The People

Dr Rocky K.C. CHANG, Associate Professor
Lab Director
Dr Rocky K.C. CHANG, Associate Professor
BSc(Virginia Poly); MSc, MEng, PhD(Rensselaer); MIEEE; MACM

Dr Rocky Chang’s research is devoted to the Internet infrastructure and security domain. In particular, he and his team work on network and quality-of-experience measurement, network security and privacy, and network operations and management problems. Besides the CSPL, he also leads a research group on Internet Services Monitoring and Diagnostics in the Division of Smart Cities under PolyU’s Research Institute for Sustainable Urban Development. His recent research activities are generously supported by Huawei Technologies Ltd., Innovation Technology Fund, and The Joint Universities Computer Centre. He was awarded the First Runner-Up in the Faculty of Engineering’s Best Teacher Award in 2001, the Faculty’s Industrial and Engineering Services Grant Achievement Awards in 2011 and 2012, and the Most Active New Consultant Award (Merit) in 2014. He is a member of IEEE and ACM.

Selected publications
  • Peng Zhou, Rocky K. C. Chang, Xiaojing Gu, Minrui Fei and Jianying Zhou, “Magic Train: Design of Measurement Methods Against Bandwidth Inflation Attacks,” IEEE Trans. Dependable and Secure Computing, Dec. 2015.
  • Daoyuan Wu and Rocky K. C. Chang, “Indirect File Leaks in Mobile Applications,” Proc. Mobile Security Technologies (MoST), May 2015.
  • Peng Zhou, Xiaojing Gu, and Rocky K.C. Chang, “Harvesting File Download Exploits in the Web: A Hacker’s View,” The Computer Journal, Sept. 2015.
  • Daoyuan Wu and Rocky K. C. Chang, “Analyzing Android Browser Apps for file:// Vulnerabilities,” Proc. ISC, Oct. 2014.
  • Rocky K. C. Chang, “Defending Against Flooding-Based, Distributed Denial-of-Service Attacks: A Tutorial,” IEEE Communications Magazine (A Special Issue on Telecommunication Network Security), vol. 40, no. 10, pp. 42-51, 2002.
  • King P. Fung and Rocky K. C. Chang, “A Transport-Level Proxy for Secure Multimedia Streams,” IEEE Internet Computing (A Special Issue on Widely Deployed Security Solutions), pp. 57-67, Nov./Dec., 2000.
Dr Bin XIAO, Associate Professor
Lab Member
Dr Bin XIAO, Associate Professor
BSc, MSc(Fudan); PhD(UT Dallas)

Dr Bin Xiao is an associate professor in the Department of Computing in The Hong Kong Polytechnic University. He received the BSc and MSc degrees in Electronics Engineering from Fudan University, China, and PhD degree in Computer Science from University of Texas at Dallas, USA. After his PhD graduation, he joined The Hong Kong Polytechnic University as an assistant professor. Currently, he is the associate editor of Journal of Parallel and Distributed Computing (JPDC), a senior member of the IEEE and a member of the ACM.

Selected publications
  • K. Bu, X. Liu, J. Luo, B. Xiao and G. Wei, “Unreconciled Collisions Uncover Cloning Attacks in Anonymous RFID Systems”, IEEE Transactions on Information Forensics and Security (TIFS), Vol. 8, No. 3, March 2013, pages: 429-439.
  • Yong Tang, Bin Xiao and Xicheng Lu, “Signature Tree Generation for Polymorphic Worms”, IEEE Transactions on Computers (TC), Volume 58, Issue 4, April 2011, pp. 565 - 579.
  • Bin Xiao, Bo Yu, and Chuanshan Gao, “Detection and Localization of Sybil Nodes in VANETs”, in 2nd ACM/SIGMOBILE Workshop on Dependability Issues in Wireless Ad Hoc Networks and Sensor Networks (DIWANS 2006), in conjunction with MobiCom 2006, pp. 1-8, Los Angeles - USA, September 25, 2006.
  • S. Gao, Z. Peng, B. Xiao, and Y. Song, “Secure and Energy Efficient Prefetching Design for Smartphones”, in Proc. of the IEEE International Conference on Communications (ICC-2016), Kuala Lumpur, Malaysia, 23-27 May 2016.
  • X. Liu, B. Xiao, K. Li, J. Wu, A. Liu, H. Qi and X. Xie, “RFID Cardinality Estimation with Blocker Tags”, in Proc. of the IEEEINFOCOM 2015, Hong Kong, China, April 2015, pp. 1679 - 1687.
  • B. Yu, C.-Z. Xu, and B. Xiao, “Detecting Sybil attacks in VANETs”, Journal of Parallel and Distributed Computing (JPDC - Elsevier), Volume 73, Issue 6, June 2013, Pages 746-756.
Dr Allen M.H. AU, Assistant Professor
Lab Member
Dr Allen M.H. AU, Assistant Professor
BEng, MPhil(CUHK); PhD(Wollongong); MIEEE

Dr Allen Au is an assistant professor at the Department of Computing, The Hong Kong Polytechnic University (PolyU). He obtained his bachelor (2003) and master (2005) degrees in the Department of Information Engineering, The Chinese University of Hong Kong (CUHK). He received his PhD from the University of Wollongong (UOW) in 2009. Before joining PolyU in July 2014, he was a lecturer with the School of Computer Science and Software Engineering (SCSSE), University of Wollongong, Australia. Dr. Au’s research interests include information security and privacy, applied cryptography, electronic payment and crypto-currencies. He has authored over 90 publications and participated as a program committee member in more than 30 international conferences in these areas. He is a program committee co-chair of the 8th International Conference on Network and System Security and the 9th International Conference on Provable Security. He is an associate editor of the Journal of Information Security and Applications, Elsevier.

Selected publications
  • Joseph K. Liu, M.H. Au, Xinyi Huang, Rongxing Lu and Jin Li, “Fine-Grained Two-Factor Access Control for Web-based Cloud Computing Services”, IEEE Transaction on Information Forensics and Security (TIFS) 11(3): 484-497, 2015
  • Yang Wang, Man Ho Au and Willy Susilo, “Revisiting Optimistic Fair Exchange based on Ring Signatures”, IEEE Transactions on Information Forensics and Security (TIFS) 9(11): 1883 - 1892 (2014).
  • Man Ho Au, Joseph K. Liu, Willy Susilo and Jianying Zhou, “Realizing Fully Secure Unrestricted ID-based Ring Signature in the Standard Model Based on HIBE”, IEEE Transactions on Information Forensics and Security (TIFS) 8(12): 1909-1922 (2013).
  • Man Ho Au and Apu Kapadia, “PERM: Practical Reputation Based Blacklisting without TTPs”, The 19th ACM Computer and Communications Security Conference (ACM CCS 2012)
  • Man Ho Au, A. Kapadia and W. Susilo, “BLACR: TTP-Free Blacklistable Anonymous Credentials with Reputation”, The 19th Annual Network & Distributed System Security Symposium (NDSS 2012)
  • Man Ho Au, Patrick P. Tsang and Apu Kapadia, “PEREA: Practical TTP-Free Revocation of Repeatedly Misbehaving Anonymous Users”, ACM Transactions on Information and System Security (TISSEC), volume 14 issue 4, Article No.: 29, December 2011, ACM (2011).
Dr Daniel Xiapu LUO, Research Assistant Professor
Lab Member
Dr Daniel Xiapu LUO, Research Assistant Professor
BSc, MSc(Wuhan); PhD[PolyU(H.K.)]; MIEEE

Dr Daniel Luo’s research focuses on system and network security. He and his group members have been constructing various innovative systems to address real threats in cyberspaces, such as malware analysis, vulnerability discovery, Botnet identification, and DDoS detection, etc. Some systems have been released as open source tools or circulated among research groups. His work appears in not only top academic venues but also well-known hacking conferences. His research is generously supported by GRF/ECS, ITF, NSFC, and Tencent Inc., etc. He received an Award of Excellence for the CCF-Tencent Joint Research Grant, and the Best Student Paper Award from the 22nd IFIP International Information Security Conference (IFIP SEC). Dr Luo is currently a research assistant professor at the Department of Computing, The Hong Kong Polytechnic University. He received his PhD from the same department and was a postdoctoral fellow in the Institute for Information Security & Privacy at Georgia Institute of Technology.

Selected publications
  • Le Yu, Xiapu Luo, Xule Liu, and Tao Zhang, “Can We Trust the Privacy Policies of Android Apps?”, Proc. 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016.
  • Yueqian Zhang, Xiapu Luo, and Haoyang Yin, “DexHunter: Toward Extracting Hidden Code from Packed Android Applications”, Proc. 20th European Symposium on Research in Computer Security (ESORICS), 2015.
  • Chenxiong Qian, Xiapu Luo, Le Yu, and Guofei Gu, “VulHunter: Towards Discovering Vulnerabilities in Android Applications”, IEEE Micro, 35(1), 2015.
  • Chenxiong Qian, Xiapu Luo, Yuru Shao, and Alvin Chan, “On Tracking Information Flows through JNI in Android Applications”, Proc. 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2014.
  • Lei Xue, Xiapu Luo, Edmond Chan, and Xian Zhan, “Towards Detecting Target Link Flooding Attack”, Proc. 28th USENIX Large Installation System Administration Conference (LISA), 2014.
  • Junjie Zhang, Roberto Perdisci, Wenke Lee, Xiapu Luo, and Unum Sarfraz, “Building A Scalable System For Stealthy P2P-Botnet Detection”, IEEE Transactions on Information Forensics and Security (TIFS), 9(1), 2014.