- BOSS (Build your Own Search Service), Yahoo! Search-
In general, BOSS is Yahoo's open search platform that allows any developer to build and launch a search product utilizing Yahoo's search index. It provides XML results, spelling correction, unlimited queries, no yahoo branding or look & feel restrictions, and permission to reorder results. I work on BOSS Custom platform which handles
structured data search. It provides real-time indexing, custom relevancy tuning, and rich search
navigation/filtering options. See our product: search tool at TechCrunch.com is powered by BOSS Custom. Official Yahoo BOSS website
- Autonomic Computing Security (HP Labs)- Analyzed security vulnerabilities of, and developed mitigation recommendations for
Adaptive Infrastructure, HP's vision of autonomic computing.
Performed penetration testing, source code analysis, and threat modeling of Select Identity,
HP's identity management system. Analyzed 130,000 lines of critical interface source code, written in Java and C++. Used Fortify and CodeAssure tools for source code security analysis.
- Social Computing (IBM Almaden Research Center)- Developed Relescope, a tool for managing and forming productive relationships in academic communities.
Used data mining techniques to predict future collaborations and discover people with common
colleagues and research interests. Deployed Relescope at ACM CSCW'04 conference to enhance communication among participants, and
conduct user study.
Implemented a Perl parser to extract publications history from ACM Digital Library.
Relescope is developed in Java, in conjunction with RDF and Jena toolkit.
At CSCW conference, generated and distributed 266 personalized reports and annotated conference programs.
53% of surveyed users utilized Relescope to meet people or find relevant talks.
- Inter-Vehicular Wireless Communication (Motorola)- Researched routing algorithms,
connectivity conditions, and applications of ad-hoc wireless communication
between moving cars. Developed a prototype application (in Java) for voice messaging and roadside alerts.
Conducted field experiments with moving cars and off-the-shelf wireless devices.
Academic Research Projects
- Security of Software-Defined Radio (current)- Investigated security issues of Software-Defined Radio (SDR), reconfigurable radio devices
that support integration and co-existence of multiple radio access technologies
on general-purpose hardware. Security challenges of SDR are unique from other wireless devices in that through intentional or unintentional re-configuration of its radio frequency (RF) parameters and link-layer stack, the radio device is capable of acting as a malicious or malfunctioning device, posing serious security threats to the entire radio network. We proposed a policy-driven configuration framework
for secure and autonomic component composition, validation, and remote attestation
of radio configuration.
In addition, we studied applicability of SDR in power grids as a long-term wireless solution and addressed technical challenges that arise from its deployment in power grids.
This work is undertaken as part of TCIP project, funded by NSF. We envision SDR providing local area communication means between substations and field instruments, e.g. RTUs, IEDs, and PMUs, between a control center and substations, as well as a direct connection between substations. For more info see the project website and publications.
- Threat Modeling in Software Engineering- This project was undertaken at National Center for Supercomputing Applications (NCSA). In computer security, threat modeling is to identify the security issues the system designer cares about, or to define a set of possible attacks.
We researched effective and systematic techniques for formulating a security threat model
as part of a software development cycle. In this work, we took system-centric view, versus attacker-centric view, of threat modeling which starts from the design of the system, and attempts to step through a model of the system, looking for attacks against each element of the model. We proposed threat modeling approaches
for networked and data-centric systems, and developed case studies of real systems. Published papers: , , .
- Bug Detection in Large-Scale Source Code- This project started out as a class project for CS 497: Hot Topics in Operating Systems course with professor Yuanyuan Zhou. Eventually we published a paper in OSDI '04 and an article in IEEE Transactions on Software Engineering.
We developed a tool, CP-Miner, which uses data-mining techniques to efficiently identify
copy-pasted code segments and bugs associated with replicated code in large software suites.
Our technique does not require source annotation, and is tolerant to intentional modifications
by a programmer. CP-Miner analyzed source code of Linux 2.6.6 with 3 million lines of code
under 20 minutes, identified 190,000 replicated segments, and detected 49 previously unreported bugs.
- 3G Mobile Communications Security- Third generation mobile communications systems such as UMTS offer users content rich services, wireless broadband access to the Internet, and worldwide roaming. From the security point of view, service providers and users must be assured of the correct identity of the communicating party, and both user and signaling data must be protected with confidentiality and integrity mechanisms.
We implemented security mechanisms of UMTS telecom system in Opnet simulation tool.
Analyzed the impact of deploying authentication, confidentiality, and integrity mechanisms on network
performance metrics such as packet delay, call setup, and network utilization. For more info see the project website and report.