based Covert Channel Abstract: The Internet has become a critical communication infrastructure for citizens to organize protests and express dissatisfaction with their governments. This fact has not gone unnoticed, with governments clamping down on this medium via censorship, and circumvention researchers working tirelessly to stay one step ahead. In this paper, we explore a promising new avenue …

$1.6m awarded by NSF to Prof. Long Lu in collaboration with SRI and UIC

gfjgtubvxcbc News

TITLE MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms ABSTRACT The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services. As a consequence of this …

$3m awarded by NSF to Prof. Phillipa Gill in collaboration with ICSI, the University of New Mexico, and Princeton University.

gfjgtubvxcbc News

TITLE TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistance ABSTRACT The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established …

4 papers + 1 tutorial at CCS 2015 !

gfjgtubvxcbc News

================================================= Nick got 3 papers into CCS 2015. Congrats Nick! “The Clock is Still Ticking: Timing Attacks in the Modern Web”, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis “Maneuvering Around Clouds: Bypassing Cloud-based Security Providers”, Thomas Vissers, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis “Drops for Stuff: An Analysis of Reshipping Mule Scams”, Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca …

Scott Stoller and Annie Liu receive $777k from U.S. Navy Office of Naval Research to study Algorithm Diversity for Resilent Systems

gfjgtubvxcbc News

TITLE Algorithm Diversity for Resilent Systems PIs Scott Stoller, Annie Liu ABSTRACT In cyberspace, as in many other domains, diversity provides resilience and is a robust defense against attacks. Many ways of varying computer programs have been proposed to produce diversity from a given initial program. However, these techniques do not vary the core or essence of a program—the algorithms …

Long Lu receives $400k in collaborative grant by NSF to develop a Comprehensive Understanding of Malware Delivery Mechanisms

gfjgtubvxcbc News

TITLE Developing a Comprehensive Understanding of Malware Delivery Mechanisms PIs Long Lu in collaboration with SRI and UIC ABSTRACT The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and …

Nick Nikiforakis and Long Lu received $500k from NSF to study Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures

gfjgtubvxcbc News

Nick Nikiforakis and Long Lu received $500k from NSF to study Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures. ABSTRACT The ability to track users and their online habits is essential to many online businesses, in particular, the advertisement industry. However, when pursued too aggressively, it intrudes on user privacy and even leads to online crimes. Recent research …

Nick Nikiforakis receives $67k from Cyber Research Institute to study Tools and Techniques for Understanding and Detecting Technical Support Scams

gfjgtubvxcbc News

Nick Nikiforakis receives $67k from Cyber Research Institute to study Tools and Techniques for Understanding and Detecting Technical Support Scams. ABSTRACT One of the most recent and understudied social engineering attacks targeting every day web users are technical support scams. In a technical support scam, potential victims are contacted by scammers who pose as technicians from large software companies. The …

Long Lu receives $512k from NSF to study Enabling Secure and Trustworthy Compartments in Mobile Applications

gfjgtubvxcbc News

TITLE Enabling Secure and Trustworthy Compartments in Mobile Applications ABSTRACT Society’s dependence on mobile technologies rapidly increases as we entrust mobile applications with more and more private information and capabilities. Existing security research follows a common threat model that treats apps as monolithic entities and only captures attack surface between apps. However, recent research reveals that app internal attacks are …

Don Porter and Radu Sion receive $500k in collaborative international research to study Practical Plausibly Deniable Encryption through Low-Level Storage Device Behavior

gfjgtubvxcbc News

TITLE Practical Plausibly Deniable Encryption through Low-Level Storage Device Behavior PIs Don Porter and Radu Sion, Stony Brook Dan Tsafrir, Technion ABSTRACT This project leverages low-level characteristics of flash and other emergent persistent memories to hide data with plausible deniability, improving performance and capacity over the state of the art. Plausibly deniable encryption is the ability to hide that a …

Radu Sion receives $500k from NSF in collaborative study with FIU to study Hardware-Enforced Information Authentication for Mobile Systems

gfjgtubvxcbc News

TITLE Sensorprint: Hardware-Enforced Information Authentication for Mobile Systems PIs Radu Sion, Stony Brook Bogdan Carbunar, FIU ABSTRACT Today’s societies are intrinsically and inextricably fused through a vast set of technology-driven networks, mostly mobile-based. Individuals equipped with feature-rich mobile devices effectively become the real-time eyes of the rest of the world, providing invaluable insights into remote, hard to access sites and …

Polychronakis, Lu, and Sekar Awarded $821k by ONR

long News

NSI researchers, Michalis Polychronakis, Long Lu, and R. Sekar, were awarded $821,836 by the Office of Naval Research, for their collaborative research project named “Software Diversification for Attack Prevention and Forecasting”.

Phillipa Gill awarded $173k in collaborative research (with Alberto Dainotti) on Detecting and Characterizing Internet Traffic Interception based on BGP Hijacking

gfjgtubvxcbc News

TITLE TWC: TTP Option: Small: Collaborative: Detecting and Characterizing Internet Traffic Interception Based on BGP Hijacking ABSTRACT Recent reports have highlighted incidents of massive Internet traffic interception executed by re-routing Border Gateway Protocol (BGP) paths across the globe (affecting banks, governments, entire network service providers, etc.). The potential impact of these attacks can range from massive eavesdropping to identity-spoofing or …

Scott Stoller awarded $341k To Explore Trustworthy Access Control Policies

gfjgtubvxcbc News

TITLE TWC: Small: Towards Trustworthy Access Control Policies ABSTRACT Getting access control policies right is challenging, especially in large organizations. This project is developing techniques and tools to support efficient and trustworthy administration of Attribute-Based Access Control (ABAC) policies. ABAC is a flexible, high-level, and increasingly popular security policy framework. ABAC promises long-term cost savings through reduced administrative effort, but …

IARPA Cyber-attack Automated Unconventional Sensor Environment (CAUSE)

gfjgtubvxcbc Funding

The IARPA Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program seeks to develop cyber-attack forecasting methods and detect emerging cyber phenomena to assist cyber defenders with the earliest detection of a cyber-attack (e.g., Distributed Denial of Service (DDoS), successful spearphishing, successful drive-by, remote exploitation, unauthorized access, reconnaissance). The CAUSE Program aims to develop and validate unconventional multi-disciplined sensor technology (e.g., actor …

DARPA-BAA-15-15: Transparent Computing (TC)

gfjgtubvxcbc Funding

DARPA is soliciting innovative research proposals in the area of understanding complex distributed computing environments towards exposing and stopping advanced cyber adversaries (also referred to as Advanced Persistent Threats, or APTs). The Transparent Computing (TC) program aims to make currently opaque computing systems transparent by providing high-fidelity visibility into component interactions during system operation across all layers of software abstraction, …

DARPA-BAA-15-10: EDICT

long Funding

DARPA is soliciting innovative research proposals in the area of resilient, mission-aware computer networking. https://www.fbo.gov/spg/ODA/DARPA/CMO/DARPA-BAA-15-10/listing.html

Five papers accepted at NDSS 2015

nick News

Five of of our recent work was accepted at NDSS 2015:   Parking Sensors: Analyzing and Detecting Parked Domains, Thomas Vissers, Wouter Joosen, Nick Nikiforakis Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse, Pieter Agten, Wouter Joosen, Frank Piessens, Nick Nikiforakis Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting Kangjie …

Air Force Research Laboratory

gfjgtubvxcbc Funding

The Air Force Research Laboratory invites whitepapers to support Innovative Approaches for Applied Projects in Four Research Areas of Information Science and Technology: · Autonomy, C2 Planning, and Decision Support; · Processing and Exploitation; · Cyber Science and Technology; and, · Connectivity and Dissemination. Approximately $2 million may be made available to support multiple awards. Eligibility is unrestricted domestically. Whitepapers …

DARPA 2014

gfjgtubvxcbc Funding

CFAR https://www.fbo.gov/index?s=opportunity&mode=form&id=43b09e88c3b8289cb4cbf63b402f46c5&tab=core&_cview=1 “Binary Transformation (TA-1) systems will transform Applications to Defend (ATDs) into variants with diverse binary structures. The Cyber Fault Tolerant Architecture (TA-2) will run multiple variants in parallel and compare their behaviors regularly. The variants should behave differently when attacked. The system will react to attacks by restarting with new variants.” SafeWare https://www.fbo.gov/index?s=opportunity&mode=form&id=a303af332a90b1e84fdb91d7dd382396&tab=core&_cview=0 “The goal of the SafeWare …

Sumeet Bajaj PhD Defense: Sumeet Bajaj,”Regulatory Compliance in Data Management”

gfjgtubvxcbc News

Achieving Regulatory Compliance in Data Management Sumeet Vijay Bajaj 11:15am CSE2311 Regulations mandate consistent procedures for information access, processing, and storage. In the United States alone, over 10,000 data management regulations exist in the financial, life sciences, health care and government sectors. A recurrent theme in data management regulations is the need for regulatory compliant storage to ensure data confidentiality, …

L. Akoglu and Y. Choi NSF-awarded $600,000 to fight opinion fraud!

gfjgtubvxcbc News

III: Medium: Collaborative Research: Collective Opinion Fraud Detection: Identifying and Integrating Cues from Language, Behavior, and Networks Given user reviews on Web sites such as Yelp, Amazon, and TripAdvisor, which ones should one trust? Online reviews have become an important resource for public opinion sharing. They influence our decisions over an extremely wide spectrum of daily and professional activities: e.g., …

Long Lu was awarded $500k by the National Science Foundation

gfjgtubvxcbc News

Enabling Secure and Trustworthy Compartments in Mobile Applications Society’s dependence on mobile technologies rapidly increases as we entrust mobile applications with more and more private information and capabilities. Existing security research follows a common threat model that treats apps as monolithic entities and only captures attack surface between apps. However, recent research reveals that app internal attacks are emerging quickly …

Annie Liu and Scott Stoller Awarded $1.5M from NSF

radusion News

Yanhong Annie Liu and Scott Stoller, professors in the Department of Computer Science at Stony Brook University, have been awarded $1.5 million from the National Science Foundation for their research project “From Clarity to Efficiency for Distributed Algorithms.” The funding is a four-year computing and communication foundations grant following a two-year exploratory research grant. Liu has been doing research on …