bojinov.org

USA Bulgaria Freebies Empty World

Resume  Publications

[2013]

Our work on sensor fingerprinting got picked up by SF Chronicle (and also in print, on Friday, October 11th, 2013), ArsTechnica, Discovery News, and other news outlets.

In other news, at Anfacto we continue a proud tradition of customizing the Android OS. Don't miss the explainer video about FleetOS!

[2012]

We have been working hard on research involving the use of implicit learning of motor tasks for authentication purposes. This work was extensively featured in the media in the summer of 2012.

USENIX Security 2012 paper on designing security primitives resistant to user coercion (a.k.a. "rubber hose cryptanalysis").
Articles about this work on Schneier on Security, The Register (you know you've made it when you get called a boffin), NBC News

[2011]

I have been increasingly interested in user behaviors at the intersection of security, wireless computing, and the web. In particular, Android has been an excellent, open platform for experimentation.

Android Open 2011 slides about 3LM's end-to-end Enterprise Android solution
USENIX 2011 paper about an Android web server designed with security in mind; a continuation of our earlier embedded web interface security project
WISEC 2011 paper about Address Space Layout Randomization (ASLR) for mobile devices which requires no kernel changes in the system; in addition, we discuss Crash Stack Analysis: a novel technique for centrally identifying ASLR brute-forcing attacks
HOTMOBILE 2011 paper and slides about MagKey and MicKey: experimental hardware authentication tokens using a smartphone's compass and microphone as receivers; the main advantages of the design are low cost (less than $1 per token) and low power consumption, as well as broad applicability to existing smartphones

[2010]

CSET 2010 paper about Webseclab, a web security education tool I helped create
ESORICS 2010 paper about designing loss-resistant password managers; the high-order bit: it is hard to make security work around irrational human beings; the original publication will appear in the conference proceedings, at www.springerlink.com

[2009]

Web servers are getting embedded in electronic appliances of all kinds: from home routers, to picture frames and IP phones. Usually the goal is to provide a familiar management interface for the devices; security is typically an afterthought. In recent work we have evaluated the security of web interfaces exposed by a broad range of consumer and enterprise hardware.

CCS 2009 paper and slides about XCS vulnerabilities and SiteFirewall, a Firefox extension that prevents XCS attacks from running to completion (this work was also featured in "Communications of the ACM", August 2010, Vol.53, No.8)
BlackHat USA 2009 briefing on Embedded Management Interfaces
Article about our embedded web interface work, on The Register

[2007]

Shipping the NetApp Lifetime Key Management appliance was my responsibility: LKM 3.0 press release. My highly capable team made it all happen though.

[2005]

Network Appliance completed the acquisition of Decru in August. I was proud to have been one of the original engineers for the DataFort E-series.

[2001]

Back in the early post-Internet-bubble days, at Oracle we were a small team in between Apps and the DB, figuring out how to best deliver enterprise apps to mobile terminals. (NOTE: In 2013, it is amazing to find out that a piece of code I conceived, designed, and implemented more than a decade ago, the MWA Dispatcher is still alive and well.)

[1999]

ICMAS 2000 paper: "Multi-agent Control of Emergent Behaviors"
ICRA 2000 paper: "Emergent Structures in Modular Self-reconfigurable Robots"

©1992-2012 Hristo Bojinov. Contact: hristo-at-bojinov-dot-org. This address is subject to change.


We will not be liable for any damages anyone suffers because of using this information. While we believe all we write is correct, there may be errors. The contents of this site are provided without any expressed or implied warranty of fitness for any purpose. Use your judgement, and use at your own risk.