Tufts research pioneers safer digital systems

In an era where cybersecurity threats are increasingly sophisticated, ensuring the security and resilience of digital systems is more critical than ever. Tufts University is at the forefront of this challenge, with faculty like Lin Family Assistant Professor Daniel Votipka of the Department of Computer Science leading cutting-edge research in system security. As co-director of the Tufts Security and Privacy Lab (TSP), Votipka focuses on understanding how people build, operate, and defend digital systems against cyber threats.

Through a series of recent research papers, TSP has explored key areas such as improving system security analysis, strengthening defenses against malware, refining attribution techniques for Advanced Persistent Threats (APTs), and enhancing training methods for vulnerability discovery. These studies aim to bridge the gap between security research and real-world application, ultimately shaping a safer digital future.

Enhancing Automation for Protocol Reverse Engineering

One research paper explores protocol reverse engineering (ProtocolREing), a process that analyzes network data streams to identify communication protocols. ProtocolREing is essential for malware detection and overall system security. By studying how experts interact with reverse engineering tools, Votipka’s team identified key insights for improving automation and designing more intuitive user interfaces. Their findings lay the groundwork for future advancements in security analysis tools.

The paper "An Investigation of Interaction and Information Needs for Protocol Reverse Engineering Automation" was authored by Votipka and Tufts alumni James Mattei, EG25, Samantha Katcher, EG25, and Jared Chandler, E17, EG24. The research was presented at the Association of Computing Machinery's (ACM) Conference on Human Factors in Computing Systems (CHI) 2025 in Yokohama, Japan in May. Mattei accepted the best paper award on behalf of the group. 

Strengthening Cyber Threat Attribution

Based on interviews with 15 security practitioners, one study uncovers a gap between the evolving landscape of Advanced Persistent Threats (APTs) and the effectiveness of current attribution techniques. The research identifies key challenges in cyber threat attribution and provides recommendations for improving security response strategies. By refining attribution methods, the study aims to help security professionals more effectively identify and counter persistent cyber threats.

The paper "Expert Insights into Advanced Persistent Threats: Analysis, Attribution, and Challenges"—authored by Votipka and Tufts alum James Mattei, EG25, as well as co-authors Associate Professor Jorge Blasco of Universidad Politécnica de Madrid, Professor Lorenzo Cavallaro of University College London, and Associate Professors Martina Lindorfer and Aakanksha Saha of TU Wien University in Vienna was presented at USENIX Security 2025 in August.

Improving Training for Vulnerability Discovery

While many of the papers focus on established security professionals, one paper examines the challenges beginners face. The study identifies common obstacles to learning vulnerability discovery through binary exploitation exercises, such as unclear terminology and a lack of high-quality learning resources. By highlighting these gaps, the research offers insights into how structured learning approaches can better support newcomers in developing this essential cybersecurity skill.

The paper “‘I’m Trying to Learn… and I’m Shooting Myself in the Foot’”: Beginners’ Struggles When Solving Binary Exploitation Exercises” was authored by alumni James Mattei, EG25, Christopher Pellegrini, E24, Matthew Soto, A25, as well as Votipka, and PhD candidate Marina Sanusi Bohuk of Cornell University. The group shared their research at USENIX Security 2025.

Assessing Security Data Accessibility

The paper “Navigating the Patchwork: Investigating the Availability & Consistency of Security Advisories”—authored by PhD candidate Ronald Thompson, Luke Boshar, A26, Votipka, and Associate Professor Eugene Vasserman of Kansas State University,— will be presented at IEEE SecDev 2025 in Indianapolis, Indiana in October.

When a vulnerability is found in software, the companies who produce this software often create security advisories warning users about potential harms and any steps users can take to protect themselves. This study investigates the availability and consistency of these security advisories by reviewing advisories provided by 718 organizations that produce software running cyberphysical infrastructure (e.g., the power grid, water treatment facilities, healthcare technology) and other critical systems. The researchers found security advisories were often hard to access and use efficiently due to a lack of machine readable data and inconsistencies in data formatting. To support further research, the team is making their data collection system publicly available, ensuring greater transparency and collaboration in cybersecurity.

Driving Innovation in Cybersecurity

Votipka and the Tufts Security and Privacy Lab are making significant contributions to advancing cybersecurity practices. Their research not only improves technical methodologies, such as enhancing vulnerability discovery tools and refining patch management for system administrators, but also addresses broader security challenges, including improving threat attribution and streamlining cybersecurity training.

Learn more about Lin Family Assistant Professor Daniel Votipka and the Tufts Security and Privacy Lab.