o
With rapid advancement in genome
sequencing technologies, human
genomic data has been increasingly collected and disseminated to facilitate
human genome studies (HGS). Of great importance to these studies is protection
of participants’ genetic information, which, once leaked to unauthorized
parties, could have a disastrous consequence.
To date, only minimum effort has been made to investigate the privacy
risks involved in HGS, which offers little privacy protection. The informed consent process, which is
critical for helping participants understand potential risks before they enter
the study, has itself not been well informed of possible information leaks in
an HGS and the potential damages as the consequence of the leaks. HGS researchers typically receive little
ethical guidance on what they are not supposed to share and disseminate during
collaborations and publishing. The only
protection in place is de-identification that removes explicit identifiers
(such as name, social security number, etc.) from genome data, and an
application agreement that ensures that use of the data by the researchers will
be in compliance with participants' consents. This process only deals with
explicit misuse of genomic data such as direct disclosure of participants'
identities. It has been found to be far
from sufficient to deter information leaks in a more implicit way. Our research
aims at better understanding the technical risks involved in use and
dissemination of human genome data, and developing effective techniques to
protect participant privacy and also facilitate scientific research.
o Cloud
and Web Security
Cloud computing is becoming a game-changer for the academia and industry
that need low-cost and scalable data processing capabilities.
However, this new computing
paradigm is also fraught with security and privacy risks that need practical
solutions. Though most cloud security
issues are related to the problems that have long been studied, I strongly
believe that distinctive features of the cloud actually expand the space of
these seemingly old problems, as evidenced by my research on
Software-as-a-Service (SaaS) and
Infrastructure-as-a-Service (IaaS).
We found that the SaaS
computing paradigm is fundamentally vulnerable to side-channel attacks. Specifically, the web application used to
deliver cloud services is a “two-part” program, with its components deployed
both in the browser and on the web server. The communication between these two
components inevitably leak out the program’s internal states to those
eavesdropping on its web traffic, simply through the observable features of the communication such as packet
lengths and timings, even if the traffic is entirely encrypted. Our study shows that such side-channel leaks
are both realistic and serious: a set of
popular web applications are found to disclose highly sensitive user data such
as one’s family incomes, health profiles, investment secrets and more through
their side channels. To mitigate this threat, an overhaul of current
web-application development practice is found to be necessary. To answer this
urgent call, we also developed SideBuster, the first
system for automatic detection and quantification of the side-channel leaks in
web applications, which offers the web developer effective means to mitigate
this threat. My other research on the SaaS layer includes FIRM, an in-line reference monitor for
mediating untrusted Flash applications, and Mash-IF, the first information-flow
mechanism for protecting Mash-up web applications.
On the IaaS layer, my
ongoing research focuses on secure data-intensive computing on hybrid clouds. A hybrid cloud is the typical way that an
organization uses the commercial cloud: the public cloud here often acts as a
receiving end of the computation “spill-over” from the organization's internal
system. This new computing paradigm, which involves both the
public cloud and the private cloud, presents a new opportunity that makes
practical, secure outsourcing of computation tasks to untrusted environments
possible. Our ongoing research
shows that over this platform, new secure computing techniques can be developed
to sustain real-world data-intensive computations.
o Software and System Security
Most of my prior work on software and system security
is related to automatic program analysis for vulnerability detection and
malware protection. For example, we proposed a black-box exploit prevention
technique called packet vaccine that
quickly detects exploit attempts on software and automatically generates
signatures to shield the underlying software vulnerabilities without reliance
on its source and binary code. Other
examples include our analysis of information leaks from Linux process file
systems, and new techniques for efficient dynamic runtime malware scan,
automatic reverse engineering of program security configuration, secure remote
error analysis and spyware containment. More recently, we start working on the
security challenges in smart-phone systems and software.
Grants
Role:
Single PI
Time:
From 9/01/2011 to 8/31/2014
Role:
Single PI
Time:
From 9/01/2010 to 8/31/2013
Role:
Single PI
Time:
From 9/01/2007 to 8/31/2010
Role:
PI
Time:
From 4/01/2007 to 3/31/2009
Role:
Co-PI
Time:
From 10/01/2006 to 10/31/2007
Role:
Co-PI
Time:
From 09/15/2005 to 08/31/2007