Computer Science and Electrical Engineering
University of Maryland, Baltimore County
Towards Large-Scale Measurement of Vulnerabilities
and Design of Usable New Systems
Prof. Chuan Yue
University of Colorado Colorado Springs
12:00-1:00 Monday, 23 March 2015, ITE325b, UMBC
Security and privacy vulnerabilities are pervasive in computer and network systems. In my research group, we aim to accurately measure and analyze the vulnerabilities of Web, Cloud, and Mobile systems on a large scale; we also aim to design usable new systems that provide better security and privacy protection to millions of users. In this talk, I will first present our research on analyzing the vulnerabilities of popular Web browsers’ built-in password managers and some third-party browser-and-cloud-based password managers. Next, I will present a framework for automatic detection of information leakage vulnerabilities in JavaScript-based browser extensions including password managers. I will explain why it is very challenging to accurately and automatically analyze JavaScript-based browser extensions, justify why our static and dynamic combined approach is practical and appropriate, and further discuss how we may increase the capabilities of this framework to automatically measure and analyze JavaScript related security and privacy vulnerabilities on a large scale. Finally, I will discuss some of our current and future projects on security and privacy research and education, for example, one project is on measuring users’ susceptibility to sophisticated and highly insidious phishing attacks.
Chuan Yue is an Assistant Professor of Computer Science at the University of Colorado Colorado Springs. His current research focuses on Web, Cloud, and Mobile Systems Security and Privacy. He received his B.E. and M.E. degrees in Computer Science from Xidian University, China, in 1996 and 1999, respectively, and his Ph.D. in Computer Science from the College of William and Mary in 2010. He worked as a Member of Technical Staff at Bell Labs China, Lucent Technologies for four years from 1999 to 2003, mainly on the design and development of the Web-based Distributed Service Management System for Intelligent Network.
For more information and directions: http://bit.ly/UMBCtalks.