Department of Electrical Engineering and Computer Science
Syracuse University

Wenliang (Kevin) Du

Professor (CV)
Ph.D. Purdue University, 2001
Research: Computer Security

Department of Electrical Engineering and Computer Science
Syracuse University
4-206 Center for Science and Technology
Syracuse, NY 13244-4100
   Purdue | CERIAS | USTC | 8800
Phone: (315) 443-9180,   Fax: (315) 443-1122
Office: 4-285 Sci-Tech Building

  • Most Recent News and Papers (Full List)

    • Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri. Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation. To appear in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA. November 3 - 7, 2014
    • We have discovered a new type of attacks that can be launched against HTML5-based mobile apps. This attack can be launched from a variety of channels. See details from this web site and our paper: Code Injection Attacks on HTML5-based Mobile Apps. A shortened version of this paper appears in Proceedings of the Mobile Security Technologies (MoST) workshop, May 16, 2014.
    • Paul Ratazzi, Yousra Aafer, Amit Ahlawat, Hao Hao, Yifei Wang, and Wenliang Du. A Systematic Security Evaluation of Android's Multi-User Framework. In Proceedings of the Mobile Security Technologies (MoST) workshop, May 16, 2014.
    • Xiao Zhang and Wenliang Du. Attacks on Android Clipboard. In Proceedings of the 11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Egham, UK. July 10-11, 2014.
    • Yifei Wang, Srinivas Hariharan, Chenxi Zhao, Jiaming Liu, Wenliang Du. Compac: Enforce Component-Level Access Control in Android. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX, USA. March 3-5, 2014.
    • Our paper, published in CCS'03, won the prestigious ACM CCS Test-of-Time Award in October 2013.

  • Grants

    • Develop Fine-Grained Access Control for Third-Party Components in Mobile Systems. (NSF SaTC, $521,562, 08/2013 - 07/2016, PI. Award No. 1318814).
    • Collaborative: Bolstering Security Education through Transiting Research on Browser Security. (NSF SaTC, $89,878, 09/2013 - 09/2015, PI. Award No. 1318883).
    • 2013 Faculty Excellence Award from L.C.Smith College of Engineering and Computer Science (including a $20,000 research fund).
    • Security-Enhanced WebView for Android System (Google Research Award, $49,387, 01/2012 - 12/2012, PI). This project is primarily based on my Ph.D. student Tongbo Luo's work.
    • To Configure or to Implement, that is the Access Control Question for Web Applications (NSF Trustworthy Computing, $506,470, 09/2010 - 08/2013, PI. Award No. 1017771).
    • SEED: Developing Instructional Laboratories for Computer SEcurity EDucation (NSF-CCLI, Type 2, $451,682, 01/2007-12/2011, PI. Award No. 0618680).
    • Applied Research - Identity Management (JPMorgan Chase, $96,084, 1/08 - 8/08).
    • Efficient and Resilient Key Management for Wireless Sensor Networks (ARO, $360,000, 5/05-4/08, PI).
    • Collaborative Research: Trustworthy and Resilient Location Discovery in Wireless Sensor Networks (NSF CyberTrust, $150,000, 9/04-8/07, PI).
    • Collaborative Research: ITR: Distributed Data Mining to Protect Information Privacy (NSF-ITR, $140,418, 8/03-7/06, PI).
    • Private Prediction using Selective Models (NSF-ITR, $220,000, 9/02-8/05, PI).
    • Designing Laboratory Materials for Computer System Security Courses Using Minix Instructional Operating System (NSF-CCLI, Type 1, $74,984, 01/03-12/04, PI).
    • VINE: Using VIrtual Network Environment for Computer and Network Security Courses (University Vision Fund, $5000, 01/03-12/03, PI).

  • Invited Talks, Panels, and Tutorials

    • Enhancing the Security of Mobile Devices. Invited talks at
      • Rochester Institute of Technologies (3/24/2014),
      • SUNY Fredonia (3/19/2014),
      • University of South Florida (2/19/2014),
      • University at Buffalo, State University of New York (9/26/2013),
      • Air Force Research Lab (8/14/2013),
      • Syracuse Research Corporation (7/16/2013),
      • Chinese Academy of Sciences (5/17/2013),
      • Peking University (5/16/2013),
      • Microsoft Research China (5/15/2013),
      • McMaster University (4/24/2013),
      • University of Florida (2/18/2013).
      • The 25th School of Computing & Information Sciences Anniversary at the Florida Internation University, November 9, 2012.
    • Re-designing the Web's Access Control System. Invited talks at
      • Microsoft Research, Redmond, WA. July 28, 2011 (Slides).
      • The 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy (DBSec), July 13, 2011.
      • University of Massachusetts Lowell (Computer Science Colloquia Talk), December 1, 2010.
      • University of Science and Technology of China (USTC), May 11, 2010.
      • Beijing Institute of Technology, May 10, 2010.
    • The SEED project.
      • Invited panelist at the NICE (National Initiative for Cybersecurity Education) Track 2 Coalition organizational meeting, November 5, 2010.
      • Invited talk at the University of Science and Technology of China (USTC), May 12, 2010.
      • Invited panelist at the Annual Conference on Education in Information Security, Ames, Iowa. September 17-18, 2006.
      • Tutorial: Using Instructional Operating System to Teach Computer Security Courses. A tutorial at the 11th ACM Conference On Computer And Communication Security (CCS). Alexandria, VA, November 10, 2005.
    • Privacy-Preserving Data Mining.
      • University of Pittsburgh. April 18, 2006.
      • Computer Science Seminar, Stevens Institute of Technology. April 18, 2005.
      • CS Department, University of Maryland College Park. October 27, 2003.
    • Securing Wirless Sensor Networks.
      • Invited talk at the IEEE Joint Chapter for Communications and Aerospace at Rochester, June 6, 2006.
      • Computer Science Graduate Seminar, Wayne State University. December 13, 2005.
      • ECE Department, Clarkson University. April 16, 2004.
      • Securing Wirless Sensor Networks (Slides). CERIAS Seminar, Purdue University. March 31, 2004.