EECS Colloquium: Towards scalable and intelligent security analysis of mobile/IoT systems: from a holistic view, by Brandon Wang

About the event

Abstract:
The exploding deployment of mobile and IoT devices has changed many aspects of our lives. These devices are supported by the involvement of multiple key stakeholders, such as platform vendors, device manufacturers, and third-party developers, with each having her own unique cyber threats. In this talk, I will take a holistic view and discuss my research to enhance the security of different stakeholders. Specifically, I will introduce my work of 1) combating mobile-based cybercrime (e.g., crowdturfing and cross-library data harvesting) from malicious third-party developers with semantic analysis, 2) scalable approaches to evaluating the security posture of IoT devices, and 3) discovering and mitigating new attacks towards essential features of device platforms, e.g., cross-app remote infections via Android WebViews, and OS-level side channel attacks on iOS.

Bio:
Brandon Xueqiang Wang is a Security Engineer at Amazon Lab126, working on device security automation. Before that, he earned his Ph.D. at Indiana University Bloomington. His research focuses on building scalable and data-driven approaches to identifying security vulnerabilities, new attacks, and cybercriminal threats in mobile and Internet-of-Things (IoT) systems. He has published papers on leading security venues such as S&P (Oakland), USENIX Security, CCS, and NDSS. He is ranked #301 among the 9,585 security researchers globally according to the System Security Circus 2020. His research was recognized by some academic awards, e.g., two papers are among the top-10 finalists of CSAW Best Applied Security Paper Award. He also received acknowledgments and rewards from top tech companies such as Apple, Google, Facebook, Amazon, Twitter, etc. for his discovery of new attacks and security vulnerabilities in their products.