Li Yang Research

Curbing Crimes in Urban Areas Using Emerging Computing Technologies

Sharmila chackravarthy, Fall 2016

Rapid and unprecedented population growth in urban areas has contributed to some common pressing issues on public safety. The rate of violent crime in metropolitan areas is higher than those outside of metropolitan areas based on FBI reports in recent years. The state of Tennessee ranked the 1st in 2012 and the 4th in 2013 among the most dangerous states based on the number of violent crimes per 100,000. Crime can ruin lives, but it also carries a significant financial cost, therefore, reducing crime saves money. Public safety is a basic and important community factor. The first time in the history, abundance of data are available through Internet of Things (IoTs), city open data, historical data, and social media, which can be integrated with data analytics to defend crimes. Therefore, automatic detection of crime behaviors integrated with real-time intervention and response is a key element in reduce crimes in urban areas. It is timely and important to investigate impact of Internet of Things (IoTs) and data analytics on curbing crimes in urban areas, and to design approaches that accurately and timely respond and deter crimes. Insights gained through this project could lead to new ways to reduce crimes in urban areas, especially those in discrete concentration areas. Success of this project will benefit other smart cities that seek solutions to improve public safety and optimize law enforcement resource with assistance of IoTs and city open data. The proposed system will first collect data and situational factors related to suspicious incidents, and then detect and classify crime incidents using a new deep learning classifier. Finally, the system will provide real-time response and predictive strategies.

Security of Internet of Things in Using RaspberryPi

The Internet of Things (IoT) is becoming a reality in today’s society. The IoT can find its application in multiple domains including healthcare, critical infrastructure, transportation, and home and personal use. It is important to teach students importance and techniques that are essential in protecting IoT. We design a series of hands-on labs in a smart home setting, which can exercise attack and protection of IoT. Our hands-on labs use a Raspberry Pi and several diverse smart things that communicate through Z-Wave technology. Using this environment, students can operate a home automation system and learn security concepts by performing these labs. These labs demonstrate several fundamental security concepts and techniques that can be adopted in security curricula. Students are expected to understand and master how to implement various attacks, design and implement defenses to these attacks, and explore security solutions of Internet of Things in a Smart Home application.

Secure Development with Gamification

Gamification is the application of techniques used in game-design that which strives to keep users immersed and reward them with a feeling of enjoyment and accomplishment. The industry is quickly adopting gamification to motivate employees to complete all sorts of training. A task that was once tedious and boring can be brought back to life with the proper application of gamification. A passionate employee/student will naturally learn and retain materials better than their unengaged counterpart. This project uses gamification to develop online training materials for education of secure development.

Web Tracking and Ad Network

Dhaval Patel

One of the fastest-growing businesses on the Internet, a Wall Street Journal investigation has found, is the business of spying on web users. The Journal conducted a comprehensive study that assessed and analyzed a broad array of surveillance technologies that companies are used to monitor Internet users. It revealed that tracking of consumers has grown both far more pervasive and far more intrusive than it was realized by all but a handful of people in the vanguard of the industry. Recent studies have proposed several approaches to preventing the business from spying on web users, without disrupting the main web functionalities, such as providing advertisements, etc.

Securing Health Data in mStroke: A System for Stroke Rehabilitation

David Schwab, Dan Kolb, Eric Reinsmidt

Connected mobile systems are useful to provide remote and continuous monitoring, which has been increasingly applied in healthcare. In order to protect patients’ privacy based on HIPPA regulation, the security of connected mobile systems decides if users can trust and adopt the system. This paper proposes a novel approach to protect a connected mobile system in a mobile cloud environment. The novel approach is able to provide connected mobile systems with authentication, encryption, and usable security that counter attacks such as sniffing, replay, and man-in-the-middle attacks. The performance including encryption, decryption, and key generation time has been evaluated based on a real-world mobile cloud environment. Security robustness has been analyzed based on several threat models as well.

Bioinformatics analysis of human genes associated with diseases at higher rates in African Americans (DHRAAs)

Yi Jiang

Health disparity refers to population-specific differences in the presence of disease, health outcomes, or access to health care that exist across racial and ethnic groups. According to a 2009 study by the Joint Center for Political and Economic studies, eliminating health disparities for minorities would have reduced direct medical care expenditures by $229.4 billion between 2003 and 2006 [1]. The goal of this project is to identify pathogenic potentials of human genes in African American derived populations (AADPs) through large-scale computational searches. Revealing pathogenic genes and affecting factors among AADPs will help to reduce cost of health care by guiding African Americans to take preventive measure to mitigate health disparity.

Fine-grained Reputation-based Routing in Wireless Ad Hoc Networks

Mobile Ad-hoc Networks (MANETs) are extremely helpful in supporting and forming an instant network when no fixed infrastructure is available. MANETs can support applications in a variety of areas like emergency assistance and inter-vehicle communications. Most developed wireless ad-hoc routing protocols are designed to discover and maintain an active path from source to destination with an assumption that every node is friendly. However, it is possible that the participating nodes may be selfish or malicious. A mechanism to evaluate reputation and trust for each node is essential for the reliability of a routing protocol in MANETs.

In this area, we are doing research in integrating reputation and trust management into routing protocols in MANETs. The reputation mechanism is based on constantly monitoring and updating both first-hand and second-hand information. Nodes within the network are able to monitor their immediate neighbors and obtain first-hand information based on the perceived behavior. Second-hand information is obtained from the sharing of this first-hand information with other network nodes. The nodes thus create the total reputation value by a combination of first-hand and second-hand information. The total reputation value is then available to neighboring nodes for routing decisions. Dynamic Source Routing Protocol (DSR) is selected to explore the possibility and benefits resulting from the integration of a reputation and trust management into a routing protocol. Reputation-based routing is designed to improve reliability in both route discovery and maintenance in MANETs.

Integrate Trust into Usage Control in File Sharing

Most access control models have formal access control rules to govern the authorization of a request from a principal. Trust evaluation helps to identify a principal or behaviors of a principal in a pervasive and collaborative environment when complete information on a principal is not available. This paper integrates trust management into usage control model to make file sharing decision in an ever-changing environment. The attributes associated with a certain principal and requested objects, contexts associated with a certain request, and even behaviors of a principal can change during the collaborative file sharing environment. A variety of such mutability poses challenges in file protection when resources sharing must happen during collaboration. In order to address the challenges, we propose a framework to determine trust value of a principle of a principle and thus integrate the trust into access control to make decision on resource exchange. First, a trust value for a principal is evaluated based on both observed behaviors and peer recommendations. Second, the usage-based access control rules are checked to decide the authorization of a request. Our system is dynamic because untrusted principal can be disenrolled and on-going access can be revoked when it does not meet the access control rules due to mutability. We apply our trust based-usage control framework into an application of file sharing by simulation.

LDA-based Dark Web Analysis

Analysis of dark websites is important for developing effective combating strategies against terrorism or extremists when more and more scattered terrorist cells use the ubiquity of Internet to form a community in the virtual space with a fairly low cost. Terrorists or extremists can anonymously set up various web sites embedded in large scale public Internet, forming on-line social communities to exchange ideology, spread propaganda, recruit members and plan attacks. In this paper, we will propose a method to discover and cluster the latent topics via analyzing contents of "Dark websites". The content and data from dark websites are gathered and extracted by crawlers and exported to documents. LDA (Latent Dirichlet Allocation)-based hierarchical Bayesian algorithm is used to analyze the extracted documents so as to discover latent communities from the web sites of terrorists or extremists. Latent communities are subsets of terrorist or extremist networks, distributing over the social actor space. The connections within each discovered topic are dense, whereas the connections between the topics are sparse. In contrast to the traditional clustering technology, LDA-based analysis allows one document to be classified into different topics. By using Expectation-Maximization algorithm, a Bayesian inference is carried out to learn the distribution and classify documents into corresponding latent topics. Our analyses help to gain more insights into the structure and communities of terrorists and extremists.

A Relationship-based Context-aware Flexible Authorization Framework for Mediation Systems

Security is a critical concern for mediator-based data integration among heterogeneous data sources. We provide a modeling and architectural solution to the problem of mediation security that addresses the security challenges including context-awareness, semantic heterogeneity, and multiple security policy specification. A generic, extensible modeling method for the security policies in mediation systems is developed. A series of authorization constraints are identified based on the relationship on the different security components in the mediation systems. Moreover, we enforce the flexible access control to mediation systems while providing uniform access for heterogeneous data sources.

SecCMP: A Secure Chip-Multiprocessor Architecture

Security has been considered as an important issue in processor design. Most of the existing mechanisms address security and integrity issues caused by untrusted main memory in single-core systems. We are working on a secure Chip-Multiprocessor architecture (SecCMP) to handle security related problems such as key protection and core authentication in multi-core systems. Threshold secret sharing scheme is employed to protect critical keys because secret sharing is a distributed security scheme that matches the nature of multi-core systems. A critical secret is divided and distributed among multiple cores instead of keeping a single copy that is sensitive to exposure. The proposed SecCMP cannot only enhance the security and fault-tolerance in key protection but also supports core authentication. It is designed to be an efficient and secure architecture for CMPs. We use an application to demonstrate secure and remote critical information access and sharing supported by our SecCMP. Integrated with identity based cryptography, the SecCMP provides a secure and reliable way to generate and distribute encryption keys between a local host and a remote site when prior distribution of keys is not available.


Web and Browser Security

  1. Marco Balduzzi, Manuel Egele, Engin Kirda, Davide Balzarotti, and Christopher Kruegel. 2010. A solution for the automated detection of clickjacking attacks. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10). ACM, New York, NY, USA, 135-144.
  2. Kapil Singh, Alexander Moshchuk, Helen J. Wang, and Wenke Lee, On the Incoherencies in Web Browser Access Control Policies, 2010.
  3. Thomas Wadlow, Vlad Gorelik, Security in the Browser, ACM Queue, 2009.
  4. Willem De Groef, Dominique Devriese, Nick Nikiforakis, and Frank Piessens. 2012. FlowFox: a web browser with flexible and precise information flow control. In Proceedings of the 2012 ACM conference on Computer and communications security (CCS '12). ACM, New York, NY, USA, 748-759.
  5. Eric Yawei Chen, Jason Bau, Charles Reis, Adam Barth, and Collin Jackson. 2011. App isolation: get the security of multiple browsers with just one. In Proceedings of the 18th ACM conference on Computer and communications security (CCS '11). ACM, New York, NY, USA, 227-238.
  6. Shuo Tang, Haohui Mai, Samuel T. King, Trust and Protection in the Illinois Browser Operating System, n Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI), October 2010.
  7. Mike Ter Louw, Karthik Thotta Ganesh, and V. N. Venkatakrishnan. 2010. AdJail: practical enforcement of confidentiality and integrity policies on web advertisements. In Proceedings of the 19th USENIX conference on Security (USENIX Security'10). USENIX Association, Berkeley, CA, USA, 24-24.
  8. Gustav Rydstedt, Elie Bursztein, Dan Boneh, and Collin Jackson, Busting frame busting: a study of clickjacking vulnerabilities at popular sites, IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010).
  9. Daniel Bates, Adam Barth, and Collin Jackson. 2010. Regular expressions considered harmful in client-side XSS filters. In Proceedings of the 19th international conference on World wide web(WWW '10). ACM, New York, NY, USA, 91-100.
  10. Helen J. Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter. 2009. The multi-principal OS construction of the gazelle web browser. In Proceedings of the 18th conference on USENIX security symposium (SSYM'09). USENIX Association, Berkeley, CA, USA, 417-432.

Cloud Security

  1. Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, and Luigi Lo Iacono. 2011. All your clouds are belong to us: security analysis of cloud management interfaces. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop(CCSW '11). ACM, New York, NY, USA, 3-14.
  2. Pearson, S., "Taking account of privacy when designing cloud computing services," Software Engineering Challenges of Cloud Computing, 2009. CLOUD '09. ICSE Workshop on , vol., no., pp.44,52, 23-23 May 2009.
  3. Cong Wang; Qian Wang; Kui Ren; Wenjing Lou, "Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing," INFOCOM, 2010 Proceedings IEEE , vol., no., pp.1,9, 14-19 March 2010.
  4. Ko, R.K.L.; Jagadpramana, P.; Mowbray, M.; Pearson, S.; Kirchberg, M.; Qianhui Liang; Bu Sung Lee, "TrustCloud: A Framework for Accountability and Trust in Cloud Computing," Services (SERVICES), 2011 IEEE World Congress on , vol., no., pp.584,588, 4-9 July 2011.
  5. Dimitrios Zissis and Dimitrios Lekkas. 2012. Addressing cloud computing security issues. Future Gener. Comput. Syst. 28, 3 (March 2012), 583-592.
  6. Richard Chow, Philippe Golle, Markus Jakobsson, Elaine Shi, Jessica Staddon, Ryusuke Masuoka, and Jesus Molina. 2009. Controlling data in the cloud: outsourcing computation without outsourcing control. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW '09). ACM, New York, NY, USA, 85-90.
  7. Qian Wang, Cong Wang, Jin Li, Kui Ren, and Wenjing Lou. 2009. Enabling public verifiability and data dynamics for storage security in cloud computing. In Proceedings of the 14th European conference on Research in computer security (ESORICS'09), Michael Backes and Peng Ning (Eds.). Springer-Verlag, Berlin, Heidelberg, 355-370.
  8. Luis M. Vaquero, Luis Rodero-Merino, and Daniel Moran. Locking the sky: a survey on IaaS cloud security. Computing 91, 1 (January 2011), 93-118.
  9. Kaufman, L.M., "Data Security in the World of Cloud Computing," Security & Privacy, IEEE , vol.7, no.4, pp.61,64, July-Aug. 2009.
  10. Balachandra Reddy Kandukuri, Ramakrishna Paturi V., and Atanu Rakshit. 2009. Cloud Security Issues. In Proceedings of the 2009 IEEE International Conference on Services Computing (SCC '09). IEEE Computer Society, Washington, DC, USA, 517-520.
  11. Ramgovind, S.; Eloff, M.M.; Smith, E., "The management of security in Cloud computing," Information Security for South Africa (ISSA), 2010 , vol., no., pp.1,7, 2-4 Aug. 2010.
  12. Yanpei Chen, Vern Paxson and Randy H. Katz, What’s New About Cloud Computing Security?, Technical Report, UC Berkeley, 2010.
  13. Abdul Nasir Khan, M.L. Mat Kiah, Samee U. Khan, Sajjad A. Madani, Towards secure mobile cloud computing: A survey, Future Generation Computer Systems, Volume 29, Issue 5, July 2013, Pages 1278-1299, ISSN 0167-739X,