Research Activities
The following summarizes my research actitivities I have involved.
Empirical Study on Vulnerabilities
Together with software evolution, vulnerabilities have evolved. In this study, we focus ourselves on the evolution of vulnerabilities versus that of codebase. To achieve this goal, we study a life-long, open-source web browser, Mozilla Firefox, in which we collect data of vulnerabilities, codebase, global market share of this browser from several sources. Our preliminary analysis reveals some phenomena about the source data of vulnerabilities and after-life vulnerabilities that denotes many users still adopt ``dead" versions (out of support period) of software (Firefox) and vulnerabilities applying to these versions are still reported. We report our findings in a publication at MetriSec'10, and another one at ESSoS'11. Now, we are going to expand our study to another software to replicate our experiments done on Firefox. The next candidate could be: Internet Explorer, or RedHat Enterprise Linux, or Apache Tomcat.
Security for Outsourced XML Databases
This research was done as my master thesis. Tthe outsourced database model is an emerging trend beside the "Software-as-a-Service". The philosophy is that instead of maintaining in-house resources (e.g., servers, DB administrator) for database, organizations can ship their database out to third-party service providers. The (service) providers will maintain the physical servers as well as their client databases, and provide a mechanism for querying the hosted data.
Since providers are not fully trusted, they can become inside-attackers who are able to access the data with full privileges. The security model for outsourced database introduces, apart from traditional security requirements, new security challenges to researchers:
- Privacy : including both data privacy and user privacy. Data privacy refers to that users (who query the data) should only know the data they are allowed to. And user privacy means that servers (service providers) should not know what users query and which data they receive.
- Query assurance : servers have to prove that the data in returned results are correctness (original data from the data owner), completeness (returned result includes all data matched to user's query), and freshness (returned result is generated from the up-to-date version of the database.)
This research is done within my master study at University of Technology, Vietnam. My work focus on the later challenge, in which servers have to prove that the data in the returned result is correct (original data from data owner), commplete (including all data matched to user's query), and fresh (generating from the up-to-date version of the database). We proposed a novel solution that copes with all three aspects of query assurance for XML databases by introducing an index structure called \emph{Nested B+ Tree}. Thank to this structure, we can provide query assurance while still guaranteeing query performance. The result has been published in the International Symposium on Frontiers in Availability, Reliability and Security (FARES) (in conjunction with ARES'07), and Journal of Sotware. (See my publications).
Adaptive Workflows
I worked on this topic since I was a research assistant at Faculty of CSE, University of Technology, Vietnam. If you are interested in this topic, please download our publication for more detail.