28 March, 2019
Our paper, "Emerging Threats in IoT Voice Services", will soon appear in an upcoming edition of IEEE Security & Privacy magazine!
11 February, 2019
Wajih Ul Hassan, our Lead Graduate Student in the Secure & Transparent Systems Lab, has been recognized as a 2019 Symantec Research Labs Graduate Fellow!
6 November, 2018
Our paper, "NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage," will appear at the 26th ISOC Network and Distributed System Security Symposium (NDSS'19).
1 October, 2018
The University of Illinois is preparing to deploy mandatory campus-wide Two Factor Authentication for all university students. Today, the Daily Illini published a piece on the new security measures that includes commentary from me. You can access the article here.
13 September, 2018
Riccardo Paccagnella, a Masters student in the Secure & Transparent Systems Lab, has been inducted into the 2019 Class of the Siebel Scholars program! Established in 2000 by the Thomas and Stacey Siebel Foundation, the Siebel Scholars program awards grants to 16 universities in the United States, China, France, Italy and Japan.
31 August, 2018
A few weeks ago at USENIX Security’18, we reported on an emerging threat vector in the Internet of Things – voice-controlled devices like the Amazon Echo will sometimes misinterpret commands, a fact that can be exploited by an attacker to trick them into using a malicious app. Sean Gallagher, an IT Editor for Ars Techica, released an article today about this study. In a piece he calls Mad Skills, he profiles our work and also discusses some other recent findings pointing to the fact that voice-controlled device interfaces are increasingly insecure. Congrats to student authors Riccardo, Deepak, and Paul Murley for this awesome work and well-deserved exposure!
28 August, 2018
As students returned to town for the start of the Fall semester, we were glad to be able to get the word about our USENIX Security’18 paper that exposes the potential privacy risks of fitness trackers. Heather Schlitz of The Daily Illini, our campus newspaper, wrote a piece up about the work urging students to think before they post their exercise online. Additionally, [Jodi Heckel] of The News-Gazette wrote up a column on fitness trackers. We hear that Jodi has the ear of the jogging community around Champaign-Urbana, so we were particular excited about the long and detailed piece she released about our research. We hope that these articles will help athletes to better understand the privacy and safety risks of fitness trackers before they post workouts online.
20 August, 2018
The STS Lab has been analyzing the privacy mechanisms offered by fitness tracking services to see if they are effective. Unfortunately; they’re not – we uncovered that 95.1% of moderately active users of the popular “Privacy Zone” feature are at risk of having their protected locations broadcast to the Internet. Today, Professor Bates sat down with WAND TV to discuss the problem of fitness tracking privacy. You can find the news segment based on that discussion here.
16 August, 2018
We’re excited that our work on fitness tracking privacy is beginning to receive some media attention, which will help us get the word out to athletes using these services about this potential risk. The Illinois College of Engineering’s Marketing and Commmunications office published an article this week about our studyStrava and MapMyTracks have also written up blog posts about the issue and how they’ve worked to mitigate it. There’s likely more to come here; I’ll add an additional news post when there is more to share.
30 July, 2018
I recently sat down with Mike Koon and the Illinois Innovators Podcast to discuss the STS Lab’s work on tracing system intrusions using data provenance. Part of the discussion centers around the research goals of my recently-funded NSF Career award. You can listen to the conversation here.
24 July, 2018
In 2018, the Secure & Transparent Systems Lab will have presented work at all 4 major security conferences (NDSS'18, Oakland'18, Security'18, CCS'18).
23 July, 2018
Two of our papers have been accepted for publication at the 2018 ACM Conference on Computer and Communications Security (CCS):
13 May, 2018
Our paper, "A Provenance Model for the European Union General Data Protection Regulation," will appear during "Provenance Week 2018" at the 7th International Provenance and Annotation Workshop (IPAW'18).
2 May, 2018
Two of our papers have been accepted for publication at the 2018 USENIX Security Symposium:
1 April, 2018
Very excited to announce that I have been awarded an NSF CAREER Award to investigate the design of scalable provenance-based monitoring and enforcement mechanisms! (link)
28 March, 2018
Our paper, "AliDrone: Enabling Trustworthy Proof-of-Alibi for Commercial Drone Compliance," has been accepted at the 38th IEEE International Conference on Distributed Computing Systems (ICDCS'18).
2 February, 2018
I have been invited to serve on the program committee for the 2019 IEEE Symposium on Security and Privacy.
24 January, 2018
Our paper, "SoK: 'Plug & Pray' Today – Understanding USB Insecurity in Versions 1 through C," has been accepted at the 39th IEEE Symposium on Security and Privacy (Oakland'18)!
17 January, 2018
I have been invited to serve on the program committee for the 2018 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'18).
2 November, 2017
I am honored to have been recognized as runner up for the 2017 ACM SIGSAC Doctoral Dissertation Award!
26 October, 2017
Two of our papers have been accepted for publication at the 2018 ISOC Network and Distributed System Security Symposium (NDSS'18):
12 October, 2017
I have been invited to serve on the program committee for the 2018 USENIX Security Symposium.
2 June, 2017
I have been invited to serve on the program committee for the 2018 ISOC Network and Distributed System Security Symposium (NDSS'18).
22 February, 2017
I have received an NSF Research Initiation Initiative award as the principal investigator of the proposal "Transparent Capture and Aggregation of Secure Data Provenance for Smart Devices."
1 February, 2017
I have been invited to serve on the Program Committee for 2017 USENIX Annual Technical Conference (ATC'17).
26 January, 2017
I have been invited to serve on the Program Committee for the 33nd Annual Computer Security Applications Conference (ACSAC'17).
18 January, 2017
I have been invited to serve on the Program Committee for the 24th ACM Conference on Computer and Communications Security (CCS'17).
19 December, 2016
Our paper, "Transparent Web Service Auditing via Network Provenance Functions," has been accepted at the 26th World Wide Web Conference (WWW'17).
19 October, 2016
I have been invited to serve as the Program Committee Co-Chair for the 2017 USENIX Workshop on the Theory and Practice of Provenance (TaPP).
3 August, 2016
Our paper, "Leveraging Data Provenance to Enhance Cyber Resilience," has been accepted to the 1st IEEE Cybersecurity Development Conference (SecDev '16).
22 July, 2016
Our paper, "ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices," has been accepted to the 23rd ACM Conference on Computer and Communications Security (CCS'16).
13 May, 2016
Our paper, "Making USB Great Again with USBFILTER," has been conditionally accepted by the 2016 USENIX Security Symposium.
11 May, 2016
I have been invited to serve as the Publicity Chair for the 2016 IEEE Symposium on Security & Privacy
5 May, 2016
I have been invited to serve on the program committee for the 2017 ISOC Network and Distributed System Security Symposium.
2 May, 2016
Today I successfully defended my dissertation, Designing and Leveraging Trustworthy Provenance-Aware Architectures. Many thanks to my committee and the rest of FICS for their advice and support!
15 April, 2016
I'm very excited to announce that I will be joining the faculty at the University of Illinois at Urbana-Champaign's Computer Science Department as an Assistant Professor this coming fall.
10 February, 2016
Congratulations to my co-authors, Dave (Jing) Tian and Brad Reaves, for winning poster awards in the software and network security categories at the 1st Annual FICS Conference. The poster competition showcased 38 posters in the areas of hardware, software, and network security, and was judged by an independent committee of industry representatives.
1 December, 2015
Next week, I will be chairing the "Web Security" and "Potpourri (Part 2)" sessions at ACSAC 2015 in Los Angeles, CA.
21 October, 2015
On November 18th, I will be giving a talk at the Pennsylvania State University on our investigation of secure provenance-aware systems, titled "Designing and Leveraging Trustworthy Provenance-Aware Architectures."
12 August, 2015
Source code for the Linux Provenance Modules project is now available:
11 August, 2015
Our paper, "GoodUSB -or- How I Learned To Stop Worrying and Love the Rubber Duck," has been conditionally accepted 31st Annual Computer Security Applications Conference (ACSAC'15).
11 August, 2015
Wall Street Journal reporter Jennifer Valentino-DeVries has written a piece on our analysis of branchless banking applications. It is available here.
5 June, 2015
Our paper, "Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs," has been accepted at the 7th International Workshop on Theory and Practice of Provenance.
19 May, 2015
I have been invited to serve as the Web Chair on the Organizing Committee for the 2016 IEEE Symposium on Security & Privacy
12 May, 2015
Three of our papers have been accepted for publication at the 2015 USENIX Security Symposium:
23 April, 2015
I have successfully proposed my dissertation, titled "Designing and Leveraging a Trustworthy Provenance Stack." It has been accepted by my committee and I have advanced to candidacy.
3 February, 2015
I have accepted a summer internship offer to return to MIT Lincoln Laboratory, where we will be continuing to collaborate on building secure provenance-aware systems.
23 December, 2014
On January 9th, I will be giving a talk at Carleton University on our work on SSL security, titled "Practical Trust Advancements in the SSL/TLS Ecosystem."