What practical impact will your research eventually have?

My research aims to make cyber-physical systems (CPS)—such as autonomous vehicles, power grids, and intelligent transportation systems—more secure, resilient, and privacy-preserving in the face of cyberattacks and communication failures. By developing distributed control frameworks that remain stable under stealthy false data injection and denial-of-service attacks, my work enables these systems to operate safely and reliably even in adversarial environments. Additionally, the privacy-preserving mechanisms I design allow agents to coordinate securely without exposing sensitive internal states, which is crucial for real-world deployment in partially trusted or competitive settings. Ultimately, this research will support the creation of scalable, real-time CPS that can be trusted with safety-critical operations in our increasingly interconnected world.

What do you think is the most pressing need for improving cybersecurity?

The most pressing need in cybersecurity today is bridging the gap between theoretical resilience and real-world deployability. While many secure algorithms exist on paper, they often assume unrealistic attacker models, ignore system dynamics, or require computationally intensive detection. In safety-critical CPS, we need control strategies that are not only robust to evolving threats but also lightweight, real-time, and capable of maintaining performance under partial system compromise. In addition, there’s a growing need for privacy without encryption—methods that can guarantee confidentiality and control fidelity without incurring the latency of cryptographic protocols. Combining system-theoretic resilience, privacy guarantees, and real-time adaptability is the frontier of practical, scalable cybersecurity.

What practical impact will your research eventually have?

JavaScript is widely used in web programming and notably offloads computation to the client side, making it a common attack vector. Malicious developers frequently employ various code obfuscation techniques—such as string manipulation, encoding, and logic structure obfuscation—to evade malware detection or at least hinder analysis. Consequently, detecting malicious JavaScript code snippets before execution have been a key research focus. Deobfuscation is a prominent method for recovering original program logic and determining the intent of obfuscated code. However, existing deobfuscators rely heavily on traditional methods of source code analysis, such as static and dynamic analysis, which face limitations in scalability and capturing the semantic complexities of JavaScript. Emergent reasoning capabilities-particularly the logical reasoning of large language models (LLMs)-demonstrate significant potential in understanding code semantics. Our work proposes a hybrid approach, combining classical source code analysis tools with LLMs to deobfuscate JavaScript. We aim to replace heuristic-based rules in existing deobfuscators - which typically require substantial manual intervention - with LLMs that leverage advanced reasoning capabilities to autonomously infer code semantics.  Our solution will enable faster, more accurate detection of malicious JavaScript — reducing manual effort in reverse-engineering obfuscated attacks, proactively identifying vulnerable dependencies in software supply chains (e.g., npm), and providing a scalable framework to adapt to evolving obfuscation tactics, ultimately hardening web applications against zero-day exploits.

What do you think is the most pressing need for improving cybersecurity?

In term of securing JavaScript code, the most critical need is scalable, AI-augmented defenses that autonomously decode advanced obfuscation by understanding code semantics. This requires moving beyond heuristic-based tools toward systems that harness large language models (LLMs) for real-time threat detection, particularly to protect open-source ecosystems where conventional methods fail against sophisticated supply chain attacks.

What practical impact will your research eventually have?

My research focuses on computer vision security, where I apply deep learning techniques to image data and investigate how to make these systems more robust and trustworthy. As AI systems are increasingly deployed in high-stakes domains like autonomous driving, facial recognition, and election technologies, ensuring their security is critical. Specifically, I'm currently working on a project with the UConn Voter Center, identifying vulnerabilities in machine learning systems used in voting systems. The ultimate goal of this work is to understand how these systems can fail — and to develop strategies that make them more secure, transparent, and resilient to attacks. In the long term, this research will help inform the design of safe, trustworthy AI in democratic infrastructure.

What do you think is the most pressing need for improving cybersecurity?

In today’s fast-moving AI landscape, one of the most pressing needs is ensuring that machine learning systems — especially those used in sensitive and critical applications — are not just performant, but also secure, interpretable, and robust to adversarial manipulation. As my work in election security highlights, it's not enough for AI to be accurate under ideal conditions — we need it to behave reliably under stress, be resistant to attacks, and remain transparent to stakeholders. Building this kind of resilience into AI systems is key to earning public trust and preventing serious real-world failures and is a core focus of my research.

What practical impact will your research eventually have?

The practical impact of my research on satellite-based Quantum Key Distribution (QKD) will be significant for enhancing secure communication networks, especially over long distances. By developing a robust satellite scheduling algorithm, my research aims to optimize the use of satellite resources for efficient and fair key distribution among ground stations. This will ensure that sensitive information can be transmitted securely between distant locations without favoring any single user or region.
In practical terms, this research will strengthen data security across critical sectors, including government, defense, finance, and healthcare, by enabling reliable, quantum-secured communication infrastructure. Additionally, the fairness-focused scheduling model I’m developing will support widespread adoption of QKD by reducing latency, minimizing resource conflicts, and ensuring equitable access to secure communication channels worldwide. Ultimately, the outcomes of this research could help lay the groundwork for an international quantum-secured network, providing a higher standard of privacy and resilience against cyber threats.

What do you think is the most pressing need for improving cybersecurity?

The most pressing need for improving cybersecurity, specifically addressed by my research, is developing an efficient and fair satellite scheduling algorithm for Quantum Key Distribution (QKD) systems. As quantum technology advances, secure, long-distance key distribution will be critical to protecting sensitive communications, especially over vast geographic distances where direct fiber connections are impractical.
My research tackles a core challenge: ensuring that satellite resources are used effectively and equitably, allowing ground stations to receive their cryptographic keys promptly without any one location monopolizing resources. By designing a scheduling system that maximizes resource utilization and minimizes wait times, we can create a more reliable and scalable QKD network. This will be foundational for establishing secure, quantum-safe communication channels on a global scale, which is essential for critical sectors such as finance, defense, and healthcare, ultimately raising the standard for cybersecurity in the quantum era.

My research (CTng) aims to create a practical and secure Public Key Infrastructure (PKI) that builds on the current Certificate Transparency (CT) ecosystem. By extending CT with a decentralized trust model and adding Byzantine fault tolerance, my work ensures that the system stays secure and reliable even if some parts fail or act maliciously. This approach addresses a key need in cybersecurity: reducing reliance on centralized trust, which can lead to single points of failure and increased vulnerability. By spreading trust across multiple entities, my research improves the security and resilience of PKI, helping create a safer digital environment.

What practical impact will your research eventually have?

Our project aims to secure user’s location data in cellular network performance measurements by using Local Differential Privacy (LDP). LDP perturbs location data on the device before transmission, so real locations remain private, even if the server is compromised.  Additionally, machine learning techniques are employed to accurately estimate network performance from the perturbed data. By balancing privacy and measurement accuracy, network providers can gather the metrics they need to improve network quality without exposing user information, making cellular network measurements safer for users.

What do you think is the most pressing need for improving cybersecurity?

One pressing need in cybersecurity is to develop privacy-preserving data analysis frameworks. Many applications need high-quality data for accurate analytics but face constraints around user privacy, which makes LDP particularly promising. Integrating machine learning methods that work effectively within the LDP framework is essential to ensure that data remains useful while protecting user privacy.

What practical impact will your research eventually have?

Our research on characterizing the security region of the GHOST protocol could have a significant impact on blockchain security, particularly in protocols like Ethereum that utilize GHOST. By establishing precise security boundaries under different tiebreaking rules, our work may guide protocol developers on whether and how GHOST can be safely deployed in environments with variable network conditions or adversarial presence. Insights from our study could contribute to making blockchains more resilient to attacks and encourage the adoption of tiebreaking mechanisms that enhance protocol security.

What do you think is the most pressing need for improving cybersecurity?

In blockchain, one pressing need is the development of consensus protocols that are both secure under a variety of adversarial conditions and adaptable to real-world network delays. As decentralized systems become more mainstream, the capability to maintain security without requiring perfect synchronization among nodes is critical. More generally, addressing security in distributed systems requires tools to handle adversarial behaviors, especially in network delays and block production, to ensure robust, secure operation even in the presence of potential protocol vulnerabilities.

What practical impact will your research eventually have?

Private Information Retrieval (PIR) enables users to access specific data from a server without disclosing what data they access. In healthcare, PIR lets doctors query sensitive medical records without revealing the precise information accessed. In advertising, companies can deliver targeted ads without knowing which user-specific data points drive the recommendations. My research aims to make PIR scalable for real-world applications, where large data volumes are common, while ensuring efficiency comparable to non-private systems.

What do you think is the most pressing need for improving cybersecurity?

In terms of Private Information Retrieval (PIR), there remains a significant gap between its potential and scalability. Most protocols are not yet efficient enough to compare with non-private real-world systems. I believe our primary goal should be to make secure systems as efficient as possible through ongoing research to ensure a seamless user experience. This would make secure systems—whether they provide secure computation or private information retrieval—the preferred choice for most daily tasks in the future.