DR. XINWEN ZHANG
DR. XINWEN ZHANG
Innovation Center Office: 408-***-****
Huawei R&D Fax: 270-***-****
**** ******* abo2y1@r.postjobfree.com
Santa Clara, CA 95050 http:/profsandhu.com/zhang
RESEARCH INTERESTS
RESEARCH INTERESTS
System security policies, models, architectures, and mechanisms
Security in cloud computing, virtualization, and web services
Secure mobile platforms, services, and applications
Trusted computing and high assurance systems and networks
EDUCATION
EDUCATION
Ph.D. George Mason University (GMU), Fairfax, Virginia, USA, 08/2006
Thesis: Formal Model and Safety Analysis of Usage Control Model
Advisor: Prof. Ravi Sandhu and Prof. Francesco Parisi-Presicce, GMU
M. Eng. Nanyang Technological University (NTU), Singapore, 09/2000
M. Eng. Huazhong University of Science & Technology (HUST), Wuhan, China, 07/1998
B. Eng. Huazhong University of Science & Technology (HUST), Wuhan, China, 07/1995
WORK EXPERIENCE
WORK EXPERIENCE
Staff ResearcherHuawei Research Center, Santa Clara, CA, 10/2010 -- current
Staff EngineerSamsung Information System America, San Jose, CA, 09/2006 -- 10/2010
Development EngineerCE-Infosys Pte. Ltd., Singapore, 05/2000 -- 09/2000
Software EngineerYulong Communication Ltd., Shenzhen, China, 03/1998 -- 06/1998
HONORS & AWARDS
HONORS & AWARDS
Best Paper Award Mobilware 2010
Best Paper Award Samsung Tech. Conference, 2009
Tech. Recognition Award Samsung Information System America, 2008
Inventor of the Year Samsung Information System America, 2008RESEARCH PROJECTS
RESEARCH PROJECTS
Security in Cloud Storage and Content-oriented Network Architecture (2010--)
Role: Security architect and leading developer
Define security requirements for outsourcing data from enterprise IT to public cloud.
Novel solutions
for secure data storage and processing in public clouds; delegated encryption and access
control for
secure data processing; proxy-based data encryption for secure content distribution and
flexible data
Page 1 of 11
sharing between cloud customers. Trust management for content oriented network and
encryption-
based access control for privacy protection.
Building Elastic Devices with Cloud Computing (2009-2010
)
Role:
System Architect and Key Development Member
Lead the design and development of middleware for smartphones to efficiently and
seamlessly leverage
elastic cloud computing resources. Lead security architecture design of elastic
application and cloud-
side infrastructure. Develop mobile applications on Android. Develop cloud platform and
web
applications with Amazon EC2.
Authorization Mechanisms for Distributed Web Applications (2009-2011)
Role: Leading researcher and system architect
Lead the design of authentication and authorization solutions for distributed web
applications between
client (mobile devices) and cloud platforms. Propose delegated authorization (DAuth)
extended from
OAuth for distributed web consumers with principle of least privilege. Propose flexible
and user-
centric authorization model (MAuth) for multi-mashup web applications. Lead the design
and
development of cross-domain access control and delegation framework (xDAuth) for web
services.
Integrity Protection for Open Mobile Platforms (2007 2009)
Role: Security architect and leading developer
Develop an integrity model based on open mobile operating system architecture and
application
behaviors, to confine the activities of untrusted codes from browser, Bluetooth, MMS, and
MMC.
Efficiently identify boundary between trusted and untrusted domains on mobile platforms
to simplify
security policy specification but still achieve high integrity assurance. Demonstrate
effectiveness on
malware prevention. The solution has been shipped with a commercially deployed Linux-
based
smartphone.
Building Trusted Open Mobile Platforms
(
2006 - 2008)
Role: Security architect and leading developer
Design and deploy security model and reference monitor for next generation open mobile
platform
towards TCG Mobile Phone Reference Architecture. Extend traditional access control model
with
emerging trusted computing technology to build mandatory access control (MAC) mechanisms
for
Linux-based mobile devices. Build high assurance environment for mobile network provider
and
service providers. Design and develop security architecture and enforcement module for
Linux Mobile
(LiMo) platforms.
Deploying Secure Distributed Systems using Trusted Computing Technology: Models,
Architectures and Protocols Sponsored by Intel Corporation
Role:
Student Principal Investigator
Participate as a student principal investigator of the cooperative project with Intel.
Develop security
model and trusted enforcement architecture for controlled information sharing and secure
collaborations in distributed computing systems such as P2P, Grid, and Web Services.
Investigate
extending hardware-based root of trust to application level for security enforcement with
mandatory
access control and usage control models.
Page 2 of 11
Formal Model, Expressive Power, Safety Analysis, and Applications of Access Control
Models
Sponsored by NSF
Role:
Research Assistant
Define formal model and policy specification of usage control (UCON). Study the
expressive power
and safety properties of the authorization and obligation models in UCON. Investigate
enforcement
architecture and mechanisms of UCON in collaborative computing systems such as Grids and
Web
Services. Develop flexible administrative role-based access control (RBAC) model under
organization
and enterprise environments. Develop permission-based delegation models for RBAC. Develop
architecture and mechanisms for RBAC in distributed computing systems.
TEACHING EXPERIECNCE
TEACHING EXPERIECNCE
Instructor ISA767 Secure E-Commerce (http://www.list.gmu.edu/zhang/isa767), Fall 2005
Department of Information and Software Engineering, George Mason University
Teach Assistant INFS766 Internet Security Protocols, INFS762 Information System Security
ISA767 Secure Electronic Commerce, Fall 2001Spring 2004Department of Information and Software Engineering, George Mason University
PUBLICATIONS
PUBLICATIONS
SELECTIVE PATENTS
SELECTIVE PATENTS
[1] Xinwen Zhang and Jean-Pierre Seifert. Method and System for Enforcing Trusted
Computing Policies in
a Hypervisor Security Architecture. US Patent (pending).
[2] Xinwen Zhang, Onur Aciicmez, and Jean-Pierre Seifert. Securing Stored Content for
Trusted Hosts and
Safe Computing Environments. US Patent (pending).
[3] Xinwen Zhang, Jean-Pierre Seifert, Wookee Min, and Onur Aciicmez. Trusted Multi-
stakeholder
Environment. US Patent (pending).
[4] Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, and Qingwei Ma. Securing CPU
Affinity in
Multiprocessor Architectures. US Patent (pending).
[5] Onur Aciicmez, Xinwen Zhang, and Jean-Pierre Seifert. Methods for Building Enhanced
Protocol
Scripting Language for Safe Execution in Embedded Systems. US Patent (pending).
[6] Liang Xie, Xinwen Zhang, Jean-Pierre Seifert, and Onur Aciicmez. Detecting
Unauthorized Use of
Computing Devices Based on Behavioral Patterns. US Patent (pending).
[7] Xinwen Zhang, Liang Xie, Jean-Pierre Seifert, and Onur Aciicmez. Trusted Device
Management for
Mobile Platforms. US Patent (pending).
[8] Xinwen Zhang, Jean-Pierre Seifert, and Onur Aciicmez. Consistent security Enforcement
for safer
computing systems. US Patent (pending).
[9] Xinwen Zhang, Jean-Pierre Seifert, and Onur Aciicmez. Secure Inter-process
Communication for Safer
Computing Environments and Systems. US Patent (pending).
[10] Onur Aciicmez, Jean-Pierre Seifert, and Xinwen Zhang. Integrating Hashing and
Decompression of
Compressed Data for Safe Computing Environments and Systems. US Patent (pending).
[11] Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, and Afshin Latifi. Active Access
Monitoring for
Safer Computing Environments and Systems. US Patent (pending).
ACADEMIC ACTIVITIES
ACADEMIC ACTIVITIES
PC Chair ACM STC 2011
Page 10 of 11
Panel MobiCloud 2010
Technical PC Member ICNC 2012, MSIS 2011, TRUST 2011, IFIP DBSec 2011
ACM WiSec 2011, ACM CODASPY 2011, CollaborateCom 2010
ICCIIS 2010, ChinaCom 2009, 2010, TRUST 2008
ACM SACMAT, 2008, 2009, 2010
ACM STC 2007, 2008, 2009, 2010