Conference Publications

  1. Deshotels, L., Deaconescu, R., Chiroiu, M., Davi, L., Enck, W., & Sadeghi, A.-R. (2016). SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Vienna, Austria.

Journal Publications

  1. Shu, R., Wang, P., Gorski III, S. A., Andow, B., Nadkarni, A., Deshotels, L., … Gu, X. (2016). A Study of Security Isolation Techniques. ACM Computing Surveys (CSUR).

Book Chapters

  1. Deshotels, L. (2012). Application and Evaluation of Artificial Intelligence Algorithms for StarCraft. In A. Kumar, J. Etheredge, & A. Boudreaux (Eds.), Algorithmic and Architectural Gaming Design: Implementation and Development (pp. 107–133). Hershey, PA, USA: IGI Global.

Workshop Publications

  1. Deshotels, L. (2014). Inaudible Sound as a Covert Channel in Mobile Devices. In 8th USENIX Workshop on Offensive Technologies (WOOT 14). San Diego, CA, USA.
  2. Deshotels, L., Notani, V., & Lakhotia, A. (2014). Droidlegacy: Automated Familial Classification of Android Malware. In Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014. San Diego, CA, USA.

Tech Reports

  1. Deaconescu, R., Deshotels, L., Bucicoiu, M., Enck, W., Davi, L., & Sadeghi, A.-R. (2016). SandBlaster: Reversing the Apple Sandbox (Technical Report arXiv:1608.04303).


  1. CVE-2015-7001. (2015). A malicious application may maintain access to Contacts after having access revoked, Available from MITRE, CVE-ID CVE-2015-7001. Retrieved from
  2. CVE-2016-4719. (2016). An application may be able to read sensitive location information, Available from MITRE, CVE-ID CVE-2016-4719. Retrieved from
  3. CVE-2016-4620. (2016). A malicious application may be able to determine whom a user is texting, Available from MITRE, CVE-ID CVE-2016-4620. Retrieved from
  4. CVE-2016-4686. (2016). An application may be able to maintain access to the Address Book after access is revoked in Settings, Available from Apple, CVE-ID CVE-2016-4686. Retrieved from
  5. CVE-2016-4664. (2016). An application may be able to retrieve metadata of photo directories, Available from Apple, CVE-ID CVE-2016-4664. Retrieved from
  6. CVE-2016-4665. (2016). An application may be able to retrieve metadata of audio recording directories, Available from Apple, CVE-ID CVE-2016-4665. Retrieved from