Akul Goyal’s work on attacking provenance-based intrusion detection systems, “Sometimes, You Aren’t What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems,” has been accepted to NDSS’23. Congrats Akul!

Excited to announce that a second paper from our group, “Characterizing Everyday Misuse of Smart Home Devices,” will be appearing at IEEE S&P 2023. Congrats to our student authors Pubali Datta (UIUC), Phoebe Moh (UMD), and Noel Warford (UMD)!

Our ESORICS’22 work on “Equivocal URLs” was just recognized with the Best Paper Award! Congrats to lead author Joshua Reynolds!

Professor Bates joined Illinois Public Media’s “The 21st” public radio talk show to discuss the group’s recent work on privacy in fitness and health tracking apps! You can listen here: https://will.illinois.edu/21stshow/story/how-private-is-your-health-tracking-app-data.

Continuing our lab’s 2022 European Tour, we just had two papers accepted at the 27th European Symposium on Research in Computer Security (ESORICS’22):

1. Towards Efficient Auditing for Real-Time Systems
2. Equivocal URLs: Understanding the Fragmented Space of URL Parser Implementations

Special congratulations to our student authors, Ayoosh Bansal and Anant Kandikuppa (RTS) and Joshua Reynolds (URL).

Wow! Our systematization of knowledge paper on data provenance, “History is a Vast Early Warning System: Auditing the Provenance of System Intrusions,” has been accepted to the IEEE Symposium on Security and Privacy (Oakland’23)! This one has been in the works for about as long as our lab has been inexistence, with many students taking turns carrying the ball. Congrats to lab members Muhammad Adil Inam, Yinfang Chen, Akul Goyal, Jason Liu, Jaron Mink, Noor Michael, Sneha Gaur, and Wajih Ul Hassan!

Our paper, “Transparent DIFC: Harnessing Innate Application Event Logging for Fine-Grained Decentralized Information Flow Control,” has been accepted to the 7th IEEE European Symposium on Security and Privacy (EuroS&P’22)! Congrats to student authors Jason Liu and Anant Kandikuppa!

Our paper, “ALASTOR: Reconstructing the Provenance of Serverless Intrusions,” has been accepted to the 31st USENIX Security Symposium (Sec’22)! Congrats to student authors Pubali Datta and Adil Inam!

Our paper, “Users Can Deduce Sensitive Locations Protected by Privacy Zones on Fitness Tracking Apps,” has been accepted to the 2022 ACM Conference on Human Factors in Computing Systems (CHI’22)! Congrats to our lead student author, Jaron Mink!

Our paper, “Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks,” has been accepted to the 28th ACM Conference on Computer and Communications Security (CCS’21)! This paper is the result of a two year collaboration with the Institute for Information Security and Privacy at the Georgia Institute of Technology. Congratulations to student (and former student) authors Carter Yagemann, Mohammad Noureddine, and Wajih Ul Hassan!

Our lab’s first ever student, Wajih Ul Hassan, successfully defended his dissertation today! Following an extensive job search this past spring, Wajih accepted a tenure-track Assistant Professor position at the University of Virginia, prior to the start of his appointment, Wajih will be returning to Pakistan as a visiting professor at Lahore University of Management Sciences (LUMS), while also serving as a visiting scientist at Stellar Cyber. Congratulations, Wajih! We look forward to your continued success in this next stage of your career.

Our paper, “Causal Analysis for Software-Defined Networking Attacks,” has been accepted to the 30th USENIX Security Symposium (Security’21)! This is the third and final piece of Ben Ujcich’s dissertation, all of which appeared in the Top 4 security conferences. Congratulations to Professor Ujcich, who is now in his first year as an Assistant Professor at Georgetown!

Pubali Datta has been selected to participate in the 2020 Rising Stars Program! Participants are selected based on academic excellence, interest in a faculty career in the EECS discipline, and commitment to advancing equity and inclusion. This year’s event is being hosted virtually by the Berkeley EECS Department. Congrats Pubali!

“Three of our papers have been accepted for publication at the 2020 Annual Computer Security Applications Conference (ACSAC’20):

1. This is Why We Can't Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage
2. On the Forensic Validity of Approximated Audit Logs
3. Workflow Integration Alleviates Identity and Access Management in Serverless Computing

Congratulations to our lead student authors: (1) Wajih Ul Hassan, Klaus Zou, Dawei Wang, (2) Noor Michael, Jaron Mink, Jason Liu, Sneha Gaur, (3) Arnav Sankaran, and Pubali Datta!”

Our paper, “Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks,” has been accepted to the 27th ACM Conference on Computer and Communications Security (CCS’20)! Congrats to our lead author Riccardo Paccagnella!

Wajih Ul Hassan, our Lead Graduate Student in the Secure & Transparent Systems Lab, has been admitted to the Mavis Future Faculty Fellows Academy by the Grainger College of Engineering. Congrats Wajih!

Following an extensive job search spanning academia and industry, Benjamin E. Ujcich (Co-Advisors: William H. Sanders, Adam Bates) has accepted a tenure-track Assistant Professor position in Georgetown University’s Department of Computer Science. Ben will defend his dissertation soon and is thus due to be the first PhD graduate from our research group – we’re very proud of him!

Our paper, “Tactical Provenance Analysis for Endpoint Detection and Response Systems,” has been accepted to the 2020 IEEE Symposium on Security and Privacy (Oakland)! Congrats to our lead author Wajih Ul Hassan.

Following major revisions, we have yet-another paper accepted at NDSS’20 – “CUSTOS: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution.” Congrats to our student authors Riccardo Paccagnella, Pubali Datta, and Wajih Ul Hassan!

Our paper, “Valve: Securing Function Workfows on Serverless Computing Platforms,” has been accepted to the 2020 Web Conference. Congratulations to our lead author, Pubali Datta!”

Three of our papers have been accepted for publication at the 2020 ISOC Network and Distributed System Security Symposium (NDSS’20):

1. OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis
2. Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking
3. UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats

it’s going to be an exciting time in San Diego this February! Special congratulations to our lead student authors, respectively: Wajih Ul Hassan, Benjamin Ujcich, and Michael Han (Harvard).

Professor Bates appears in a Daily Illini article today about the dangers of widespread facial recognition. Many of the issues with social bias in face recognition, and their potential for abuse by attackers, are analogous to hose we recently explored in smart speaker technologies

Congratulations are due to Riccardo Paccagnella! His Masters Thesis, “Towards Trustworthy Foundations for Operating System Forensics,” has been accepted by the university. Following his Masters Degree, Riccardo will be studying hardware security with Professor Christopher Fletcher for his PhD.

Our paper, “Charting the Attack Surface of Trigger-Action IoT Platforms,” has been accepted to the 26th ACM Conference on Computer and Communications Security (CCS’19)! Congrats to lead authors Pubali Datta and Qi Wang.

We have a second article appearing in the July/August edition of IEEE Security & Privacy Magazine! Adam Bates and Wajih Ul Hassan breakdown the societal threat of APTs and explain how advancements in the audit literature can transform the way we defend organizations.

Wajih Ul Hassan, our Lead Graduate Student in the Secure & Transparent Systems Lab, has been recognized as a Heidelberg Laureate Forum Foundation Young Researcher and has been invited to attend the 7th Heidelberg Laureate Forum. Congrats Wajih!

Our paper, “Emerging Threats in IoT Voice Services”, will soon appear in the upcoming July/August edition of IEEE Security & Privacy magazine! Congrats to student authors Deepak Kumar, Riccardo Paccagnella, and Paul Murley.

Wajih Ul Hassan, our Lead Graduate Student in the Secure & Transparent Systems Lab, has been recognized as a 2019 Symantec Research Labs Graduate Fellow!

Our paper, “NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage,” will appear at the 26th ISOC Network and Distributed System Security Symposium (NDSS’19).

The University of Illinois is preparing to deploy mandatory campus-wide Two Factor Authentication for all university students. Today, the Daily Illini published a piece on the new security measures that includes commentary from me. You can access the article here.

Riccardo Paccagnella, a Masters student in the Secure & Transparent Systems Lab, has been inducted into the 2019 Class of the Siebel Scholars program! Established in 2000 by the Thomas and Stacey Siebel Foundation, the Siebel Scholars program awards grants to 16 universities in the United States, China, France, Italy and Japan.

A few weeks ago at USENIX Security’18, we reported on an emerging threat vector in the Internet of Things – voice-controlled devices like the Amazon Echo will sometimes misinterpret commands, a fact that can be exploited by an attacker to trick them into using a malicious app. Sean Gallagher, an IT Editor for Ars Techica, released an article today about this study. In a piece he calls Mad Skills, he profiles our work and also discusses some other recent findings pointing to the fact that voice-controlled device interfaces are increasingly insecure. Congrats to student authors Riccardo, Deepak, and Paul Murley for this awesome work and well-deserved exposure!

As students returned to town for the start of the Fall semester, we were glad to be able to get the word about our USENIX Security’18 paper that exposes the potential privacy risks of fitness trackers. Heather Schlitz of The Daily Illini, our campus newspaper, wrote a piece up about the work urging students to think before they post their exercise online. Additionally, [Jodi Heckel] of The News-Gazette wrote up a column on fitness trackers. We hear that Jodi has the ear of the jogging community around Champaign-Urbana, so we were particular excited about the long and detailed piece she released about our research. We hope that these articles will help athletes to better understand the privacy and safety risks of fitness trackers before they post workouts online.

The STS Lab has been analyzing the privacy mechanisms offered by fitness tracking services to see if they are effective. Unfortunately; they’re not – we uncovered that 95.1% of moderately active users of the popular “Privacy Zone” feature are at risk of having their protected locations broadcast to the Internet. Today, Professor Bates sat down with WAND TV to discuss the problem of fitness tracking privacy. You can find the news segment based on that discussion here.

We’re excited that our work on fitness tracking privacy is beginning to receive some media attention, which will help us get the word out to athletes using these services about this potential risk. The Illinois College of Engineering’s Marketing and Commmunications office published an article this week about our study</a. We’ve been working with several fitness tracking companies to address this problem. Strava and MapMyTracks have also written up blog posts about the issue and how they’ve worked to mitigate it. There’s likely more to come here; I’ll add an additional news post when there is more to share.

I recently sat down with Mike Koon and the Illinois Innovators Podcast to discuss the STS Lab’s work on tracing system intrusions using data provenance. Part of the discussion centers around the research goals of my recently-funded NSF Career award. You can listen to the conversation here.

In 2018, the Secure & Transparent Systems Lab will have presented work at all 4 major security conferences (NDSS’18, Oakland’18, Security’18, CCS’18).

Two of our papers have been accepted for publication at the 2018 ACM Conference on Computer and Communications Security (CCS):<ol><li>Cross-App Poisoning in Software-Defined Networking</li><li>Runtime Analysis of Whole-System Provenance</li></ol>

Our paper, “A Provenance Model for the European Union General Data Protection Regulation,” will appear during “Provenance Week 2018” at the 7th International Provenance and Annotation Workshop (IPAW’18).

Two of our papers have been accepted for publication at the 2018 USENIX Security Symposium:<ol><li>Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide?</li><li>Skill Squatting Attacks on Amazon Alexa</li></ol>

Very excited to announce that I have been awarded an NSF CAREER Award to investigate the design of scalable provenance-based monitoring and enforcement mechanisms! (link)

Our paper, “AliDrone: Enabling Trustworthy Proof-of-Alibi for Commercial Drone Compliance,” has been accepted at the 38th IEEE International Conference on Distributed Computing Systems (ICDCS’18).

I have been invited to serve on the program committee for the 2019 IEEE Symposium on Security and Privacy.

Our paper, “SoK: ‘Plug & Pray’ Today – Understanding USB Insecurity in Versions 1 through C,” has been accepted at the 39th IEEE Symposium on Security and Privacy (Oakland’18)!

I have been invited to serve on the program committee for the 2018 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’18).

I am honored to have been recognized as runner up for the 2017 ACM SIGSAC Doctoral Dissertation Award!

Two of our papers have been accepted for publication at the 2018 ISOC Network and Distributed System Security Symposium (NDSS’18):<ol><li>Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs</li><li>Fear and Logging in the Internet of Things</li></ol>

I have been invited to serve on the program committee for the 2018 USENIX Security Symposium.

I have been invited to serve on the program committee for the 2018 ISOC Network and Distributed System Security Symposium (NDSS’18).

I have received an NSF Research Initiation Initiative award as the principal investigator of the proposal “Transparent Capture and Aggregation of Secure Data Provenance for Smart Devices.”

I have been invited to serve on the Program Committee for 2017 USENIX Annual Technical Conference (ATC’17).

I have been invited to serve on the Program Committee for the 33nd Annual Computer Security Applications Conference (ACSAC’17).

I have been invited to serve on the Program Committee for the 24th ACM Conference on Computer and Communications Security (CCS’17).

Our paper, “Transparent Web Service Auditing via Network Provenance Functions,” has been accepted at the 26th World Wide Web Conference (WWW’17).

I have been invited to serve as the Program Committee Co-Chair for the 2017 USENIX Workshop on the Theory and Practice of Provenance (TaPP).

Our paper, “Leveraging Data Provenance to Enhance Cyber Resilience,” has been accepted to the 1st IEEE Cybersecurity Development Conference (SecDev ‘16).

Our paper, “ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices,” has been accepted to the 23rd ACM Conference on Computer and Communications Security (CCS’16).

Our paper, “Making USB Great Again with USBFILTER,” has been conditionally accepted by the 2016 USENIX Security Symposium.

I have been invited to serve as the Publicity Chair for the 2016 IEEE Symposium on Security & Privacy

I have been invited to serve on the program committee for the 2017 ISOC Network and Distributed System Security Symposium.

Today I successfully defended my dissertation, Designing and Leveraging Trustworthy Provenance-Aware Architectures. Many thanks to my committee and the rest of FICS for their advice and support!

I’m very excited to announce that I will be joining the faculty at the University of Illinois at Urbana-Champaign’s Computer Science Department as an Assistant Professor this coming fall.

Congratulations to my co-authors, Dave (Jing) Tian and Brad Reaves, for winning poster awards in the software and network security categories at the 1st Annual FICS Conference. The poster competition showcased 38 posters in the areas of hardware, software, and network security, and was judged by an independent committee of industry representatives.

Next week, I will be chairing the “Web Security” and “Potpourri (Part 2)” sessions at ACSAC 2015 in Los Angeles, CA.

On November 18th, I will be giving a talk at the Pennsylvania State University on our investigation of secure provenance-aware systems, titled “Designing and Leveraging Trustworthy Provenance-Aware Architectures.”

Source code for the Linux Provenance Modules project is now available:<ul><li>The Red Hat Kernel source code is available here.</li><li>The user space utilities needed by LPM are available here.</li><li>LPM support for the mainline Linux kernel is currently being finalized, and will be released shortly.</li></ul>

Wall Street Journal reporter Jennifer Valentino-DeVries has written a piece on our analysis of branchless banking applications. It is available here.

Our paper, “GoodUSB -or- How I Learned To Stop Worrying and Love the Rubber Duck,” has been conditionally accepted 31st Annual Computer Security Applications Conference (ACSAC’15).

Our paper, “Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs,” has been accepted at the 7th International Workshop on Theory and Practice of Provenance.

I have been invited to serve as the Web Chair on the Organizing Committee for the 2016 IEEE Symposium on Security & Privacy

Three of our papers have been accepted for publication at the 2015 USENIX Security Symposium:<ol><li>Trustworthy Whole-System Provenance for the Linux Kernel</li><li>Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World</li><li>Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge.</li></ol>

I have successfully proposed my dissertation, titled “Designing and Leveraging a Trustworthy Provenance Stack.” It has been accepted by my committee and I have advanced to candidacy.

I have accepted a summer internship offer to return to MIT Lincoln Laboratory, where we will be continuing to collaborate on building secure provenance-aware systems.

On January 9th, I will be giving a talk at Carleton University on our work on SSL security, titled “Practical Trust Advancements in the SSL/TLS Ecosystem.”