Publications

---

---

---

2021

Detecting AI Trojans Using Meta Neural Analysis.
Xiaojun Xu, Qi Wang, Huichen Li, Nikita Borisov, Carl A. Gunter, Bo Li.
IEEE Security Symposium, May, 2021.

DOVE: A Data-Oblivious Virtual Environment.
Hyun Bin Lee, Tushar M. Jois, Christopher W. Fletcher, and Carl A. Gunter.
ISOC Network and Distributed Systems Security (NDSS) Symposium, February, 2021.
NDSS [Video]. Extended arXiv version.

---

2020

Securing Emerging IoT Systems Through Systematic Analysis and Design.
Qi Wang.
Doctoral Dissertation, University of Illinois at Urbana-Champaign, November, 2020.

A Pragmatic Approach to Membership Inferences on Machine Learning Models.
Yunhui Long, Lei Wang, Diyue Bu, Vincent Bindschaedler, Xiaofeng Wang, Haixu Tang, Carl A. Gunter, and Kai Chen.
IEEE European Symposium on Security and Privacy (EuroS&P), September, 2020.

See No Evil: Phishing for Permissions with False Transparency.
Güliz Seray Tuncay, Jingyu Qian. and Carl A. Gunter.
USENIX Security Symposium, August, 2020.

Grand Challenges for Embedded Security Research in a Connected World.
Wayne Burleson, Kevin Fu, Denise Anthony, Jorge Guajardo, Carl Gunter, Kyle Ingols, Jean-Baptiste Jeannin, Farinaz Koushanafar, Carl Landwehr, and Susan Squires.
arXiv:2005.06585 [cs.CY], May 2020.

Understanding and Mitigating Privacy Risk in Machine Learning Systems.
Yunhui Long.
Doctoral Dissertation, University of Illinois at Urbana-Champaign, May, 2020.

A Hypothesis Testing Approach to Sharing Logs with Confidence,
Yunhui Long, Le Xu, and Carl A. Gunter.
ACM Conference on Data and Application Security and Privacy (CODASPY ’20), New Orleans, LA, March 2020.

You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.
Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A. Gunter, and Haifeng Chen.
ISOC Network and Distributed Systems Security (NDSS ’20) Symposium, February, 2020.

WSEmail: An architecture and system for secure Internet messaging based on web services.
Michael J. May, Kevin D. Lux, and Carl A. Gunter.
Service Oriented Computing and Applications (2020) 14:5–17.

---

2019

WSEmail: A Retrospective on a System for Secure Internet Messaging Based on Web Services..
Michael J. May, Kevin D. Lux, and Carl A. Gunter.
arXiv:1908.02108 [cs.NI], December, 2019.

Charting the Attack Surface of Trigger-Action IoT Platforms.
Qi Wang, Pubali Datta,Wei Yang, Si Liu, Adam Bates, and Carl A. Gunter.
ACM Computer and Communications Security (CCS ’19), United Kingdom, November, 2019.

Practical Least Privilege for Cross-Origin Interactions on Mobile Operating Systems.
Güliz Seray Tuncay.
Doctoral Dissertation, University of Illinois at Urbana-Champaign, July, 2019.

BEEER: Distributed Record and Replay for Medical Devices in Hospital Operating Rooms,
Avesta Hojjati, Yunhui Long, Soteris Demetriou, and Carl A. Gunter.
ACM Hot Topics in the Science of Security Symposium (HotSoS), April, 2019, Nashville, TN,  [PPT]

---

2018

Distributed and Secure ML with Self-tallying Multi-party Aggregation,
Yunhui Long, Tanmay Gangwani, Muhammad Haris Mughees, and Carl A. Gunter.
NeurIPS Workshop on Privacy Preserving Machine Learning, Montréal, Canada, December 2018. [VIDEO]

Analysis of Bluetooth Low Energy Beacons in Indoor Localization Policy and Application,
Jerry R. Guo.
Master of Science Thesis, University of Illinois at Urbana-Champaign, December, 2018.

ReSPonSe: Real-time, Secure, and Privacy-aware Video Redaction System,
Bo Chen, Klara Nahrstedt, and Carl A. Gunter.
ACM Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous ’18), November, 2018, New York, NY.

ReSPonSe: Real-time, Secure, and Privacy-aware Video Redaction System.
Bo Chen, Klara Nahrstedt, and Carl Gunter. 2018.
EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous ’18), New York, NY, November 2018,

Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations,
Karan Ganju, Qi Wang, Wei Yang, Carl A. Gunter, and Nikita Borisov.
ACM Computer and Communications Security (CCS ’18), Toronto Canada, October 2018.

NRF: A Naive Re-identification Framework,
Shubhra Kanti, Karmaker Santu, Vincent Bindschadler, ChengXiang Zhai, and Carl A. Gunter.
ACM Workshop on Privacy in an Electronic Society (WPES ’18), Toronto, Canada, October 2018.

CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition.
Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen, Shengzhi Zhang, Heqing Huang, Xiaofeng Wang, Carl A. Gunter.
USENIX Security, Baltimore, MD, 2018.

AliDrone: Enabling Trustworthy Proof-of-Alibi for Commercial Drone Compliance,
Tianyuan Liu, Avesta Hojjati, Adam Bates, and Klara Nahrstedt.
IEEE ICDCS 2018, 38th IEEE International Conference on Distributed Computing Systems, July 2018, Vienna, Austria.

Privacy-Preserving Seedbased Data Structures,
Vincent Bindschaedler.
Doctoral Dissertation, University of Illinois at Urbana-Champaign, July 2018.

De Facto Diagnosis Specialties: Recognition and Discovery,
Aston Zhang, Xun Lu, Carl A. Gunter, Shuochao Yao, Fangbo Tao, Rongda Zhu, Huan Gui, Daniel Fabbri, David Liebovitz, and Bradley Malin.
Learning Health Systems, 2018:e10057, 2018.

Evaluating Detectors on Optimal Attack Vectors that Enable Electricity Theft and DER Fraud,
Varun Badrinath Krishna, Carl A. Gunter, and William H. Sanders.
IEEE Journal of Selected Topics in Signal Processing, August 2018.

Inferring Properties of Neural Networks with Intelligent Designs,
Karan Ganju.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2018.

Analyzing & Designing the Security of Shared Resources on Smartphone Operating systems,
Soteris Demetriou.
Doctoral Thesis, University of Illinois at Urbana-Champaign, May 2018.

Adversarial-Resilience Assurance for Mobile Security Systems,
Wei Yang.
Doctoral Thesis, University of Illinois at Urbana-Champaign, May 2018.

Analyzing & Designing the Security of Shared Resources on Smartphone Operating Systems.
Soteris Demetriou,
Doctoral Dissertation, University of Illinois at Urbana-Champaign, May 2018.

Analyzing & Designing the Security of Shared Resources on Smartphone Operating Systems.
Soteris Demetriou.
Doctoral Dissertation, University of Illinois at Urbana-Champaign, May, 2018.

Toward an Extensible Framework for Redaction,
Soteris Demetriou, Nathaniel D. Kaufman, Jonah Baim, Adam J. Goldsher and Carl A. Gunter.
Workshop on Security and Privacy for the Internet-of-Things (IoTSec), Orlando, FL, April 2018.

CoDrive: Improving Automobile Positioning via Collaborative Driving,
Soteris Demetriou, Puneet Jain, Kyu-Han Kim.
IEEE International Conference on Computer Communications (INFOCOM 18′), Honolulu, HI, April 2018.

Fear and Logging in the Internet of Things,
Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl A. Gunter.
ISOC Network and Distributed System Symposium (NDSS ’18), San Diego, CA, February 2018.

Resolving the Predicament of Android Custom Permissions,
Guliz Seray Tuncay, Soteris Demetriou, Karan Ganju, and Carl A. Gunter.
ISOC Network and Distributed System Security (NDSS ’18), San Diego, CA, February 2018. (Distinguished Paper Award)
Video

---

2017

Ghost Installer in the Shadow: Security Analysis of App Installation on Android
Yeonjoon Lee, Tongxin Li, Nan Zhang; Soteris Demetriou, Mingming Zha, XiaoFeng Wang, Kai Chen; Xiaoyong Zhou; Xinhui Han, Michael Grace
IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 17′), Denver, CO, June 2017.

GB-PANDAS: Throughput and heavy-traffic optimality analysis for affinity scheduling,
Ali Yekkehkhany, Avesta Hojjati, Mohammad H Hajiesmaili.
The 35th International Symposium on Computer Performance, Modeling, Measurements and Evaluation (IFIP 2017), Columbus, NY, November 2017.

Towards Measuring Membership Privacy,
Yunhui Long, Vincent Bindschaedler, and Carl A. Gunter.
arXiv:1712.09136 [cs.CR], December 2017.

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX,
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter.
ACM Computer and Communications Security (CCS ’17), October, 2017.

Mining on Someone Else’s Dime: Mitigating Covert Mining Operations in Clouds and Enterprises,
Rashid Tahir, Muhammad Huzaifa, Anupam Das, Mohammad Ahmad, Carl Gunter, Fareed Zaffar, Matthew Caesar, Nikita Borisov.
Research in Attacks, Intrusions and Defenses (RAID ’17), Atlanta, GA, September, 2017.

Malware Detection in Adversarial Settings: Exploiting Feature Evolutions and Confusions in Android Apps,
Wei Yang, Deguang Kong, Tao Xie, Carl A. Gunter.
Annual Computer Security Applications Conference (ACSAC ’17), December, 2017.

CamForensics: Understanding Visual Privacy Leaks in the Wild,
Animesh Srivastava, Puneet Jain, Soteris Demetriou, Landon Cox, Kyu-Han Kim.
ACM Embedded Networked Sensor Systems (SenSys ’17), November 2017.

Plausible Deniability for Privacy-Preserving Data Synthesis
Vincent Bindschaedler, Reza Shokri, Carl A. Gunter.
VLDB Endowment International Conference on Very Large Data Bases (VLDB ’17), Munich, Germany, August 28, 2017.

HanGuard: SDN-driven Protection of Smart Home WiFi Devices from Malicious Mobile Apps,
Soteris Demetriou, Nan Zhang, Yeonjoon Lee, XiaoFeng Wang, Carl A. Gunter, Xiaoyong Zhou, and Michael Grace.
ACM Security and Wireless and Mobile Networks (WiSec ’17), Boston, MA, July 2017. [PPT]

Visualization and Differential Privacy,
Hyun Bin Lee.
Master of Science Thesis, University of Illinois at Urbana-Champaign, July 2017.

Side-Channel Attacks on Shared Search Indexes
Liang Wang, Paul Grubbs, Jiahui Lu, Vincent Bindschaedler, David Cash, and Thomas Ristenpart
In IEEE Security & Privacy (Oakland) 2017.

Leakage-Abuse Attacks against Order-Revealing Encryption
Paul Grubbs, Kevin Sekniqi, Vincent Bindschaedler, Muhammad Naveed, and Thomas Ristenpart
In IEEE Security & Privacy (Oakland) 2017.

LSTM and Extended Dead Reckoning Automobile Route Prediction Using Smartphone Sensors,
Ryan Freedman,
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2017.

Analyzing Intentions from Big Data Traces of Human Activities,
Aston Zhang.
Doctoral Thesis, University of Illinois at Urbana-Champaign, May 2017.

Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be,
Nan Zhang, Soteris Demetriou, XiangHang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, Xiaofeng Wang, Kai Chen, Yuan Tian, Carl A. Gunter, Kehuan Zhang, Patrick Tague, and Yue-Hsun Lin.
arXiv:1703.09809v1 [cs.CR], March 2017.

Achieving Differential Privacy in Secure Multiparty Data Aggregation Protocols on Star Networks,
Vincent Bindschaedler, Shantanu Rane, Alejandro Brito, Vanishree Rao, and Ersin Uzun.
Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY ’17), 2017.

---

2016

Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android.
Guliz Seray Tuncay, Soteris Demetriou, Carl A. Gunter.
ACM Computer and Communications Security (CCS ’16), October, 2016.

Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets.
Avesta Hojjati, Anku Adhikari, Katarina Struckmann, Edward J. Chou, Thi Ngoc Tho Nguyen, Kushagra Madan, Marianne S. Winslett, Carl A. Gunter, and William P. King.
ACM Computer and Communications Security (CCS ’16), October, 2016.

Synthesizing Plausible Privacy-Preserving Location Traces.
Vincent Bindschaedler, and Reza Shokri.
IEEE Security & Privacy (Oakland) 2016.

Privacy and Security in Mobile Health,
David Kotz, Carl A. Gunter, Santosh Kumar, Jonathan P. Weiner.
IEEE Computer 49(6), 2016.

Privacy Research and Best Practices: Summary of a Workshop for the Intelligence Community,
The National Academies of Sciences, Engineering, and Medicine, 2016.

Secure and Practical Computation on Encrypted Data.
Muhammad Naveed,
Doctoral Thesis, University of Illinois at Urbana-Champaign, April 2016.

Free for All! Assessing User Data Exposure to Advertising Libraries on Android,
Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang and Carl A. Gunter.
ISOC Network and Distributed System Security (NDSS ’16), San Diego, February 2016.

Towards Mobile Query Auto-Completion: An Efficient Mobile Application-Aware Approach,
Aston Zhang, Amit Goyal, Ricardo Baeza-Yates, Yi Chang,  Jiawei Han, Carl A. Gunter, and Hongbo Deng.
25th International World Wide Web Conference (WWW ’16), April 2016.

---

2015

Inferring Clinical Workflow Efficiency via Electronic Medical Record Utilization,
You Chen, Wei Xie, Carl A Gunter, David Liebovitz, Sanjay Mehrotra, He Zhang, and Bradley Malin.
AMIA Symposium, San Francisco, CA, November 2015.

Inference Attacks on Property-Preserving Encrypted Databases,
Muhammad Naveed, Seny Kamara, and Charles V. Wright.
ACM Computer and Communications Security (CCS ’15), October, 2015.

Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward,
Vincent Bindschaedler, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, and Yan Huang.
ACM Computer and Communications Security (CCS ’15), October, 2015.

Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware,
Michael LeMay and Carl A. Gunter.
Logic, Rewriting, and Concurrency, Essays Dedicated to José Meseguer on the Occasion of his 65th Birthday, Urbana, IL, September 2015.

Discovering De Facto Diagnosis Specialities,
Xun Lu, Aston Zhang, Carl A. Gunter, Daniel Fabbri, David Liebovitz, and Bradley Malin.
ACM Conference on Bioinformatics, Computational Biology, and Health Informatics (BCB), Atlanta, GA, September 2015. [PPT]

Security for Mobile and Cloud Frontiers in Healthcare,
David Kotz, Kevin Fu, Carl Gunter, and Avi Rubin.
Communications of the ACM, 58(8), August 2015.

Privacy in the Genomic Era,
Muhammad Naveed, Erman Ayday, Ellen W. Clayton, Jacques Fellay, Carl A. Gunter, Jean-Pierre Hubaux, Bradley A. Malin, and XiaoFeng Wang.
ACM Computing Surveys 48, 1, Article 6, August, 2015.
Associated online tutorial on genomics for computer scientists.

adaQAC: Adaptive Query Auto-Completion via Implicit Negative Feedback,
Aston Zhang, Amit Goyal, Weize Kong, Hongbo Deng, Anlei Dong, Yi Chang, Carl A. Gunter, and Jiawei Han.
ACM Special Interest Group on Information Retrieval Conference (SIGIR ’15), August 9-13, 2015, Santiago, Chile.

Building Bridges Across Electronic Health Record Systems through Inferred Phenotypic Topics,
You Chen, Joydeep Ghosh, Cosmin Adrian Bejan, Carl A. Gunter, Siddharth Gupta, Abel Kho, David Liebovitz, Jimeng Sun, Joshua Denny, and Bradley Malin.
Journal of Biomedical Informatics, Volume 55 (2015), pages 82-93. Appendix.

What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources,
Soteris Demetriou , Xiaoyong Zhouz, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, XiaoFeng Wang, and Carl A Gunter.
ISOC Network and Distributed System Security (NDSS ’15), San Diego, February 2015.

Toward a Science of Learning Systems: a Research Agenda for the High-Functioning Learning Health System,
Charles Friedman. Joshua Rubin, Jeffrey Brown, Melinda Buntin, Milton Corn, Lynn Etheredge, Carl Gunter, Mark Musen, Richard Platt, William Stead, Kevin Sullivan, Douglas Van Houweling.
Journal of the American Medical Informatics Association (JAMIA), 22(1), 2015.

---

2014

Power-Based Diagnosis of Node Silence in Remote High-End Sensing Systems,
Yong Yang, Lu Su, Mohammad Khan, Michael LeMay, Tarek Abdelzaher, and Jiawei Han.
ACM Transactions on Sensor Networks, Vol. 11, No. 2, December 2014.

Decide Now or Decide Later? Quantifying the Tradeoff between Prospective and Retrospective Access Decisions,
Wen Zhang, You Chen, Thaddeus R. Cybulski, Daniel Fabbri, Carl A. Gunter, Patrick Lawlor, David Liebovitz, Bradley Malin.
ACM Computer and Communication Security (CCS), Scottsdale AZ, November 2014.

Controlled Functional Encryption,
Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, and Carl A. Gunter.
ACM Computer and Communication Security (CCS), Scottsdale AZ, November 2014.

Detecting Privacy-Sensitive Events in Medical Text,
Prateek Jindal, Carl A. Gunter, and Dan Roth.
ACM Bioinformatics, Computational Biology, and Health Informatics (BCB),  Newport Beach, CA, September 2014. (Technical Report.)

Decision Support for Data Segmentation (DS2): Application to Pull Architectures for HIE,
Carl A. Gunter, Mike Berry, and Martin French.
USENIX Safety, Security, Privacy, and Interoperability of Health Information Technologies (HealthTech ’14), San Diego, August 2014.

Security Concerns in Android mHealth Apps
Dongjing He, Muhammad Naveed, Carl A. Gunter, and Klara Nahrstedt
AMIA Symposium, Washington DC, November 2014

Privacy-Preserving Vehicle Miles Traveled (PPVMT) Tax
Gaurav Lahoti
Master of Science Thesis, University of Illinois at Urbana-Champaign, August 2014.

Android at Risk: Current Threats Stemming from Unprotected Local and External Resources
Soteris Demetriou
Master of Science Thesis, University of Illinois at Urbana-Champaign, August 2014.

The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations,
Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed, and XiaoFeng Wang.
IEEE Symposium on Security and Privacy, San Jose, CA, May 2014.

Diagnosis Based Specialist Identification in the Hospital,
Xun Lu.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

Privacy-Preserving Audit for Broker-Based Health Information Exchange,
Se Eun Oh.
Masters of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

Security Threats to Android Apps,
Dongjing He.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware,
Michael LeMay and Carl A. Gunter.
arXiv:1404.3465 [cs.CR], April 2014.

Hurdles for Genomic Data Usage Management,
Muhammad Naveed.
IEEE Workshop on Data Usage Management (DUMA ’14), San Jose, CA, May 2014.

Dynamic Searchable Encryption via Blind Storage,
Muhammad Naveed, Manoj Prabhakaran, and Carl A. Gunter.
IEEE Symposium on Security and Privacy, San Jose, CA, May 2014.

Privacy Risk in Anonymized Heterogeneous Information Networks,
Aston Zhang, Xing Xie, Kevin Chen-Chuan Chang, Carl A. Gunter, Jiawei Han, and XiaoFeng Wang.
Extending Database Technologies (EDBT’14), Athens, Greece, March 2014.

Privacy-Preserving Audit for Broker-Based Health Information Exchange
Se Eun Oh, Ji Young Chun, Limin Jia, Deepak Garg, Carl A. Gunter, Anupam Datta.
ACM Conference on Data and Application Security and Privacy (CODASPY ’14), San Antonio, TX, March 2014.

Privacy-Preserving Audit for Broker-Based Health Information Exchange,
Se Eun Oh, Ji Young Chun, Limin Jia, Deepak Garg, Carl A. Gunter, Anupam Datta.
ACM Conference on Data and Application Security and Privacy (CODASPY ’14), San Antonio, TX, March 2014.

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android,
Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang, Carl A Gunter.
ISOC Network and Distributed Computing Security (NDSS 14), San Diego, CA, February 2014.

---

2013

Securing Information Technology in Healthcare
Denise Anthony, Andrew T. Campbell, Thomas Candon, Andrew Gettinger, David Kotz, Lisa A. Marsch, Andres Molina-Markham, Karen Page, Sean Smith, Carl A. Gunter, and M. Eric Johnson
IEEE Security & Privacy, Vol.11, No.6, pp.25,33, Nov.-Dec. 2013.

Identity, Location, Disease and More: Inferring Your Secrets from Android Public Resources,
Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, Xiaofeng Wang Carl A. Gunter, Klara Nahrstedt.
ACM Computer and Communication Security (CCS ’13), Berlin Germany, November 2013.

Building a Smarter Health and Wellness Future: Privacy and Security Challenges,
Carl A. Gunter. 
Chapter 9 in ICTs and the Health Sector: Towards Smarter Health and Wellness Models, OECD, October 2013, pages 141-157.

Requirements and Design for an Extensible Toolkit for Analyzing EMR Audit Logs,
Eric Duffy, Steve Nyemba, Carl A. Gunter, David Liebovitz, and Bradley Malin.
USENIX Workshop on Health Information Technologies (HealthTech 13), August 2013.

Modeling and Detecting Anomalous Topic Access
Siddharth Gupta, Casey Hanson, Carl A. Gunter, Mario Frank, David Liebovitz, and Bradley Malin
IEEE Intelligence and Security Informatics (ISI 13), June 2013. [BIB][PPT]

Implementing Health Information Exchange with Searchable Encryption,
Igors Svecs.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2013.

Modeling and Detecting Anomalous Topic Access in EMR Audit Logs,
Siddharth Gupta.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2013.

Facilitating Patient and Administrator Analyses of Electronic Health Record Accesses,
Eric Duffy.
Master of Science Thesis, University of Illinois at Urbana-Champaign, August 2013.

Friendsourcing to Detect Network Manipulation,
Ravinder Shankesi.
Doctoral Thesis, University of Illinois at Urbana-Champaign, August 2013.

Evolving Role Definitions Through Permission Invocation Patterns
Wen Zhang, You Chen, Carl A. Gunter, David Liebovitz, and Bradley Malin
ACM Symposium on Access Control Models and Technologies (SACMAT ’13), June 2013. [BIB]

Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits,
He Zhang, Sanjay Mehotra, David Liebovitz, Carl A. Gunter, and Bradley Malin.
ACM Transactions on Management Information Systems, Vol. 4, No. 4, Article 17, December 2013.

---

2012

Report of Preliminary Findings and Recommendations
State of Illinois Health Information Exchange Authority Data Security and Privacy Committee
September 2012.

Tragedy of Anticommons in Digital Right Management of Medical Records
Quanyan Zhu, Carl Gunter, and Tamar Basar
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012. [BIB]

Cumulative Attestation Kernels for Embedded Systems
Michael LeMay and Carl A. Gunter
IEEE Transactions on Smart Grid, June 2012. [BIB]

Adaptive Selective Verification: An Efficient Adaptive Countermeasure to Thwart DoS Attacks
Sanjeev Khanna, Santosh S. Venkatesh, Omid Fatemieh, Fariba Khan, and Carl A. Gunter
IEEE/ACM Transactions on Networking, June 2012. [BIB]

DECENT: A Decentralized Architecture for Enforcing Privacy in Online Social Networks
Sonia Jahid, Shirin Niliazdeh, Prateek Mittal, Nikita Borisov, and Apu Kapadia
IEEE International Workshop on Security and Social Networking (SESOC ’12), Lugano, Switzerland, March 2012. [BIB]

---

2011

Reliable Telemetry in White Spaces using Remote Attestation
Omid Fatemieh, Michael LeMay, and Carl A. Gunter
Annual Computer Security Applications Conference (ACSAC ’11), Orlando, FL, December 2011. [PPT][BIB][Related]

Assuring Network Service with Bandwidth and Integrity Based Fairness
Fariba Khan
Doctoral Thesis, University of Illinois at Urbana-Champaign, November 2011. [BIB]

Role Prediction using Electronic Medical Record System Audits
Wen Zhang, Carl A. Gunter, David Liebovitz, Jian Tian, and Bradley Malin
AMIA 2011 Annual Symposium, Washington, DC, October 2011. [PPT][BIB]

Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems
Carl A. Gunter, David M. Liebovitz, and Bradley Malin
IEEE Security & Privacy, volume 9, number 5, September/October 2011. [BIB]

Compact Integrity-Aware Architectures
Michael LeMay
Doctoral Thesis, University of Illinois at Urbana-Champaign, August 2011. [BIB][Related]

Automated Framework for Formal Operator Task Analysis
Ayesha Yasmeen and Elsa L. Gunter
ACM International Symposium on Software Testing and Analysis (ISSTA ’11), Toronto, Canada, July 2011. [BIB]

Improving the Security in Interconnecting Building Automation Systems to Outside Networks
Hee Dong Jung
Master of Science Thesis, University of Illinois at Urbana-Champaign, July 2011. [BIB]

Enforcing Executing-Implies-Verified with the Integrity-Aware Processor
Michael LeMay and Carl A. Gunter
International Conference on Trust and Trustworthy Computing (TRUST ’11), Pittsburgh, PA, June 2011. [PPT][BIB][Related]
The original publication is available at www.springerlink.com.

Formalizing Operator Task Analysis
Ayesha Yasmeen
Doctoral Thesis, University of Illinois at Urbana-Champaign, June 2011. [BIB]

Making DTNs Robust Against Spoofing Attacks with Localized Countermeasures
Md Yusuf Sarwar Uddin, Ahmed Khurshid, Hee Dong Jung, Carl Gunter, Matthew Caesar and Tarek Abdelzaher
IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON ’11), Salt Lake City, UT, June 2011. [BIB]

PCAST Workgroup Letter to the National Coordinator
Paul Egerman (Chair), Bill Stead (Vice Chair) and the PCAST Workgroup Members
Office of the National Coordinator for Health and Human Services Health Information Policy Committee, April 2011.

Reconstructing Hash Reversal-Based Proof of Work Schemes
Jeff Green, Joshua Juen, Omid Fatemieh, Ravinder Shankesi, Dong Jin and Carl A. Gunter
USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET ’11), Boston, MA, March 2011. [BIB]

EASiER: Encryption-based Access Control in Social Networks with Efficient Revocation
Sonia Jahid, Prateek Mittal, and Nikita Borisov
ACM Symposium on Information, Computer and Communications Security (ASIACCS ’11), Hong Kong, March 2011. [BIB]

Using Classification to Protect the Integrity of Spectrum Measurements in White Space Networks
Omid Fatemieh, Ali Farhadi, Ranveer Chandra and Carl A. Gunter
Network and Distributed System Security Symposium (NDSS ’11), San Diego, CA, February 2011. [PPT][BIB]

MyABDAC: Compiling XACML Policies for Attribute-Based Database Access Control
Sonia Jahid, Carl A. Gunter, Imranul Hoque and Hamed Okhravi 
ACM Conference on Data and Application Security and Privacy, San Antonio, TX, February 2011. [BIB]

Assuring Robustness of Radio Spectrum Telemetry Against Vandalism and Exploitation
Omid Fatemieh
Doctoral Thesis, University of Illinois at Urbana-Champaign, February 2011. [BIB]

Distributed Non-Intrusive Load Monitoring
David C. Bergman, Dong Jin, Joshua P. Juen, Naoki Tanaka, Carl A. Gunter and Andrew Wright
IEEE/PES Conference on Innovative Smart Grid Technologies (ISGT ’11), Anaheim, CA, January 2011. [BIB][Related]

Application-Aware Secure Multicast for Power Grid Communications
Jianqing Zhang and Carl A. Gunter
International Journal of Security and Networks (IJSN), volume 6, number 1, 2011. [BIB][Related]

Nonintrusive Load-Shed Verification
David C. Bergman, Dong Jin, Joshua P. Juen, Naoki Tanaka, Carl A. Gunter and Andrew K. Wright
IEEE Pervasive Computing, Special Issue on Smart Energy Systems, volume 10, number 1, pages 49-57, 2011. [BIB][Related]

---

2010

Attribute-Based Messaging: Access Control and Confidentiality
Rakesh Bobba, Omid Fatemieh, Fariba Khan, Arindam Khan, Carl A. Gunter, Himanshu Khurana and Manoj Prabhakaran
ACM Transactions on Information and Systems Security (TISSEC), volume 13, number 4, December 2010.

Tiered Incentives for Integrity Based Queuing
Fariba Khan and Carl A. Gunter
USENIX OSDI, Workshop on the Economics of Networks, Systems, and Computation (NetEcon ’10), Vancouver, BC, Canada, October 2010. [BIB]

Application-Aware Secure Multicast for Power Grid Communications
Jianqing Zhang and Carl A. Gunter
IEEE International Conference on Smart Grid Communications (SmartGridComm ’10), Gaithersburg, MD, October 2010. [PPT][BIB][Related]

Resource Inflation Threats to Denial of Service Countermeasures
Ravinder Shankesi, Omid Fatemieh and Carl A. Gunter
Technical Report, University of Illinois at Urbana-Champaign, October 2010.

Secure Multicast for Power Grid Communications
Jianqing Zhang
Doctoral Thesis, University of Illinois at Urbana-Champaign, September 2010. [Related]

Low Cost and Secure Smart Meter Communications using the TV White Spaces
Omid Fatemieh, Ranveer Chandra and Carl A. Gunter
IEEE International Symposium on Resilient Control Systems (ISRCS ’10), Idaho Falls, ID, August 2010. [PPT][BIB][Related]

Secure Collaborative Sensing for Crowdsourcing Spectrum Data in White Space Networks
Omid Fatemieh, Ranveer Chandra and Carl A. Gunter
IEEE Symposia on New Frontiers in Dynamic Spectrum Access Networks (DySPAN ’10), Singapore, April 2010. [BIB]

Diagnostic Powertracing for Sensor Node Failure Analysis
Mohammad Maifi Hasan Khan, Hieu K. Le, Michael LeMay, Parya Moinzadeh, Lili Wang, Yong Yang, Dong K. Noh, Tarek Abdelzaher, Carl A. Gunter, Jiawei Han and Xin Jin
ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN ’10), Stockholm, Sweden, April 2010. [Related]

---

2009

MAVMM: A Lightweight and Purpose-Built VMM for Malware Analysis
Anh M. Nguyen, Nabil Schear, Hee Dong Jung, Apeksha Godiyal, Sam T. King, Hai Nguyen
Annual Computer Security Applications Conference (ACSAC ’09), Honolulu, HI, December 2009.

A Medical Database Case Study for Reflective Databases Access Control
Lars Olson, Carl A. Gunter and Sarah Peterson Olson
Security and Privacy in Medical and Homecare Systems (SPIMACS ’09), Chicago, IL, November 2009. [PPT]

Completeness of Discovery Protocols
Alwyn Goodloe and Carl A. Gunter
Assurable and Usable Security Configuration (SafeConfig ’09), Chicago, IL, November 2009.

A Conceptual Framework for the Vehicle-to-Grid (V2G) Implementation
Christophe Guille and George Gross
Energy Policy, volume 37, issue 11, pages 4379-4390, November 2009. [Related]

Reflective Database Access Control
Lars E. Olson
Doctoral Thesis, University of Illinois at Urbana-Champaign, October 2009. [PPT]

Sh@re: Negotiated Audit in Social Networks
Alejandro Gutierrez, Apeksha Godiyal, Matt Stockton, Michael LeMay, Carl A. Gunter and Roy H. Campbell
IEEE International Conference on Systems, Man, and Cybernetics (SMC ’09), San Antonio, TX, October 2009.

Cumulative Attestation Kernels for Embedded Systems
Michael LeMay and Carl A. Gunter
European Symposium on Research in Computer Security (ESORICS ’09), Saint Malo, France, September 2009. The original publication is available at www.springerlink.com [PPT][Related]

Model-Checking DoS Amplification for VoIP Session Initiation
Ravinder Shankesi, Musab AlTurki, Ralf Sasse, Carl A. Gunter and Jose Meseguer
European Symposium on Research in Computer Security (ESORICS ’09), Saint Malo, France, September 2009.

Implementing Reflective Access Control in SQL
Lars E. Olson, Carl A. Gunter, William R. Cook and Marianne Winslett
23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec ’09), Montreal, QC, July 2009. [PPT]

Strong and Weak Policy Relations
Michael J. May, Insup Lee, Carl A. Gunter and Steve Zdancewic
IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY ’09), London, UK, July 2009.

Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers
Carl A. Gunter
IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY ’09), London, UK, July 2009. [PPT][Related]

Addressing Safety and Security Contradictions in Cyber-Physical Systems
Mu Sun, Sibin Mohan, Lui Sha and Carl A. Gunter
Workshop on Future Directions in Cyber-Physical Systems, July 2009.

Safety in Discretionary Access Control for Logic-based Publish-Subscribe Systems
Kazuhiro Minami, Nikita Borisov and Carl A. Gunter
ACM Access Control Models and Technologies (Sacmat ’09), Stresa, Italy, June 2009.

How to Bootstrap Security for Ad-Hoc Networks: Revisited
Wook Shin, Carl A. Gunter, Shinsaku Kiyomoto, Kazuhide Fukushima and Toshiaki Tanaka
IFIP Information Security Conference (SEC ’09), Pafos, Cyprus, May 2009.

PBES: A Policy Based Encryption System with Application to Data Sharing in the Power Grid
Rakeshbabu Bobba, Himanshu Khurana, Musab AlTurki, and Farhana Ashraf
ACM Symposium on Information, Computer and Communication Security (ASIACCS ’09), Sydney Australia, March 2009. [Related]

Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol
Musab AlTurki, Jose Meseguer and Carl A. Gunter
Electronic Notes in Theoretical Computer Science 234, pages 3-18, 2009. [BIB]

Collaborative Recommender Systems for Building Automation
Michael LeMay, Jason J. Haas and Carl A. Gunter
IEEE Hawaii International Conference on System Sciences (HICSS ’09), Waikoloa, HI, January 2009. [PPT][BIB][Related]

Guest Editorial Network Infrastructure Configuration
Paul Anderson, Carl A. Gunter, Charles R. Kalmanek, Sanjai Narain, Jonathan M. Smith, Rajesh Talpade and Geoffrey G. Xie
IEEE Journal on Selected Areas in Communications, volume 27, issue 3, pages 249-252, 2009.

Specifying and Analyzing Workflows for Automated Identification and Data Capture
Elsa L. Gunter, Ayesha Yasmeen, Carl A. Gunter and Anh Nguyen
IEEE Hawaii International Conference on System Sciences (HICSS ’09), Waikoloa, HI, January 2009.

---

2008

Using Rhythmic Nonces for Puzzle-Based DoS Resistance
Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin and Daniel Rebolledo
ACM Computer Security Architectures Workshop (CSAW ’08), Fairfax, VA, October 2008. [PPT][BIB]

A Formal Framework for Reflective Database Access Control Policies
Lars E. Olson, Carl A. Gunter and P. Madhusudan
ACM Conference on Computer and Communications Security (CCS ’08), Alexandria, VA, October 2008. [PPT]

Modular Preservation of Safety Properties by Cookie-Based DoS-Protection Wrappers
Rohit Chadha, Carl A. Gunter, Jose Meseguer, Ravinder Shankesi and Mahesh Viswanathan
IFIP Formal Methods for Open Object-based Distributed Systems (FMOODS ’08), Oslo, Norway, June 2008. [BIB]

Adaptive Selective Verification
Sanjeev Khanna, Santosh S. Venkatesh, Omid Fatemieh, Fariba Khan and Carl A. Gunter
IEEE Conference on Computer Communications (INFOCOM ’08), Phoenix, AZ, April 2008. [PPT][BIB]

Dependable Emergency-Response Networking Based on Retaskable Network Infrastructures
Michael LeMay
Master of Science Thesis, University of Illinois at Urbana-Champaign, April 2008. [BIB]

PAS: A Wireless-Enabled, Cell-Phone-Incorporated Personal Assistant System for Independent and Assisted Living
Zheng Zeng, Sammy Yu, Wook Shin and Jennifer C. Hou
IEEE International Conference on Distributed Computing Systems (ICDCS ’08), Beijing, China, June 2008.

A Foundation for Tunnel-Complex Protocols
Alwyn E. Goodloe
Doctoral Thesis, University of Pennsylvania, March 2008. [BIB]

Privacy APIs: Formal Models for Analyzing Legal Privacy Requirements
Michael J. May
Doctoral Thesis, University of Pennsylvania, March 2008. [BIB]

An Integrated Architecture for Demand Response Communications and Control (awarded best paper)
Michael LeMay, Rajesh Nelli, George Gross and Carl A. Gunter
IEEE Hawaii International Conference on System Sciences (HICSS ’08), Waikoloa, HI, January 2008. [PPT][BIB][Related]

---

2007

Supporting Emergency-Response by Retasking Network Infrastructures
Michael LeMay and Carl A. Gunter
ACM Workshop on Hot Topics in Networking (HotNets-VI), Atlanta, GA, November 2007. [PPT][BIB][Related]

Improving Multi-Tier Security Using Redundant Authentication
Jodie P. Boyer, Ragib Hasan, Lars E. Olson, Nikita Borisov, Carl A. Gunter and David Raila
ACM Computer Security Architecture Workshop (CSAW ’07), Fairfax, VA, November 2007. [PPT][BIB][PSTR]

Reasoning about Concurrency for Security Tunnels
Alwyn E. Goodloe and Carl A. Gunter
IEEE Computer Security Foundations (CSF ’07), Venice, Italy, July 2007. [PPT][BBT]

Emergency Alerts as RSS Feeds with Interdomain Authorization
Filippo Gioachin, Ravinder Shankesi, Michael J. May, Carl A. Gunter and Wook Shin
IARIA International Conference on Internet Monitoring and Protection (ICIMP ’07), Santa Clara, CA, July 2007. [PPT][BIB]

PolicyMorph: Interactive Policy Transformations for a Logical Attribute-Based Access Control Framework
Michael LeMay, Omid Fatemieh and Carl A. Gunter
ACM Symposium on Access Control Models And Technologies (SACMAT ’07), Sophia Antipolis, France, Jun 2007. [PPT][BIB]

PAS: A Wireless-Enabled, Sensor-Integrated Personal Assistance System for Independent and Assisted Living
Jennifer C. Hou, Qixin Wang, Bedoor K. AlShebli, Linda Ball, Stanley Birge, Marco Caccamo, Chin-Fei Cheah, Eric Gilbert, Carl A. Gunter, Elsa Gunter, Chang-Gun Lee, Karrie Karahalios, Min-Young Nam, Narasimhan Nitya, Chaudhri Rohit, Lui Sha, Wook Shin, Sammy Yu, Yang Yu and Zheng Zeng
High Confidence Medical Device Software and Systems (HCMDSS ’07), Boston, MA, June 2007.

A Systematic Approach to Uncover Security Flaws in GUI Logic
Shuo Chen, Jose Meseguer, Ralf Sasse, Helen J. Wang and Yi-Min Wang
IEEE Security and Privacy, Oakland CA, May 2007. [PPT][BIB]

On the Safety and Efficiency of Firewall Policy Deployment
Charles C. Zhang, Marianne Winslett and Carl A. Gunter
IEEE Security and Privacy, Oakland CA, May 2007. [PPT][BIB]

How Much Bandwidth Can Botnets Commandeer?Michael Greenwald, Sanjeev Khanna and Santosh Venkatesh
2nd Annual Information Theory and Applications Workshop, San Diego, CA, February 2007.

Fair Coalitions for Power-Aware Routing in Wireless Networks
Ratul K. Guha, Carl A. Gunter and Saswati Sarkar
IEEE Transactions on Mobile Computing, volume 6, nubmer 2, pages 206-220, February 2007. [BIB]

Unified Architecture for Large-Scale Attested Metering
Michael LeMay, George Gross, Carl A. Gunter and Sanjam Garg
IEEE Hawaii International Conference On System Sciences (HICSS ’07), Waikoloa, HI, January 2007. [PPT][BIB][Related]

---

2006

AMPol-Q: Adaptive Middleware Policy to Support QoS
Raja Afandi, Jianqing Zhang and Carl A. Gunter
ACM International Conference on Service Oriented Computing (ICSOC ’06), Chicago, IL, December 2006. [PPT][BIB]

AMPol: Adaptive Messaging Policy
Raja Afandi, Jianqing Zhang, Munawar Hafiz and Carl A. Gunter
IEEE European Conference on web Services (ECOWS ’06), Zurich, Switzerland, December 2006. [PPT][BIB]

Using Attribute-Based Access Control to Enable Attribute-Based Messaging
Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter and Himanshu Khurana
IEEE Annual Computer Security Applications Conference (ACSAC ’06) , Miami, FL, December 2006. [PPT][BIB]

Reducing Risk by Managing Software Related Failures in Networked Control Systems
Girish Baliga, Scott Graham, Carl A. Gunter and P. R. Kumar
IEEE Conference on Decision and Control (CDC ’06), San Diego, CA, December 2006. [PPT][BIB]

Defeasible Security Policy Composition for Web Services
Adam J. Lee, Jodie P. Boyer, Lars E. Olson and Carl A. Gunter
ACM Formal Methods in Software Engineering (FMSE ’06), Alexandria, VA, November 2006. [PPT][BIB]

Securing the Drop-Box Architecture for Assisted Living
Michael J. May, Wook Shin, Carl A. Gunter and Insup Lee
ACM Formal Methods in Security Engineering (FMSE ’06), Alexandria, VA, November 2006. [BIB]

I-Living: An Open System Architecture for Assisted Living
Qixin Wang, Wook Shin, Xue Liu, Zheng Zeng, Cham Oh, Bedoor K. AlShebli, Marco Caccamo, Carl A. Gunter, Elsa L. Gunter, Jennifer Hou, Karrie Karahalios and Lui Sha
IEEE Systems, Man, and Cybernetics (SMC ’06), Taipei, Taiwan, October 2006. [PPT][CITES]

Outsourcing Security Analysis with Anonymized Logs
Jianqing Zhang, Nikita Borisov and William Yurcik
IEEE 2nd International Workshop on the Value of Security through Collaboration (SECOVAL’06), Baltimore, MD, September 2006. [PPT][BIB]

Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
Michael J. May, Carl A. Gunter and Insup Lee
IEEE Computer Security Foundations Workshop (CSFW  ’06), Venice, Italy, July 2006. [PPT][BIB][CITES]

Acoustic Surveillance of Physically Unmodified PCs
Michael LeMay and Jack Tan
CSREA Security and Management (SAM 06), Las Vegas, NV, June 2006. [PPT][BIB]

Using Attribute-Based Access Control to Enable Attribute-Based Messaging
Fariba Khan
Master of Science Thesis, University of Illinois at Urbana-Champaign, 2006.[BIB]

Trustworthy Cyber-Infrastructure for Power (TCIP)
TCIP Team
Workshop on Research Directions for Security and Networking in Critical Real-Time and Embedded Systems, San Jose CA, April 2006.

Privacy Sensitive Location Information Systems in Smart Buildings
Jodie P. Boyer, Kaijun Tan and Carl A. Gunter
Springer Security in Pervasive Computing (SPC ’06), Lecture Notes in Computer Science, pages 149-164, York, UK, April 2006. [PPT][BIB]

---

2005

L3A: A Protocol for Layer Three Accounting
Alwyn Goodloe, Carl A. Gunter, Matthew Jacobs and Gaurav Shah
IEEE Workshop on Secure Network Protocols (NPsec ’05), Boston, MA, November 2005. [PPT][BIB]

Mitigating DoS Attack Through Selective Bin Verification
Micah Sherr, Michael Greenwald, Carl A. Gunter, Sanjeev Khanna and Santosh Venkatesh
IEEE Workshop on Secure Network Protocols (NPsec ’05), Boston, MA, November 2005. [PPT][BIB]

WSEmail: Secure Internet Messaging Based on Web Services
Kevin D. Lux, Michael J. May, Nayan L. Bhattad and Carl A. Gunter
IEEE International Conference on Web Services (ICWS ’05), Orlando, FL, July 2005. [PPT][BIB]

Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories
Gul Agha, Michael Greenwald, Carl A. Gunter, Sanjeev Khanna, Jose Meseguer, Koushik Sen and Prasannaa Thati
IEEE Workshop on Foundations of Computer Security (FCS ’05), Chicago, IL, June 2005. [PPT][BIB]

Formal Prototyping in Early Stages of Protocol Design
Alwyn Goodloe, Carl A. Gunter and Mark-Oliver Stehr
IFIP/ACM Workshop on Issues in the Theory of Security (WITS ’05), Long Beach, CA, January 2005. [PPT][BIB]

---

See Also

• Publications of Carl A. Gunter
• Dissertations
• Projects of Illinois Security Lab
• Penn Security Lab

Last updated on Thursday, June 26, 2014, 12:49 pm