I am broadly interested in research that addresses pressing-need cybersecurity challenges. I am especially interested in research problems that arise from practical domains, with a focus on both experimental/empirical study and sound theoretical footings. I have studied various forms of logical techniques in security analysis of complex systems, which led to the MulVAL network security analyzer, and the SnIPS intrusion analysis tool. More recently I have been studying the problem of incident response/forensics analysis to understand how this process can benefit from systematic modeling and automation, grounded on sound theories of reasoning under uncertainty. In this effort we are adopting an inter-disciplinary approach, where we work with our anthropology colleague to conduct ethnographic fieldwork at real security operation centers. This provides a means for researchers to access the "tacit knowledge" of security analytics, which is critical to formulating the right models and algorithms. I am also interested in cloud computing and am investigating a new cloud service architecture that offers both security and manageability benefit, using the idea of moving-target defense. Another area of my current research is security of mobile computing systems such as Android, and how to combine static analysis and policy enforcement to achieve desired security properties. I am also working on cyber-physical system (CPS) security with a focus on designing a framework for ensuring security/safety properties of different types of CPSes through a unified secure real-time operating system (RTOS) platform. Papers about my research can be found at my publications page. More information about my research will be added to this page. Meanwhile you are welcome to visit the website of my research group Argus. I am always looking for capable, dedicated, and hard-working students who want to solve real-world cybersecurity problems.