Tell us about the broad impact it has/ could have. My research findings have brought in many changes in designs and implementations of widely used deployed protocols and software such as 4G LTE, 5G, X.509, Enterprise Wifi, Amazon Music Prime, and Mobile browsers, improving the overall security and privacy postures of the cyberspace. In the case of 4G LTE and 5G, my group’s research revealed several highly critical vulnerabilities, including the malicious fabrication of Presidential/Amber alert messages, the leakage of persistent identifiers like IMSI and IMEI, the leakage of a cellular device’s location from phone numbers and social media profile, and planting fake location traces. Responsible disclosures of such high-profile vulnerabilities have been acknowledged by GSMA ( research-acknowledgements/) and brought in

What is the focus of yourwork? My work focuses on the general area of cybersecurity and privacy. In this broad area, my group has been developing principled approaches for automatically analyzing and strengthening the desired security and privacy properties (e.g., confidentiality, integrity, authenticity) of emerging networks, software, and systems (e.g., 4G/5G, cryptographic software libraries, embedded systems). A unique feature of my work is viewing the automated analysis of the relevant security and privacy properties of a system, network, or software through the lens of computational logic. Embracing such a view for security and privacy analysis requires developing an abstract mathematical model of the system-under-analysis, which is then analyzed using automated logical reasoning approaches while capturing the system’s desired security properties in some mathematical logic. The main challenge then boils down to managing the inherent computational complexity of automated reasoning, which my research addresses through the careful use of system-specific abstractions, insights, and optimizations.


Made with FlippingBook flipbook maker