An article my coauthors and I wrote on automated large-scale market manipulation will be appearing in the November issue of IEEE Security & Privacy. It is currently available early access here. Below is the abstract: This article studies the feasibility of using a botnet to automate stock market manipulation, incorporating data …

We have released the source code and evaluation dataset for "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems," which will be appearing at USENIX Security 2021 in August, 2021. The paper will be ready for publication in about a month.

My coauthors and I will be presenting a paper "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems" at USENIX Security 2021 in August, 2021. Below is a preview of the abstract: End-host runtime monitors (e.g., CFI, system call IDS) flag processes in response to symptoms of a …

My coauthors and I will be presenting the paper "Cryptographic Key Derivation from Biometric Inferences for Remote Authentication" at Asia CCS 2021 in June of next year. Below is a preview of the abstract: Biometric authentication is getting increasingly popular because of its appealing usability and improvements in biometric sensors …

My coauthors and I will be presenting a paper "On the Feasibility of Automating Stock Market Manipulation" at ACSAC 2020 in December. Below is a preview of the abstract: This work presents the first findings on the feasibility of using botnets to automate stock market manipulation. Our analysis incorporates data …

CVE-2020-14931 has been assigned for a vulnerability I found in DMitry. The details are available here. This issue is currently being patched.

Fuzz testing (more commonly known as "fuzzing") has become a predominate technique for bug hunting because it's easy to deploy and yields results. Academic security research is now flooded with papers on the topic — USENIX Security alone accepted 7 papers in the 2020 Fall submission cycle — many of which propose …

CVE-2020-9549 has been assigned for a vulnerability I found in Pdfresurrect. The details are available here. This issue is currently being patched.

I published a PoC for a new vulnerability in abc2mtex version 1.6.1. This was discovered while testing an analysis framework I'm developing with my peers at Georgia Tech. The vulnerability is due to an unsafe strcpy that allows an attacker to overwrite a return address and achieve arbitrary …

My coauthors and I will be presenting an extended abstract in the 25th Conference on Knowledge Discovery and Data Mining (KDD'19) in August. Below is a preview: Title: MLsploit: A Framework for Interactive Experimentation with Adversarial Machine Learning Research Authors: Nilaksh Das, Siwei Li, Chanil Jeon, Jinho Jung, Shang-Tse Chen …