The PurSec Lab at Purdue University is a group of researchers focusing on System Security Research.
We are actively looking for interns, PhD students, and Postdocs working in the area of System Security. Please contact us if you are interested.


Older posts…

Research Projects

Policy-Guided finding logic bugs and fixing them for Robotic Vehicles

We are studying how to automatically find logic bugs and fix them in robotic vehicles.

Read more »

Directed Compilation for Assured Patching

We are working on automatically patching and verifying compiled binary software.

Read more »

Side-channel Attack on Stylus Pencils Through Sensors

We study potential privacy leaks from stylus pencils with embedded magnets.

Read more »

Vetting PLC code to Find Physical Safety Violations

We are studying Programmable Logic Controller (PLC) code with considering the physical characteristics of the hybrid industrial control systems. Our goal is to establish a novel generic PLC-code vetting method that automatically uncover physical safety violations. Finding such physical safety violations is crucial since an attacker can effectively exploit them to impose a serious physical hazard that harm people.

Read more »

Automatic Profile-Aware Debloating of Bluetooth Stacks

We study how to debloat Bluetooth stack.

Read more »

Bluetooth Low Energy Advertising Spoofing Detection

Many IoT devices are equipped with Bluetooth Low Energy (BLE) to support communication in an energy-efficient manner. Unfortunately, BLE is prone to spoofing attacks where an attacker can impersonate a benign BLE device and feed malicious data to its users. Defending against spoofing attacks is extremely difficult as security patches to mitigate them may not be adopted across vendors promptly; not to mention the millions of legacy BLE devices with limited I/O capabilities that do not support firmware updates.

Read more »

Usage of Text Messages for Authentication in Mobile Devices

We are studying how mobile applications currently use mobile messages to implement passwordless authentication schemes and the security implications of this choice.

Read more »

Bluetooth Low Energy Spoofing Attacks

We analyze the security of the BLE link-layer, focusing on the scenario in which two previously-connecteddevices reconnect. Based on a formal analysis of the reconnec-tion procedure defined by the BLE specification, we highlighttwo critical security weaknesses in the specification.

Read more »

Using Trusted Execution Environments for Authentication in Mobile Devices

We study how mobile applications authenticate their users to remote backend servers. In particular, we focus on passwordless authentication schemes, using Trusted Execution Environments, biometric sensors, and mobile messages.

Read more »