Brad Reaves

Works (19)

Updated: October 26th, 2024 05:00

2024 article

Pairing Security Advisories with Vulnerable Functions Using Open-Source LLMs

DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT, DIMVA 2024, Vol. 14828, pp. 350–369.

By: T. Dunlap*, J. Meyers, B. Reaves* & W. Enck*

author keywords: Vulnerable Function; Security Advisory; Security Database; Large Language Model
Sources: Web Of Science, NC State University Libraries
Added: October 21, 2024

2024 article

VFCFinder: Pairing Security Advisories and Patches

PROCEEDINGS OF THE 19TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, ACM ASIACCS 2024, pp. 780–794.

By: T. Dunlap n, E. Lin n, W. Enck n & B. Reaves n

author keywords: Vulnerability Fixing Commit; Security Patches; Vulnerability Data
Sources: Web Of Science, ORCID, NC State University Libraries
Added: July 1, 2024

2023 article

Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis

2023 IEEE 8TH EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY, EUROS&P, pp. 489–505.

By: T. Dunlap n, S. Thorn n, W. Enck n & B. Reaves n

Event: IEEE Computer Society

TL;DR: Differential Alert Analysis is introduced to discover vulnerability fixes in software projects and provides a powerful, accurate primitive for software projects, code analysis tools, vulnerability databases, and researchers to characterize and enhance the security of software supply chains. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: September 11, 2023

2023 article

SecretBench: A Dataset of Software Secrets

2023 IEEE/ACM 20TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, pp. 347–351.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

TL;DR: The goal of this paper is to aid researchers and tool developers in evaluating and improving secret detection tools by curating a benchmark dataset of secrets through a systematic collection of secrets from open-source repositories. (via Semantic Scholar)
UN Sustainable Development Goal Categories
Source: Web Of Science
Added: September 5, 2023

2023 article

Towards Simultaneous Attacks on Multiple Cellular Networks

2023 IEEE SECURITY AND PRIVACY WORKSHOPS, SPW, pp. 394–405.

By: A. Ross n & B. Reaves n

author keywords: Cellular Networks; Cellular Network Attacks
TL;DR: A preliminary analysis of the feasibility of using a single software defined radio to surveil multiple networks simultaneously is presented, demonstrating that radio tuning time is quite low, radio clocks are sufficiently stable to skip synchronization when retuning, and that even when monitoring multiple cells a radio can quite accurately count the devices served by all cells under observation. (via Semantic Scholar)
UN Sustainable Development Goal Categories
Source: Web Of Science
Added: August 28, 2023

2023 article

What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?

2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, pp. 1635–1647.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

TL;DR: The findings indicate that the same solution has been mentioned to mitigate multiple challenges, and an increasing trend in questions lacking accepted solutions substantiating the need for future research and tool automation on managing secrets. (via Semantic Scholar)
UN Sustainable Development Goal Categories
Source: Web Of Science
Added: September 5, 2023

2022 article

What are the Practices for Secret Management in Software Artifacts?

2022 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2022), pp. 69–76.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

author keywords: secret management; practices; empirical study; grey literature; secure development
TL;DR: The goal of this paper is to aid practitioners in avoiding the exposure of secrets by identifying secret management practices in software artifacts through a systematic derivation of practices disseminated in Internet artifacts. (via Semantic Scholar)
UN Sustainable Development Goal Categories
Source: Web Of Science
Added: February 20, 2023

2021 article

Characterizing the Security of Endogenous and Exogenous Desktop Application Network Flows

PASSIVE AND ACTIVE MEASUREMENT, PAM 2021, Vol. 12671, pp. 531–546.

By: M. McNiece n, R. Li* & B. Reaves n

Source: Web Of Science
Added: May 10, 2022

2019 article

Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things

PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 140–150.

By: T. OConnor n, W. Enck n & B. Reaves n

Event: ACM

TL;DR: This paper seeks to better understand smart home device security by studying the vendor design decisions surrounding IoT telemetry messaging protocols, specifically, the behaviors taken when an IoT device loses connectivity, and finds that 22 of 24 studied devices suffer from critical design flaws. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 19, 2019

2019 article

HOMESNITCH: Behavior Transparency and Control for Smart Home IoT Devices

PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 128–139.

By: T. OConnor n, R. Mohamed*, M. Miettinen*, W. Enck n, B. Reaves n & A. Sadeghi*

Event: ACM

TL;DR: HomeSnitch is presented, a building block for enhancing smart home transparency and control by classifying IoT device communication by semantic behavior (e.g., heartbeat, firmware check, motion detection) and the utility of network-level services to classify behaviors of and enforce control on smart home devices. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 19, 2019

2019 article

Hestia: Simple Least Privilege Network Policies for Smart Homes

PROCEEDINGS OF THE 2019 CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS (WISEC '19), pp. 215–220.

By: S. Goutam n, W. Enck n & B. Reaves n

Event: ACM

author keywords: IoT & network security; smart home; least privilege policy
TL;DR: Hestia drastically improves smart home security without complex, unwieldy policies or lengthy learning of device behaviors, and perhaps more importantly, smart home owners need only specify which devices are controllers. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 19, 2019

2019 article

Thou Shalt Discuss Security: Quantifying the Impacts of Instructions to RFC Authors

PROCEEDINGS OF THE 5TH ACM WORKSHOP ON SECURITY STANDARDISATION RESEARCH WORKSHOP (SSR '19), pp. 57–68.

By: J. Whitaker n, S. Prasad n, B. Reaves n & W. Enck n

author keywords: Requests for Comments; Internet Standards; Network Security; Text Analysis
Sources: Web Of Science, NC State University Libraries, ORCID
Added: September 14, 2020

2018 article

A Large Scale Investigation of Obfuscation Use in Google Play

34TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2018), pp. 222–235.

By: D. Wermke*, N. Huaman*, Y. Acar*, B. Reaves n, P. Traynor* & S. Fahl*

author keywords: Obfuscation; Android; User Study
TL;DR: This first comprehensive analysis of the use of and challenges to software obfuscation in Android applications finds that only 24.92% of apps are obfuscated by the developer, with broad implications both for improving the security of Android apps and for all tools that aim to help developers write more secure software. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: January 28, 2019

2018 journal article

Characterizing the Security of the SMS Ecosystem with Public Gateways

ACM TRANSACTIONS ON PRIVACY AND SECURITY, 22(1).

By: B. Reaves n, L. Vargas*, N. Scaife*, D. Tian*, L. Blue*, P. Traynor*, K. Butler*

author keywords: Multifactor authentication; SMS; SMS abuse; SMS spam
Source: Web Of Science
Added: February 18, 2019

2017 conference paper

Authenticall: Efficient identity and content authentication for phone calls

Proceedings of the 26th Usenix Security Symposium (USENIX Security '17), 575–592.

By: B. Reaves, L. Blue, H. Abdullah, L. Vargas, P. Traynor & T. Shrimpton

Source: NC State University Libraries
Added: August 6, 2018

2017 article

FinTechSec: Addressing the Security Challenges of Digital Financial Services

IEEE SECURITY & PRIVACY, Vol. 15, pp. 85–89.

By: P. Traynor*, K. Butler*, J. Bowers* & B. Reaves n

TL;DR: The challenges facing these truly transformative technologies and how this community can help are looked into. (via Semantic Scholar)
UN Sustainable Development Goal Categories
10. Reduced Inequalities (OpenAlex)
Source: Web Of Science
Added: August 6, 2018

2012 journal article

An open virtual testbed for industrial control system security research

International Journal of Information Security, 11(4), 215–229.

By: B. Reaves* & T. Morris*

author keywords: Virtual testbed; Industrial control system; SCADA; Cybersecurity
TL;DR: A virtual testbed framework using Python to create discrete testbed components including virtual devices and process simulators is described, designed such that the testbeds are inter-operable with real industrial control system devices and such that they can provide comparableindustrial control system network behavior to a laboratory testbed. (via Semantic Scholar)
Source: Crossref
Added: June 6, 2020

2012 journal article

Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems

International Journal of Critical Infrastructure Protection, 5(3-4), 154–174.

By: B. Reaves* & T. Morris*

author keywords: Industrial control systems; Wireless communications; Vulnerabilities; Mitigation
TL;DR: Vulnerabilities and mitigations related to multiple industrial radio technologies deployed in control systems including IEEE 802.15.4, WirelessHART, ZigBee, Bluetooth, and IEEE802.11.4 are focused on. (via Semantic Scholar)
Source: Crossref
Added: June 6, 2020

2011 journal article

A control system testbed to validate critical infrastructure protection concepts

International Journal of Critical Infrastructure Protection, 4(2), 88–103.

By: T. Morris*, A. Srivastava*, B. Reaves*, W. Gao*, K. Pavurapu* & R. Reddi*

author keywords: Testbed; Industrial control system; SCADA; Smart grid; Cybersecurity
TL;DR: The testbed enables a research process in which cybersecurity vulnerabilities are discovered, exploits are used to understand the implications of the vulnerability on controlled physical processes, identified problems are classified by criticality and similarities in type and effect, and finally cybersecurity mitigations are developed and validated against within the testbed. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Crossref
Added: June 6, 2020

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.