Yuting Zhang
Prof. Yuting Zhang regularly enhances cybersecurity curriculum to maintain cutting edge
We’re pleased to announce that Dr. Yuting Zhang has been named Director of Cybersecurity programs. Read more about this exciting appointment.
Yuting Zhang
Assistant Professor, Computer Science Director, Cybersecurity
PhD, Boston University; MS, BS, University of Science and Technology Beijing
What is your area of expertise?
As the faculty coordinator of our security program, I am interested in various areas of cybersecurity, particular mobile security and security education. In the past, I mainly focused on resource management in soft real-time systems, virtual machine systems, and internet end-systems, though my interests encompass all areas of computer systems.
Please tell us about your work. Can you share any current research or recent publications?
Cybersecurity talents are a critical need, according to ISACA’s State of Cybersecurity 2021. I am dedicated to helping our security program produce more qualified graduates ready for the cybersecurity profession. My recent work focuses on developing and enhancing the cybersecurity curriculum and pedagogy to support both on-campus and online students. We would like to develop an online learning platform, not only to provide students with a rich collection of information, knowledge and resources in the cybersecurity field, but also to create an active hands-on and project-based learning environment. A key component in this online learning platform is the cybersecurity virtual lab environment, including the virtual lab infrastructure as well as related exercises, tutorials and assessments.
Mobile security and computing, particular on the Android platform, is another focus area of mine. I have mainly worked on two projects in recent years. The first is iSolationAlert, an effort that leverages data collected from smartphones to identify social isolation as a component of mental illness. The challenge posed by limited access to mental health services has led to increased mobile phone-based technologies, which can help improve the precision and ecological validity of assessment and treatment. But most of these technologies require patients to interact with a device or rely on some level of retrospective recall, and as such are subject to reporting bias. Our project utilizes smartphone sensing technology to support the continuous, unobtrusive recording of social behavior in order to identify and intervene. We developed iSolationAlert to serve as a social activity application that could help identify the social isolation of users based on information collected from their mobile phones. We also developed a speaker recognition algorithm which serves to automatically identify if the user is involved in a conversation—while respecting the user’s privacy by not storing any data from the conversation itself.
The second project is rooted in Android application security analysis and malware detection. For that, we proposed and developed a security analysis framework that documents a wide range of vulnerability metrics to then provide a unified and quantifiable method to evaluate the security threats in Android applications. We built and integrated a number of tools into this framework to automatically extract and analyze the security threats to Android apps from different sources. We are currently developing a web-based analysis tool to facilitate easier use of the functionality and help share our results. This tool allows the user to upload a single application and obtain its analysis. The user can also search applications from our database based on the keyword.
How does the subject you work in apply in practice? What is its application?
All my projects are designed to be very practical. Our objective is not simply to solve problems in theory or in lab settings, but to develop tools that can be of use in the real world.
What course(s) do you teach at MET?
I teach a variety of courses at MET. In the cybersecurity area, I developed and teach Mobile Forensics and Security (MET CS 694) and Secure Software Development (MET CS 763). Both courses are rooted in relatively new and developing areas of the security field. I also taught Network Security (MET CS 690) in the past. I plan to develop a new course on penetration testing and ethical hacks in the near future. In the software area, I teach Software Engineering (MET CS 673) and Mobile Application Development with Android (MET CS 683). Operating Systems (MET CS 575) is a core courses in the Master of Science in Computer Science program that I taught for a number of years.
Please highlight a particular project within these courses that most interests your students. If you previously worked in industry, what “real-life” exercises do you bring to class?
While my experience is mainly in academics, I also had some industry experience in various companies such as VMware, Intel, Linx, and Wisdom Ltd. I believe that hands-on experiences and real-life projects are crucial for computer science students.
All my courses have lab or project components, or both. Both Software Engineering and Mobile Application Development with Android feature semester-long software development projects. Past students have developed a lot of cool and useful applications—mainly web or mobile applications. Some projects have even been put into daily usage in the real world.
In the security courses, we also have real-life exercises, such as extracting and analyzing mobile phone data in Mobile Forensics and Security, or performing a buffer overflow attack in Software Engineering, among many others.