Submit Your Best Work to 2018 IEEE SecDev Conference!!

Help us distribute this SecDev FLYER

ACM CCS Women in Cybersecurity Workshop (CyberW) 2017 was a success!!

Help us spread the word!

2017 CyberW workshop summaries are HERE and HERE.

Screening 100K Apps for Collusion Threats

Our DARPA-sponsored work on Android malware collusion detection on >100,000 apps will appear at ACM ASIACCS.

Joint work by Amiangshu Bosu (former postdoc from Yao group), Fang Liu, and Gang Wang.

It is open source! Check it out HERE.

Select media coverage: New Scientist, ACM Technews, International Business Times

→ Read more

Program Anomaly Detection Book, Tutorial, and Keynote

Daphne is the lead author of a 2017 book titled Anomaly Detection as a Service. Check it out HERE. Free access for institutions with agreements with Morgan & Claypool.

Daphne and Xiaokui gave a tutorial on program anomaly detection at ACM CCS in ACM CCS '16. It is useful for all researchers and practitioners who are interested in data analytic and program analysis tools for designing innovative security methods.

Video on program anomaly detection webinar at CSIAC.

Daphne's 2017 keynote slides on program anomaly detection in the cloud at ASIACCS SCC can be found here.

+ Learn more

Probabilistic Program Anomaly Detection

Daphne is to present program anomaly detection at IEEE Dependable Systems and Networks (DSN). Our system CMarkov provides context-sensitive and probabilistic classification of program traces for security.

Joint work with Ke Tian, Kui Xu, Barbara Ryder.

→ download

Our People

Dr. Danfeng (Daphne) Yao (PI)

Dr. Daphne Yao (Full CV)

Ke Tian (PhD)

Ke Tian (PhD Student)

Sazzadur Rahaman (PhD)

Sazzadur Rahaman (PhD Student)

Long Cheng (PhD)

Long Cheng (PhD Student)

Ya Xiao (PhD)

Ya Xiao (PhD Student)

Kaidi Wang (PhD)

Kaidi Wang (PhD Student)

Md Salman Ahmed (PhD)

Md Salman Ahmed (PhD Student)

Former Yao Group Members

+ Learn more

Android Malware Collusion Detection

The conventional attack model assuming a stand-alone malware app may be inadequate for mobile security. Multiple apps can collude to leak sensitive information or abuse system resources.

Existing methods are not designed to defend against such sophisticated collusion attacks on Android. New program analysis and classification techniques on pairs or chains of apps are needed.

Scalability and false alarms are two foremost research challenges. Our new AsiaCCS '17 work computes the collusion threats of more than 100,000 Android apps.

+ Learn more

Storytelling Security

Context is a key for security analysts to reason about the legitimacy of observed system and network events.

Finding out why things occur and why they occur in a specific order are like telling stories about the computers and users.

We coined the phrase storytelling security to refer to a general causal reasoning approach for security.

Our group has successfully demonstrated several concrete embodiments for network security (C&S 2016, ASIACCS 2014), web security (TDSC 2012, NSS 2011), and Android security (C&S 2016, AISec 2016).

We hold two U.S. patents on the causality for security technologies.

+ Learn more

Securing Crypto Implementations

Software vulnerabilities are costly. NIST estimates that cost to be $60 billion each year, which includes the costs for developing and distributing software patches and reinstalling infected systems and the lost productivity due to malware and errors.

The problem of software vulnerabilities is not new. What is new and promising is the increasing adoption of cryptography and security mechanisms in common software applications. However, it is difficult to write crypto code correctly.

Surprisingly, the practical task of securing cryptographic implementation is still in its infancy. This status is in sharp contrast with the multi-decade advancement of modern cryptography.

This gap became particularly alarming, after multiple high-profile discoveries of cryptography-related vulnerable code in widely used network libraries and tools (e.g., the lack of authenticated encryption in iMessage, Diffie-Hellman key exchange downgrade vulnerability in TLS, and the exposure of random seeds in Juniper Network).

Our ongoing effort is on cryptographic program analysis (CPA), where we design rigorous static program analysis to detect crypto vulnerabilities in code C programs (IEEE SecDev 2017) and Java programs.

Our ICSE '18 work on empirical findings from the Stack Overflow forum are interesting. They motivate the need for effective crypto coding assistance.

+ Learn more