Wenliang (Kevin) Du

Professor (CV)

Ph.D. Purdue University, 2001

Research: Computer Security

Department of Electrical Engineering and Computer Science

Syracuse University

4-206 Center for Science and Technology

Syracuse, NY 13244-4100

• Current Research Interests

  • Web System Security: Browsers, Web Servers, and Web Applications.
  • Smartphone System Security: Android Operating System and Applications.
  • SEED: Developing Hands-on Labs for Computer SEcurity EDucation.
  • My Research Group.

• Most Recent News and Papers (Full List)

  • Hao Hao, Vicky Singh, and Wenliang Du. On the Effectiveness of API-Level Access Control Using Bytecode Rewriting in Android. In Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), May 7-10, 2013. Hangzhou, China.
  • Tongbo Luo, Xing Jin, and Wenliang Du. Mediums: Visual Integrity Preserving Framework. In Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY), Feb 18-20, 2013. San Antonio, TX, USA.
  • Tongbo Luo, Xing Jin, Ajai Ananthanarayana, and Wenliang Du. Touchjacking Attacks on Web in Android, iOS, and Windows Phone. In Proceedings of the 5th International Symposium on Foundations & Practice of Security, October 25-26, 2012.
  • Xi Tan, Wenliang Du, Tongbo Luo, and Karthick Soundararaj. Scuta: A Server-Side Access Control System for Web Applications. In Proceedings of the 17th ACM SACMAT, June 20-22, 2012, Newark, USA.
  • Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin. Attacks on WebView in the Android System. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, USA. December 5-9, 2011.

• Grants

  • Security-Enhanced WebView for Android System (Google Research Award, $49,387, 01/2012 - 12/2012, PI). This project is primarily based on my Ph.D. student Tongbo Luo's work.
  • To Configure or to Implement, that is the Access Control Question for Web Applications (NSF Trustworthy Computing, $471,970, 09/2010 - 08/2013, PI).
  • SEED: Developing Instructional Laboratories for Computer SEcurity EDucation (NSF-CCLI, Type 2, $451,682, 01/2007-12/2011, PI).
  • Applied Research - Identity Management (JPMorgan Chase, $96,084, 1/08 - 8/08).
  • Efficient and Resilient Key Management for Wireless Sensor Networks (ARO, $360,000, 5/05-4/08, PI).
  • Collaborative Research: Trustworthy and Resilient Location Discovery in Wireless Sensor Networks (NSF CyberTrust, $150,000, 9/04-8/07, PI).
  • Collaborative Research: ITR: Distributed Data Mining to Protect Information Privacy (NSF-ITR, $140,418, 8/03-7/06, PI).
  • Private Prediction using Selective Models (NSF-ITR, $220,000, 9/02-8/05, PI).
  • Designing Laboratory Materials for Computer System Security Courses Using Minix Instructional Operating System (NSF-CCLI, Type 1, $74,984, 01/03-12/04, PI).
  • VINE: Using VIrtual Network Environment for Computer and Network Security Courses (University Vision Fund, $5000, 01/03-12/03, PI).

• Invited Talks, Panels, and Tutorials

  • Enhancing the Security of Mobile Devices. Invited Talk at the Department of Computer and Information Science and Engineering at University of Florida, February 18, 2013.
  • Enhancing the Security of Mobile Devices. Invited Talk at the 25th School of Computing & Information Sciences Anniversary at the Florida Internation University, November 9, 2012.
  • Re-designing the Web's Access Control System. Invited Talk at Microsoft Research, Redmond, WA. July 28, 2011 (Slides).
  • Re-designing the Web's Access Control System. Invited Talk at the 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy (DBSec), July 13, 2011.
  • Re-designing the Web's Security Infrastructure. Computer Science Colloquia Talk at University of Massachusetts Lowell, December 1, 2010.
  • The SEED project. Invited panelist at the NICE (National Initiative for Cybersecurity Education) Track 2 Coalition organizational meeting, November 5, 2010.
  • Learning by Doing: How to Make this Happen in Computer Security Education? Invited talk at the University of Science and Technology of China (USTC), May 12, 2010.
  • So Many Attacks on the Web: Whom should we blame? Invited talk at the University of Science and Technology of China (USTC), May 11, 2010.
  • So Many Attacks on the Web: Whom should we blame? Invited talk at the Beijing Institute of Technology, May 10, 2010.
  • Open Source/Closed Source Software in Security Education, Invited panelist at the Annual Conference on Education in Information Security, Ames, Iowa. September 17-18, 2006.
  • Securing Wireless Sensor Networks. Invited talk at the IEEE Joint Chapter for Communications and Aerospace at Rochester, June 6, 2006.
  • Privacy-Preserving Data Mining. University of Pittsburgh. April 18, 2006.
  • Securing Wirless Sensor Networks. Computer Science Graduate Seminar, Wayne State University. December 13, 2005.
  • Tutorial: Using Instructional Operating System to Teach Computer Security Courses. A tutorial at the 11th ACM Conference On Computer And Communication Security (CCS). Alexandria, VA, November 10, 2005. More details can be found in our paper A Novel Approach for Computer Security Education using Minix Instructional Operating System, published by the Computer & Security, Volume 25, Issue 3, 2006. Pages 190-200.
  • Privacy-Preserving Data Mining. Computer Science Seminar, Stevens Institute of Technology. April 18, 2005.
  • SACMAT'04 Panel: "Security for Grid-based computing systems - the challenges", June 3, 2004.
  • Securing Wirless Sensor Networks, ECE Department, Clarkson University. April 16, 2004.
  • Securing Wirless Sensor Networks (Slides). CERIAS Seminar, Purdue University. March 31, 2004.
  • Privacy-Preserving Data Mining, CS Department, University of Maryland College Park. October 27, 2003.

• Professional Activities

  • Editorial Board Members, International Journal of Security and Networks (IJSN), 2008 - 2010.
  • Tutorials Chair, ACM Conference on Computer and Communications Security (CCS'06 and '07).
  • Guest Co-Editor, Journal of Computer Security, Special Issue on Security of Ad Hoc and Sensor Networks, 2006.
  • Program Co-Chair
    • SASN'05: The Third ACM Workshop on Security of Ad Hoc and Sensor Networks.
    • The 2nd Workshop on Privacy Preserving Data Mining (PPDM'03). In conjunction with IEEE ICDM'03.
  • Program Committee
    • WWW: International World Wide Web Conference (Abuse, Security & Security track, 2011),
    • ICDCS: The Internationl Conference on Distributed Computing Systems (Privacy & Security track, 2008 - 2012).
    • CCS: The ACM Conference on Computer and Communication Security (2007 - 2009).
    • ICDE 2010: The 26th IEEE International Conference on Data Engineering (Privacy & Security track)
    • WiSec: The ACM Conference on Wireless Network Security (2007 - 2008).
    • ICICS: The Eighth International Conference on Information and Communications Security (2006).
    • SDM: SIAM International Conference on Data Mining (2004, 2005).
    • ASIACCS: ACM Symposium on InformAtion, Computer and Communications Security (2006).
    • SASN: ACM Workshop on Security of Ad Hoc and Sensor Networks (2004 - 2006),
    • WiSe: ACM Workshop on Wireless Security (2005, 2006).
    • ICPADS: The 11th International Conference on Parallel and Distributed Systems (2005).
    • WPES: ACM Workshop on Privacy in the Electronic Society (2004).