Resume

Access Control Security

Location:

Santa Clara, CA

Posted:

October 18, 2012

Contact this candidate

Resume:

DR. XINWEN ZHANG

Innovation Center Office: 408-***-****

Huawei R&D Fax: 270-***-****

**** ******* abo2y1@r.postjobfree.com

Santa Clara, CA 95050 http:/profsandhu.com/zhang

RESEARCH INTERESTS

System security policies, models, architectures, and mechanisms

Security in cloud computing, virtualization, and web services

Secure mobile platforms, services, and applications

Trusted computing and high assurance systems and networks

EDUCATION

Ph.D. George Mason University (GMU), Fairfax, Virginia, USA, 08/2006

Thesis: Formal Model and Safety Analysis of Usage Control Model

Advisor: Prof. Ravi Sandhu and Prof. Francesco Parisi-Presicce, GMU

M. Eng. Nanyang Technological University (NTU), Singapore, 09/2000

M. Eng. Huazhong University of Science & Technology (HUST), Wuhan, China, 07/1998

B. Eng. Huazhong University of Science & Technology (HUST), Wuhan, China, 07/1995

WORK EXPERIENCE

Staff ResearcherHuawei Research Center, Santa Clara, CA, 10/2010 -- current

Staff EngineerSamsung Information System America, San Jose, CA, 09/2006 -- 10/2010

Development EngineerCE-Infosys Pte. Ltd., Singapore, 05/2000 -- 09/2000

Software EngineerYulong Communication Ltd., Shenzhen, China, 03/1998 -- 06/1998

HONORS & AWARDS

Best Paper Award Mobilware 2010

Best Paper Award Samsung Tech. Conference, 2009

Tech. Recognition Award Samsung Information System America, 2008

Inventor of the Year Samsung Information System America, 2008RESEARCH PROJECTS

RESEARCH PROJECTS

Security in Cloud Storage and Content-oriented Network Architecture (2010--)

Role: Security architect and leading developer

Define security requirements for outsourcing data from enterprise IT to public cloud.

Novel solutions

for secure data storage and processing in public clouds; delegated encryption and access

control for

secure data processing; proxy-based data encryption for secure content distribution and

flexible data

Page 1 of 11

sharing between cloud customers. Trust management for content oriented network and

encryption-

based access control for privacy protection.

Building Elastic Devices with Cloud Computing (2009-2010

)

Role:

System Architect and Key Development Member

Lead the design and development of middleware for smartphones to efficiently and

seamlessly leverage

elastic cloud computing resources. Lead security architecture design of elastic

application and cloud-

side infrastructure. Develop mobile applications on Android. Develop cloud platform and

web

applications with Amazon EC2.

Authorization Mechanisms for Distributed Web Applications (2009-2011)

Role: Leading researcher and system architect

Lead the design of authentication and authorization solutions for distributed web

applications between

client (mobile devices) and cloud platforms. Propose delegated authorization (DAuth)

extended from

OAuth for distributed web consumers with principle of least privilege. Propose flexible

and user-

centric authorization model (MAuth) for multi-mashup web applications. Lead the design

and

development of cross-domain access control and delegation framework (xDAuth) for web

services.

Integrity Protection for Open Mobile Platforms (2007 2009)

Role: Security architect and leading developer

Develop an integrity model based on open mobile operating system architecture and

application

behaviors, to confine the activities of untrusted codes from browser, Bluetooth, MMS, and

MMC.

Efficiently identify boundary between trusted and untrusted domains on mobile platforms

to simplify

security policy specification but still achieve high integrity assurance. Demonstrate

effectiveness on

malware prevention. The solution has been shipped with a commercially deployed Linux-

based

smartphone.

Building Trusted Open Mobile Platforms

(

2006 - 2008)

Role: Security architect and leading developer

Design and deploy security model and reference monitor for next generation open mobile

platform

towards TCG Mobile Phone Reference Architecture. Extend traditional access control model

with

emerging trusted computing technology to build mandatory access control (MAC) mechanisms

for

Linux-based mobile devices. Build high assurance environment for mobile network provider

and

service providers. Design and develop security architecture and enforcement module for

Linux Mobile

(LiMo) platforms.

Deploying Secure Distributed Systems using Trusted Computing Technology: Models,

Architectures and Protocols Sponsored by Intel Corporation

Role:

Student Principal Investigator

Participate as a student principal investigator of the cooperative project with Intel.

Develop security

model and trusted enforcement architecture for controlled information sharing and secure

collaborations in distributed computing systems such as P2P, Grid, and Web Services.

Investigate

extending hardware-based root of trust to application level for security enforcement with

mandatory

access control and usage control models.

Page 2 of 11

Formal Model, Expressive Power, Safety Analysis, and Applications of Access Control

Models