USA Bulgaria Freebies Health Empty World

Resume  Publications

Tweet to @hbojinov

NOTE: Code and examples on 3D printing posted in the Freebies section.


Over the years I have built a number of exercises in math for elementary school grades. Last year I made a resolution to put them up online and now anyone can access them from a desktop browser or a mobile device. Particularly useful with kids at a restaurant while waiting for food. Try the "Test" feature if you want 20 questions with a measurable outcome. Use the "Settings" screen to pick which drill types to show and to view reports on past tests. Educators: Let me know if you would like to use this tool for your own mini-tests. Happy to provide access if you want to contribute content.

(TIP: you can also add this website as an app icon on your mobile device. You can do this from your browser's toolbar, e.g. via the sharing button on iOS or "Add to Home Screen" on Android.)

Innit has been in the works for a few years now. Our goal is, simply, to revolutionize the way people interact with food. Along the way we have built some really cool technology that will be essential in the smart kitchen of the [near] future.

Innit at Pirch SOHO
Innit acquires ShopWell
Talk and Interview at GTC 2017


At Anfacto we have the privilege of working with some very talented folks, and so we set up an informal mobile app incubation program. Our goal is to build software services that make real impact in the real world. Our preference is to build services in the mobile domain, but we go beyond that whenever it makes sense. We also have the back-end muscle to deliver complete, scalable systems.

Through some of the experience, I felt I should write a memo to some of our early-career collaborators. These are things that anyone with solid management experience will know, but people early in their professional life sometimes learn too late.


Our work on sensor fingerprinting got picked up by SF Chronicle (and also in print, on Friday, October 11th, 2013), ArsTechnica, Discovery News, and other news outlets.

In other news, at Anfacto we continue a proud tradition of customizing the Android OS. Don't miss the explainer video about FleetOS!


We have been working hard on research involving the use of implicit learning of motor tasks for authentication purposes. This work was extensively featured in the media in the summer of 2012.

USENIX Security 2012 paper on designing security primitives resistant to user coercion (a.k.a. "rubber hose cryptanalysis").
Articles about this work on Schneier on Security, The Register (you know you've made it when you get called a boffin), NBC News


I have been increasingly interested in user behaviors at the intersection of security, wireless computing, and the web. In particular, Android has been an excellent, open platform for experimentation.

Android Open 2011 slides about 3LM's end-to-end Enterprise Android solution
USENIX 2011 paper about an Android web server designed with security in mind; a continuation of our earlier embedded web interface security project
WISEC 2011 paper about Address Space Layout Randomization (ASLR) for mobile devices which requires no kernel changes in the system; in addition, we discuss Crash Stack Analysis: a novel technique for centrally identifying ASLR brute-forcing attacks
HOTMOBILE 2011 paper and slides about MagKey and MicKey: experimental hardware authentication tokens using a smartphone's compass and microphone as receivers; the main advantages of the design are low cost (less than $1 per token) and low power consumption, as well as broad applicability to existing smartphones


CSET 2010 paper about Webseclab, a web security education tool I helped create
ESORICS 2010 paper about designing loss-resistant password managers; the high-order bit: it is hard to make security work around irrational human beings; the original publication will appear in the conference proceedings, at


Web servers are getting embedded in electronic appliances of all kinds: from home routers, to picture frames and IP phones. Usually the goal is to provide a familiar management interface for the devices; security is typically an afterthought. In recent work we have evaluated the security of web interfaces exposed by a broad range of consumer and enterprise hardware.

CCS 2009 paper and slides about XCS vulnerabilities and SiteFirewall, a Firefox extension that prevents XCS attacks from running to completion (this work was also featured in "Communications of the ACM", August 2010, Vol.53, No.8)
BlackHat USA 2009 briefing on Embedded Management Interfaces
Article about our embedded web interface work, on The Register


Shipping the NetApp Lifetime Key Management appliance was my responsibility: LKM 3.0 press release. My highly capable team made it all happen though.


Network Appliance completed the acquisition of Decru in August. I was proud to have been one of the original engineers for the DataFort E-series.


Back in the early post-Internet-bubble days, at Oracle we were a small team in between Apps and the DB, figuring out how to best deliver enterprise apps to mobile terminals. (NOTE: In 2013, it is amazing to find out that a piece of code I conceived, designed, and implemented more than a decade ago, the MWA Dispatcher is still alive and well.)


ICMAS 2000 paper: "Multi-agent Control of Emergent Behaviors"
ICRA 2000 paper: "Emergent Structures in Modular Self-reconfigurable Robots"

©1992-2018 Hristo Bojinov. Contact: hristo-at-bojinov-dot-org. This address is subject to change.

We will not be liable for any damages anyone suffers because of using this information. While we believe all we write is correct, there may be errors. The contents of this site are provided without any expressed or implied warranty of fitness for any purpose. Use your judgement, and use at your own risk.