The evolution of apps on new platforms such as mobile, web and the Internet of Things are bringing more functionality and convenience for people; however, these new platforms also expose users to security and privacy risks. For example, the Internet of Things devices use sensors and machine learning to provide richer functionality, but these features may violate users’ security and privacy. Researchers and developers are spending much effort to protect the users, but unauthorized information leakage is still rampant, especially when new features or new techniques are introduced. To resolve these problems, I work on changing the way platform designers think about designing secure systems, educating the developers about the system implementations, and creating technological solutions to facilitate better security decision-making.
In this talk, I’ll present my example projects in the thrusts of (1) Identify and understand new threats, as well as (2) design and implement secure and privacy-preserving systems. In the first thrust, I will use voice-controlled devices as an example to show how we identify new security and privacy threats on the devices powered by machine learning. Our proposed solutions for the new threats have been adopted the device vendors. In the second thrust, I introduce our efforts in building secure and privacy-preserving systems for the Internet of Things. I performed program analysis to discover problems of current permission systems in third-party apps on the Internet of Things. With the insights from the program analysis and natural language processing, I propose principles and implement a privacy preserving system to share the least privilege information to third-party apps without affecting their functionality. In general, I hope to bring the low-level privacy enhancements to the users through thorough design, efficient implementation, and usable interface.
Yuan Tian is an Assistant Professor of Computer Science at University of Virginia. Before joining UVA, she obtained her Ph.D from Carnegie Mellon University in 2017, and interned at Microsoft Research, Facebook, and Samsung Research. Her research interests involve security and privacy and its interactions with computer systems, machine learning, and human-computer interaction. Her current research focuses on developing new technologies for protecting user privacy, particularly in the areas of mobile systems and the Internet of Things. Her work has generated real-world impact as countermeasures and design changes have been integrated into platforms (such as Android, Chrome, SmartThings, Azure, and iOS), and also impacted the security recommendations of standard organizations such as Internet Engineering Task Force (IETF) and World Wide Web Consortium (W3C). She is a recipient of NSF CRII award 2019, Amazon AI Faculty Fellowship 2019, CSAW Best Security Paper Award 2019, Rising Stars in EECS 2016 and Black Hat Future Female Leaders in Cyber Security 2015. Her research has appeared in top-tier venues in Security, and System. Her projects have been covered by media outlets such as IEEE Spectrum, Forbes, Fortune, Wired, and Telegraph.