I am an Assistant Professor in the Department of Computer Science at Purdue University and co-director of Purdue Security Laboratory (PurSec Lab). I am also affiliated with the Center for Education and Research in Information Assurance and Security (CERIAS), aiming to broaden interdisciplinary collaboration for security and privacy. I earned my Ph.D. in Computer Science and Engineering from Penn State University, where I was advised by Professor Patrick McDaniel and was the lead graduate student of the Systems and Internet Infrastructure Security Laboratory (SIIS).
My research investigates the design and evaluation of security for software and systems, specifically on emerging computing platforms and the complex environments in which they operate. Through systems design, program analysis, and formal methods, my research seeks to improve security and privacy guarantees in commodity computer systems. My research approach is best illustrated by my extensive work in the safety, security, and privacy of the Internet of Things (IoT)/Cyber-Physical Systems (CPS), robotic vehicles, automobiles, and autonomous vehicles. My research group actively publishes at top security conferences, including USENIX Security, Oakland, CCS, and NDSS.
I am a recipient of the Ross-Lynn Research Scholars Grant (2020), Google Aspire Award (2021, 2022, and 2023), NSF CAREER Award (2022), SecureComm Best Paper Award (2018), AutoSec General Motors AutoDriving Security Award (2022), VehicleSec Qualcomm Best Demo Runner-up Award (2023), The Most Influential Professor Award by Purdue CS Graduate Student Board (2020), and College of Science Faculty Leadership Award (2024). My group’s work has been sponsored by National Science Foundation (NSF), Office of Naval Research (ONR), Defense Advanced Research Projects Agency (DARPA), Department of Transportation (USDOT), Google, Apple, Cisco, Rolls Royce, Denso North America Foundation, and Sandia National Laboratories.
[Spring 24 and Fall 24] I’m looking for motivated PhD students and research interns. If you are a motivated student with an interest in security, I would be interested in speaking with you. If you are not a student at Purdue, please fill the following form for more information. If you are a student at Purdue, there are research opportunities for undergraduate/graduate students interested in security/privacy of Internet of Things and Cyber-Physical Systems, and Machine Learning Systems, please email me for details.
This introductory undergraduate course focuses on the principles and foundations of building secure computer systems, security best practices, and security failures in existing and emerging computer networks and systems. The course covers four key topic areas: basics of cryptography and crypto protocols, network security, systems security, and privacy. Students successfully completing this class will be able to understand and assess security threats, become familiar with security engineering best practices, write better software, protocols, and systems, and have rudimentary skills in security research.
In this course, we will study the latest research in the design of Internet of Things (IoT) and Cyber-Physical Systems (CPS) and methods for securing them. The course will provide foundations of safety and security of IoT/CPS and covers the topics of policy verification, approaches for designing safe and secure systems, techniques for detecting problems in conventional IoT/CPS design and repairing such problems. Example topics include the security of voice-controlled devices, IoT applications, edge computing, industrial control systems, and autonomous vehicles.
This graduate-level course will provide students with materials to discuss the intersection of two ubiquitous concepts: Security and Machine Learning. The course is structured in two parts: (1) Machine Learning for Security and (2) Security of Machine Learning Systems. The focus of the first part will be on building a principled understanding of key learning algorithms and techniques, and their applications within the security domain, as well as general questions related to analyzing and handling datasets. The first part will provide students with the necessary background to understand the second half of the course. The second part covers recently discovered security implications of deploying machine learning algorithms in the physical realm. Students will learn about attacks against computer systems leveraging machine learning algorithms, as well as defense techniques to mitigate such attacks during learning and inference.
2011-2021
Physical Side-Channel Attacks against Intermittent Devices
Muslum Ozgur Ozmen, Habiba Farrukh, and Z. Berkay Celik
Privacy Enhancing Technologies (PoPETS), 2024
Acceptance Rate: 19.5%
VOGUES: Validation of Object Guise using Estimated Components
Raymond Muller, Yanmao Man, Ming Li, Ryan Gerdes, Jonathan Petit, and Z. Berkay Celik
USENIX Security Symposium, 2024
Acceptance Rate: TBD
SAIN: Improving ICS Attack Detection Sensitivity via State-Aware Invariants)
Syed Ghazanfar Abbas, Muslum Ozgur Ozmen, Abdulellah Alsaheel, Arslan Khan, Z. Berkay Celik, and Dongyan Xu
USENIX Security Symposium, 2024
Acceptance Rate: TBD
A Systematic Study of Physical Sensor Attack Hardness
Hyungsub Kim, Rwitam Bandyopadhyay, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Yongdae Kim, and Dongyan Xu
IEEE Security and Privacy (IEEE S&P), 2024
Acceptance Rate: 17.8%
Wear’s my Data? Understanding the Cross-Device Runtime Permission Model in Wearables
Doguhan Yeke, Muhammad Ibrahim, Guliz Seray Tuncay, Habiba Farrukh, Abdullah Imran, Antonio Bianchi, and Z. Berkay Celik
IEEE Security and Privacy (IEEE S&P), 2024
Acceptance Rate: 17.8%
ATTention Please! An Investigation of the App Tracking Transparency Permission
Reham Mohamed, Arjun Arunasalam, Habiba Farrukh, Jason Tong, Antonio Bianchi, and Z. Berkay Celik
USENIX Security Symposium, 2024
Acceptance Rate: TBD
Understanding the Security and Privacy Implications of Online Toxic Content on Refugees
Arjun Arunasalam, Habiba Farrukh, Eliz Tekcan, and Z. Berkay Celik
USENIX Security Symposium, 2024
Acceptance Rate: TBD
The Dark Side of E-commerce: Dropshipping Abuse as a Business Model
Arjun Arunasalam, Andrew Chu, M. Ozgur Ozmen, Habiba Farrukh, and Z. Berkay Celik
Network and Distributed System Security Symposium (NDSS), 2024
Acceptance Rate: 15.0%
Can Large Language Models Provide Security & Privacy Advice? Measuring the Ability of LLMs to Refute Misconceptions.
Yufan Chen, Arjun Arunasalam, and Z. Berkay Celik.
In Annual Computer Security Applications Conference (ACSAC), 2023
Acceptance Rate: 24%
Discovering Adversarial Driving Maneuvers against Autonomous Vehicles
Ruoyu Song, M. Ozgur Ozmen, Hyungsub Kim, Raymond Muller, Z. Berkay Celik, and Antonio Bianchi
USENIX Security Symposium, 2023
Acceptance Rate: 29.2%
LocIn: Inferring Semantic Location from Spatial Maps in Mixed Reality
Habiba Farrukh, Reham Mohamed, Aniket Nare, Antonio Bianchi, and Z. Berkay Celik
USENIX Security Symposium, 2023
Acceptance Rate: 29.2%
ZBCAN: A Zero-Byte CAN Defense System
Khaled Serag, Rohit Bhatia, Akram Faqih, Vireshwar Kumar, Muslum Ozgur Ozmen, Z. Berkay Celik, and Dongyan Xu
USENIX Security Symposium, 2023
Acceptance Rate: 29.2%
That Person Moves Like A Car: Misclassification Attack Detection for Autonomous Systems Using Spatiotemporal Consistency
Yanmao Man, Raymond Muller, Ming Li, Z. Berkay Celik, and Ryan Gerdes
USENIX Security Symposium, 2023
Acceptance Rate: 29.2%
PatchVerif: Discovering Faulty Patches in Robotic Vehicles
Hyungsub Kim, M. Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, and Dongyan Xu
USENIX Security Symposium, 2023
Acceptance Rate: 29.2%
One Key to Rule Them All: Secure Group Pairing for Heterogeneous IoT Devices
Habiba Farrukh, M. Ozgur Ozmen, F. Kerem Ors, and Z. Berkay Celik
IEEE Security and Privacy (IEEE S&P), 2023
Acceptance Rate: 17%
iStelan: Disclosing Sensitive User Information by Mobile Magnetometer from Finger Touches
Reham Mohamed, Habiba Farrukh, He Wang, Yidong Lu, and Z. Berkay Celik
Privacy Enhancing Technologies (PoPETS), 2023
Acceptance Rate: 25%
Evasion Attacks and Defenses on Smart Home Physical Event Verification
M. Ozgur Ozmen, Ruoyu Song, Habiba Farrukh, and Z. Berkay Celik
Network and Distributed System Security Symposium (NDSS), 2023
Acceptance Rate: 16.2%
Discovering IoT Physical Channel Vulnerabilities
M. Ozgur Ozmen, Xuansong Li, Andrew Chun-An Chu, Z. Berkay Celik, Bardh Hoxha, and Xiangyu Zhang
ACM Conference on Computer and Communications Security (CCS), 2022
Acceptance Rate: 22%
Physical Hijacking Attacks against Object Trackers
Raymond Muller, Yanmao Man, Z. Berkay Celik, Ryan Gerdes, and Ming Li
ACM Conference on Computer and Communications Security (CCS), 2022
Acceptance Rate: 22%
PGPatch: Policy-Guided Logic Bug Patching for Robotic Vehicles
Hyungsub Kim, M. Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, and Dongyan Xu
IEEE Security and Privacy (IEEE S&P), 2022
Acceptance Rate: 14.5%
Behind the Tube: Exploitative Monetization of Content on YouTube
Andrew Chu, Arjun Arunaslam, M. Ozgur Ozmen, and Z. Berkay Celik
USENIX Security Symposium, 2022
Acceptance Rate: 18.1%
What do you see? Evaluation of Explainable Artificial Intelligence (XAI) Interpretability through Neural Backdoors
Yi-Shan Lin, Wen-Chuan Lee, and Z. Berkay Celik
ACM SIGKDD Conference on Knowledge Discovery & Data Mining (KDD), 2021
Acceptance Rate: 15.4%
S3: Side-channel Attack on Stylus Pencil Through Sensors
Habiba Farrukh, Tinghan Yang, Yuxuan Yin, Hanwen Xu, He Wang, and Z. Berkay Celik
ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT/UbiComp), 2021
Acceptance Rate: TBD
Exposing New Vulnerabilities of Error Handling Mechanism in CAN
Khaled Serag, Rohit Bhatia, Vireshwar Kumar, Z. Berkay Celik, and Dongyan Xu
USENIX Security Symposium, 2021
Acceptance Rate: 18.8%
Evading Voltage-Based Intrusion Detection on Automotive CAN
Rohit Bhatia, Vireshwar Kumar, Khaled Serag, Z. Berkay Celik, Mathias Payer, and Dongyan Xu
Network and Distributed System Security Symposium (NDSS), 2021
Acceptance Rate: 15.2%
ATLAS: A Sequence-based Learning Approach for Attack Investigation
Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Z. Berkay Celik, Dongyan Xu, and Xiangyu Zhang
USENIX Security Symposium, 2021
Acceptance Rate: 18.8%