System Security Lab

Department of Computer Science, Information Technology, and Data Science
College of Arts & Sciences, Roosevelt University



Roosevelt Auditorium
Building (AUD) 344A
430 S. Michigan Ave.
Chicago IL 60605

Email: myu04 at roosevelt dot edu
Office: (312)341-2244

Privacy Protection in Cloud Computing

This project received support from NSF Trustworthy Computing program and NSF I-Corps program, and our current grant.

This project went through stage one, stage two, and the current stage. We also committed to commercialization efforts based on our technology.

The goal of our new architecture design is to

  1. de-privilege the administrator of the cloud;
  2. minimize the TCB of cloud platform; and
  3. reduce the attack surface of cloud platform.

Stage One (Fall 2011 - Spring 2011)


Graduate student team members: Yulong Zhang, Min Li, Wuqiong Pan

Undergraduate student team members: Benjamin Wilder, Betigil Asaye, Brendan Nolan, Machel Roberts.

Our Approach

We add an access control matrix to hypervisor to de-priviledge the administrator and thought about the verification of the cloud platform.


1. Yulong Zhang, Min Li, Benjamin Wilder, Meng Yu, Kun Bai, Peng Liu. Technical Report: NeuCloud: Enabling Privacy-preserving Monitoring in Cloud Computing. VCU CyberSecurity Lab. 2011. [PDF]

2. Senior project design - VM monitoring based on XenAccess. This is supported by NSF REU Supplement grant.



Stage Two (May 2011 - Dec 2012)


Team members: Yulong Zhang, Min Li, Wuqinog Pan

Our Approach

According to the feedbak in stage two, reviewers complained about our TCB size. We focused on reducing the TCB size in this stage.


  1. Wuqiong Pan, Yulong Zhang, Meng Yu, and Jiwu Jing. Improving Virtualization Security by Splitting Hypervisor into Smaller Components. In The 26th Annual WG 11.3 Conference on Data and Applications Security and Privacy (DBSec'12), Institut Mines-Télécom, Paris, France. July 11-13, 2012. [PDF]
  2. Yulong Zhang, Wuqiong Pan, Qingpei Wang, Kun Bai, Meng Yu. Technical Report: HypeBIOS: Enforcing VM Isolation with Minimized and Decomposed Cloud TCB. VCU CyberSecurity Lab. 2012. [PDF]

Stage Three (Jan 2013 - present)


Team members: Min Li, Zili Zha

Our Approach

We finially found that SMM mode is not necessary to achieve our goal. Thus, we do not need to modify the BIOS either, although those are important technology in security.


  1. Min Li, Wanyu Zang, Kun Bai, Meng Yu, Peng Liu. MyCloud -- Supporting User-Configured Privacy Protection in Cloud Computing. In Annual Computer Security Applications Conference. New Orleans, Louisiana USA, December 2013. Acceptance rate: 19%. [PDF]
  2. Min Li, Zili Zha, Wanyu Zang, Meng Yu, Peng Liu, Kun Bai. “Detangling Resource Management Functions from the TCB in Privacy-Preserving Virtualization.” In The 19th European Symposium on Research in Computer Security (ESORICS 2014). September 7-11, 2014, Wroclaw, Poland. Accep- tance rate: 20%. [PDF]
  3. Zili Zha, Min Li, Wanyu Zang, Meng Yu, Songqing Chen. “AppGuard: A Hardware Virtualization Based Approach on Protecting User Applications from Untrusted Commodity Operating System.” In 2015 International Conference on Computing, Networking and Communications (Invited Position Paper). February 16-19, 2015. Anaheim, California, USA. [PDF]


Commercialization Efforts

We formed a team and went through an NSF I-Corps training in the summer of 2013.

NSF I-Corps Team #230

PI : Meng Yu
Enterpreneur Lead: David Jackson
Enterpreneur Mentor: Pete O'Dell

NSF I-Corps Training Videos (updated in 2014)



NSF I-Corps Training Outcome

The team, with team number 230 in the class, received training from the NSF I-Corps program through seven weeks in the summer of 2013. The training included two workshops in San Francisco and UC Berkeley, plus almost ninty customer interviews. The goal of training is to discover whether our technology can meet the customers' need in the real world, and if so, whether we can make profit from it.

Our feedback from the customer interviews are exciting and promising. We learned about customer segments, cloud market, product features, customer preferences, and etc. Those information are tremendously helpful towards our starup company doing secure cloud services.

It is also the first time for the PI and Enterpreneur Lead to take a business class. It is amazing experence! We would highly recommend the training to anyone who has technology to commercialize. Learn from the class and discover how your dream can come true!

Source Codes

We are improving documentation and code structure. The source codes will be available through a open source project, coming soon!


x3650 m3 photo