Posted in 2024

A Signal Injection Attack Against Zero Involvement Pairing and Authentication for the Internet of Things

Zero Involvement Pairing and Authentication (ZIPA) is a technique for automatically provisioning large networks of Internet-of-Things (IoT) devices with no user involvement. Prior ZIPA work generally assumes that the environment used for pairing is sufficiently isolated from external, adversarial signals. In our DESTION 2024 paper (see Citation below), we present the first signal-injection attack capable of influencing ZIPA-based key generation, demonstrating that these assumptions can fail in realistic settings.

Read more ...


A Jazz Piano Playlist for Inspiration and Practice

Blog Post Music

Read more ...


AI in Hiring: Fairness or Just Automated Bias?

Artificial intelligence has become increasingly embedded in modern hiring systems. From résumé screening to candidate scoring, automated tools promise efficiency, objectivity, and scale. Yet these promises often obscure important risks: when AI models inherit biased historical data, they can reinforce or even amplify inequities in hiring.

Read more ...


What Do We Know About Hugging Face? A Systematic Literature Review (ESEM 2024)

This paper was led by Jason Jones and Wenxin Jiang (Purdue University, working with James C. Davis). I am one of the key leaders of this research project and contributed to the analysis and synthesis. The work appeared at ESEM 2024 (ACM/IEEE International Symposium on Empirical Software Engineering and Measurement).

Read more ...


LLMs for Energy-Efficient Code: Emerging Results and Future Directions (2024)

This paper was led by Huiyun Peng and Akhil Gupte (Purdue University), working with James C. Davis and Yung-Hsiang Lu. I am one of the key leaders of this research project. The work is available as an arXiv preprint (arXiv:2410.09241).

Read more ...


When ONNX Converters Fail: Interoperability Risks in Deep Learning (ISSTA 2024)

This paper was led by Purvish Jajal and Wenxin Jiang (Purdue University, working with James C. Davis and Yung-Hsiang Lu). I am one of the key leaders of this research project. The work appeared at ISSTA 2024 (ACM International Symposium on Software Testing and Analysis).

Read more ...


PeaTMOSS: Mining Pre-Trained Models in Open-Source Software (MSR 2024)

This paper was led by Wenxin Jiang (Purdue University, working with James C. Davis). I am one of the key leaders of this research project and contributed to its design and analysis. The work appeared at MSR 2024 (International Conference on Mining Software Repositories).

Read more ...


SingleAdv: Targeted Adversarial Attacks on Interpretable Deep Learning (IEEE TIFS 2024)

This paper was led by Elmurod Abdukhamidov and Mohammed Abuhamad (Hanyang University, Korea), with Hyoungshick Kim and Tamer Abuhmed as co-leads. I am one of the key leaders of this research project, contributing to the threat modeling and evaluation design. The work appeared in IEEE Transactions on Information Forensics and Security.

Read more ...


Deep Learning Model Reengineering: Challenges and Practices (EMSE 2024)

This paper was led by Wenxin Jiang (Purdue University, working with James C. Davis), with contributions from Vishnu Banna, Nikhil Vivek, Aditya Goel, and Nicholas Synovic. I am one of the key leaders of this research project. The work appeared in the Empirical Software Engineering journal.

Read more ...