KMap
I'm a Professor in the Department of Computer Science at the University of Arizona. Prior to arriving in Tucson I worked at the University of Auckland, New Zealand, and before that I got my Ph.D. from Lund University, Sweden. I have also held a visiting position a the Chinese Academy of Sciences in Beijing, China. My main research interest is computer security, in particular the so-called Man-At-The-End Attack which occurs in settings where an adversary has physical access to a device and compromises it by tampering with its hardware or software. My current research focuses on remote man-at-the-end attacks which occur in distributed systems where untrusted clients are in frequent communication with trusted servers over a network, and a malicious user can get an advantage by compromising an untrusted device.

VOSviewer

Courses
  • CS
    Computer Security

  • PC
    Principles of Compilation

  • CPL
    Comparative Programming Languages

Grants
  • Funding agency logo
    SaTC: TTP: Medium: The Tigress Endpoint Protection Tool

    Principal Investigator (PI)

    2021

    $950.2K
    Active
  • Funding agency logo
    SaTC:EDU: LIGERLabs: Educational Modules for (Anti-) Reverse Engineering

    Principal Investigator (PI)

    2020

    $400.0K
    Active
  • Funding agency logo
    TWC: Small: Understanding Anti-Analysis Defenses in Malicious Code

    Co-Investigator (COI)

    2015

    $531.9K
  • Funding agency logo
    A Longitudinal Study of Sharing of Research Artifacts in Computer Science

    Principal Investigator (PI)

    2015

    $357.6K
  • Funding agency logo
    TWC TTP: Small: Mitigating Insider Attacks in Provenance Systems

    Principal Investigator (PI)

    2013

    $496.1K
  • Funding agency logo
    Putting Network Security on the Map (Phase II)

    Co-Investigator (COI)

    2012

    $3.6M
  • Funding agency logo
    Putting Network Security on the Map: Visualizing Network Security with a Unified Map Metaphor

    Co-Investigator (COI)

    2011

    $363.8K
  • Funding agency logo
    EAGER: Man-at-the-End Attacks: Defenses and Evaluation Techniques

    Principal Investigator (PI)

    2011

    $280.9K
  • Funding agency logo
    Theoretical and Practical Approaches to Remote White-Box Security

    Principal Investigator (PI)

    2009

    $22.3K
Technologies / Patents
      News
      • The World of Computer Science

        2013

      • UA Faculty Member Earns Humboldt Fellowship

        2011

      • New Lecture Series Centers on Security Issues

        2009

      • Professor Publishes Book on Software Security

        2009

      Publications (51)
      Recent
      • Code Obfuscation: Why is This Still a Thing? (Keynote Address)

        2018

      • Probabilistic Obfuscation through Covert Channels

        2017

      • Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning

        2017

      • A Tool for Teaching Reverse Engineering

        2016

      • Engineering Code Obfuscation (Invited Talk)

        2016

      • Code obfuscation against symbolic execution attacks

        2016

      • Repeatability in computer systems research

        2016

      • Pinpointing and Hiding Surprising Fragments in an Obfuscated Program

        2015

      • Code artificiality: A metric for the code stealth based on an n-gram model

        2015

      • A Possible Solution for Privacy Preserving Cloud Data Storage

        2015

      • A Method to Evaluate CFG Comparison Algorithms

        2014

      • Provenance of exposure: Identifying sources of leaked documents

        2013

      • Distributed application tamper detection via continuous software updates

        2012

      • Guest editors' introduction: Software protection

        2011

      • Toward digital asset protection

        2011

      • More on graph theoretic software watermarks: Implementation, analysis, and attacks

        2009

      • Trading-off security and performance in barrier slicing for remote software entrusting

        2009

      • A semi-dynamic multiple watermarking scheme for java applications

        2009

      • An empirical study of Java bytecode programs

        2007

      • Barrier slicing for remote software trusting

        2007

      • Dynamic graph-based software fingerprinting

        2007

      • Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics: Preface

        2007

      • Surreptitious software: Models from Biology and History

        2007

      • Software watermarking via opaque predicates: Implementation, analysis, and attacks

        2006

      • Browser Toolbars

        2006

      • Self-plagiarism in computer science

        2005

      • The evaluation of two software watermarking algorithms

        2005

      • K-gram software birthmarks

        2005

      • Rights and wrongs in scientific publications (multiple letters) [1]

        2005

      • Software watermarking in the frequency domain: Implementation, analysis, and attacks

        2005

      • Dynamic path-based software watermarking

        2004

      • Problem identification using program checking

        2004

      • The obfuscation executive

        2004

      • Software watermarking through register allocation: Implementation, analysis, and attacks

        2004

      • Graph Theoretic Software Watermarks: Implementation, Analysis, and Attacks

        2004

      • Detecting software theft via whole program path birthmarks

        2004

      • Error-correcting graphs for software watermarking

        2003

      • Sandmark - A tool for software protection research

        2003

      • A System for Graph-Based Visualization of the Evolution of Software

        2003

      • Graph-Based Approaches to Software Watermarking

        2003

      • Watermarking, tamper-proofing, and obfuscation - Tools for software protection

        2002

      • Automatic derivation of compiler machine descriptions

        2002

      • Language-agnostic program rendering for presentation, debugging and visualization

        2000

      • Software watermarking: Models and dynamic embeddings

        1999

      • Manufacturing cheap, resilient, and stealthy opaque constructs

        1998

      • Breaking abstractions and unstructuring data structures

        1998

      • Reverse Interpretation + Mutation Analysis = Automatic Retargeting

        1997

      • Reverse interpretation+mutation analysis = automatic retargeting

        1997

      • DESIGN AND IMPLEMENTATION OF MODULAR LANGUAGES SUPPORTING INFORMATION HIDING.

        1987

      Grants
      Citations
      H-Index
      Patents
      News
      Books
      Opportunities