This is my academic website, where you can find information on my current research. I’m currently a postdoctoral fellow in Prof. Peng Liu's group at the Pennsylvania State University. Before working as a post-doc at Penn State, I received my BS degree from the University of Science and Technology of China, and my PhD from the University of Chinese Academy of Sciences in 2015.
My research interests cover a wide range of systems security, including mobile security and IoT systems security. I am especially interested in leveraging COTS hardware components/features to design and build systems that are more reliable and secure than solutions based on software alone. I found that while emerging hardware components are primarily designed for performance improvement, they can be leveraged to facilitate security solution development, and the resulting systems are often superior to software alone approaches in terms of efficiency, robustness and more importantly, security.
My PHD dissertation focuses on utilizing CPU caches to hide critical data such as cryptographic keys in a computing system (appears in IEEE S&P and NDSS). At Penn State, I'm more interested in the security of mobile devices. We developed a system that shields COTS binaries to securely execute on the ARM platform with TrustZone (appears in MobiSys), and a bare-metal malware analysis platform for Android that could restore the host system to a clean-state snapshot in 2.80 seconds (appears in ACSAC).
I'm now working on the security of IoT systems running on low-end microcontrollers. We have disclosed a vulnerability that appears in many telematics devices (appears in SenSys). I found that many security mechanisms designed for high-end processors are not directly applicable to the low-end ARM microcontroller, which unfortunately contributes a large slice of the consumer market. How to transparently apply existing security techniques to microcontroller based IoT devices remains an open question. With the emergence of IoT technology, the urgency to reinforce the protection of this cheap hardware has never been higher.