PhD, Carnegie Mellon University


Research interests include:

Security and Privacy, Cyber-Physical System, Machine Learning, Human-Computer Interaction



My research interests involve security and privacy and its interactions with system, networking, machine learning, and human-computer interaction. My current research focuses on developing new technologies for protecting user privacy, particularly in the areas of mobile systems and Internet of Things. My previous work about mobile and web security and privacy have been adopted by Google (Chrome HTML5 privacy), Facebook (flaw analysis for web services, authentication protection), Microsoft (login protection), Samsung (mobile app security), Evernote (OAuth security), Dropbox (OAuth security), and others.


  • Google Research Scholar Award 2021
  • NSF CAREER Award 2020
  • Amazon Faculty Research Award 2019
  • NSF CRII Award 2019
  • CSAW Best Paper Award 3rd Place 2019

Research Interests

  • Security and Privacy
  • Cyber-Physical System
  • Machine Learning
  • Human-Computer Interaction

Selected Publications

  • Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems 40th IEEE Symposium on Security and Privacy (Oakland), 2019
  • Demystifying Hidden Privacy Settings in Mobile Apps 40th IEEE Symposium on Security and Privacy (Oakland), 2019
  • SmartAuth: User-Centered Authorization for the Internet of Things 26th USENIX Security Symposium (USENIX Security), 2017
  • IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks 38th IEEE Symposium on Security and Privacy (Oakland), 2017
  • Run-time Monitoring and Formal Analysis of Information Flows in Chromium Network and Distributed System Security Symposium (NDSS), 2015
  • All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API 35th IEEE Symposium on Security and Privacy (Oakland), 2014
  • OAuth Demystified for Mobile Application Developers 21st ACM Conference on Computer and Communications Security (CCS), 2014