Mission
The Center for System Security and Data Privacy (SEDAP) aims to leverage the research strengths of Indiana University in systems security and genomic data privacy to attain national and international prominence in related research areas.
Overview
The SEDAP center focuses on the following research areas, which are both the frontiers of today’s technology revolution and the strengths of IU:
- Data and Intelligent System Protection: The interdisciplinary team under the advice of Dr. Tang and Dr. Wang is among the earliest groups working on human genome privacy. Together with UCSD iDASH center, we have organized the annual iDASH genome privacy competitions (http://www.humangenomeprivacy.org) since 2014. Now the competition already becomes one of the most important venues for the privacy-related research in biomedicine, attracting 70 to 80 groups world-wide this year. While keeping our prominence in genome privacy, now we are moving into a bigger space, working on protection of private data disclosed through intelligent systems, such as deep neural networks. These systems often utilize the models trained on sensitive data. When they are providing services to the public, the adversary could infer the content of the training data through strategically querying the system. Also related is the challenges in protecting a machine learning system from adversarial examples posed by the attackers to exploit the system’s weaknesses. These directions are of critical importance to the future of computing. We believe our ongoing research will lead to high-impact discoveries and innovations.
- Cognitive Security and Cyber Crimes: We are recognized to be one of the most active groups on the measurement and analysis of underground business, publishing over 10 papers across all leading security venues (NDSS, Oakland, USENIX Security, CCS), winning a finalist position in CSAW Best Applied Security Paper Award. We started working on cognitive security, which utilizes artificial intelligence technologies to automatically sense and respond to potential security threats. Our work uses natural language processing (NLP) to capture over 11K compromised university and government domains including those of big US schools (Harvard, Stanford, etc.) and government agencies (NIH, US State Government, etc.). As another example, the techniques we propose for automatic collection of Cyber Threat Intelligence not only have been published at a leading security venue but won us a CSAW Best Practical Paper Award, arousing the great interest from the industry and government agency.
- Cloud, Mobile and IoT Security: For nearly a decade, we have been actively working on cloud, mobile and more recently IoT security. IU system security is known for its security analysis on web, cloud, mobile and IoT systems, which leads to the discovery of design weaknesses inside leading online payment services (Google, PayPal, Amazon), Single-Sign-on Systems (Facebook, Google, etc.), Android, OS X, iOS and healthcare IoT devices. Our work has changed the way industry builds secure systems, and has been covered by mainstream media many times. We published tens of top conference papers and won 6 NSF grants and 1 Army grant on the subject, and several honors (e.g., Best Practical Paper at Oakland, another CSAW best paper, winner of National Security Innovation, etc.). More recently, we are working on hardware-support security protection (e.g., using Intel SGX) and data-centric intelligent code analysis for mobile and IoT protection.