News

• I would like to talk about a non-technical but proud contribution that our research made recently. As part of our research results, we made a number of findings about new security issues in Facebook SDKs and its mobile apps in two projects (one with Shuo Chen, Yuchen Zhou, etc. on SDK Assumptions, another one with Luyi Xing, XiaoFeng Wang, and Shuo Chen on mobile security). Facebook acknowledged us by awarding us 5 bug bounties with various amounts. We chose to donate the money to charity programs, and Facebook always one-to-one matched the donations. In total, our research, together with Facebook, has contributed $22,000 to 4 charity programs, which are helping people suffering from earthquakes to recover, providing kids in poor areas of China to eat one egg per day, helping girls in refugees of Kenya to receive basic education, and living skills, etc.

Biography

Welcome to Rui Wang's homepage. I have started my career in Microsoft Research Redmond from October, 2011. My managers are Yi-Min Wang and Shuo Chen. Prior to joining Microsoft Research, I was a PhD student in Indiana University Bloomington, fortunately advised by Prof. XiaoFeng Wang, and Dr. Shuo Chen (co-advisor, Microsoft Research Redmond).

My research interests mainly focus on systems security, with an emphasis on web security. The topics I have been working on include web single-sign-on issues, ecommerce security, side-channel problems, privacy-preserving techniques, and reverse engineering of binary executables. I frequently publish papers on top security conferences, including USENIX Security, ACM CCS, and IEEE Symposium on Security & Privacy. My research has won best practical paper award from IEEE Symposium on Security & Privacy 2011, and PET Award for Outstanding Research in Privacy Enhancing Techniques from PET 2011.

I can be reached at ruiwanATmicrosoftDOTcom.

Publications

1. Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization. PDF

   By Rui Wang, Yuchen Zhou, Shuo Chen, Shaz Qadeer, David Evans, Yuri Gurevich

   no. MSR-TR-2013-37, 19 March 2013.

2. Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services. PDF

   By Rui Wang, Shuo Chen, XiaoFeng Wang

   Accepted by the 33th IEEE Symposium on Security and Privacy, San Francisco, CA, May. 2012. Acceptance Rate: 13%(40/307).

   Media coverage: Ars Technica, Dark Reading, ZDNet, The Register, PC World, etc.

3. How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores. Best Practical Paper. PDF

   By Rui Wang, Shuo Chen, XiaoFeng Wang, Shaz Qadeer

   Accepted by the 32th IEEE Symposium on Security and Privacy (oakland’11), Oakland, CA, May. 2011. Acceptance Rate: 11%(34/306).

   Media coverage: CNN Money, The Register, Network World, CNET, MSNBC, Internet Retailer, New Scientist, etc.

   Industry impact: PayPal had a 44-minute talk about our free-shopping work on its Annual Developer Conference 2011.

4. Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow. PET Award runners-up. PDF

   By Shuo Chen, Rui Wang, XiaoFeng Wang, Kehuan Zhang

   Accepted by the 31th IEEE Symposium on Security and Privacy (oakland’10), Oakland, CA, May. 2010. Acceptance Rate: 11%(26/237).

   Media coverage: The Register, Freedom to Tinker, Network World, Dark Reading, etc.

5. Sidebuster: Automated Detection and Quantification of Side-Channel Leaks in Web Application Development.

   By Kehuan Zhang, Zhou Li, Rui Wang, XiaoFeng Wang, Shuo Chen

   Accepted by the 17th ACM Conference on Computer and Communications Security (CCS’10), Chicago, IL, Oct. 2010. Acceptance Rate: 17%(55/320).

6. Learning Your Identity and Disease from Research Papers: Information Leaks in Genome Wide Association Study. PET Award. PDF

   By Rui Wang, Yong Li, XiaoFeng Wang, Haixu Tang, Xiaoyong Zhou

   Accepted by the 16th ACM Conference on Computer and Communications Security (CCS’09), Chicago, IL, Nov. 2009. Acceptance Rate: 18%(58/315).

7. Privacy-Preserving Genomic Computation Through Program Specialization. PDF

   By Rui Wang, XiaoFeng Wang, Zhou Li, Haixu Tang, Michael Reiter, Zheng Dong

   Accepted by the 16th ACM Conference on Computer and Communications Security (CCS’09), Chicago, IL, Nov. 2009. Acceptance Rate: 18%(58/315).

8. Panalyst: Privacy-Aware Remote Error Analysis on Commodity Software. PDF

   By Rui Wang, XiaoFeng Wang, Zhuowei Li

   To appear in the Proceedings of the 17th USENIX Security Symposium(Security’08), San Jose, CA, July 2008. Acceptance Rate: 16%(27/170).

9. Towards Automatic Reverse Engineering of Software Security Configuration. PDF

   By Rui Wang, XiaoFeng Wang, Kehuan Zhang and Zhuowei Li

   To appear in the Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08), Alexandra, VA, October, 2008. Acceptance Rate: 18%(51/281).

Interns

• Summer 2012: Yuchen Zhou, from University of Virginia, working on web security

Professional Services

• Academic Service

  2013: Program Committee for ASIACCS

• External Reviewer for Conferences:

  2008: SecureComm, ACM CCS, RAID

  2010: IEEE S&P

  2011: WWW

  2012: ACM CCS, WWW