Date(s) - 12 Apr 2018
10:00 AM - 11:00 AM
3043 ECpE Building Addition
Speaker: Ziming Zhao, Assistant Research Professor in the School of Computing, Informatics and Decision Systems Engineering at Arizona State University
Title: Holistic Cybersecurity from System, Human and Social Perspectives
Abstract: Given the ever-increasing complexity in attack and camouflage techniques and escalating sophistication in cybercrime activities, it is imperative to have a holistic view of the today’s cybersecurity landscape from system, network, human and social perspectives to design effective defense and response mechanisms that should span multiple layers in our computing systems and can even utilize human and social factors. To this end, my research foci include not only solving hardcore system and network security problems but also understanding and leveraging security implications of human and social behaviors. In this talk, I will present two example research projects that lay at the two ends of my research spectrum: 1) building cache-based cross-world covert channels in the ARM TrustZone architecture, which is deployed in millions of mobile and IoT devices. In this project, I proposed to use overlooked PMU features to construct high bandwidth covert channels that overcome challenges presented by pseudorandom replacement policy and world switching; and 2) guessing gesture-based picture passwords, which falls into the usable security category. I proposed a novel attack framework that is capable of cracking passwords on previously unseen pictures in the Microsoft. Windows picture gesture authentication system, which is used by millions of users.
Bio: Ziming Zhao is an assistant research professor at Arizona State University. He received the PhD degree in computer science from Arizona State University in 2014. His research foci include system and software security, network security, usable and user-centric security, cybercrime and threat intelligence analytics. His research has led to 40+ publications in security conferences and journals, including IEEE S&P, USENIX Security, NDSS, TISSEC, TDSC, etc. In addition, his research has received 30+ media coverage and have been used in graduate courses at many universities. He won a best paper award in ACM CODASPY 2014 and IEEE ITU Kaleidoscope 2016. He is a general co-chair of ACM CODASPY 2018.