Publications



The CyFI Lab is hiring a full-time Postdoctoral Researcher. Please apply here.

Conference and Workshop Publications


Hiding in Plain Sight: An Empirical Study of Web Application Abuse in Malware.
M. Yao, J. Fuller, R. Pai Kasturi, S. Agarwal, A. Sikder, B. Saltaformaggio.
In Proc. 32nd USENIX Security Symposium (Security '23), Anaheim, CA, 2023.

(Acceptance rate: TBD)

[PDF] [Source Code]

Artifact Evaluated Badges: Available, Functional

Media: [ACM Tech News] [Tech Xplore] [News8Plus] [TIISys] [Israel Homeland Security] [Tech Times] [Georgia Tech Research News]



PUMM: Preventing Use-After-Free Using Execution Unit Partitioning.
C. Yagemann, S. Chung, B. Saltaformaggio, W. Lee.
In Proc. 32nd USENIX Security Symposium (Security '23), Anaheim, CA, 2023.

(Acceptance rate: TBD)

[PDF] [Source Code]

Artifact Evaluated Badges: Available, Functional



Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces.
R. Pai Kasturi, J. Fuller, Y. Sun, O. Chabklo, A. Rodriguez, J. Park, B. Saltaformaggio.
In Proc. 31st USENIX Security Symposium (Security '22), Boston, MA, 2022.

(Acceptance rate: 18.1%)

[PDF] [Video: Conf. Presentation] [Source Code]

CSAW’22 Applied Research Competition Finalist.
Invited for a USENIX ;login: Magazine article. [Link]

Media: [Communications of the ACM] [The Hacker News] [SiliconANGLE] [Georgia Tech SCP News]



Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis.
C. Yagemann, S. Chung, B. Saltaformaggio, W. Lee.
In Proc. 28th ACM Conference on Computer and Communications Security (CCS'21), Virtual Conference, 2021.

(Acceptance rate: 22.3%)

[PDF]

Media: [Georgia Tech SCP News]



C3PO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration.
J. Fuller, R. Pai Kasturi, A. Sikder, B. Arik, H. Xu, V. Verma, E. Asdar, B. Saltaformaggio.
In Proc. 28th ACM Conference on Computer and Communications Security (CCS'21), Virtual Conference, 2021.

(Acceptance rate: 22.3%)

[PDF] [Video: Conf. Presentation] [Source Code]

Media: [Georgia Tech SCP News]



ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems.
C. Yagemann, M. Pruett, S. Chung, K. Bittick, B. Saltaformaggio, W. Lee.
In Proc. 30th USENIX Security Symposium (Security '21), Virtual Conference, 2021.

(Acceptance rate: 18.7%)

[PDF] [Video: Conf. Presentation] [Source Code]

GTRI 2021 Best Paper Finalist.



Forecasting Malware Capabilities From Cyber Attack Memory Images.
O. Alrawi*, M. Ike*, M. Pruett, R. Pai Kasturi, S. Barua, T. Hirani, B. Hill, B. Saltaformaggio.
In Proc. 30th USENIX Security Symposium (Security '21), Virtual Conference, 2021.

(Acceptance rate: TBD)

*Authors contributed equally.

[PDF] [Video: Conf. Presentation] [Source Code]

IISP 2020 Demo Day Finale Research Track Winner.

Media: [Georgia Tech School of ECE News]



Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages.
R. Duan, O. Alrawi, R. Pai Kasturi, R. Elder, B. Saltaformaggio, W. Lee.
In Proc. 28th Network and Distributed System Security Symposium (NDSS '21), Virtual Conference, 2021.

(Acceptance rate: 15.2%)

[PDF] [Video: Conf. Presentation] [Source Code]

Led to the confirmation and removal of hundreds of malicious PyPI, Npm, and RubyGems packages.

Media: [Communications of the ACM]



On the Feasibility of Automating Stock Market Manipulation.
C. Yagemann, S. Chung, E. Uzun, S. Ragam, B. Saltaformaggio, W. Lee.
In Proc. 2020 Annual Computer Security Applications Conference (ACSAC '20), Virtual Conference, 2020.

(Acceptance rate: 23%)

Invited to LASER Workshop, in conjunction with ACSAC 2020.

[PDF] [Source Code]

Media: [ThinkstScapes Quarterly]



TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks.
R. Pai Kasturi, Y. Sun, R. Duan, O. Alrawi, E. Asdar, V. Zhu, Y. Kwon, B. Saltaformaggio.
In Proc. 41st IEEE Symposium on Security and Privacy (S&P '20), Virtual Conference, 2020.

(Acceptance rate: 12.3%)

[PDF] [Video: Conf. Presentation]

CREATE-X Golden Ticket Award.
Georgia Tech Inaugural $1B+ Startup Hackathon Nominee.



The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends.
O. Alrawi*, C. Zuo*, R. Duan, R. Pai Kasturi, Z. Lin, B. Saltaformaggio.
In Proc. 28th USENIX Security Symposium (Security '19), Santa Clara, CA, 2019.

(Acceptance rate: 15.7%)

*Authors contributed equally.

[PDF] [Video: Conf. Presentation]

CSAW’19 Applied Research Competition Finalist.

Invited for TechTalk presentation by Google’s Android Security Operations Team.

Media: [Diginomica] [InfoSec Magazine] [Defense One] [NextGov] [NSF] [BGR-IN] [Digital Info World] [Eng&Tech] [Market Research] [AppDevMag] [Quint] [Khaleej] [Georgia Tech News Center]



Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries.
R. Duan, A. Bijlani, Y. Ji, O. Alrawi, Y. Xiong, M. Ike, B. Saltaformaggio, W. Lee.
In Proc. 26th Network and Distributed System Security Symposium (NDSS'19), San Diego, CA, 2019.

(Acceptance rate: 17%)

[PDF] [Video: Conf. Presentation]



"Tipped Off by Your Memory Allocator": Device-Wide User Activity Sequencing from Android Memory Images.
R. Bhatia, B. Saltaformaggio, S. J. Yang, A. Ali-Gombe, X. Zhang, D. Xu, G. Richard III.
In Proc. 25th Network and Distributed System Security Symposium (NDSS'18), San Diego, CA, 2018.

(Acceptance rate: 21%)

[PDF] [Video: Conf. Presentation]



RevARM: A Platform-Agnostic ARM Binary Rewriter for Security Applications.
T. Kim, C. Kim, H. Choi, Y. Kwon, B. Saltaformaggio, X. Zhang, D. Xu.
In Proc. 2017 Annual Computer Security Applications Conference (ACSAC'17), Orlando, FL, 2017.

(Acceptance rate: 19.7%)

[PDF]



A2C: Self Destructing Exploit Executions via Input Perturbation.
Y. Kwon, B. Saltaformaggio, I. Kim, K. Lee, X. Zhang, D. Xu.
In Proc. 24th Network and Distributed System Security Symposium (NDSS'17), San Diego, CA, 2017.

(Acceptance rate: 16%)

[PDF] [Video: Conf. Presentation]



HERCULE: Attack Story Reconstruction via Community Discovery on Correlated Log Graph.
K. Pei, Z. Gu, B. Saltaformaggio, S. Ma, F. Wang, Z. Zhang, L. Si, X. Zhang, D. Xu.
In Proc. 2016 Annual Computer Security Applications Conference (ACSAC'16), Los Angeles, California, 2016.

(Acceptance rate: 22.8%)

[PDF]



BASS: Improving I/O Performance for Cloud Block Storage via Byte-Addressable Storage Stack.
H. Lu, B. Saltaformaggio, C. Xu, U. Bellur, D. Xu.
In Proc. 7th ACM Symposium on Cloud Computing (SOCC'16), Santa Clara, CA, 2016.

(Acceptance rate: 25%)

[PDF]



Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images.
B. Saltaformaggio, R. Bhatia, X. Zhang, D. Xu., G. Richard III.
In Proc. 25th USENIX Security Symposium (Security'16), Austin, TX, 2016.

(Acceptance rate: 15.6%)

[PDF] [Video: Conf. Presentation] [Source Code] [Test Case VM]

Invited for TechTalk presentation by Google’s Anti-Abuse Research Team.

Media: [ScienceDaily] [NSF] [CACM - ACM TechNews] [IEEE Electronics360] [Stanford Cyber Initiative] [Phys.org] [The Register] [The Times of India] [Homeland Preparedness News] [Science Newsline] [TechWorm] [Public Technologies] [Travarsa] [Trindo] [Flash of Gold] [BGR India] [Indiana Economic Digest] [Journal & Courier] [The Indianapolis Star] [Purdue Newsroom]



Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic.
B. Saltaformaggio, H. Choi, K. Johnson, Y. Kwon, Q. Zhang, X. Zhang, D. Xu, J. Qian.
In Proc. 10th USENIX Workshop on Offensive Technologies (WOOT'16, in conjunction with Security'16), Austin, TX, 2016.

(Acceptance rate: 47.7%)

[PDF]



StorM: Enabling Tenant-Defined Cloud Storage Middle-Box Services.
H. Lu, A. Srivastava, B. Saltaformaggio, D. Xu.
In Proc. 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'16), Toulouse, France, 2016.

(Acceptance rate: 22.3%)

[PDF]



LDX: Causality Inference by Lightweight Dual Execution.
Y. Kwon, D. Kim, W. Sumner, K. Kim, B. Saltaformaggio, X. Zhang, D. Xu.
In Proc. 21st ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'16), Atlanta, GA, 2016.

(Acceptance rate: 22%)

[PDF]



GUITAR: Piecing Together Android App GUIs from Memory Images.
B. Saltaformaggio, R. Bhatia, Z. Gu, X. Zhang, D. Xu.
In Proc. 22nd ACM Conference on Computer and Communications Security (CCS'15), Denver, CO, 2015.

(Acceptance rate: 19.8%)

[PDF]

Best Paper Award. [Link]



VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images.
B. Saltaformaggio, R. Bhatia, Z. Gu, X. Zhang, D. Xu.
In Proc. 22nd ACM Conference on Computer and Communications Security (CCS'15), Denver, CO, 2015.

(Acceptance rate: 19.8%)

[PDF]



iRiS: Vetting Private API Abuse in iOS Applications.
Z. Deng, B. Saltaformaggio, X. Zhang, D. Xu.
In Proc. 22nd ACM Conference on Computer and Communications Security (CCS'15), Denver, CO, 2015.

(Acceptance rate: 19.8%)

[PDF] [Source Code]

Contributed to the confirmation and removal of hundreds of privacy-violating apps from Apple’s App Store.

Media: [Digital Journal] [Palo Alto Networks] [SourceDNA] [Computerworld]



vRead: Efficient Data Access for Hadoop in Virtualized Clouds.
C. Xu, B. Saltaformaggio, S. Gamage, R. Kompella, D. Xu.
In Proc. 16th ACM/IFIP/USENIX Middleware Conference (Middleware'15), Vancouver, Canada, 2015.

(Acceptance rate: 19.5%)

[PDF]



vFair: Latency-Aware Fair Storage Scheduling via Per-IO Cost-Based Differentiation.
H. Lu, B. Saltaformaggio, R. Kompella, D. Xu.
In Proc. 6th ACM Symposium on Cloud Computing (SOCC'15), Kohala Coast, HI, 2015.

(Acceptance rate: 21.6%)

[PDF]



DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse.
B. Saltaformaggio, Z. Gu, X. Zhang, D. Xu.
In Proc. 23rd USENIX Security Symposium (Security'14), San Diego, CA, 2014.

(Acceptance rate: 19.1%)

[PDF] [Video: Conf. Presentation] [Source Code] [Test Case VM]

Best Student Paper Award. [Link]



Face-Change: Application-Driven Dynamic Kernel View Switching in a Virtual Machine.
Z. Gu, B. Saltaformaggio, X. Zhang, D. Xu.
In Proc. 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'14), Atlanta, GA, 2014.

(Acceptance rate: 30%)

[PDF]



BusMonitor: A Hypervisor-Based Solution for Memory Bus Covert Channels.
B. Saltaformaggio, D. Xu, X. Zhang.
In Proc. 6th European Workshop on Systems Security (EuroSec'13, in conjunction with EuroSys'13), Prague, Czech Republic, 2013.

(Acceptance rate: 29.6%)

[PDF] [Covert Channel Code]



Using a Novel Behavioral Stimuli-Response Framework to Defend against Adversarial Cyberspace Participants.
D. Bilar, B. Saltaformaggio.
In Proc. 3rd CCDCOE International Conference on Cyber Conflict (ICCC3), Tallinn, Estonia, 2011.

(Acceptance rate: 40%)

[PDF]





Journal Articles


This Hacker Knows Physics: Device Physics Aware Mimicry Attacks in Cyber-Physical Systems.
Q. Gu, D. Formby, S. Ji, B. Saltaformaggio, A. Bourgeois, R. Beyah.
IEEE Transactions on Dependable and Secure Computing, vol. 19 (5), pp. 3218-3230, 2021.
https://doi.org/10.1109/TDSC.2021.3089163.

[PDF]



Modeling Large-Scale Manipulation in Open Stock Markets.
C. Yagemann, S. Chung, E. Uzun, S. Ragam, B. Saltaformaggio, W. Lee.
IEEE Security & Privacy Journal, vol. 19 (6), pp. 58-65, 2021.
https://doi.org/10.1109/MSEC.2021.3076717.

[PDF]



GEMINI: Guest-transparent honey files via hypervisor-level access redirection.
Z. Gu, B. Saltaformaggio, X. Zhang, D. Xu.
Computers & Security, vol. 77, pp. 737-744, 2018.
https://doi.org/10.1016/j.cose.2018.02.014.

[PDF]



Toward a more dependable hybrid analysis of android malware using aspect-oriented programming.
A. Ali-Gombe, B. Saltaformaggio, J. Ramanujam, D. Xu, G. Richard III.
Computers & Security, vol. 73, pp. 235-248, 2018.
https://doi.org/10.1016/j.cose.2017.11.006.

[PDF]



Live acquisition of main memory data from android smartphones and smartwatches.
S. J. Yang, J. H. Choi, K. B. Kim, R. Bhatia, B. Saltaformaggio, D. Xu.
Digital Investigation, vol. 23(C), pp. 50-62, 2017.
https://doi.org/10.1016/j.diin.2017.09.003.

[PDF]





Group Member Theses


The Bot Reveals Its Master: Exposing and Infiltrating Botnet Command and Control Servers via Malware Logic Reuse.
J. Fuller.
Georgia Tech Theses and Dissertations, SMARTech Publishing, 2022.



Hardware-Assisted Processor Tracing for Automated Bug Finding and Exploit Prevention.
C. Yagemann.
Georgia Tech Theses and Dissertations, SMARTech Publishing, <https://smartech.gatech.edu/handle/1853/67192>, 2022.

[PDF]



Backup To The Rescue: Automated Forensic Techniques For Advanced Website-Targeting Cyber Attacks.
R. Pai (Kasturi) Sridhar.
Georgia Tech Theses and Dissertations, SMARTech Publishing, <https://smartech.gatech.edu/handle/1853/67300>, 2022.

[PDF]



Toward Solving the Security Risks of Open-Source Software Use.
R. Duan.
Georgia Tech Theses and Dissertations, SMARTech Publishing, <https://smartech.gatech.edu/handle/1853/62316>, 2019.

[PDF]



Convicted by Memory: Automatically Recovering Spatial-Temporal Evidence from Memory Images.
B. Saltaformaggio.
Purdue University Theses and Dissertations, ProQuest Dissertations Publishing, Number 10249228, <http://docs.lib.purdue.edu/dissertations/AAI10249228>, 2016.

[PDF]

ACM SIGSAC Doctoral Dissertation Award. [Link]



Forensic Carving of Wireless Network Information from the Android Linux Kernel.
B. Saltaformaggio.
University of New Orleans Theses and Dissertations, ScholarWorks@UNO, Paper 20, <http://scholarworks.uno.edu/honors_theses/20>, 2012.

[PDF]



^