Brendan D. Saltaformaggio

Associate Professor @ Georgia Tech


Conference and Workshop Publications


Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse.
R. Zhang, M. Yao, H. Xu, O. Alrawi, J. Park, and B. Saltaformaggio.
In Proc. 2025 Annual Network and Distributed System Security Symposium NDSS, San Diego, CA, 2025.

(Acceptance rate: TBD)

[PDF Coming Soon] [Video: Demo] [Source Code]


AI Psychiatry: Forensic Investigation of Deep Learning Networks in Memory Images.
D. Oygenblik, C. Yagemann, J. Zhang, A. Mastali, J. Park, and B. Saltaformaggio.
In Proc. 33rd USENIX Security Symposium Security, Philadelphia, PA, 2024.

(Acceptance rate: 19.1%)

[PDF] [Video: Conf. Presentation] [Source Code]

Artifact Evaluated Badges: Available, Functional.

Media: [Georgia Institute of Technology]


DVa: Extracting Victims and Abuse Vectors from Android Accessibility Malware.
H. Xu, M. Yao, R. Zhang, M. M. Dawoud, J. Park, and B. Saltaformaggio.
In Proc. 33rd USENIX Security Symposium Security, Philadelphia, PA, 2024.

(Acceptance rate: 19.1%)

[PDF] [Video: Conf. Presentation] [Source Code]

Artifact Evaluated Badges: Available, Functional.

Media: [The Hacker News] [WizCase] [TechRadar] [TechXplore] [NY Breaking] [Science of Security] [Sensi Tech Hub] [MSN] [Hackread] [vosvete IT] [hackerdose] [xatakaen] [i-hls] [Hypepotamus] [GlobalSpec] [CFIC-SQUADRONE] [Georgia Tech Research]


Pulling Off The Mask: Forensic Analysis of the Deceptive Creator Wallets Behind Smart Contract Fraud.
M. Yao, R. Zhang, H. Xu, R. Chou, V. C. Paturi, A. K. Sikder, and B. Saltaformaggio.
In Proc. 45th IEEE Symposium on Security and Privacy S&P, San Francisco, CA, 2024.

(Acceptance rate: 17.8%)

[PDF] [Video: Conf. Presentation] [Source Code]

Led to collaboration and investigations with the US FBI.

Media: [Georgia Institute of Technology]


Hiding in Plain Sight: An Empirical Study of Web Application Abuse in Malware.
M. Yao, J. Fuller, R. Pai Kasturi, S. Agarwal, A. K. Sikder, and B. Saltaformaggio.
In Proc. 32nd USENIX Security Symposium Security, Anaheim, CA, 2023.

(Acceptance rate: 29.2%)

[PDF] [Video: Conf. Presentation] [Source Code]

Artifact Evaluated Badges: Available, Functional.

Invited for a Tutorial at the 2023 IEEE Secure Development Conference (SecDev).

Media: [ACM Tech News] [Tech Xplore] [Tech Times] [Israel Homeland Security] [News8Plus] [IlSoftware] [How2Do] [TIISys] [S2E Research] [Georgia Institute of Technology]


PUMM: Preventing Use-After-Free Using Execution Unit Partitioning.
C. Yagemann, S. P. Chung, B. Saltaformaggio, and W. Lee.
In Proc. 32nd USENIX Security Symposium Security, Anaheim, CA, 2023.

(Acceptance rate: 29.2%)

[PDF] [Video: Conf. Presentation] [Source Code]

Artifact Evaluated Badges: Available, Functional.


Mistrust Plugins You Must: A Large-Scale Study Of Malicious Plugins In WordPress Marketplaces.
R. Pai Kasturi, J. Fuller, Y. Sun, O. Chabklo, A. Rodriguez, J. Park, and B. Saltaformaggio.
In Proc. 31st USENIX Security Symposium Security, Boston, MA, 2022.

(Acceptance rate: 18.1%)

[PDF] [Video: Conf. Presentation] [Video: Demo] [Source Code]

CSAW’22 Applied Research Competition Award Finalist.

Invited for a USENIX ;login: Magazine article. [Link]

Media: [Communications of the ACM, Neil Savage] [The Hacker News] [SiliconANGLE] [Georgia Tech School of Cybersecurity and Privacy News]


Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis.
C. Yagemann, S. P. Chung, B. Saltaformaggio, and W. Lee.
In Proc. 28th ACM Conference on Computer and Communications Security CCS, Seoul, South Korea, 2021.

(Acceptance rate: 22.3%)

[PDF]

Media: [Georgia Tech School of Cybersecurity and Privacy News]


C3PO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration.
J. Fuller, R. Pai Kasturi, A. Sikder, B. Arik, H. Xu, V. Verma, E. Asdar, and B. Saltaformaggio.
In Proc. 28th ACM Conference on Computer and Communications Security CCS, Seoul, South Korea, 2021.

(Acceptance rate: 22.3%)

[PDF] [Video: Conf. Presentation] [Source Code]

Media: [Georgia Tech School of Cybersecurity and Privacy News]


ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems.
C. Yagemann, M. Pruett, S. P. Chung, K. Bittick, B. Saltaformaggio, and W. Lee.
In Proc. 30th USENIX Security Symposium Security, Virtual Conference, 2021.

(Acceptance rate: 18.7%)

[PDF] [Video: Conf. Presentation] [Source Code]

GTRI 2021 Best Paper Finalist.


Forecasting Malware Capabilities From Cyber Attack Memory Images.
O. Alrawi*, M. Ike*, M. Pruett, R. Pai Kasturi, S. Barua, T. Hirani, B. Hill, and B. Saltaformaggio.
In Proc. 30th USENIX Security Symposium Security, Virtual Conference, 2021.

(Acceptance rate: 18.7%)

*Authors contributed equally.

[PDF] [Video: Conf. Presentation] [Source Code]

IISP 2020 Demo Day Finale Research Track Winner.

Media: [Georgia Tech School of ECE News]


Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages.
R. Duan, O. Alrawi, R. Pai Kasturi, R. Elder, B. Saltaformaggio, and W. Lee.
In Proc. 2021 Annual Network and Distributed System Security Symposium NDSS, Virtual Conference, 2021.

(Acceptance rate: 15.2%)

[PDF] [Video: Conf. Presentation] [Source Code]

Led to the confirmation and removal of hundreds of malicious PyPI, Npm, and RubyGems packages.

Media: [Communications of the ACM, Neil Savage]


On the Feasibility of Automating Stock Market Manipulation.
C. Yagemann, S. P. Chung, E. Uzun, S. Ragam, B. Saltaformaggio, and W. Lee.
In Proc. 36th Annual Computer Security Applications Conference ACSAC, Virtual Conference, 2020.

(Acceptance rate: 23%)

[PDF] [Source Code]

Invited to LASER Workshop, in conjunction with ACSAC 2020.

Media: [Thinkst Labs]


TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks.
R. Pai Kasturi, Y. Sun, R. Duan, O. Alrawi, E. Asdar, V. Zhu, Y. Kwon, and B. Saltaformaggio.
In Proc. 41st IEEE Symposium on Security and Privacy S&P, Virtual Conference, 2020.

(Acceptance rate: 12.3%)

[PDF] [Video: Conf. Presentation]

CREATE-X Golden Ticket Award.

Georgia Tech Inaugural $1B+ Startup Hackathon Nominee.


The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends.
O. Alrawi*, C. Zuo*, R. Duan, R. Pai Kasturi, Z. Lin, and B. Saltaformaggio.
In Proc. 28th USENIX Security Symposium Security, Santa Clara, CA, 2019.

(Acceptance rate: 15.7%)

*Authors contributed equally.

[PDF] [Video: Conf. Presentation]

CSAW’19 Applied Research Competition Award Finalist.

Invited for TechTalk presentation by Google’s Android Security Operations Team.

Media: [NSF] [Defense One] [InfoSecurity Magazine] [Diginomica] [Nextgov] [Digital Info World] [Engineering and Technology] [App Dev Trends] [The Quint] [Khaleej Times] [Georgia Tech News Center]


Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries.
R. Duan, A. Bijlani, Y. Ji, O. Alrawi, Y. Xiong, M. Ike, B. Saltaformaggio, and W. Lee.
In Proc. 2019 Annual Network and Distributed System Security Symposium NDSS, San Diego, CA, 2019.

(Acceptance rate: 17%)

[PDF] [Video: Conf. Presentation]


"Tipped Off by Your Memory Allocator": Device-Wide User Activity Sequencing from Android Memory Images.
R. Bhatia, B. Saltaformaggio, S. J. Yang, A. Ali-Gombe, X. Zhang, D. Xu, and G. G. Richard III.
In Proc. 2018 Annual Network and Distributed System Security Symposium NDSS, San Diego, CA, 2018.

(Acceptance rate: 21%)

[PDF] [Video: Conf. Presentation]


RevARM: A Platform-Agnostic ARM Binary Rewriter for Security Applications.
T. Kim, C. H. Kim, H. Choi, Y. Kwon, B. Saltaformaggio, X. Zhang, and D. Xu.
In Proc. 33rd Annual Computer Security Applications Conference ACSAC, Orlando, FL, 2017.

(Acceptance rate: 19.7%)

[PDF]


A2C: Self Destructing Exploit Executions via Input Perturbation.
Y. Kwon, B. Saltaformaggio, I. L. Kim, K. H. Lee, X. Zhang, and D. Xu.
In Proc. 2017 Annual Network and Distributed System Security Symposium NDSS, San Diego, CA, 2017.

(Acceptance rate: 16%)

[PDF] [Video: Conf. Presentation]


HERCULE: Attack Story Reconstruction via Community Discovery on Correlated Log Graph.
K. Pei, Z. Gu, B. Saltaformaggio, S. Ma, F. Wang, Z. Zhang, L. Si, X. Zhang, and D. Xu.
In Proc. 32nd Annual Computer Security Applications Conference ACSAC, Los Angeles, CA, 2016.

(Acceptance rate: 22.8%)

[PDF]


BASS: Improving I/O Performance for Cloud Block Storage via Byte-Addressable Storage Stack.
H. Lu, B. Saltaformaggio, C. Xu, U. Bellur, and D. Xu.
In Proc. 7th ACM Symposium on Cloud Computing SoCC, Santa Clara, CA, 2016.

(Acceptance rate: 25%)

[PDF]


Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images.
B. Saltaformaggio, R. Bhatia, X. Zhang, D. Xu, and G. G. Richard III.
In Proc. 25th USENIX Security Symposium Security, Austin, TX, 2016.

(Acceptance rate: 15.6%)

[PDF] [Video: Conf. Presentation] [Source Code] [Test Case VM]

Invited for TechTalk presentation by Google’s Anti-Abuse Research Team.

Media: [IEEE GlobalSpec Electronics360] [ScienceDaily] [NSF] [CACM - ACM TechNews] [The Register] [Stanford Cyber Initiative] [Techworm] [Homeland Preparedness News] [Phys.org] [The Times of India] [Journal & Courier] [The Indianapolis Star] [Purdue Newsroom]


Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic.
B. Saltaformaggio, H. Choi, K. Johnson, Y. Kwon, Q. Zhang, X. Zhang, D. Xu, and J. Qian.
In Proc. 10th USENIX Workshop on Offensive Technologies WOOT, Austin, TX, 2016.

(Acceptance rate: 47.7%)

[PDF]


StorM: Enabling Tenant-Defined Cloud Storage Middle-Box Services.
H. Lu, A. Srivastava, B. Saltaformaggio, and D. Xu.
In Proc. 46th International Conference on Dependable Systems and Networks DSN, Toulouse, France, 2016.

(Acceptance rate: 22.3%)

[PDF]


LDX: Causality Inference by Lightweight Dual Execution.
Y. Kwon, D. Kim, W. N. Sumner, K. Kim, B. Saltaformaggio, X. Zhang, and D. Xu.
In Proc. 21st ACM International Conference on Architectural Support for Programming Languages and Operating Systems ASPLOS, Atlanta, GA, 2016.

(Acceptance rate: 22%)

[PDF]


GUITAR: Piecing Together Android App GUIs from Memory Images.
B. Saltaformaggio, R. Bhatia, Z. Gu, X. Zhang, and D. Xu.
In Proc. 22nd ACM Conference on Computer and Communications Security CCS, Denver, CO, 2015.

(Acceptance rate: 19.8%)

[PDF]

Best Paper Award. [Link]


VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images.
B. Saltaformaggio, R. Bhatia, Z. Gu, X. Zhang, and D. Xu.
In Proc. 22nd ACM Conference on Computer and Communications Security CCS, Denver, CO, 2015.

(Acceptance rate: 19.8%)

[PDF]


iRiS: Vetting Private API Abuse in iOS Applications.
Z. Deng, B. Saltaformaggio, X. Zhang, and D. Xu.
In Proc. 22nd ACM Conference on Computer and Communications Security CCS, Denver, CO, 2015.

(Acceptance rate: 19.8%)

[PDF] [Source Code]

Led to the removal of hundreds of privacy-violating apps from Apple’s App Store.

Media: [Digital Journal] [Palo Alto Networks] [Computerworld]


vRead: Efficient Data Access for Hadoop in Virtualized Clouds.
C. Xu, B. Saltaformaggio, S. Gamage, R. R. Kompella, and D. Xu.
In Proc. 16th ACM/IFIP/USENIX Middleware Conference, Vancouver, Canada, 2015.

(Acceptance rate: 19.5%)

[PDF]


vFair: Latency-Aware Fair Storage Scheduling via Per-IO Cost-Based Differentiation.
H. Lu, B. Saltaformaggio, R. Kompella, and D. Xu.
In Proc. 6th ACM Symposium on Cloud Computing SoCC, Kohala Coast, Hawaii, 2015.

(Acceptance rate: 21.6%)

[PDF]


DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse.
B. Saltaformaggio, Z. Gu, X. Zhang, and D. Xu.
In Proc. 23rd USENIX Security Symposium Security, San Diego, CA, 2014.

(Acceptance rate: 19.1%)

[PDF] [Video: Conf. Presentation] [Source Code] [Test Case VM]

Best Student Paper Award. [Link]


Face-Change: Application-Driven Dynamic Kernel View Switching in a Virtual Machine.
Z. Gu, B. Saltaformaggio, X. Zhang, and D. Xu.
In Proc. 44th International Conference on Dependable Systems and Networks DSN, Atlanta, GA, 2014.

(Acceptance rate: 30%)

[PDF]


BusMonitor: A Hypervisor-Based Solution for Memory Bus Covert Channels.
B. Saltaformaggio, D. Xu, and X. Zhang.
In Proc. 6th European Workshop on Systems Security EuroSec, Prague, Czech Republic, 2013.

(Acceptance rate: 29.6%)

[PDF] [Covert Channel Code]


Using a Novel Behavioral Stimuli-Response Framework to Defend against Adversarial Cyberspace Participants.
D. Bilar and B. Saltaformaggio.
In Proc. 3rd CCD COE International Conference on Cyber Conflict ICCC, Tallinn, Estonia, 2011.

(Acceptance rate: 40%)

[PDF]




Journal Articles


This Hacker Knows Physics: Device Physics Aware Mimicry Attacks in Cyber-Physical Systems.
Q. Gu, D. Formby, S. Ji, B. Saltaformaggio, A. Bourgeois, and R. Beyah.
IEEE Transactions on Dependable and Secure Computing TDSC, vol. 19 (5), pp. 3218–3230, 2021.
https://doi.org/10.1109/TDSC.2021.3089163.

[PDF]


Modeling Large-Scale Manipulation in Open Stock Markets.
C. Yagemann, S. P. Chung, E. Uzun, S. Ragam, B. Saltaformaggio, and W. Lee.
IEEE Security and Privacy Journal, vol. 19 (6), pp. 58–65, 2021.
https://doi.org/10.1109/MSEC.2021.3076717.

[PDF]


GEMINI: Guest-transparent honey files via hypervisor-level access redirection.
Z. Gu, B. Saltaformaggio, X. Zhang, and D. Xu.
Computers & Security COSE, vol. 77, pp. 737–744, 2018.
https://doi.org/10.1016/j.cose.2018.02.014.

[PDF]


Toward a more dependable hybrid analysis of android malware using aspect-oriented programming.
A. Ali-Gombe, B. Saltaformaggio, J. "Ram" Ramanujam, D. Xu, and G. G. Richard III.
Computers & Security COSE, vol. 73, pp. 235–248, 2018.
https://doi.org/10.1016/j.cose.2017.11.006.

[PDF]


Live acquisition of main memory data from Android smartphones and smartwatches.
S. J. Yang, J. H. Choi, K. B. Kim, R. Bhatia, B. Saltaformaggio, and D. Xu.
Digital Investigation, vol. 23, pp. 50–62, 2017.
https://doi.org/10.1016/j.diin.2017.09.003.

[PDF]




Theses


Convicted by Memory: Recovering Spatial-Temporal Digital Evidence from Memory Images.
B. Saltaformaggio.
Purdue University Theses and Dissertations. ProQuest Dissertations Publishing, Number 10249228, http://docs.lib.purdue.edu/dissertations/AAI10249228, 2016.

[PDF]

ACM SIGSAC Doctoral Dissertation Award.


Forensic Carving of Wireless Network Information from the Android Linux Kernel.
B. Saltaformaggio.
University of New Orleans Theses and Dissertations. ScholarWorks@UNO, Paper 20, http://scholarworks.uno.edu/honors_theses/20, 2012.

[PDF]