News & Updates

News:

  • 9 Sep 2023: ACM CPSS’24 (co-located with ACM ASIACCS’24) will be held in Singapore. I am serving as a Web Chair and PC Member. Consider submitting your work. Paper Submission deadlines: 15 Jan 2024 (1st round) & 18 Feb 2024 (2nd round).
  • 23 June 2023: ACM ASIACCS’24 (a flagship conference in Cybersecurity) will be held in Singapore. I am serving as a Web Chair and Local Organizing Committee Member. Consider submitting your work. Paper Submission deadlines: 21 Aug 2023 (1st round) & 7 Dec 2023 (2nd round).
  • 22 June 2023: We are organizing the IEEE SOLI’23 conference in Singapore. I am serving as a PC Co-Chair. Consider submitting your work. Paper Submission Deadline: 30 Sep 2023 (Extended).
  • 03 June 2023: We are organizing the IRC-SET’23 conference in Singapore. I am serving as a PC Co-Chair. Consider submitting your work. Paper Submission Deadline: 15 Jul 2023.
  • 25 May 2022: We are organizing the IRC-SET’22 conference. I am serving as a PC Co-Chair. Consider submitting your recent research work. Paper Submission Deadline: 7 Jul 2022.
  • 15 Sep 2021: We are organizing the IEEE SOLI’21 conference. I am serving as a PC Co-Chair. Consider submitting your research work. Paper Submission Deadline: 20 Nov 2021 (Extended).
  • 05 May 2021: We are organizing the IRC-SET’21 conference. I am serving as a PC Co-Chair. Consider submitting your research work. Paper Submission Deadline: 7 Jul 2021.

Projects

*
All Memory-Safety V2X-Security Blockchain SecSES IIoT Security ICS/CPS Security MFS DDID Biometrics Applied Cryptography

Decentralized Digital Identities

In this project, we design decentralized digital identities for various purposes.

Biometrics

In this project, we design novel behavioural biometric techniques for user identification and verification.

Multi-Factor Security

In this project, we construct multi-factor security schemes for various systems and domains.

IIoT Security

In this project, we secure resource-constrained IoT devices against a wide-range of security concerns. In particular, we work on lightweight multi-factor authenticated key exchange schemes to establish secure communication channels in the IIoT network.

ICS/CPS Security

The ICS/CPS has been widely adopted in various critical infrastructures, hence they have also been a strategic target of cybercrime. I extensively involved in the security of ICS/CPS to address a wide-range of security, memory-safety and resilience issues.

Blockchain for Cybersecurity

In this project, we explore and adopt the applications of blockchain to address various cybersecurity issues in different domains.

V2X Security

In this project, we secure Vehicle-to-Everything (V2X) communications against a wide-range of cyber threats.

Applied Cryptography

In this project, we work on various cryptographic protocols and applications, such as lightweight authentication schemes, for various domains with different security and performance requirements.

Memory Safety

Enforcing memory-safety in critical infrastructures, particularily in the cyber-physical systems (CPS) and industrial control systems (ICS) domain.

Secure Smart Energy Systems

Authentication and authorization of privacy-sensitive data for an energy box in a smart home gateway.

Publications

Quickly discover relevant content by filtering publications.

(2024). MFAA: Historical Hash Based Multi-Factor Authentication and Authorization in IIoT. In Proceedings of the 10th Annual Industrial Control System Security (ICSS’24) Workshop (with ACSAC’24), IEEE.

(2024). Excavating Vulnerabilities Lurking in Multi-Factor Authentication Protocols: A Systematic Security Analysis. In CoRR abs, arXiv.

PDF DOI Preprint

(2023). VulnGen: Vulnerable Virtual Machine Generator. In Proceedings of the 17th IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI’23), IEEE.

DOI

(2023). EARIC: Exploiting ADC Registers in IoT and Control Systems. In Proceedings of the ACNS’23 Workshop on Artificial Intelligence and Industrial IoT Security (AIoTS’23), Springer.

PDF DOI

(2023). IRC-SET 2023: Proceedings of the 9th IRC Conference on Science, Engineering and Technology. In Proceedings of IRC-SET 2023, Springer.

DOI Book on Amazon

(2023). On the Security of Containers: Threat Modeling, Attack Analysis, and Mitigation Strategies. In Computers & Security journal, Elsevier.

PDF DOI

(2022). IRC-SET 2022: Proceedings of the 8th IRC Conference on Science, Engineering and Technology. In Proceedings of IRC-SET 2022, Springer.

DOI Book on Amazon

(2021). DARUD: Detecting and Arresting Rogue USB Devices in the V2X Ecosystem. In Proceedings of the 15th IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI’21), IEEE.

PDF DOI

(2021). Enhance Enterprise Security through Implementing ISO/IEC27001 Standard. In Proceedings of the 15th IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI’21), IEEE.

DOI

(2021). Threat Modeling and Security Analysis of Containers: A Survey. In CoRR abs, arXiv.

PDF Preprint

(2021). IRC-SET 2021: Proceedings of the 7th IRC Conference on Science, Engineering and Technology. In Proceedings of IRC-SET 2021, Springer.

DOI Book on Amazon

(2021). SCOPE: Secure Compiling of PLCs in Cyber-Physical Systems. In International Journal of Critical Infrastructure Protection (IJCIP), Elsevier.

PDF DOI

(2020). CIMA: Compiler-Enforced Resilience Against Memory Safety Attacks in Cyber-Physical Systems. In Computers & Security journal, Elsevier.

PDF DOI CVE-2018-20818

(2019). ICS-SEA: Formally Modeling the Conflicting Design Constraints in ICS. In Proceedings of the Fifth Annual Industrial Control Systems Security (ICSS’19) Workshop, co-located with ACSAC, ACM.

PDF Slides DOI

(2018). Taming the War in Memory: A Resilient Mitigation Strategy Against Memory Safety Attacks in CPS. In CoRR abs, arXiv.

PDF DOI

(2018). Enforcing Full-Stack Memory Safety in Cyber-Physical Systems. In Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS’18), Springer.

PDF DOI

(2017). Enforcing Memory Safety in Cyber-Physical Systems. In Proceedings of the ESORICS workshop on Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS’17), Springer.

PDF DOI

(2014). Attribute Based Access Control for APIs in Spring Security. In Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT’14), ACM.

DOI

(2014). Selective Release of Smart Metering Data in Multi-domain Smart Grids. In Proceedings of the Smart Grid Security Workshop (SmartGridSec’14), co-located with ESSoS’14, Springer.

DOI

Professional Services

PC Co-Chair:

Web Chair:

  • ACM ASIACCS’24 (Submission Deadlines: 21 Aug 2023 (1st Round) & 7 Dec 2023 (2nd Round))
  • ACM CPSS’24 (Submission Deadlines: 15 Jan 2024 (1st Round) & 18 Feb 2024 (2nd Round))

PC Member:

Conference External Reviewer:

Journal Articles Reviewer:

Awards & Achievements

Teaching

Computer Systems Engineering, Singapore University of Technology and Design, 2017

  • Description: As part of my PhD study requirement, I served as a Teaching Assistant (TA) for the Computer Systems Engineering (CSE) undergraduate course at Singapore University of Technology and Design, with course instructors Prof. David Yau and Dr. Jit Biswas.
  • Key topics:
    • Basic principles in the design of large-scale computing systems
    • Process management and multithreaded programming
    • Process scheduling, synchronization, deadlock
    • End-to-end network performance (e.g., loss, throughput, and delay)
    • Network security: applied cryptography, key certification, CIA triad, types of network attacks
    • Client-server network programming, HTTP and the World Wide Web

Contact