CITP Luncheon Speaker Series:
Wenke Lee – Security Overlay:
Data Protection via User-Intent Monitoring

CITP Luncheon Series

Date: Tuesday, October 20, 2015
Location: 306 Sherrerd Hall
Streaming Live: https://www.youtube.com/user/citpprinceton

Food and discussion begin at 12:30 pm. Open to current Princeton faculty, staff, and students. Open to members of the public by invitation only. Please contact Laura Cummings-Abdo at lcumming@princeton.edu if you are interested in attending a particular lunch.

We are increasingly depending on cloud-based services in our daily activities, and inevitably a lot of our sensitive and valuable data is transported through or stored in the cloud. There have been many incidents where the security of user data was compromised because of malicious or vulnerable client-side applications and cloud servers.

Our research aims to develop a data protection approach that can be widely adopted by the average end-users, and a key challenge we need to overcome is user acceptance. In particular, we need to provide transparent user experience, that is, our data protection approach should not alter the functionality, workflow, and the look-and-feel of an application. Further, we need to provide intuitive, user-intended protection, that is, the default security policy should match a user’s understanding of the expected (good) behaviors of an application.

The centerpiece of our approach is a new systems mechanism called the security overlay, which can intercept user input and application output and display relevant data on an overlay window right on top of the application’s UI. The overlay window is isolated from the application and its security is dependent on the trusted computing base, or TCB, such as a virtual machine monitor or the OS kernel.

We have developed a prototype of security overlay and applied it to several application scenarios. For example, the security overlay of a web-based email client can ensure that user sees and agrees that the text on the overlay display is really his message, and that the outgoing email payload matches that text. We call this the “what you see is what you send (WYSIWYS)” policy. As another example, the security overlay for WhatsApp can display plaintext input on the overlay window for the user but only send the encrypted input to WhatsApp (and its remote server). In other words, this provides end-to-end message encryption.


Wenke Lee is the co-director of the Institute for Information Security & Privacy and also a professor of Computer Science in the College of Computing at Georgia Tech. His research expertise includes systems and network security, botnet detection and attribution, malware analysis, virtual machine monitoring, mobile systems security, and detection and mitigation of information manipulation on the Internet. Lee regularly leads large research projects funded by the National Science Foundation, Department of Defense, Department of Homeland Security, and private industry. Significant discoveries from his research group have been transferred to industry, and in 2006, Lee co-founded Damballa, Inc. to focus on detection and mitigation of advanced persistent threats.