Robert J. Walls

147 Fuller Labs
Worcester, MA 01609

Google Scholar


Students!: I am currently looking for motivated and qualified students. If you are a WPI student, please send me an email or stop by. If you are outside of WPI, I invite you to apply and then contact me.

About Me

I am an assistant professor in the Department of Computer Science at Worcester Polytechnic Institute. My research focuses on security and digital forensics. In the Fall of 2016, I brought in security researchers from around to the area to participate in New England Security Day.

Previously, I was a postdoctoral scholar in Department of Electrical Engineering and Computer Science at The Pennsylvania State University working with Prof. Patrick McDaniel. Before that, I attended the School of Computer Science at the University of Massachusetts advised by Prof. Brian Levine. My research at UMass focused on providing law enforcement with novel techniques for investigating crimes. You can find my thoughts on the difference between forensics and security here.


I’ve had the opportunity to work on a number of interesting research projects during my career. Here is a summary of some of my efforts.

Web Security and Privacy

Online advertising is one of those little annoyances that we all have to deal with. “Not so!” Said the plethora of ad blocking extensions promising to improve your browser experience. Not only do they block ads, they also claim to help preserve your privacy and protect you against the growing trend of malicious advertisements. In our IMC 2015 work my co-authors and I take a closer look at the most popular ad blocking software. We find that ad blockers are not quite what they appear to be.

If you are in the market for a practical privacy solution, take a look at our browser extension Milk. Milk implements the concept of functional privacy: give the users as much privacy as possible without breaking desired functionality. The extension does this by putting cookies in separate silos and restricting which sites have access to those cookies. Read more about functional privacy here.

Digital Forensics

Mobile phones contain evidence that is invaluable for criminal investigations. However, commercially-available forensic tools must be hand-tailored to each phone model. If no tools support the target phone, then extracting the phone’s information requires investigators to examine the stored data byte by byte. To address this problem, I’ve developed general algorithms and techniques for recovering information from phones even if the exact storage format is unknown or the data has been logically deleted.

DECODE is an inference engine that extracts meaningful information from raw byte streams. Read more about it here.

Liftr incorporates investigator feedback and relevance graphs to improve the results of inference engines like DEC0DE. Paper here.

Yapr parses the Yaffs File System commonly found on (older) Android phones. Yapr even has limited ability to reconstruct past versions of a file by leverage expired pages of flash memory.

Filtr implements the concept of block hash filtering using bloom filters. In short, Filtr will remove an repeated blocks of data in a raw byte stream. For flash-based devices, such as phones, Filtr often removes 50-90% of the raw data, saving precious time by limited the amount of data that needs to be examines. Read more about block hash filtering here.

Science of Security

Perhaps the most ambitious projects I’ve been involved in is the 10-year Cyber-Security Collaborative Research Alliance (CSec CRA) with the Army Research Laboratory, Penn State, Carnegie Mellon, UC Riverside, UC Davis, and Indiana University. The project’s mandate is to develop a new science of security. As part of this effort, I’ve worked on the foundation for representing operational and environmental knowledge—see my work on ontologies here—with the goal of reasoning about both current and future states to make optimal security decisions.

Improving the Process

Like all computer scientists, I am constantly on the lookout for tools or methods that will help me be more efficient in my work. Here are a few repositories that you may find helpful.

Latex Paper Template. Tired of wasting half an hour setting up your paper directory every time you start a new project? Try my paper template instead.

Slidify Tutorial. I am a big fan of presentations, R, and Markdown—Slidify beautifully combines all three. Check out my simple Slidify tutorial here.

Taskr. This simple command line utility helps manage how you spend your time.


BinDNN: Resilient Function Matching Using Deep Learning.
Nathaniel Lageman, Eric Kilmer, Robert J. Walls, and Patrick McDaniel.
2016 International Conference on Security and Privacy in Communication Networks (SECURECOMM).
Domain-Z: 28 Registrations Later.
Chaz Lever, Robert J. Walls, Yacin Nadji, David Dagon, Patrick McDaniel, and Manos Antonakakis.
IEEE Symposium on Security and Privacy.
Mapping Sample Scenarios to Operational Models.
Z. Berkay Celik, Nan Hu, Yun Li, Nicolas Papernot, Patrick McDaniel, Jeff Rowe, Robert Walls, Karl Levitt, Novella Bartolini, Thomas La Porta, and Ritu Chadha.
Internatonal Conference for Military Communications (MILCOM).
Discovering Specification Violations in Networked Software Systems.
Robert J. Walls, Yuriy Brun, Marc Liberatore, and Brian Neil Levine.
Proceedings of the 26th IEEE International Symposium on Software Reliability Engineering (ISSRE).
Measuring the Impact and Perception of Acceptable Advertisements.
Robert J. Walls, Eric D. Kilmer, Nathaniel Lageman, and Patrick D. McDaniel.
Proceedings of the ACM 2015 Internet Measurement Conference (IMC).
Estimating Attack Intent and Mission Impact from Detection Signals.
Patrick McDaniel and Robert J. Walls.
Workshop on Cyber Attack Detection, Forensics and Attribution for Assessment of Mission Impact.
Enforcing Agile Access Control Policies in Relational Databases using Views.
Nicolas Papernot, Patrick McDaniel, and Robert J. Walls.
Internatonal Conference for Military Communications (MILCOM).
Malware Traffic Detection using Tamper Resistant Features.
Berkay Celik, Robert J. Walls, Patrick McDaniel, and Ananthram Swami.
Internatonal Conference for Military Communications (MILCOM).
Computational Ontology of Network Operations.
Alessandro Oltramari, Lorrie Cranor, Robert J. Walls, and Patrick McDaniel.
Internatonal Conference for Military Communications (MILCOM).
Building an Ontology of Cyber Security.
Alessandro Oltramari, Lorrie Cranor, Robert J. Walls, and Patrick McDaniel.
Proc. Intl. Conference on Semantic Technologies for Intelligence, Defense, and Security (STIDS).
Efficient Smart Phone Forensics Based on Relevance Feedback.
Saksham Varma, Robert J. Walls, Brian Lynn, and Brian Neil Levine.
Proc. ACM Workshop on Security and Privacy in Smartphones and Mobile Devices.
Inference-based Forensics for Extracting Information from Diverse Sources.
Robert J. Walls.
Ph.D. thesis, University of Massachusetts Amherst.
Security and Science of Agility.
Patrick McDaniel, Trent Jaeger, Thomas F. La Porta, Nicolas Papernot, Robert J. Walls, Alexander Kott, Lisa Marvel, Ananthram Swami, Prasant Mohapatra, Srikanth V. Krishnamurthy, and Iulian Neamtiu.
First ACM Workshop on Moving Target Defense (MTD 2014).
Measurement and Analysis of Child Pornography Trafficking on P2P Networks.
Ryan Hurley, Swagatika Prusty, Hamed Soroush, Robert J. Walls, Jeannie Albrecht, Emmanuel Cecchet, Brian Neil Levine, Marc Liberatore, Brian Lynn, and Janis Wolak.
Proc. Intl. World Wide Web Conference (WWW).
Functional Privacy or Why Cookies are Better with Milk.
Robert J. Walls, Shane S. Clark, and Brian Neil Levine.
Proc. USENIX Workshop on Hot Topics in Security.
Effective Digital Forensics Research is Investigator-Centric.
Robert J. Walls, Brian Neil Levine, Marc Liberatore, and Clay Shields.
Proc. USENIX Workshop on Hot Topics in Security (HotSec).
Forensic Triage for Mobile Phones with DEC0DE.
Robert J. Walls, Erik Learned-Miller, and Brian Neil Levine.
Proc. USENIX Security Symposium.
Liquid: A detection-resistant covert timing channel based on IPD shaping.
Robert J. Walls, Kush Kothari, and Matthew Wright.
Computer Networks 55(6).
Reverse Engineering for Mobile Systems Forensics with Ares.
John Tuttle, Robert J. Walls, Erik Learned-Miller, and Brian Neil Levine.
Proc. ACM Workshop on Insider Threats.
Liquid: A detection-resistant covert timing channel based on IPD shaping.
Robert Walls.
Master's thesis, The University of Texas at Arlington.