Bo Luo

Professor, Department of Electrical Engineering and Computer Science
Director, High Assurance and Secure Systems (HASS) Research Center
Institute for Information Sciences (I2S)
The University of Kansas


Contact info

Department of Electrical Engineering and Computer Science (EECS)
2016 Eaton Hall, 1520 West 15th St, Lawrence KS, 66045

Institute for Information Sciences (I2S)
341 Nichols Hall, 2335 Irving Hill Road, Lawrence, KS 66045

phone: 785-864-7749; email: bluo <at> ku <dot> edu

My PGP public key
My not-so-updated vita

Research

My current research interests lie in the intersection of security and privacy and data science. In particular, I'm interested in:
          •   Adversarial machine learning
          •   Information and system security
          •   IoT/CPS and hardware-enabled security
          •   Privacy, online social networks

We are looking for self-motivated students who are interested in academic research on information security. If you are interested in this opportunity or if you have questions, please drop me an email: bluo <at> ku <dot> edu.

I'm serving as the general co-chair of ACM CCS 2024. Submit your paper and/or join us in Salt Lake City!

I am the PI of Jayhawk SFS -- CyberCorps: Scholarship for Service program at KU. For more information about the program, please visit Jayhawk SFS program homepage.

I am the director of the High Assurance and Secure Systems (HASS) Research Center at I2S. I2S is a National Center of Academic Excellence in Cyber Defense (CAE/CD) and Research (CAE-R) designated by the National Security Agency and Department of Homeland Security.

Education

The Pennsylvania State University, University Park, Pennsylvania
Ph.D., Information Sciences and Technology, August, 2008.      Advisor: Dr. Dongwon Lee

The Chinese University of Hong Kong, Shatin, N.T. Hong Kong
M.Phil., Information Engineering, December, 2003.     Advisor: Dr. Xiaoou Tang

University of Sciences and Technology of China, Hefei, Anhui, P.R.China
B.E., Electronic and Information Engineering, July, 2001.     Advisor: Dr. Nenghai Yu

Selected Publications

  • PETS 2025. Zhaohui Wang, Bo Luo, and Fengjun Li. PrivacyGuard: Exploring Hidden Cross-App Privacy Leakage Threats In IoT Apps. In the 25th Privacy Enhancing Technologies Symposium (PETS), 2025.
  • ACSAC 2024. Javaria Ahmad, Fengjun Li, Razvan Beuran, and Bo Luo. Eunomia: A Real-time Privacy Compliance Monitor for Alexa Skills. In Annual Computer Security Applications Conference (ACSAC), 2024. (accepted)
  • CCS 2024. Zeyan Liu, Zijun Yao, Fengjun Li, and Bo Luo. On the Detectability of ChatGPT Content: Benchmarking, Methodology, and Evaluation through the Lens of Academic Writing. In ACM Conference on Computer and Communications Security (CCS) , 2024. (accepted) [full paper with appendix ][data and code]
  • CCS 2024. Ye Wang, Zeyan Liu, Bo Luo, Rongqing Hui, and Fengjun Li. The Invisible Polyjuice Potion: an Effective Physical Adversarial Attack against Face Recognition. In ACM Conference on Computer and Communications Security (CCS), 2024. (accepted) [pdf]
  • CCS 2024. Lingjing Yu, Jingli Hao, Jun Ma, Yong Sun, Yijun Zhao, and Bo Luo. A Comprehensive Analysis of Security Vulnerabilities and Attacks in Satellite Modems. In ACM Conference on Computer and Communications Security (CCS), 2024. (accepted) [pdf]
  • ESORICS 2024. Yuying Li, Zeyan Liu, Junyi Zhao, Liangqin Ren, Fengjun Li, Jiebo Luo, and Bo Luo. The Adversarial AI-Art: Understanding, Generation, Detection, and Benchmarking. In European Symposium on Research in Computer Security (ESORICS), 2024. [pdf][data and code]
  • ESORICS 2024.Prashanthi Mallojula, Fengjun Li, Xiaojiang Du, and Bo Luo. Companion Apps or Backdoors? on the Security of Automotive Companion Apps. In European Symposium on Research in Computer Security (ESORICS), 2024. [pdf]
  • USENIX Security 2024. Jinrui Ma, Lutong Chen, Kaiping Xue, Bo Luo, Xuanbo Huang, Mingrui Ai, Huanjie Zhang, David S. L. Wei, Yan Zhuang. FakeBehalf: Imperceptible Email Spoofing Attacks against the Delegation Mechanism in Email Systems. In USENIX Security Symposium, 2024. [pdf]
  • USENIX Security 2024. Xuanbo Huang, Kaiping Xue, Lutong Chen, Mingrui Ai, Huancheng Zhou, Bo Luo, Guofei Gu, and Qibin Sun. You Can Obfuscate, but You Cannot Hide: CrossPoint Attacks against Network Topology Obfuscation. In USENIX Security Symposium, 2024. [pdf]
  • USENIX Security 2024. Dongli Liu, Wei Wang, Peng Xu, Laurence T. Yang, Bo Luo, and Kaitai Liang. d-DSE: Distinct Dynamic Searchable Encryption Resisting Volume Leakage in Encrypted Databases. In USENIX Security Symposium, 2024.
  • PETS 2024. Liangqin Ren, Zeyan Liu, Fengjun Li, Kaitai Liang, Zhu Li, and Bo Luo. PrivDNN: A Secure Multi-Party Computation Framework for Deep Learning using Partial DNN Encryption. In the 24th Privacy Enhancing Technologies Symposium (PETS), Bristol, UK, 2024.
  • ICPC 2024. Yijun Zhao, Lingjing Yu, Yong Sun, Qingyun Liu, and Bo Luo. No Source Code? No Problem! Demystifying and Detecting Mask Apps in iOS. In ACM/IEEE International Conference on Program Comprehension (ICPC), Lisbon, Portugal, 2024. (ICPC 2024 Distinguished Paper Award)
  • NDSS 2023. Tianyang Chen, Peng Xu, Stjepan Picek, Bo Luo, Willy Susilo, Hai Jin, and Kaitai Liang. The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption. In Network and Distributed System Security Symposium (NDSS), 2023. [link]
  • TDSC 2023. Tao Xue, Yu Wen, Bo Luo, Gang Li, Yingjiu Li, Boyang Zhang, Yang Zheng, Yanfei Hu, and Dan Meng. SparkAC: Fine-Grained Access Control in Spark for Secure Data Sharing and Analytics. In IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 20, iss. 2, 2023. [link]
  • CCS 2022. Zeyan Liu, Fengjun Li, Zhu Li, and Bo Luo. LoneNeuron: a Highly-effective Feature-domain Neural Trojan using Invisible and Polymorphic Watermarks. In ACM SIGSAC Conference on Computer and Communications Security (CCS), Los Angeles, CA, USA, 2022 (Acceptance rate: 22.5%) [link][pdf]
  • CCS 2022. Mingrui Ai, Kaiping Xue, Bo Luo, Lutong Chen, Nenghai Yu, Qibin Sun, and Feng Wu. Blacktooth: Breaking through the Defense of Bluetooth in Silence. In ACM SIGSAC Conference on Computer and Communications Security (CCS), Los Angeles, CA, USA, 2022 (Acceptance rate: 22.5%) (CCS Best Paper Honorable Mention) [link][pdf]
  • ESORICS 2022. Zeyan Liu, Fengjun Li, Jingqiang Lin, Zhu Li, and Bo Luo. Hide and Seek: on the Stealthiness of Attacks against Deep Learning Systems. In European Symposium on Research in Computer Security (ESORICS), Copenhagen, Denmark, 2022. (Acceptance rate: 18.5%) [pdf]
  • ESORICS 2022. Javaria Ahmad, Fengjun Li, and Bo Luo. IoTPrivComp: A Measurement Study of Privacy Compliance in IoT Apps. In European Symposium on Research in Computer Security (ESORICS), Copenhagen, Denmark, 2022. (Acceptance rate: 18.5%) [pdf]
  • ACSAC 2021. Sohaib Kiani, Sana Awan, Chao Lan, Fengjun Li, and Bo Luo. Two Souls in an Adversarial Image: Towards Universal Adversarial Example Detection using Multi-view Inconsistency. In Annual Computer Security Applications Conference (ACSAC), 2021. (Acceptance rate: 24.5%) (ACSAC Distinguished Paper Award) [link][pdf][code]
  • ESORICS 2021. Sana Awan, Bo Luo, and Fengjun Li. CONTRA: Defending against Poisoning Attacks in Federated Learning. In European Symposium on Research in Computer Security (ESORICS), 2021. (Acceptance rate: 20.2%) [link][pdf]
  • TDSC 2021. Congwu Li, Le Guan, Jingqiang Lin, Bo Luo, Quanwei Cai, Jiwu Jing, and Jing Wang. Mimosa: Protecting Private Keys against Memory Disclosure Attacks using Hardware Transactional Memory. In IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 18, iss. 3, 2021. [link] [pdf]
  • USENIX Security 2020. Lingjing Yu, Bo Luo, Jun Ma, Zhaoyu Zhou, and Qingyun Liu. You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFi. In USENIX Security Symposium, 2020. (Acceptance rate: 16.1%) [link] [pdf]
  • ESORICS 2020. Abdulmalik Humayed, Fengjun Li, Jingqiang Lin, and Bo Luo. CANSentry: Securing CAN-Based Cyber-Physical Systems against Denial and Spoofing Attacks. In European Symposium on Research in Computer Security (ESORICS), 2020. (Acceptance rate: 19.6%) [link][pdf] [intro video] [presentation]
  • ACSAC 2020. Tao Xue, Yu Wen, Bo Luo, Boyang Zhang, Yang Zheng, Yanfei Hu, Yingjiu Li, Gang Li, and Dan Meng. GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark. In Annual Computer Security Applications Conference (ACSAC), 2020. (Accepted, acceptance rate: 23.2%)
  • ACSAC 2019. Fangjie Jiang, Quanwei Cai, Jingqiang Lin, Bo Luo, Le Guan, and Ziqiang Ma. TF-BIV: Transparent and Fine-grained Binary Integrity Verification in the Cloud. In Annual Computer Security Applications Conference (ACSAC), 2019. (Acceptance rate: 22.6%). [pdf]
  • PETS 2019. Qiaozhi Wang, Hao Xue, Fengjun Li, Dongwon Lee, and Bo Luo. #DontTweetThis: Scoring Private Information in Social Networks. In the 19th Privacy Enhancing Technologies Symposium (PETS), 2019 (Acceptance rate: 16/91, Vol 4. 2019). [link] [pdf]
  • ESORICS 2018. Lei Yang, Chris Seasholtz, Bo Luo, and Fengjun Li. Hide Your Hackable Smart Home From Remote Attacks: The Multipath Onion IoT Gateways. In European Symposium on Research in Computer Security (ESORICS), Barcelona, Spain, 2018. (Acceptance rate: 19.7%) [link] [pdf]
  • TDSC 2018. Le Guan, Jingqiang Lin, Ziqiang Ma, Bo Luo, Luning Xia, and Jiwu Jing. Copker: A Cryptographic Engine against Cold-Boot Attacks. In IEEE Transactions on Dependable and Secure Computing (TDSC). Volume: 15, Issue: 5, 2018. [link] [pdf]
  • ACSAC 2017. Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing, and Luning Xia. Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices. In Annual Computer Security Applications Conference (ACSAC), 2017 (ACSAC 2017 Best Paper Award). [link] [pdf]
  • IOTJ 2017. Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo. Cyber-Physical Systems Security -- A Survey. In IEEE Internet of Things Journal - Special Issue on Security and Privacy in Cyber-Physical Systems, Volume: 4 Issue: 6, 2017. [link] [pdf]
  • TKDE 2017. Chao Lan, Yuhao Yang, Xiaoli Li, Bo Luo, and Jun Huan. Learning Social Circles in Ego-Networks based on Multi-View Network Structure. In IEEE Transactions on Knowledge and Data Engineering (TKDE), vol. 29, iss. 8, Aug 2017. [link] [pdf]
  • TDSC 2017. Linzhi Jiang, Chunxiang Xu, Xiaofang Wang, Bo Luo, and Huaqun Wang. Secure outsourcing SIFT: Efficient and Privacy-preserving Image Feature Extraction in the Encrypted Domain. In IEEE Transactions on Dependable and Secure Computing (TDSC), 2017. [link] [pdf]
  • S&P 2015. Le Guan, Jingqiang Lin, Bo Luo, Jiwu Jing, and Jing Wang. Protecting Private Keys against Memory Disclosure Attacks using Hardware Transactional Memory. In IEEE Symposium on Security & Privacy (Oakland), 2015 (Acceptance rate: 13.5%). [link] [pdf]
  • TKDE 2015. Manogna Thimma, Fang Liu, Jingqiang Lin, and Bo Luo. HyXAC: Hybrid XML Access Control Integrating View-based and Query-rewriting Approaches. In IEEE Transactions on Knowledge and Data Engineering (TKDE), vol 27, issue 8, 2015.
  • CIKM 2014. Yuhao Yang, Chao Lan, Xiaoli Li, Bo Luo, and Jun Huan. Automatic Social Circle Detection Using Multi-View Clustering. In ACM Conf. on Information and Knowledge Management (CIKM), 2014 (Acceptance rate: 20.9%).
  • BigData 2014. Wenrong Zeng, Yuhao Yang, and Bo Luo. Using Data Content to Assist Access Control for Large-Scale Content-Centric Databases. In IEEE International Conference on Big Data (IEEE BigData), 2014 (Acceptance rate: 18.5%).
  • NDSS 2014. Le Guan, Jingqiang Lin, Bo Luo, and Jiwu Jing. Copker: Computing with Private Keys without RAM. In Network and Distributed System Security Symposium (NDSS), 2014 (Acceptance rate: 18%)
  • TIFS 2013. Fengjun Li, Bo Luo, Peng Liu, Dongwon Lee, and Chao-Hsien Chu. Enforcing Secure and Privacy-Preserving Information Brokering in Distributed Information Sharing. In  IEEE Transactions on Information Forensics & Security, vol 8, no 6, pp. 888-900, June 2013.
  • TKDE 2013. Yuxin Chen, Hariprasad Sampathkumar, Bo Luo, and Xue-wen Chen. iLike: Bridging the semantic gap in vertical image search by integrating text and visual features. In IEEE Transactions on Knowledge and Data Engineering, vol 25, issue 10, pp. 2257-2270, 2013.
  • CIKM 2012. Shu Huang, Min Chen, Bo Luo, and Dongwon Lee. Predicting aggregate social activities using continuous-time stochastic process. In 21st ACM Conf. on Information and Knowledge Management (CIKM), Maui HI, USA, October 2012. Acceptance Rate: 13.4%
  • CIKM 2011. Hongliang Fei, Ruoyi Jiang, Yunhao Yang, Bo Luo, and Jun Huan, Content based Social Behavior Prediction: A Multi-task Learning Approach. In Proceedings of the 20th ACM International Conference on Information and Knowledge Management (CIKM), Glasgow, UK, October 2011.
  • VLDBJ 2011. Bo Luo, Dongwon Lee, Wang-Chien Lee, and Peng Liu. QFilter: Rewriting Insecure XML Queries to Secure Ones using Non-Deterministic Finite Automata. In The VLDB Journal, vol. 20, no. 3, 2011.
  • MM 2010. Yuxin Chen, Nenghai Yu, Bo Luo, and Xue-wen Chen. iLike: Integrating Visual and Textual Features for Vertical Search. In ACM Multimedia Conference (ACMMM), Firenze, Italy, October 2010. Acceptance rate: 17%
  • Infocom 2010. Fengjun Li, Bo Luo, Peng Liu, and Chao-Hsien Chu. A Node-failure Resilient Anonymous Communication Protocol through Commutative Path Hopping. In IEEE Conference on Computer Communications (INFOCOM), San Diego, CA, March 2010. Acceptance rate: 17.5%
  • CCS 2007. Fengjun Li, Bo Luo, Peng Liu, Dongwon Lee, and Chao-Hsien Chu. Automaton Segmentation: A New Approach to Preserve Privacy in XML Information Brokering. In 14th ACM Conf. on Computer and Communication Security (CCS), Alexandria, VA, USA, October 2007. Acceptance rate: 18%
  • ESORICS 2007. Bo Luo, Dongwon Lee, and Peng Liu. Pragmatic XML Access Control using Off-the-shelf RDBMS. In 12th European Symposium On Research In Computer Security (ESORICS), Dresden, Germany, September 2007. Acceptance rate: 23.8%
  • CIKM 2004. Bo Luo, Dongwon Lee, Wang-Chien Lee, and Peng Liu. QFilter: Fine-Grained Run-Time XML Access Control via NFA-based Query Rewriting. In ACM Thirteenth Conference on Information and Knowledge Management (CIKM), pp 543-552, Washington D.C., USA, Nov. 2004. Acceptance rate: 20%