We conduct research on a wide range of topics on systems and Internet security to develop techniques and tools aimed at prevention and detection of cyber attacks.
Thu 11 May 2017
Paper accepted at the 2017 USENIX Security Symposium! .
Mon 17 Apr 2017
Paper accepted at IEEE/IFIP DSN2017 .
Tue 30 Aug 2016
Best Paper Award! .
Tue 09 Aug 2016
Paper to appear in ACM CCS'16 .
See news archive.
Web Security: We focus on vulnerability analysis and detection of web applications using static and dynamic code analysis, formal methods, and ideas from compilers and OSs.
Mobile Security: We focus on vulnerability analysis of mobile apps and mobile malware analysis.
Cybercrime: We focus on automated analysis of for-crime software to understand their behavior and build effective defenses.
Advanced Persistent Threats: We investigate robust techniques to analyze and detect advanced persistent threats.
CHESS: GAMEPLAY: Graph Analysis for Mechanized Exploit generation and Patching Leveraging human Assistance for improved Yield.
MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms.
MARPLE: Mitigating APT Damage by Reasoning with Provenance in Large Enterprise Networks.
ESP-IGERT: Electronic Security and Privacy: Technological, Human, Enterprise and Legal Considerations.
CSFV: Crowd Sourced Formal Verification.
See all projects.