UTCS Colloquia - XiaoFeng Wang, Associate Professor, Indiana University, "Cloud, Mobile and Big Data: New Challenges and Opportunities for Security Research"

Contact Name: 
Lindy Aleshire
POB (ACES) 2.302
Sep 12, 2013 11:00am - 12:00pm

Talk Audience: UTCS Faculty, Grads, Undergrads, Other Interested Parties

Host: Vitaly Shmatikov & Center for Information Assurance and Security

Talk Abstract: Cloud computing is becoming a game-changer for the academia and industry that need low-cost and scalable data processing capabilities, offering critical supports for mobile computing and big data processing. However, this computing paradigm is also fraught with security and privacy risks.  Although many cloud-security issues are related to the problems that have long been studied, we strongly believe that the emerging applications of the cloud (web services, mobile clouds and big data analysis) actually expand the space of these seemingly old problems, bringing in new security challenges and new research opportunities. 

In this talk, I present the outcomes of our preliminary research in those new directions, which include new security threats we discovered in cloud-based web services and mobile computing, and a new cloud-based solution we developed for privacy-preserving big data analysis. Specifically, software in the cloud is often built through integrating web APIs provided by different web service providers, and served by delivering part of its components to the user through mobile apps or browser.  This Software-as-a-Service model can easily bring in logic flaws during API integrations, due to the miscommunication between the API provider and the API user, and is fundamentally vulnerable to side-channel attacks.  As evidence to the seriousness of such problems, our research shows that high-profile web stores can be exploited to shop for free, popular social-login services can be easily abused, and leading web services are leaking out such sensitive user information as healthcare data, family incomes, investment secrets and mobile users’ true identities to network eavesdroppers or malicious zero-permission apps running on the victim’s phone. On the other hand, we demonstrate that special features of the cloud can actually be leveraged to find practical solutions to the security challenges in processing big data:  we developed a new secure DNA alignment technique based upon the hybrid infrastructure of today’s clouds and their immense data-processing power. Our new approach can support a large-scale genomic computation (a typical big-data analysis) on the low-cost public cloud without endangering sensitive genetic information.  These preliminary studies strongly indicate great security research opportunities existing in the cloud, which can lead to high-impact discoveries and surprising technological progress. 

Speaker Bio: Dr. XiaoFeng Wang is an associate professor in the School of Informatics and Computing at Indiana University, Bloomington. He received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University in 2004, and has since been a faculty member at IU.  Dr. Wang is a recognized active researcher on system and network security.  His group extensively publishes at leading security venues and vigorously pursues innovative and high-impact research directions.  His current work focuses on security/privacy issues in Cloud and mobile Computing, and privacy issues in big data processing and dissemination.  He is a recipient of 2011 Award for Outstanding Research in Privacy Enhancing Technologies (the PET Award) and the Best Practical Paper Award at the 32nd IEEE Symposium on Security and Privacy. Dr. Wang has also been actively serving the research community, participating in the program/organization committees of numerous conferences and workshops. His research is supported by the NSF, Department of Homeland Security, the Air Force and Microsoft Research.  He is currently Director of IU Center for Security Informatics and was in charge of the Master Program in Security Informatics in 2010.