I obtained my B.S. in computer science from
Peking University in 1997, and M.S. in computer science from
University of Minnesota in 1998.
I joined the faculty of the Department of Computer Science
of NCSU fall 2003 after getting my Ph.D. in computer science from the University
of Illinois at Urbana-Champaign.
Recent Professional Activities
- Workshop Chair: CCS'09, CCS'10
- Web Chair: CCS'08
- Program Chair: 2007 ACM Workshop on Privacy in the Electronic Society (WPES'07)
- Program Co-Chair: 2006 ACM Workshop on Privacy in the Electronic Society (WPES'06)
- TPC Member: PETS10, SACMAT10, WAIM10, PASSAT10, PETS09, SACTMAT09, DBSec09, WWW09, ICDE09, CCS08, WPES08, SACMAT08, DBSec08, CCS07, VLDB07, ICDE07, CCS06
My research interest includes trust management and privacy preservation
in open systems, and database management systems. I am a member of the
Cyber Defense Laboratory.
My current projects include the following:
- Trust and privacy management in online social networks. Online social networks greatly expand the scale of people's social connections, and are increasingly becoming an open computing platform, where new services can be quickly offered and propagated. Mechanisms for trust management and privacy protection are integral to the future success of online social networks. This project develops theoretical and practical techniques for the management of trust and privacy for online social networks, with a focuse on flexible trust models for social networks, privacy preserving feedback issuing and management, and graph anonymization for the sharing of social network data.
- Obligation policies and management. The correct behavior and reliable operation of an information system relies not only on what users are permitted to do, but oftentimes on what users are required to do. Such obligatory actions are integral to the security procedures of many enterprises. This project develops a comprehensive framework for the management of obligations in security policies, which covers the full life cycle of obligations, including obligation modeling, specification, analysis, monitoring and discharges. Specifically, the project formally identifies the desirable security objectives that are characteristic of systems that involve obligations, and systematically investigates dynamic and static means to maintaining these objectives while such systems evolve.
- Fine-grained database access control. Complex business security and privacy policies often require to control information accessibility in row level or even cell level. In this project, we formally study the correctness criteria for query answering when a database is protected under fine-grained access control. We also investigate techniques through both query modification and query evaluation engine modification to efficiently enforce fine-grained access control in relational databases.
Here is a list of my publications. It can also be found