We leverage a multitude of techniques to study mobility (localization, navigation etc.) and security aspects (confidentiality, integrity, authentication and authorization) in emerging application domains. In particular, we utilize access control, optimization, machine learning and natural language processing among others to tackle prevalent threats and challenges in an ever-connected world.
Our research focuses on three main research directions:
- Authentication, Authorization and Access Control
- Mobile Device and IoT Systems Security
- Mobile Sensing and Localization
A. Authentication, Authorization and Access Control
Operating systems rely on authentication to verify that subjects (the users and programs) sharing the platform and OS resources are who they claim to be. Lack or weak authentication can result in untrusted parties having access to privileged operations. Authorization schemes determine the privileges a subject has on the system. To enforce the authorization constraints and to help manage the distribution, revocation and enforcement of privileges in a particular context or system, we design effective and efficient access control schemes. Modern operating systems employ a variety of such access control schemes, such as discretionary access control, mandatory access control and application permission models.
- Resolving the Predicament of Android Custom Permissions. Tuncay, Güliz Seray; Demetriou, Soteris; Karan Ganju; Gunter, Carl. 25th Network and Distributed System Security (NDSS) Symposium, February 2018
- HanGuard: SDN-driven protection of WiFi smart-home devices from malicious mobile apps. Demetriou, Soteris; Zhang, Nan; Lee, Yeonjoon; Wang, Xiaofeng; Gunter, Carl; Zhou, Xiaoyong; Grace, Michael. 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July 2017
- Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android. Tuncay, Güliz Seray; Demetriou, Soteris; Gunter, Carl. ACM Conference on Computer and Communications Security (CCS), November 2016
- What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources. Demetriou, Soteris; Zhou, Xiaoyong; Naveed, Muhammad; Lee, Yeonjoon; Yuan, Kan; Wang, XiaoFeng; Gunter, Carl. 22nd Network and Distributed System Security (NDSS) Symposium, February 2015
B. Mobile Device and IoT Systems Security
With smartphone penetration soaring and the rapid advancements in internet connected devices, mobile and IoT device security guarantees are needed more than ever. Adversaries can leverage the fact that mobile devices are equipped with a multitude of sensing and their always present nature to launch sophisticated inference attacks to violate users’ confidentiality and the platforms’ integrity. This research thrust aims to study such adversarial capabilities in smartphone and IoT systems in consumer and enterprise settings.
- Toward an Extensible Framework for Redaction. Demetriou, Soteris; Nathaniel D. Kaufman; Jonah Baim; Adam J. Goldsher; Carl A. Gunter. 1st International Workshop on Security and Privacy for the Internet-of-Things (IoTSec), April 2018
- Ghost Installer in the Shadow: Security Analysis of App Installation on Android. Lee, Yeonjoon; Li, Tongxin; Zhang, Nan; Demetriou, Soteris; Zha, Mingming; Wang, XiaoFeng; Chen, Kai; Zhou, Xiaoyong; Han, Xinhui; Grace, Michael. 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June 2017
- Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going To Be. Nan Zhang, Soteris Demetriou, XiangHang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, Xiaofeng Wang, Kai Chen, Yuan Tian, Carl A. Gunter, Kehuan Zhang, Patrick Tague, Yue-Hsun Lin. arXiv preprint arXiv:1703.09809. March 2017
- Free for all! Assessing User Data Exposure to Advertising Libraries on Android
Demetriou, Soteris; Merrill, Whitney; Yang, Wei; Zhang, Aston; Gunter, Carl. 23rd Network and Distributed System Security (NDSS) Symposium, February 2016
- Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android. Naveed, Muhammad; Zhou, Xiaoyong; Demetriou, Soteris; Wang, XiaoFeng; Gunter, Carl. 21st Network and Distributed System Security (NDSS) Symposium, February 2014
- Identity, location, disease and more: Inferring your secrets from android public resources. Zhou, Xiaoyong; Demetriou, Soteris; He, Dongjing; Naveed, Muhammad; Pan, Xiaorui; Wang, Xiaofeng; Gunter, Carl; Nahrstedt, Klara. ACM Symposium on Computer and Communications Security (CCS), November 2013
C. Mobile Sensing and Localization
Mobile devices are equipped with numerous sensors which allow them to offer efficient and effective personalized services and applications. For example, connected and autonomous vehicles (CAVs) feature advanced sensing capabilities, including multiples of range sensors (Lidar and Radar), 360° cameras, onboard GPUs, and high-speed connectivity: Tesla Motors uses a forward radar, a front-facing camera, and multiple ultrasonic sensors to enable its Autopilot feature; Google’s and Apple’s version of CAV uses Lidar and cameras to support autonomous driving; Ford and Uber are also actively experimenting with CAVs.
These advanced capabilities open up a plethora of exciting opportunities for next generation services related to better localization and navigation and traffic optimization. At the same time, their reliance on sensing data and machine learning algorithms for route prediction, collision avoidance and object detection and recognitions, introduces new attack surfaces. Given the widening gap between autonomy and security in this application domain, in tandem with their safety repercussions, there is an impending need for novel solutions that can guarantee trusted outcomes from such sensor-fusion and machine learning algorithms.
- CoDrive: Improving Automobile Positioning via Collaborative Driving. Demetriou, Soteris; Jain, Puneet; Kim, Kyu-Han. IEEE International Conference on Computer Communications (IEEE INFOCOM), April 2018
- CamForensics: Understanding Visual Privacy Leaks in the Wild. Srivastava, Animesh; Jain, Puneet; Demetriou, Soteris; Cox, Landon; Kim, Kyu-Han. 15th ACM Conference on Embedded Networked Sensor Systems (SenSys), November 2017