Department of Electrical Engineering and Computer Science
Wenliang (Kevin) Du
- Professor (CV)
- Ph.D. Purdue University, 2001
- Research: Computer Security
- Department of Electrical Engineering and
- Syracuse University
- 4-206 Center for Science and Technology
- Syracuse, NY 13244-4100
Phone: (315) 443-9180, Fax: (315) 443-1122
Office: 4-285 Sci-Tech Building
Research and Education Interests
Most Recent News and Papers
Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri.
Code Injection Attacks on HTML5-based Mobile Apps: Characterization,
Detection and Mitigation. To appear in Proceedings of the 21st ACM Conference
on Computer and Communications Security (CCS), Scottsdale, Arizona, USA.
November 3 - 7, 2014
We have discovered a new type of attacks that can be launched against HTML5-based mobile
apps. This attack can be launched from a variety of channels.
See details from this web site
and our paper:
Code Injection Attacks on HTML5-based Mobile Apps. A shortened version of this paper appears
in Proceedings of the Mobile Security Technologies (MoST) workshop, May 16, 2014.
Paul Ratazzi, Yousra Aafer, Amit Ahlawat, Hao Hao, Yifei Wang, and Wenliang Du.
A Systematic Security Evaluation of Android's Multi-User Framework.
In Proceedings of the Mobile Security Technologies (MoST) workshop, May 16, 2014.
Xiao Zhang and Wenliang Du.
Attacks on Android Clipboard.
In Proceedings of the 11th Conference on Detection of Intrusions and
Malware & Vulnerability Assessment (DIMVA), Egham, UK. July 10-11, 2014.
Yifei Wang, Srinivas Hariharan, Chenxi Zhao, Jiaming Liu, Wenliang Du.
Compac: Enforce Component-Level Access Control in Android.
In Proceedings of the 4th ACM Conference on Data and Application Security and
San Antonio, TX, USA.
March 3-5, 2014.
published in CCS'03, won the prestigious
ACM CCS Test-of-Time Award in
Develop Fine-Grained Access Control for Third-Party Components in Mobile Systems.
$521,562, 08/2013 - 07/2016, PI.
Award No. 1318814).
Collaborative: Bolstering Security Education through Transiting Research on Browser Security.
$89,878, 09/2013 - 09/2015, PI.
Award No. 1318883).
- 2013 Faculty Excellence Award from L.C.Smith College of Engineering
and Computer Science (including a $20,000 research fund).
- Security-Enhanced WebView for Android System
(Google Research Award,
$49,387, 01/2012 - 12/2012, PI). This project is primarily based on
my Ph.D. student Tongbo Luo's work.
- To Configure or to Implement, that is the Access Control Question for
Web Applications (NSF Trustworthy Computing,
$506,470, 09/2010 - 08/2013, PI.
Award No. 1017771).
SEED: Developing Instructional Laboratories for Computer
(NSF-CCLI, Type 2, $451,682, 01/2007-12/2011, PI.
Award No. 0618680).
- Applied Research - Identity Management
(JPMorgan Chase, $96,084, 1/08 - 8/08).
- Efficient and Resilient Key Management for
Wireless Sensor Networks (ARO, $360,000, 5/05-4/08, PI).
- Collaborative Research: Trustworthy and Resilient Location Discovery
in Wireless Sensor Networks
(NSF CyberTrust, $150,000, 9/04-8/07, PI).
- Collaborative Research: ITR: Distributed Data Mining to Protect
(NSF-ITR, $140,418, 8/03-7/06, PI).
- Private Prediction using Selective Models
(NSF-ITR, $220,000, 9/02-8/05, PI).
- Designing Laboratory Materials for Computer System Security Courses
Using Minix Instructional Operating System
(NSF-CCLI, Type 1, $74,984, 01/03-12/04, PI).
- VINE: Using VIrtual Network Environment
for Computer and Network Security Courses
(University Vision Fund, $5000, 01/03-12/03, PI).
Invited Talks, Panels, and Tutorials
- Enhancing the Security of Mobile Devices.
Invited talks at
- Rochester Institute of Technologies (3/24/2014),
- SUNY Fredonia (3/19/2014),
- University of South Florida (2/19/2014),
- University at Buffalo, State University of New York (9/26/2013),
- Air Force Research Lab (8/14/2013),
- Syracuse Research Corporation (7/16/2013),
- Chinese Academy of Sciences (5/17/2013),
- Peking University (5/16/2013),
- Microsoft Research China (5/15/2013),
- McMaster University (4/24/2013),
- University of Florida (2/18/2013).
- The 25th School of
Computing & Information Sciences Anniversary at the Florida Internation University,
November 9, 2012.
- Re-designing the Web's Access Control System.
Invited talks at
- Microsoft Research, Redmond, WA. July 28, 2011
- The 25th Annual WG 11.3 Conference on Data and Applications
Security and Privacy (DBSec), July 13, 2011.
- University of Massachusetts Lowell (Computer Science Colloquia Talk),
December 1, 2010.
- University of Science and Technology of China (USTC), May 11, 2010.
- Beijing Institute of Technology, May 10, 2010.
- The SEED project.
- Invited panelist at the NICE (National Initiative for Cybersecurity Education)
Track 2 Coalition organizational meeting, November 5, 2010.
- Invited talk at the University of Science and Technology of China (USTC),
May 12, 2010.
- Invited panelist at the Annual Conference on Education in Information
Security, Ames, Iowa. September 17-18, 2006.
Using Instructional Operating System to Teach Computer
Security Courses. A tutorial
at the 11th ACM Conference On Computer And Communication Security
(CCS). Alexandria, VA, November 10, 2005.
- Privacy-Preserving Data Mining.
- University of Pittsburgh. April 18, 2006.
- Computer Science Seminar, Stevens Institute of Technology. April 18, 2005.
- CS Department, University of Maryland College Park. October 27, 2003.
- Securing Wirless Sensor Networks.
- Invited talk at the IEEE Joint Chapter for Communications and Aerospace
at Rochester, June 6, 2006.
- Computer Science Graduate Seminar, Wayne State University. December 13, 2005.
- ECE Department, Clarkson University. April 16, 2004.
- Securing Wirless Sensor Networks
CERIAS Seminar, Purdue University. March 31, 2004.
- Editorial Board Members,
International Journal of Security and Networks (IJSN), 2008 - 2010.
- Tutorials Chair,
ACM Conference on Computer and Communications Security (CCS'06 and '07).
- Guest Co-Editor,
Journal of Computer Security, Special Issue on Security of Ad Hoc and
Sensor Networks, 2006.
- Program Co-Chair
- Program Committee
- WWW: International World Wide Web Conference (Abuse, Security & Security
- ICDCS: The Internationl Conference on Distributed
Computing Systems (Privacy & Security track, 2008 - 2012).
- CCS: The ACM Conference on Computer and Communication Security (2007 - 2009).
- ICDE 2010: The 26th IEEE International Conference on Data
Engineering (Privacy & Security track)
- WiSec: The ACM Conference on Wireless Network Security (2007 - 2008).
- ICICS: The Eighth International Conference on Information and
Communications Security (2006).
- SDM: SIAM International Conference on Data Mining (2004, 2005).
- ASIACCS: ACM Symposium on InformAtion, Computer and Communications
- SASN: ACM Workshop on Security of Ad Hoc and Sensor Networks (2004 - 2006),
- WiSe: ACM Workshop on Wireless Security (2005, 2006).
- ICPADS: The 11th International Conference on
Parallel and Distributed Systems (2005).
- WPES: ACM Workshop on Privacy in the Electronic Society (2004).