Debin Gao
CV
Associate Professor
Email: dbgao at smu.edu.sg
Tel: (65) 6828 0969
School of Information Systems
Singapore Management University
80 Stamford Road
Singapore 178902

Useful links

Reading list for QE in security topics
Security Reading Group
Private cloud


Research interests

Mobile security
Software security
Computer security


Prospective students

I'm currently looking for undergraduate and graduate students to work with me. If you are interested, you can send me an email to arrange a meeting.


Employment opportunity

We are hiring research engineers and postdocs for various computer security projects. In particular, candidates with research experience in the following areas are most welcome to apply.

  • Software security, static and dynamic analysis of binaries;
  • Mobile security;
  • Security in cloud.

  • A research engineer needs to have at least a bachelor degree in computer science or related disciplines, and a masters degree is preferred. The postdoc needs to have a PhD degree.

    The positions have an initial contract of one year. Extension to a second year is conditioned on the successful review by the end of the first year. Monthly salary ranges between 2,800 and 5,500 Singapore dollars. We will assist in applying for employment passes for successful candidates. Positions are open until filled. Please contact me if you have any questions.


    Current graduate students

  • TANG Xiaoxiao
  • WU Daoyuan


  • Other students, research staffs

  • JIANG Baihe (Graduate student at Wuhan University)
  • LIU Weiji (Graduate student at Wuhan University)

    Past graduate students

  • GUPTA Payas (Postdoctoral fellow at New York University)
  • HAN Jin (Twitter)
  • LI Peng (Vmware)
  • TEY Chee Meng (DSO)


  • Teaching

    2016-2017 Term 1: IS 204 Networking
    IS 437 Software and Systems Security


    Advertisements

    I'm involved in the following conferences and journals.

  • AISC 2017: Australasian Information Security Conference
  • ICCNS 2016: The 6th International Conference on Communication and Network Security
  • ICMC 2017: The Third International Conference on Mathematics and Computing
  • CSE 2016: The 19th IEEE International Conference on Computational Science and Engineering
  • AsiaCCS 2016: The 11th ACM Symposium on Information, Computer and Scommunications Security
  • CODASPY 2016: The 6th ACM Conference on Data and Application Security and Privacy
  • SG-CRC 2016: The 1st Singapore Cyber Security R&D Conference
  • SecureComm 2015: The 11th International Conference on Security and Privacy in Communication Networks
  • ICICS 2015: the 10th International Conference on Information and Communications Security
  • AsiaCCS 2015: The 10th ACM Symposium on Information, Computer and Scommunications Security
  • CODASPY 2015: The 5th ACM Conference on Data and Application Security and Privacy
  • ICISSP 2015: The 1st International Conference on Information Systems Security and Privacy
  • SPSM 2014: The 4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices
  • SecureComm 2014: The 10th International Conference on Security and Privacy in Communication Networks
  • AsiaCCS 2014: The 9th ACM Symposium on Information, Computer and Scommunications Security
  • CODASPY 2014: The 4th ACM Conference on Data and Application Security and Privacy
  • LASER 2013: Learning from Authoritative Security Experiment Results workshop
  • RAID 2013: The 16th International Symposium on Research in Attacks, Intrusions and Defenses
  • ICICS 2013: the 15th International Conference on Information and Communications Security
  • Oakland 2013: The 34th IEEE Symposium on Security and Privacy
  • ISPEC 2013: The 9th Information Security Practice and Experience Conference
  • AsiaCCS 2013: The 8th ACM Symposium on Information, Computer and Scommunications Security
  • CODASPY 2013: The 3rd ACM Conference on Data and Application Security and Privacy
  • RAID 2012: The 15th International Symposium on Research in Attacks, Intrusion and Defenses
  • Oakland 2012: The 33rd IEEE Symposium on Security and Privacy
  • AsiaCCS 2012: The 7th ACM Symposium on Information, Computer and Scommunications Security
  • RAID 2011: The 13th International Symposium on Recent Advances in Intrusion Detection
  • CICS 2011: The 2011 IEEE Symposium on Computational Intelligence in Cyber Security
  • ISPEC 2011: The 7th Information Security Practice and Experience Conference
  • Oakland 2011: The 32nd IEEE Symposium on Security and Privacy
  • ICISS 2010: The 6th International Conference on Information Systems Security
  • SSIRI 2010: The 4th IEEE International Conference on Secure Software Integration and Reliability Improvement
  • Oakland 2010: The 31st IEEE Symposium on Security and Privacy
  • CICS 2009: The 2009 IEEE Symposium on Computational Intelligence in Cyber Security
  • ISC 2008: The 11th Information Security Conference
  • RAID 2008: The 11th International Symposium on Recent Advances in Intrusion Detection
  • ACNS 2008: The 6th Applied Cryptography and Network Security
  • Selected publications

    A novel covert channel detection method in cloud based on XSRM and improved event association algorithm
    Lina Wang, Weijie Liu, Neeraj Kumar, Debiao He, Cheng Tan, and Debin Gao
    In Security and Communication Networks, October 2016

    Control Flow Integrity Enforcement with Dynamic Code Optimization
    Yan Lin, Xiaoxiao Tang, Debin Gao and Jianming Fu
    In Proceedings of the 19th Information Security Conference (ISC 2016), Honolulu, USA, September 2016

    MobiPot: Understanding Mobile Telephony Threats with Honeycards
    Marco Balduzzi, Payas Gupta, Lion Gu, Debin Gao and Mustaque Ahamad
    In Proceedings of the 11th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2016), Xi'an, China, May 2016

    Integrated Software Fingerprinting via Neural-Network-Based Control Flow Obfuscation
    Haoyu Ma, Ruiqi Li, Xiaoxu Yu, Chunfu Jia and Debin Gao
    In IEEE Transactions on Information Forensics & Security (TIFS), Apr 2016

    MopEye: Monitoring Per-app Network Performance with Zero Measurement Traffic
    Daoyuan Wu, Weichao Li, Rocky K. C. Chang and Debin Gao
    In Proceedings of the 11th International Conference on emerging Networking EXperiments and Technologies (CoNEXT 2015), Heidelberg, Germany, December 2015

    Stack Layout Randomization with Minimal Rewriting of Android Binaries
    Yu Liang, Xinjie Ma, Daoyuan Wu, Xiaoxiao Tang, Debin Gao, Guojun Peng, Chunfu Jia and Huanguo Zhang
    In Proceedings of the 18th annual International Conference on Information Security and Cryptology (ICISC 2015), Seoul, Korea, November 2015

    Replica Placement for Availability in the Worst Case
    Peng Li, Debin Gao and Mike Reiter
    In Proceedings of the 35th International Conference on Distributed Computing Systems (ICDCS 2015), Columbus, Ohio, USA, June 2015

    Software Watermarking using Return-Oriented Programming
    Haoyu Ma, Kangjie Lu, Xinjie Ma, Haining Zhang, Chunfu Jia and Debin Gao
    In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015), Singapore, April 2015

    Android or iOS for Better Privacy Protection?
    Jin Han, Qiang Yan, Debin Gao, Jiangying Zhou and Robert Deng
    In Proceedings of the International Conference on Secure Knowledge Mangagement in Big-data era (SKM 2014), Dubai, United Arab Emirates, December 2014, invited paper

    StopWatch: A Cloud Architecture for Timing Channel Mitigation
    Peng Li, Debin Gao and Michael K. Reiter
    In ACM Transactions on Information and System Security (TISSEC), November 2014

    Control Flow Obfuscation using Neural Network to Fight Concolic Testing
    Haoyu Ma, Xinjie Ma, Weijie Liu, Zhipeng Huang, Debin Gao and Chunfu Jia
    In Proceedings of the 10th International Conference on Security and Privacy in Communication Networks (SecureComm 2014), Bejing, China, September 2014

    RopSteg: Program Steganography with Return Oriented Programming
    Kangjie Lu, Siyang Xiong and Debin Gao
    In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY 2014), San Antonio, TX, USA, Mar 2014

    Keystroke Biometrics: the user perspective
    Chee Meng Tey, Payas Gupta, Karthik Muralidharan and Debin Gao
    In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY 2014), San Antonio, TX, USA, Mar 2014

    Defending against heap overflow by using randomization in nested virtual clusters
    Chee Meng Tey and Debin Gao
    In Proceedings of the 15th International Conference on Information and Communications Security (ICICS 2013), Beijing, China, November 2013

    Launching generic attacks on iOS with approved third-party applications
    Jin Han, Mon Kywe Su, Qiang Yan, Feng Bao, Huijie Robert Deng, Debin Gao, Yingjiu Li, and Jianying Zhou
    In Proceedings of the 11th International Conference on Applied Cryptography and Network Security (ACNS2013), Banff, Alberta, Canada, June 2013

    Keystroke Timing Analysis of on-the-fly Web Apps
    Chee Meng Tey, Payas Gupta, Debin Gao and Yan Zhang
    In Proceedings of the 11th International Conference on Applied Cryptography and Network Security (ACNS 2013), Banff, Alberta, Canada, June 2013

    Mitigating Access-Driven Timing Channels in Clouds using StopWatch
    Peng Li, Debin Gao and Michael K. Reiter
    In Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2013), Budapest, Hungary, June 2013

    Your Love is Public Now: Questioning the use of Personal Information in Authentication
    Payas Gupta, Swapna Gottipati, Jing Jiang and Debin Gao
    In Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China, May 2013

    Comparing Mobile Privacy Protection through Cross-Platform Applications
    Jin Han, Qiang Yan, Debin Gao, Jianying Zhou and Robert Deng
    In Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS 2013), San Diego, CA, USA, February 2013

    I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics
    Chee Meng Tey, Payas Gupta and Debin Gao
    In Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS 2013), San Diego, CA, USA, February 2013, best paper award

    iBinHunt: Binary Hunting with Inter-Procedural Control Flow
    Jiang Ming, Meng Pan and Debin Gao
    In Proceedings of the 15th Annual International Conference on Information Security and Cryptology (ICISC 2012), Seoul, Korea, December 2012

    OTO: Online Trust Oracle for User-Centric Trust Establishment
    Tiffany Hyun-Jin Kim, Payas Gupta, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig and Debin Gao
    In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, NC, USA, October 2012

    Learning Fine-Grained Structured Input for Memory Corruption Detection
    Lei Zhao, Debin Gao and Lina Wang
    In Proceedings of the 15th Information Security Conference (ISC 2012), Passau, Germany, September 2012

    Active Malware Analysis using Stochastic Games
    Simon Williamson, Pradeep Varakantham, Debin Gao and Chen Hui Ong
    In Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2012), Valencia, Spain, June 2012

    Coercion Resistance in Authentication Responsibility Shifting
    Payas Gupta, Xuhua Ding and Debin Gao
    In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012), Seoul, Korea, May 2012

    Human: Creating Memorable Fingerprints of Mobile Users
    Payas Gupta, Tan Kiat Wee, Narayan Ramasubbu, David Lo, Debin Gao, and Krishna Balan
    In Proceedings of the 10th IEEE International Conference on Pervasive Computing and Communications (PerCom 2012), Lugano, Switzerland, March 2012

    deRop: Removing Return-Oriented Programming from Malware
    Kangjie Lu, Dabi Zou and Debin Gao
    In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, Florida, USA, December 2011

    Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
    Limin Liu, Jin Han, Debin Gao, Jiwu Jing, and Daren Zha
    In Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), Changsha, China, November 2011

    Towards Ground Truthing Observations in Gray-Box Anomaly Detection
    Jiang Ming, Haibin Zhang and Debin Gao
    In Proceedings of the 5th International Conference on Network and System Security (NSS 2011), Milan, Italy, September 2011

    On Detection of Erratic Arguments
    Jin Han, Qiang Yan, Robert H. Deng and Debin Gao
    In Proceedings of the 7th International Conference on Security and Privacy in Communication Networks (SecureComm 2011), London, United Kingdom, September 2011

    Linear Obfuscation to Combat Symbolic Execution
    Zhi Wang, Jiang Ming, Chunfu Jia and Debin Gao
    In Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium, September 2011

    Packed, Printable, and Polymorphic Return-Oriented Programming
    Kangjie Lu, Dabi Zou, Weiping Wen and Debin Gao
    In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, USA, September 2011

    Revisiting Address Space Randomization
    Zhi Wang, Renquan Cheng and Debin Gao
    In Proceedings of the 13th Annual International Conference on Information Security and Cryptology (ICISC 2010), Seoul, Korea, December 2010

    A Multi-User Steganographic File System on Untrusted Shared Storage
    Jin Han, Meng Pan, Debin Gao and HweeHwa Pang
    In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC 2010), Austin, Texas, USA, December 2010

    On Challenges in Evaluating Malware Clustering
    Peng Li, Limin Liu, Debin Gao and Michael K. Reiter
    In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010), Ottawa, Ontario, Canada, September 2010

    Fighting Coercion Attacks in Key Generation using Skin Conductance
    Payas Gupta and Debin Gao
    In Proceedings of the 19th USENIX Security Symposium (USENIX Security 2010), Washington, DC, USA, August 2010

    Denial-of-Service Attacks on Host-Based Generic Unpackers
    Limin Liu, Jiang Ming, Zhi Wang, Debin Gao and Chunfu Jia
    In Proceedings of the 11th International Conference on Information and Communications Security (ICICS 2009), Beijing, China, December 2009

    Automatically Adapting a Trained Anomaly Detector to Software Patches
    Peng Li, Debin Gao and Michael K. Reiter
    In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID 2009), Saint-Malo, Brittany, France, September 2009

    On the Effectiveness of Software Diversity: A Systematic Study on Real-World Vulnerabilities
    Jin Han, Debin Gao and Robert H. Deng
    In Proceedings of the 6th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2009), Milan, Italy, July 2009

    Beyond Output Voting: Detecting Compromised Replicas using HMM-based Behavioral Distance
    Debin Gao, Michael K. Reiter and Dawn Song
    In IEEE Transactions on Dependable and Secure Computing (TDSC), April 2009

    Bridging the Gap between Data-flow and Control-flow Analysis for Anomaly Detection
    Peng Li, Hyundo Park, Debin Gao and Jianming Fu
    In Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, California, USA, December 2008

    BinHunt: Automatically Finding Semantic Differences in Binary Programs
    Debin Gao, Michael K. Reiter and Dawn Song
    In Proceedings of the 10th International Conference on Information and Communications Security (ICICS 2008), pages 238-255, Birmingham, UK, October 2008

    Distinguishing between FE and DDoS using Randomness Check
    Hyundo Park, Peng Li, Debin Gao, Heejo Lee and Robert H. Deng
    In Proceedings of the 11th Information Security Conference (ISC 2008), Taipei, September 2008

    Behavioral Distance Measurement Using Hidden Markov Models
    Debin Gao, Michael K. Reiter and Dawn Song
    In Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006), Hamburg, Germany, September 2006

    Behavioral Distance for Intrusion Detection
    Debin Gao, Michael K. Reiter and Dawn Song
    In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), Seattle, WA, USA, September 2005

    Gray-Box Extraction of Execution Graphs for Anomaly Detection
    Debin Gao, Michael K. Reiter and Dawn Song
    In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004), pages 318-329, Washington, DC, USA, October 2004

    On Gray-Box Program Tracking for Anomaly Detection
    Debin Gao, Michael K. Reiter and Dawn Song
    In Proceedings of the 13th USENIX Security Symposium (USENIX Security 2004), pages 103-118, San Diego, CA, USA, August 2004