October 31, 2024: Our paper, An Empirical Study on Reproducible Packaging in Open-Source Ecosystems has been accepted for publication at the 2025 IEEE/ACM International Conference on Software Engineering (ICSE).
June 19, 2024: We received a best paper award at CODASPY for our paper, Examining Cryptography and Randomness Failures in Open-Source Cellular Cores.
April 8, 2024: Our paper, Pairing Security Advisories with Vulnerable Functions Using Open-Source LLMs has been accepted for publication at the 2024 Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA).
April 3, 2024: Our paper, RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces has been accepted for publication at the 2024 ACM Conference on Computer and Communcations Security (CCS).
March 28, 2024: I was elected as Vice President of the USENIX Board of Directors.
March 23, 2024: Our paper, 5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network Functions has been accepted for publication at the 2024 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
March 12, 2024: Our paper, VFCFinder: Pairing Security Advisories and Patches has been accepted for publication at the 2024 ACM ASIA Conference on Computer and Communications Security (AsiaCCS).
February 29, 2024: We received a distinguished paper award at NDSS for our paper, UntrustIDE: Exploiting Weaknesses in VS Code Extensions.
February 26, 2024: Our paper, Examining Cryptography and Randomness Failures in Open-Source Cellular Cores has been accepted for publication at the 2024 ACM Conference on Data and Application Security and Privacy (CODASPY).
January 23, 2024: Our paper, GRASP: Hardening Serverless Applications through Graph Reachability Analysis of Security Policies Ex has been accepted for publication at The Web Conference 2024.
December 5, 2023: My PhD student, Samin Mahmud, successfully defended his dissertation. Congratulations, Samin!
November 1, 2023: Our paper, UntrustIDE: Exploiting Weaknesses in VS Code Extensions has been accepted for publication at the 2024 ISOC Network and Distributed Systems Symposium (NDSS).
July 12, 2023: My PhD student, Iffat Anjum, successfully defended her dissertation. Congratulations, Iffat!
June 5, 2023: Our paper, ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions has been accepted for publication at the 2023 USENIX Security Symposium.
May 23, 2023: My PhD student, Isaac Polinksy, successfully defended his dissertation. Congratulations, Isaac!
April 14, 2023: Our paper, MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy has been accepted for publication at the 2023 ACM Symposium on Access Control Models and Technologies (SACMAT).
April 7, 2023: Our paper, It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security has been accepted for publication at the 2023 IEEE Symposium on Security and Privacy (S&P).
April 3, 2023: Our paper, Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis has been accepted for publication at the 2023 IEEE European Symposium on Security and Privacy (EuroS&P).
September 2, 2022: Our paper, Analysis of Payment Service Provider SDKs in Android has been accepted for publication at the 2022 Annual Computer Security Applications Conference (ACSAC).
August 1, 2022: We were awarded a $9M grant from the National Science Foundation for our SaTC Frontiers project titled "Enabling a Secure and Trustworthy Software Supply Chain".
June 8, 2022: We were awarded Best Student Paper at ACM SACMAT 2022 for our paper, Removing the Reliance on Perimeters for Security using Network Views.
May 16, 2022: I gave a keynote titled Reflections on a Decade of Mobile Security Research at ACM WiSec 2022.
April 9, 2022: Our paper, Removing the Reliance on Perimeters for Security using Network Views has been accepted for publication at the 2022 ACM Symposium on Access Control Models and Technologies (SACMAT).
April 8, 2022: Our poster, A Study of Security Weaknesses in Android Payment Service Provider SDKs won the HoTSoS 2022 Best Poster Award.
February 21, 2022: Our paper, ALASTOR: Reconstructing the Provenance of Serverless Intrusions has been accepted for publication at the 2022 USENIX Security Symposium.
January 15, 2022: Our paper, A Study of Application Sandbox Policies in Linux has been accepted for publication at the 2022 ACM Symposium on Access Control Models and Technologies (SACMAT).
September 24, 2021: Our paper, FReD: Identifying File Re-Delegation in Android System Services has been accepted for publication at the 2022 USENIX Security Symposium.
April 17, 2021: Our paper, SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless Computing has been accepted for publication at the 2021 ACM Symposium on Access Control Models and Technologies (SACMAT).
February 12, 2021: Our paper, PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems has been accepted for publication at the 2021 USENIX Security Symposium.
December 22, 2020: Our paper, Role-Based Deception in Enterprise Networks, has been accepted for publication at the 2021 ACM Conference on Data and Application Security and Privacy (CODASPY).
November 9, 2020: I was named a October 2020 winner of the "The Carla Savage Award" in the Department of Computer Science at NC State.
November 5, 2020: TaintDroid received the SIGOPS Hall of Fame Award!
October 22, 2020: Our paper, Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem has been accepted for publication at the 2021 ISOC Network and Distributed Systems Symposium (NDSS).
September 18, 2020: Our paper, LeakyPick: IoT Audio Spy Detector has been accepted for publication at the 2020 Annual Computer Security Applications Conference (ACSAC).
June 11, 2020: I gave a keynote titled Analysis of Access Control Enforcement in Android at ACM SACMAT 2020.
February 21, 2020: Our paper, Cardpliance: PCI DSS Compliance of Android Applications has been accepted for publication at the 2020 USENIX Security Symposium.
December 12, 2019: Our ONR grant for $1,033,306 titled Defining Security Policy in Distributed Environments using Network Views was awarded.
November 30, 2019: Our paper, n-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications, has been accepted for publication at the 2020 ACM Conference on Data and Application Security and Privacy (CODASPY).
November 27, 2019: Our paper, <Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck/em>, has been accepted for publication at the 2020 USENIX Security Symposium.
</p>
October 1, 2019: I gave a talk on Risks Emerging as Innovation Moves Towards Greater use of 'Smart' Devices at the ERM Workshop run by the Poole College of Management.
September 27, 2019: I gave a talk on Analysis of Access Control Enforcement in Android at the College of William and Mary.
September 17, 2019: I gave a talk on Cybersecurity in an Academic Environment at the North Carolina Cyber Executive Summit.
September 2, 2019: Our paper, Thou Shalt Discuss Security: Quantifying the Impacts of Instructions to RFC Authors, has been accepted for publication at the 2019 Conference on Security Standards Research (SSR).
August 5, 2019: I've been selected to recieve a Google ASPIRE grant of $65K for my proposal titled Detection of File Access Re-Delegation in Android APIs.
May 24, 2019: Our paper, PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play, has been accepted for publication at the 2019 USENIX Security Symposium.
May 16, 2019: We were awarded Best Paper at ACM WiSec 2019 for our paper, Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things.
April 30, 2019: Our paper, Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS, has been accepted for publication at the 2020 IEEE Symposium on Security and Privacy (S&P).
March 12, 2019: I presented an invited talk titled Analysis of iOS Access Control Policy at King's College London (KCL).
March 5, 2019: Our paper, HomeSnitch: Behavior Transparency and Control for Smart Home IoT Devices, has been accepted for publication at the 2019 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
March 5, 2019: Our paper, Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things, has been accepted for publication at the 2019 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
March 5, 2019: Our paper, ARF: Identifying Re-Delegation Vulnerabilities in Android System Services, has been accepted for publication at the 2019 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
March 5, 2019: Our short paper, Hestia: Simple Least Privilege Network Policies for Smart Homes, has been accepted for publication at the 2019 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
November 27, 2018: Our paper, ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, has been accepted for publication at the 2019 ACM Conference on Data and Application Security and Privacy (CODASPY).
June 9, 2018: I presented an invited talk titled Analysis of iOS Access Control Policy at the CyberSecurity@KAIST International Workshop in Daejeon, Korea.
June 5, 2018: I presented an invited talk titled Using Text Analytics to Enhance Security Analysis of Mobile Applications at ACM ASIACCS 2018 in Incheon, Korea.
March 2, 2018: Our paper, iOracle: Automated Evaluation of Access Control Policies in iOS, has been accepted for publication at the 2018 ACM Asia Conference on Computer and Communications Security (ASIACCS).
January 18, 2017: Our paper, PivotWall: SDN-Based Information Flow Control, has been accepted for publication at the 2018 ACM Symposium on SDN Research (SOSR).
August 19, 2017: Our paper, Analysis of SEAndroid Policies: Combining MAC and DAC in Android, has been accepted for publication at the 2017 Annual Computer Security Applications Conference (ACSAC).
May 2, 2017: Our paper, UiRef: Analysis of Sensitive User Inputs in Android Applications, has been accepted for publication at the 2017 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
April 4, 2017: We received a Distinguished Paper Award for our paper, SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android at ASIACCS 2017.
January 25, 2017: Our paper, SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android, has been accepted for publication at the 2017 ACM Asia Conference on Computer and Communications Security (ASIACCS).
December 12, 2016: Our paper, A Study of Security Vulnerabilties on Docker Hub, has been accepted for publication at the 2017 ACM Conference on Data and Application Security and Privacy (CODASPY).
August 24, 2016: Our paper, *droid: Assessment and Evaluation of Android Application Analysis Tools, has been accepted for publication in ACM Computing Surveys (CSUR).
August 19, 2016: Our paper, Phonion: Practical Protection of Metadata in Telephony Networks, has been accepted for publication in Proceedings on Privacy Enhancing Technologies (PoPETS).
August 16, 2016: Effective August 16, 2016, I have been promoted to associate professor with tenure in the Computer Science department at North Carolina State University.
August 10, 2016: Our paper, A Study of Security Isolation Techniques, has been accepted for publication in ACM Computing Surveys (CSUR).
July 24, 2016: Our paper, SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles, has been accepted for publication at the 2016 ACM Conference on Computer and Communications Security (CCS).
July 1, 2016: Our paper, Preventing Kernel Code-Reuse Attacks Through Disclosure Resistant Code Diversification, has been accepted for publication at the 2016 IEEE Conference on Communications and Network Security (CNS).
May 16, 2016: Our paper, Practical DIFC Enforcement on Android, has been accepted for publication at the 2016 USENIX Security Symposium.
March 10, 2016: Our paper, Code-Stop: Code-Reuse Prevention By Context-Aware Traffic Proxying, has been accepted for publication at the 2016 International Conference on Internet Monitoring and Protection (ICIMP).
March 7, 2016: Our paper, A Study of Grayware on Google Play, has been accepted for publication at the 2016 IEEE Mobile Security Technologies workshot (MoST).
January 21, 2016: I am now an Associate Editor of IEEE Security and Privacy Magazine in the Systems Security department.
August 31, 2015: Our NSF SaTC grant, TWC: Medium: Collaborative: Improving Mobile-Application Security via Text Analytics, has been awarded. The grant is in collaboration with Tao Xie, Carl Gunter, and ChengXiang Zhai at UIUC.
August 22, 2015: I am now an Associate Editor of ACM Transactions on Internet Technology (TOIT).
May 12, 2015: Our paper, EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning, has been accepted for publication at the 2015 USENIX Security Symposium.
April 14, 2015: Our paper, Automatic Server Hang Bug Diagnosis: Feasible Reality or Pipe Dream?, has been accepted for publication at the IEEE International Conference on Autonomic Computing (ICAC).
March 20, 2015: Congratulations to my PhD student, Jason Gionta, for successfully defending his dissertation. Jason is co-advised by Dr. Peng Ning.
December 18, 2014: Our paper, AppContext: Differentiating Malicious and Benign Mobile App Behavior Under Contexts, has been accepted for publication at the 2015 International Conference on Software Engineering (ICSE).
December 4, 2014: I gave a tutorial entitled "Intro to Securing Android Applications" to the Raleigh Chapter of ISSA.
November 25, 2014: Our paper, HideM: Protecting the Contents of Userspace Memory in the Face of Disclosure Vulnerabilities, has been accepted for publication at the 2015 ACM Conference on Data and Application Security and Privacy (CODASPY).
November 5, 2014: I gave a tutorial entitled "Text Analytics for Security" along with Tao Xie at ACM CCS 2014.
October 2, 2014: I gave a tutorial entitled "Intro to Developing Android Applications" to the Raleigh Chapter of ISSA.
August 25th, 2014: I was awarded $49,726 by ARO for my proposal entitled "Refining Security for Smartphone Applications."
August 22, 2014: Stephan Heuser presented our ASM paper at USENIX Security'14. Check out the press release and the ASM website.
August 15, 2014: Our paper, SEER: Practical Memory Virus Scanning as a Service, has been accepted for publication at the 2014 Annual Computer Security Applications Conference (ACSAC).
July 23, 2014: I presented our NativeWrap work at WiSec'14. Go download the app now!
May 7, 2014: Our paper, ASM: A Programmable Interface for Extending Android Security, has been accepted for publication at the 2014 USENIX Security Symposium.
May 7, 2014: Our paper, NativeWrap: Ad Hoc Smartphone Application Creation for End Users, has been accepted for publication at the 2014 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
April 5, 2014: The journal version of our TaintDroid paper has been accepted to the ACM Transactions on Computer Systems (TOCS).
April 4, 2014: Our paper, An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities, has been accepted for publication at the 2014 IEEE Mobile Security Technologies workshop (MoST).
February 26, 2014: The March 2014 issue of Communications of the ACM contains a research highlight on TaintDroid.
February 6, 2014: We updated the TaintDroid source code for Android 4.3. Many thanks to my student Ben Andow. Get the source.
July 19, 2013: Our paper, Preventing Accidental Data Disclosure in Modern Operating Systems, has been accepted for publication at the 2013 ACM Conference on Computer and Communications Security (CCS).
June 4, 2013: I will be an invited speaker at the Federal Trade Commission's (FTC) panel entitled "Mobile Security: Potential Threats and Solutions". Come join us in Washington D.C., or tune in via the webcast!
April 27, 2013: Our paper, WHYPER: Towards Automating Risk Assessment of Mobile Applications, has been accepted for publication at the 2013 USENIX Security Symposium.
April 17, 2013: Our paper, MAST: Triage for Market-scale Mobile Malware Analysis, received the Best Paper Award at the 2013 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), which is being held in Budapest, Hungary.
February 19, 2013: I have received a National Science Foundation CAREER Award for my proposal "Secure OS Views for Modern Computing Platforms". The CAREER Award is the NSF's most prestigious award for junior faculty.
January 22, 2013: Our paper, MAST: Triage for Market-scale Mobile Malware Analysis, which discusses efficient methods for finding malware in massive-scale mobile applications markets, has been accepted to the 2013 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) in Budapest, Hungary.
August 16, 2012: Our paper, Abusing Cloud-based Browsers for Fun and Profit, has been accepted for publication at the 2013 USENIX Security Symposium.
Update: Ars Technica has written a story on NativeWrap.