Statistical and Learning Algorithms for Designing and Analyzing Secure Systems

Muhammad Shahzad
Michigan State University


With the rich functionalities and enhanced computing capabilities available on mobile computing devices, users not only store sensitive information such as credit card numbers but also use privacy sensitive applications such as online banking on these devices. The password/PIN/pattern based authentication schemes that are used to make these devices secure are inherently vulnerable to shoulder surfing and smudge attacks. In the first part of this talk, I will present our work on designing behavior based user authentication schemes. Unlike password/PIN/pattern based schemes, which use "what" user inputs as the authentication secret, our schemes are based on "how" users behave and are thus significantly difficult to compromise. In the second part of this talk, I will present our work on the measurement study of software vulnerability life cycles. Software systems inherently contain vulnerabilities that can be exploited causing significant revenue losses. The study of vulnerability life cycles can not only help in the development, deployment, and maintenance of software systems but can also help in designing future security policies. I will present several statistically significant findings from our study of large software vulnerability data sets containing vulnerabilities disclosed since 1988 till 2012. Finally, towards the end of the talk, I will go over our work on design, measurement, modeling, and analysis of wireless and wired networking systems.