New paper at NDSS'19!
06 Nov 2018 by batesa

Our paper, “NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage,” will appear at the 26th ISOC Network and Distributed System Security Symposium (NDSS’19).

Two Factor Authentication rollout at Illinois
01 Oct 2018 by batesa

The University of Illinois is preparing to deploy mandatory campus-wide Two Factor Authentication for all university students. Today, the Daily Illini published a piece on the new security measures that includes commentary from Professor Bates. You can access the article here.

Riccardo is a Siebels Scholar!
13 Sep 2018 by batesa

Riccardo Paccagnella, a Masters student in the Secure & Transparent Systems Lab, has been inducted into the 2019 Class of the Siebel Scholars program! Established in 2000 by the Thomas and Stacey Siebel Foundation, the Siebel Scholars program awards grants to 16 universities in the United States, China, France, Italy and Japan.

Ars Technica warns of our research on 'Mad Skillz!'
31 Aug 2018 by batesa

A few weeks ago at USENIX Security’18, we reported on an emerging threat vector in the Internet of Things – voice-controlled devices like the Amazon Echo will sometimes misinterpret commands, a fact that can be exploited by an attacker to trick them into using a malicious app. Sean Gallagher, an IT Editor for Ars Techica, released an article today about this study. In a piece he calls Mad Skills (we’re so angry we didn’t think of that as our paper title!), he profiles our work and also discusses some other recent findings pointing to the fact that voice-controlled device interfaces are increasingly insecure. Congrats to student authors Riccardo, Deepak, and Paul Murley for this awesome work and well-deserved exposure!

Fitness Tracking Privacy is the talk of the town!
28 Aug 2018 by batesa

As students returned to town for the start of the Fall semester, we were glad to be able to get the word about our USENIX Security’18 paper that exposes the potential privacy risks of fitness trackers. Heather Schlitz of The Daily Illini, our campus newspaper, wrote a piece up about the work urging students to think before they post their exercise online. Additionally, [Jodi Heckel] of The News-Gazette wrote up a column on fitness trackers. We hear that Jodi has the ear of the jogging community around Champaign-Urbana, so we were particular excited about the long and detailed piece she released about our research. We hope that these articles will help athletes to better understand the privacy and safety risks of fitness trackers before they post workouts online.

Fitness Research featured on local NBC affiliate
20 Aug 2018 by batesa

The STS Lab has been analyzing the privacy mechanisms offered by fitness tracking services to see if they are effective. Unfortunately; they’re not – we uncovered that 95.1% of moderately active users of the popular “Privacy Zone” feature are at risk of having their protected locations broadcast to the Internet. Today, Professor Bates sat down with WAND TV to discuss the problem of fitness tracking privacy. You can find the news segment based on that discussion here.

Media Coverage of Fitness Privacy Research (Part 1)
16 Aug 2018 by batesa

For the past two years or so, we’ve been analyzing the privacy mechanisms offered by fitness tracking services like Strava and Garmin Connect to see if they are effective. Unfortunately; they’re not – we uncovered that 95.1% of moderately active users of the popular “Privacy Zone” feature are at risk of having their protected locations broadcast to the Internet. You can read more about our findings in the full USENIX Security paper, which is now online. There will also shortly be a video recording of Wajih’s conference presentation at that link too!

We’re very excited about some recent media coverage of this work, which will help us get the word out to athletes about this potential risk. The Illinois College of Engineering’s Marketing and Commmunications office published an article this week about our study. We’ve also been working with several fitness tracking companies to address this problem; Strava and MapMyTracks have written up blog posts about the issue and how they’ve worked to mitigate it. There’s likely more to come here; we’ll add an additional news post when there is more to share.

Illinois Innovators Podcast
30 Jul 2018 by batesa

Professor Adam Bates recently sat down with Mike Koon and the Illinois Innovators Podcast to discuss the STS Lab’s work on tracing system intrusions using data provenance. Part of the discussion centers around the research goals of Adam’s recently-funded NSF Career award. You can listen to their conversation here.

2018 `Grand Slam'
24 Jul 2018 by batesa

Our recent paper accepts to CCS translate to a “grand slam” for the STS Lab – in 2018, the Secure & Transparent Systems Lab will have presented work at all 4 major security conferences (NDSS’18, Oakland’18, Security’18, CCS’18)!

Two new papers at CCS'18!
23 Jul 2018 by batesa

Two of our papers have been (conditionally) accepted for publication at the 2018 ACM Conference on Computer and Communications Security:

  1. Cross-App Poisoning in Software-Defined Networking
  2. Runtime Analysis of Whole-System Provenance

Congrats to our local student author Ben for the SDN work, and to lead author Thomas Pasquier for the whole-system provenance work.

Wajih Ul Hassan wins CS@Illinois Abbasi Fellowship
09 Jul 2018 by batesa

Congrats are due to Wajih, who will be continuing his research this coming year as an CS@Illinois Sohaib and Sara Abbasi Computer Science Fellow. Wajih is the first fully-supported fellow in the history of the Abbasi award.

New paper at ProvenanceWeek 2018!
13 May 2018 by batesa

Our paper, “A Provenance Model for the European Union General Data Protection Regulation,” will appear during “Provenance Week 2018” at the 7th International Provenance and Annotation Workshop (IPAW’18). Congrats to lead author Ben Ujcich!

Two new papers at USENIX Security 2018!
02 May 2018 by batesa
Professor Bates wins NSF Early Career Award!
28 Mar 2018 by batesa

I’m very excited to announce that I have been awarded an NSF Early Career Award to investigate the design of scalable provenance-based monitoring and enforcement mechanisms!

Prof. Bates to serve on Oakland PC.
02 Feb 2018 by batesa

I have been invited to serve on the program committee for the 2019 IEEE Symposium on Security and Privacy.

New paper at Oakland'18!
24 Jan 2018 by batesa

Our paper, “SoK: ‘Plug & Pray’ Today – Understanding USB Insecurity in Versions 1 through C,” has been accepted at the 39th IEEE Symposium on Security and Privacy (Oakland’18)!

Prof. Bates to serve on WiSec PC.
17 Jan 2018 by batesa

I have been invited to serve on the program committee for the 2018 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’18).

SIGSAC Dissertation Runner-Up
02 Nov 2017 by batesa

I am honored to have been recognized as runner up for the 2017 ACM SIGSAC Doctoral Dissertation Award!

Two New Papers at NDSS'18!
26 Oct 2017 by batesa

Two of our papers have been accepted for publication at the 2018 ISOC Network and Distributed System Security Symposium (NDSS’18):<ol><li>Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs</li><li>Fear and Logging in the Internet of Things</li></ol>

Prof. Bates to serve on USENIX Security PC.
12 Oct 2017 by batesa

I have been invited to serve on the program committee for the 2018 USENIX Security Symposium.

Prof. Bates to serve on NDSS PC.
02 Jun 2017 by batesa

I have been invited to serve on the program committee for the 2018 ISOC Network and Distributed System Security Symposium (NDSS’18).

Prof. Bates awarded NSF CRII.
22 Feb 2017 by batesa

I have received an NSF Research Initiation Initiative award as the principal investigator of the proposal “Transparent Capture and Aggregation of Secure Data Provenance for Smart Devices.”

Prof. Bates to serve on USENIX Annual PC.
01 Feb 2017 by batesa

I have been invited to serve on the Program Committee for 2017 USENIX Annual Technical Conference (ATC’17).

Prof. Bates to serve on ACSAC PC.
26 Jan 2017 by batesa

I have been invited to serve on the Program Committee for the 33nd Annual Computer Security Applications Conference (ACSAC’17).

Prof. Bates to serve on CCS PC.
18 Jan 2017 by batesa

I have been invited to serve on the Program Committee for the 24th ACM Conference on Computer and Communications Security (CCS’17).

New Paper at WWW'17!
19 Dec 2016 by batesa

Our paper, “Transparent Web Service Auditing via Network Provenance Functions,” has been accepted at the 26th World Wide Web Conference (WWW’17).

Prof. Bates to chair TaPP'17.
19 Oct 2016 by batesa

I have been invited to serve as the Program Committee Co-Chair for the 2017 USENIX Workshop on the Theory and Practice of Provenance (TaPP).

New Paper at SecDev'16!
03 Aug 2016 by batesa

Our paper, “Leveraging Data Provenance to Enhance Cyber Resilience,” has been accepted to the 1st IEEE Cybersecurity Development Conference (SecDev ‘16).