Protecting User Security and Privacy in Emerging Platforms

Tue, Feb 16, 2021, 4:30 pm to 5:30 pm
Location: 
Speaker(s): 
Sponsor(s): 
Yuan Tian, University of Virginia

Please register here to attend the seminar

Talk recording

Abstract:

The evolution of apps on new platforms such as mobile, web, and the Internet of Things (IoT) are bringing more functionality and convenience to people; however, these new platforms also expose users to security and privacy risks. For example, mobile and IoT devices use sensors and machine learning to provide richer functionality, but these features may violate users’ security and privacy. Researchers and developers are spending much effort to protect the users, but unauthorized information leakage is still rampant, especially when new features or new techniques are introduced. To resolve these problems, I work on changing the way in which platform designers think about designing secure systems, assisting the developers about secure system implementations, and creating technologies to facilitate better security decision-making.

In this talk, I’ll present my example projects in two thrusts: (1) identifying and understanding new threats and (2) designing and implementing secure and privacy-preserving systems. In the first thrust, I will use voice-controlled devices as an example to show how we identify new security and privacy threats on devices powered by machine learning. Our solutions have been adopted by the device vendors such as Google and Amazon. In the second thrust, I introduce our efforts in building secure and privacy-preserving systems for the Internet of Things. I performed program analysis to discover vulnerabilities of current permission systems in third-party IoT apps. With insights from program analysis and natural language processing, I proposed principles and implemented a privacy-preserving system to share the least privilege information to third-party apps without affecting their functionality. In general, I hope to bring low-level security and privacy enhancements to the users through thorough design, efficient implementation, and usable interfaces.

Bio:

Yuan Tian is an Assistant Professor of Computer Science at the University of Virginia. Before joining UVA, she obtained her Ph.D. from Carnegie Mellon University in 2017 and interned at Microsoft Research, Facebook, and Samsung Research. Her research interests involve security and privacy and its interactions with computer systems, machine learning, and human-computer interaction. Her current research focuses on developing new computing platforms with strong security and privacy features, particularly in the areas of mobile systems and the Internet of Things. Her work has generated real-world impact as countermeasures and design changes have been integrated into platforms (such as Android, Chrome, SmartThings, Azure, and iOS), and also impacted the security recommendations of standard organizations such as Internet Engineering Task Force (IETF) and World Wide Web Consortium (W3C). She is a recipient of NSF CAREER award 2020, NSF CRII award 2019, Amazon AI Faculty Fellowship 2019, CSAW Best Security Paper Award 2019, Rising Stars in EECS 2016, and Black Hat Future Female Leaders in Cyber Security 2015. Her research has appeared in top-tier venues in Security, System, and Machine Learning. Her projects have been covered by media outlets such as IEEE Spectrum, Forbes, Fortune, Wired, and Telegraph.