Dongtao Liu 5th Year Ph.D. Candidate Department of Computer Science Duke University LSRC D311, Research Dr. Durham, NC 27708, USA Email: dliu@cs.duke.edu Tel: (919)660-6584

Education

2008.9 ~ Now Ph.D. Student in Computer Science, Duke University.

2005.8 ~ 2008.7 M.S. Degree in Computer Science and Technology, Tsinghua University.

2001.9 ~ 2005.7 B.S. Degree in Automation, Tsinghua University.

Research

My research interests include security and privacy on mobile computing and online social networks.

My advisor is Dr. Landon P. Cox.

Projects:

• ScreenPass: Secure Password Entry for Touchscreen Devices (09/2011 - 04/2013)

  Users routinely access cloud services through third-party apps on smartphones by giving apps login credentials (i.e., a username and password). Unfortunately, users have no assurance that their apps will properly handle this sensitive information. In this paper, we describe the design and implementation of ScreenPass, which significantly improves the security of passwords on touchscreen devices. ScreenPass secures passwords by ensuring that they are entered securely, and uses taint-tracking to monitor where apps send password data. The primary technical challenge addressed by ScreenPass is guaranteeing that trusted code is always aware of when a user is entering a password. ScreenPass provides this guarantee through two techniques. First, ScreenPass includes a trusted software keyboard that encourages users to specify their passwords' domains as they are entered (i.e., to tag their passwords). Second, ScreenPass performs optical character recognition (OCR) on a device's screenbuffer to ensure that passwords are entered only through the trusted software keyboard.

• Confidant: Protecting OSN Data without Locking it Up (08/2009 - 12/2010)

  Online social networks (OSNs) are immensely popular, but their centralized control of user data raises important privacy concerns. Confidant provides a decentralized OSN framework which preserves user privacy while still enables scalable data processing. Confidant hooks the interface of Facebook in order to split data storage from it and leave it only for update notifications. Social relationships are exploited so that servers controlled by most trustworthy friends provide clear-text storage for the user's OSN data, which enables scalable data-processing framework. A light-weighted and free cloud service is introduced to help maintain data consistency and server availability. Sponsored by the National Science Foundation under grant IIS-0916649.

• Vis-à-Vis: Privacy-Preserving OSN via Virtual Individual Servers (08/2009 - 12/2009)

  Vis-à-Vis is a decentralized framework for OSNs based on the privacy-preserving notion of a VIS. A VIS is a personal virtual machine running in a paid compute utility. In Vis-à-Vis, a person stores her data on her own VIS, which arbitrates access to that data by others. VISs self-organize into overlay networks corresponding to social groups. We focus on preserving the privacy of location information in this project while the distributed tree structure can be generalized to store other sensitive OSN data.

Full List

Publications

• ScreenPass: Secure Password Entry for Touchscreen Devices [PDF] [BLOG]
  Dongtao Liu, Eduardo Cuervo, Valentin Pistol, Ryan Scudellari, and Landon P. Cox
  11th International Conference on Mobile Systems, Applications and Services (MobiSys 2013)


• Confidant: Protecting OSN Data without Locking it Up [PDF] [TR] [ACM]
  Dongtao Liu, Amre Shakimov, Ramón Cáceres, Alexander Varshavsky, and Landon P. Cox
  12th International Middleware Conference (Middleware 2011)


• Vis-à-Vis: Privacy-Preserving Online Social Networks via Virtual Individual Servers [PDF] [IEEE]
  Amre Shakimov, Harold Lim, Ramón Cáceres, Landon P. Cox, Kevin Li, Dongtao Liu, and Alexander Varshavsky.
  3rd International Conference on Communication Systems and Networks (COMSNETS 2011)

Posters:

• Two Sides of The Privacy Coin in Decentralized OSNs [PDF]
  Amre Shakimov, Dongtao Liu, Ramón Cáceres, Alexander Varshavsky, and Landon P. Cox
  OSDI Diversity 2010

Full List

Work

• Software Engineering Intern, Google Inc, Mountain View, CA. (06/2012 - 08/2012)

  Mobile Ads Display Team (MAD), Mentor: Ping Wu

  1. Detect near-duplicate apps across iOS and Android markets according to their publishers, URLs, titles, icon images, etc.

  2. Extract search keyword recommendations for apps from Google Play user session logs. Developed in C++ under Map-Reduce framework.

• Software Engineering Intern, Google Inc, Mountain View, CA. (06/2011 - 08/2011)

  Ads Traffic Quality Team (AdSpam), Mentor: Carmelo Kintana

  Design and implement the next generation blacklist infrastructure. Develop in Python and Google Sawzall Language.

Miscellanea

• My Google Scholar


• My LinkedIn


• My Wife's Homepage


• My Picasa Album

Last updated: 12/21/2012

Since 12/01/2010