Electrical Engineering and Computer Science Professor Wenliang (Kevin) Du Recognized as Fellow of the Association for Computing Machinery 

Wenliang (Kevin) Du, the Laura J. and L. Douglas Meredith Professor in electrical engineering and computer science, has been recognized as a Fellow of the Association for Computing Machinery (ACM) for his contributions to cybersecurity education and research.  

The ACM is the world’s largest society of computing professionals, and their member grade recognizes the top 1% of ACM members worldwide for their groundbreaking contributions to computing and information technology. All 2023 inductees have been well-established ACM members who were chosen by their peers.  

Du has been at Syracuse University since 2001 and his research focuses on computer and network security. He founded the SEED open-source project in 2002 and the cybersecurity lab exercises developed from this project are now being used by 1,100 institutes worldwide. Additionally, his self-published book, “Computer & Internet Security: A Hands-on Approach”, has been adopted by 280 institutes worldwide. His research papers have been cited 17,800 times, and he has won two Test-of-Time Awards. Du was also elevated to a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) in 2023.

“This very prestigious award means a lot to me, as it recognizes over 20 years’ of my work on cybersecurity education and research, especially my work on cybersecurity education,” says Du. “I was told by many friends not to spend too much time on the education part, as it won’t help my tenure case – I am glad that I didn’t listen to them. Now the global impact of my work on cybersecurity education is huge.”  

Electrical Engineering and Computer Science Professor Yuzhe Tang Receives Grant to Protect Ethereum Security

Yuzhe Tang

Yuzhe Tang, associate professor of electrical engineering and computer science in the College of Engineering and Computer Science, and his research team have been awarded a grant by the Ethereum Foundation for research to advance the Ethereum blockchain ecosystem. This grant will support Tang and his Ph.D. students in designing, developing, and evaluating the security hardening code to protect the Ethereum network stack.

Ethereum is a network made up of several communities and toolsets that allow users to communicate or make transactions with digital money. Since the network is decentralized, users are in complete control of their data and what’s being shared, so they don’t need to give up any personal information – all users need to access Ethereum is an internet connection.

Denial of service security is critically important to the Ethereum blockchain ecosystem, and the research will explore ways to protect the Ethereum network from cyberattacks, involving systematic vulnerability discovery using applied formal methods. As cyber criminals attack networks like Ethereum and security concerns grow, Tang believes this research could have a lasting impact on the current landscape of cybersecurity and blockchain platforms.

“With this grant, we can help solve some of the most critical problems in the real world. We expect to continue developing code merged into Ethereum codebase,” Tang says. “I am most excited about making real-world impacts out of the research works from my group.”

Yuzhe Tang

Degree:

  • Ph.D. Computer Science, Georgia Tech

Lab/ Center/ Institute affiliation:

Full Stack Security Lab (FSSL) at CST 4-294

Areas of Expertise:

  • Blockchain and cryptocurrencies.
  • Cyber-security, vulnerability discovery, attack detection and mitigation.
  • Distributed systems and performance optimization.
  • Software engineering.

Dr. Tang is broadly interested in cyber-security, systems, software engineering, and system measurement. His cyber-security research covers vulnerability discovery, attack detection, attack mitigation, and measurement of deployed systems.

His current research focuses on blockchain security, blockchain systems, blockchain applications, and blockchain education. He has worked on confidential computing, trusted execution environments, and cloud security.

Honors and Awards:

  • The Ethereum Foundation academic award
  • Two NSF SaTC grants and an NSF CNS grant
  • The Best Paper award in IEEE Cloud 2012
  • The Best Paper award in ACM/IEEE CCGrid 2015
  • The AFRL visiting faculty research fellowship, 2017

Selected Publications:

  • K. Li, Y. Wang, Yuzhe Tang. “DETER: Denial of Ethereum Txpool sERvices”, ACM CCS 2021, Acceptance rate=22%
  • K. Li, J. Chen, X. Liu, Yuzhe Tang, X. Wang, X. Luo. “As Strong As Its Weakest Link: How to Break (and Fix) Blockchain DApps at RPC Service”, ISOC NDSS 2021, Acceptance rate=15.2%
  • K. Li, Yuzhe Tang, J. Chen, Y. Wang, X. Liu. “TopoShot: Uncovering Ethereum’s Network Topology Leveraging Replacement Transactions”, ACM IMC 2021, Acceptance rate=28% 
  • Y. Wang, Q. Zhang, K. Li, Yuzhe Tang, J. Chen, X. Luo, T. Chen. “iBatch: Saving Ethereum Fees via Secure and Cost-Effective Batching of Smart-Contract Invocations” ESEC/FSE 2021, Acceptance rate=24.5%
  • C. Zhang, C. Xu, J. Xu, Yuzhe Tang, B. Choi. “GEM^2-Tree: A Gas-Efficient Structure for Authenticated Range Queries in Blockchain”, IEEE ICDE 2019, Full Paper, Acceptance rate=26.8%

Vir V. Phoha

Degree:

  • Ph.D. Texas Tech University

Research Interests:

  • Cyber Security – Cyber offense and defense
  • Machine Learning
  • Smart phones and tablets security
  • Biometrics — network based and standalone

Current Research:

My focus is to do original research that cuts across conventional rigorously defined disciplines and unifies basic and common concepts across disciplines. In particular, my research centers around security (malignant systems, active authentication, for example touch based authentication on mobile devices) and machine learning (decision trees, statistical, and evolutionary methods) with a focus on large time series data streams and static data sets, and computer networks (anomalies, optimization). I am also using these methods to build field realizable defensive and offensive Cyber-based systems.

Courses Taught:

  • Security and Machine learning; Biometrics
  • Applied Cryptography

Honors:

  • IEEE Fellow
  • AAAS Fellow (elected 2018);  NAI Fellow (elect 2020)
  • IEEE Region 1 Technological Innovation  Award, 2017
  • SDPS Fellow (elected 2010)
  • ACM Distinguished Scientist (elected 2008)
  • ACM Distinguished Speaker (2012-2015)

Selected Publications:

  • Amith K. BelmanVir V. Phoha. Discriminative Power of Typing Features on Desktops, Tablets, and Phones for User Identification.ACM Transactions on Privacy and Security. 23(1): 4:1-4:36 (2020)
  • Jin, Vir V. Phoha and R. Zafarani, “Graph-based Identification and Authentication: A Stochastic Kronecker Approach,” in IEEE Transactions on Knowledge and Data Engineering, doi: 10.1109/TKDE.2020.3025989.
  • Li, W. Wang, Y. Gao, Vir V. Phoha and Z. Jin, “Wrist in Motion: A Seamless Context-Aware Continuous Authentication Framework Using Your Clickings and Typings,” in IEEE Transactions on Biometrics, Behavior, and Identity Science, vol. 2, no. 3, pp. 294-307, July 2020, doi: 10.1109/TBIOM.2020.2997004.
  • Yang Gao; Wei Wang; Vir V Phoha; Wei Sun; Zhanpeng JinEarEcho: Using Ear Canal Echo for Wearable Authentication.Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), Vol. 3, No. 3, Article 81. Publication date: September 2019. Presented in The 2019 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2019), London, UK, September 11-13, 2019.
  • Shukla and Vir V. Phoha, “Stealing Passwords by Observing Hands Movement,” in IEEE Transactions on Information Forensics and Security, vol. 14, no. 12, pp. 3086-3101, Dec. 2019, doi: 10.1109/TIFS.2019.2911171.

Young B. Moon

Degree(s):

  • Ph.D., Purdue University
  • M.S., Stanford University
  • B.S., Seoul National University

Areas of Expertise:

  • Cyber-Manufacturing Systems
  • Cyber-Manufacturing Security
  • Systems Modeling and Simulation
  • Application of Machine Learning and Artificial Intelligence
  • Sustainable Product Realization Processes and Systems

Professor Moon teaches courses and conducts research in the areas of Cyber-Manufacturing Systems, Cyber-Manufacturing Security, Sustainable Manufacturing, Product Realization Processes and Systems, Enterprise Resource Planning (ERP) Systems, Systems Modeling and Simulation, Computer Integrated Manufacturing (CIM), Product Lifecycle Management (PLM), and Application of Machine Learning. He has had extensive interactions with industry and has published over 120 journal and conference publications. He is on Editorial Board for several international journals. He is active in a variety of capacities with numerous professional organizations including ASME, INCOSE, ABET, ASEE, IFIP and SME. Moon is a licensed P.E. (Professional Engineer) registered in the state of New York, a CFPIM (Certified Fellow in Production and Inventory Management), and a CMfgE (Certified Manufacturing Engineer). A Fulbright Scholar, Dr. Moon has held visiting positions in various organizations across the globe.

Honors and Awards:

  • Outstanding Service Award from INCOSE (International Council on Systems Engineering)

Selected Publications:

Espinoza-Zelaya, C. and Y.B. Moon, “Resilience Enhancing Mechanisms for Cyber-Manufacturing Systems against Cyber-Attacks,” The 10th IFAC Triennial Conference on Manufacturing Modeling, Management and Control (MIM 2022), Nantes, France, June 22–24, 2022.

Prasad, R. and Y.B. Moon, “Architecture for Preventing and Detecting Cyber-Attacks in Cyber-Manufacturing Systems,” The 10th IFAC Triennial Conference on Manufacturing Modeling, Management and Control (MIM 2022), Nantes, France, June 22–24, 2022.

Song, J., Wang, J. and Y.B. Moon, “Blockchain Applications in Manufacturing Systems: A Survey,” Proceedings of the ASME International Mechanical Engineering Congress and Exposition, Virtual, November 1–4, 2021.

Wu, M., Song, J., Sharma, S., Di, J., He, B., Wang, Z., Zhang, J., Lin, L., Greaney, E., and Y.B. Moon, “Development of Testbed for Cyber-Manufacturing Security Issues,” International Journal of Computer Integrated Manufacturing, vol. 33, no. 3, pp. 302–320, 2020.

Wu, M. and Y.B. Moon, “Alert Correlation for Detecting Cyber-Manufacturing Attacks and Intrusions,” Journal of Computing and Information Science in Engineering, Transactions of the ASME, vol. 20, no. 1, pp. 011004-1–011004-12, 2020.

Wu, M., Song, Z., and Y.B. Moon, “Detecting Cyber-Physical Attacks in CyberManufacturing Systems with Machine Learning Methods,” Journal of Intelligent Manufacturing, vol. 30, no 3, pp. 1111–1123, 2019.

Wu, M. and Y.B. Moon, “Intrusion Detection for Cyber-Manufacturing System,” Journal of Manufacturing Science and Engineering, Transactions of the ASME, vol. 141, no. 3, pp. 031007-1–031007-9, 2019.

Song, Z. and Y.B. Moon, “Sustainability Metrics for Assessing Manufacturing Systems: A Distance-to-Target Methodology,” Environment, Development and Sustainability, vol. 21, no. 6, pp. 2811–2834, 2019.

Wu, M. and Y.B. Moon, “DACDI (Define, Audit, Correlate, Disclose, and Improve) Framework to Address Cyber-Manufacturing Attacks and Intrusions,” Special Issue on Industry 4.0 and Smart Manufacturing, Manufacturing Letters, vol. 15, Part B, pp. 155–159, 2018.

Moon, Y.B., “Simulation Modeling for Sustainability: A Review of the Literature,” International Journal of Sustainable Engineering, vol. 10, no. 1, pp. 2–19, 2017.

Moon, Y.B., “Enterprise Resource Planning (ERP): A Review of the Literature,” International Journal of Management and Enterprise Development, vol. 4, no. 3, pp. 235–264, 2007.

Kristopher Micinski

Degree:

  • Doctorate of Philosophy, Computer Science, University of Maryland at College Park
  • Bachelor of Science, Computer Engineering, Michigan State University

Areas of Expertise:

  • Programming Languages
  • Static Analysis
  • Formal Methods
  • Foundations of Computer Security and Privacy

My research lies at the intersection of the theory and application of program analyses. Program analyses are tools that examine programs and determine (prove) facts about them. For example, a program analysis might prove that a program can never crash due to a type error. In general, however, program analyses can be arbitrarily complex and infer subtle program invariants relating to myriad applications (such as computer security).

Because program analyses must always approximate program behavior (otherwise they could solve the halting problem), there is an inherent tradeoff between analysis precision and analysis performance. Currently, program analyses are often applied only in limited contexts, as gaining acceptable performance requires too many compromises in terms of analysis precision. My current work focuses on three concurrent threads: tackling fundamental issues relating to scaling static analysis (specifically, scaling analyses to run on supercomputers rather than a single machine as all current analyses do); engineering those analyses (to allow analysis reuse); and applying those analyses to computer security (e.g., to check properties such as information flow and to support complex reverse engineering tasks).

Recent Publications:

  • Symbolic Path Tracing to Find Android Permission-Use Triggers. NDSS Workshop on Binary Analysis Research (BAR 2019).
  • User Comfort with Android Background Resource Accesses in Different Contexts Symposium on Usable Privacy and Security (SOUPS 2018).
  • User Interactions and Permission Use on Android (CHI 2017).

Endadul Hoque

Degree:

  • Ph.D., Computer Science, Purdue University, 2015
  • M.S., Computer Science, Marquette University, 2010
  • B.S., Computer Science and Engineering, Bangladesh University of Engineering and Technology, 2008

Research interests:

  • Security of computer networks and systems
  • IoT systems security
  • Program analysis, software testing and verification
  • Vulnerability detection

Current Research:

His research focuses on the security of computer networks and systems. The software of computer networks and systems continues to have exploitable vulnerabilities, which are lucrative targets for adversaries. Within this broad domain, his particular emphasis is on automated detection of vulnerabilities as well as creating resilient protocols and systems. His research primarily builds on and expands program analysis, software engineering, and formal verification. His interests span several domains of computing, including network communication protocols, operating systems, distributed systems, internet-of-things (IoT) systems and embedded devices.

Honors:

  • Distinguished Paper Award at NDSS (Network and Distributed System Security Symposium) 2018
  • Bilsland Dissertation Fellowship Award from the Graduate School at Purdue University, 2015
  • Graduate Teaching Fellowship Award from Dept. of Computer Science at Purdue University, 2014

Recent Publications:

  1. Yahyazadeh, P. Podder, E. Hoque, and O. Chowdhury. Expat: Expectation-based Policy Analysis and Enforcement for Appified Smart-Home Platforms. In the proceedings of the 24th ACM Symposium on Access Control Models and Technologies (SACMAT 2019), Toronto, ON, Canada, June 2019
  2. Samuel Jero, Endadul Hoque, David Choffnes, Alan Mislove, and Cristina Nita-Rotaru. Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach. In the proceedings of Network and Distributed System Security Symposium (NDSS), San Diego, California, Feb 2018. [Distinguished Paper Award]
  3. Endadul Hoque, Omar Chowdhury, Sze Yiu Chau, Cristina Nita-Rotaru, and Ninghui Li. Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs. In the Proceedings of IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO, June 2017.
  4. Sze Yiu Chau, Omar Chowdhury, Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru, and Ninghui Li. SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations. In the Proceedings of IEEE Symposium on Security and Privacy (S&P), San Jose, CA. May 2017.

Wenliang (Kevin) Du

Degree(s):

  • Ph.D. 2001, from Purdue University

Research Interests:

  • Computer and network security
  • Smartphone and mobile system security
  • Security education

Current Research:

Recent work has involved the studies of the Android operating systems with the following goals: (1) identify security problems in the design of the Android operating system, (2) identify security problems in mobile apps and develop tools to detect them, (3) develop improved access control for mobile systems.

Other current work includes the development of effective hands-on lab exercises for security education. We started the work in 2002, and we have developed about 30 labs for both undergraduate and graduate students. As of September 2015, over 350 universities and colleges worldwide are using them.

Courses Taught:

  • Computer security
  • Internet security
  • Android security
  • Android Programming

Honors:

  • IEEE Fellow
  • 2014 Dean’s Award for Excellence in Engineering Education, May 2014.
  • 2013 Faculty Excellence Award from College of Engineering and Computer Science.
  • 2013 ACM CCS Test-of-Time Award.
  • Best Paper Award in the 11th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD), May 22-25, 2007, Nanjing, China.
  • Best Paper Award in The 19th IEEE International Parallel & Distributed Processing Symposium (IPDPS), April 4-8, 2005, Denver, Colorado.
  • Guo Mo-ruo Award (1992), University of Science & Technology of China.

Selected Publications:

Click here to see full list of publications.

Yousra Aafer, Nan Zhang, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, and Michael Grace. Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References. To appear in the 22nd ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, USA. October 12-16, 2015.

Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri. Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA. November 3 – 7, 2014.

Paul Ratazzi, Ashok Bommisetti, Nian Ji, and Wenliang Du. PINPOINT: Efficient and Effective Resource Isolation for Mobile Security and Privacy. In Proceedings of the Mobile Security Technologies (MoST) workshop, May 21, 2015.

Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin. Attacks on WebView in the Android System. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, USA. December 5-9, 2011.

Karthick Jayaraman, Wenliang Du, Balamurugan Rajagopalan, and Steve J. Chapin. Escudo: A Fine-grained Protection Model for Web Browsers. In ICDCS: The 30th International Conference on Distributed Computing Systems, Genoa, Italy, June 21-25, 2010

Wenliang Du. The SEED Project: Providing Hands-on Lab Exercises for Computer Security Education. In IEEE Security and Privacy Magazine, September/October, 2