News

March 20, 2012: we have launched the website sso-analysis.org, which can be used by web developers and security researchers to find authentication flaws in web single-sign-on (SSO) mechanisms. An earlier version of this service was used in our research to find eight serious flaws in various SSO systems, including Facebook, Google, PayPal, Janrain, and others.

Biography

Welcome to Rui Wang's homepage. I have started my career in Microsoft Research Redmond from October, 2011. My managers are Yi-Min Wang and Shuo Chen. Prior to joining Microsoft Research, I was a PhD student in Indiana University Bloomington, fortunately advised by Prof. XiaoFeng Wang, and Dr. Shuo Chen (co-advisor, Microsoft Research Redmond).

My research interests mainly focus on systems security, with an emphasis on web security. The topics I have been working on include web single-sign-on issues, ecommerce security, side-channel problems, privacy-preserving techniques, and reverse engineering of binary executables. I frequently publish papers on top security conferences, including USENIX Security, ACM CCS, and IEEE Symposium on Security & Privacy. My research has won best practical paper award from IEEE Symposium on Security & Privacy 2011, and PET Award for Outstanding Research in Privacy Enhancing Techniques from PET 2011.

I can be reached at ruiwanATmicrosoftDOTcom.

Publications

1. Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services. PDF

   By Rui Wang, Shuo Chen, XiaoFeng Wang

   Accepted by the 33th IEEE Symposium on Security and Privacy, San Francisco, CA, May. 2012. Acceptance Rate: 13%(40/307).

   Media coverage: Ars Technica, Dark Reading, ZDNet, The Register, PC World, etc.

2. How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores. Best Practical Paper. PDF

   By Rui Wang, Shuo Chen, XiaoFeng Wang, Shaz Qadeer

   Accepted by the 32th IEEE Symposium on Security and Privacy (oakland’11), Oakland, CA, May. 2011. Acceptance Rate: 11%(34/306).

   Media coverage: CNN Money, The Register, Network World, CNET, MSNBC, Internet Retailer, New Scientist, etc.

3. Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow. PET Award runners-up. PDF

   By Shuo Chen, Rui Wang, XiaoFeng Wang, Kehuan Zhang

   Accepted by the 31th IEEE Symposium on Security and Privacy (oakland’10), Oakland, CA, May. 2010. Acceptance Rate: 11%(26/237).

   Media coverage: The Register, Freedom to Tinker, Network World, Dark Reading, etc.

4. Sidebuster: Automated Detection and Quantification of Side-Channel Leaks in Web Application Development.

   By Kehuan Zhang, Zhou Li, Rui Wang, XiaoFeng Wang, Shuo Chen

   Accepted by the 17th ACM Conference on Computer and Communications Security (CCS’10), Chicago, IL, Oct. 2010. Acceptance Rate: 17%(55/320).

5. Learning Your Identity and Disease from Research Papers: Information Leaks in Genome Wide Association Study. PET Award. PDF

   By Rui Wang, Yong Li, XiaoFeng Wang, Haixu Tang, Xiaoyong Zhou

   Accepted by the 16th ACM Conference on Computer and Communications Security (CCS’09), Chicago, IL, Nov. 2009. Acceptance Rate: 18%(58/315).

6. Privacy-Preserving Genomic Computation Through Program Specialization. PDF

   By Rui Wang, XiaoFeng Wang, Zhou Li, Haixu Tang, Michael Reiter, Zheng Dong

   Accepted by the 16th ACM Conference on Computer and Communications Security (CCS’09), Chicago, IL, Nov. 2009. Acceptance Rate: 18%(58/315).

7. Panalyst: Privacy-Aware Remote Error Analysis on Commodity Software. PDF

   By Rui Wang, XiaoFeng Wang, Zhuowei Li

   To appear in the Proceedings of the 17th USENIX Security Symposium(Security’08), San Jose, CA, July 2008. Acceptance Rate: 16%(27/170).

8. Towards Automatic Reverse Engineering of Software Security Configuration. PDF

   By Rui Wang, XiaoFeng Wang, Kehuan Zhang and Zhuowei Li

   To appear in the Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08), Alexandra, VA, October, 2008. Acceptance Rate: 18%(51/281).

Professional Services

• External Reviewer for Conferences:

  2008: SecureComm, ACM CCS, RAID

  2010: IEEE S&P

  2011: WWW

Honors

• USENIX Security Symposium 2008 Student Stipend Award, 2008
• ACM CCS full travel grant, 2009

Summer Intern

• ISRC, Microsoft Research Redmond

  May 2009 - August 2009: working with Dr. Shuo Chen on Side Channel Leaks in Web Applications

• ISRC, Microsoft Research Redmond

  May 2010 - August 2010: working with Dr. Shuo Chen on Security Issues in Cashier-as-a-Service Based Web Applications

• ISRC, Microsoft Research Redmond

  May 2011 - August 2011: working with Dr. Shuo Chen on Security Issues in Single-Sign-On Systems