Adam Bates

Associate Professor
Google Scholar

Adam Bates is an Associate Professor at the University of Illinois at Urbana-Champaign, where he joined the Computer Science Department in 2016. He is also an affiliate faculty in the Electrical & Computer Engineering Department. He received his PhD from the University of Florida, where he was advised by Professor Kevin Butler in the study of computer systems and cyber security in the newly-formed Florida Institute for Cybersecurity Research. Adam has conducted research on a variety of security topics, including SSL/TLS, cloud computing, USB attack vectors, financial services, and telephony infrastructure. He is best known for his work in the area of data provenance, particularly the construction of secure provenance-aware systems. He received the NSF CISE Research Initiation Initiative award in 2017, NSF Early Career Award in 2018, and served as Program Chair for the 2017 Workshop on the Theory and Practice of Provenance (TaPP).

Papers published with the STS Lab

SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions

Characterizing Everyday Misuse of Smart Home Devices

Sometimes, You Aren't What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems

FAuST: Striking a Bargain between Forensic Auditing's Security and Throughput

Towards Efficient Auditing for Real-Time Systems

Equivocal URLs: Understanding the Fragmented Space of URL Parser Implementations

ALASTOR: Reconstructing the Provenance of Serverless Intrusions

Transparent DIFC: Harnessing Innate Application Event Logging for Fine-Grained Decentralized Information Flow Control

Users Can Deduce Sensitive Locations Protected by Privacy Zones on Fitness Tracking Apps

Forensic Analysis of Configuration-based Attacks

Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks

muSCOPE: A Methodology for Analyzing Least-Privilege Compartmentalization in Large Software Artifacts

Causal Analysis for Software-Defined Networking Attacks

SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless Computing

Workflow Integration Alleviates Identity and Access Management in Serverless Computing

This is Why We Can't Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage

On the Forensic Validity of Approximated Audit Logs

Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks

Provenance for Intent-Based Networking

Tactical Provenance Analysis for Endpoint Detection and Response Systems

Valve: Securing Function Workfows on Serverless Computing Platforms

UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats

OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis

CUSTOS: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution

Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking

Charting the Attack Surface of Trigger-Action IoT Platforms

Emerging Threats in IoT Voice Services

Can Data Provenance Put an End to the Data Breach?

NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage

Runtime Analysis of Whole-System Provenance

Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide?

Skill Squatting Attacks on Amazon Alexa

AliDrone: Enabling Trustworthy Proof-of-Alibi for Commercial Drone Compliance

SoK: 'Plug and Pray' Today -- Understanding USB Insecurity in Versions 1 through C

Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs

Fear and Logging in the Internet of Things

Taming the Costs of Trustworthy Provenance through Policy Reduction

Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications

A Provenance Model for the European Union General Data Protection Regulation

Towards an Accountable Software-Defined Networking Architecture

Transparent Web Service Auditing via Network Provenance Functions

Leveraging Data Provenance to Enhance Cyber Resilience

ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices

Secure and Trustworthy Provenance Collection for Digital Forensics

Making USB Great Again with USBFILTER

Defending Against Malicious USB Firmware with GoodUSB

Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge

Trustworthy Whole-System Provenance for the Linux Kernel

Mo(bile) Money, Mo(bile) Problems:Analysis of Branchless Banking Applications in the Developing World

Take Only What You Need:Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs

Accountable Wiretapping -or- I Know They Can Hear You Now

Securing SSL Certificate Validation through Dynamic Linking

Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale

On Detecting Co-Resident Cloud Instances Using Network Flow Watermarking Techniques

Leveraging USB to Establish Host Identity Using Commodity Devices

Let SDN Be Your Eyes: Secure Forensics in Data Center Networks

Towards Secure Provenance-based Access Control in Cloud Environments

Detecting Co-Residency with Active Traffic Analysis Techniques

Accountable Wiretapping -or- I Know They Can Hear You Now