In his dissertation entitled "Addressing Security Challenges in Smart Systems Through Systematic Problem Analysis and Mitigation," Chen investigates how to develop defense approaches that can fundamentally address security challenges in existing and future smart systems.
Recent years have witnessed the emergence and tremendous growth of so-called smart systems such as smartphone operating systems, smart home systems, and smart transportation systems. These systems feature more ubiquitous network-based access, more intuitive user interfaces, and more functionality-rich operating systems, which largely improve quality of life. However, on the flip side, these additional capabilities also empower the attackers if being abused, and thus introduce new security challenges.
Existing defense mechanisms to these security challenges are mostly ad hoc and reactive, which not only fail to fundamentally address the exposed problems in existing smart systems, but also can hardly be applied to future smart systems to prevent similar problems. To win this arms race, Chen proposes to develop defense approaches that proactively detect and analyze vulnerabilities using rigorous techniques such as program analysis and attack surface quantification, and thus propose design improvements that are more systematic than before.
Chen’s past and ongoing research targets security problems in three core components of smart systems: user interface, network stack, and resource access control. For example, for the graphic user interface (GUI) component in the popular smartphone operating system Android, his research uncovered a GUI confidentiality breach that occurs in the use of shared memory by the operating system that could allow a malicious app to monitor the state of user interactions with an app in use in order to steal sensitive data, such as login credentials, photos, and other personal data. These findings were presented in the paper, "Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks," at the 23rd USENIX Security Symposium in 2014.
In the network stack of smart systems, Chen and his collaborators recently discovered a new type of attack on the service discovery process that makes man-in-the-middle (MitM) attacks easier than ever to execute as a side effect of new gTLD delegation. Such an attack would have security ramifications when laptops and smartphones configured for enterprise systems are used outside the enterprise in the realm of the wider web. The findings for this work were published in the paper, "MitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era," at the 2016 IEEE Symposium on Security and Privacy.Chen is advised by Prof. Z. Morley Mao.
About the Rackham Predoctoral Fellowship
The Rackham Predoctoral Fellowship supports outstanding doctoral students who have achieved candidacy and are actively working on dissertation research and writing. They seek to support students working on dissertation that are unusually creative, ambitious and risk-taking.
Posted: March 8, 2017