Yinzhi Cao is a postdoctoral scientist at Columbia University. He earned his PhD in computer science at Northwestern University, and his B.E. degree in electronics engineering at Tsinghua University in China. His research focuses on the security and privacy of the web, smart phones, and machine learning. Cao has published twelve papers at security conferences, such as NDSS, ACSAC and DSN. His JShield system has been adopted by Huawei, the world's largest telecommunication company. Cao has served as a program committee member for IEEE CNS’14, a web chair for AsiaCCS SESP’13, and he has also conducted research at SRI International and UC Santa Barbara as a summer intern.
Enhancing System Security and Privacy with Program Analysis
In this talk, I will discuss the security and privacy of two important computer systems: the Web browser, and the Android system, from the perspective of program analysis. I will focus on how to prevent and detect drive-by download attacks, which penetrate the boundary of a browser principal. I will pay particular attention to JShield, a vulnerability-based detection engine that is more robust to obfuscated drive-by download attacks, in comparison to other anti-virus software. Following, I will introduce EdgeMiner, the first automatic tool that creates summaries of Android framework in the form of callback and registration pairs. With the summaries, existing static analysis system can correctly construct a control flow graph with hidden control flow dependencies introduced by callback methods.