About Me

I am a computing educator and researcher with a focus on the security of mobile applications and networks

I am an Assistant Professor in the Department of Computer Science and a member of the Wolfpack Security and Privacy Research (WSPR) Lab.

My research is dedicated to measuring and improving the security and privacy of computer systems, with a particular emphasis on telephone networks and software for mobile platforms. This work has addressed detection and measurement of mobile malware in the wild, identified systemic risks in developing world mobile money systems, and provided new techniques to distinguish legitimate and fraudulent phone calls. My research integrates knowledge from fields as diverse as signal processing and digital communications; data science, machine learning, and statistics; cryptography; program analysis; reverse engineering; and Internet and telephone networks.

Opportunity: I am currently recruiting creative, hard-working students with a strong systems background interested in doing computer security research. I am especially interested in recruiting students who are from under-represented groups in computing. If you are an NC State student and this sounds interesting, email me directly. If you are not currently a student at NC State but are still interested in my research, please apply to the program. Be sure to put my name as a faculty member you are interested in working with.


Christian Peeters, Hadi Abdullah, Nolen Scaife, Jasmine Bowers, Patrick Traynor, Bradley Reaves, and Kevin Butler. Sonar: Detecting SS7 Redirection Attacks Via Call Audio-Based Distance Bounding. In Proceedings of the 39th IEEE Symposium on Security and Privacy, 2018.

Patrick Traynor, Kevin R.B. Butler, Jasmine Bowers, and Bradley Reaves. Fintechsec: Addressing the security challenges of digital financial services. IEEE S&P Magazine, 15(5):85-89, October 2017.

Bradley Reaves, Logan Blue, Hadi Abdullah, Luis Vargas, Patrick Traynor, and Tom Shrimpton. AuthentiCall: Efficient Identity and Content Authentication for Phone Calls. In Proceedings of the 26th USENIX Security Symposium, August 2017. (Acceptance Rate: 16.3%).

Jasmine Bowers and Bradley Reaves and Imani N. Sherman and Patrick Traynor and Kevin Butler. Regulators, Mount Up? Analysis of Privacy Policies for Mobile Money Applications. In Proceedings of the Thirteenth Symposium on Usable Privacy and Security, July 2017. (Acceptance Rate: 26.5%).

Adam Bates, Wajih Ul Hassan, Kevin Butler, Alin Dobra, Bradley Reaves, Patrick Cable, Thomas Moyer, and Nabil Schear. Transparent Web Service Auditing via Network Provenance Functions. In Proceedings of the 26th International World Wide Web Conference, April 2017. (Acceptance Rate: 17%).

Stephan Heuser, Bradley Reaves, Praveen Kumar Pendyala, Henry Carter, Alexandra Dmitrienko, William Enck, Negar Kiyavash, Ahmad-Reza Sadeghi, and Patrick Traynor. Phonion: Practical Protection of Metadata in Telephony Networks. Proceedings on Privacy Enhancing Technologies, 2017(1), January 2017.

Bradley Reaves, Jasmine Bowers, Nolen Scaife, Adam Bates, Arnav Bhartiya, Patrick Traynor, and Kevin R.B. Butler. Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World. In ACM Transactions on Privacy and Security, 2017.

Bradley Reaves, Jasmine Bowers, Sigmond A. Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, William Enck, and Patrick Traynor. *droid: Assessment and Evaluation of Android Application Analysis Tools. ACM Computing Surveys, 49(3), October 2016.

Bradley Reaves, Logan Blue, and Patrick Traynor. Authloop: Practical End-to-End Cryptographic Authentication for Telephony over Voice Channels. In Proceedings of 25th USENIX Security Symposium, Austin, TX, August 2016. (Acceptance Rate: 15.5%).

Bradley Reaves, Logan Blue, Dave Tian, Patrick Traynor, and Kevin R. B. Butler. Detecting SMS Spam in the Age of Legitimate Bulk Messaging. In Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, July 2016. Short Paper. (Acceptance Rate: 28.0%) .

Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin Butler. Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways. In Proceedings of the 37th IEEE Symposium on Security and Privacy, San Jose, CA, May 2016. (Acceptance Rate: 13.0%).

David Dewey, Bradley Reaves, and Patrick Traynor. Uncovering Use-After-Free Conditions In Compiled Code. In Proceedings of the 2015 International Conference on Availability, Reliability, and Security (ARES), 2015. (Acceptance Rate: 22.0%).

Bradley Reaves, Nolen Scaife, Adam Bates, Patrick Traynor, and Kevin R.B. Butler. Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World. In Proceedings of the 24th USENIX Security Symposium, 2015. (Acceptance Rate: 15.7%).

Bradley Reaves, Ethan Shernan, Adam Bates, Henry Carter, and Patrick Traynor. Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge. In Proceedings of the 24th USENIX Security Symposium, 2015. (Acceptance Rate: 15.7%).

Charles Lever, Manos Antonakakis, Brad Reaves, Patrick Traynor, and Wenke Lee. The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers. In Proceedings of the 20th Network and Distributed System Security Symposium, San Diego, CA, February 2013. (Acceptance Rate: 18.8%).

Saurabh Chakradeo, Bradley Reaves, Patrick Traynor, and William Enck. MAST: Triage for Market-scale Mobile Malware Analysis. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2013. (Acceptance Rate: 15.0%).

Reaves, Bradley and Thomas Morris. An open virtual testbed for industrial control system security research. International Journal of Information Security, 11(4):215-229, 2012. [ DOI ]

Reaves, Bradley and Thomas Morris. Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems. International Journal of Critical Infrastructure Protection, 2012. [ DOI | http ]

Thomas Morris, Anurag Srivastava, Bradley Reaves, Wei Gao, Kalyan Pavurapu, and Ram Reddi. A control system testbed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection, August 2011. [ http ]

Wei Gao, Thomas Morris, Bradley Reaves, and Drew Richey. On SCADA Control System Command and Response Injection and Intrusion Detection. In IEEE eCrime Researchers Summit, Dallas, TX, October 2010. [ http ]

Thomas Morris, Anurag Srivastava, Bradley Reaves, Kalyan Pavurapu, Sharif Abdelwahed, Rayford Vaughn, Wesley McGrew, and Yoginder Dandass. Engineering Future Cyber-Physical Energy Systems: Challenges, Research Needs, and Roadmap. In 2009 IEEE North American Power Symposium, Starkville, MS, October 2009.

Bradley Reaves and Thomas Morris. Discovery, Infiltration, and Denial of Service in a Process Control System Wireless Network. In 2009 eCrime Researchers Summit, Tacoma, WA, USA, October 2009. [ DOI | http ]

This file was generated by bibtex2html 1.96.


Campus Box 8206
890 Oval Drive, EB2 Room 3256
Raleigh, NC 27695-8206
BGReaves at ncsu dot edu
Social Media:
Twitter, LinkedIn