For wisdom will enter your heart, and knowledge will be pleasant to your soul.
80 04 049
Announcements and highlights:
1. Position Openings for Research Engineers, Postdocs, and PhD Students. [details]
2. New Book Authored (Springer 2015)
3. Recent Book Authored (Morgan & Claypool 2013)
· Yingjiu Li, Robert H. Deng, Elisa Bertino: RFID Security and Privacy. 158 pages, ISBN-13: 978-1627053259, Synthesis Lectures on Information Security, Privacy, & Trust, Morgan & Claypool Publishers, December 2013. [purchase hardcopy at Amazon] [purchase softcopy at M&C]
4. Android Security Flaws Fixed (Google 2016)
We discovered a series of Android framework vulnerabilities and attacks on Android 5.1.0 and 4.4.4 and reported to Google in November 2015. Google acknowledged our findings in its Android Security Acknowledgements – 2016 and in its Nexus Security Bulletin - March 2016. In particular, our finding on Information Disclosure Vulnerability in Telephony is given a common vulnerabilities and exposures (CVE) number CVE-2016-0831.
· [Google Security Bulletin] https://source.android.com/security/bulletin/2016-03-01.html
· [Google acknowledgments] https://source.android.com/security/overview/acknowledgements.html
· [Computerworld] http://www.computerworld.com.sg/print-article/99278/
5. Potentially High Value Patent (Huawei 2015)
· Our patent “Secure Permission Control on Android Techniques” is evaluated by Huawei Technologies Co., Ltd. to be of “potentially high” value in October 2015.
· Our patent “System and method for determining a security classification of an unknown application” is evaluated by Huawei Technologies Co., Ltd. to be of “potentially high” value in June 2016.
6. FaceLive (CCS 2015)
We developed a liveness detection mechanism for facial authentication on mobile phones.
§ [Channel News Asia] http://www.channelnewsasia.com/news/singapore/phone-users-to-get-better/2428186.html
§ [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015.
7. iOS Security Flaws Fixed (Apple 2013)
We identified seven attacks which can be performed by third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We reported our findings to Apple's security team in October 2012. Three attacks, which include passcode cracking (CVE-2013-0957), interference with or control of telephony functionality (CVE-2013-5156) and sending tweets without the user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its release of iOS 7 in Sept 2013.
· [Apple announcement] https://support.apple.com/en-sg/HT202816
· [Research paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved Third-Party Applications. 11th International Conference on Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta, Canada, June 25-28, 2013.
8. Distinguished Paper Award (NDSS 2012).
· Qiang Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability. 19th Network & Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5-8, 2012.
9. RFID Security Lab at SIS, SMU
10. Mobile Security Projects at SIS, SMU
Recent program committee members and other professional services:
· 21st ACM Symposium on Access Control Models and Technologies (SACMAT), 2016
· 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2016.
· 21st European Symposium on Research in Computer Security (ESORICS), 2016.
· 12th International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2016.
· 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec), 2016.
· Australasian Conference on Information Security and Privacy (ACISP), 2016.
· 12th International Conference on Information Security Practice and Experience (ISPEC), 2016.
· 12th International Conference on Information Systems Security (ICISS), 2016.
· International Conference on Provable Security (ProvSec), 2016.
· International Conference on Information Systems Security and Privacy (ICISSP), 2016.
· 9th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (SpaCCS), 2016.
· IEEE Global Communications Conference: Communication & Information System Security (Globecom – CISS), 2016.
· 20th European Symposium on Research in Computer Security (ESORICS), 2015.
· 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2015.
· 11th China International Conference on Information Security and Cryptology (Inscrypt), 2015.
· 17th International Conference on Information and Communications Security (ICICS), 2015.
More publications on DBLP