Research

Overview

We are working on many cybersecurity topics (check our publication page for details):

Internet malware detection, defense, and analysis
SPS: Software-defined Programmable Security (SDN, NFV, Cloud, Edge, 5G…)
- Check out the final report from our 2018 NSF Workshop on Programmable System Security in a Software Defined World.
- Check our S2OS project website. S2OS is an ongoing large multi-institute project funded by NSF/VMware, in which we aim to build a new Security OS with Software Defined Infrastructure
- Other projects: FRESCO, OpenFlowSec.org
Mobile and IoT security
Web and Web3 security
AI security
Intrusion detection, anomaly detection

Our mission is to make networking and computing more secure!

A few selected recent research projects are listed as follows:

With the help of new service worker technology, traditional websites can now act like native mobile apps or become appified. In this emerging appified web paradigm, we systematically study both the vulnerabilities and the security enhancement to appified websites.

Learn More…

S2OS

A new SDI-defined Security OS. It aims to abstract security capabilities and primitives at various layers, thus providing unified programmability and controllability so that any security policy or procedure can be easily and dynamically programmed at the infrastructure scale.
Learn More…

LipFuzzer

LipFuzzer aims to assess vApp’s problematic Intent Classifier at a large scale. The tool generates potentially dangerous voice commands that are likely to incur semantic inconsistency such that a user reaches an unintended vApp/functionality (i.e. users think they use voice commands correctly but yield unwanted results).
Learn More…

Hybrid-PostMessage & OSV-Free

We find a new type of security issues caused by hybrid postMessage in mobile hybrid apps, i.e., “Origin Stripping Vulnerability” (OSV). To mitigate OSV from the root, we design and implement three new postMessage APIs, called OSV-Free.
Learn More…

FRESCO

An application framework for rapid security service implementation. In this project, we aim to provide a SDN development framework to facilitate development and deployment of network (security) services.
Learn More…