• Publications
  • Influence
Comprehensive Experimental Analyses of Automotive Attack Surfaces
TLDR
This work discovers that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft.
Defending Against Neural Fake News
TLDR
A model for controllable text generation called Grover, found that best current discriminators can classify neural fake news from real, human-written, news with 73% accuracy, assuming access to a moderate level of training data, and the best defense against Grover turns out to be Grover itself, with 92% accuracy.
Detecting and Defending Against Third-Party Tracking on the Web
TLDR
This work develops a client-side method for detecting and classifying five kinds of third-party trackers based on how they manipulate browser state, and finds that no existing browser mechanisms prevent tracking by social media sites via widgets while still allowing those widgets to achieve their utility goals, which leads to a new defense.
Who's In Control?: Interactions In Multi-User Smart Homes
TLDR
An outsized role of the person who installs devices in terms of selecting, controlling, and fixing them; negotiations between parents and children; and minimally voiced privacy concerns among co-occupants are observed.
End User Security and Privacy Concerns with Smart Homes
TLDR
G gaps in threat models arising from limited technical understanding of smart homes, awareness of some security issues but limited concern, ad hoc mitigation strategies, and a mismatch between the concerns and power of the smart home administrator and other people in the home are identified.
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
TLDR
This paper takes the approach of user-driven access control, whereby permission granting is built into existing user actions in the context of an application, rather than added as an afterthought via manifests or system prompts.
Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016
TLDR
It is discovered that third- party tracking on the web has increased in prevalence and complexity since the first third-party tracker that was observed in 1996, and the spread of the most popular trackers to an increasing percentage of themost popular sites on the internet.
Security and privacy for augmented reality systems
TLDR
AR systems pose potential security concerns that should be addressed before the systems become widespread, and these concerns are addressed before they become widespread.
Securing Embedded User Interfaces: Android and Beyond
TLDR
This paper explores the requirements for a system to support secure embedded user interfaces by systematically analyzing existing systems like browsers, smartphones, and research systems and evaluates the implementation using case studies that rely on embedded interfaces.
Experimental Security Analysis of a Modern Automobile
TLDR
It is demonstrated that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems and present composite attacks that leverage individual weaknesses.
...
1
2
3
4
5
...