In August 2023, I was featured as a part of the "Why I Teach" series at Texas A&M University - Corpus Christi. I would like to thank my students: Laila Romero, Efrén López Morales, and Jacob Hopkins, as well as my colleague Tianxing Chu for the wonderful words they shared about me. I am indeed in debt with all of you.

MORE NEWS!


Research Affiliation and Interests


sefcom-gray I lead the Cybersecurity Research and Innovation Laboratory (CSRIL) at Texas A&M University - Corpus Christi. I have experience on the inception, preparation and communication of ideas, and I can effectively contribute to projects that focus on effectiveness, efficiency, and innovation. My research interests lay at the intersection of cybersecurity and software specification, verification, and validation. Concretely, I have experience on the development of techniques for verifying the correct implementation of access control models at the source-code level using formal specifications. Also, I have interest in the enforcement of fundamental cybersecurity principles and methodologies for emerging technologies, e.g., authorization and access control. Also recently, I have explored approaches for enhancing the protection of mission-critical cyber-infrastructures such as Energy Delivery Systems (EDS) and Unmanned Aerial Vehicles (UAVs), a.k.a., drones.

Publications: Summary

My research work has led to 50+ publications in prestigious venues including the ACM Conference in Computer and Communications Security (CCS), the USENIX Security Symposium (USENIX), the IEEE Security & Privacy Symposium (S&P), the ACM Symposium on Access Control Models and Technologies (SACMAT), the ACM Conference on Data and Applications Security and Privacy (CODASPY), the IEEE International Computer Software and Applications Conference (COMPSAC), among others.

Publications: Ph.D. Dissertation

  1. Federated Access Management for Collaborative Environments
    Carlos E. Rubio-Medrano
    Arizona State University,
    Tempe, AZ, USA, December, 2016
    (PDF) (BibTex)

Publications: Authorization and Access Control

  1. Towards Collaboration-Aware Resource Sharing in Research Computing Infrastructures
    Souradip Nath, Ananta Sojeni, Jaejong Baek, Carlos E. Rubio-Medrano, and Gail-Joon Ahn.
    The 10th IEEE International Conference on Collaboration and Internet Computing (CIC 2025)
    Pittsburgh, PA, USA, November 11-14, 2025
    (PDF) (BibTex)
  2. "I Apologize For Not Understanding Your Policy": Exploring the Specification and Evaluation of Security Authorization Policies by AI-Based Virtual Assistants
    Jennifer Mondragon, Gael Cruz, Dvijesh Shastri and Carlos E. Rubio-Medrano
    The ACM Workshop on Human-Centered AI Privacy and Security (HAIPS 2025), in conjunction with the ACM Conference on Computer and Communications Security (ACM CCS 2025)
    Taipei, Taiwan, October 7, 2025
    (PDF) (BibTex)
  3. "It's almost like Frankenstein": Investigating the Complexities of Scientific Collaboration and Privilege Management within Research Computing Infrastructures
    Souradip Nath, Ananta Soneji, Jaejong Baek, Tiffany Bao, Adam Doupé, Carlos E. Rubio-Medrano, and Gail-Joon Ahn
    The 46th IEEE Symposium on Security and Privacy
    San Francisco, CA, USA, May 12-15, 2025
    (PDF) (BibTex) (Website)
  4. Circles of Trust: A Voice-Based Authorization Scheme for Securing IoT Smart Homes
    Jennifer Mondragon, Gael Cruz, Dvijesh Shastri, and Carlos E. Rubio-Medrano
    The 29th ACM Symposium on Access Control Models and Technologies (SACMAT),
    San Antonio, Texas, USA, May 15-17, 2024
    (PDF) (BibTex) (Website)
  5. SpaceMediator: Leveraging Authorization Policies to Prevent Spatial and Privacy Attacks in Mobile Augmented Reality
    Luis Claramunt, Carlos E. Rubio-Medrano, Jaejong Baek, and Gail-Joon Ahn
    The 28th ACM Symposium on Access Control Models and Technologies (SACMAT),
    Trento, Italy, June 7-9, 2023
    (PDF) (BibTex)
  6. DyPolDroid: Protecting Against Permission-Abuse Attacks in Android (Extended Version)
    Carlos E. Rubio-Medrano, Pradeep Kumar Duraisamy Soundrapandian, Matthew Hill, Luis Claramunt, Jaejong Baek, Geetha S, and Gail-Joon Ahn
    Information Systems Frontiers Journal, Special Issue on Secure Knowledge Management in the Age of Artificial Intelligence,
    February, 2022
    (PDF) (BibTex)
  7. DyPolDroid: Protecting Users and Organizations from Permission-Abuse Attacks in Android
    Carlos E. Rubio-Medrano, Matthew Hill, Luis Claramunt, Jaejong Baek, and Gail-Joon Ahn
    The International Conference on Secure Knowledge Management in the Artificial Intelligence Era (SKM 2021),
    San Antonio, Texas, USA, October 8-9, 2021
    (PDF) (BibTex)
  8. Proactive Risk Assessment for Preventing Attribute-Forgery Attacks to ABAC Policies
    Carlos E. Rubio-Medrano, Luis Claramunt, Shaishavkumar Jogani and Gail-Joon Ahn
    The 25th ACM Symposium on Access Control Models and Technologies (SACMAT),
    Barcelona, Spain, June 10-12, 2020
    (PDF) (BibTex)
  9. Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies
    Carlos E. Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao and Gail-Joon Ahn
    The 24th ACM Symposium on Access Control Models and Technologies (SACMAT),
    Toronto, Canada, June 3-6, 2019
    (PDF) (BibTex)
  10. Towards Effective Verification of Multi-Model Access Control Properties
    Bernhard J. Berger, Christian Maeder, Rodrigue Wete Nguempnang, Karsten Sohr, and Carlos E. Rubio-Medrano
    The 24th ACM Symposium on Access Control Models and Technologies (SACMAT),
    Toronto, Canada, June 3-6, 2019
    (PDF) (BibTex)
  11. RiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies
    Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn
    3rd ACM Workshop on Attribute-based Access Control (ABAC), in conjuction with CODASPY 2018,
    Tempe, AZ, USA, March 21, 2018
    (PDF) (BibTex)
  12. Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control
    Carlos E. Rubio-Medrano, Josephine Lamp, Adam Doupé, Ziming Zhao and Gail-Joon Ahn
    2017 Workshop on Moving Target Defense, in conjuction with CCS 2017,
    Dallas, TX, USA, October 30, 2017
    (PDF) (BibTex)
  13. Towards a Moving Target Defense Approach for Attribute-based Access Control
    Carlos E. Rubio-Medrano, Josephine Lamp, Marthony Taguinod, Adam Doupé, Ziming Zhao and Gail-J. Ahn
    1st ACM Workshop on Attribute-based Access Control (ABAC),
    New Orleans, LA, USA, March 11, 2016
    (PDF) (BibTex)
  14. Federated Access Management for Collaborative Network Environments: Framework and Case Study
    Carlos E. Rubio-Medrano, Ziming Zhao, Adam Doupé and Gail-J. Ahn
    ACM Symposium on Access Control Models and Technologies (SACMAT),
    Vienna, Austria, June 1-4, 2015
    (PDF) (BibTex)
  15. Secure Collaborations with Attribute-based Access Control
    Carlos E. Rubio-Medrano, Clinton D'Souza and Gail-J. Ahn
    IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom),
    Austin, TX, USA, October 20-23, 2013.
    (PDF) (BibTex)

Publications: Cyber Physical Systems

  1. PendingMutent: An Authorization Framework for Preventing PendingIntent Attacks in Android-based Mobile Cyber-Physical Systems,
    Pradeepkumar D S, Carlos Rubio-Medrano, Jaejong Baek and Geetha S
    The ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS 2025), organized in conjunction with the 15th ACM Conference on Data and Application Security and Privacy (CODASPY 2025),
    June 6, 2025, Pittsburgh, Pennsylvania, USA
    (PDF) (Website)
  2. Fly-ABAC: Attribute Based Access Control for the Navigation of Unmanned Aerial Vehicles
    Wynter Japp, Victoria Lee, Sai Avinash Vagicherla, and Carlos Rubio-Medrano
    The Symposium for Undergraduate Research in Data Science, Systems, and Security (REU Symposium 2024) collocated at the IEEE BigData 2024 Conference, December 15, 2024, Washington, DC, USA
    (Website) (BibTex)
  3. By the Numbers: Towards Standard Evaluation Metrics for Programmable Logic Controllers' Defenses
    Efrén López Morales, Jacob Hopkins, Alvaro A. Cardenas, Ali Abbasi, and Carlos Rubio-Medrano
    The 2024 Workshop on Re-design Industrial Control Systems with Security (RICSS'24), October 14-18, 2024, Salt Lake City, UT, USA.
    (PDF) (BibTex) (Website)
  4. ICSNet: A Hybrid-Interaction Honeynet for Industrial Control Systems
    Luis Salazar, Efrén López Morales, Juan Lozano, Carlos E. Rubio-Medrano, and Alvaro Cardenas
    The 6th Workshop on CPS and IoT Security (CPSIoTSec 2024), co-located with the ACM Conference on Computer and Communications Security (CCS 2024), Salt Lake City, UT, October 14-18, 2024.
    (PDF) (BibTex) (Website)
  5. SoK: Security of Programmable Logic Controllers
    Efrén López Morales, Carlos E. Rubio-Medrano, Alvaro Cardenas, and Ali Abbasi
    The 33rd Usenix Security Symposium (USENIX 2024),
    Philadelphia, PA, USA, August 14-16, 2024.
    (PDF) (BibTex) (Website)
  6. No-Fly-Zone: Regulating Drone Fly-Overs Via Government and User-Controlled Authorization Zones
    Abdullah Kamal, Jeremy Vidaurri, and Carlos Rubio-Medrano
    The Twenty-fourth International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing (MobiHoc '23) October 23-26, 2023, Washington, DC, USA.
    (Website) (BibTex)
  7. Toward Automated Enforcement of Cyber-Physical Security Requirements for Energy Delivery Systems
    Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn
    The IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS),
    Virtual Event, December 3, 2020.
    (PDF) (BibTex)
  8. ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems (Extended Version)
    Josephine Lamp, Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn
    ACM Digital Threats: Research and Practice (DTRAP),
    Journal, December 31, 2020.
    (PDF) (BibTex)
  9. HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems
    Efrén López Morales, Carlos E. Rubio-Medrano, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang Tiffany Bao and Gail-Joon Ahn
    The ACM Conference on Computer and Communications Security (CCS) 2020,
    Virtual Event, November 9-13, 2020.
    (PDF) (BibTex)
  10. ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems
    Josephine Lamp, Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn
    The 7th IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES 2019),
    Montreal, Canada, April 15th, 2019
    (PDF) (BibTex)
  11. ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems
    Josephine Lamp, Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn
    The 7th IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES 2019),
    Montreal, Canada, April 15th, 2019
    (PDF) (BibTex)
  12. EDSGuard: Enforcing Network Security Requirements for Energy Delivery Systems
    Vu Coughlin, Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn
    IEEE International Conference on Communications, Control and Computing Technologies for Smart Grids (SmartGridComm 2018) (To Appear),
    Aalborg, Denmark, October 29 - November 1, 2018
    (PDF) (BibTex)
  13. OntoEDS: Protecting Energy Delivery Systems by Collaboratively Analyzing Security Requirements
    Josephine Lamp, Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn
    3rd IEEE International Conference on Collaboration and Internet Computing,
    San Jose, CA, USA, October 15-17, 2017
    (PDF) (BibTex)
  14. Towards Adaptive and Proactive Security Assessment for Energy Delivery Systems
    Josephine Lamp, Carlos E. Rubio-Medrano, Ziming Zhao and Gail-J. Ahn
    2017 Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES),
    Pittsburgh, PA, USA, April 21, 2017
    (PDF) (BibTex)

Publications: Software Verification and Validation

  1. Asserting Frame Properties
    Yoonsik Cheon, Bozhen Liu, and Carlos E. Rubio-Medrano
    The 19th International Conference on Software Technologies (ICSOFT),
    SciTePress, Pages 145-152, 2024
    (PDF) (BibTex)
  2. Pairing Human and Artificial Intelligence: Enforcing Access Control Policies with LLMs and Formal Specifications
    Carlos E. Rubio-Medrano, Akask Kotak, Wenlu Wang, and Karsten Sohr
    The 29th ACM Symposium on Access Control Models and Technologies (SACMAT),
    San Antonio, Texas, USA, May 15-17, 2024
    (PDF) (BibTex) (Website)
  3. Achieving Security Assurance with Assertion-based Application Construction (Extended Version)
    Carlos E. Rubio-Medrano, Gail-J. Ahn and Karsten Sohr
    EAI Endorsed Transactions on Collaborative Computing,
    Special Issue of TrustCol 2014,
    European Alliance for Innovation, September 2015
    (PDF) (BibTex)
  4. Achieving Security Assurance with Assertion-based Application Construction
    Carlos E. Rubio-Medrano, Gail-J. Ahn and Karsten Sohr
    IEEE International Workshop on Trusted Collaboration (TrustCol),
    In conjuction with IEEE CollaborateCom,
    Miami, Florida, USA, October 22, 2014
    (PDF) (BibTex)
  5. Verifying Access Control Properties with Design by Contract
    Carlos E. Rubio-Medrano, Gail-J. Ahn and Karsten Sohr
    IEEE International Computer Software and Applications Conference (COMPSAC),
    Kyoto, Japan, July 22-26, 2013.
    (PDF) (BibTex)
  6. Access Control Contracts for Java Program Modules
    Carlos E. Rubio-Medrano and Yoonsik Cheon
    IEEE International Workshop on Security, Trust, and Privacy for Software Applications (STPSA),
    Seoul, Korea, July 19-23, 2010.
    (PDF) (BibTex)
  7. Architectural Assertions: Checking Architectural Constraints at Run-Time
    Hyotaeg Jung, Carlos E. Rubio-Medrano, Eric Wong, and Yoonsik Cheon
    The 6th International Workshop on System and Software Architectures,
    Published in Proceedings of SERP 2007, Volume II, pages 604-607,
    Las Vegas, Nevada, USA, June 25-28.
    (PDF) (BibTex)
  8. Random Test Data Generation for Java Classes Annotated with JML Specifications
    Yoonsik Cheon and Carlos E. Rubio-Medrano
    In Proceedings of the 2007 International Conference on Software Engineering Research and Practice,
    Volume II, pages 385-392,
    Las Vegas, Nevada, USA, June 25--28, 2007.
    (PDF) (BibTex)
  9. A Formal Specification in JML of the Java Security Package
    Poonam Agarwal, Carlos E. Rubio-Medrano, Yoonsik Cheon, and Patricia J. Teller
    Advances and Innovations in Systems, Computing Science, and Software Engineering,
    pages 363-368, Springer, 2007.
    (PDF) (BibTex)

Publications: Cybersecurity, Privacy, and Interdisciplinary Topics

  1. Towards Capable and Secure Autonomous Computer-Use Agents (Student Abstract)
    Malak Mahdy and Carlos E. Rubio-Medrano
    The 40th Annual AAAI Conference on Artificial Intelligence (AAAI-26)
    Singapore, January 20-27, 2026
    (PDF) (BibTex)
  2. Beyond the Chatbox: An Exploratory Case Study of Autonomous Computer-Use Agents
    Malak Mahdy and Carlos E. Rubio-Medrano
    The First International Workshop on Agentic Intelligence: Risks, Ethics, and Trust (AIRET)
    Pittsburgh, PA, November 11-14, 2025
    (PDF) (BibTex)
  3. Vision: The Price Should Be Right: Exploring User Perspectives on Data Sharing Negotiations
    Jacob Hopkins, Carlos E. Rubio-Medrano, and Cori Faklaris
    Symposium on Usable Security and Privacy (USEC) 2025, co-organized with the Network and Distributed System Security (NDSS) Symposium 2025
    (To Appear), February 2025,
    (Website) (BibTex)
  4. Aeroelastic force prediction via temporal fusion transformers
    Miguel Cid Montoya, Ashutosh Mishra, Sumit Verma, Omar A. Mures, and Carlos E. Rubio-Medrano
    Computer-Aided Civil and Infrastructure Engineering (CACAIE)
    Volume 39, Issue 24, December 2024,
    (Website) (BibTex)
  5. On the cybersecurity of smart structures under wind
    Miguel Cid Montoya, Carlos E. Rubio-Medrano, and Ahsan Kareem
    Journal of Wind Engineering and Industrial Aerodynamics
    Volume 251, August 2024,
    (PDF) (BibTex) (Website)
  6. SecureCheck: User-Centric and Geolocation-Aware Access Mediation Contracts for Sharing Private Data
    Jacob Hopkins and Carlos E. Rubio-Medrano
    The 29th ACM Symposium on Access Control Models and Technologies (SACMAT),
    San Antonio, Texas, USA, May 15-17, 2024
    (PDF) (BibTex) (Website)
  7. A First Look at Cybersecurity of Structures Under Wind
    Miguel Cid Montoya, Carlos E. Rubio-Medrano, and Ahsan Kareem.
    The 16th International Conference on Wind Engineering (16ICWE),
    Florence, Italy, August 27-31, 2023
    (PDF) (BibTex)
  8. Flawed, but like democracy we don't have a better system: The Experts' Insights on the Peer Review Process of Evaluating Security Papers
    Ananta Soneji, Faris Bugra Kokulu, Carlos E. Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili and Adam Doupé
    The 2022 IEEE Symposium on Security and Privacy (S&P),
    San Francisco, CA, USA, 2022
    (PDF) (BibTex)
  9. Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service
    The 30th Usenix Security Symposium (USENIX 2021),
    Vancouver, Canada, August 11-13, 2021
    (PDF) (BibTex)
  10. Understanding and Detecting Private Interactions in Underground Forums
    Eric Sun, Ziming Zhao, Carlos E. Rubio-Medrano, Tiffany Bao and Gail-Joon Ahn
    The 9th ACM Conference on Data and Application Security and Privacy (CODASPY 2019),
    Dallas, Texas, USA, March 25 - 27, 2019
    (PDF) (BibTex)
  11. The Danger of Missing Instructions: A Systematic Analysis of Security Requirements for MCPS
    Josephine Lamp, Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn
    3rd International IEEE/ACM Conference on Connected Health: Applications, Systems and Engineering Technologies: CHASE-MedSPT 2018,
    Washington, DC, USA, September 26-28, 2018
    (PDF) (BibTex)

Teaching Experience