About Awards Grants Media Patents Projects Publications Service Talks Teaching

Articles

Faculty Position at The Ohio State University

Sun 13 March 2022

Security

I have accepted an offer to become an Assistant Professor at The Ohio State University, starting in the Fall 2022 semester. I am currently looking to hire 1 Ph.D. student as a full-time graduate research assistant (GRA). If you are an incoming student and you're interested in cutting edge …

Case Study: Security Analysis of Halibut

Tue 12 October 2021

Security

Over the past year I've been studying memory corruption vulnerabilities in Linux C/C++ programs, culminating in the open sourcing of a framework called ARCUS to find and explain them automatically using a combination of dynamic tracing and symbolic analysis. My work has led to two academic conference publications, one …

Bunkerbuster to Appear in CCS'21

Mon 06 September 2021

Security

My coauthors and I will be presenting the paper, Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis, at CCS 2021. Below is a preview of the abstract: The increasing cost of successful cyberattacks has caused a mindset shift, whereby defenders now employ proactive defenses, namely software bug hunting, alongside …

MARSARA to Appear in CCS'21

Tue 31 August 2021

Security

My coauthors and I will be presenting a paper on "Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks" at CCS 2021. Below is a preview of the abstract: Provenance-based causal analysis of audit logs has proven to be an invaluable method of investigating system intrusions. However, it also …

"Modeling Large-Scale Manipulation in Open Stock Markets" to Appear in IEEE Security & Privacy

Wed 26 May 2021

Security

An article my coauthors and I wrote on automated large-scale market manipulation will be appearing in the November issue of IEEE Security & Privacy. It is currently available early access here. Below is the abstract: This article studies the feasibility of using a botnet to automate stock market manipulation, incorporating data …

ARCUS System and Dataset Released

Mon 08 February 2021

Security

We have released the source code and evaluation dataset for "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems," which will be appearing at USENIX Security 2021 in August, 2021. The paper will be ready for publication in about a month.

Vulnerability Root Cause Analysis Approach "ARCUS" to Appear in USENIX'21

Sat 12 December 2020

Security

My coauthors and I will be presenting a paper "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems" at USENIX Security 2021 in August, 2021. Below is a preview of the abstract: End-host runtime monitors (e.g., CFI, system call IDS) flag processes in response to symptoms of a …

"Justitia" Biometric Privacy to Appear in ASIACCS'21

Mon 26 October 2020

Security

My coauthors and I will be presenting the paper "Cryptographic Key Derivation from Biometric Inferences for Remote Authentication" at Asia CCS 2021 in June of next year. Below is a preview of the abstract: Biometric authentication is getting increasingly popular because of its appealing usability and improvements in biometric sensors …

"Bot2Stock" to Appear in ACSAC'20

Sun 04 October 2020

Security

My coauthors and I will be presenting a paper "On the Feasibility of Automating Stock Market Manipulation" at ACSAC 2020 in December. Below is a preview of the abstract: This work presents the first findings on the feasibility of using botnets to automate stock market manipulation. Our analysis incorporates data …

New CVE Published (CVE-2020-14931)

Mon 29 June 2020

Security

CVE-2020-14931 has been assigned for a vulnerability I found in DMitry. The details are available here. This issue is currently being patched.