Posts about security research and academia

Overhaul at DSN 2016

Better privacy through user intent inference

Kaan will be presenting a paper describing Overhaul, a technique for inferring user intent for resource authorization in traditional operating systems, at DSN 2016 this summer.

TriggerScope and LAVA at Oakland 2016

Triggered malware detection and large-scale bug injection

We have two papers at Oakland this year: TriggerScope, a technique for static detection of triggered malicious behavior in Android applications, and LAVA, a large-scale technique for injecting bugs into programs.

Excision and CuriousDroid at FC 2016

In-browser malware detection and dynamic analysis of mobile apps

The lab has two papers at Financial Crypto this year: Excision, our system for in-browser detection of malware using inclusion sequence analysis, and CuriousDroid, our system for intelligently exercising mobile applications to improve dynamic analysis.

Presenting CrossFire at Black Hat Asia 2016

A new attack against browser extensions

Ahmet and I will be presenting CrossFire at Black Hat Asia in Singapore in March. CrossFire is a new attack against Firefox that leverages extension reuse to bypass the extension vetting process, which is the main line of defense against malicious Firefox extensions.

Advice for Applicants

Advice for applicants to PhD programs in Computer Science

Some of the most popular questions to pop up in my inbox are whether we’re taking new students, whether we have internships available, or whether I can admit you to the PhD program. If any of these questions are on your mind, here’s some advice and insight into the process.