Title: System Security Research: From Discovery to Innovation
Innovations in security research often come from the curiosity about how rules can be bent. The interdisciplinary nature of system security further presents the researcher a vast space to explore such opportunities. In this talk, I will share our experience in finding and understanding security weaknesses on the technology frontier, demonstrating how big questions can be asked to help discover subtle but fundamental security problems inside modern computing systems, and how such findings can reshape system security designs, bringing forth new techniques, new research directions. More specifically, using mobile and IoT as examples, I will show that discovery and analysis of their surprising side channel weaknesses (which can be exploited by even the apps without permissions to expose one’s identity, locations, health information, etc.) questions the “security by construction” designs of these systems, identifying what need to be addressed to better protect them. Further to be presented is the preliminary effort to automate such a discovery process, by leveraging the knowledge automatically recovered from documents to guide detection of security-critical vulnerabilities. Finally, I will highlight the key insights of system security research and discuss the directions that might impact the development of new security technologies in the years to come.
Dr. XiaoFeng Wang is a James H. Rudy Professor of Computing at Indiana University, Co-director of IU’s Center for Security and Privacy in Informatics, Computing and Engineering, and the Vice Chair of the ACM SIGSAC (special interest group on security, audit and control). He is also a PC Co-Chair of the 2018 ACM Conference on Computer and Communications Security (CCS). Dr. Wang received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University. He is considered to be one of the most prominent system security researchers, among the most productive authors at leading security venues (#5 among over 6,000 authors in the past 18 years according to online statistics: http://s3.eurecom.fr/~balzarot/notes/top4/). Dr. Wang is known for his high-impact research on security analysis of real-world systems and biomedical data privacy. Particularly the projects he led on payment and single-sign-on API integrations, Android and iOS security and IoT protection have changed the way the industry built these systems. Also he is a pioneer researcher on human genome privacy and a co-founder of the iDASH Genome Privacy Competition that bridges the frontline security and cryptography research and the real-world demands for biomedical data sharing and computing protection. More recently, he is actively working on Data-Centric Intelligent Security, Cybercrimes, Hardware-support Protection and IoT Security. For his work, Dr. Wang has received numerous awards, including the Award for Outstanding Research in Privacy Enhancing Technologies (the PET Award) and the Best Practical Paper Award at the 32nd IEEE Symposium on Security and Privacy. His research has been extensively reported by the public media, including CNN, MSNBC, Forbes, Slashdot, Nature News, etc.