Assistant Professor, Computer Science Director, Cybersecurity
Dr. Zhang’s research mainly focuses on the resource management in soft real-time systems, virtual machine systems, and Internet end-systems, though her interest spreads to all areas of computer systems and networks. Conducted through both theoretic analysis and empirical evaluation, her research has resulted in publication in more than a dozen conference proceedings and journals. Zhang served as an assistant professor at Merrimack College, Wentworth Institute of Technology, Allegheny College, and University of Science and Technology Beijing. She has taught a variety of courses, including information technology, Java/C++/C programming, operating systems, computer networks, analysis of algorithms, software engineering, programming languages, and a research seminar.
Zhang, Y. “Prediction-based Interrupt Scheduling.” Proc. of the 30th IEEE Real-Time
Systems Symposium. WIP session (Washington, D.C., Dec 2009): 81–84.
Guirguis, M., Bestavros, A., Matta, I., and Zhang, Y. “Reduction of Quality (RoQ) Attacks on
Dynamic Load Balancers: Vulnerability Assessment and Design Tradeoffs.” Proc. of the 26th IEEE INFOCOM. (Anchorage, Alaska, May 2007): 857–865.
Guirguis, M. Bestavros, A., Matta, I., and Zhang, Y. “Adversarial Exploits of End-Systems
Adaptation Dynamics.” Journal of Parallel and Distributed Computing 67 (3), March 2007: 318–335.
West, R., and Zhang, Y. “Comments on Window-Constrained Scheduling.” IEEE Transactions on Computers 56 (5), May 2007: 718–719.
“Multilevel Android Protection Exploit.” BU Science & Engineering Research Symposium, Boston, Mass., March 2012. Co-presented with Feleke, N., Nimley, K., and Rohrer, F.
“Is Virtual for Real?” Research in Computer Science Seminar, Allegheny College, Meadville, Pa., February 2007.
“Friendly Virtual Machines: Leveraging a Feedback-Control Model for Application Adaptation.” VMware Inc., Boston, Mass., June 2006.
“A Virtual Deadline Scheduler for Window-Constrained Service Guarantees.” 25th IEEE International Real-Time Systems Symposium, Lisbon, Portugal, December 2004.
“End-to-End Window-Constrained Scheduling for Real-Time Communication.” 10th International Conference on Real-Time and Embedded Computing Systems and Applications, Gothenburg, Sweden, August 2004.
“Android Multilevel Protection Exploit.” Boston University Center for Reliable Information Systems & Cyber Security (RISCS), $7,000.
What is your area of expertise?
My past research has mainly focused on resource management in soft real-time systems, virtual machine systems, and internet end-systems, though my interests encompass all areas of computer systems. Currently, I’m focused on mobile computing and security, particularly on the Android platform. Anyone interested can find more detailed information from our Mobile Computing and Security Lab webpage.
Please tell us about your work. Can you share any current research or recent publications?
I’m currently working on two projects. The first is iSolationAlert, an effort which leverages data collected from smartphones to identify social isolation in mental illness. The challenge posed by limited access to mental health services has led to the increased implementation of mobile phone-based technologies, which can help improve the precision and ecological validity of assessment and treatment. But most of these technologies require patients to interact with a device or rely on some level of retrospective recall, and as such are subject to reporting bias. Our project utilizes smartphone sensing technology to support the collection of continuous, unobtrusive recording of social behavior in order to identify and intervene.
We developed iSolationAlert to serve as a social activity application that could help identify the social isolation of users based on information collected from their mobile phones. We also developed a speaker recognition algorithm which serves to automatically identify if the user is involved in a conversation—while respecting the user’s privacy by not storing any data from the conversation itself. This work was done in collaboration with Professor Daniel Fulford, of Sargent College, and Professor Richard West, of the College of Arts & Sciences, with funding by the Digital Health Initiative Research Award made possible by BU’s Rafik B. Hariri Institute for Computing and Computation Science and Engineering. We have finished the app’s development process and have moved to the stage where we collect and analyze preliminary data. The app was originally available via the Google Play store, but due to its research nature has been moved to our website, where it is available for download.
My second project is rooted in Android application security analysis and malware detection. For that, we proposed and developed a security analysis framework that documents a wide range of vulnerability metrics to then provide a unified and quantifiable method to evaluate the security threats in Android applications. We built and integrated a number of tools into this framework to automatically extract and analyze the security threats of Android apps from different sources. We are currently developing a web-based analysis tool to facilitate easier use of the functionality and help share of our analysis results. This tool allows the user to upload a single application and obtain its analyzed results. The user can also search applications from our database based on the keyword, and get those analysis results. The tool is also available on our website, although it is still under active development.
How does the subject you work in apply in practice? What is its application?
All my projects are designed to be very practical. Our objective is not only to solve problems in theory or in lab settings, but to develop tools that can be of use in the real world.
What course(s) do you teach at MET?
This past spring semester I taught Mobile Forensics and Security (MET CS 694) and Secure Software Development (MET CS 763). The Secure Software Development course was newly introduced this semester, designed with Master of Science in Software Development (MSSD) and Master of Science in Computer Science (MSCS) students in mind. Mobile Forensics and Security is a course I introduced in 2015, and both courses are rooted in relatively new and developing areas of the security field.
This summer, I will be teaching an online course: Mobile Application Development with Android (MET CS 683). In the past, I have taught Network Security (MET CS 690), and two of the MSCS core courses: Operating Systems (MET CS 575) and Software Engineering (MET CS 673).
I will also be spending time this summer developing the online version of our Software Engineering course, which we plan to launch next spring. I am very excited that online MSSD students will soon have the opportunity to take this course, and believe that they will benefit a lot from it.
Please highlight a particular project within these courses that most interests your students. If you previously worked in industry, what “real-life” exercises do you bring to class?
While my experience is mainly in academics, I also had some industry experience in different companies such as VMware, Intel, Linx, and Wisdom Ltd. I believe that hands-on experiences and real-life projects are very crucial for computer science students.
All my courses have lab or project components, or both. Both Software Engineering and Mobile Application Development with Android feature semester-long software development projects. Past students have developed a lot of cool and useful applications—mainly web or mobile applications. Some projects have even been put into daily usage in the real world.
In the security courses, we also have real-life exercises, such as extracting and analyzing the mobile phone data in Mobile Forensics and Security, or performing a buffer overflow attack in Software Engineering, among many others.