Software and system security, including automatic vulnerabilities detection and repair in programs, the security of Industrial Control Systems (ICS), patch management; deep learning including Generative Adversarial Networks (GANs), deep reinforcement learning; theoretical cryptography and applied cryptography.
Overall GPA: 4/4; Advisor: Danfeng (Daphne) Yao
Thesis committee members: Danfeng (Daphne) Yao, Matthew Hicks, Naren Ramakrishnan, Xinyang Ge(MSR)
Tentative thesis title: ACESO: Automatic Code Repair of Complex Security Vulnerabilities with Generative Adversarial Networks
Thesis title: Security Analysis of Lightweight Block Ciphers
Advisor: Lize Gu, Shihui Zheng
Research Topic: Cryptanalysis, Applied Cryptography
Thesis title: Research on Risk Management and Control of Internet Financial
for course Mordern Cryptography taught by Prof. Shihui Zheng, which covers topics about symmetric ciphers, asymmetric ciphers, athuentication, digital signature, key management.
This project is ongoing. It focuses on complex security vulnerabilities which can't be handled by existing automatic code repair solutions. The types of vulnerabilities this project targets include improper implementation of cryptography, access control, authentication, secure communication, authorization, and configuration process. I will focus on API misuse level vulnerabilities first due to its prevalence. Then I will proceed to the vulnerabilities in the libraries. I plan achive full automation of the repair process by training a Generative Adversarial Network (GAN) to generate patches for the complex security vulnerabilities.
This project is ongoing. It focuses on the process of applying security patches in ICS. In ICS, the critical infrastructures require the high reliability and stability of their systems and software. Therefore, many software remain vulnerable after the corresponding patches available. This project aims to learn the practice of the patch management process in ICS, and then prosent solutions to promote secure practice of applying patches to address vulnerabilities.
This project focuses on the vulnerabilities caused by errors and misuses in cryptographic implementation. We developed a tool which can detect these cryptographic vulnerabilities in Java source code.