Electrical Engineering and Computer Science Professor Wenliang (Kevin) Du Recognized as Fellow of the Association for Computing Machinery 

Wenliang (Kevin) Du, the Laura J. and L. Douglas Meredith Professor in electrical engineering and computer science, has been recognized as a Fellow of the Association for Computing Machinery (ACM) for his contributions to cybersecurity education and research.  

The ACM is the world’s largest society of computing professionals, and their member grade recognizes the top 1% of ACM members worldwide for their groundbreaking contributions to computing and information technology. All 2023 inductees have been well-established ACM members who were chosen by their peers.  

Du has been at Syracuse University since 2001 and his research focuses on computer and network security. He founded the SEED open-source project in 2002 and the cybersecurity lab exercises developed from this project are now being used by 1,100 institutes worldwide. Additionally, his self-published book, “Computer & Internet Security: A Hands-on Approach”, has been adopted by 280 institutes worldwide. His research papers have been cited 17,800 times, and he has won two Test-of-Time Awards. Du was also elevated to a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) in 2023.

“This very prestigious award means a lot to me, as it recognizes over 20 years’ of my work on cybersecurity education and research, especially my work on cybersecurity education,” says Du. “I was told by many friends not to spend too much time on the education part, as it won’t help my tenure case – I am glad that I didn’t listen to them. Now the global impact of my work on cybersecurity education is huge.”  

Electrical Engineering and Computer Science Professor Yuzhe Tang Receives Grant to Protect Ethereum Security

Yuzhe Tang

Yuzhe Tang, associate professor of electrical engineering and computer science in the College of Engineering and Computer Science, and his research team have been awarded a grant by the Ethereum Foundation for research to advance the Ethereum blockchain ecosystem. This grant will support Tang and his Ph.D. students in designing, developing, and evaluating the security hardening code to protect the Ethereum network stack.

Ethereum is a network made up of several communities and toolsets that allow users to communicate or make transactions with digital money. Since the network is decentralized, users are in complete control of their data and what’s being shared, so they don’t need to give up any personal information – all users need to access Ethereum is an internet connection.

Denial of service security is critically important to the Ethereum blockchain ecosystem, and the research will explore ways to protect the Ethereum network from cyberattacks, involving systematic vulnerability discovery using applied formal methods. As cyber criminals attack networks like Ethereum and security concerns grow, Tang believes this research could have a lasting impact on the current landscape of cybersecurity and blockchain platforms.

“With this grant, we can help solve some of the most critical problems in the real world. We expect to continue developing code merged into Ethereum codebase,” Tang says. “I am most excited about making real-world impacts out of the research works from my group.”

Yuzhe Tang

Degree:

  • Ph.D. Computer Science, Georgia Tech

Lab/ Center/ Institute affiliation:

Full Stack Security Lab (FSSL)

Areas of Expertise:

  • Cyber-security and privacy
  • Systems security
  • Decentralized systems and blockchains
  • Cryptocurrencies and finance security
  • Applied formal methods and software testing

I am interested in the intersection between cybersecurity and systems. My research mission is to bring systems security and efficiency to large-scale, emerging/evolving infrastructures and applications. 1) On the cyber-security front, I am interested in applying formal methods, protocol analysis, automated program analysis, and software testing techniques to discover vulnerabilities, detect attacks, and design secure systems. I am also interested in the security-oriented measurement of large-scale systems. 2) On the systems front, I am interested in workload analysis, benchmarking, design of optimization schemes and middleware in various host systems. 

My recent research focuses on decentralized systems like public blockchains. I tackle the systems security/efficiency challenges at different blockchain layers, including application-level DeFi protocol, smart contracts, down to the systems-level consensus implementations, P2P networking, and web3.0 infrastructures. I am particularly interested in discovering and fixing design flaws in blockchains and DeFi applications using formal methods. My recent research on blockchain mempool security is well-recognized in the Ethereum/blockchain developer community. Besides, I am developing and disseminating blockchain educational materials. 

In the past, I worked on confidential computing, trusted execution environments, applied privacy-preserving protocols, and cloud security. 

Honors and Awards:

  • Ethereum Foundation Academic Grant Awardee, 2023 
  • Ethereum Foundation Academic Grant Awardee, 2022 
  • Air Force Research Lab (AFRL) Visiting Faculty Research Award, 2017 
  • Best Paper Award, 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, 2015 
  • Best Paper Award, 5th International Conference on Cloud Computing, 2012 
  • Tung’s Oriental Scholarship, Tung’s Oriental, 2008 

Selected Publications:

  • USENIX Security’24: “Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful Fuzzing”, Yibo Wang, Yuzhe Tang, Kai Li, Wanning Ding, Zhihua Yang. 
  • WWW’24: “Characterizing Ethereum Upgradable Smart Contracts and Their Security Implications”, AR=20.2%, Xiaofan Li, Jin Yang, Jiaqi Chen, Yuzhe Tang, Xing Gao.  
  • CCS’21: “DETER: Denial of Ethereum Txpool sERvices”, AR=22%, Kai Li, Yibo Wang, Yuzhe Tang.  
  • NDSS’21: “As Strong As Its Weakest Link: How to Break (and Fix) Blockchain DApps at RPC Service”, AR=15.2%, Kai Li, Jiaqi Chen, Xianghong Liu, Yuzhe Tang, X. Wang, X. Luo.  
  • IMC’21: “TopoShot: Uncovering Ethereum’s Network Topology Leveraging Replacement Transactions”, AR=28%, Kai Li, Yuzhe Tang, Jiaqi Chen, Yibo Wang, Xianghong Liu.  
  • FSE’21: “iBatch: Saving Ethereum Fees via Secure and Cost-Effective Batching of Smart-Contract Invocations”, AR=24.5%, Yibo Wang, Qi Zhang, Kai Li, Yuzhe Tang, Jiaqi Chen, X. Luo, T. Chen. 

Vir V. Phoha

Degree:

  • Ph.D. Texas Tech University

Research Interests:

  • Cyber Security – Cyber offense and defense
  • Machine Learning
  • Smart phones and tablets security
  • Biometrics — network based and standalone

Current Research:

My focus is to do original research that cuts across conventional rigorously defined disciplines and unifies basic and common concepts across disciplines. In particular, my research centers around security (malignant systems, active authentication, for example touch based authentication on mobile devices) and machine learning (decision trees, statistical, and evolutionary methods) with a focus on large time series data streams and static data sets, and computer networks (anomalies, optimization). I am also using these methods to build field realizable defensive and offensive Cyber-based systems. 

Courses Taught:

  • Security and Machine learning; Biometrics
  • Applied Cryptography

Honors and Awards:

  • Fellow of: AAAS; AAIA; IEEE; NAI; SDPS 
  • ACM Distinguished Scientist 
  • IEEE Computer Society Distinguished Visitor (2024-2026) 
  • ACM Distinguished Speaker (2012-2015) 
  • IEEE Region 1 Technological Innovation  Award, 2017 

Selected Publications:

  • F. Chen, J. Xin and V. V. Phoha, “SSPRA: A Robust Approach to Continuous Authentication Amidst Real-World Adversarial Challenges,” in IEEE Transactions on Biometrics, Behavior, and Identity Science, vol. 6, no. 2, pp. 245-260, April 2024, doi: 10.1109/TBIOM.2024.3369590 
  • Jingyu Xin, Vir V. Phoha, and Asif Salekin. 2022. Combating False Data Injection Attacks on Human-Centric Sensing Applications. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 6, 2, Article 83 (July 2022), 22 pages. https://doi.org/10.1145/3534577 
  • Xinyi Zhou, Kai Shu, Vir V. Phoha, Huan Liu, and Reza Zafarani. 2022. “This is Fake! Shared it by Mistake”:Assessing the Intent of Fake News Spreaders. In Proceedings of the ACM Web Conference 2022 (WWW ’22). Association for Computing Machinery, New York, NY, USA, 3685–3694. https://doi.org/10.1145/3485447.3512264 
  • Fallahi, A., Phoha, V.V. (2021). Adversarial Activity Detection Using Keystroke Acoustics. In: Bertino, E., Shulman, H., Waidner, M. (eds) Computer Security – ESORICS 2021. ESORICS 2021. Lecture Notes in Computer Science(), vol 12972. Springer, Cham. https://doi.org/10.1007/978-3-030-88418-5_30 
  • Xinyi Zhou, Atishay Jain, Vir V. Phoha, and Reza Zafarani. 2020. Fake News Early Detection: A Theory-driven Model. ACM Digital Threats 1, 2, Article 12 (June 2020), 25 pages. https://doi.org/10.1145/3377478 
  • B. Li, W. Wang, Y. Gao, V. V. Phoha and Z. Jin, “Wrist in Motion: A Seamless Context-Aware Continuous Authentication Framework Using Your Clickings and Typings,” in IEEE Transactions on Biometrics, Behavior, and Identity Science, vol. 2, no. 3, pp. 294-307, July 2020, doi: 10.1109/TBIOM.2020.2997004. 

Young B. Moon

Degree(s):

  • Ph.D., Purdue University
  • M.S., Stanford University
  • B.S., Seoul National University

Areas of Expertise:

  • Cyber-Manufacturing Systems
  • Cyber-Manufacturing Security
  • Systems Modeling and Simulation
  • Application of Machine Learning and Artificial Intelligence
  • Sustainable Product Realization Processes and Systems

Professor Moon teaches courses and conducts research in the areas of Cyber-Manufacturing Systems, Cyber-Manufacturing Security, Sustainable Manufacturing, Product Realization Processes and Systems, Enterprise Resource Planning (ERP) Systems, Systems Modeling and Simulation, Computer Integrated Manufacturing (CIM), Product Lifecycle Management (PLM), and Application of Artificial Intelligence and Machine Learning. He has had extensive interactions with industry and has published over 130 journal and conference publications. Dr. Moon is a licensed P.E. (Professional Engineer) registered in the State of New York, a CFPIM (Certified Fellow in Production and Inventory Management), and a CMfgE (Certified Manufacturing Engineer). He is active in numerous professional organizations such as INCOSE, ABET, SME, ASME, ASEE, and IFIP. He has served as a Commissioner for ABET’s Engineering Accreditation Commission and is serving on ABET’s Board of Delegates and Engineering Area Delegation. A Fulbright Scholar, he has also held visiting positions in various organizations across the globe.

Honors and Awards:

  • Outstanding Service Award from INCOSE (International Council on Systems Engineering)

Selected Publications:

Prasad R., Seyed, S.A.Z. and Y.B. Moon, “Recovery systems architecture for cyber-manufacturing systems against cyber-manufacturing attacks,” Manufacturing Letters, Vol. 31, pp. 851–860, The 51st SME North American Manufacturing Research Conference (NAMRC 51), New Brunswick, NJ, June 12–16, 2023.

Espinoza-Zelaya, C. and Y.B. Moon, “Framework for enhancing the operational resilience of cyber-manufacturing systems against cyber-attacks,” Manufacturing Letters, Vol. 31, pp. 843–850, The 51st SME North American Manufacturing Research Conference (NAMRC 51), New Brunswick, NJ, June 12–16, 2023.

Prasad R. and Y.B. Moon, “Comprehensive Analysis of Cyber-Manufacturing Attacks using a Cyber-Manufacturing Testbed,” Proceedings of the ASME International Mechanical Engineering Congress and Exposition, Columbus, OH, October 30–November 3, 2022.

Espinoza-Zelaya, C. and Y.B. Moon, “Assessing Severity of Cyber-Attack Threats against Cyber-Manufacturing Systems,” Proceedings of the ASME International Mechanical Engineering Congress and Exposition, Columbus, OH, October 30–November 3, 2022.

Espinoza-Zelaya, C. and Y.B. Moon, “Resilience Enhancing Mechanisms for Cyber-Manufacturing Systems against Cyber-Attacks,” The 10th IFAC Triennial Conference on Manufacturing Modeling, Management and Control (MIM 2022), Nantes, France, June 22–24, 2022.

Prasad, R. and Y.B. Moon, “Architecture for Preventing and Detecting Cyber-Attacks in Cyber-Manufacturing Systems,” The 10th IFAC Triennial Conference on Manufacturing Modeling, Management and Control (MIM 2022), Nantes, France, June 22–24, 2022.

Song, J., Wang, J. and Y.B. Moon, “Blockchain Applications in Manufacturing Systems: A Survey,” Proceedings of the ASME International Mechanical Engineering Congress and Exposition, Virtual, November 1–4, 2021.

Wu, M., Song, J., Sharma, S., Di, J., He, B., Wang, Z., Zhang, J., Lin, L., Greaney, E., and Y.B. Moon, “Development of Testbed for Cyber-Manufacturing Security Issues,” International Journal of Computer Integrated Manufacturing, vol. 33, no. 3, pp. 302–320, 2020.

Wu, M. and Y.B. Moon, “Alert Correlation for Detecting Cyber-Manufacturing Attacks and Intrusions,” Journal of Computing and Information Science in Engineering, Transactions of the ASME, vol. 20, no. 1, pp. 011004-1–011004-12, 2020.

Wu, M., Song, Z., and Y.B. Moon, “Detecting Cyber-Physical Attacks in CyberManufacturing Systems with Machine Learning Methods,” Journal of Intelligent Manufacturing, vol. 30, no 3, pp. 1111–1123, 2019.

Wu, M. and Y.B. Moon, “Intrusion Detection for Cyber-Manufacturing System,” Journal of Manufacturing Science and Engineering, Transactions of the ASME, vol. 141, no. 3, pp. 031007-1–031007-9, 2019.

Song, Z. and Y.B. Moon, “Sustainability Metrics for Assessing Manufacturing Systems: A Distance-to-Target Methodology,” Environment, Development and Sustainability, vol. 21, no. 6, pp. 2811–2834, 2019.

Wu, M. and Y.B. Moon, “DACDI (Define, Audit, Correlate, Disclose, and Improve) Framework to Address Cyber-Manufacturing Attacks and Intrusions,” Special Issue on Industry 4.0 and Smart Manufacturing, Manufacturing Letters, vol. 15, Part B, pp. 155–159, 2018.

Moon, Y.B., “Simulation Modeling for Sustainability: A Review of the Literature,” International Journal of Sustainable Engineering, vol. 10, no. 1, pp. 2–19, 2017.

Moon, Y.B., “Enterprise Resource Planning (ERP): A Review of the Literature,” International Journal of Management and Enterprise Development, vol. 4, no. 3, pp. 235–264, 2007.

Kristopher Micinski

Degree:

  • Doctorate of Philosophy, Computer Science, University of Maryland at College Park
  • Bachelor of Science, Computer Engineering, Michigan State University

Areas of Expertise:

  • Programming Languages
  • Static Analysis
  • Formal Methods
  • Foundations of Computer Security and Privacy

My research lies at the intersection of the theory and application of program analyses. Program analyses are tools that examine programs and determine (prove) facts about them. For example, a program analysis might prove that a program can never crash due to a type error. In general, however, program analyses can be arbitrarily complex and infer subtle program invariants relating to myriad applications (such as computer security).

Because program analyses must always approximate program behavior (otherwise they could solve the halting problem), there is an inherent tradeoff between analysis precision and analysis performance. Currently, program analyses are often applied only in limited contexts, as gaining acceptable performance requires too many compromises in terms of analysis precision. My current work focuses on three concurrent threads: tackling fundamental issues relating to scaling static analysis (specifically, scaling analyses to run on supercomputers rather than a single machine as all current analyses do); engineering those analyses (to allow analysis reuse); and applying those analyses to computer security (e.g., to check properties such as information flow and to support complex reverse engineering tasks).

Recent Publications:

  • Symbolic Path Tracing to Find Android Permission-Use Triggers. NDSS Workshop on Binary Analysis Research (BAR 2019).
  • User Comfort with Android Background Resource Accesses in Different Contexts Symposium on Usable Privacy and Security (SOUPS 2018).
  • User Interactions and Permission Use on Android (CHI 2017).

Endadul Hoque

Degree:

  • Ph.D., Computer Science, Purdue University, 2015
  • M.S., Computer Science, Marquette University, 2010
  • B.S., Computer Science and Engineering, Bangladesh University of Engineering and Technology, 2008

Lab/ Center/ Institute affiliation

Research interests:

  • Security of computer networks and systems
  • IoT systems security
  • Program analysis, software testing and verification
  • Vulnerability detection

Current Research:

His research focuses on the security of computer networks and systems. The software of computer networks and systems continues to have exploitable vulnerabilities, which are lucrative targets for adversaries. Within this broad domain, his particular emphasis is on automated detection of vulnerabilities as well as creating resilient protocols and systems. His research primarily builds on and expands program analysis, software engineering, and formal verification. His interests span several domains of computing, including network communication protocols, operating systems, distributed systems, internet-of-things (IoT) systems and embedded devices.

Honors and Awards:

  • NSF CAREER Award, 2024
  • Google Research Scholar Award, 2022
  • Distinguished Paper Award at NDSS (Network and Distributed System Security Symposium) 2018
  • Bilsland Dissertation Fellowship Award from the Graduate School at Purdue University, 2015
  • Graduate Teaching Fellowship Award from Dept. of Computer Science at Purdue University, 2014

Selected Publications:

  • A. J. Nafis, O. Chowdhury, and E. Hoque, “VetIoT: On Vetting IoT Defenses Enforcing Policies at Runtime,” Proc. of IEEE Conference on Communications and Network Security (CNS) pp. 1-9, 2023.
  • M. H. Mazhar, L. Li, E. Hoque, and O. Chowdhury, “MAVERICK: An App-independent and Platform-agnostic Approach to Enforce Policies in IoT Systems at Runtime,” Proc. of ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’23), 2023.
  • M. Yahyazadeh, S. Y. Chau, L. Li, M. H. Hue, J. Debnath, S. C. Ip, C. N. Li, E. Hoque, and O. Chowdhury, “Morpheus: Bringing The (PKCS) One To Meet the Oracle,” Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS ’21) (CCS ’21), Association for Computing Machinery, New York, NY, USA, pp. 2474–2496, 2021.
  • M. H. Hue, J. Debnath, K. M. Leung, L. Li, M. Minaei, M. H. Mazhar, K. Xian, E. Hoque, O. Chowdhury, and S. Y. Chau, “All Your Credentials Are Belong to Us: On Insecure WPA2-Enterprise Configurations,” Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS ’21), Association for Computing Machinery, New York, NY, USA, pp. 1100–1117, 2021.

Wenliang (Kevin) Du

Degree(s):

  • Ph.D. 2001, from Purdue University

Research Interests:

  • Computer and network security
  • Smartphone and mobile system security
  • Security education

Current Research:

Recent work has involved the studies of the Android operating systems with the following goals: (1) identify security problems in the design of the Android operating system, (2) identify security problems in mobile apps and develop tools to detect them, (3) develop improved access control for mobile systems.

Other current work includes the development of effective hands-on lab exercises for security education. We started the work in 2002, and we have developed about 30 labs for both undergraduate and graduate students. As of September 2015, over 350 universities and colleges worldwide are using them.

Courses Taught:

  • Computer security
  • Internet security
  • Android security
  • Android Programming

Honors:

  • IEEE Fellow
  • 2014 Dean’s Award for Excellence in Engineering Education, May 2014.
  • 2013 Faculty Excellence Award from College of Engineering and Computer Science.
  • 2013 ACM CCS Test-of-Time Award.
  • Best Paper Award in the 11th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD), May 22-25, 2007, Nanjing, China.
  • Best Paper Award in The 19th IEEE International Parallel & Distributed Processing Symposium (IPDPS), April 4-8, 2005, Denver, Colorado.
  • Guo Mo-ruo Award (1992), University of Science & Technology of China.

Selected Publications:

Click here to see full list of publications.

Yousra Aafer, Nan Zhang, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, and Michael Grace. Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References. To appear in the 22nd ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, USA. October 12-16, 2015.

Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri. Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA. November 3 – 7, 2014.

Paul Ratazzi, Ashok Bommisetti, Nian Ji, and Wenliang Du. PINPOINT: Efficient and Effective Resource Isolation for Mobile Security and Privacy. In Proceedings of the Mobile Security Technologies (MoST) workshop, May 21, 2015.

Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin. Attacks on WebView in the Android System. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, USA. December 5-9, 2011.

Karthick Jayaraman, Wenliang Du, Balamurugan Rajagopalan, and Steve J. Chapin. Escudo: A Fine-grained Protection Model for Web Browsers. In ICDCS: The 30th International Conference on Distributed Computing Systems, Genoa, Italy, June 21-25, 2010

Wenliang Du. The SEED Project: Providing Hands-on Lab Exercises for Computer Security Education. In IEEE Security and Privacy Magazine, September/October, 2