Robert J. Walls: Home

Robert J. Walls

Associate Professor, Computer Science
Program Director, Cybersecurity

147 Fuller Labs
Worcester, MA 01609
rjwalls@wpi.edu

The Cake Lab
Google Scholar
Github

About Me

I am an associate professor in the Department of Computer Science at Worcester Polytechnic Institute and the Director of WPI’s Cybersecurity Program. My work focuses on systems security and performance, with an emphasis on the places where software, hardware, and real-world constraints meet.

At WPI, my students and I are part of The Cake Lab. We study how to make computing systems more secure, reliable, and predictable, including embedded systems, firmware, GPUs, and shared computing infrastructure.

Before joining WPI, I was a postdoctoral scholar at Penn State working with Prof. Patrick McDaniel and earned my Ph.D. from the University of Massachusetts Amherst, where I was advised by Prof. Brian Levine.

News

05/01/2026: Congratulations to Vivek Jagadeesh, Charlie Engler, and Nick Golparvar for receiving WPI’s Provost’s MQP Award for their Major Qualifying Project. It was a pleasure to advise their work.
05/01/2026: Congratulations to Daniel Reynolds for receiving the CS Ambassador Award.
04/08/2026: Congratulations to Dr. Tongwei Ren for successfully defending his Ph.D. dissertation, “Securing Embedded System through Firmware Analysis and Transformations.” It was a privilege to advise his doctoral work.
12/04/2025: WPI launched a new Bachelor of Science in Cybersecurity, an interdisciplinary program that brings together computer science, electrical and computer engineering, and hands-on security research.
11/18/2025: Congratulations to Dr. Guin Gilman for successfully defending her Ph.D. dissertation, “Resource Scheduling for Concurrent Mixed-Priority Workloads on General Purpose GPUs.” It was a privilege to advise her doctoral work.
11/01/2025: Our paper “‘We just did not have that on the embedded system’: Insights and Challenges for Securing Microcontroller Systems from the Embedded CTF Competitions” was published at ACM CCS 2025.
08/13/2025: Our paper “REVDECODE: Enhancing binary function matching with context-aware graph representations and relevance decoding” was published at USENIX Security 2025.

Current Projects

I’ve had the opportunity to work on a number of interesting research projects during my career. At WPI, my students and I are part of The Cake Lab, where we work on systems security and performance.

Securing Resource-Constrained Systems

Embedded and cyber-physical systems sit inside critical infrastructure, vehicles, medical devices, industrial equipment, consumer electronics, and smart devices. These systems often lack the abstractions and resources that desktop and server defenses assume, such as virtual memory, abundant memory, and flexible timing. My group studies how to provide stronger security guarantees while respecting the constraints that make these platforms useful in the first place.

This work includes defenses for embedded software and real-time systems, such as Kage (USENIX Security 2022), Silhouette (USENIX Security 2020), and Recfish (ECRTS 2019). More recently, our embedded CTF work (ACM CCS 2025) studied what these competitions reveal about the practical challenges of securing microcontroller systems.

Firmware and Binary Analysis

In many real systems, source code is unavailable. Instead, analysts must work from firmware images or compiled binaries. My group develops techniques for recovering useful program structure from binaries, comparing code across firmware versions, and enabling security analysis or transformation when the original source is unavailable.

Recent work includes REVDECODE (USENIX Security 2025), which uses context-aware graph representations and relevance decoding to improve binary function matching.

GPU Systems and Scheduling

GPUs are now shared infrastructure for machine learning, scientific computing, cloud services, and other performance-critical applications. My group studies how concurrent workloads interact on modern GPUs and how better scheduling can improve performance, predictability, and isolation.

Recent work includes ReFINE (SPAA 2025), a reactive and fine-grained scheduling framework for general-purpose GPUs. This builds on earlier work studying GPU concurrency mechanisms under deep learning workloads, including Performance 2020 and Performance 2021.

Past Projects

Below are some of the previous projects I have had the privilege to work on.

Secure Deep Learning

ML models are valuable intellectual property due to the investment and expertise required to gather training data and construct the model. To monetize these models, companies often make them available as a service through APIs. At the same time, model owners often rely on hardware operated by cloud providers or end users.

Our Data-Free Model Extraction work (CVPR 2021) demonstrated the feasibility of extracting models without knowledge of the underlying training dataset. In our trusted execution environment study (IC2E 2021), we identified performance bottlenecks that complicate efforts to run models in trusted execution environments.

Web Security and Privacy

Domain names have become the Internet’s de facto root of trust. In practice, they are also a root of insecurity as common security systems depend on the unfounded assumption that domain ownership remains constant; this leaves users vulnerable to exploitation when domain ownership changes. In our Domain-Z work (IEEE Symposium on Security and Privacy 2016), we found that many seemingly disparate security problems share a root cause in residual domain trust abuse.

In our ad blocking study (IMC 2015), we studied the most popular ad blocking software and examined the gap between how ad blockers are marketed and how they behave in practice.

Digital Forensics

Mobile phones can contain evidence that is invaluable for criminal investigations, but forensic tools have often needed to be hand-tailored to specific phone models. When no tool supports a target phone, investigators may be forced to examine raw storage manually.

The DEC0DE project grew out of our mobile phone forensics work (USENIX Security 2011). It is an inference engine that extracts meaningful information from raw byte streams. Liftr (SPSM 2014) incorporates investigator feedback and relevance graphs to improve the results of inference engines like DEC0DE.

Science of Security

One of the most ambitious projects I have been involved with was the 10-year Cyber-Security Collaborative Research Alliance with the Army Research Laboratory, Penn State, Carnegie Mellon, UC Riverside, UC Davis, and Indiana University. The project’s mandate was to develop a new science of security.

As part of this effort, I worked on foundations for representing operational and environmental knowledge, including work on ontologies (STIDS 2014), with the goal of reasoning about both current and future system states to make better security decisions.

Selected Publications

Below is a partial list of my recent publications.

2025	'We just did not have that on the embedded system': Insights and Challenges for Securing Microcontroller Systems from the Embedded CTF Competitions. Zheyuan Ma, Gaoxiang Liu, Alex Eastman, Kai Kaufman, Md Armanuzzaman, Xi Tan, Katherine Jesse, Robert J Walls, and Ziming Zhao. Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security.
2025	ReFINE: A reactive and fine-grained scheduling framework for concurrency on general purpose GPUs. Guin Gilman and Robert J Walls. Proceedings of the 37th ACM Symposium on Parallelism in Algorithms and Architectures.
2025	REVDECODE: Enhancing binary function matching with context-aware graph representations and relevance decoding. Tong Ren, Ronghan Che, Guin Gilman, Lorenzo De Carli, and Robert J Walls. 34th USENIX Security Symposium, USENIX Security '25, Seattle, WA, USA, August 13-15, 2025.
2022	Holistic Control-Flow Protection on Real-Time Embedded Systems with Kage. Yufei Du, Zhuojia Shen, Komail Dharsee, Jie Zhou, Robert J. Walls, and John Criswell. 31st USENIX Security Symposium (USENIX Security 22).
2021	Characterizing Concurrency Mechanisms for NVIDIA GPUs under Deep Learning Workloads. Guin R. Gilman and Robert J. Walls. 39th International Symposium on Computer Performance, Modeling, Measurements and Evaluation (Performance'21).
2021	Memory-Efficient Deep Learning Inference in Trusted Execution Environments. Jean-Baptiste Truong, William Gallagher, Tian Guo, and Robert J. Walls. 9th IEEE International Conference on Cloud Engineering (IC2E).
2021	Data-Free Model Extraction. Jean-Baptiste Truong, Pratyush Maini, Robert J. Walls, and Nicolas Papernot. IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2021).
2020	Silhouette: Efficient Protected Shadow Stacks for Embedded Systems. Jie Zhou, Yufei Du, Lele Ma, Zhuojia Shen, John Criswell, and Robert J. Walls. Proc. USENIX Security Symposium.
2020	DRAB-LOCUS: An Area-Efficient AES Architecture for Hardware Accelerator Co-Location on FPGAs. Jake Grycel and Robert J. Walls. {IEEE International Symposium on Circuits and Systems}.
2020	Demystifying the Placement Policies of the NVIDIA GPU Thread Block Scheduler for Concurrent Kernels. Guin R. Gilman and Robert J. Walls. 38th International Symposium on Computer Performance, Modeling, Measurements and Evaluation (Performance'20).
2019	Control-Flow Integrity for Real-Time Embedded Systems. Robert J. Walls, Nicolas Brown, Thomas LeBaron, Bryan Ward, Craig A. Shue, and Hamed Okhravi. Euromirco Conference on Real-Time Systems (ECRTS).
2016	Domain-Z: 28 Registrations Later. Chaz Lever, Robert J. Walls, Yacin Nadji, David Dagon, Patrick McDaniel, and Manos Antonakakis. IEEE Symposium on Security and Privacy.
2015	Measuring the Impact and Perception of Acceptable Advertisements. Robert J. Walls, Eric D. Kilmer, Nathaniel Lageman, and Patrick D. McDaniel. Proceedings of the ACM 2015 Internet Measurement Conference (IMC).
2013	Measurement and Analysis of Child Pornography Trafficking on P2P Networks. Ryan Hurley, Swagatika Prusty, Hamed Soroush, Robert J. Walls, Jeannie Albrecht, Emmanuel Cecchet, Brian Neil Levine, Marc Liberatore, Brian Lynn, and Janis Wolak. Proc. Intl. World Wide Web Conference (WWW).
2011	Effective Digital Forensics Research is Investigator-Centric. Robert J. Walls, Brian Neil Levine, Marc Liberatore, and Clay Shields. Proc. USENIX Workshop on Hot Topics in Security (HotSec).
2011	Forensic Triage for Mobile Phones with DEC0DE. Robert J. Walls, Erik Learned-Miller, and Brian Neil Levine. Proc. USENIX Security Symposium.