App Guardian

App Guardian: An App Level Protection Against RIG Attacks

CURIOUS framework

CURIOUS, a new modular partition-based ORAM framework, is designed for oblivious cloud storage

Current Research

Cloud and Mobile Security, and Health Informatics Security is becoming game-changers for both the academia and industry…

Future Research

The Future of System Security Research: Composition Focusing and Data Centric


MassVet is a system for a large-scale analysis of potentially-harmful apps and mobile libraries

Past Research

automatic program analysis for vulnerability detection, AI, game theory

Selected Projects

Our research is supported by NSF, NIH, etc.

Recent Publications

More Publications

  • Under the Shadow of Sunshine: Understanding and Detecting BulletProof Hosting on Legitimate Service Provider Networks

    Details PDF

  • Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites

    Details PDF Bib

  • Dark Hazard: Learning-based, Large-scale Discovery of Hidden Sensitive Operations in Android Apps

    Details PDF Slides Bib

  • Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence

    Details PDF Bib

  • Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service

    Details PDF Bib

  • Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS

    Details PDF Bib

  • Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search

    Details PDF Bib

  • Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf

    Details PDF Bib

  • Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS

    Details PDF Bib

  • Efficient genome-wide, privacy-preserving similar patient query based on private edit distance

    Details PDF Bib


  • Founding organizer (with my colleagues at IU and UCSD): iDASH Genome Privacy Challenges

  • PC member, the USENIX Security Symposium (Security’ 17)

  • Program Co-Chair, the 11th ACM Asia Conference on Computer and Communications Security (ACM AsiaCCS’16)

  • Program Chair, the 11th International Conference on Security and Privacy in Communication Networks (SecureComm’15)

  • Workshop Co-Chair, the 22nd ACM Conference on Computer and Communication Security (CCS’15)

  • General Chair, the 13th Privacy Enhancing Technologies Symposium (PETS’13)

  • Associate Editor, IEEE Transactions on Dependable and Secure Computing (TDSC), since December, 2014

  • Invited panelist, Security and Privacy Challenges in Health Informatics, the NSF SaTC PI meeting 2015.

  • PC member, the Annual Network and Distributed System Security Symposium (NDSS’ 13, 14, 15, 16, 17)

  • PC member, the IEEE Symposium on Security and Privacy (S&P’10, 11, 12, 13, 14)

  • PC member, the International World Wide Web Conference, Security and Privacy Track (WWW’09, 12, 14, 15)

  • PC member and Session Chair, the ACM Conference on Computer and Communication Security (CCS’08, 10, 15, 16)

  • Chair of Local arrangement committee, Chair of Regional arrangement committee, CCS’09

Recent Talks

  • 2016, Keynote at the 10th Central Area networking and Security Workshop (CANSec’16)

  • 2016, Invited seminar, Chinese University of Hong Kong 2016 Seminar talk, Northwestern University

  • 2016, Seminar talk, University of Southern California 2015 Seminar, Northeastern University

  • 2014, TRUST Security Seminar, University of California, Berkeley 2014 Invited talk. Narus Inc.

  • 2014, Seminar talk. Purdue University

  • 2013, Seminar talk. University of Maryland at College Park

  • 2013, Seminar talk. University of Texas at Austin

  • 2013, Invited talk. Chinese Academy of Sciences, China

  • 2012, Invited talk. Microsoft Faculty Summit

  • 2012, Invited talk. Computer Science Center, Shangdong Academy of Sciences, China


  • Fall 2005~Now: I430/520/B649, “Security for Networked Systems”, An upper-level undergraduate and graduate course, IUB

  • Spring 2007~Now: I521, “Malware: Threat and Defense”, A graduate course, IUB

  • Spring 2006~2009: I231, Mathematic Foundations for Cybersecurity, A second-year undergraduate course, IUB

  • Spring 2005: I400, Introduction to Information Security, A third and forth year undergraduate course, IUB

  • Spring 2002: 18440, Internet Security, Teaching Assistant, An upper-level undergraduate and graduate course, Carnegie Mellon University

Media Coverage