Security and Cryptography

Welcome to the web page for security and cryptography research in the Department of Computer Science and Engineering at the University of California at San Diego. Our group conducts research in areas spanning from theory to practice: we work on the theoretical foundations of cryptography; the development and analysis of cryptographic protocols and algorithms; and on applied cryptography, systems security, and network security. In line with our broad security-related research interests, we are affiliated and actively collaborate with the Theory Group, Programming Systems and the Systems and Networking Group here at UCSD.

People  |   News  |   Publications  |   Sponsors
Faculty
Mihir Bellare
Nadia Heninger
Russell Impagliazzo
 Daniele Micciancio
Stefan Savage
Aaron Schulman
 Alex C. Snoeren
Deian Stefan
Geoffrey M. Voelker
Affiliated Faculty
kc claffy
Kamalika Chaudhuri
Ranjit Jhala
Ryan Kastner
 Sorin Lerner
Nadia Polikarpova
Steven Swanson
Dean Tullsen
 Yiying Zhang
Yuanyuan Zhou
Adjunct Faculty
Kirill Levchenko Hovav Shacham
Scientists, Postdocs and Research Staff
Daniel Moghimi Cindy Moore
PhD Students
Gautam Akiwate
Vivek Arte
Nishant Bhaskar
Sunjay Cauligi
Sam Crow
Wei Dai
Hannah Davis
Craig Disselkoen
Alex Gamero-Garrido
Marcella Hastings
Evan Johnson
 Baiyu Li
Enze Alex Liu
Ariana Mirian
Shravan Narayan
Ruth Ng
Audrey Randall
John Renner
Keegan Ryan
Mark Schultz
Laura Shea
Bingyu Shen
 Mingyao Shen
Michael Smith
Jessica Sorrell
Igors Stepanovs
Adam Suhl
George Sullivan
David Thien
Alisha Ukani
Psi Vesely
Yudong Wu
Chengcheng Xiang
Recent Alumni
Klaus von Gleissenthall (postdoc 2016-2020) VU Amsterdam (assistant professor)
Guo "Vector" Li (Ph.D. 2020) Google

Felix Guenther (postdoc 2018-2019) ETH Zurich (postdoc)
Joseph Jaeger (Ph.D. 2019) University of Washington (postdoc)
Nicholas Genise (Ph.D. 2019) Rutgers University (postdoc)SRI
Zhaomo Yang (Ph.D. 2019) Google
Louis DeKoven (Ph.D. 2019) Facebook
Brown Farinholt (Ph.D. 2019) Facebook
Maxwell Bland (M.S. 2019) University of Illinois Ph.D. program
Gary Soeller Mason America
Brian Johannesmeyer Vrije Universiteit Ph.D. program

Joe DeBlasio (Ph.D. 2018) Google
Michael Walter (Ph.D. 2018) IST Vienna, Austria (postdoc)
Brian Kantor (retired 2018) ARDC
Liz Izhikevich (M.S. 2018) Stanford Ph.D. program
Evan Ronceivch (M.S. 2018) Sandia National Labs

Tianyin Xu (Ph.D. 2017) Facebook (Visiting Scientist)University of Illinois Urbana Champaign
Danny Huang (Ph.D. 2017) → Princeton (postdoc)NYU Poly
Xinxin Jin (Ph.D. 2017) Whova
[All Alumni]
Recent News

Stefan Savage June 2— The awards keep on rolling in! Today it was announced that Stefan Savage has received the 2021 Academic Senate Distinguished Research Award, which is awarded "for the ground-breaking research conducted by members of the UCSD faculty". This particular award comes with work, however: Stefan has to give a university-wide lecture on his research. Congratulations Stefan, and we all look forward to your lecture!

May 20— Congratulations to Sunjay Cauligi, Craig Disselkoen, Klaus von Gleissenthall, Dean Tullsen, and Deian Stefan, and their collaborators Tamara Rezk and Gilles Barthe, for making it as finalists in the inaugural Intel Hardware Security Academic Award for their PLDI 2020 paper on speculatively constant-time foundations. HASH(0x1317968)

AAAS April 22— Congratulations to Stefan Savage for being elected to the American Academy of Arts & Sciences! The Academy celebrates excellence across every field of human endeavor "to cultivate every art and science which may tend to advance the interest, honor, dignity, and happiness of a free, independent, and virtuous people." Being elected to the Academy is a tremendous honor and outstanding achievement. Way to go, Stefan! Stefan Savage

Audrey Randall January 5— Congratulations to Audrey Randall (and her co-authors) for being named as a winner of the Internet Research Task Force's Applied Networking Research Prize for her work on the Trufflehunter DNS inference system.
[All News]
Recent Publications

Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices, Hadi Givehchian, Nishant Bhaskar, Dinesh Bharadia, and Aaron Schulman, Proceedings of the IEEE Symposium on Security and Privacy, May 2022.

SugarCoat: Programmatically generating privacy-Preserving, Web-compatible resource replacements for content blocking, Michael Smith, Peter Snyder, Ben Livshits, and Deian Stefan, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.

On Bounded Distance Decoding with Predicate: Breaking the "Lattice Barrier" for the Hidden Number Problem, Martin R Albrecht and Nadia Heninger, Proceedings of Eurocrypt 2021, Zagreb, Croatia, October 2021.

On the Security of Homomorphic Encryption on Approximate Numbers, Baiyu Li and Daniele Micciancio, Proceedings of Eurocrypt 2021, Zagreb, Croatia, October 2021.

Hopper: Modeling and Detecting Lateral Movement, Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, and David Wagner, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns, Maximillian Golla, Grant Ho, Marika Lohmus, Monica Pulluri, and Elissa M. Redmiles, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

Swivel: Hardening WebAssembly against Spectre, Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, and Deian Stefan, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

Jetset: Targeted Firmware Rehosting for Embedded Systems, Evan Johnson, Maxwell Bland, Yifei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, and Kirill Levchenko, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

Can Systems Explain Permissions Better? Understanding Users' Misperceptions under Smartphone Runtime Permission Model, Bingyu Shen, Lili Wei, Chengcheng Xiang, Yudong Wu, Mingyao Shen, Yuanyuan Zhou, and Xinxin Jin, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

STORM: Refinement Types for Secure Web Applications, Nico Lehmann, Rose Kunkel, Jordan Brown, Jean Yang, Niki Vazou, Nadia Polikarpova, Deian Stefan, and Ranjit Jhala, Proceedings of the 15th USENIX Symposium on Operating System Design and Implementation (OSDI), Virtual, July 2021.

Scooter & Sidecar: A Domain-Specific Approach to Writing Secure Database Migrations, John Renner, Alex Sanchez-Stern, Fraser Brown, Sorin Lerner, and Deian Stefan, Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), Virtual, June 2021.

CoResident Evil: Covert Communications in the Cloud with Lambdas, Anil Yelam, Ariana Mirian, Keerthana Ganesan, Shibani Subbareddy, and Stefan Savage, Proceedings of the Web Conference (WWW), Ljubljana, Solvenia, arp 2021.

High-Assurance Cryptography in the Spectre Era, Gilles Barthe, Sunjay Cauligi, Benjamin Gregoire, Adrien Koutsos, Kevin Liao, Tiago Oliveira, Swarn Priya, Tamara Rezk, and Peter Schwabe, Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2021.

Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority, Megan Chen, Carmit Hazay, Yuval Ishai, Yuriy Kashnikov, Daniele Micciancio, Tarik Riviere, Abhi Shelat, Muthuramakrishnan Venkitasubramaniam, and Ruihan Wang, Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2021.

Clairvoyance: Inferring Blocklist Use on the Internet, Vector Guo Li, Gautam Akiwate, Kirill Levchenko, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the Passive and Active Measurement Conference (PAM), Brandenburg, Germany, March 2021.

Доверя́й, но проверя́й: SFI safety for native-compiled Wasm, Evan Johnson, David Thien, Yousef Alhessi, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, and Deian Stefan, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2021.

Automatically Eliminating Speculative Leaks from CryptograpHic Code with Blade, Marco Vassena, Craig Disselkoen, Klaus v. Gleissenthall, Sunjay Cauligi, Rami Gokhan Kici, Ranjit Jhala, Dean Tullsen, and Deian Stefan, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Internet, January 2021. (Distinguished paper).

Simpler Statistically Sender Private Oblivious Transfer from Ideals of Cyclotomic Integers, Daniele Micciancio and Jessica Sorrell, Proceedings of Asiacrypt 2020, Virtual, December 2020.

The Road to Less Trusted Code: Lowering the Barrier to In-Process Sandboxing, Tal Garfinkel, Shravan Narayan, Craig Disselkoen, Hovav Shacham, and Deian Stefan, USENIX ;login: 45(5), December 2020.

Unresolved Issues: Prevalence, Persistence and Perils of Lame Nameservers, Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Ian Foster, Stefan Savage, Geoffrey M. Voelker, and kc Claffy, Proceedings of the ACM Internet Measurement Conference, Pittsburgh, Pennsylvania (via the Internet), October 2020.

Trufflehunter: Cache Sniffing Rare Domains at Large Public DNS Resolvers, Audrey Randall, Enze Liu, Gautam Akiwate, Ramakrishna Padmanabhan, Stefan Savage, Geoffrey M. Voelker, and Aaron Schulman, Proceedings of the ACM Internet Measurement Conference, Pittsburgh, Pennsylvania (via the Internet), October 2020.

Comparing the Difficulty of Factorization and Discrete Logarithm: A 240-Digit Experiment, Fabrice Boudot, Pierrick Gaudry, Aurore Guillevic, Nadia Heninger, Emmanuel Thom´e, and Paul Zimmermann, Proceedings of Crypto 2020, Santa Barbara, CA, August 2020.

Liquid Information Flow Control, Nadia Polikarpova, Deian Stefan, Jean Yang, Shachar Itzhaky, Travis Hance, and Armando Solar-Lezama, Proceedings of International Conference on Functional Programming, August 2020. (Distinguished paper).

TPM-FAIL: TPM meets Timing and Lattice Attacks, Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger, Proceedings of the USENIX Security Symposium, August 2020.

CopyCat: Controlled Instruction-Level Attacks on Enclaves, Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar, Proceedings of the USENIX Security Symposium, August 2020.

Sys: a Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code, Fraser Brown, Deian Stefan, and Dawson Engler, Proceedings of the USENIX Security Symposium, August 2020.

Retrofitting Fine Grain Isolation in the Firefox Renderer, Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan, Proceedings of the USENIX Security Symposium, August 2020. (Distinguished paper and first place at CSAW 2020.).

Exploring Connections Between Active Learning and Model Extraction, Varun Chandrasekaran, Kamalika Chaudhuri, Irene Giacomelli, Somesh Jha, and Songbai Yan, Proceedings of the USENIX Security Symposium, August 2020.

[All Publications]
Affiliations
Center for Networked Systems (CNS)         Cooperative Association for Internet Data Analysis (CAIDA)       San Diego Super Computer Center (SDSC)        California Institute for Telecommunications and Information Technology (Cal-IT2) CalIT(2)
Sponsors