RESEARCH

< Past Projects >

Big-data oriented security intelligence for enterprises

Today it is getting harder and harder to secure the whole system of enterprise. The infrastructure is complex and keep evolving, and various softwares are installed daily and run by different people. Tracking security vulnerabilities becomes a difficult task. Moreover, the enterprise systems are often subject to malicious attacks from the outside by exploiting the unknown zero-day vulnerabilities and advanced persistent threats. Security experts/admins need new powerful tools to defend against them. We leverage the big data opportunities shown in today's enterprise systems and build a new data-driven security intelligence platform to perform fine-grained real-time surveillance of system activities, machine-learing based detection, forensics analysis, and so on. Just like what Sun Tzu said "If you know your enemies and yourself, you can win a hundred battles without a single loss."

Large-scale graph processing platform

Graphs are natural ways to represent connected and dependent datasets from many domains like cybersecurity and transportation. In recent years, the volume and complexity of raw graph data keep increasing at the extraordinary rate, while valuable information is still expected to be extracted from the data in a timely manner. This tension puts pressure on the data processing platforms, requiring high performance at scale with reasonable cost. Besides, different analytics demands generate different workloads and need various performance tuning. Generic one-fits-all designs cannot meet all these requirements with efficiency and low cost. We are working on the high-performance graph processing platforms optimized for specific application domains and new emerging analytics demands. They are vertical solutions considering new storage and networking architecture, on-demand data processing stack, and cross-layer optimizations suitable for application domains.

Efficient power utilization and management on mobile electronic devices

Mobile electronic devices, such as smartphones, laptops and tablets, are becoming ubiquitous in people's daily life. Battery life is an important consideration when it comes to providing good user experience on these battery-powered devices. Aiming at increasing battery life, this project investigates efficient utilization and management of battery power on mobile electronic devices. The investigation is two-fold. We examine the most power-hungry components on a mobile device (such as wifi component and GPS component), and study how to make each of these components consume power more efficiently. Meanwhile, we also try to model, measure and manage the power consumption on mobile devices in a holistic manner, which provides helpful information to optimizing battery utilization.

Security for Implantable Medical Devices

Recent studies have revealed security vulnerabilities in implantable medical devices (IMDs). Security design for IMDs is challenging by the requirement that IMDs remain operable in an emergency when appropriate security credentials may be unavailable. We designed and evaluted IMDGuard, a secure scheme for heart-related IMDs to fulfill this requirement. IMDGuard incorporates two novel techniques to provide appropriate protection for IMDs. One is an ECG based secure key establishment without prior shared secrets, and the other is an access control mechanism resilient to adversary spoofing attacks.

DeSybil: Defending against Sybil Attacks Using Social Networks

Distributed systems are vulnerable to sybil attacks, in which the adversary creates many bogus identities, called sybil identities, and compromises the running of the system or pollutes the system with false information. Sybil identities can "suppress" honest identities in a variety of tasks, including online content ranking, DHT routing, file sharing, reputation systems, and Byzantine failure defenses. Sybil attacks can be mitigated by assuming the existence of a trusted central authority. This authority can limit the introduction of false identities by requiring users to provide some credentials, like social security numbers, or by requiring payment. However, such requirements may deter users from accepting these systems in that they impose additional burdens on users. A central authority can also easily be the target of denial-of-service attacks and thus reduce the reliability of the entire system. In this project we are investigating the use of social networks to mitigate sybil attacks.

AutoECG: ECG Automatic Analysis System

The automatic analysis of ECG signals is very important for diagnosing cardiac diseases. We are building an automatic ECG analysis system including an ECG sensor, a set of PDAs, and a database. The ECG sensor implements a wavelet-transform based algorithm and detects the abnormal signals associated with cardiac diseases. The patient's PDA, which is connected to the sensor, serves as a relay station that connects to the database and a doctor's PDA. The ECG sensor will trigger an alert if it detects abnormal signals. The doctor will then be made aware of the alert, validate it, and provide immediate assistance to the patient.

CarProof: Secure and Privacy-Preserved Data Collection in ITS Systems

Intelligent transportation systems (ITS) are gaining more and more attention as traffic problems in urban and suburban areas grow. ITSs are commonly used to transfer data about vehicles, drivers, and road conditions from vehicles to ITS operators for real-time traffic control, road maintenance, and the development of new traffic management strategies. However, privacy concerns from drivers have become a major obstacle that hinders the deployment of such applications. In this project, we study how to provide a secure and privacy-preserved environment for such data collection applications.

AP Selection for Wireless LAN

In the Wireless Local Area Network (WLAN), the Access Point (AP) selection of a client heavily influences the performance of its own and others. Through theoretical analysis, we revealed that previously proposed association protocols are not effective in maximizing the minimal throughput among all clients. Accordingly, we proposed an online AP association strategy that not only achieves a minimal throughput (among all clients) that is provably close to the optimum, but also works effectively in practice with a reasonable computational overhead. The association protocol applying this strategy was implemented on the commercial hardware and compatible with legacy APs without any modification. we demonstrate its feasibility and performance through both real experiments and intensive simulations.

Paxos++: State Machine Replication Protocols in WANs

In distributed systems, state machine replication is the most general approach for providing a highly available service. With this approach, a reliable service is implemented by replicating it on several failure-independent replicas, which consistently change their states by applying deterministic commands from an agreed sequence. A consensus instance is used to decide on each command in the sequence. Chubby, the distributed lock service used by the Google File System, is a typical example of services that use state machine replications. With the rapid development of wide-area services such as web services, a fundamental research question is how to provide efficient general state machine replication in the wide area that only assumes the servers and clients are spread across a wide-area network. The goal of this project is to design and evaluate state machine replication protocols in WANs.

VANET: Vehicular Network Communication Protocol Design

Vehicular ad hoc networks (VANETs) have attracted significant attention in recent years with the goal of providing information regarding traffic (congestion, collisions ahead), highway conditions (potholes, cracks on the road, ice on the road, a blind spot ahead), and traveler support (local updated maps, parking areas, gas station locations). There are basically three types of communication in a vehicular network: inter-vehicle communication, vehicle-to-roadside communication, and hybrid vehicular communication. We have built a testbed for the three types of communication. In this project, our goal is to design secure and efficient communication protocols for this type of network.

Page updated

Google Sites

Report abuse