• Publications
  • Influence
PScout: analyzing the Android permission specification
TLDR
An analysis of the permission system of the Android smartphone OS is performed and it is found that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permissions specification as the Android OS evolves.
Architectural support for copy and tamper resistant software
TLDR
The hardware implementation of a form of execute-only memory (XOM) that allows instructions stored in memory to be executed but not otherwise manipulated is studied, indicating that it is possible to create a normal multi-tasking machine where nearly all applications can be run in XOM mode.
Prochlo: Strong Privacy for Analytics in the Crowd
TLDR
A principled systems architecture---Encode, Shuffle, Analyze (ESA), which extends existing best-practice methods for sensitive-data analytics, by using cryptography and statistical techniques to make explicit how data is elided and reduced in precision, how only common-enough, anonymous data is analyzed, and how this is done for specific, permitted purposes.
Implementing an untrusted operating system on trusted hardware
TLDR
This paper discusses the experience with building such a platform using a traditional time-sharing operating system executing on XOM, a processor architecture that provides copy protection and tamper-resistance functions and describes techniques for providing traditional operating systems services in this context.
IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware
TLDR
The research in this paper was supported by an NSERC CGS-M scholarship, a Bell Graduate scholarship, an NSERC Discovery grant, an ORF-RE grant, and a Tier 2 Canada Research Chair.
Hypervisor Support for Identifying Covertly Executing Binaries
TLDR
Because Patagonix makes no assumptions about the OS kernel, it can identify code from application and kernel binaries on both Linux and Windows XP, and introduces less than 3% overhead on most applications.
Splitting interfaces: making trust between applications and operating systems configurable
TLDR
The design and implementation of Proxos is described, a system that allows applications to configure their trust in the OS by partitioning the system call interface into trusted and untrusted components.
Machine Unlearning
TLDR
This work introduces SISA training, a framework that decreases the number of model parameters affected by an unlearning request and caches intermediate outputs of the training algorithm to limit thenumber of model updates that need to be computed to have these parameters unlearn.
Specifying and verifying hardware for tamper-resistant software
We specify a hardware architecture that supports tamper-resistant software by identifying an "idealized" model, which gives the abstracted actions available to a single user program. This idealized
A buffer overflow benchmark for software model checkers
TLDR
A publicly-available benchmark suite is presented to help guide and evaluate research into software model checking based on abstraction-refinement for buffer overflow detection and a preliminary evaluation of the benchmark is given using the SatAbs model checker.
...
...