The Secure & Transparent Systems Laboratory

The STS Lab confronts issues of security and transparency in computer systems and networks. Within this broad area, we investigate challenges in various domains of computing including operating systems, the cloud, and the Internet of Things. Our recent work has evaluated the security of IoT services, introduced mechanisms that defend against USB-based attacks, and designed security-enhanced provenance-aware systems that are capable of reliably tracking and explaining system intrusions.

Note: We will be looking to recruit new graduate students this upcoming admissions season! If you are a prospective graduate student that is interested in our group, please click here for more information.

Our paper, “NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage,” will appear at the 26th ISOC Network and Distributed System Security Symposium (NDSS’19).

Posted 06 Nov 2018 by Adam

The University of Illinois is preparing to deploy mandatory campus-wide Two Factor Authentication for all university students. Today, the Daily Illini published a piece on the new security measures that includes commentary from Professor Bates. You can access the article here.

Posted 01 Oct 2018 by Adam

Riccardo Paccagnella, a Masters student in the Secure & Transparent Systems Lab, has been inducted into the 2019 Class of the Siebel Scholars program! Established in 2000 by the Thomas and Stacey Siebel Foundation, the Siebel Scholars program awards grants to 16 universities in the United States, China, France, Italy and Japan.

Posted 13 Sep 2018 by Adam

A few weeks ago at USENIX Security’18, we reported on an emerging threat vector in the Internet of Things – voice-controlled devices like the Amazon Echo will sometimes misinterpret commands, a fact that can be exploited by an attacker to trick them into using a malicious app. Sean Gallagher, an IT Editor for Ars Techica, released an article today about this study. In a piece he calls Mad Skills (we’re so angry we didn’t think of that as our paper title!), he profiles our work and also discusses some other recent findings pointing to the fact that voice-controlled device interfaces are increasingly insecure. Congrats to student authors Riccardo, Deepak, and Paul Murley for this awesome work and well-deserved exposure!

Posted 31 Aug 2018 by Adam