Robert J. Walls

147 Fuller Labs
Worcester, MA 01609
rjwalls@wpi.edu

The Cake Lab
Google Scholar
Github



News

Students!: I am currently looking for motivated and qualified students. If you are a WPI student, please send me an email or stop by. If you are outside of WPI, I invite you to apply and then contact me. Use keyword fignewtons for a more rapid response.

About Me

I am the Director of the Cybersecurity Program and an associate professor in the Department of Computer Science at Worcester Polytechnic Institute and a proud member of The Cake Lab group. My current interests focus on systems security and performance and my projects often lie at the intersection of software and hardware.

Previously, I was a postdoctoral scholar in Department of Electrical Engineering and Computer Science at The Pennsylvania State University working with Prof. Patrick McDaniel. Before that, I attended the School of Computer Science at the University of Massachusetts advised by Prof. Brian Levine.

News

Current Projects

I’ve had the opportunity to work on a number of interesting research projects during my career. Checkout The Cake Lab’s website for the most up to date information about my work.

Embedded Systems Security

Embedded systems form the core of critical infrastructure, perform auxiliary processing on mobile phones, and permeate homes as smart devices. Yet, embedded software security lags behind traditional desktop security. While myriad defenses exist for general-purpose systems (e.g., desktops and servers), embedded systems present several unique challenges for software security such as greater hardware diversity, limited resources (e.g. memory and power), and lack of support for common abstractions like virtual memory. Our work in this area includes defenses for protecting embedded software and RTOS kernels from memory errors, such as Kage (USENIX’22), Silhouette (USENIX’20), and Recfish (ECRTS’19).

Secure Deep Learning

ML models are valuable intellectual property due to the investment and expertise required to gather training data and construct the model. To monetize these models, companies often make them available as a service via APIs over the web. Further, the model owners often rely on others’ hardware, such as cloud providers or end-users, for model execution. Our CVPR’21 work demonstrates the feasibility of data-free model extraction attacks, i.e., a type of attack that does not require knowledge of the underlying training dataset. In our IC2E’21 study, we identify performance bottlenecks that stymie current attempts to run models in trusted execution environments.

GPU Performance

The RIPCORD project proposes a new infrastructure for improving the performance of deep learning model serving. In our Performance’20 and Performance’21 studies, we considered the performance of current GPU concurrency mechanisms. We examined scheduling at the microarchitectural level and found that the lack of fine-grained preemption mechanisms, robust task prioritization options, and contention-aware thread block placement policies limits the effectiveness of existing mechanisms.

Past Projects

Below are some of the previous projects I have had the privilege to work on.

Web Security and Privacy

Domain names have become the Internet’s de facto root of trust. In practice, they are also a root of insecurity as common security systems depend on the unfounded assumption that domain ownership remains constant; this leaves users vulnerable to exploitation when domain ownership changes. In our [Oakland 2016][oakland16] we find that many seemingly disparate security problems share a root cause in residual domain trust abuse.

Online advertising is one of those little annoyances that we all have to deal with. “Not so!” Said the plethora of ad blocking extensions promising to improve your browser experience. Not only do they block ads, they also claim to help preserve your privacy and protect you against the growing trend of malicious advertisements. In our IMC 2015 work my co-authors and I take a closer look at the most popular ad blocking software. We find that ad blockers are not quite what they appear to be.

Digital Forensics

Mobile phones contain evidence that is invaluable for criminal investigations. However, commercially-available forensic tools must be hand-tailored to each phone model. If no tools support the target phone, then extracting the phone’s information requires investigators to examine the stored data byte by byte. To address this problem, I’ve developed general algorithms and techniques for recovering information from phones even if the exact storage format is unknown or the data has been logically deleted.

DECODE is an inference engine that extracts meaningful information from raw byte streams. Read more about it here. Liftr incorporates investigator feedback and relevance graphs to improve the results of inference engines like DEC0DE. Paper here.

Science of Security

Perhaps the most ambitious projects I’ve been involved with is the 10-year Cyber-Security Collaborative Research Alliance with the Army Research Laboratory, Penn State, Carnegie Mellon, UC Riverside, UC Davis, and Indiana University. The project’s mandate is to develop a new science of security. As part of this effort, I’ve worked on the foundation for representing operational and environmental knowledge—see my work on ontologies here—with the goal of reasoning about both current and future states to make optimal security decisions.

Selected Publications

Below is a partial list of my recent publications.

2022
Holistic Control-Flow Protection on Real-Time Embedded Systems with Kage.
Yufei Du, Zhuojia Shen, Komail Dharsee, Jie Zhou, Robert J. Walls, and John Criswell.
31st USENIX Security Symposium (USENIX Security 22).
2021
Characterizing Concurrency Mechanisms for NVIDIA GPUs under Deep Learning Workloads.
Guin R. Gilman and Robert J. Walls.
39th International Symposium on Computer Performance, Modeling, Measurements and Evaluation (Performance'21).
2021
Memory-Efficient Deep Learning Inference in Trusted Execution Environments.
Jean-Baptiste Truong, William Gallagher, Tian Guo, and Robert J. Walls.
9th IEEE International Conference on Cloud Engineering (IC2E).
2021
Data-Free Model Extraction.
Jean-Baptiste Truong, Pratyush Maini, Robert J. Walls, and Nicolas Papernot.
IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2021).
2020
Silhouette: Efficient Protected Shadow Stacks for Embedded Systems.
Jie Zhou, Yufei Du, Lele Ma, Zhuojia Shen, John Criswell, and Robert J. Walls.
Proc. USENIX Security Symposium.
2020
DRAB-LOCUS: An Area-Efficient AES Architecture for Hardware Accelerator Co-Location on FPGAs.
Jake Grycel and Robert J. Walls.
{IEEE International Symposium on Circuits and Systems}.
2020
Demystifying the Placement Policies of the NVIDIA GPU Thread Block Scheduler for Concurrent Kernels.
Guin R. Gilman and Robert J. Walls.
38th International Symposium on Computer Performance, Modeling, Measurements and Evaluation (Performance'20).
2019
Control-Flow Integrity for Real-Time Embedded Systems.
Robert J. Walls, Nicolas Brown, Thomas LeBaron, Bryan Ward, Craig A. Shue, and Hamed Okhravi.
Euromirco Conference on Real-Time Systems (ECRTS).
2016
Domain-Z: 28 Registrations Later.
Chaz Lever, Robert J. Walls, Yacin Nadji, David Dagon, Patrick McDaniel, and Manos Antonakakis.
IEEE Symposium on Security and Privacy.
2015
Measuring the Impact and Perception of Acceptable Advertisements.
Robert J. Walls, Eric D. Kilmer, Nathaniel Lageman, and Patrick D. McDaniel.
Proceedings of the ACM 2015 Internet Measurement Conference (IMC).
2013
Measurement and Analysis of Child Pornography Trafficking on P2P Networks.
Ryan Hurley, Swagatika Prusty, Hamed Soroush, Robert J. Walls, Jeannie Albrecht, Emmanuel Cecchet, Brian Neil Levine, Marc Liberatore, Brian Lynn, and Janis Wolak.
Proc. Intl. World Wide Web Conference (WWW).
2011
Effective Digital Forensics Research is Investigator-Centric.
Robert J. Walls, Brian Neil Levine, Marc Liberatore, and Clay Shields.
Proc. USENIX Workshop on Hot Topics in Security (HotSec).
2011
Forensic Triage for Mobile Phones with DEC0DE.
Robert J. Walls, Erik Learned-Miller, and Brian Neil Levine.
Proc. USENIX Security Symposium.