GREPSEC VI Workshop Program

Tuesday, August 8

8:30 am–9:00 am


9:00 am–9:15 am


9:15 am–9:45 am

Talk 1

Following the Money: Characterizing the Monetization Ecosystem of Stalkerware Through Application Analysis

Tuesday, 9:15 am9:45 am

Kevin Butler, University of Florida

Stalkerware is a form of malware that allows for the abusive monitoring of intimate partners. In this talk, we describe how we leveraged our work in analyzing smartphone apps to examine the problem of stalkerware and to build relationships within the Coalition Against Stalkerware to better understand how these apps our deployed. We discuss our analysis of monetization among over 6,000 stalkerware apps by examining their decompiled source code and discovering insights about in-app advertising libraries, payment processors, and how stalkerware apps have responded to changes in the Google Play Store’s terms of service banning stalkerware. We also examine code reuse and repackaging in these apps to understand both who is authoring them and how they are making money in order to best combat this pernicious malware.

Kevin Butler, University of Florida

Kevin Butler is a Professor of Computer Science and University Term Professor in the Department of Computer and Information Science and Engineering at the University of Florida. He is Director of the Florida Institute for Cybersecurity Research, and he directs the NSF Center for Privacy and Security for Marginalized and Vulnerable Populations (PRISM). Kevin's research focuses on the security of computer systems and the security and privacy of its users. His work has covered areas such as embedded and IoT systems, firmware analysis, trustworthy computing, mobile device security and privacy, data integrity and provenance, cyber-physical systems, adversarial machine learning, network security, and cloud systems security.

9:45 am–10:15 am

Talk 1 Q&A

10:15 am–10:45 am


10:45 am–11:30 am

Breakout Session 1

11:30 am–12:00 pm

Talk 2

Protecting Users from Adversarial Networks

Tuesday, 11:30 am12:00 pm

Roya Ensafi, University of Michigan

The Internet has become a hostile place for users’ traffic. Network-based actors, including ISPs and governments, increasingly practice sophisticated forms of censorship, content injection, and traffic throttling, as well as surveillance and other privacy violations. My work attempts to expose these threats and develop technologies to better safeguard users. In this talk, I’ll cover a decade's summary of my approach to monitoring Internet censorship. I introduced an entirely new family of censorship measurement techniques, based on network side-channels, that can remotely detect censorship events occurring between distant pairs of network locations. To overcome the systems and data science challenges of operating these techniques and synthesizing their results into a holistic view of online censorship, my students and I created Censored Planet, a censorship observatory that continuously tests the reachability of thousands of popular or sensitive sites from over 100,000 vantage points in 221 countries. Next, I’ll discuss our efforts to understand and defend the consumer VPN ecosystem. Although millions of end-users rely on VPNs to protect their privacy and security, this multibillion-dollar industry includes numerous snakeoil products, is laxly regulated, and remains severely understudied. To address this, my lab created VPNalyzer, a project that aims to bring transparency and better security to consumer VPNs. Our work includes a cross-platform test suite that crowd-sources VPN security testing, coupled with large-scale user studies that aim to understand the needs and threat models of VPN users. During the talk, my aim is to delve into the valuable lessons learned from these works, which have played a crucial role in my academic success.

Roya Ensafi, University of Michigan

Roya Ensafi is an associate professor of computer science and engineering at the University of Michigan, where her research focuses on Internet security and privacy, with the goal of creating techniques and systems to better protect users online. She is particularly passionate about online censorship, geo-discrimination, surveillance, and related threats to Internet freedom. Prof. Ensafi is the founder of Censored Planet, a global censorship observatory. She has studied Russia’s throttling of Twitter, HTTPS interception in Kazakhstan, and China’s Great Cannon attack, among many other instances of network interference. She is a recipient of the Sloan Research Fellowship, NSF CAREER, Google Faculty Research Award, multiple IRTF Applied Networking Research Prizes, and the Consumer Reports Digital Lab fellowship.

12:00 pm–12:30 pm

Talk 2 Q&A

12:30 pm–2:00 pm


2:00 pm–2:30 pm

Talk 3

Who stole my secrets: information flow security in real world applications

Tuesday, 2:30 pm3:00 pm

Limin Jia, Carnegie Mellon University

Preventing information from being leaked to attackers is one of the key security goals of systems that handle sensitive data. Research in information flow security aims to develop theoretical foundations and practical tools to address this issue. One of the cornerstones of information flow security is the Bell-LaPadula and Biba models developed in the 1970s and the subsequent lattice-based model by Denning, which started a long line of research in information flow security. These models described how to protect and use potentially sensitive information and are incredibly useful in formally analyzing security risks of practical systems. In this talk, I will show that these classical information flow security principles are extremely helpful in understanding vulnerabilities and defenses in modern application domains like web applications, smart homes, and Node.js.

Limin Jia, Carnegie Mellon University

Limin Jia is a Research Professor of Electrical and Computer Engineering Department at Carnegie Mellon University. She is also a member of CyLab, Carnegie Mellon's computer security and privacy institute. Jia received her Ph.D. from Princeton in 2008. Jia’s research is in the intersection of computer security, programming languages, and formal method.

2:30 pm–3:00 pm

Talk 3 Q&A

3:00 pm–3:45 pm

Breakout Session 2

3:45 pm–4:15 pm


4:15 pm–4:45 pm

Talk 4

Problematic Content in Online Ads

Tuesday, 4:15 pm4:45 pm

Franziska Roesner, University of Washington

Online advertisements are an unavoidable fact of the modern web: they are embedded in and financially support the majority of content websites. Much prior work in the computer security and privacy community has previously studied the ecosystem of online advertising, particularly in terms of its privacy implications. What has not been substantively considered in the security community, however, is the visible, user-facing content of these advertisements. Our recent work reveals significant prevalence of a range of problematic content in these ads, including clickbait, misinformation, scams, and manipulative design patterns. In this talk, I will describe our work characterizing and measuring problematic content in the online ad ecosystem, including investigations of ad content on misinformation sites, political-themed ads on news and media websites around the time of the 2020 U.S. elections, and ads seen from Ukraine and Russia during the first six months of the war.

Franziska Roesner, University of Washington

Franziska (Franzi) Roesner is an Associate Professor in the Paul G. Allen School of Computer Science & Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses broadly on computer security and privacy for end users of existing and emerging technologies, including on topics like online tracking and advertising, security and privacy for sensitive user groups, security and privacy in emerging augmented reality (AR) and IoT platforms, and online mis/disinformation. She is the recipient of a Consumer Reports Digital Lab Fellowship, an MIT Technology Review ”Innovators Under 35” Award, an Emerging Leader Alumni Award from the University of Texas at Austin, a Google Security and Privacy Research Award, and an NSF CAREER Award. Her work has received paper awards or runners-up at USENIX Security, the IEEE Symposium on Security & Privacy, the ACM Internet Measurement Conference (IMC), and the ACM Web Conference, as well as Test of Time Awards at the USENIX Symposium on Networked Systems Design & Implementation (NSDI) and the IEEE Symposium on Security & Privacy. She serves on the USENIX Security and USENIX Enigma Steering Committees.

4:45 pm–5:15 pm

Talk 4 Q&A

5:15 pm–5:30 pm

Concluding Remarks and Wrap Up

5:30 pm–6:00 pm

End of Day Break

6:00 pm–7:00 pm

Speed Mentoring with Appetizers