University of Florida, Research Assistant with FICS
Gainesville, FL – Fall 2015 - Present
- Advisor: Dr. Kevin R. B. Butler
- Area: Systems security
- Thesis: Developing methodologies for automatically analyzing embedded binary firmware.
- Performing large-scale analysis of Android firmware to explore hidden USB interfaces and device security policies
- Analyzing USB firmware using symbolic execution to automatically reason about device functionality
- Employed Intel SGX to balance Secure Function Evaluation (SFE) security with performance
- Worked to improve TLS security and agility through server-side enhancements
University of Central Florida, Undergraduate Research Assistant
Orlando, FL – Summer 2013 - 2014
- Advisor: Dr. Yier Jin
- Area: Internet of Things security
- Discovered a USB entry point into Google’s Nest Thermostat allowing full-root access
- Published findings at Black Hat USA 2014 entitled “Smart Nest Thermostat: A Smart Spy in your Home”
University of Central Florida, EXCEL Undergraduate Research
Orlando, FL – Spring 2013
- Advisor: Dr. Mingjie Lin
- Area: FPGAs
- Learned Verilog through working with a HDL Huffman decoder
Publications & Academic Work
- D. Tian, G. Hernandez, J. Choi, V. Frost, P. Johnson, and K. Butler. LBM: A Security Framework for Peripherals within the Linux Kernel. IEEE S&P, 2019.
- D. Tian, J. Choi, G. Hernandez, P. Traynor, and K. Butler. A Practical Intel SGX Setting for Linux Containers in the Cloud. ACM CODASPY, 2019.
- D. Tian, G. Hernandez, J. Choi, V. Frost, C. Ruales, K. Butler, P. Traynor, H. Vijayakumar, L. Harrison, A. Rahmati, and M. Grace. ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem. USENIX Security, 2018.
- G. Hernandez, F. Fowze, D. Tian, T. Yavuz, and K. Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution. ACM CCS, 2017.
- S. Etigowni, D. Tian, G. Hernandez, S. Zonouz, and K. Butler. CPAC: Securing Critical Infrastructure
with Cyber-Physical Access Control. ACSAC, 2016.
- G. Hernandez, O. Arias, D. Buentello, and Y. Jin. Smart Nest Thermostat: A Smart Spy in your Home.
Black Hat USA, 2014.
- A. Bates, D. Tian, G. Hernandez, T. Moyer, K. Butler, and T. Jaeger. Taming the Costs of Trustworthy
Provenance through Policy. Transactions on Internet Technology (TOIT), 2016.
- G. Hernandez, K. Butler. Android Escalation Paths: Building Attack-Graphs from SEAndroid Policies. ACM Security
& Privacy in Wireless and Mobile Networks (WiSec), 2018
- G. Hernandez, D. Tian, J. Choi, V. Frost, C. Ruales, K. Butler, P. Traynor, H. Vijayakumar, L. Harrison, A. Rahmati, and M. Grace. ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem. SEC Academic Conference, Apr. 2018. (Best Poster)
- — . ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem. FICS Conference, Mar. 2018.
- G. Hernandez, F. Fowze, D. Tian, C. Metcalf, T. Yavuz, and K. Butler. FirmUSB: Vetting USB Device
Firmware using Domain Informed Symbolic Execution. FICS Conference, Mar. 2017. (Best Poster)
- G. Hernandez, A. Bates, and K. Butler. SSL Certificate Verification Enhancements for the Server. FICS
- G. Hernandez and Y. Jin. Smart Nest Thermostat: A Smart Spy in your Home. UCF Showcase for Undergraduate Research, 2015
- S. Deshmukh, H. Carter, G. Hernandez, P. Traynor, and K. Butler. Efficient and Secure Template Blinding
for Biometric Authentication. Proceedings of the IEEE Workshop on Security and Privacy in the Cloud (SPC), 2016.
Program Chair Assistant
- Network & Distributed System Security Symposium (NDSS) – 2017
Assisted Ari Juels with recording HotCRP accept/reject decisions, limiting paper discussion time, and synchronizing dual-track PC meeting via custom spreadsheet.
- IEEE Symposium on Security & Privacy (Oakland, S&P) - 2017
- USENIX Security Symposium (USENIX Security) – 2017, 2018
- ACM Conference on Computer and Communications Security (CCS) - 2016, 2017
- ACM Asia Conference on Computer and Communications Security (AsiaCCS) - 2017, 2018
- Annual Computer Security Applications Conference (ACSAC) – 2017
- Network & Distributed System Security Symposium (NDSS) - 2017, 2018
- USENIX Symposium on Operating Systems Design and Implementation (OSDI) - 2016
- USENIX Workshop on Offensive Technologies Workshop on Offensive Technologies (WOOT) - 2016, 2017
- System Administrator for the Florida Institute of Cyber Security (FICS). Responsible for user management, patching, hardening, and monitoring 9 business-critical servers. (2015 – present)
- Helped develop, organize and run SwampCTF, a 48 hour international Capture the Flag competition, for the Student InfoSec Team (UFSIT). Built infrastructure using Ansible, Docker, AWS, and Netdata. Over 1,200 registered teams enjoyed our 28 hand-crafted cyber security challenges (March 2018).
- Advising and training the University of Florida’s Collegiate Cyber Defense Team (UFCCDC) under UF’s Registered Student Organization (RSO) the Student InfoSec Team (UFSIT) (2016-2017).
Reference: Dr. Joseph Wilson (firstname.lastname@example.org)
Honors & Awards
- Best poster: “ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem.” (SEC Academic Conference, Apr. 2018)
- CISE Graduate Scholarship (2017)
- 3rd place at the Southeast Regional Collegiate Cyber Defense Competition (SECCDC) (2017)
- Best poster: “FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution.” (FICS Conference, Mar. 2017)
- Harris Communication Fellowship (2015)
- Appointed as Florida Institute of National Security (FINS) Fellow (2015)
- Graduate School Fellowship Award (2015 - 2019)
University of Central Florida
- ICubed (I3) Fellow - presented Nest security research to an Advanced Painting class, inspiring their work (2015)
- Winner of the National Collegiate Cyber Defense Competition (NCCDC) out of 180 schools (April 2014)
- 1st place at the Southeast Regional Collegiate Cyber Defense Competition (SECCDC) (2013 and 2014)
- 2nd place at the UCONN CyberSEED Buffer Overflow competition (2014)
- 6th place and 5th place at CSAW CTF finals (2013 and 2014 respectively)
- UCF President’s Honor Role, 4.0 GPA (Fall 2011, Spring 2012, Fall 2012)
- EXCEL Student - NSF STEM only education program with guaranteed Sophomore year research (2011 - 2013)
- 1st place at UCF’s 25th annual High School Programming Tournament
- A Journey into Fuzzing with American Fuzzy Lop. Hack@UCF (2015)
- Smart Nest Thermostat: Smart Spy in your Home. Black Hat USA (2015)
- “Smartphone security risk compared to ‘having a ghost user on your phone’ ”
– University of Florida News (Quoted, August 22nd, 2018)
- “University Alabama Wins 2018 SEC Student Cyber Challenge Competition”
– SECU News, Auburn, AL (Mentioned for poster competition, April 9th, 2018)
- “Students Place Third in Cyber Defense Competition”
– Computer & Information Science & Engineering News, University of Florida (Quoted, April 10th, 2017)
- “CISE Students Win at 2017 FICS Research Conference on Cybersecurity”
Computer & Information Science & Engineering News, University of Florida (Quoted, April 3rd, 2017)
- “17 ways the Internet of Things can go horribly wrong”
– ZDNet (Mentioned, March 21st, 2016)
- “UCF Cyber Defense Turns Smart Thermostat Into Potential Spy”
– UCF Today (Mentioned, August 11th, 2014)
- “A used thermostat could hack your house”
– CNN Money (Interviewed (video), August 7th, 2014)
- “Is your Watch or Thermostat a Spy? Cybersecurity Firms are on it” NPR
– All Things Considered (Interviewed (voice), August 6th, 2014)
- “Nest Hackers Will Offer Tool To Keep The Google-Owned Company From Getting Users’ Data”
– Forbes Tech (Interviewed, July 16th, 2014)
- “UCF wins Raytheon cyber defense contest”
– Orlando Sentinel (Mentioned, April 28th, 2014)
- I’m a licensed amateur radio operator – KK4QIS