Conference Publications

  1. Deshotels, L., Deaconescu, R., Chiroiu, M., Davi, L., Enck, W., & Sadeghi, A.-R. (2016). SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Vienna, Austria.
  2. Deshotels, L., Deaconescu, R., Carabas, C., Manda, I., Enck, W., Chiroiu, M., … Sadeghi, A.-R. (2018). iOracle: Automated Evaluation of Access Control Policies in iOS. In Proceedings of the 2018 ACM on Asia Conference on Computer and Communications Security (AsiaCCS). Incheon, Korea.
  3. Deshotels, L., Carabas, C., Beichler, J., Deaconescu, R., & Enck, W. (2020). Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS. In Proceedings of the 41st IEEE Symposium on Security and Privacy. San Francisco, California, USA.

Journal Publications

  1. Shu, R., Wang, P., Gorski III, S. A., Andow, B., Nadkarni, A., Deshotels, L., … Gu, X. (2016). A Study of Security Isolation Techniques. ACM Computing Surveys (CSUR).

Book Chapters

  1. Deshotels, L. (2012). Application and Evaluation of Artificial Intelligence Algorithms for StarCraft. In A. Kumar, J. Etheredge, & A. Boudreaux (Eds.), Algorithmic and Architectural Gaming Design: Implementation and Development (pp. 107–133). Hershey, PA, USA: IGI Global.

Workshop Publications

  1. Deshotels, L. (2014). Inaudible Sound as a Covert Channel in Mobile Devices. In 8th USENIX Workshop on Offensive Technologies (WOOT 14). San Diego, CA, USA.
  2. Deshotels, L., Notani, V., & Lakhotia, A. (2014). Droidlegacy: Automated Familial Classification of Android Malware. In Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014. San Diego, CA, USA.

Tech Reports

  1. Deaconescu, R., Deshotels, L., Bucicoiu, M., Enck, W., Davi, L., & Sadeghi, A.-R. (2016). SandBlaster: Reversing the Apple Sandbox (Technical Report arXiv:1608.04303).

CVEs

  1. CVE-2015-7001. A malicious application may maintain access to contacts after having access revoked. (2015). Available from MITRE, CVE-ID CVE-2015-7001. Retrieved from http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
  2. CVE-2016-4719. An application may be able to read sensitive location information. (2016). Available from MITRE, CVE-ID CVE-2016-4719. Retrieved from http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4719
  3. CVE-2016-4620. A malicious application may be able to determine whom a user is texting. (2016). Available from MITRE, CVE-ID CVE-2016-4620. Retrieved from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4620
  4. CVE-2016-4686. An application may be able to maintain access to the Address Book after access is revoked in Settings. (2016). Available from Apple, CVE-ID CVE-2016-4686. Retrieved from https://support.apple.com/en-us/HT207271
  5. CVE-2016-4664. An application may be able to retrieve metadata of photo directories. (2016). Available from Apple, CVE-ID CVE-2016-4664. Retrieved from https://support.apple.com/en-us/HT207271
  6. CVE-2016-4665. An application may be able to retrieve metadata of audio recording directories. (2016). Available from Apple, CVE-ID CVE-2016-4665. Retrieved from https://support.apple.com/en-us/HT207271
  7. CVE-2018-4446. A malicious application may be able to learn information about the presence of other applications on the device. (2018). Available from Apple, CVE-ID CVE-2018-4446. Retrieved from https://support.apple.com/en-us/HT209340
  8. CVE-2019-8502. A malicious application may be able to initiate a Dictation request without user authorization. (2019). Available from Apple, CVE-ID CVE-2019-8502. Retrieved from https://support.apple.com/en-us/HT209599
  9. CVE-2019-8698. A malicious application may be able to restrict access to websites. (2019). Available from Apple, CVE-ID CVE-2019-8698. Retrieved from https://support.apple.com/en-us/HT210346