I am a Ph.D. student in the Department of Computer Science at Purdue University. I work under the supervision of Dr. Z. Berkay Celik and am part of PurSec Lab. My research interests broadly lie in the areas of usable security & privacy, and human-computer interaction, primarily focusing on extended reality (XR) systems.

XR applications offer a higher level of immersion enabled by various interaction techniques (e.g., eye gaze, hand gestures), 360° view, haptic feedback, etc. Various sensors (e.g., IMU, depth sensors) are deployed in these devices to support this heightened immersion. Consequently, XR applications are being widely adopted in fields such as education, medicine, military, and e-commerce, beyond gaming.

However, the accessibility of these platforms to a wide variety of users, along with the types and volume of data collected through sensors, creates opportunities for attackers to exploit immersive features and manipulate users into actions that compromise their security and privacy. Furthermore, given the challenges in developing XR applications, there is a risk that developers might unwittingly introduce vulnerabilities.

Therefore, my research combines user-centered mixed-method approaches, comprising both qualitative and quantitative studies, to understand the impact of these threats on end-users and developers of XR systems. Additionally, I employ system design, signal processing, computer vision, and machine learning techniques to propose solutions for safeguarding users’ privacy on these immersive platforms.

Updates

• [March 2025] Our work on securing user interactions in WebXR has been accepted for presentation at HumanSys 2025.

• [March 2025] We received a bug bounty award from Meta for our collaborative work with Iowa State University on GPU-based side-channel vulnerabilities.

• [March 2025] I gave a guest lecture in Purdue’s CS 361 course on ‘Introduction to XR and Security & Privacy Challenges’.

• [January 2025] I have received an internship offer from Meta and will be in Seattle during Summer’25.

• [Januray 2025] Our work about WebXR security was accepted in USENIX Security’25.