Please visit Yao Group Website to learn about our work on cybersecurity.

Daphne's short bio, CV, key publications, complete list, research, iMentor, CyberW

Daphne is running for Vice-Chair of ACM SIGSAC! You need to join SIGSAC to vote in spring 2021. My candidate statement is here:

I have a deep passion for serving our international SIGSAC community. I hope to have the distinct honor of contributing to this outstanding group.

Inclusive excellence – encouraging peoples that are under-represented in terms of gender, race, sexual orientation, age, experience, geographic location, and research interests – has been my focus in the past 4 years of serving as SIGSAC secretary/treasurer.

Besides founding diversity initiatives (iMentor and CyberW) and requiring Code of Conduct in SIGSAC conferences, I also helped recognize work that addresses practical cybersecurity, privacy, and cryptography challenges (e.g., ACM DTRAP special issues for research with artifacts).

Embracing a broader definition of novelty would enable SIGSAC to better contribute to society.

If elected, I also plan to establish a mechanism for SIGSAC publications to appear in the Research Highlights of Communications of the ACM. It will propel SIGSAC researchers to be visible in ACM -- and more importantly -- better disseminate our knowledge.

Fostering caring community atmospheres will continue to be my goal. I will organize seminars for tech professionals on research journeys and mental health, such as anxiety disorders and impostor syndrome.

Daphne's Inscrypt 2020 keynote on "To Be Software Developers' Friends" is available. (Slides are HERE.)

Our ACM CCS 2020 work on quantifying ASLR security under code reuse attacks is available. (Slides are HERE.)

Daphne talked about Research style diversity and impostor syndrome at ACM CCS iMentor 2020. (Slides are HERE.)

iMentor ACM CCS 2020 logo Check out iMentor, the new Individualized Cybersecurity Research Mentoring Workshop, co-locating with ACM CCS for multiple years.

Daphne's keynote on defense in depth for CPS is on YouTube. Slides are HERE. Abstract at IEEE CPS-Sec.

Our paper on data breach prevention was the No. 1 most downloaded in 2019 at WIREs Data Mining and Knowledge Discovery.

Daphne's keynotes on data breach prevention at Brown's Executive Master Program in Cybersecurity in Part 1 and Part 2, and IEEE SPS.

Daphne's ACM SACMAT '18 keynote slides on data breach are HERE.

Call for deployable and impactful security work at ACSAC 2020.

Daphne's ACM CCS '16 tutorial on program anomaly detection . Slides are here.

Keynote slides on cloud data analytics at the ACM ASIACCS Cloud Security Workshop (SCC) are HERE.

ACM SIGSAC Women in Cybersecurity Research Workshop (CyberW) 2020 was a success!!
Check out the videos and slides and the inaugural CyberW Early Career Award winners!

Continue on to Yao Group Website to learn about our research and publications.

Key Publications

(* indicates Yao group members)

  • [BOOK] Anomaly Detection as a Service: Challenges, Advances, and Opportunities.
    Danfeng Yao, Xiaokui Shu*, Long Cheng*, and Salvatore J. Stolfo. In Information Security, Privacy, and Trust Series. Morgan & Claypool. Oct. 2017.

  • [ACM CCS 2020] Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP.
    Salman Ahmed*, Ya Xiao*, Kevin Z. Snow, Gang Tan, Fabian Monrose, and Danfeng (Daphne) Yao.
    In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS'20). November 9–13, 2020.

  • [ACM CCS 2019] CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.
    Sazzadur Rahaman*, Ya Xiao*, Sharmin Afrose*, Fahad Shaon, Ke Tian*, Miles Frantz*, Murat Kantarcioglu, and Danfeng (Daphne) Yao.
    ACM Conference on Computer and Communications Security (CCS). London, UK. Nov. 2019.

  • [arXiv 2020] Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases.
    Ya Xiao*, Yang Zhao, Nicholas Allen, Nathan Keynes, Danfeng (Daphne) Yao, and Cristina Cifuentes.
    arXiv:2007.06122. 2020.

  • [ACM CCS 2019] Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations.
    Sazzadur Rahaman*, Gang Wang, and Daphne Yao.
    ACM Conference on Computer and Communications Security (CCS). London, UK. Nov. 2019.

  • [ICSE 2018] Secure Coding Practices in Java: Challenges and Vulnerabilities.
    Na Meng, Stefan Nagy*, Danfeng Yao, Wenjie Zhuang, and Gustavo Argoty.
    International Conference on Software Engineering (ICSE). Gothenburg, Sweden. May, 2018.

  • [ACM ASIACCS 2017] Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications.
    Amiangshu Bosu*, Fang Liu*, Danfeng Yao, and Gang Wang.
    In Proceedings of ACM Symposium on Information, Computer & Communication Security (ASIACCS) Apr. 2017.

  • [ACM TOPS 2017] Long-Span Program Behavior Modeling and Attack Detection.
    Xiaokui Shu*, Danfeng Yao, Naren Ramakrishnan, and Trent Jaeger
    ACM Transactions on Privacy and Security (TOPS). May 2017.

  • [ACM CCS 2015] Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths
    Xiaokui Shu*, Danfeng Yao, and Naren Ramakrishnan.
    In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS). Denver, Colorado. Oct. 2015.

  • [IEEE CSF 2015] Probabilistic Program Modeling for High-Precision Anomaly Classification.
    Kui Xu*, Danfeng Yao, Barbara Ryder, and Ke Tian*.
    In Proceedings of the 2015 IEEE Computer Security Foundations Symposium (CSF). Verona, Italy. Jul. 2015.

  • [Computers & Security 2016] Causality Reasoning about Network Events for Detecting Stealthy Malware Activities.
    Hao Zhang*, Danfeng Yao, Naren Ramakrishnan, and Zhibin Zhang.
    Computers & Security (C&S). 58: 180-198. Elsevier. 2016.

  • [IEEE TIFS 2015] Privacy-Preserving Detection of Sensitive Data Exposure.
    Xiaokui Shu*, Danfeng Yao, and Elisa Bertino.
    IEEE Transactions on Information Forensics & Security (TIFS). 10(5). 1092-1103. May 2015.

  • [SECURECOMM 2012] Data Leak Detection As a Service.
    Xiaokui Shu* and Danfeng Yao.
    In Proceedings of the 8th International Conference on Security and Privacy in Communication Networks (SECURECOMM). Padua, Italy. Sep. 2012.

  • [IEEE TDSC 2020] Detection of Repackaged Android Malware with Code-Heterogeneity Features.
    Ke Tian*, Danfeng Yao, Barbara Ryder, Gang Tan, and Guojun Peng.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 17(1), Jan/Feb 2020.

  • [ACM ASIACCS 2014] Detection of Stealthy Malware Activities with Traffic Causality and Scalable Triggering Relation Discovery.
    Hao Zhang*, Danfeng Yao and Naren Ramakrishnan.
    In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Kyoto, Japan. Jun. 2014.

  • [IEEE TDSC 2012] Data-Provenance Verification For Secure Hosts.
    Kui Xu*, Huijun Xiong*, Chehai Wu*, Deian Stefan*, and Danfeng Yao.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 9(2), 173-183. March/April 2012.

  • [ACM TISSEC 2008] Private Information: To Reveal or Not To Reveal.
    Danfeng Yao, Keith Frikken, Mike Atallah, Roberto Tamassia.
    ACM Transactions on Information and System Security (TISSEC). 12(1). Feb. 2008.

  • [ACM CCS 2004] ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption.
    Danfeng Yao, Nelly Fazio, Yevgeniy Dodis, and Anna Lysyanskaya.
    In Proceeding of the ACM Conference on Computer and Communications Security (CCS). Washington DC, 2004.