Xuhua DING

Associate Professor
School of Computing and Information Systems
Singapore Management University

Tel: +65-68280683 Fax: +65-68280913

No OS Is Too Big; No Hypervisor Is Too Small

My team and I are inspired to design trustworthy systems in commodity x86 and ARM platforms to counter kernel space attacks. We mainly use hardware virtualization to construct hypervisor-based systems for various purposes. Our present interest centers on provisioning new systems for dynamic malware analysis including hybrid symbolic execution. Current team members are:

Several positions for Postdoctorates/Research Engineers/Visiting Students are open under two NRF research grants. Please visit OASIS and SMC for project details.

Research Areas: system/software security, applied cryptography on privacy preserving

System security I am interested in building secure and trustworthy systems to counter attacks from malicious software in user space and/or the kernel. Recent publications are listed below.

SMILE: Secure Memory Introspection for Live Enclave, IEEE S&P 2022

T-counter: Trustworthy and efficient CPU resource measurement using SGX in the cloud, IEEE TDSC 2022

A Coprocessor-based Introspection Framework via Intel Management Engine, IEEE TDSC 2021

On the Root of Trust Identification Problem, ACM/IEEE IPSN 2021

A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces , IEEE S&P 2021, (presentation in Blackhat 2022)

FIMCE:A Fully Isolated Micro-Computing Environment For Multicore Systems, ACM TOPS Vol 21, No. 3, April 2018

Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping, ACM CCS 2017

Seeing Through The Same Lens: Introspecting Guest Address Space At Native Speed, USENIX Security 2017

On the Effectiveness of Virtualization Based Memory Isolation on Multicore Platforms, EuroS&P 2017

HBinder: A Hardened Binder Framework on Android Systems, SECURECOMM 2016

SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services, SECURECOMM 2015

Efficient Virtualization-Based Application Protection Against Untrusted Operating System, ASIACCS 2015

Guardian: Hypervisor as Security Foothold for Personal Computers, TRUST 2013

Virtualization Based Password Protection Against Malware In Untrusted Operating Systems, TRUST 2012

DriverGuard: A Fine-grained Protection On I/O Flow, ESORICS 2011, (a journal version in TISSEC 2013)

ScriptChecker: To Tame Third-party Script Execution with Task Capabilities NDSS 2022

Catch You With Cache: Out-of-VM Introspection to Trace Malicious Execution IEEE/IFIP DSN 2021

To Detect Stack Buffer Overflow With Polymorphic Canaries, DSN 2018

Hardware Assisted Fine-grained Code Reuse Attack Detection, RAID 2015

ROPecker: A Generic and Practical Approach For Defending Against ROP Attack, NDSS 2014

Remote Attestation on Function Execution, INTRUST 2009,

Remote Attestation on Program Execution, ACM CCS Workshop on Scalable Trusted Computing (STC), 2008

Applied cryptography and privacy protection My primary interest in applied cryptography is to protect data privacy in various database and network applications.

Privacy-preserving Ad-Hoc Equi-Join on Outsourced Data, ACM TODS 2014

Verifiable and Private Top-k Monitoring (short paper), ACM ASIACCS 2013

Database Access Pattern Protection Without Full-shuffles, IEEE TIFS 2011

Embellishing Text Search Queries to Protect User Privacy, VLDB 2010

Genomic Security (Lest We Forget) , IEEE Security & Privacy, Oct 2017, Volume 15, Issue 5

Achieving Revocable Fine-Grained Cryptographic Access Control over Cloud Data, ISC 2013

A Generic Construction of Accountable Decryption and Its Applications, ACISP 2012 (Best student paper award)

Multimedia security In this area, my research focuses on protecting confidentiality and integrity of H.264/SVC streams.

On Security of Content-Based Video Stream Authentication, ESORICS 2015

A hybrid scheme for authenticating scalable video codestreams, IEEE TIFS 2014

Efficient authentication and access control of scalable multimedia streams over packet-lossy networks, SCN 2014

No Tradeoff Between Confidentiality and Performance: An Analysis On H.264/SVC Partial Encryption, IFIP CMS'12 (Best paper award)

Short BIO: I joined the School of Information Systems of Singapore Management University after receiving my Ph.D. degree in Computer Science from USC with most of my research done at UC Irvine. Before that, I received my B.Eng and M.Sc degrees from Shanghai JiaoTong University.

(updated on Jan 2022)