首页 >  学术交流
梁振凯海报

内容摘要:

In today's cloud-based systems, users often process sensitive information in web or mobile applications. Malicious code in these run-time environments, such as injected JavaScript or malicious mobile apps, is the one of the main threats to security of users’ data. Many existing solutions aim to clean up the run-time environments by preventing malicious code and system vulnerabilities. We take an alternative approach: with the help of an addition environment with small trusted-computing base (TCB), we establish trusted processing of sensitive data in an environment we do not fully trust. In this talk, we discuss our solution on the web platform and the mobile platform. On the Android platform, based on the TrustZone technology, we designed DroidVault to allow users to have strong control over their data even when the Android platform is compromised with malicious code. On the web platform, we designed User-Path to establish a trusted path between users and web application servers to defeat malicious scripts injected into the web environment.

报告人简介:

 Zhenkai Liang is an Associate Professor of School of Computing at National University of Singapore (NUS). His main research interests are in system and software security, web security, mobile security, and program analysis. As a co-author, he received the Best Paper Award in ICECCS 2014, the Best Paper Award in W2SP 2014, the ACM SIGSOFT Distinguished Paper Award at ESEC/FSE 2009, the Best Paper Award at USENIX Security Symposium 2007, and the Outstanding Paper Award at ACSAC 2003.  He also won the Young Investigator Award of NUS in 2008 and Annual Teaching Excellence Award of NUS in 2014.  He received his Ph.D. degree in Computer Science from Stony Brook University in 2006 and B.S. degrees in Computer Science and Economics from Peking University in 1999. 

(2014-10-16)