April 8, 2024: Our paper, Pairing Security Advisories with Vulnerable Functions Using Open-Source LLMs has been accepted for publication at the 2024 Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA).
March 23, 2024: Our paper, 5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network Functions has been accepted for publication at the 2024 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
March 12, 2024: Our paper, VFCFinder: Pairing Security Advisories and Patches has been accepted for publication at the 2024 ACM ASIA Conference on Computer and Communications Security (AsiaCCS).
February 29, 2024: We received a distinguished paper award at NDSS for our paper, UntrustIDE: Exploiting Weaknesses in VS Code Extensions.
February 26, 2024: Our paper, Examining Cryptography and Randomness Failures in Open-Source Cellular Cores has been accepted for publication at the 2024 ACM Conference on Data and Application Security and Privacy (CODASPY).
January 23, 2024: Our paper, GRASP: Hardening Serverless Applications through Graph Reachability Analysis of Security Policies Ex has been accepted for publication at The Web Conference 2024.
November 1, 2023: Our paper, UntrustIDE: Exploiting Weaknesses in VS Code Extensions has been accepted for publication at the 2024 ISOC Network and Distributed Systems Symposium (NDSS).
June 5, 2023: Our paper, ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions has been accepted for publication at the 2023 USENIX Security Symposium.
April 14, 2023: Our paper, MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy has been accepted for publication at the 2023 ACM Symposium on Access Control Models and Technologies (SACMAT).
April 7, 2023: Our paper, It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security has been accepted for publication at the 2023 IEEE Symposium on Security and Privacy (S&P).
April 3, 2023: Our paper, Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis has been accepted for publication at the 2023 IEEE European Symposium on Security and Privacy (EuroS&P).
September 2, 2022: Our paper, Analysis of Payment Service Provider SDKs in Android has been accepted for publication at the 2022 Annual Computer Security Applications Conference (ACSAC).
August 1, 2022: We were awarded a $9M grant from the National Science Foundation for our SaTC Frontiers project titled "Enabling a Secure and Trustworthy Software Supply Chain".
June 8, 2022: We were awarded Best Student Paper at ACM SACMAT 2022 for our paper, Removing the Reliance on Perimeters for Security using Network Views.
April 9, 2022: Our paper, Removing the Reliance on Perimeters for Security using Network Views has been accepted for publication at the 2022 ACM Symposium on Access Control Models and Technologies (SACMAT).
April 8, 2022: Our poster, A Study of Security Weaknesses in Android Payment Service Provider SDKs won the HoTSoS 2022 Best Poster Award.
February 21, 2022: Our paper, ALASTOR: Reconstructing the Provenance of Serverless Intrusions has been accepted for publication at the 2022 USENIX Security Symposium.
January 15, 2022: Our paper, A Study of Application Sandbox Policies in Linux has been accepted for publication at the 2022 ACM Symposium on Access Control Models and Technologies (SACMAT).
September 24, 2021: Our paper, FReD: Identifying File Re-Delegation in Android System Services has been accepted for publication at the 2022 USENIX Security Symposium.
April 17, 2021: Our paper, SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless Computing has been accepted for publication at the 2021 ACM Symposium on Access Control Models and Technologies (SACMAT).
February 25, 2021: Our paper A First Look at Scams on YouTube received the the "Runner-up best paper award" at the 2021 Workshop on Measurements, Attacks, and Defenses for the Web.
February 12, 2021: Our paper, PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems has been accepted for publication at the 2021 USENIX Security Symposium.
December 22, 2020: Our paper, Role-Based Deception in Enterprise Networks, has been accepted for publication at the 2021 ACM Conference on Data and Application Security and Privacy (CODASPY).
December 16, 2020: Our paper, "Did you know this camera tracks your mood?": Understanding Privacy Expectations and Preferences in the Age of Video Analytics, has been accepted for publication at the 2021 Proceedings on Privacy Enhancing Technologies (PoPETs).
October 24, 2020: Our paper, Understanding the Privacy Implications of Adblock Plus's Acceptable Ads has been accepted for publication at the ACM ASIA Conference on Computer and Communications Security (ASIACCS).
October 22, 2020: Our paper, Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem has been accepted for publication at the 2021 ISOC Network and Distributed Systems Sym posium (NDSS).
September 18, 2020: Our paper, LeakyPick: IoT Audio Spy Detector has been accepted for publication at the 2020 Annual Computer Security Applications Conference (ACSAC).
August 12, 2020: Our paper “Who’s Calling: Characterizing Robocalls through Audio and Metadata Analysis” received a Distinguished Paper Award and the Internet Defense Prize at the 2020 Usenix Security Symposium.
February 21, 2020: Our paper, Cardpliance: PCI DSS Compliance of Android Applications has been accepted for publication at the 2020 USENIX Security Symposium.
November 30, 2019: Our paper, n-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications, has been accepted for publication at the 2020 ACM Conference on Data and Application Security and Privacy (CODASPY).
November 27, 2019: Our paper, PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play, has been accepted for publication at the 2020 USENIX Security Symposium.
September 2, 2019: Our paper, Thou Shalt Discuss Security: Quantifying the Impacts of Instructions to RFC Authors, has been accepted for publication at the 2019 Conference on Security Standards Research (SSR).
May 24, 2019: Our paper, PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play, has been accepted for publication at the 2019 USENIX Security Symposium.
May 16, 2019: We were awarded Best Paper at ACM WiSec 2019 for our paper, Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things.
April 30, 2019: Our paper, Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS, has been accepted for publication at the 2020 IEEE Symposium on Security and Privacy (S&P).
March 5, 2019: Our paper, HomeSnitch: Behavior Transparency and Control for Smart Home IoT Devices, has been accepted for publication at the 2019 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
March 5, 2019: Our paper, ARF: Identifying Re-Delegation Vulnerabilities in Android System Services, has been accepted for publication at the 2019 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
March 5, 2019: Our paper, Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things, has been accepted for publication at the 2019 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
March 5, 2019: Our short paper, Hestia: Simple Least Privilege Network Policies for Smart Homes, has been accepted for publication at the 2019 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
November 27, 2018: Our paper, ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware, has been accepted for publication at the 2019 ACM Conference on Data and Application Security and Privacy (CODASPY).
March 2, 2018: Our paper, iOracle: Automated Evaluation of Access Control Policies in iOS, has been accepted for publication at the 2018 ACM Asia Conference on Computer and Communications Security (ASIACCS).
January 18, 2018: Our paper, PivotWall: SDN-Based Information Flow Control, has been accepted for publication at the 2018 ACM Symposium on SDN Research (SOSR).
August 19, 2017: Our paper, Analysis of SEAndroid Policies: Combining MAC and DAC in Android, has been accepted for publication at the 2017 Annual Computer Security Applications Conference (ACSAC).
May 2, 2017: Our paper, UiRef: Analysis of Sensitive User Inputs in Android Applications, has been accepted for publication at the 2017 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
April 4, 2017: We received a Distinguished Paper Award for our paper, SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android at ASIACCS 2017.
February 15, 2017: Congratulations to PhD student, Adwait Nadkarni, for passing his final disseratation defense.
February 6, 2017: Our paper, Sublinear Zero-Knowledge Arguments for RAM Programs, has been accepted for publication in the 36th Annual Eurocrypt Conference (Eurocrypt 2017) .
January 25, 2017: Our paper, SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android, has been accepted for publication at the 2017 ACM Asia Conference on Computer and Communications Security (ASIACCS).
December 12, 2016: Our paper, A Study of Security Vulnerabilties on Docker Hub, has been accepted for publication at the 2017 ACM Conference on Data and Application Security and Privacy (CODASPY).
November 17, 2016: Congratulations to Masters student, Akash Verma, for passing his masters defense.
October 22, 2016: Our paper, TumbleBit: An Untrusted Tumbler for Bitcoin-Compatible Anonymous Payments, has been accepted for publication in the Network and Distributed System Security Symposium (NDSS) 2017 .
August 24, 2016: Our paper, *droid: Assessment and Evaluation of Android Application Analysis Tools, has been accepted for publication in ACM Computing Surveys (CSUR).
August 19, 2016: Our paper, Phonion: Practical Protection of Metadata in Telephony Networks, has been accepted for publication in Proceedings on Privacy Enhancing Technologies (PoPETS).
August 16, 2016: Our paper, NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion, has been accepted for publication in ASIACRYPT 2016.
August 10, 2016: Our paper, A Study of Security Isolation Techniques, has been accepted for publication in ACM Computing Surveys (CSUR).
July 24, 2016: Our paper, SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles, has been accepted for publication at the 2016 ACM Conference on Computer and Communications Security (CCS).
July 1, 2016: Our paper, Preventing Kernel Code-Reuse Attacks Through Disclosure Resistant Code Diversification, has been accepted for publication at the 2016 IEEE Conference on Communications and Network Security (CNS).
May 16, 2016: Our paper, Practical DIFC Enforcement on Android, has been accepted for publication at the 2016 USENIX Security Symposium.
March 22, 2016: Congratulations to PhD student, Ruowen Wang, for passing his final disseratation defense.
March 10, 2016: Our paper, Code-Stop: Code-Reuse Prevention By Context-Aware Traffic Proxying, has been accepted for publication at the 2016 International Conference on Internet Monitoring and Protection (ICIMP).
March 7, 2016: Our paper, A Study of Grayware on Google Play, has been accepted for publication at the 2016 IEEE Mobile Security Technologies workshot (MoST).
January 26, 2016: Congratulations to PhD student, Adwait Nadkarni, for passing his oral preliminary exam.
December 1, 2015: Congratulations to PhD student, Russell Meredith, for passing his written qualifier.
September 28, 2015: Congratulations to PhD student, T.J. O'Connor, for passing his written qualifier.
September 21, 2015: Congratulations to PhD student, Sigmund Gorski, for passing his written qualifier.
August 31, 2015: Dr. William Enck's NSF SaTC grant, TWC: Medium: Collaborative: Improving Mobile-Application Security via Text Analytics, has been awarded. The grant is in collaboration with Tao Xie, Carl Gunter, and ChengXiang Zhai at UIUC.
May 12, 2015: Our paper, EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning, has been accepted for publication at the 2015 USENIX Security Symposium.
April 14, 2015: Our paper, Automatic Server Hang Bug Diagnosis: Feasible Reality or Pipe Dream?, has been accepted for publication at the IEEE International Conference on Autonomic Computing (ICAC).
March 20, 2015: Congratulations to PhD student, Jason Gionta, for successfully defending his dissertation. Jason is co-advised by Dr. William Enck and Dr. Peng Ning.
December 18, 2014: Our paper, AppContext: Differentiating Malicious and Benign Mobile App Behavior Under Contexts, has been accepted for publication at the 2015 International Conference on Software Engineering (ICSE).
December 4, 2014: Dr. William Enck gave a tutorial entitled "Intro to Securing Android Applications" to the Raleigh Chapter of ISSA.
November 25, 2014: Our paper, HideM: Protecting the Contents of Userspace Memory in the Face of Disclosure Vulnerabilities, has been accepted for publication at the 2015 ACM Conference on Data and Application Security and Privacy (CODASPY).
November 5, 2014: Dr. William Enck gave a tutorial entitled "Text Analytics for Security" along with Tao Xie at ACM CCS 2014.
October 2, 2014: Dr. William Enck gave a tutorial entitled "Intro to Developing Android Applications" to the Raleigh Chapter of ISSA.
August 25th, 2014: Dr. William Enck was awarded $49,726 by ARO for my proposal entitled "Refining Security for Smartphone Applications."
August 22, 2014: Stephan Heuser presented our ASM paper at USENIX Security'14. Check out the press release and the ASM website.
August 15, 2014: Our paper, SEER: Practical Memory Virus Scanning as a Service, has been accepted for publication at the 2014 Annual Computer Security Applications Conference (ACSAC).
July 23, 2014: Dr. William Enck presented our NativeWrap work at WiSec'14. Go download the app now!
Update: Ars Technica has written a story on NativeWrap.
May 7, 2014: Our paper, ASM: A Programmable Interface for Extending Android Security, has been accepted for publication at the 2014 USENIX Security Symposium.
May 7, 2014: Our paper, NativeWrap: Ad Hoc Smartphone Application Creation for End Users, has been accepted for publication at the 2014 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
April 4, 2014: Our paper, An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities, has been accepted for publication at the 2014 IEEE Mobile Security Technologies workshop (MoST).
July 19, 2013: Our paper, Preventing Accidental Data Disclosure in Modern Operating Systems, has been accepted for publication at the 2013 ACM Conference on Computer and Communications Security (CCS).
June 4, 2013: Dr. William Enck will be an invited speaker at the Federal Trade Commission's (FTC) panel entitled "Mobile Security: Potential Threats and Solutions". Come join us in Washington D.C., or tune in via the webcast!
April 27, 2013: Our paper, WHYPER: Towards Automating Risk Assessment of Mobile Applications, has been accepted for publication at the 2013 USENIX Security Symposium.
April 17, 2013: Our paper, MAST: Triage for Market-scale Mobile Malware Analysis, received the Best Paper Award at the 2013 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), which is being held in Budapest, Hungary.
February 19, 2013: Dr. Enck received a National Science Foundation CAREER Award for my proposal "Secure OS Views for Modern Computing Platforms". The CAREER Award is the NSF's most prestigious award for junior faculty.
January 22, 2013: Our paper, MAST: Triage for Market-scale Mobile Malware Analysis, which discusses efficient methods for finding malware in massive-scale mobile applications markets, has been accepted to the 2013 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) in Budapest, Hungary.
August 16, 2012: Our paper, Abusing Cloud-based Browsers for Fun and Profit, has been accepted for publication at the 2013 USENIX Security Symposium.