Hello, my friend, My name is Yugeng Liu and I am a student from Shanghai Jiaotong University. I am also a researcher majoring in security in the NSEC laboratory lead by Prof. Haojin Zhu. Since 2016, I have cooperated with Prof. Yinqian Zhang from OHIO State University and we have a paper on the submission in IEEE Symposium on Security and Privacy. Currently, I am doing the research on Android Third-Party Library Detection which is cooperating with Dr. Zhushou Tang from Shanghai Pwnzen Infotech LTD. I also write some blogs in Chinese and you can click learn more if you have interests.
Now, I have two papers on the submission. One is about the third-party library detection in ICSE and anthor is about IoT security in Oakland S&P. If you are interested in these two parts, we can discuss more.
After graduation from high school in summer 2014, I start the college life in Shanghai Jiao Tong University. At the first year in SJTU, I was elected as commissary in charge of publicity in my class. I schemed and organized some activities in our class such as chorus competition, spring outing and so on. I exercised much more during these activities and got the excellent student cadre awards by School of Electronic Information and Electrical Engineering. In this term, I attend a Hackathon which was organized by Ericsson Snoy. Finally, we got second awards in this competition. At the end of this term, I achieved the Academic Excellence Scholarship which made very proud of it.
In 2015 summer vacation, I went to University of Melbourne to exchang for one month. During this time, I learn the courses about the Signal and System and eventually, got a good grade in this short term. At the last week in Australia, I travelled around this counntry. It is a fantastic jounery to go sightseeing aboard.
At secound year in SJTU, I got an chance to join the Northeast Basketball team and in this season, we got the runner-up finally. It is my first time to attend the team and got the awards. I help me learn more about this sport.
In 2016 spring, I joined TOIH team organized by NSEC Laboratory and Team Pangu to do the CTF contest. I have been fousing on the Reverse Engineer. We attend the contest many times and our best grade is the Top 20 around the world. However, after our senior graduated from our school, our team lose the leader and finally, we dissolved because of technology. In summer vacation, I have an internship at Team Pangu, a security team major in mobile and cyber. During this time, I attend Mobile Security Conference(Mosec) as a staff. I also help other programmer to finish a project about the detection on malicious software. Later in this year, I got an opportunity to attend a research group lead by Prof. Haojin Zhu and cooperated with Prof. Yinqian Zhang from OHIO State University. We have been working on the Sumsang SmartThings for over one year. I will introduce more detials about my research as following.
In 2017 spring, I was a volunteer to attend the ACM Turing 50th Celebration Conference. And I am very fortunate that I have the chance to communicate with Prof. Trent Jaeger and send him to the Pudong Airport at the end of the conference. I knew more about the security in the world after talking with him. Later in summer, I was invited to attend the Mosec as a Hacker. I think it is honorable for me to be invited. I saw the most popular research in the industry such as jailbreak in iOS11 and hack the drone.
Octomber, I was very honorable to attend the CCS in Dallas. During this time, I know more about security and the trend of this major. It is a precious oppotunity to communicate with many famous teacher.
1. IoT Security on SmartThings
Smart home is an emerging technology for intelligently connecting a large variety of smart sensors and devices to facilitate automation of home appliance, lighting, heating and cooling systems, and security and safety systems. In recent years, the smart home market has experienced a rapid growth. Our research revolves around Samsung SmartThings, a smart home platform which has the largest number of apps among currently available smart home platforms, and supports a broad range of devices including motion sensors, door locks and fire alarms. In particular, we study side-channel inference on smart home wireless traffic. Unlike traditional use of such side channels, we leverage the inference capabilities to design and develop a smart home anomaly detection systems, dubbed SMARTDETECTOR, which, by exploiting side-channel information of the wireless traffic in the smart home network, infers the activities of the installed SmartApps. Moreover, by comparing with their expected behaviors as dictated in their source code or UI interfaces, SMARTDETECTOR detects anomaly in their interaction with the smart devices. To evaluate the effectiveness of SMARTDETECTOR, we analyzed 181 official SmartApps and performed evaluation on 60 malicious SmartApps developed by ourselves, which either performed over-privileged accesses to smart devices or conducted event-spoofing attacks. The evaluation results suggest that SMARTDETECTOR can effectively validate the working logic of SmartApps and achieve a high accuracy in the detection of SmartApp misbehaviors. Moreover, as the same side-channel vector can be exploited by a closeby attacker to breach the privacy of the residents, we further propose an enhancement of SMARTDETECTOR. By injecting spoofing traffic, SMARTDETECTOR obfuscates the SmartApp traffic pattern sufficiently to defeat inference attacks against the smart home network, while preserving the capability of detecting misbehaved SmartApps.
2. Third-Party Library Detection
Third-party library (TPL) detection in Android has been a hot topic to security researchers for a long time. A precise yet scalable detection of TPLs in applications can greatly facilitate other security activities such as malware detection, and privacy leakage detection. Since TPLs of specific versions may exhibit their own security issues, the identification of TPL as well as its concrete version, can help assess the security of Android APPs. However in reality, existing approaches of TPL detection suffer from low efficiency and accuracy due to insufficient analysis data, inappropriate features, or the disturbance from code obfuscation, shrinkage, and optimization.
We present an automated approach, named PanGuard, to detect TPLs from an enormous number of Android APPs. We propose a novel combination of features including both structural and content information for packages in APPs to characterize TPLs. In order to address the difficulties caused by code obfuscation, shrinkage, and optimization, we identify the invariants that are unchanged during mutation, separate TPLs from the primary code in APPs, and use these invariants to determine the contained TPLs as well as their versions. The extensive experiments show that PanGuard achieves a high accuracy and scalability simultaneously in TPL detection.
PanGuard is implemented and applied on an industrial platform Janus, and powers the identification of TPL. Based on the detection results from millions of Android APPs, we successfully identify over 800 TPLs with 12 versions on average. By investigating the differences amongst these versions, we identify over 10 security issues in TPLs, and shed light on the significance of TPL detection with the caused harmful impacts on the Android ecosystem.
1. Using Bluetooth in iPhone to control the car
In this project, I use Swift3.0 to write an APP to control a car by bluetooth. It is uesd CC2531 in the car to connect with my iPhone. In this APP, you can control the car by voice, gesture (slide to up, down, left and right), the control kryboard, gravity sensor or inputting the command. For iPhone 6s or latter, you can also use 3D Touch to change the different speed of the car.
[2014-2015] Academic Excellence Scholarship of Shanghai Jiao Tong University (Top 25% student)
[2014-2017] Commissary in Charge of Publicity in Class
[2014-2016] SEIEE Excellent Student Cadre
 Second Award of Ericsson Hackathon
 Runner-up of the Shuiyuan Basketball Game
[2016-2017] Staff and Hacker of Mobile Security Conference Organized by Team Pangu
 Honorable Award of MCM/ICM Contest
 Volunteer of ACM Turing 50th Celebration Conference
 Champion of the TiZong Basketball Game
[2014-2017] Volunteer of Shanghai International Marathon
You can send sjtu email or gmail to me if you want ot contect with me no matter in research or in life. And also welcome to our lab communicating with me if you want.