Published and pre-published research works

SecureDL: Securing Code Execution and Access Control for Distributed Data Analytics Platforms
A two-layered, proactive and reactive, security framework for distributed frameworks, such as Apache Spark. In the proactive layer, we used program analysis to detect potential dangerous and malicious code early. In the reactive layer, we implemented attribute-based access control using aspect-oriented programming and secured the environment with security manager-based sandboxing.
SGX-IR: Secure Information Retrieval with Trusted Processors
A secure text and image based search engine using trusted processors. All the data indexing algorithms are data oblivious to reduce information leakage.
Paper Presentation Video
CryptoGuard: High precision detection of cryptographic vulnerabilities in massive-sized Java projects
Automated program analysis-based system to detect cryptographic API misuses in massive java projects. CryptoGuard efficiently and effectively identifies intended program slices by excluding language-specific non-essential elements, which reduces the rate of false-positive significantly. We helped harden the security of several high-impact apache projects, including Spark, Ranger, and Ofbiz.
SGX-BigMatrix: A practical encrypted data analytic framework with trusted processors
An encrypted data analytics framework that allows multiple distrusting parties to perform complex analytics and ML tasks on large encrypted data sets.
Paper Presentation Video
A practical framework for executing complex queries over encrypted multimedia data
ETL-Query framework for performing complex queries, such as, facial recognition, on encrypted images stored in simple cloud storages without native computation capability (e.g. S3, Dropbox).