Research

LLMs are being enhanced with the ability to use tools and to process multiple modalities (and formulate agents). These new capabilities bring new benefits and also new security risks. In this thrust of work, we show a novel threat model where an attacker can use automatically generated adversarial examples to cause attacker-desired tool usage. For example, the attacker could cause a victim LLM to delete calendar events, leak private conversations and book hotels.

Sensors measuring real-life physical processes are ubiquitous in today’s interconnected world. These sensors inherently bear noise that often adversely affects performance and reliability of the systems they support. Classic filtering-based approaches introduce strong assumptions on the time or frequency characteristics of sensory measurements, while learning-based denoising approaches typically rely on using ground truth clean data to train a denoising model, which is often challenging or prohi ...

The recent advancement in Cyber Physical Systems (CPS) and the Artificial Intelligence of Things (AIOT) has brought significant productivity and utility enhancement across all walks of life. However, safety and security concerns and usability challenges have prohibited the wide adoption of AI-powered smart "things" in large-scale real-world systems. My research aims to close this gap by enabling secure and safe interaction with Cyber-Physical Systems in a user-friendly manner. Smart commercial b ...

In our work, we deviate from the status quo and show how users can authenticate themselves using biometrics whilst. We utilize primitives from cryptography -- namely fuzzy extractors -- to ensure that there is no requirement to perform template matching (of a template stored in the clear) on trusted hardware.

In this project, we analyzed the performance of the gVisor memory management subsystem, starting from benchmarking malloc and ending up focusing on MMAP. We further profiled MMAP performance within gVisor and identified its bottlenecks. We proposed an optimization in the free page searching algorithm of virtual memory space within gVisor (from O(N) to O(logN)). This optimization patch has been merged into production.

This project presents a toolset for assessing whether a cryptographic function is constant-time on two given (distinct)input sets. The toolset extends new support to languages other than C or C++, including Python3, Golang, and JavaScript. We present a comprehensive test suite covering common cryptographic primitives and providing finely-chosen inputs that can cause non-constant-time behavior of certain implementations. We then evaluate our approach by applying this test suite to a set of librar ...

There is a presumption in human-computer interaction that laying out menus and most other material in neat rows and columns helps users get work done. The rule has been so implicit in the field of design to allow for no debate. However, the idea that perfect collinearity creates an advantage for both either search and or recall has rarely been tested. We conducted several experiments to test this. Note, I'm no longer on this project after Sep. 2018. The submitted paper is the latest version cont ...

Dating applications are widely adopted all over the world. However, most of them do not have a very good security and privacy guarantee. On one hand, who's confessing love to whom is not something secret to the service provider. On the other hand, if the target user B of user A refuses the request, severe embarrassment will be caused in between them. In this project, we aimed to tackle these two issues. We proposed a preliminary cryptography protocol for this and developed a WeChat MiniApp on to ...