[CSEE Talk] talk: Enhancing System Security and Privacy with Program Analysis, Noon Tue 3/31, ITE325b

Tim Finin finin at cs.umbc.edu
Fri Mar 27 09:14:17 EDT 2015


             Computer Science and Electrical Engineering
               University of Maryland, Baltimore County

     Enhancing System Security and Privacy with Program Analysis

                              Yinzhi Cao
                         Columbia University

         12:00-1:00pm Tuesday, 31 March 2015, ITE 325b, UMBC

Cyber security and privacy have brought the attention from the general
public these days. Melissa Hathaway, who advised both President Obama
and President Bush, estimated in a report that governments and
consumers lost $125 billion annually to cyber-attacks, including
losses in tax revenue. In this talk, from the perspective of program
analysis, I will discuss the security and privacy of two important
computer systems: Web browser and Android system. In the first part, I
will introduce how to prevent and detect drive-by download attacks,
which penetrate the boundary of a browser principal. In particular, I
will present JShield, a vulnerability-based detection engine that is
more robust to obfuscated drive-by download attacks, when compared to
various anti-virus software and most recent research papers. In the
second part, I will introduce EdgeMiner, the first automatic tool that
creates summaries of Android framework in the form of callback and
registration pairs. With the summaries, existing static analysis
system can correctly construct a control flow graph with hidden
control flow dependencies introduced by callback methods.

Yinzhi Cao is a postdoctoral scientist at Columbia University. He
earned his PhD in computer science at Northwestern University.  Before
that, he obtained his B.E. degree in electronics engineering at
Tsinghua University in China. His research mainly focuses on the
security and privacy of web, smart phones, and machine learning. He
has published more than ten papers at various security conferences,
such as Oakland, NDSS, ACSAC and DSN. His JShield system has been
adopted by Huawei, the world's largest telecommunication company. In
the past, he served as a program committee member for IEEE CNS'14 and
web chair for AsiaCCS SESP'13. Previously, he also conducted research
at SRI International and UC Santa Barbara as a summer intern.

     -- more information and directions: http://bit.ly/UMBCtalks --


More information about the CSEE-colloquium-out mailing list