Code Release & Projects

  • CURIOUS

    Code in our study on the practicality of oblivious cloud storage

  • Current Research

    Cloud and Mobile Security, and Health Informatics Security is becoming game-changers for both the academia and industry…

  • Future Research

    The Future of System Security Research: Composition Focusing and Data Centric

  • Past Research

    automatic program analysis for vulnerability detection, AI, game theory

  • Selected Projects

    Our research is supported by NSF, NIH, etc.

  • App Guardian

    An application-level protection against runtime information gathering. Install our app from Google Play

  • MassVet

    A system for a large-scale analysis of potentially-harmful apps and mobile libraries. Here are the demo and media reports of the system

Recent Publications

More Publications

. Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps. Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2018.

PDF Bib

. Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations. Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2018.

PDF Bib

. OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS. Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2018.

PDF Bib

. Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation. Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2018.

PDF Bib

. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017.

PDF Bib

. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017.

PDF Bib

. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017.

PDF Bib

Honors

  • James H. Rudy Professorship, Indiana University, 2017

  • Best Paper Award in Applied Cyber Security Research, 3rd Place, CSAW’16 (NYU- Poly Cyber Security Awareness Week): for the work on cyber threat intelligence gathering, 2016

  • Best Paper Award in Applied Cyber Security Research, 3rd Place, CSAW’14 (NYU- Poly Cyber Security Awareness Week): for the work on security risks in Android customization, 2014

  • Third place in National Security Innovation Competition: for the work on Android secure upgrading, 2014

  • Finalist for the Best Applied Security Paper Award, CSAW’13 (NYU-Poly Cyber Security Awareness Week): for the work on dedicated hosts on malicious web infrastructures, 2013

  • PET Award for my research on Genome Privacy, 2011

  • PET Award runner-up for my research on side-channel information leaks in web applications, 2011

  • Best Practical Paper Award , the 32nd IEEE Symposium on Security and Privacy, 2011

Professional Services

  • Program Co-Chair, the 25th ACM Conference on Computer and Communications Security (CCS’18)

  • Vice Chair, ACM Special Interest Group on Security, Audit and Control (SIGSAC)

  • Founding organizer (with my colleagues at IU and UCSD): iDASH Genome Privacy Challenges

  • PC member, the USENIX Security Symposium (Security’ 17)

  • Program Co-Chair, the 11th ACM Asia Conference on Computer and Communications Security (ACM AsiaCCS’16)

  • Program Chair, the 11th International Conference on Security and Privacy in Communication Networks (SecureComm’15)

  • General Chair, the 13th Privacy Enhancing Technologies Symposium (PETS’13)

  • Associate Editor, IEEE Transactions on Dependable and Secure Computing (TDSC), since December, 2014

  • Invited panelist, Security and Privacy Challenges in Health Informatics, the NSF SaTC PI meeting 2015.

  • PC member, the Annual Network and Distributed System Security Symposium (NDSS’ 13, 14, 15, 16, 17)

  • PC member, the IEEE Symposium on Security and Privacy (S&P’10, 11, 12, 13, 14)

  • PC member and Session Chair, the ACM Conference on Computer and Communication Security (CCS’08, 10, 15, 16)

  • Chair of Local arrangement committee, Chair of Regional arrangement committee, CCS’09

Recent Talks

  • 2016, Keynote at the 10th Central Area networking and Security Workshop (CANSec’16)

  • 2016, Invited seminar, Chinese University of Hong Kong 2016 Seminar talk, Northwestern University

  • 2016, Seminar talk, University of Southern California 2015 Seminar, Northeastern University

  • 2014, TRUST Security Seminar, University of California, Berkeley 2014 Invited talk. Narus Inc.

  • 2014, Seminar talk. Purdue University

  • 2013, Seminar talk. University of Maryland at College Park

  • 2013, Seminar talk. University of Texas at Austin

  • 2013, Invited talk. Chinese Academy of Sciences, China

  • 2012, Invited talk. Microsoft Faculty Summit

  • 2012, Invited talk. Computer Science Center, Shangdong Academy of Sciences, China

Teaching

  • Fall 2005~Now: I430/520/B649, “Security for Networked Systems”, An upper-level undergraduate and graduate course, IUB

  • Spring 2007~Now: I521, “Malware: Threat and Defense”, A graduate course, IUB

  • Spring 2006~2009: I231, Mathematic Foundations for Cybersecurity, A second-year undergraduate course, IUB

  • Spring 2005: I400, Introduction to Information Security, A third and forth year undergraduate course, IUB

  • Spring 2002: 18440, Internet Security, Teaching Assistant, An upper-level undergraduate and graduate course, Carnegie Mellon University

Impacts

Contact