Research
Our research falls in the area of systems security and privacy. We develop techniques & mechanisms to enhance the security infrastructure of computer and network systems, and we build tools for security- and privacy-driven applications. Our skillset covers several domains ranging from trusted computing to operating systems, distributed systems, security policies and protocols, censorship and anonymity, machine learning applied to traffic analysis, web security, and digital forensics.
Active Projects
Privacy-Enhancing Technologies
Many Internet users have their fundamental rights of privacy, free speech, and open access to information seriously hindered. We develop privacy-enhancing technologies (PETs) aimed at enabling secure, censorship-resistant, anonymous Internet communications.
Key contributions:
- Unobservable censorship-resistant TCP tunneling in Skype videoconferencing streams PoPETS'17
- Efficient censorship-resistant Internet communications by parasitizing on WebRTC CCS'20 DICG'20
- Enhancing WebRTC covert channels with video steganography AsiaCCS'22
- Enhancing the unlinkability of circuit-based anonymous communications with k-funnels CoNEXT'23
Traffic Analysis Techniques
An increasing number and variety of cyber investigation scenarios require the analysis of encrypted traffic, e.g., website fingerprinting, botnet traffic identification, or investigation of illicit communications. We build systems that employ machine learning for efficiently and accurately analyzing traffic within individual ISPs or across multiple cooperating ISPs in a federated manner.
Key contributions:
- Detection of multimedia protocol tunneling using machine learning USENIX Security'18
- Efficient flow classification for ML-based network security applications with FlowLens NDSS'21
- Tor traffic generator for realistic experiments WPES'23
- Flow correlation attacks on Tor onion service sessions with sliding subset sum NDSS'24
Vulnerability Analysis and Detection
We are witnessing a double-pronged trend in web programming, where JavaScript has become widely used for building server-side web applications (e.g., based on Node.js), and WebAssembly has emerged as the programming language for speeding up web client code on the browser. We study and develop new tools for detecting and fixing security vulnerabilities in web applications implemented in JavaScript and WebAssembly.
Key contributions:
- Efficient static vulnerability scanner for WebAssembly Computers & Security'22
- Concolic execution for WebAssembly ECOOP'22
- Study of JavaScript static analysis tools for vulnerability detection in Node.js packages IEEE ToR'23
- Efficient static vulnerability analysis for JavaScript PLDI'24
GDPR Compliance
The EU GDPR specifies regulations for data protection that have a profound impact and cost in the way information systems need to be designed and maintained by the organizations. We study and develop new technologies to help organizations efficiently guarantee GDPR compliance when building clean slate information systems and retrofitting legacy ones.
Key contributions:
- GDPR-aware personal data compliance for web frameworks SP'23
TrustZone-based TEEs
Modern mobile devices rely on trusted execution environments (TEEs) for protecting security-sensitive data and applications (e.g., mobile payment apps) against critical attacks capable of compromising the operating system of the device. We study and develop robust, secure, and programmer-friendly TEE runtime systems for mobile devices featuring Arm TrustZone technology.
Key contributions:
- TrustZone privilege reduction with ReZone USENIX Security'22
- Vulnerability study of TrustZone-based TEEs SP'20
- Survey on Arm TrustZone technology ACMSur'19
- TrustZone meets verifiable computing Mobiquitous'18
- TrustZone-based TEE for image and mobile tiketing processing SRDSW'16 SECRYPT'18
- Trusted Language Runtime HotMobile'12 ASPLOS'14
Trusted Computing Systems
There are untrusted computing platforms such as typical cloud platforms where customers hand over the full control of their data to cloud providers. We develop secure, efficient, and scalable trusted infrastructure systems rooted in hardware that enable customers to remotely obtain a priori guarantees about the mechanisms deployed by the cloud provider for protecting the confidentiality and integrity of their data and computations.
Key contributions:
- High-performing trusted cloud storage with IronSafe SIGMOD'22
- Secure storage on untrusted heterogeneous cloud backends SRDS'16
- Remote cloud attestation with policy-sealed data USENIX Security'12
- Seminal work on trusted cloud computing HotCloud'09
Past Projects
Protection of Privacy-Sensitive Data
Many popular computing platforms run third-party apps that often collect and share sensitive user data surreptitiously. We develop private-by-design software platforms for mobile, smart homes, and IoT environments that keep track of the information flows generated by the apps and block unwanted flows specified in intuitive user-defined security policies.
Key contributions:
- User-controlled sensor data collection in smart home and mobile environments ACM SEC'18 Trustcom'20 Mobiquitous'20
- ShareIff, a remote self-destruct messaging SRDS'17
- Remote mobile device locking with trust leases HotOS'15 Mobihoc'17
Digital Forensic Tools
Client-side web applications leave valuable forensic artifacts in the browser's raw memory pages, such as user credentials, key material, media content, document fragments, and communication records. We build digital forensic tools for the extraction and accurate reconstruction of such artifacts.
Key contributions:
- RAMAS, a tool for scraping in-memory Web messaging data Computers & Security'18