Vaibhav Rastogi

Office: Computer Sciences 7387 1210 W. Dayton St., Madison, WI 53705
Email: vrastogi@wisc.edu
Web: http://pages.cs.wisc.edu/~vrastogi
Google Scholar: https://scholar.google.com/citations?user=ODCUXBgAAAAJ
DBLP: http://dblp.uni-trier.de/pers/hd/r/Rastogi:Vaibhav

Research Interests

Security and Privacy, Computer Systems, Mobile Systems, Web

Appointments

Education

Publications

Peer-reviewed Conferences and Journals

  • V. Rastogi, D. Davidson, L. De Carli, S. Jha, and P. McDaniel, “Cimplifier: Automatically Debloating Containers,” in Proceedings of the 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), 2017. To Appear.
  • S. Alam, Z. Qu, R. Riley, Y. Chen, and V. Rastogi, “DroidNative: Automating and optimizing detection of Android native code malware variants,” Computers & Security, vol. 65, pp. 230–246, 2017.
  • Z. Qu, G. Guo, Z. Shao, V. Rastogi, Y. Chen, H. Chen, and W. Hong, “AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management,” in Proceedings of the 12th International Conference on Security and Privacy in Communication Networks (SecureComm), 2016.
  • V. Rastogi, R. Shao, Y. Chen, X. Pan, S. Zou, and R. Riley, “Are These Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces,” in Proceedings of the Network and Distributed System Security Symposium (NDSS), 2016.
  • V. Rastogi, Z. Qu, J. McClurg, Y. Cao, and Y. Chen, “Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android,” in Proceedings of the 11th International Conference on Security and Privacy in Communication Networks (SecureComm), 2015.
  • V. Rastogi and A. Agrawal, “All your Google and Facebook logins are belong to us: A case for single sign-off,” in Proceedings of the Eighth International Conference on Contemporary Computing (IC3), 2015, pp. 416–421.
  • B. He, V. Rastogi, Y. Cao, Y. Chen, V. N. Venkatakrishnan, R. Yang, and Z. Zhang, “Vetting SSL Usage in Applications with SSLint,” in Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland), 2015.
  • Z. Qu, V. Rastogi, X. Zhang, Y. Chen, T. Zhu, and Z. Chen, “AutoCog: Measuring the Description-to-permission Fidelity in Android Applications,” in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), 2014.
  • Y. Cao, C. Yang, V. Rastogi, Y. Chen, and G. Gu, “Abusing Browser Address Bar for Fun and Profit - An Empirical Investigation of Add-on Cross Site Scripting Attacks,” in Proceedings of the 10th International Conference on Security and Privacy in Communication Networks (SecureComm), 2014.
  • V. Rastogi, Y. Chen, and X. Jiang, “Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 1, pp. 99–108, 2014.
  • V. Rastogi, Y. Chen, and X. Jiang, “DroidChameleon: Evaluating Android Anti-malware Against Transformation Attacks,” in Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security (ASIACCS), 2013, pp. 329–334.
  • V. Rastogi, Y. Chen, and W. Enck, “AppsPlayground: Automatic Security Analysis of Smartphone Applications,” in Proceedings of the Third ACM Conference on Data and Application Security and Privacy (CODASPY), 2013, pp. 209–220.
  • Y. Cao, V. Rastogi, Z. Li, Y. Chen, and A. Moshchuk, “Redefining Web Browser Principals with a Configurable Origin Policy,” in Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on, 2013, pp. 1–12.
  • Y. Cao, Z. Li, V. Rastogi, Y. Chen, and X. Wen, “Virtual browser: A Virtualized Browser to Sandbox Third-party JavaScripts with Enhanced Security,” in Proceedings of the 7th ACM SIGSAC symposium on Information, computer and communications security (ASIACCS), 2012, pp. 8–9.
  • Z. Li, Y. Tang, Y. Cao, V. Rastogi, Y. Chen, B. Liu, and C. Sbisa, “WebShield: Enabling Various Web Defense Techniques without Client Side Modifications,” in Proceedings of the Network and Distributed System Security Symposium (NDSS), 2011.
  • V. Rastogi, V. J. Ribeiro, and A. D. Nayar, “Measurements in OLPC Mesh Networks,” in Proceedings of the 7th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt), 2009, pp. 1–6.

Non-peer-reviewed and Posters

  • V. Rastogi, “Towards a Trustworthy Android Ecosystem,” PhD thesis, Northwestern University, 2015.
  • V. Rastogi, Y. Chen, and X. Jiang, “Evaluating Android Anti-malware Against Transformation Attacks,” Department of Electrical Engineering and Computer Science, Northwestern University, NU-EECS-13-01, 2013.
  • Y. Cao, Z. Li, V. Rastogi, and Y. Chen, “Virtual Browser: A Web-level Sandbox to Secure Third-party JavaScript without Sacrificing Functionality,” in Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), 2010, pp. 654–656. Poster abstract.

Artifacts

All artifacts here are freely available research purposes.

  • AppsPlayground: A tool for automatically interacting with and driving Android applications. Please see our CODASPY 2013 paper for details. The version available here was rewritten from scratch for our NDSS 2016 paper. It incorporates largely the same techniques described in the former paper and is able to work with new versions of Android.
  • DroidChameleon: A tool that incorporates a bunch of transformations on Android applications. The tool was used in our DroidChameleon papers (ASIACCS 2013 and TIFS 2014) to prepare malware variants that evade commercial anti-malware tools. DroidChameleon has also been used by a number of academic and industry researchers to test the effectiveness of their own malware detection schemes.
  • Ad library list: A list of Android ad libraries discovered as part of the work for our NDSS 2016 paper.

Patents

  • Yan Chen, Vaibhav Rastogi, Zhengyang Qu, and Jedidiah McClurg, "System and Method for Privacy Leakage Detection and Prevention Without Operating System Modification.", filed on February 7, 2014. U.S. Patent Application No. 61/936,934.
  • Yan Chen, Zhengyang Qu, and Vaibhav Rastogi, "System and Method for Determining Description-to-permission Fidelity in Mobile Applications", filed on May 15, 2014. U.S. Patent Application No. 61/993,398.

Press

Talks

  • "Vetting SSL Usage in Applications with SSLint", invited talk at SRI International, April 2015, Menlo Park, CA.
  • "Are These Ads Safe: Detecting Hidden Attacks Through Mobile App-web Interfaces", the 2016 Network and Distributed Systems Security System (NDSS), February 2016, San Diego, CA.
  • "Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android", the 11th International Conference on Security and Privacy in Communication Networks (SecureComm), October 2015, Dallas, TX.
  • "Towards Trustworthy Operating System Ecosystems", invited talk at Georgia Institute of Technology, April 2015, Atlanta, GA.
  • "AppsPlayground: Automatic Security Analysis of Smartphone Applications", the Third ACM Conference on Data and Application Security and Privacy (CODASPY), February 2013, San Antonio, TX.

Honors and Rewards

  • Confeerence Travel Grant, IEEE Symposium on Security and Privacy (Oakland), 2015.
  • Confeerence Travel Grant, ACM Conference on Computer and Communications Security (CCS), 2014.
  • Royal E. Cabell Terminal Year Fellowship, 2014-2015, Northwestern University.
  • Murphy Fellowship, Winter 2010, Northwestern university.
  • Recognized for top GPA in the department for 5 semesters, Indian Institute of Technlogy Delhi.

Teaching

Teaching assistant at Northwestern University for:

Teaching assistant at Indian Institute of Technology Delhi for:

  • CSL 101, Introduction to Computers and Programming, Fall 2008. Instructor: Sandeep Sen.
  • CSL 102, Introduction to Computer Science, Spring 2009. Instructor: Saroj Kaushik.

Professional Service