Publications
S. Prasad, T. Dunlap, A. Ross, and B. Reaves. Diving into Robocall Content with SNORCall. In Proceedings of the USENIX Security Symposium, August 2023.
Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams. What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts? In Proceedings of the IEEE/ACM International Conference on Software Engineering, May 2023.
Setu Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams. What are the practices for secret management in software artifacts? In Proceedings of the IEEE Secure Development Conference, Atlanta, GA, October 2022.
Igibek Koishybayev, Aleksandr Nahapetyan, Raima Zachariah, Siddharth Muralee, Bradley Reaves, Alexandros Kapravelos, and Aravind Machiry. Characterizing the security of GitHub CI workflows. In Proceedings of the USENIX Security Symposium, Boston, MA, August 2022. (Acceptance Rate: 14%). [ http ]
Trevor Dunlap, William Enck, and Bradley Reaves. A study of application sandbox policies in Linux. In Proceedings of the ACM on Symposium on Access Control Models and Technologies, pages 19-–30, New York, NY, USA, June 2022. (Acceptance Rate: 31%). [ DOI | http ]
Iffat Anjum, Daniel Kostecki, Ethan Leba, Jessica Sokal, Rajit Bharambe, William Enck, Cristina Nita-Rotaru, and Bradley Reaves. Removing the reliance on perimeters for security using network views. In Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies, pages 151-–162, New York, NY, 2022. (Acceptance Rate: 31%). [ DOI | http ]
Lorenzo Neil, Elijah Bouma-Sims, Evan Lafontaine, Yasemin Acar, and Bradley Reaves. Investigating web service account remediation advice. In Proceedings of the USENIX Symposium on Usable Privacy and Security, August 2021. (Acceptance Rate: 26%). [ http ]
Abida Haque, Varun Madathil, Bradley Reaves, and Alessandra Scafuro. Anonymous device authorization for cellular networks. In ACM Conference on Security and Privacy in Wireless and Mobile Networks, pages 25-36, Abu Dhabi, United Arab Emirates, July 2021. (Acceptance Rate: 28%). [ DOI | http ]
Matthew McNiece, Ruidan Li, and Bradley Reaves. Characterizing the security of endogenous and exogenous desktop application network flows. In Proceedings of the Passive and Active Measurement Conference, March 2021. (Acceptance Rate: 44%).
Elijah Bouma-Sims and Bradley Reaves. A first look at scams on YouTube. In Proceedings of the Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), 2021. (Acceptance Rate: 25.6%).
Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. Actions speak louder than words: Entity-sensitive privacy policy and dataflow analysis with PoliCheck. In Proceedings of the USENIX Security Symposium, August 2020. (Acceptance Rate: 16%).
Samin Yaseer Mahmud, Akhil Acharya, Benjamin Andow, William Enck, and Bradley Reaves. Cardpliance: PCI DSS compliance of Android applications. In Proceedings of the USENIX Security Symposium, August 2020. (Acceptance Rate: 16%).
Sathvik Prasad, Elijah Bouma-Sims, Athishay Kiran Mylappan, and Bradley Reaves. Who's calling? Characterizing robocalls through audio and metadata analysis. In Proceedings of the USENIX Security Symposium, August 2020. (Acceptance Rate: 16%).
Justin Whitaker, Sathvik Prasad, Bradley Reaves, and William Enck. Thou shalt discuss security: Quantifying the impacts of instructions to RFC authors. In Proceedings of the Security Standardisation Research Conference, November 2019. (Acceptance Rate: 35%).
Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. PolicyLint: Investigating internal privacy policy contradictions on Google Play. In Proceedings of the USENIX Security Symposium, August 2019. (Acceptance Rate: 16.2%).
Sanket Goutam, William Enck, and Bradley Reaves. Hestia: Simple least privilege network policies for smart homes. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, May 2019. Short Paper. (Acceptance Rate: 25.6%).
TJ O'Connor, William Enck, and Bradley Reaves. Blinded and confused: Uncovering systemic flaws in device telemetry for smart-home internet of things. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks, May 2019. (Acceptance Rate: 25.6%).
TJ O'Connor, Reham Mohamed, Markus Miettinen, William Enck, Bradley Reaves, and Ahmad-Reza Sadeghi. HomeSnitch: Behavior transparency and control for smart home IoT devices. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks, May 2019. (Acceptance Rate: 25.6%).
Michael Meli, Matthew McNiece, and Bradley Reaves. How bad can it git? Characterizing secret leakage in public GitHub repositories. In Proceedings of the Networked and Distributed Systems Security Symposium (NDSS), February 2019. (Acceptance Rate: 17.1%).
Reaves, Bradley, Luis Vargas, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin R. B. Butler. Characterizing the security of the SMS ecosystem with public gateways. ACM Transactions on Privacy and Security, 22(1):2:1-2:31, December 2018. [ DOI | http ]
Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl. A large scale investigation of obfuscation use in Google Play. In Proceedings of the Annual Computer Security Applications Conference, December 2018. (Acceptance Rate: 20.1%).
Christian Peeters, Hadi Abdullah, Nolen Scaife, Jasmine Bowers, Patrick Traynor, Bradley Reaves, and Kevin Butler. Sonar: Detecting SS7 redirection attacks via call audio-based distance bounding. In Proceedings of the IEEE Symposium on Security and Privacy, May 2018. (Acceptance Rate: 10.4%).
Jasmine Bowers, Bradley Reaves, Imani N. Sherman, Patrick Traynor, and Kevin Butler. Regulators, mount up? Analysis of privacy policies for mobile money applications. In Proceedings of the USENIX Symposium on Usable Privacy and Security, August 2017. (Acceptance Rate: 26.5%).
Bradley Reaves, Logan Blue, Hadi Abdullah, Luis Vargas, Patrick Traynor, and Tom Shrimpton. AuthentiCall: Efficient identity and content authentication for phone calls. In Proceedings of the USENIX Security Symposium, August 2017. (Acceptance Rate: 16.3%).
Adam Bates, Wajih Ul Hassan, Kevin Butler, Alin Dobra, Bradley Reaves, Patrick Cable, Thomas Moyer, and Nabil Schear. Transparent web service auditing via network provenance functions. In Proceedings of the International World Wide Web Conference, April 2017. (Acceptance Rate: 17%).
Stephan Heuser, Bradley Reaves, Praveen Kumar Pendyala, Henry Carter, Alexandra Dmitrienko, William Enck, Negar Kiyavash, Ahmad-Reza Sadeghi, and Patrick Traynor. Phonion: Practical protection of metadata in telephony networks. Proceedings on Privacy Enhancing Technologies, 2017(1), January 2017.
Bradley Reaves, Jasmine Bowers, Nolen Scaife, Adam Bates, Arnav Bhartiya, Patrick Traynor, and Kevin R.B. Butler. Mo(bile) money, mo(bile) problems: Analysis of branchless banking applications in the developing world. In ACM Transactions on Privacy and Security, 2017.
Bradley Reaves, Jasmine Bowers, Sigmond A. Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, William Enck, and Patrick Traynor. *droid: Assessment and evaluation of Android application analysis tools. ACM Computing Surveys, 49(3), October 2016.
Bradley Reaves, Logan Blue, and Patrick Traynor. Authloop: Practical end-to-end cryptographic authentication for telephony over voice channels. In Proceedings of the USENIX Security Symposium, Austin, TX, August 2016. (Acceptance Rate: 15.5%).
Bradley Reaves, Logan Blue, Dave Tian, Patrick Traynor, and Kevin R. B. Butler. Detecting SMS spam in the age of legitimate bulk messaging. In Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, July 2016. Short Paper. (Acceptance Rate: 28.0%) .
Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin Butler. Sending out an SMS: Characterizing the security of the SMS ecosystem with public gateways. In Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2016. (Acceptance Rate: 13.0%).
Bradley Reaves, Nolen Scaife, Adam Bates, Patrick Traynor, and Kevin R.B. Butler. Mo(bile) money, mo(bile) problems: Analysis of branchless banking applications in the developing world. In Proceedings of the USENIX Security Symposium, August 2015. (Acceptance Rate: 15.7%).
Bradley Reaves, Ethan Shernan, Adam Bates, Henry Carter, and Patrick Traynor. Boxed out: Blocking cellular interconnect bypass fraud at the network edge. In Proceedings of the USENIX Security Symposium, August 2015. (Acceptance Rate: 15.7%).
David Dewey, Bradley Reaves, and Patrick Traynor. Uncovering use-after-free conditions in compiled code. In Proceedings of the International Conference on Availability, Reliability, and Security, 2015. (Acceptance Rate: 22.0%).
Saurabh Chakradeo, Bradley Reaves, Patrick Traynor, and William Enck. MAST: Triage for market-scale mobile malware analysis. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks, April 2013. (Acceptance Rate: 15.0%).
Charles Lever, Manos Antonakakis, Brad Reaves, Patrick Traynor, and Wenke Lee. The core of the matter: Analyzing malicious traffic in cellular carriers. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, February 2013. (Acceptance Rate: 18.8%).
Bradley Reaves and Thomas Morris. An open virtual testbed for industrial control system security research. International Journal of Information Security, 11(4):215-229, 2012. [ DOI ]
Bradley Reaves and Thomas Morris. Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems. International Journal of Critical Infrastructure Protection, 2012. [ DOI | http ]
Thomas Morris, Anurag Srivastava, Bradley Reaves, Wei Gao, Kalyan Pavurapu, and Ram Reddi. A control system testbed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection, August 2011. [ http ]
Wei Gao, Thomas Morris, Bradley Reaves, and Drew Richey. On SCADA control system command and response injection and intrusion detection. In IEEE eCrime Researchers Summit, Dallas, TX, October 2010. [ http ]
Thomas Morris, Anurag Srivastava, Bradley Reaves, Kalyan Pavurapu, Sharif Abdelwahed, Rayford Vaughn, Wesley McGrew, and Yoginder Dandass. Engineering future cyber-physical energy systems: Challenges, research needs, and roadmap. In 2009 IEEE North American Power Symposium, Starkville, MS, October 2009.
Bradley Reaves and Thomas Morris. Discovery, infiltration, and denial of service in a process control system wireless network. In 2009 eCrime Researchers Summit, Tacoma, WA, USA, October 2009. [ DOI | http ]