The following students affiliated with the Software Systems Lab will be on the job market during this academic year.
Research Area: System Security, Network Security, Mobile Systems
Position Sought: Tenure Track Faculty
Statement: Technology revolution brings new security challenges due to new usage models of new technologies and their interoperations with older technologies. Existing defenses are mostly passive and reactive, creating case-by-case solutions which cannot easily evolve with technology changes. My research is dedicated to develop proactive defense approaches using systematic techniques such as formalism, and thus fundamentally address security challenges from technology revolution. Three general approaches guide my research: 1) problem identification from inherent weaknesses of new features and their unexpected conflicts with previous assumptions, 2) systematic vulnerability detection and analysis using rigorous techniques, and 3) mitigation proposals and their evaluation in practice. By applying these steps, vulnerabilities from technology revolution are systematically uncovered, analyzed and mitigated. By applying these approaches to recent revolution in personal computing and Internet naming, my past and ongoing research uncovered a series of vulnerabilities including a new form of GUI confidentiality breach on Android (Usenix Security '14), and a new type of man-in-the-middle attack that is easier than ever as a side effect of new gTLD delegation (IEEE S&P '16). We subsequently use program analysis and attack surface quantification to perform systematic detection and analysis, and develop practical solutions (ACM CCS '15, NDSS '16, FC '16, and several ones under submission). Some of my work (e.g., papers at Usenix Security '14 and IEEE S&P '16) were reported by a number of major technology websites and attracted great attention from both academia and industry.
Research Area: Software Systems
Position Sought: Tenure Track Faculty
Statement: Today computers by default discard their rich history of prior computation and memory states. My vision is to create a computer system with the default of remembering all past computation, and furthermore making it practical to query the rich, but massive database of computation recorded. My research focuses on creating system level abstractions and developing novel analysis methodologies to accomplish this goal. My work on "Eidetic Systems" (OSDI 14) shows that it is practical to record and query years of computation, at an instruction level, on commodity hardware. Once this information is recorded, I have worked on several methods to query it in a timely manner, including: parallelizing dynamic information flow queries (OSDI 16), parallelizing dynamic data-race detection (ASPLOS 13), and my ongoing work on accelerating dynamic analysis (under submission). My ongoing work focuses on applying a novel combination of speculation and static analysis to accelerate dynamic analyses. Current results show order of magnitude speed-ups on a prototype dynamic slicing analysis.
Research Area: Mobile Security and Privacy
Position Sought: Industrial Research Labs
Statement: My research focuses on mobile security and privacy, with an emphasis on understanding and regulating the communication channels between mobile apps, mobile OS and end users. Specifically, I identified and assessed emerging attack surfaces in Android Binder (client-side IPC channel), mobile user tracking/profiling (cloud-side aggregation channel), and personal voice assistants (human-computer interaction channel). The dynamics between these communicating parties, in combination with their trust relationship, create many interesting problems.
Research Area: Systems Security, Internet of Things, Cyber-Physical Systems
Position Sought: Tenure Track Faculty, Research Faculty, Industrial Research Labs
Statement: My research explores the security of the Internet of Things from a systems perspective. I am interested in developing techniques to analyze existing IoT systems to discover how they fail in practice, and in designing better systems, as well as improving current systems, to support a more secure and safe future Internet of Things. Examples of my current work include an empirical analysis of the popular SmartThings platform, which received the Distinguished Practical Paper Award at the IEEE Symposium on Security and Privacy in 2016, and FlowFence, a system that addresses the flow control problem for IoT apps, and shows how developers can restructure their code to build more privacy-respecting IoT apps. This work will appear at the USENIX Security Symposium, 2016. My past work has focused on mobile system security, where I developed techniques to enable privacy-respecting analytics (Mobicom 2016), techniques to prevent UI phishing (FC 2016), and techniques to enable better permission granting in smartphone OSes (IEEE TIFS 2014).
Research Area: Database, Big Data Processing, Data Mining
Position Sought: Tenure Track Faculty, Industrial Research Labs
Statement: Yongjoo Park is a Ph.D. Candidate in Computer Science and Engineering. His research interests lie in big data processing and its applications to data mining. In particular, he focuses on building smarter and faster big data analysis systems by leveraging advanced machine learning and statistical techniques. His works include real-time data analytics, data visualizations, searching in high-dimensional space, etc., for which harnessing big data is of great practical importance, but at the same time, brings novel challenges.