Security and Privacy, Cyber-Physical System, Machine Learning, Human-Computer Interaction
My research interests involve security and privacy and its interactions with system, networking, machine learning, and human-computer interaction. My current research focuses on developing new technologies for protecting user privacy, particularly in the areas of mobile systems and Internet of Things. My previous work about mobile and web security and privacy have been adopted by Google (Chrome HTML5 privacy), Facebook (flaw analysis for web services, authentication protection), Microsoft (login protection), Samsung (mobile app security), Evernote (OAuth security), Dropbox (OAuth security), and others.
Awards
Google Research Scholar Award2021
NSF CAREER Award2020
Amazon Faculty Research Award 2019
NSF CRII Award2019
CSAW Best Paper Award 3rd Place 2019
Research Interests
Security and Privacy
Cyber-Physical System
Machine Learning
Human-Computer Interaction
Selected Publications
Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems 40th IEEE Symposium on Security and Privacy (Oakland), 2019
Demystifying Hidden Privacy Settings in Mobile Apps 40th IEEE Symposium on Security and Privacy (Oakland), 2019
SmartAuth: User-Centered Authorization for the Internet of Things 26th USENIX Security Symposium (USENIX Security), 2017
IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks 38th IEEE Symposium on Security and Privacy (Oakland), 2017
Run-time Monitoring and Formal Analysis of Information Flows in Chromium Network and Distributed System Security Symposium (NDSS), 2015
All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API 35th IEEE Symposium on Security and Privacy (Oakland), 2014
OAuth Demystified for Mobile Application Developers 21st ACM Conference on Computer and Communications Security (CCS), 2014