Yinqian (Ian) Zhang
Active Projects
Platform-as-a-Service Cloud Security
My recent research focus migrates slightly to the security problems in Platform-as-a-Service (PaaS) cloud. One of such endeavors is to bulid a framework for PaaS security policy enforcement across multiple layers in the software stack.
Past Projects
HomeAlone: Cloud Co-Residency Detection
Physical co-residency with other tenants poses a potential risk to enterprises' adoption of Infrastructure-as-a-Service cloud, because shared hardware may enable attackers to exfiltrate sensitive information across virtual machines. Although cloud providers may promise physically isolated resources to select tenants (e.g. dedicate instances of Amazon Virtual Private Cloud), tenants still need to be able to verify physical isolation of their VMs. HomeAlone is a system that allows a tenant to remotely verify its exclusive use of a physical machine via side channel analysis. In particular, by analyzing cache usage during periods in which "friendly" VMs coordinate to avoid portions of the cache, a tenant using HomeAlone can detect the activity of a co-resident "foe" VM. Our implementation on Xen-PVM requires no modification of existing hypervisors and no special action or cooperation by a cloud provider.
Media coverage: Technology Review computing, business, magazine.
Password Security
My first research project in UNC involved an evaluation of the (in)effectiveness of modern password expiration regimen. We conducted a large-scale study on over 7700 UNC ONYEN accounts and evaluated the amount of obstacles that replacing expired passwords with new ones may pose to the attackers. Our study is grounded in a novel search framework starting from an old password and an algorithm for devising an approximately optimal search strategy for the new passwords. Using this framework, we confirm previous conjectures that the effectiveness of expiration in meeting its intended goal is weak. We believe our study calls into question the continued use of password expiration and, in the longer term, provides one more piece of evidence to facilitate a move away from passwords altogether.
Enterprise Network Security Assessment
Assessing and defending large-scale enterprise networks is challenging. One difficulty is to understand how multiple vulnerabilities in the entire network can be coodinated to perform a sophisitcated multi-step attack. For this purpose, attack graph has been studied for assessing enterprise network risks. All potential attack paths can be visually displayed using attack graphs. In the thesis work of my master's degree, I propose a new, although conceptually similar approach, attack grammars, to complement or replace attack graphs, in order to address some existing issues of attack graphs, such as algorithmic complexity, scalability, and representation difficulty.
DNS Server Monitoring
I designed and developed a suite of production quality DNS server monitoring tools in my spare time with two of my friends. It was capable of pre-processing and recording every queries to the DNS servers. The systems, which were eventually used by a few regional ISPs in China, could handle hundreds of thousands of queries per second and detect abnormal DNS requests in real time.
SolarSword
I founded an open source project, called SolarSword, in 2007 with two of my friends. It was one of the poineer Opensolaris distributions, and the first liveDVD/USB Opensolaris distribution used as for penetration testing. We won the second prize (ironically, with first prize empty) in the Sun Microsystems National OpenSolaris Programming Competition in China and invited to present the demo at Sun Tech Day. Of course, that was a few years before Sun Microsystems' acquisition by Oracle. Due to time constraint and lack of interest, I no longer maintain or distribute it any more.