News

January 25, 2017: Our paper, SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android, has been accepted for publication at the 2017 ACM Asia Conference on Computer and Communications Security (ASIACCS).

December 12, 2016: Our paper, A Study of Security Vulnerabilties on Docker Hub, has been accepted for publication at the 2017 ACM Conference on Data and Application Security and Privacy (CODASPY).

August 24, 2016: Our paper, *droid: Assessment and Evaluation of Android Application Analysis Tools, has been accepted for publication in ACM Computing Surveys (CSUR).

August 19, 2016: Our paper, Phonion: Practical Protection of Metadata in Telephony Networks, has been accepted for publication in Proceedings on Privacy Enhancing Technologies (PoPETS).

August 16, 2016: Effective August 16, 2016, have been promoted to associate professor with tenure in the Computer Science department at North Carolina State University.

August 10, 2016: Our paper, A Study of Security Isolation Techniques, has been accepted for publication in ACM Computing Surveys (CSUR).

July 24, 2016: Our paper, SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles, has been accepted for publication at the 2016 ACM Conference on Computer and Communications Security (CCS).

July 1, 2016: Our paper, Preventing Kernel Code-Reuse Attacks Through Disclosure Resistant Code Diversification, has been accepted for publication at the 2016 IEEE Conference on Communications and Network Security (CNS).

May 16, 2016: Our paper, Practical DIFC Enforcement on Android, has been accepted for publication at the 2016 USENIX Security Symposium.

March 10, 2016: Our paper, Code-Stop: Code-Reuse Prevention By Context-Aware Traffic Proxying, has been accepted for publication at the 2016 International Conference on Internet Monitoring and Protection (ICIMP).

March 7, 2016: Our paper, A Study of Grayware on Google Play, has been accepted for publication at the 2016 IEEE Mobile Security Technologies workshot (MoST).

January 21, 2016: I am now an Associate Editor of IEEE Security and Privacy Magazine in the Systems Security department.

August 31, 2015: Our NSF SaTC grant, TWC: Medium: Collaborative: Improving Mobile-Application Security via Text Analytics, has been awarded. The grant is in collaboration with Tao Xie, Carl Gunter, and ChengXiang Zhai at UIUC.

August 22, 2015: I am now an Associate Editor of ACM Transactions on Internet Technology (TOIT).

May 12, 2015: Our paper, EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning, has been accepted for publication at the 2015 USENIX Security Symposium.

April 14, 2015: Our paper, Automatic Server Hang Bug Diagnosis: Feasible Reality or Pipe Dream?, has been accepted for publication at the IEEE International Conference on Autonomic Computing (ICAC).

March 20, 2015: Congratulations to my PhD student, Jason Gionta, for successfully defending his dissertation. Jason is co-advised by Dr. Peng Ning.

December 18, 2014: Our paper, AppContext: Differentiating Malicious and Benign Mobile App Behavior Under Contexts, has been accepted for publication at the 2015 International Conference on Software Engineering (ICSE).

December 4, 2014: I gave a tutorial entitled "Intro to Securing Android Applications" to the Raleigh Chapter of ISSA.

November 25, 2014: Our paper, HideM: Protecting the Contents of Userspace Memory in the Face of Disclosure Vulnerabilities, has been accepted for publication at the 2015 ACM Conference on Data and Application Security and Privacy (CODASPY).

November 5, 2014: I gave a tutorial entitled "Text Analytics for Security" along with Tao Xie at ACM CCS 2014.

October 2, 2014: I gave a tutorial entitled "Intro to Developing Android Applications" to the Raleigh Chapter of ISSA.

August 25th, 2014: I was awarded $49,726 by ARO for my proposal entitled "Refining Security for Smartphone Applications."

August 22, 2014: Stephan Heuser presented our ASM paper at USENIX Security'14. Check out the press release and the ASM website.

August 15, 2014: Our paper, SEER: Practical Memory Virus Scanning as a Service, has been accepted for publication at the 2014 Annual Computer Security Applications Conference (ACSAC).

July 23, 2014: I presented our NativeWrap work at WiSec'14. Go download the app now!
Update: Ars Technica has written a story on NativeWrap.

May 7, 2014: Our paper, ASM: A Programmable Interface for Extending Android Security, has been accepted for publication at the 2014 USENIX Security Symposium.

May 7, 2014: Our paper, NativeWrap: Ad Hoc Smartphone Application Creation for End Users, has been accepted for publication at the 2014 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).

April 5, 2014: The journal version of our TaintDroid paper has been accepted to the ACM Transactions on Computer Systems (TOCS).

April 4, 2014: Our paper, An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities, has been accepted for publication at the 2014 IEEE Mobile Security Technologies workshop (MoST).

February 26, 2014: The March 2014 issue of Communications of the ACM contains a research highlight on TaintDroid.

February 6, 2014: We updated the TaintDroid source code for Android 4.3. Many thanks to my student Ben Andow. Get the source.

July 19, 2013: Our paper, Preventing Accidental Data Disclosure in Modern Operating Systems, has been accepted for publication at the 2013 ACM Conference on Computer and Communications Security (CCS).

June 4, 2013: I will be an invited speaker at the Federal Trade Commission's (FTC) panel entitled "Mobile Security: Potential Threats and Solutions". Come join us in Washington D.C., or tune in via the webcast!

April 27, 2013: Our paper, WHYPER: Towards Automating Risk Assessment of Mobile Applications, has been accepted for publication at the 2013 USENIX Security Symposium.

April 17, 2013: Our paper, MAST: Triage for Market-scale Mobile Malware Analysis, received the Best Paper Award at the 2013 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), which is being held in Budapest, Hungary.

February 19, 2013: I have received a National Science Foundation CAREER Award for my proposal "Secure OS Views for Modern Computing Platforms". The CAREER Award is the NSF's most prestigious award for junior faculty.

January 22, 2013: Our paper, MAST: Triage for Market-scale Mobile Malware Analysis, which discusses efficient methods for finding malware in massive-scale mobile applications markets, has been accepted to the 2013 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) in Budapest, Hungary.

August 16, 2012: Our paper, Abusing Cloud-based Browsers for Fun and Profit, has been accepted for publication at the 2013 USENIX Security Symposium.