A5036446600- Advanced Malware Detection Techniques
- Security and Verification in Computing
- Network Security and Intrusion Detection
- Digital and Cyber Forensics
- Spam and Phishing Detection
- Web Application Security Vulnerabilities
- Privacy, Security, and Data Protection
- IoT and Edge/Fog Computing
- Software Testing and Debugging Techniques
- User Authentication and Security Systems
- Software Engineering Research
- Cloud Data Security Solutions
- Information and Cyber Security
- Green IT and Sustainability
- Internet Traffic Analysis and Secure E-voting
- Diamond and Carbon-based Materials Research
- Advanced Data Storage Technologies
- Misinformation and Its Impacts
- Formal Methods in Verification
- Sexuality, Behavior, and Technology
- Scientific Computing and Data Management
- Privacy-Preserving Technologies in Data
- Cryptography and Data Security
- Radiation Effects in Electronics
- Physical Unclonable Functions (PUFs) and Hardware Security
Indiana University Bloomington
2014-2024
Alibaba Group (United States)
2024
Sun Yat-sen University
2024
Fudan University
2024
Indiana University
2013-2018
The University of Texas at Dallas
2018
Georgia Institute of Technology
2018
Computer Network Information Center
2010
To adapt to the rapidly evolving landscape of cyber threats, security professionals are actively exchanging Indicators Compromise (IOC) (e.g., malware signatures, botnet IPs) through public sources (e.g. blogs, forums, tweets, etc.). Such information, often presented in articles, posts, white papers etc., can be converted into a machine-readable OpenIOC format for automatic analysis and quick deployment various mechanisms like an intrusion detection system. With hundreds thousands wild, IOC...
Android is a fast evolving system, with new updates coming out one after another. These often completely overhaul running replacing and adding tens of thousands files across Android's complex architecture, in the presence critical user data applications (apps for short). To avoid accidental damages to such existing apps, upgrade process involves complicated program logic, whose security implications, however, are less known. In this paper, we report first systematic study on updating...
With the progress in mobile computing, web services are increasingly delivered to their users through apps, instead of browsers. However, unlike browser, which enforces origin-based security policies mediate interactions between content from different sources, today's OSes do not have a comparable mechanism control cross-origin communications as well those an app and web. As result, user's sensitive resources could be exposed harms malicious origin. In this paper, we report first systematic...
With the increasing popularity of Internet Things (IoT), many IoT cloud platforms have emerged to help manufacturers connect their devices users. Serving device-user communication is general messaging protocol deployed on platforms. Less clear, however, whether such protocols, which are not designed work in adversarial environment IoT, introduce new risks. In this paper, we report first systematic study protection major clouds (e.g., AWS, Microsoft, IBM) put place for arguably most popular -...
Promotional infection is an attack in which the adversary exploits a website's weakness to inject illicit advertising content. Detection of such challenging due its similarity legitimate activities. An interesting observation we make our research that almost always incurs great semantic gap between infected domain (e.g., university site) and content it promotes selling cheap viagra). Exploiting this gap, developed semantic-based technique, called Semantic Inconsistency Search (SEISE), for...
Push messaging is among the most important mobile-cloud services, offering critical supports to a wide spectrum of mobile apps. This service needs coordinate complicated interactions between developer servers and their apps in large scale, making it error prone. With its importance, little has been done, however, understand security risks service. In this paper, we report first analysis on those push-messaging which reveals pervasiveness subtle yet significant flaws them, affecting billions...
As a critical feature for enhancing user experience, cross-app URL invocation has been reported to cause unauthorized execution of app components. Although protection already put in place, little done understand the security risks navigating an app's WebView through URL, legitimate need displaying UI during interactions. In our research, we found that current design such cross-WebView navigation actually opens door remote infection, allowing adversary spread malicious web content across...
App-in-app is a new and trending mobile computing paradigm in which native app-like software modules, called sub-apps, are hosted by popular apps such as Wechat, Baidu, TikTok Chrome, to enrich the host app's functionalities form an "all-in-one app" ecosystem. Sub-apps access system resources through host, their come close regular (taking photos, recording voices, banking, shopping, etc.). Less clear, however, whether app, typically third-party capable of securely managing sub-apps...
On modern operating systems, applications under the same user are separated from each other, for purpose of protecting them against malware and compromised programs. Given complexity today's OSes, less clear is whether such isolation effective different kind cross-app resource access attacks (called XARA in our research). To better understand problem, on less-studied Apple platforms, we conducted a systematic security analysis MAC OS~X iOS. Our research leads to discovery series high-impact...
With the popularity of today's usability-oriented designs, dubbed Zero Configuration or ZeroConf, unclear are security implications these automatic service discovery, "plug-and-play" techniques. In this paper, we report first systematic study on issue, focusing features systems related to Apple, major proponent ZeroConf Our research brings light a disturbing lack consideration in systems' designs: frameworks Apple platforms, including Core Bluetooth Framework, Multipeer Connectivity and...
The recent wave of in-browser cryptojacking has ebbed away, due to the new updates mainstream cryptocurrrencies, which demand level mining resources browsers cannot afford. As replacements, resource-rich, loosely protected free Internet services, such as Continuous Integration (CI) platforms, have become attractive targets. In this paper, we report a systematic study on real-world illicit cryptomining public CI platforms (called Cijacking). Unlike cryptojacking, Cijacks masquerade jobs and...
To use library APIs, a developer is supposed to follow guidance and respect some constraints, which we call integration assumptions (IAs). Violations of these can have serious consequences, introducing security-critical flaws such as use-after-free, NULL-dereference, authentication errors. Analyzing program for compliance with IAs involves significant effort needs be automated. A promising direction automatically recover from document using Natural Language Processing (NLP) then verify their...
An IoT device today can be managed through different channels, e.g., by its manufacturer's app, or third-party channels such as Apple's Home a smart speaker. Supporting each channel is management framework integrated in the and provided parties. For example, that integrates Apple HomeKit app. We call of this kind, including all device- cloud-side components, (DMC). 4 DMCs are widely today's devices along with own DMC: HomeKit, Zigbee/Z-Wave compatible DMC, smart-speaker Seamless DMC. Each...
Emerging IoT clouds are playing a more important role in modern lives, enabling users/developers to program applications make better use of smart devices. However, preliminary research has shown cloud vulnerabilities could expose users security risks. To understand the problem, we studied SmartThings cloud, one most popular platforms that support user-defined device automation (SmartApps). Specifically, found new allow attackers fake events trigger SmartApps operate devices (e.g., open...
The popularity of cloud hosting services also brings in new security challenges: it has been reported that these are increasingly utilized by miscreants for their malicious online activities. Mitigating this emerging threat, posed such "bad repositories" (simply Bar), is challenging due to the different strategy traditional service, lack direct observations repositories those outside cloud, reluctance provider scan its customers' without consent, and unique evasion strategies employed...
Modern IoT device manufacturers are taking advantage of the managed Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) clouds (e.g., AWS IoT, Azure IoT) for secure convenient development/deployment. The access control is achieved by manufacturer-specified, cloud-enforced policies (cloud-standard JSON documents, called Policies) stating which users can devices/resources under what constraints. In this paper, we performed a systematic study on security cloud-based modern...