|Rui Zhao won the December 2016 Rath Award for the PhD thesis with the greatest potential for societal impact.|
Computer science PhD student Rui Zhao was awarded Colorado School of Mines’ December 2016 Dr. Bhakta Rath and Sushama Rath Research Award. Thanks to the generosity of Bhakta Rath, associate director of Material Science and Component Technology at the U.S. Naval Research Laboratory, and his wife, Sushama Rath, the biannual Rath Award recognizes a Colorado School of Mines doctoral graduate whose thesis demonstrates the greatest potential for societal impact.
Zhao first discovered the complex world of cyber security after his parents bought him his first computer when he was in high school. “I used the computer as a gaming machine, but one day while playing a game, I noticed that nothing worked,” he said. “I spent a lot of time figuring out that my computer was infected with a virus and then how to remove it.” This experience, combined with learning programming language to help his mother create various automated reports for her job, directed him toward an interest in computer science and network security.
Advised by computer science professor Chuan Yue, Zhao’s dissertation explores the vulnerabilities and data protection in end-user applications, particularly those on web, cloud and smartphone platforms. “I wanted to first explore the vulnerabilities in those applications and then try to propose new, different techniques to protect our sensitive information,” Zhao explained.
In his dissertation, titled "Vulnerability Exploration and Data Protection in End-User Applications," Zhao addresses the most critical and challenging password security problems by systematically exploring a promising password manager approach, leading to two main contributions: a vulnerability analysis of two popular commercial password managers and another analysis of built-in password managers used by popular browsers as well as a cloud-based design. These analyses prompted at least one top web browser vendor and one third-party vendor to make necessary changes to their password managers.
Zhao also investigated sophisticated phishing attacks and performed a user study to evaluate the effectiveness of such attacks. Zhao said that he has seen these phishing attacks up close. During his studies at another institution, he witnessed the effects of a phishing email sent out from a compromised employee account, which led to individual paychecks being directly deposited into the attacker’s account. “I didn’t want to see that happen again,” Zhao said. “That’s the reason why security is so important.”
Yet digital security concerns do not end there. Many extensions exist for browser users to download and use; however, many of these extensions can accidentally leak private information and compromise the user. “Browser extensions can provide you with more functionality, but they can also access everything you access or even everything you type on a webpage,” Zhao said. “We found that many of those browser extensions collect your information, but they do not protect it, and it leaks out to the network.” To help combat this problem, Zhao designed and implemented a framework called LvDetector that combines program analysis techniques for automatic detection of information vulnerabilities in browser extensions.
These efforts are already starting to provide better security protection for Internet users, yet Zhao did not expect to win the Rath Award. “It was a Monday that my thesis was approved. That evening the dean of graduate studies called me and congratulated me,” Zhao said. “That was quite exciting, because I know only one PhD student can get this award and it’s really competitive. And I know the other candidates also had very strong backgrounds and publications. I was very lucky to receive this award.”
Ashley Spurgeon, Editorial Assistant, Mines Magazine | 303-273-3959 | email@example.com
Deirdre Keating, Communications Manager, College of Engineering & Computational Sciences | 303-384-2358 | firstname.lastname@example.org