Last updated: 11/08/2012
Neuroscience Meets Cryptography: USENIX Security 2012 paper on designing security primitives resistant to user coercion (a.k.a. "rubber hose cryptanalysis").
Secure Embedded Web Servers: USENIX Security 2011 paper about an Android web server designed with security in mind; a continuation of our earlier embedded web interface security project
Mobile ASLR: WISEC 2011 paper about Address Space Layout Randomization (ASLR) for mobile devices which requires no kernel changes in the system; in addition, we discuss Crash Stack Analysis: a novel technique for centrally identifying ASLR brute-forcing attacks
Cheap Smartphone Unlock Tokens: HOTMOBILE 2011 paper and slides about MagKey and MicKey: experimental hardware authentication tokens using a smartphone's compass and microphone as receivers; the main advantages of the design are low cost (less than $1 per token) and low power consumption, as well as broad applicability to existing smartphones
Web Security Education: CSET 2010 paper about Webseclab, a web security education tool I helped create
Password Management: ESORICS 2010 paper about designing loss-resistant password managers; the high-order bit: it is hard to make security work around irrational human beings; the original publication will appear in the conference proceedings, at www.springerlink.com
Insecurity of Embedded Web Interfaces: CCS 2009 paper and slides about XCS vulnerabilities and SiteFirewall, a Firefox extension that prevents XCS attacks from running to completion (this work was also featured in "Communications of the ACM", August 2010, Vol.53, No.8) (also see this BlackHat USA 2009 briefing on the same topic)
Modular Reconfigurable Robots: ICMAS 2000 paper on Multi-agent Control of Emergent Behaviors and ICRA 2000 paper on Emergent Structures in Modular Self-reconfigurable Robots
©1992-2015 Hristo Bojinov. Contact: hristo-at-bojinov-dot-org. This address is subject to change.
We will not be liable for any damages anyone suffers because of using this information. While we believe all we write is correct, there may be errors. The contents of this site are provided without any expressed or implied warranty of fitness for any purpose. Use your judgement, and use at your own risk.