Publications

Peer-reviewed Conferences, Journals, and Workshops

  • V. Rastogi, C. Niddodi, S. Mohan, and S. Jha, “New Directions for Container Debloating,” in Proceedings of the 2017 Workshop on Forming an Ecosystem Around Transformation (FEAST), 2017. [paper]
  • D. Davidson, V. Rastogi, M. Christodorescu, and S. Jha, “Enhancing Android Security through App Splitting,” in Proceedings of the 13th International Conference on Security and Privacy in Communication Networks (SecureComm), 2017. [paper]
  • V. Rastogi, D. Davidson, L. De Carli, S. Jha, and P. McDaniel, “Cimplifier: Automatically Debloating Containers,” in Proceedings of the 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), 2017. [paper]
  • S. Alam, Z. Qu, R. Riley, Y. Chen, and V. Rastogi, “DroidNative: Automating and optimizing detection of Android native code malware variants,” Computers & Security, vol. 65, pp. 230–246, 2017. [paper]
  • Z. Qu, G. Guo, Z. Shao, V. Rastogi, Y. Chen, H. Chen, and W. Hong, “AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management,” in Proceedings of the 12th International Conference on Security and Privacy in Communication Networks (SecureComm), 2016. [paper]
  • V. Rastogi, R. Shao, Y. Chen, X. Pan, S. Zou, and R. Riley, “Are These Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces,” in Proceedings of the Network and Distributed System Security Symposium (NDSS), 2016. [paper] [slides]
  • V. Rastogi, Z. Qu, J. McClurg, Y. Cao, and Y. Chen, “Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android,” in Proceedings of the 11th International Conference on Security and Privacy in Communication Networks (SecureComm), 2015. [paper] [slides]
  • V. Rastogi and A. Agrawal, “All your Google and Facebook logins are belong to us: A case for single sign-off,” in Proceedings of the Eighth International Conference on Contemporary Computing (IC3), 2015, pp. 416–421.
  • B. He, V. Rastogi, Y. Cao, Y. Chen, V. N. Venkatakrishnan, R. Yang, and Z. Zhang, “Vetting SSL Usage in Applications with SSLint,” in Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland), 2015. [paper] [slides]
  • Z. Qu, V. Rastogi, X. Zhang, Y. Chen, T. Zhu, and Z. Chen, “AutoCog: Measuring the Description-to-permission Fidelity in Android Applications,” in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), 2014. [paper] [slides]
  • Y. Cao, C. Yang, V. Rastogi, Y. Chen, and G. Gu, “Abusing Browser Address Bar for Fun and Profit - An Empirical Investigation of Add-on Cross Site Scripting Attacks,” in Proceedings of the 10th International Conference on Security and Privacy in Communication Networks (SecureComm), 2014. [paper]
  • V. Rastogi, Y. Chen, and X. Jiang, “Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 1, pp. 99–108, 2014. [paper]
  • V. Rastogi, Y. Chen, and X. Jiang, “DroidChameleon: Evaluating Android Anti-malware Against Transformation Attacks,” in Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security (ASIACCS), 2013, pp. 329–334. [paper] [slides]
  • V. Rastogi, Y. Chen, and W. Enck, “AppsPlayground: Automatic Security Analysis of Smartphone Applications,” in Proceedings of the Third ACM Conference on Data and Application Security and Privacy (CODASPY), 2013, pp. 209–220. [paper] [slides] [demo]
  • Y. Cao, V. Rastogi, Z. Li, Y. Chen, and A. Moshchuk, “Redefining Web Browser Principals with a Configurable Origin Policy,” in Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on, 2013, pp. 1–12. [paper]
  • Y. Cao, Z. Li, V. Rastogi, Y. Chen, and X. Wen, “Virtual browser: A Virtualized Browser to Sandbox Third-party JavaScripts with Enhanced Security,” in Proceedings of the 7th ACM SIGSAC symposium on Information, computer and communications security (ASIACCS), 2012, pp. 8–9. [paper]
  • Z. Li, Y. Tang, Y. Cao, V. Rastogi, Y. Chen, B. Liu, and C. Sbisa, “WebShield: Enabling Various Web Defense Techniques without Client Side Modifications,” in Proceedings of the Network and Distributed System Security Symposium (NDSS), 2011. [paper]
  • V. Rastogi, V. J. Ribeiro, and A. D. Nayar, “Measurements in OLPC Mesh Networks,” in Proceedings of the 7th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt), 2009, pp. 1–6. [paper]

Non-peer-reviewed and Posters

  • V. Rastogi, “Towards a Trustworthy Android Ecosystem,” PhD thesis, Northwestern University, 2015. [dissertation]
  • V. Rastogi, Y. Chen, and X. Jiang, “Evaluating Android Anti-malware Against Transformation Attacks,” Department of Electrical Engineering and Computer Science, Northwestern University, NU-EECS-13-01, 2013. [report]
  • Y. Cao, Z. Li, V. Rastogi, and Y. Chen, “Virtual Browser: A Web-level Sandbox to Secure Third-party JavaScript without Sacrificing Functionality,” in Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), 2010, pp. 654–656. Poster abstract. [abstract]

Artifacts

All artifacts here are freely available research purposes.

  • AppsPlayground: A tool for automatically interacting with and driving Android applications. Please see our CODASPY 2013 paper for details. The version available here was rewritten from scratch for our NDSS 2016 paper. It incorporates largely the same techniques described in the former paper and is able to work with new versions of Android. [link]

  • DroidChameleon: A tool that incorporates a bunch of transformations on Android applications. The tool was used in our DroidChameleon papers (ASIACCS 2013 and TIFS 2014) to prepare malware variants that evade commercial anti-malware tools. DroidChameleon has also been used by a number of academic and industry researchers to test the effectiveness of their own malware detection schemes.
    The tool is available by request over email. We do not provide a public link for download as it can be used for preparing malware variants.

  • Ad library list: A list of Android ad libraries discovered as part of the work for our NDSS 2016 paper. [link]

Patents

  • Yan Chen, Zhengyang Qu, and Vaibhav Rastogi, "System and Method for Proxy-based Data Access Mechanism in Enterprise Mobility Management", filed on September 14, 2016. U.S. Patent Application No. 15/264,944.
  • Yan Chen, Zhengyang Qu, and Vaibhav Rastogi, "System and Method for Determining Description-to-permission Fidelity in Mobile Applications", filed on May 13, 2015. U.S. Patent Application No. 14/711,157.
  • Yan Chen, Vaibhav Rastogi, Zhengyang Qu, and Jedidiah McClurg, "System and Method for Privacy Leakage Detection and Prevention Without Operating System Modification.", filed on February 5, 2015. U.S. Patent Application No. 14/615,254.

Press

  • Wall Street Journal. Samsung to Install Antivirus Software in Android Phones. [link]
  • ACM Tech News. Android Antiviral Products Easily Evaded, Northwestern Study Says. [link]
  • Zee News. Top 10 Android anti-virus useless before 'certain' attacks: Study. [link]
  • Science Daily. Android antiviral products easily evaded. [link]
  • McCormick Northwestern News. Android Antiviral Products Easily Evaded, Northwestern Study Says. [link]
  • VirusFreePhone. Mobile AV Apps Fail To Detect Disguised Malware. [link]
  • Tech News Daily. Android Anti-Virus Software Easily Fooled. [link]
  • EFY Times. Android Virus Scanners Can Be Tricked: Report. [link]
  • Help Net Security. Top Android AV software fooled by common evasion techniques. [link]
  • ISS Source. Android Virus Scanners Easy to Trick. [link]
  • NBC News. Android Anti-Virus Software Easily Fooled. [link]
  • heise Security. Android-Virenscanner sind leicht auszutricksen. [link]
  • The H. Android virus scanners are easily fooled. [link]
  • Slashdot. Popular Android Anti-Virus Software Fooled By Trivial Techniques. [link]
  • Security Week. Anti-Virus Software for Android Fooled by Common Techniques, Researchers Say. [link]
  • Information Week. Mobile AV Apps Fail To Detect Disguised Malware. [link]
  • Dark Reading. Mobile AV Apps Fail To Detect Disguised Malware. [link]

Professional Service

Technical Program Committee Member for:

Reviewer for:

External Reviewer for: