1. 11 March 2026

   Congratulations to Dr. Anna Crowder, who defended her dissertation on dataset reuse and sharing in the computer security community.

2. 28 April 2025

   Thank you to the University of Florida Research Foundation for awarding me a UFRF Professorship.

3. 1 August 2022

   We are very grateful to the National Science Foundation for awarding us a Secure and Trustworthy Cyberspace Frontiers grant to create the Center for Security and Privacy for Marginalized and Vulnerable Populations (PRISM).

4. 9 August 2019

   Congratulations to Dr. Dave Tian, who graduated with his PhD. Dave is joining Purdue University as an Assistant Professor of Computer Science.

5. 17 December 2018

   I am extremely honored to be named the Arnold and Lisa Goldberg Rising Star Associate Professor in Computer Science. Thank you to Arnold and Lisa Goldberg for generously endowing this professorship and supporting computer science at the University of Florida.

6. 27 November 2018

   Our paper "LBM: A Security Framework for Peripherals within the Linux Kernel" was accepted for publication at the 2019 IEEE Symposium on Security and Privacy (Oakland).

7. 9 November 2018

   Our papers "Digital Healthcare-Associated Infection Analysis of a Major Multi-Campus Hospital System" and "Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems" were accepted for publication at the 2019 ISOC Symposium on Network and Distributed Systems Security (NDSS).

8. 30 October 2018

   I am honored to be named a University of Florida Term Professor.

9. 23 July 2018

   Our paper "Mitigating Risk while Complying with Data Retention Laws" was accepted for publication at the 2018 ACM Conference on Computer and Communications Security (CCS).

10. 2 May 2018

    Our paper "ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands within the Android Ecosystem" was accepted for publication at the 2018 USENIX Security Symposium. Read more about this work, which was widely covered by media outlets including Wired.

11. 9 April 2018

    Congratulations to my PhD students Grant Hernandez and Dave Tian for winning first and second place at the SEC Academic Conference's poster competition.

12. 9 April 2018

    Congratulations to my former PhD student, Adam Bates, who won an NSF CAREER award. Adam also received the ACM SIGSAC Doctoral Dissertation Runner-Up Award in October for his outstanding thesis.

13. 25 January 2018

    Our papers "SoK: “Plug and Pray” Today — Understanding USB Insecurity in Versions 1 through C" and "Sonar: Detecting SS7 Redirection Attacks With Audio-Based Distance Bounding" were accepted for publication at the 2018 IEEE Symposium on Security and Privacy.

14. 7 August 2017

    I am delighted to be serving as technical program co-chair of ACM WiSec 2018. Please send your excellent work in securing wireless and mobile networks and applications to WiSec: the deadline for submissions is March 1, 2018.

15. 3 August 2017

    Our paper "FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution" was accepted for publication at the 2017 ACM Conference on Computer and Communications Security (CCS).

16. 19 December 2016

    Our paper "Transparent Web Service Auditing via Network Provenance Functions" was accepted for publication at the 2017 World Wide Web Conference (WWW).

17. 22 July 2016

    Our paper "ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices" was accepted for publication at the 2016 ACM Conference on Computer and Communications Security (CCS).

18. 12 May 2016

    Our paper "Making USB Great Again with USBFILTER" was accepted for publication at the 2016 USENIX Security Symposium.

19. 1 May 2016

    Congratulations to my first two graduating PhD students, Benjamin Mood and Adam Bates. Adam will be Assistant Professor of Computer Science at the University of Illinois at Urbana-Champaign this fall, while Benjamin will be Assistant Professor of Computer Science at Point Loma Nazarene University.

20. 7 February 2016

    Our paper "Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways" was accepted for publication at the 2016 IEEE Symposium on Security and Privacy (the Oakland conference).

21. 28 October 2015

    Our paper "Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation" was accepted for publication at the 1st IEEE European Symposium on Security and Privacy (Euro S&P 2016).

22. 12 May 2015

    Our papers "Trustworthy Whole-System Provenance for the Linux Kernel" and "Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World" were accepted for publication at the 2015 USENIX Security Symposium.

23. 23 July 2014

    Our papers "Securing SSL Certificate Verification through Dynamic Linking" and "Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values" were accepted for publication at the 2014 ACM Conference on Computer and Communication Security (CCS).

24. 27 January 2014

    Our paper "Accountable Wiretapping — or — I know that they can hear you now" was accepted for publication in the Journal of Computer Security.

25. 1 November 2013

    Our paper "Leveraging USB to Establish Host Identity Using Commodity Devices" was accepted for publication at the 2014 Symposium on Network and Distributed Systems Security (NDSS).

26. 25 April 2013

    Our papers "Secure Outsourced Garbled Circuit Evaluation for Mobile Devices" and "PCF: A Portable Circuit Format For Scalable Two-Party Secure Computation" were accepted for publication at the 2013 USENIX Security Symposium.

27. 16 August 2012

    Our papers "Abusing Cloud-based Browsers for Fun and Profit" and "Hi-Fi: Collecting High-Fidelity Whole-System Provenance" were accepted for publication at the Annual Computer Security Applications Conference (ACSAC 2012).

28. 13 August 2012

    Our paper "Detecting Co-Residency with Active Traffic Analysis Techniques" was accepted for publication at the ACM Cloud Computing Workshop (CCSW’12).

29. 12 April 2012

    I was invited to join the technical program committee of the 2012 European Symposium on Research in Computer Security (ESORICS).

30. 9 February 2012

    I was invited to join the technical program committee of the 28th Annual Computer Security Applications Conference (ACSAC).

31. 2 December 2011

    I have been invited to serve on the technical program committee for the 2012 USENIX Workshop on Hot Topics in Security (HotSec’12).

32. 15 November 2011

    Our paper "Memory-Efficient Garbled Circuit Generation for Mobile Devices" was accepted for publication at the International Conference on Financial Cryptography and Data Security (FC 2012).

33. 19 October 2011

    Our paper "Accountable Wiretapping — or — I Know They Can Hear You Now" was accepted for publication at the ISOC Network and Distributed System Security Symposium (NDSS 2012).

34. 20 July 2011

    I have received an NSF Trustworthy Computing Small award as the principal investigator of the proposal “Protection Mechanisms for Portable Storage”.

35. 14 July 2011

    I was invited to join the technical program committee of the 2012 IEEE Symposium on Security and Privacy.

36. 16 April 2011

    Our paper "Host Identification via USB Fingerprinting" was accepted as a full paper at SADFE 2011.

37. 5 April 2011

    I organized the first annual Computer Security Day at the University of Oregon. Photos from the 2011 Oregon Security Day are now available in the photo gallery.

38. 21 February 2011

    I have received a DARPA award as a co-principal investigator of the proposal “Characterizing and Implementing Efficient Primitives for Privacy-Preserving Computation.”

39. 15 February 2011

    Our paper "Scalable Web Content Attestation" was accepted for publication in IEEE Transactions on Computers.

40. 24 January 2011

    I was invited to join the technical program committee of the 27th Annual Computer Security Applications Conference (ACSAC).

41. 1 September 2010

    I will be speaking at the 2010 Northeast Forensics Exchange Workshop (NeFX 2010) in Washington, DC, on 13 September.

42. 13 August 2010

    Our papers "Kells: A Protection Framework for Portable Data" and "Porscha: Policy Oriented Secure Content Handling in Android" were accepted for publication at ACSAC 2010.

43. 8 May 2010

    I will be the Publicity Chair for ACSAC 2010, to be held this December in Austin, TX. Please consider submitting a paper, proposing a panel, giving a tutorial, and attending the conference! The call for participation is available here.

44. 6 April 2010

    Our paper "OS Security Architectures Built on Smart Disks" was accepted for publication in IEEE Security and Privacy magazine.

45. 28 January 2010

    I am a recipient of the Penn State Alumni Association Dissertation Award.

46. 23 January 2010

    Our paper "Towards a Secure and Efficient System for End-to-End Provenance" was accepted at TaPP’10.

47. 27 November 2009

    I gave a talk on "Rootkit-Resistant Disks" for the Security Reading Group at the University of Toronto.

48. 25 November 2009

    I gave a Digital Security Seminar talk at Carleton University in Ottawa on our work "Rootkit-Resistant Disks".

49. 21 November 2009

    I have been selected to be a member of the ACM SIGMETRICS shadow program committee.

50. 4 November 2009

    I have been invited to serve on the program committee for the Fifth International Conference on Internet Monitoring and Protection (ICIMP 2010) to be held in Barcelona, Spain, in May 2010. A number of topics are in focus, including Internet performance and measurement, real-time system security, DRM, emergency networks, and others. Submissions are due on 10 December 2009.

51. 18 September 2009

    Our paper "U Can't Touch This: Protections for Portable Storage" was accepted for publication at the International Workshop on Software Support for Portable Storage (IWSSPS 2009).

52. 26 August 2009

    Our paper "Scalable Web-Based Attestation" was accepted for publication at ACSAC 2009.

53. 17 August 2009

    Our paper "A Survey of BGP Security Issues and Solutions" was accepted for publication in the journal Proceedings of the IEEE.

54. 7 August 2009

    Our paper "malnets: Large-Scale Malicious Networks via Compromised Wireless Access Points" was accepted for publication in the journal Security and Communication Networks.

55. 23 July 2009

    I have been invited to serve on the program committee for the Fifth International Conference on Availability, Reliability and Security (ARES 2010) to be held in Krakow, Poland, in February 2010. Submissions are due on 1 September 2009.

56. 6 February 2009

    I was awarded a Symantec Research Labs Graduate Fellowship.

57. 1 May 2009

    I received the Graduate Research Assistant Award from the Computer Science and Engineering Department.

58. 27 March 2009

    I have been invited to serve on the program committee for the Fifth International Conference on Information Systems Security (ICISS 2009) to be held in Kolkata, India, in May 2009. Submissions are due on 15 July 2009.

59. 7 November 2008

    Our paper "Leveraging Identity-based Cryptography for Node ID Assignment in Structured P2P Systems" was accepted for publication in IEEE Transactions on Parallel and Distributed Systems.

60. 3 October 2008

    I won a travel grant to attend the 2008 ACM Conference on Computer and Communications Security in Alexandria, VA.

61. 16 September 2008

    I have been invited to serve on the program committee for the Fifth International Workshop on Security in Systems and Networks (SSN 2009) to be held in Rome, Italy in May 2009.

62. 18 August 2008

    Our paper "Defending Against Attacks on Main Memory Persistence" was accepted for publication at ACSAC 2008.

63. 2 July 2008

    Our paper "Rootkit-Resistant Disks" was accepted for publication at CCS 2008.

64. 2 June 2008

    I have been invited to serve on the program committee for the Fourth International Conference on Availability, Reliability and Security (ARES 2009) to be held in Fukuoka, Japan in March 2009.

65. 21 May 2008

    Our paper "Systemic Issues in the Hart InterCivic and Premier Voting System: Reflections Following Project EVEREST" was accepted for publication at the 2008 USENIX/ACCURATE Electronic Voting Workshop.

66. 12 May 2008

    I will be interning at Seagate Research in Pittsburgh, PA this summer.

67. 21 April 2008

    I won a travel grant to attend the 2008 IEEE Symposium on Security and Privacy in Oakland, CA.

68. 1 April 2008

    I have been invited to serve on the program committee for the 4th International Conference on Information Systems Security (ICISS 2008) to be held in Hyderabad, India, in December 2008.

69. 20 February 2008

    I have been invited to serve on the program committee for the 38th IEEE/IFIP Conference on Dependable Systems and Networks (DSN 2008), Fast Abstracts Track. The conference will be held from 24–27 June 2008 in Anchorage, AK. The CFP for the Fast Abstracts track may be found here.

70. 14 December 2007

    The Ohio Secretary of State has released the EVEREST election system report from the academic team, of which I was a participant. The report can be retrieved here. The team prepared the following statement about the report and its findings, and will make no other public statements at this time.

71. 28 November 2007

    I have been invited to serve on the program committee for the 2nd IEEE International Workshop on Security in Software Engineering (IWSSE 2008). More information about the workshop will soon be available.

72. 7 November 2007

    I have been invited to serve on the program committee for the 3rd International Workshop on Security (IWSEC 2008), to be held from 25–27 November 2008 in Kagawa, Japan.

73. 5 November 2007

    Our paper "Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems" was accepted for publication at NDSS 2008.

74. 2 November 2007

    I gave a talk "Non-Volatile Memory and Disks: Avenues for Policy Architectures" at CSAW 2007 in Fairfax, VA.

75. 24 October 2007

    I won an Indo-US Science and Technology Forum (IUSSTF) travel award for my work with ICISS 2007.

76. 12 September 2007

    I have been invited to serve on the program committee for the 2nd International Workshop on Secure Software Engineering (SecSE’08) to be held from 4–7 March 2007 in Barcelona, Spain.

77. 4 September 2007

    I have been invited to serve on the program committee for the Third International Conference on Availability, Reliability and Security (ARES 2008), to be held from 4–7 March 2008 in Barcelona, Spain. Please see the call for papers for more information.

78. 22 August 2007

    I have been named the submissions chair for the 2008 IEEE Symposium on Security and Privacy, to be held in Oakland, CA, USA in May 2008. Submissions are due November 9, 2007; see the CFP for more details.

79. 16 August 2007

    I have been made a publicity co-chair for the First International Conference on Information Security and Assurance (ISA 2008). More information about submitting to this conference may be found here.

80. 10 August 2007

    I gave a short talk "Leveraging Non-Volatile Memory for Storage Security" at the USENIX Security Symposium’s Works in Progress session in Boston, MA.

81. 29 July 2007

    Our paper "Non-Volatile Memory and Disks: Avenues for Policy Architectures" was accepted for publication at the 1st Computer Security Architecture Workshop (CSAW), to be held in conjunction with CCS 2007.

82. 26 July 2007

    I have been invited to serve on the program committee for the 14th ACM Symposium on Communications and Computer Security (CCS 2007), Industry and Government Track.

83. 26 July 2007

    Our short paper "Towards Automatic Privilege Separation" was accepted for publication at ICISS 2007.

84. 23 July 2007

    I have been invited to serve on the program committee for the First International Conference on Information Security and Assurance (ISA 2008), to be held in March 2007 in Busan, Korea. More information, including the call for papers, can be found at http://www.sersc.org/ISA2008/.

85. 5 July 2007

    I won a student travel grant for the USENIX Security Symposium in Boston, MA.

86. 3 July 2007

    I presented our paper "Analysis of the IPv4 Address Delegation Structure" at ISCC’07 in Aveiro, Portugal.

87. 31 May 2007

    I gave an invited talk "Performance Optimizations in IPSec for iSCSI Storage Systems" at the SNIA Summer Storage Security Summit in Pittsburgh, PA.

88. 13 May 2007

    Our paper "Email Communities of Interest" has been accepted at CEAS 2007.

89. 23 March 2007

    I have been invited to serve on the program committee for the 2007 Conference on Future Generation Communication and Networking (FGCN 2007), to be held in December 2007 in Jeju Island, Korea. More information, including the call for papers, can be found at http://www.sersc.org/FGCN2007/.

90. 2 March 2007

    Our paper "Analysis of the IPv4 Address Delegation Structure" has been accepted at ISCC’07.

91. 2 February 2007

    Our paper "Leveraging Identity-based Cryptography for Node ID Assignment in Structured P2P Systems" has been accepted at SSNDS’07.

92. 2 January 2007

    I will be the Submission and Website Chair and will serve on the program committee for the Third International Conference on Information Systems Security (ICISS 2007) to be held in December in Delhi, India. The call for papers and more information can be found at http://siis.cse.psu.edu/iciss07.

93. 14 December 2006

    I have been invited to serve on the program committee for the First IEEE International Workshop on Security in Software Engineering (IWSSE 2007) to be held in conjunction with the 31st COMPSAC in Beijing, China, in July 2007. The official call for papers is forthcoming and more information will soon be available.

94. 2 November 2006

    I presented our paper "Optimizing BGP Security by Exploiting Path Stability" at CCS’06.

95. 24 September 2006

    I have been invited to serve on the program committee for the Second International Workshop on Security (IWSEC 2007), to be held in Nara, Japan, in October 2007. More information, including the call for papers, can be found at http://www.iwsec.org.

96. 18 September 2006

    I will be serving on the program committee for the Third International Workshop on Security in Systems and Networks (SSN’07), to be held in Long Beach, CA, in March 2007, in conjunction with IEEE IPDPS 2007. More information, including the call for papers, can be found at http://www.cse.msu.edu/~lxiao/ssn07.

97. 8 August 2006

    Our paper "Design, implementation and evaluation of security in iSCSI-based network storage systems" was accepted at the StorageSS 2006 workshop.

98. 31 July 2006

    Our paper "Privacy Preserving Web-Based Email" was accepted at ICISS 2006.

99. 21 July 2006

    Our paper "Optimizing BGP Security by Exploiting Path Stability" was accepted at ACM CCS 2006.

100. 7 July 2006

     I will be serving on the program committee for the Second International Conference on Availability, Reliability and Security (AReS 2007), to be held next April in Vienna, Austria. Submissions are due in September, and more information can be found here.

101. 4 May 2006

     I will be instructing CSE 458, the senior undergraduate networking class, this summer in conjunction with Lisa Johansen.

102. 24 April 2006

     I have been awarded a Pennsylvania State University Graduate Fellowship. Many thanks to Dr. McDaniel, my advisor, for nominating me, Dr. Narayanan, the graduate officer, for seconding the nomination, and Dr. Acharya, department head, for approving me as a nominee for CSE.