I am a Professor of Computer Science and Engineering (CSE) at The Ohio State University (OSU). I am also a faculty member at Translational Data Analytics Institute (TDAI), Center for Automotive Research (CAR), and the recently launched Institute for Cybersecurity and Digital Trust (ICDT).
I am broadly interested in most of the cybersecurity problems (e.g., vulnerability finding, authentication, authorization, applied cryptography, side channels, and deception), with a key focus on using or innovating program analysis to solve the security problems.
In the past, I have been working on using (or developing) program analysis and reverse engineering techniques for vulnerability discovery with native binary code, and recently also on byte code, script code, or even source code, covering the entire software stack from firmware to applications, from web and moblie to IoT. In addition to finding the vulnerabilities, I also work on hardening the software against attacks, particulary on using (or improving) binary code rewriting, virtual machine introspection, and recently trusted execution environment (TEE) towards this goal.
Sometimes, I also use program analysis as a tool for measurement studies in order to gain insights and understanding on the security problems of interest.
I am a recipient of NSF CAREER Award and AFOSR YIP Award. In addition to AFOSR and NSF, my research has also been supported in part by other federal angencies such as ARO, DARPA, NHTSA, NSA, and ONR, and industry such as Amazon, Cisco, Raytheon, and VMware.