My research focuses on the security of computer systems and networks. Recent work in my group has included understanding the security of portable storage and the USB interface, establishing the trustworthiness of data and maintaing its provenance, mobile phone security, protection of Internet traffic and the SSL infrastructure, and attacks and defenses against the cloud infrastructure. Some of my other research areas of interest include security in interdomain routing, propagation of malicious code through the Internet, applied cryptosystems, and using secure hardware to enforce systems security. I lead systems security research within the Florida Institute for Cybersecurity Research and am formerly co-director of the Southeastern Security for Enterprise and Infrastructure (SENSEI) Center at the University of Florida, which I joined in 2014 as part of the UF Rising to Preeminence Hiring Program. I received a National Science Foundation CAREER award in 2013, and am a Senior Member of the IEEE and ACM.
Note: We are building a world-class security research group at the University of Florida. I am looking for strong students with an interest in systems security. Students must have a strong technical background, be comfortable with systems work, and be willing to work hard. If you are not at student at the University of Florida and you are interested in my research, please apply to the program.
Our paper "SOK: ``Plug and Pray'' Today -- Understanding USB Insecurity in Versions 1 through C", was accepted for publication at the 2018 IEEE Symposium on Security and Privacy.
Our paper "Sonar: Detecting SS7 Redirection Attacks With Audio-Based Distance Bounding", was accepted for publication at the 2018 IEEE Symposium on Security and Privacy.
I am delighted to be serving as technical program co-chair of ACM WiSec 2018. Please send your excellent work in securing wireless and mobile networks and applications to WiSec: the deadline for submissions is March 1, 2018.
Our paper "FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution Storage Devices" was accepted for publication at the 2017 ACM Conference on Computer and Communications Security (CCS).
Our paper "Transparent Web Service Auditing via Network Provenance Functions" was accepted for publication at the 2017 World Wide Web Conference (WWW).
Our paper "ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices" was accepted for publication at the 2016 ACM Conference on Computer and Communications Security (CCS).
Our paper "Making USB Great Again with USBFILTER" was accepted for publication at the 2016 USENIX Security Symposium.
Congratulations to my first two graduating PhD students, Benjamin Mood and Adam Bates. Adam will be Assistant Professor of Computer Science at the University of Illinois at Urbana-Champaign this fall, while Benjamin will be Assistant Professor of Computer Science at Point Loma Nazarene University.
Our paper "Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways" was accepted for publication at the 2016 IEEE Symposium on Security and Privacy (the Oakland conference).
Our paper "Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation" was accepted for publication at the 1st IEEE European Symposium on Security and Privacy (Euro S&P 2016).
Our papers "Trustworthy Whole-System Provenance for the Linux Kernel" and "Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World" were accepted for publication at the 2015 USENIX Security Symposium.More News
"You must be the change you wish to see in the world."
— Mohandas Gandhi