Research & Publications

I obtained my M.Sc. and Ph.D. in Computer Science from the School of Computing (SoC), National University of Singapore (NUS). Prior to teaching at NUS, I was a Scientist and Acting Lab Head of the Mobile Forensics & Security Lab at the Cyber Security & Intelligence Department, Institute for Infocomm Research (I2R), A*STAR. Before that, I was an Associate Scientist and then a Research Scientist with the Temasek Laboratories at the National University of Singapore (TL@NUS).

I am interested in many areas of computer security, including:

• Mobile security:

  • Malware behavior detection and analysis

  • Application code transformation and analysis 

  • Hardened app-execution environment

  • Device policy formalism and analysis

• System security:

  • Secure program execution

  • Intrusion Detection System (IDS)

  • Access control

• Network security:

  • Secure network protocol construction, analysis and formal verification

  • Public-Key Infrastructure

  • Privacy-preserving communication networks

I have published the following peer-reviewed papers in cybersecurity education, mobile, system, and network security.

Cybersecurity Education:

• Sufatrio, Jan Vykopal, and Ee-Chien Chang, “Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications”, Australasian Computing Education Conference (ACE ’22), February, 2022, Virtual Event, Australia, ACM, 2022.

Mobile Security:

• Zhongmin Dai, Sufatrio, Tong-Wei Chua, Dinesh Kumar Balakrishnan, and Vrizlynn L. L. Thing, “Chat-App Decryption Key Extraction through Information Flow Analysis”, 2nd Singapore Cyber Security R&D Conference (SG-CRC), Singapore, A Systems Approach to Cyber Security, Cryptology and Information Security Series, Vol. 15, pp. 3-18, IOS Press, February, 2017 (Best Paper Award).

• Vivek Balachandran*, Sufatrio*, Darell J.J. Tan, and Vrizlyn L.L. Thing, “Control Flow Obfuscation for Android Applications”, Computers & Security, Vol. 61, pp. 72–93, August 2016 (*on equal contribution).

• Sufatrio, Tong-Wei Chua, Darell J. J. Tan, and Vrizlynn L. L. Thing, “Accurate Specification for Robust Detection of Malicious Behavior in Mobile Environments”, 20th European Symposium on Research in Computer Security (ESORICS '15), Vienna, Austria, LNCS Vol. 9327, Springer, 2015.

• Sufatrio, Darell J. J. Tan, Tong-Wei Chua, and Vrizlynn L. L. Thing, “Securing Android: A Survey, Taxonomy, and Challenges”, ACM Computing Surveys, Vol. 47, Issue 4, Article 58, May 2015.

• Darell J. J. Tan, Sufatrio, and Tong-Wei Chua, “Mobile Malware Analysis: Analysis of the iBanking Malware and its Variants”, 14th Digital Forensics Research Conference (DFRWS USA) Mobile Security & Forensics Challenge 2014, 1st Place Winner, Practitioner category, 2014.

System Security:

• Sufatrio and Roland H.C. Yap, “Quantifying the Effects of More Timely Certificate Revocation on Lightweight Mobile Devices”, 3rd International Workshop on Security Measurements and Metrics (MetriSec ’11), Alberta, Canada, 2011.

• Sufatrio and Roland H.C. Yap, “Trusted Principal-Hosted Certificate Revocation”, 5th IFIP WG 11.11 International Conference on Trust Management (IFIPTM ’11), Copenhagen, Denmark, IFIP AICT Vol. 358, Springer, 2011.

• Yongzheng Wu, Sufatrio, Roland H.C. Yap, Rajiv Ramnath, and Felix Halim, “Software Integrity Trust: A Survey and Lightweight Authentication System for Windows”, book chapter, in Zheng Yan (ed.), Trust Modeling and Management in Digital Environments: From Social Concept to System Development, IGI Global, 2010.

• Felix Halim, Rajiv Ramnath, Sufatrio, Yongzheng Wu, and Roland H.C. Yap, “A Lightweight Binary Authentication System for Windows”, Joint ITrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM ’08), Trondheim, Norway, IFIP AICT Vol. 263, Springer, 2008.

• Rajiv Ramnath, Sufatrio, Roland H.C. Yap, and Wu Yongzheng, “WinResMon: A Tool for Discovering Software Dependencies, Configuration, and Requirements in Microsoft Windows”, 20th USENIX Large Installation System Administration (LISA ’06), Washington, DC, 2006.

• Sufatrio and Roland H.C. Yap, “Improving Host-based IDS with Argument Abstraction to Prevent Mimicry Attacks”, 8th International Symposium on Recent Advances in Intrusion Detection (RAID ’05), Seattle, LNCS Vol. 3858, Springer, 2005.

• Sufatrio, Roland, H.C. Yap, and Liming Zhong, “A Machine-Oriented Integrated Vulnerability Database for Automated Vulnerability Detection and Processing”, 18th USENIX Large Installation System Administration (LISA ’04), Atlanta, GA, 2004.

Network Security:

• Sufatrio, Roland H.C. Yap, “Extending BAN Logic for Reasoning with Modern PKI-based Protocols”, IFIP International Workshop on Network and System Security (NSS ’08), Shanghai, China, 2008.

• Sufatrio and K.-Y. Lam, “Internet Mobility Support Optimized for Client Access and Its Scalable Authentication Framework”, Mobile Data Access (MDA ’99), Hong Kong, LNCS Vol. 1748, Springer, 1999.

• Sufatrio and K.-Y. Lam, “Scalable Authentication Framework for Mobile-IP (SAFe-MIP)”, IETF Internet Draft, November 1999.

• Sufatrio and K.-Y. Lam, “Mobile-IP Registration Protocol: A Security Attack and New Secure Minimal Public Key Based Authentication”, 4th International Symposium on Parallel Architectures, Algorithms, and Networks (I-SPAN ’99), Perth/Fremantle, Australia, 1999.

Cryptography:

• Sufatrio and C.-P. Xing, “Search for Elliptic Curves of Characteristic Two”, First Japan-Singapore Joint Workshop on Information Security (JWIS ’98), Singapore, Information Security Technical (ISEC) Group of IEICE, 1998.

Page Links:   Teaching   -   Research & Publications   -   Industry Trainings