Indistinguishability Obfuscation - Why, How and What Next

Program obfuscation is the transformation of a computer program into a form that is executable, but at the same time completely unintelligible. Roughly speaking, it allows the transformation of a computing device into a piece of “trusted hardware”. We explore how program obfuscation techniques can be used to build secure applications beyond watermarking and digital right management.

Accountable Privacy-Preserving Authentication/ Accountability Anonymity

A credential is a piece of certification from some authority that certify some of our attributes. We use credentials every day for various purposes, ranging from entering public transportation system to logging into our personal computers. Some advanced systems respect user privacy by allowing unlikable use of credentials. However, users may misbehave under the name of privacy. This project aims to prevent such abuse by developing mechanisms that balance security, privacy and accountability.

Research on Provable Data Storage in Cloud Computing

Cloud computing has become increasingly popular throughout the business community due to its remote accessibility, lower costs, and quick re-provisions. While users are excited about this new computing paradigm, they are equally concerned about the security risks associated with the shift to the cloud. While the benefits of cloud computing are clear, it also introduces new challenges. As client data and computations are outsourced to the cloud, security concerns arise naturally as the cloud providers are not fully trusted. The project aims to develop mechanisms for users to detect whether or not the cloud is trying to cover up data lost incidents.

A Novel Privacy-Preserving Delegation Authorization Mechanism for Facility Sharing in Smart City IoT

In an open IoT infrastructure of smart city, the permission of shared device can be transferred among different users, such as friends or friends of friends. The conventional security mechanism is unable to control permission propagation and privacy preservation for users and owners. This project proposes a novel owner-controllable and anonymous delegation authorization mechanism for IoT facility sharing. The mechanism allows partial permission propagation under owner’s control, and provides privacy-preserving authentication and fine-grained access control. This project can be applied in many multi-users scenarios, such as the sharing of car parking, apartment, warehouse, electronic locker, exhibition room and other IoT smart devices.

Effectively Constructing Labelled Indoor Floor Plans Using Smartphones

The indoor floor plans are the critical foundations of flourishing indoor location-based services. However, even with the popular crowdsourcing approach, the wide construction of indoor floor plans has yet to be realized due to the intensive time consumption. This project proposes a novel system that enables the user to construct his own facility-labelled and highly finegrained indoor floor plans by himself. This project can be applied in many indoor scenarios, such as indoor floor plan construction in shopping mall, exhibition center, university and hospital.

Instant Reporting of Privacy Leakages from Android and iOS Apps

Many vulnerabilities that leak user’s privacy information have been identified by the research and professional communities for the last five years. The vulnerabilities are usually discovered by performing analysis at a given time. However, this information may not be available to users in a timely fashion, and it is also not clear whether the vulnerabilities are fixed in the later versions. In this project, we will develop a tool that will alert users of privacy-related information sent out by the apps on his smartphone. The tool will classify and present such information in a way that is understandable to average users.

Honeyhome: A Honeypot at Home

The number of Wi-Fi-enabled appliances and devices has been increasing rapidly for the last few years. Moreover, many of these devices are usually mobile, being used in different places, notably in our homes. Therefore, if any of these devices is infected with malwares, it could also infect other devices in our home. Currently there is no data characterizing the seriousness of this problem. In this project, we will study the security of these devices in homes by setting up a honeypot-like appliance and analyze the Wi-Fi traffic for malware and intrusion detection. The findings obtained from this study will help identify the sources of security breaches and design effective countermeasures.

Vulnerability Analysis, Attack Detection and Mitigation in the Control Plane of Software-Defined Network

The separated control and data planes in software-defined networks (SDN) introduce a more flexible way to manage and control network traffic. However, the communications between the two planes can be a bottleneck of the network, and be leveraged by an adversary to launch different kinds of attacks, e.g. data-to-control plane saturation attack and network topology disturbance. This project present a more secure SDN system with the detection scheme and newly proposed mitigation techniques to enhance the security. The secure system includes novel detouring technique to mitigate data-to-control plane saturation attack, and new authentication schema to resist network topology disturbance. This project can be applied in real-word OpenFlow networks, including data centers and enterprise networks.

A System for Automatically Generating and Checking Privacy Policies for Android Apps

A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. However, writing privacy policy is tedious and error-prone, because the author may not well understand the source code, which could be written by others (e.g., outsourcing), or does not know the internals of third-party libraries without source codes. Our system can automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android apps. Moreover, our system can spot the problems in existing Android apps’ privacy policies. The system can benefit app developers, stakeholders of app markets, and anyone who is concerned with the privacy risks from apps.

A New Static-Analysis System for Discovering Vulnerable Android Apps

With the mobile Internet’s prosperity, recent years have witnessed an unprecedented number of Android apps sold in app markets. However, short development cycles and insufficient security development guidelines have led to many vulnerable apps. For example, HP research recently found that 90 percent of apps are vulnerable. VulHunter is a new static-analysis framework to facilitate vulnerability discovery for apps by extracting detailed and precise information from apps, easing the identification process, and reducing the manual-verification workload. Applying VulHunter to 557 randomly collected apps with at least 1 million installations, we found that 375 apps (67.3%) had at least one vulnerability. Our system can benefit security companies, app developers, and anyone who worries about the security of apps.

A Cross-Layer Profiling System for Android Apps

Profiling Android apps is an important way to discover and locate various problems in apps, such as performance bottleneck, security loopholes, etc. Existing profiling systems for apps are limited in dealing with the multiplelayer nature of Android and thus cannot reveal issues due to the underlying platform or poor interactions between different layers. We propose and develop AndroidPerf, a cross-layer profiling system, including runtime layer, system layer, and kernel layer, for Android apps. AndroidPerf consists of one sub-system that performs cross-layer dynamic taint analysis to collect control and data flow information, and another subsystem that conducts instrumentation on all layers. Our system can benefit security companies, app developers, and anyone who cares about the security and/or the performance of Android apps.