Summary

I am an Assistant Proffesor of Computer Science at the United States Naval Academy I received my Ph.D. from the University of Pennsylvania where I was advised by Professors Jonathan M. Smith and Matt Blaze. I have broad research interests, primarily in the area of computer and network security/privacy and smartphone security.

News:

• I have three accepted posters at the 2013 USENIX Security Symposium:
  • Security and Usability Perceptions of Android Password Patterns with Dane Fichter.
  • Entropic Return Oriented Exploit Detection with Caleb Smith.
  • Parameterized Trace Scaling with John Sonchack and Jonathan M. Smith.
• My paper, Bridging the Data Gap: Data Related Challenges in Evaluating Large Scale Collaborative Security Systems, was accepted for publication in CSET'13 (with John Sonchack and Jonathan M. Smith).
• I accepted a new position as an Assistant Proffessor of Computer Science at the United States Naval Academy in Annapolis, MD; to start August 2013.

Teaching Schedule Fall 2013

• CS:43 Computer Networks (Fall 2012, Swarthmore College)
• CS:35 Data Structures and Algorithms (Spring 2013, Swarthmore College)
• CS:71 Software Egineering: Mobile Development (Spring 2013, Swarthmore College)

Research

My research focuses on computer and network security. Recently, I am very interested in the effects of smartphones/tablets on security and privacy, but have published articles on varied security topics, including side-channels, electronic voting, applied cryptography, botnet/intrusion detection, security testing/methodology, and privacy in ad-hoc mobile and geographic routing.

My Ph.D. research covered side channels on smartphones that are enabled by smartphones' handheld and touch oriented user interfaces. A side channel is the unintended leakage of information via a side-effect of a security or input procedure. For example, if I were to just learn the timing of the key presses on a keyboard, I could use that information to determine what you typed. (This is a real side channel!). In my thesis, I investigated the effectiveness of two smartphone-oriented side channels: A smudge attack that leverages residual smudges on the touchscreen surface remaining after user input, and a sensor-based side channel that leverages on-board sensors, particularly the accelerometer sensor, to infer user input based on the subtle shifting of the device that occurs while input is being provided.

Currently, I am expanding and continuing this line of investigation by applying these, and new, side channels to other touch/hand-held devices, such as tablets, as well as developing physical and software based counter measures to the attacks discovered. I am looking for self-motivated and smart midshipmen to collaborated on a number of research projects in the domain of security and privacy. Feel free to contact me if you are interested or if you have any questions.

Selected Publications

• Bridging the Data Gap: Bridging the Data Gap: Data Related Challenges in Evaluating Large Scale Collaborative Security Systems. John Sonshak, Adam J. Aviv and Jonathan Smith. To Apeear in the 6th Workshop on Cyber Security Evaluation and Testing (CSET'13). August 12. 2013.
• Practicality of Accelerometer Side-Channel on Smartphones. Adam J. Aviv, Ben Sapp, Matt Blaze, and Jonathan M. Smith. In the proceedings of the 28th Annual Computer Security Applications Conference (ACSAC'12). December, 2012. (pdf)
• Privacy-Aware Message Exchanges for Geographically Routed Human Movement Networks. Adam J. Aviv, Micah Sherr, Matt Blaze, and Jonathan Smith. Computer Security --- ESORICS 2012. Pgs. 181-198. September, 2012. (LNCS) (pdf)
• Experiences in teaching an educational user-level operating systems implementation project. Adam J. Aviv, Vin Mannino, Thanat Owlarn, Seth Shannin, Kevin Xu, and Boon Thau Loo. SIGOPS Oper. Syst. Rev. 46, 2 (July 2012), 80-86. (acm-dl) ( TR: MS-CIS-12-02 )
• Challenges in Experimenting with Botnet Detection Systems. Adam J. Aviv and Andreas Haeberlen. In the proceedings 4th Workshop on Cyber Security Evaluation and Testing (CSET'11). August 8, 2011. (acm-dl) (pdf)
• Spam Mitigation using Spatio-Temporal Reputation from Blacklist History. Andrew West, Adam J. Aviv, Jian Chang, and Insup Lee. In the proceedings of the 26th Annual Computer Security Application Conference (ACSAC'10). December 6-10, 2010. (pdf)
• Evading Cellular Data Monitoring with Human Movement Networks. Adam J. Aviv, Micah Sherr, Matt Blaze, and Jonathan M. Smith. In proceeding of the 5th Usenix Workshop on Hot Topics in Security (HotSec'10). August 11, 2010. (pdf) (errata)
• Smudge Attacks on Smartphone Touch Screens . Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, Jonathan M. Smith. In the proceedings of the 4th Usenix Workshop on Offensive Technogies (WOOT'10). August 10, 2010. (pdf)
• Differential Privacy for Collaborative Security. Jason Reed, Adam J. Aviv, Daniel Wagner, Andreas Haeberlen, Benjamin Pierce, and Jonathan M. Smith. In the proceeding of the 3rd European Workshop on Security (EUROSEC'10). Paris, France. April, 2010. (acm-dl) (pdf)
• QuanTM: A Quantified Trust Management System. Andrew G. West, Adam J. Aviv, Jian Chang, Vinayak S. Prabhu, Matt Blaze, Sampath Kannan, Insup Lee, Jonathan M. Smith, and Oleg Sokolsky. Proceedings of the 2nd European Workshop on System Security (EuroSec'09). pg. 28-35. 31 March 2009. Nuremburg, Germany. (acm-dl) (pdf)
• Security Evaluation of ES&S Voting Machines and Election Management System. Adam Aviv, Pavol Cerny, Sandy Clark, Eric Cronin, Gaurav Shah, Micah Sherr, and Matt Blaze. In proceedings of Usenix EVT '08: Electronic Voting Technology Workshop, July 28-29, 2008. (acm-dl) (usenix) (pdf)
• SSARES : Secure Searchable Automated Remote Email Storage. Adam J. Aviv , Michael E. Locasto, Shaya Potter, and Angelos D. Keromytis. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07), pp. 129 - 138. December 2007, Miami Beach, FL. (acm-dl) (pdf)