Systems and Network Security

systems or network, and developing the security protocols and mechanisms for wired and wireless infrastructures is critical to securing information. Creating the tools needed to identify and close vulnerabilities while also researching methods of avoiding future problems is one of the challenges of systems and network security.

XiaoFeng Wang’s group works on secure data-intensive computing on hybrid clouds as well as mobile security.  A hybrid cloud is a typical way that an organization uses the commercial cloud: the public cloud here often acts as a receiving end of the computation “spill-over” from the organization's internal system. This new computing paradigm, involving both the public cloud and the private cloud, presents a new opportunity to outsource a large-scale computing task, in an efficient and privacy-preserving way, to untrusted environments. Our research shows that over this platform, new secure techniques can be developed to support real-world data-intensive computing.

The group is also building new techniques for automatic security analysis of emerging mobile-cloud services, push-messaging in particular, which are riddled with security loopholes, allowing the attacker to remotely lock out the user from her phone, erase her data and install any apps without her consent through Google Cloud Messaging, as our study show.  We are developing end-to-end protection for mobile-cloud users even when the underlying mobile-cloud services are problematic.