Publications

(2024). Enforcing C/C++ Type and Scope at Runtime for Control-Flow and Data-Flow Integrity. In Proceedings of the 29th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

PDF Source Document

(2024). GENESIS: A Generalizable, Efficient, and Secure Intra-kernel Privilege Separation. In Proceedings of the 39th ACM/SIGAPP Symposium On Applied Computing (SAC).

(2024). SGX-USB: Secure USB I/O Path for Secure Enclaves. In Proceedings of the 57th Hawaii International Conference on System Sciences (HICSS).

PDF

(2023). Protect the System Call, Protect (most of) the World with BASTION. In Proceedings of the 28th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

PDF

(2022). Tightly Seal Your Sensitive Pointers with PACTIGHT. In Proceedings of the 31th USENIX Security Symposium (Security).

PDF Slides Video Source Document

(2022). Practical Privacy-Preserving Authentication for SSH. In Proceedings of the 31th USENIX Security Symposium (Security).

PDF Slides Video

(2022). A Survey on Sensor False Data Injection Attacks and Countermeasures in Cyber-physical and Embedded Systems. In Proceedings of the 23rd World Conference on Information Security Applications (WISA).

(2022). Practical Privacy-Preserving Authentication for SSH. Cryptology ePrint Archive, Paper 2022/740.

PDF

(2022). Tightly Seal Your Sensitive Pointers with PACTight. arXiv:2203.15121 [cs.CR].

PDF

(2022). Securely Sharing Randomized Code that Flies. In ACM Journal Digital Threats: Research and Practice (DTRAP).

PDF

(2021). VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks. In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS).

PDF Slides Source Document

(2021). Enabling the Large-Scale Emulation of Internet of Things Firmware With Heuristic Workarounds. In IEEE Security & Privacy.

PDF Source Document

(2020). FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis. In Proceedings of the 2020 Annual Computer Security Applications Conference (ACSAC).

PDF Slides Source Document

(2020). CrFuzz: Fuzzing Multi-purpose Programs through Input Validation. In Proceedings of the 2020 ACM Joint European Software Engineering Conference and Symposium (ESEC/FSE).

PDF Video

(2020). MARDU : Efficient and Scalable Code Re-randomization. In Proceedings of the 13th ACM International Systems and Storage Conference (SYSTOR).

PDF Slides Video

(2020). MOSE: Practical Multi-User Oblivious Storage via Secure Enclaves. In Proceedings of the 10th ACM Conference on Data and Application Security and Privacy (CODASPY).

PDF Video

(2020). HFL: Hybrid Fuzzing on the Linux Kernel. In Proceedings of the 2020 Annual Network and Distributed Systems Security (NDSS).

PDF Slides Video Source Document

(2019). Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit. In Black Hat Europe 2019 Briefings.

Slides Video

(2019). BlueMaster: Bypassing and Fixing Bluetooth-based Proximity Authentication. In Black Hat Europe 2019 Briefings.

PDF Slides Video

(2019). Making Code Re-randomization Practical with MARDU. arXiv:1909.09294 [cs.CR].

PDF

(2019). soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend. In DEF CON 27 Demo Labs.

Source Document

(2019). Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset. In Proceedings on Privacy Enhancing Technologies Symposium (PoPETs).

PDF Slides

(2019). MultiK: A Framework for Orchestrating Multiple Specialized Kernels. arXiv:1903.06889 [cs.OS].

PDF Source Document

(2018). QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In Proceedings of the 27th USENIX Security Symposium (Security).

PDF Slides Video Source Document

(2018). Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset. Cryptology ePrint Archive, Report 2018/247.

PDF

(2017). SGX-Bomb: Locking Down the Processor via Rowhammer Attack. In Proceedings of the 2nd Workshop on System Software for Trusted Execution (SysTEX).

PDF Slides Source Document

(2017). Systems and Methods for Using Video for User and Message Authentication. U.S. Patent US20170279815A1.

PDF

(2017). Hacking in Darkness: Return-oriented Programming against Secure Enclaves. In Proceedings of the 26th USENIX Security Symposium (Security).

PDF Slides Video

(2016). Breaking Kernel Address Space Layout Randomization with Intel TSX. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS).

PDF Slides Source Document

(2016). APISAN: Sanitizing API Usages through Semantic Cross-checking. In Proceedings of the 25th USENIX Security Symposium (Security).

PDF Slides Video Source Document

(2016). Towards Engineering a Secure Android Ecosystem: A Survey of Existing Techniques. In ACM Computing Surveys.

PDF

(2016). Breaking Kernel Address Space Layout Randomization with Intel TSX. In Black Hat USA 2016 Briefings.

PDF Slides Video Source Document

(2015). UCognito: Private Browsing without Tears. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS).

PDF Slides Source Document

(2015). Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS).

PDF Slides

(2015). Preventing Use-after-free with Dangling Pointers Nullification. In Proceedings of the 2015 Annual Network and Distributed Systems Security (NDSS).

PDF Slides

(2014). A11y Attacks: Exploiting Accessibility in Operating Systems. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS).

PDF Slides

(2014). On the Feasibility of Large-Scale Infections of iOS Devices. In Proceedings of the 23rd USENIX Security Symposium (Security).

PDF Slides Video

(2014). Mimesis Aegis: A Mimicry Privacy Shield. In Proceedings of the 23rd USENIX Security Symposium (Security).

PDF Slides Video

(2014). Exploiting Unpatched iOS Vulnerabilities for Fun and Profit. In Black Hat USA 2014 Briefings.

Slides Video

(2014). Abusing Performance Optimization Weaknesses to Bypass ASLR. In Black Hat USA 2014 Briefings.

Slides Video

(2014). Gyrus: A Framework for User-Intent Monitoring of Text-based Networked Applications. In Proceedings of the 2014 Annual Network and Distributed Systems Security (NDSS).

PDF Slides

(2013). Mactans: Injecting Malware Into iOS Devices via Malicious Chargers. In Black Hat USA 2013 Briefings.

PDF Slides Video