Kevin Butler is the director of the Florida Institute for Cybersecurity Research. Kevin's research focuses on the security of computing devices, systems and networks. His group has recently worked on securing embedded systems and protocols, mobile device security and privacy, establishing the trustworthiness of data and maintaining its provenance, protection of Internet traffic and the SSL infrastructure and attacks and defenses against the cloud infrastructure. Some of Kevin's other research areas of interest include securing Internet routing, malware propagation, applied cryptosystems, adversarial machine learning, cyber-physical systems and trustworthy computing.
Areas of Expertise (6)
Embedded Systems Security
Side eye: characterizing the limits of POV acoustic eavesdropping from smartphone cameras with rolling shutters and movable lensesIEEE Computer Society
Yan Long, et. al
Our research discovers how the rolling shutter and movable lens structures widely found in smartphone cameras modulate structure-borne sounds onto camera images, creating a point-of-view (POV) optical-acoustic side channel for acoustic eavesdropping. The movement of smartphone camera hardware leaks acoustic information because images unwittingly modulate ambient sound as imperceptible distortions.
HallMonitor: A framework for identifying network policy violations in softwareIEEE
Daniel Olszewski, et. al
Debloating helps to remove unused and potentially vulnerable code from software. While such techniques are becoming more mature and practical, they focus on the features that are unwanted by users, and not on a wealth of functionality that is disallowed by administrative policy. For instance, while an administrator may use a firewall to block certain types of traffic, hosts readily interact with such traffic when the firewall is bypassed (e.g., via an encrypted tunnel).
Blue's clues: practical discovery of non-discoverable bluetooth devicesIEEE Computer Society
Tyler Tucker, et. al
Bluetooth is overwhelmingly the protocol of choice for personal area networking, and the Bluetooth Classic standard has been in continuous use for over 20 years. Bluetooth devices make themselves discoverable to communicate, but best practice to protect privacy is to ensure that devices remain in non-discoverable mode. This paper demonstrates the futility of protecting devices by making them non-discoverable.