Xuxian Jiang Assistant Professor Department of Computer Science Email: Phone: 919-513-7835 Office: Room 3256, EBII North Carolina State University 890 Oval Drive, Campus Box 8206 Raleigh, NC 27695-8206 Fax: 919-515-7896

Research (Upcoming Security Conference Map)

- Current research interests: smartphones, hypervisors, and malware defense (publication list, software release, in the News).

• Mobile Security Alerts
• 4/27/2012: UpdtKiller: New Android Malware Removes Antivirus Software
• 4/27/2012: GappII: New Android Malware On the Loose
• 4/06/2012: TigerBot: New Android Malware Identified in Alternative Android Markets
• 4/02/2012: DKFBootKit: New DroidKungFu Variant Moves Towards the First Android BootKit
• 3/22/2012: TGLoader: New Android Malware Utilizes the Exploid Root Exploit
• 2/23/2012: Common Vulnerabilities and Exposures (CVE) Reports on Some Popular Mobile Apps
• 2/16/2012: PushBot: A Push-Based App Delivery Model Identified in the Wild
• 2/3/2012: RootSmart: New Android Malware Utilizes the GingerBreak Root Exploit
• 11/23/2011: Fjcon: New Android Malware Found Targeting Custom ROMs
• 11/21/2011: DroidKungFuSapp: New DroidKungFu Variant Emerges
• 11/11/2011: DroidLive: New Android SMS Trojan Disguised as a Google Library
• 10/19/2011: RogueLemon: New Rogue Android App Found in Alternative Android Markets
• 10/13/2011: BeanBot: New Android SMS Trojan Found in Alternative Android Markets
• 9/20/2011: DroidCoupon: New Root-Capable Android Malware Masquerades as Coupon App
• 9/19/2011: AnserverBot: Highly Sophisticated Android Trojan Using Public, Encrypted Blog Entries for Command and Control (C&C)
• Our report: An Analysis of the AnserverBot Trojan (17 pages)
• 9/1/2011: DroidDeluxe: New Root-Capable Android Malware Found in Alternative Android Markets
• 8/18/2011: GingerMaster: First Android Malware Utilizing a Root Exploit on Android 2.3 (Gingerbread)
• 8/17/2011: DroidKungFu3: New DroidKungFu Variant Returns in Alternative Android Markets
• 8/16/2011: RogueSPPush: New Android SMS-related Malware Found in Alternative Android Markets
• 8/9/2011: NickiBot: New Android Spyware Found in Alternative Android Markets
• 7/22/2011: GamblerSMS: Be Cautious with (New) Android Spyware in Alternative Android Markets
• 7/15/2011: SndApps: New Questionable Android Apps Found and Removed from the Official Android Market
• 7/11/2011: HippoSMS: New Android Malware Found in Alternative Android Markets
• 7/5/2011: GoldDream: New Android Malware Found in Alternative Android Markets
• 7/1/2011: DroidKungFu2: New DroidKungFu Variant Found in Alternative Android Markets
• 6/9/2011: Plankton: New Stealthy Android Spyware Found in Official Android Market
• 6/7/2011: YZHCSMS: New Android SMS Trojan Found in Official and Alternative Android Markets
• 6/4/2011: DroidKungFu: New Sophisticated Android Malware Found in Alternative Android Markets
• 1/28/2011: Android 2.3 (Gingerbread) Data Stealing Vulnerability
• Smartphone security and privacy
• RiskRanker: Ranking Potential Risks from (Untrusted) Android Apps (MobiSys'12)
• MalGenome: Dissecting Android Malware (Oakland'12)
• AdRisk: Assessing Mobile In-App Advertisements (WiSec'12)
• DroidMOSS: Detecting Repackaged Apps (CODASPY'12)
• DroidRanger: Detecting Malicious Smartphone Apps (NDSS'12)
• Woodpecker: Detecting Capability Leaks in Stock Android Smartphones (NDSS'12)
• A demo clip on
• TISSA: Taming Information-Stealing Smartphone Apps (TRUST'11)
• Hypervisor and OS protection
• HyperLock/HyperSafe/HyperSentry: Protecting Commodity Hypervisors (EuroSys'12, Oakland'10, CCS'10)
• Process Out-Grafting/VMwatcher: Enhancing VM Introspection (CCS'11, CCS'07)
• HookSafe/PoKeR/NICKLE: Defending Against OS Kernel Rootkits (CCS'09, EuroSys'09, RAID'08)
• Linux Kernel Protection (LKML patches: 1, 2, 3, 4 -- ACSAC'10)
  • Three of them are now adopted in mainstream Linux Kernel since version 2.6.38
• Malware capture and analysis
• HoneyMonkey: Detecting Malicious Websites (NDSS'06)
• AutoFormat/ReFormat: Reverse Engineering Malware Messages (ESORICS'09, NDSS'08)
• Collapsar/vGround: A VM-Based Honeyfarm Architecture (RAID'05, USENIX Security'04)

Teaching

- Fall 2012: CSC705 - OS Security
- Spring 2012: CSC405 - Introduction to Computer Security
- Fall 2011: CSC705 - OS Security
- Spring 2011: CSC705 - OS Security
- Fall 2010: CSC405 - Introduction to Computer Security
- Fall 2010: CSC801 - Seminar in Computer Science
- Spring 2010: CSC405 - Introduction to Computer Security
- Fall 2009: CSC591-004 - Special Topics in Computer Security
- Spring 2009: CSC501 - Operating Systems Principles
- Spring 2009: CSC801 - Seminar in Computer Science
- Fall 2008: CSC591S - Special Topics in Operating Systems Security
- Spring 2008: ISA564 - Security Laboratory
- Fall 2007: ISA564 - Security Laboratory
- Spring 2007: ISA797 - Advanced Topics in Information Security
- Fall 2006: ISA797 - Advanced Topics in Information Security

Students

- Current: Zhi Wang, Mike Grace, Deepa Srinivasan, Minh Q. Tran, Wu Zhou (co-advised with Prof. Peng Ning), Yajin Zhou, and Chiachih Wu
- Former stduents:

• Tyler Bletsch (Ph.D. 2011, co-advised with Prof. Vincent W. Freeh)
  • Thesis title: Code-Reuse Attacks: New Frontiers and Defenses
  • Current employment: NetApp, Inc.
• Siarhei Liakh (MS 2010, co-advised with Prof. Vincent W. Freeh)
  • Thesis title: Analyzing and Improving Linux Kernel Memory Protection: A Model Checking Approach
• Ryan D. Riley (Ph.D. 2009, co-advised with Prof. Dongyan Xu)
  • Thesis title: Architectural Approaches for Code Injection Defense at the User and Kernel Levels
  • Awards: (1) 2009 CERIAS Diamond Award, (2) Best Paper Award from the RAID'08 symposium
  • Current employment: Assistant Professor, Qatar University, Doha, Qatar

Service

- Editorial Board: International Journal of Security and Networks (IJSN) , 2011 -- present.
- Founding Editorial Board: ICST Transactions on Security and Safety, 2009 -- present.
- Treasurer, CCS 2012, Raleigh, NC, 2012.
- TPC Co-Chair, 2nd Workshop on Security and Privacy in Smartphones and Mobile Devices (CCS-SPSM'12), Raleigh, NC, 2012.
- TPC Member, 11th International Conference on Cryptology and Network Security (CANS'12), Darmstadt, Germany, 2012.
- TPC Member, 12th Annual Digital Forensics Research Conference (DFRWS'12), Washington, DC, 2012.
- TPC Member, 5th International Conference on Trust and Trustworthy Computing (TRUST) 2012, Vienna, Austria, 2012.
- TPC Member, International Workshop on Trustworthy Embedded Devices 2012 (in conjunction with Oakland 2012), San Francisco, CA, 2012.
- TPC Member, Mobile Security Technologies 2012 (in conjunction with Oakland 2012), San Francisco, CA, 2012.
- TPC Member, WWW 2012, Lyon, France, 2012.
- TPC Member, ISOC NDSS 2012, San Diego, CA, 2012.
- Workshop Organizational Chair, 1st Workshop on Security and Privacy in Smartphones and Mobile Devices (CCS-SPSM'11), Chicago, IL, 2011.
- TPC Co-Chair, 2nd Workshop on Security and Privacy in Cloud Computing (ICDCS-SPCC 2011), Minneapolis, MN, 2011.
- TPC Member, 7th International ICST Conference on Security and Privacy in Communication Networks (SecureComm 2011), London, 2011.
- TPC Member, 2nd International Conference on Cloud Computing, GRIDs, and Virtualization, Rome, Italy, 2011.
- TPC Member, 11th Annual Digital Forensics Research Conference (DFRWS'11), New Orleans, LA, 2011.
- TPC Member, 6th Workshop on Virtualization in High-Performance Cloud Computing (VHPC'11), 2011.
- TPC Member, IEEE ICDCS 2010, Genoa, Italy, 2010.
- TPC Member, 1st Workshop on Security and Privacy in Cloud Computing (ICDCS-SPCC 2010), Genoa, Italy, 2010.
- TPC Member, Workshop on Mirco Architectural Support for Virtualization, Data Center Computing, and Clouds (MASVDC'10), 2010.
- TPC Member, 12th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS 2010), New York City, NY, 2010.
- TPC Member, 4th International Conference on Trusted Cloud Infrastructure (ICTCI 2010), Shanghai, China, 2010.
- TPC Member, EuroSys Workshop on Isolation and Integration for Dependable Systems (IIDS 2010), Paris, France, 2010.
- TPC Member, 5th Workshop on Virtualization in High-Performance Cloud Computing (VHPC'10), Naples, Italy, 2010.
- TPC Member, 2nd ACM Workshop on Virtual Machine Security (VMSec) 2009, Chicago, IL, 2009.
- TPC Member, ESORICS 2009, Saint Malo, Brittany, France, 2009.
- TPC Member, RAID 2009, Saint-Malo, Britanny, France, 2009.
- TPC Member, WWW 2009, Madrid, Spain, 2009.
- TPC Member, IEEE S&P 2009, Berkeley/Oakland, CA, 2009.
- TPC Member, IEEE ICDCS 2009, Montreal, Canada, 2009.
- TPC Member, 4th Workshop on Virtualization in High-Performance Cloud Computing (VHPC'09), Delft, The Netherlands, 2009.
- TPC Member, Workshop on Virtualization Technology for Dependable Systems 2009, Nuremberg, Germany, 2009.
- TPC Member, ISOC NDSS 2009, San Diego, CA, 2009.
- TPC Member, 1st ACM Workshop on Virtual Machine Security (VMSec) 2008, Fairfax, VA, 2008.
- TPC Member, ACM Workshop on Scalable Trusted Computing (STC) 2008, Fairfax, VA, 2008.
- TPC Member, IEEE ICDCS 2007, Toronto, Canada, 2007.
- TPC Member - posters,WWW 2007, Alberta, Canada, 2007.

Last modified: April 28, 2012 calendar