Recent Papers and News
Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri.
Code Injection Attacks on HTML5-based Mobile Apps: Characterization,
Detection and Mitigation. To appear in Proceedings of the 21st ACM Conference
on Computer and Communications Security (CCS), Scottsdale, Arizona, USA.
November 3 - 7, 2014.
We have discovered a new type of attacks that can be launched against HTML5-based mobile
apps. This attack can be launched from a variety of channels.
See details from this
and our paper:
Code Injection Attacks on HTML5-based Mobile Apps. A shortened version of this paper appears
in Proceedings of the Mobile Security Technologies (MoST) workshop, May 16, 2014.
Paul Ratazzi, Yousra Aafer, Amit Ahlawat, Hao Hao, Yifei Wang, and Wenliang Du.
A Systematic Security Evaluation of Android's Multi-User Framework.
In Proceedings of the Mobile Security Technologies (MoST) workshop, May 16, 2014.
Xiao Zhang and Wenliang Du.
Attacks on Android Clipboard.
In Proceedings of the 11th Conference on Detection of Intrusions and
Malware & Vulnerability Assessment (DIMVA), Egham, UK. July 10-11, 2014.
Yifei Wang, Srinivas Hariharan, Chenxi Zhao, Jiaming Liu, Wenliang Du.
Compac: Enforce Component-Level Access Control in Android.
In Proceedings of the 4th ACM Conference on Data and Application Security and
San Antonio, TX, USA.
March 3-5, 2014.
published in CCS'03, won the prestigious
ACM CCS Test-of-Time Award in
Grants and Awards
Spreading SEEDs: Large-Scale Dissemination of Hands-on Labs for Security Education.
$827,385, 09/2014 - 08/2018, PI.
Award No. 1303306).
Develop Fine-Grained Access Control for Third-Party Components in Mobile Systems.
$521,562, 08/2013 - 07/2016, PI.
Award No. 1318814).
Collaborative: Bolstering Security Education through Transiting Research on Browser Security.
$89,878, 09/2013 - 09/2015, PI.
Award No. 1318883).
2014 Deans's Award for Excellence in Engineering Education, May 2014.
- 2013 Faculty Excellence Award from L.C.Smith College of Engineering
and Computer Science (including a $20,000 research fund).
- Security-Enhanced WebView for Android System
(Google Research Award,
$49,387, 01/2012 - 12/2012, PI). This project is primarily based on
my Ph.D. student Tongbo Luo's work.
- To Configure or to Implement, that is the Access Control Question for
Web Applications (NSF Trustworthy Computing,
$506,470, 09/2010 - 08/2013, PI.
Award No. 1017771).
SEED: Developing Instructional Laboratories for Computer
(NSF-CCLI, Type 2, $451,682, 01/2007-12/2011, PI.
Award No. 0618680).
- Applied Research - Identity Management
(JPMorgan Chase, $96,084, 1/08 - 8/08).
- Efficient and Resilient Key Management for
Wireless Sensor Networks (ARO, $360,000, 5/05-4/08, PI).
- Collaborative Research: Trustworthy and Resilient Location Discovery
in Wireless Sensor Networks
(NSF CyberTrust, $150,000, 9/04-8/07, PI).
- Collaborative Research: ITR: Distributed Data Mining to Protect
(NSF-ITR, $140,418, 8/03-7/06, PI).
- Private Prediction using Selective Models
(NSF-ITR, $220,000, 9/02-8/05, PI).
- Designing Laboratory Materials for Computer System Security Courses
Using Minix Instructional Operating System
(NSF-CCLI, Type 1, $74,984, 01/03-12/04, PI).
- VINE: Using VIrtual Network Environment
for Computer and Network Security Courses
(University Vision Fund, $5000, 01/03-12/03, PI).