Recent Papers and News
[Yousra Aafer, Nan Zhang] co-first author, Zhongwen Zhang, Xiao Zhang,
Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, and Michael Grace.
Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References.
To appear in the 22nd ACM Conference on Computer and Communications Security (CCS),
Denver, Colorado, USA. October 12-16, 2015.
Paul Ratazzi, Ashok Bommisetti, Nian Ji, and Wenliang Du.
PINPOINT: Efficient and Effective Resource Isolation for Mobile Security and Privacy.
In Proceedings of the Mobile Security Technologies (MoST) workshop, May 21, 2015.
Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri.
Code Injection Attacks on HTML5-based Mobile Apps: Characterization,
Detection and Mitigation. To appear in Proceedings of the 21st ACM Conference
on Computer and Communications Security (CCS), Scottsdale, Arizona, USA.
November 3 - 7, 2014.
We have discovered a new type of attacks that can be launched against HTML5-based mobile
apps. This attack can be launched from a variety of channels.
See details from this
and our paper:
Code Injection Attacks on HTML5-based Mobile Apps. A shortened version of this paper appears
in Proceedings of the Mobile Security Technologies (MoST) workshop, May 16, 2014.
published in CCS'03, won the prestigious
ACM CCS Test-of-Time Award in
Grants and Awards
Spreading SEEDs: Large-Scale Dissemination of Hands-on Labs for Security Education.
$827,385, 09/2014 - 08/2018, PI.
Award No. 1303306).
Develop Fine-Grained Access Control for Third-Party Components in Mobile Systems.
$521,562, 08/2013 - 07/2016, PI.
Award No. 1318814).
Collaborative: Bolstering Security Education through Transiting Research on Browser Security.
$89,878, 09/2013 - 09/2015, PI.
Award No. 1318883).
2014 Deans's Award for Excellence in Engineering Education, May 2014.
- 2013 Faculty Excellence Award from L.C.Smith College of Engineering
and Computer Science (including a $20,000 research fund).
- Security-Enhanced WebView for Android System
(Google Research Award,
$49,387, 01/2012 - 12/2012, PI). This project is primarily based on
my Ph.D. student Tongbo Luo's work.
- To Configure or to Implement, that is the Access Control Question for
Web Applications (NSF Trustworthy Computing,
$506,470, 09/2010 - 08/2013, PI.
Award No. 1017771).
SEED: Developing Instructional Laboratories for Computer
(NSF-CCLI, Type 2, $451,682, 01/2007-12/2011, PI.
Award No. 0618680).
- Applied Research - Identity Management
(JPMorgan Chase, $96,084, 1/08 - 8/08).
- Efficient and Resilient Key Management for
Wireless Sensor Networks (ARO, $360,000, 5/05-4/08, PI).
- Collaborative Research: Trustworthy and Resilient Location Discovery
in Wireless Sensor Networks
(NSF CyberTrust, $150,000, 9/04-8/07, PI).
- Collaborative Research: ITR: Distributed Data Mining to Protect
(NSF-ITR, $140,418, 8/03-7/06, PI).
- Private Prediction using Selective Models
(NSF-ITR, $220,000, 9/02-8/05, PI).
- Designing Laboratory Materials for Computer System Security Courses
Using Minix Instructional Operating System
(NSF-CCLI, Type 1, $74,984, 01/03-12/04, PI).
- VINE: Using VIrtual Network Environment
for Computer and Network Security Courses
(University Vision Fund, $5000, 01/03-12/03, PI).