Code Release

  • MassVet: a system for a large-scale analysis of potentially-harmful apps and mobile libraries. Here are the demo and media reports of the system.

  • App Guardian: application-level protection against runtime information gathering. Install our app from Google Play.

  • Code used in our study on the practicality of oblivious cloud storage


Current Research

Cloud and Mobile Security, and Health Informatics Security is becoming game-changers for both the academia and industry…

Future Research

The Future of System Security Research: Composition Focusing and Data Centric

Past Research

automatic program analysis for vulnerability detection, AI, game theory

Selected Projects

Our research is supported by NSF, NIH, etc.

Recent Publications

More Publications

  • Under the Shadow of Sunshine: Understanding and Detecting BulletProof Hosting on Legitimate Service Provider Networks

    Details PDF

  • Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites

    Details PDF Bib

  • Dark Hazard: Learning-based, Large-scale Discovery of Hidden Sensitive Operations in Android Apps

    Details PDF Slides Bib

  • Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence

    Details PDF Bib

  • Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service

    Details PDF Bib

  • Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS

    Details PDF Bib

  • Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search

    Details PDF Bib

  • Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf

    Details PDF Bib

  • Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS

    Details PDF Bib

  • Efficient genome-wide, privacy-preserving similar patient query based on private edit distance

    Details PDF Bib



  • Program Co-Chair, the 11th ACM Asia Conference on Computer and Communications Security (ACM AsiaCCS’16)

  • Program Chair, the 11th International Conference on Security and Privacy in Communication Networks (SecureComm’15)

  • Associate Editor, IEEE Transactions on Dependable and Secure Computing (TDSC), since December, 2014

  • General Chair, the 13th Privacy Enhancing Technologies Symposium (PETS’13)

  • Program committee member, the Annual Network and Distributed System Security Symposium (NDSS’ 13, 14)

  • Program committee member, the IEEE Symposium on Security and Privacy (S&P’10, 11, 12, 13, 14)

  • Program committee member, the International World Wide Web Conference, Security and Privacy Track (WWW’09, 12, 14, 15)

  • Program committee member, the ACM Symposium on Information, Computer and Communications Security (ASIACCS’12)

  • Local arrangement chair, the ACM Conference on Computer and Communication Security (CCS’11)

  • Organization committee member, the ACM Conference on Computer and Communication Security (CCS’10)

  • Program committee member, the ACM Conference on Computer and Communication Security (CCS’08, 10)

  • Regional arrangement chair, the ACM Conference on Computer and Communication Security (CCS’09)

  • Program committee member, the International Conference on Distributed Computing Systems (ICDCS’10)

  • Co-Chair, the I3P Workshop on Insider Threats in the Networked World (08)

  • Steering committee member, NSF Biomedical Informatics Workshop (07)

  • Program committee member, the workshop on Privacy in the Electronic Society (WPES’06, 07 and 08)

  • Program committee member, ACM Workshop on Wireless Security (Wise’05).


Part of Media Coverage:


  • Fall 2005~Now: I430/520/B649, “Security for Networked Systems”, An upper-level undergraduate and graduate course, IUB

  • Spring 2007~Now: I521, “Malware: Threat and Defense”, A graduate course, IUB

  • Spring 2006~2009: I231, Mathematic Foundations for Cybersecurity, A second-year undergraduate course, IUB

  • Spring 2005: I400, Introduction to Information Security, A third and forth year undergraduate course, IUB

  • Spring 2002: 18440, Internet Security, Teaching Assistant, An upper-level undergraduate and graduate course, Carnegie Mellon University