My research interests involve security and privacy and its interactions with system, networking, machine learning, and human-computer interaction. My current research focuses on developing new technologies for protecting user privacy, particularly in the areas of mobile systems and Internet of Things. My previous work about mobile and web security and privacy have been adopted by Google (Chrome HTML5 privacy), Facebook (flaw analysis for web services, authentication protection), Microsoft (login protection), Samsung (mobile app security), Evernote (OAuth security), Dropbox (OAuth security), and others.
Security and Privacy
SmartAuth: User-Centered Authorization for the Internet of Things 26th USENIX Security Symposium (USENIX Security), 2017
IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks 38th IEEE Symposium on Security and Privacy (Oakland), 2017
All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API 35th IEEE Symposium on Security and Privacy (Oakland), 2014
OAuth Demystified for Mobile Application Developers 21st ACM Conference on Computer and Communications Security (CCS), 2014