Purdue University - Department of Computer Science - Tian earns an NSF CAREER award Skip to main content

Tian earns an NSF CAREER award

02-23-2022

Peripheral devices, such as USB keyboards and drives, Bluetooth speakers and headsets, use Plug'n'Play (PNP) technology for automatic detection and configuration when connected. While extremely convenient for the user (as there is no need to install drivers), these peripherals can also be a security risk. Malicious devices could be inadvertently connected to your computer –– think USB drive found in a parking lot that could take over an industrial control system or a Bluetooth speaker able to intercept all the network traffic of a user's laptop once connected. This “trust-by-default" treatment allows direct interaction with low-level parts of the target machines, like operating systems. Solving the security issues while maintaining convenient user interfaces is part of current research at Purdue Computer Science.dave_tian.jpg

Dave (Jing) Tian, assistant professor of computer science, received a CAREER award from the National Science Foundation (NSF) to develop solutions to the problems with attack-prone peripheral devices for operating systems. This broad challenge includes enabling a trustworthy and formally-verified peripheral ecosystem and designing next-gen secure peripheral devices and operating systems.

Rather than targeting a specific peripheral attack, this project focuses on developing a model-guided and holistic approach for peripheral security in general, including both USB and Bluetooth. The goal is to leverage “models” extracted from peripheral specifications and stack implementations as key prior knowledge and then cover the whole life cycle of peripheral security, including pre-attack, runtime, and post-attack stages. 

Tools and techniques such as, model-guided fuzzing, debloating, and formal verification reduce the attack surface exposed to peripherals, while model-based firmware analysis, fingerprinting, and authentication enables the runtime integrity of the devices. Meanwhile, model-guided provenance, patching, and formal implementation allows for immediate and assured responding actions against peripheral attacks. 

This project will assess all these considerations within a combination of real-world applications (e.gAndroid USB security) and specification enhancements (e.gBluetooth security and privacy), and generalize the knowledge for securing both peripheral devices and host machines across hardware, firmware, and software stacks.

NSF CAREER awards are the organization’s most prestigious awards given to junior faculty who embody the role of teacher-scholars through research, education and the integration of those concepts within the mission of their organizations. CAREER awards support promising and talented researchers in building a foundation for a lifetime of leadership. Receiving this award reflects this project’s merit of the NSF statutory mission and its worthiness of financial support.

Professor Tian is an assistant professor in the Department of Computer Science at Purdue University, and is a member of PurSec Laboratory. His research philosophy focuses on finding problems in practice and solving them by applying fundamental concepts of secure system design and practical deployment. His current research involves embedded systems security and addresses the emerging threats of these trust-by-default peripheral devices by building defense solutions within the operating system - covering USB, Bluetooth, and NFC. In trusted computing research, he explores novel uses of hardware trust anchors to solve practical security issues, design new security systems, and build infrastructures.He earned his PhD in computer science and engineering from the University of Florida in 2019.

 

 

About the Department of Computer Science at Purdue University

Founded in 1962, the Department of Computer Science was created to be an innovative base of knowledge in the emerging field of computing as the first degree-awarding program in the United States. The department continues to advance the computer science industry through research. US News & Reports ranks Purdue CS #20 and #18 overall in graduate and undergraduate programs respectively, ninth in both software engineering and cybersecurity, 14th in programming languages, 13th in computing systems, and 24th in artificial intelligence. Graduates of the program are able to solve complex and challenging problems in many fields. Our consistent success in an ever-changing landscape is reflected in the record undergraduate enrollment, increased faculty hiring, innovative research projects, and the creation of new academic programs. The increasing centrality of computer science in academic disciplines and society, and new research activities - centered around data science, artificial intelligence, programming languages, theoretical computer science, machine learning, and cybersecurity - are the future focus of the department. cs.purdue.edu

 

Writer: Emily Kinsell, emily@purdue.edu

Source: Dave (Jing) Tian, daveti@purdue.edu

Last Updated: Feb 23, 2022 2:53 PM

Department of Computer Science, 305 N. University Street, West Lafayette, IN 47907

Phone: (765) 494-6010 • Fax: (765) 494-0739

Copyright © 2021 Purdue University | An equal access/equal opportunity university | Copyright Complaints

Trouble with this page? Disability-related accessibility issue? Please contact the College of Science.