Vulnerability Exploration in Software Systems for Data Security and Privacy
Date: Thu, February 20, 2020
Time: 10:00am - 11:00am
Location: Holmes Hall 389
Speaker: Dr. Rui Zhao, Assistant Professor, University of Nebraska Omaha
Abstract
Using various end-user applications on personal devices has become an integral part of our daily lives. However, due to the lack of security knowledge or improper design/implementation, security bugs and vulnerabilities have often been introduced into software systems. Consequently, data may not be properly protected and can be leaked to attackers resulting in severe consequences. Therefore, vulnerability analysis and data/communication protection in the software are of great need and importance. In this presentation, we explore three types of vulnerabilities in the software and one novel scheme for data protection. Specifically, we focus on (1) the automated analysis of vulnerabilities in Android permission system, (2) identification of software security bugs introduced by improper use of cryptography primitives, (3) detection of browser fingerprinting behaviors, by enhancing program analysis techniques, and (4) a collaborative password manager that assures confidentiality of credentials on public computers. We expect to advance the scientific and technological understanding on software security/assurance and to make users’ experience securer and more enjoyable.
Bio
Dr. Rui Zhao is an Assistant Professor of Cybersecurity at the University of Nebraska Omaha. He received Ph.D. degree in Computer Science at the Colorado School of Mines in 2016. His previous research mainly focused on web, cloud, mobile system security, automatic vulnerability analysis, and human-computer interaction. His recent research focuses on vulnerability analysis with formal methods in web, mobile, operating, and crypto systems, and data/communication security and privacy. Specifically, his projects include the construction of a framework for automatic analysis of security bugs and design and implementation flaws in the software, design of a collaborative password manager for data security, and enhancing steganography for communication security and privacy. He authored fourteen peer-reviewed publications at reputable conferences and journals and holds three patents. He received B.E. degree and M.E. degree in Electronic Engineering at Xidian University, China, in 2004 and 2008, respectively.