Seminar: Cross-Platform Data-Driven Security and Privacy Analysis in Emerging Systems
Faysal Hossain Shezan
University of Virginia, Department of Computer Science and Engineering
Tuesday January 17, 2023
10:00 am
Location: Patrick F. Taylor Hall Room 3107
Abstract
The rapid growth of IoT devices around the world makes the security and privacy aspects of those commodity devices more concerning. Prior works explore these problematic issues, but they suffer in cross-platform settings: these emerging systems don't have rich documentation of data collection & usage policy, involve interaction among multiple programming languages, and operate using unsafe software.
We overcome those challenges using our data-driven approach and demonstrate the effectiveness by performing several studies including -- (1) analyzing the application's description to find unnecessary access to the user's sensitive information, (2) investigating policy documents to identify unauthorized access to the user's health information, (3) explore source code written in different languages to detect GDPR compliance of user information flow.
Bio
Faysal Hossain Shezan is currently pursuing a Ph.D. degree in the Department of Computer Science at the University of Virginia, working with prof. Yuan Tian. His research interest lies in the intersection of security & privacy with cyber-physical systems, medical healthcare, software engineering, and machine learning. He is especially interested in data-driven security and privacy analysis in emerging systems. The goal of his research is to measure the attack surface of the IoT platforms, analyze privacy leakages among inter-connected home automation applications and investigate the enforcement of privacy policies. His research findings are acknowledged by the industry (i.e., Google) and resulted in the publishing of 12 CVEs. He is fortunate to receive a few awards and recognition during his Ph.D., including- CPS Rising Stars, UVA endowed graduate fellowship award, Link Lab outstanding graduate research award.