Ziming Zhao Headshot

Ziming Zhao

Assistant Professor
Department of Computing Security
Golisano College of Computing and Information Sciences

585-475-2811
Office Location
Office Mailing Address
152 Lomb Memorial Drive Rochester, NY 14623

Ziming Zhao

Assistant Professor
Department of Computing Security
Golisano College of Computing and Information Sciences

Education

BE, MS, Beijing University of Posts and Telecommunications (China); Ph.D., Arizona State University

Bio

Ziming Zhao is an assistant professor at the department of Computing Security and Center for Cybersecurity at RIT. He directs the CyberspACe securiTy and forensIcs lab (CactiLab) at RIT. He received a PhD degree in computer science from the Arizona State University in 2014. His research foci include system and software security, network security, usable and user-centric security, cybercrime and threat intelligence analytics. His research has led to 50+ publications in security conferences and journals, including IEEE S&P, ACM CCS, USENIX Security, NDSS, ACSAC, TISSEC, etc. He won a best paper award in ACM CODASPY 2014 and IEEE ITU Kaleidoscope 2016. He holds two US patents and is an advisory board member of a startup security company.

Currently Teaching

CSEC-741
3 Credits
This course is designed to provide students with knowledge of sensor network security with respect to practical implementations. In particular, secure sensor network design for Supervisor Control And Data Acquisition (SCADA) is discussed. SCADA encompasses technologies that manage and control much of the infrastructure that we depend on every day without realizing it. The failure or corruption of SCADA systems can not only be inconvenient but also hazardous when the resource is critical or life threatening. Securing SCADA systems is of great strategic importance. The role of sensor networks in SCADA is discussed and sensor security protocols for SCADA applications are evaluated and studied. To be successful in this course students should be knowledgeable in basic networking, systems, and security technologies.
CSEC-659
3 Credits
This course offers an opportunity to learn about a specific seminar topic in more depth. The course description will be replaced by the specific instance of the seminar, as it is proposed by faculty.
CSEC-750
3 Credits
Students will be introduced to the history, theory, methodology and implementation of various kinds of covert communications. Students will explore future techniques and uses of covert communications. More specifically students will explore possible uses of covert communications in the management of botnets. To be successful in this course students should be knowledgeable in networking, systems, and security technologies.
CSEC-490
3 Credits
This is a capstone course for students in the information security and forensics program. Students will apply knowledge and skills learned and work on real world projects in various areas of computing security. Projects may require performing security analysis of systems, networks, and software, etc., devising and implementing security solutions in real world applications.
CSEC-799
1 - 3 Credits
A student works with a faculty member to devise a plan of study on a topic in various areas of computing security. Deliverables, evaluation methods, and number of credits need to be specified in a written proposal. A final report and presentation in the form of a poster session is expected and graded at the end of the term.
CSEC-599
1 - 6 Credits
Students will work with a supervising faculty member on a project of mutual interest. Project design and evaluation will be determined through discussion with the supervising faculty member and documented through completion of an independent study form to be filed with the department of computing security.
CSEC-559
0 - 3 Credits
This course explores current topics in computing security. It is intended as a place holder course for faculty to experiment new course offerings in Computing Security undergraduate program. Course specific details change with respect to each specific focal area proposed by faculty.

Latest News

Select Scholarship

Published Conference Proceedings
Baek, Jaejong, et al. "Wi Not Calling: Practical Privacy and Availability Attacks in Wi-Fi Calling." Proceedings of the Annual Computer Security Applications Conference (ACSAC). Ed. N/A. N/A, Puerto Rico: n.p., 2018. Print.
Dixit, Vaibhav Hemant, et al. "AIM-SDN: Attacking Information Mismanagement in SDN-datastores." Proceedings of the ACM Conference on Computer and Communications Security (CCS). Ed. N/A. n.p., 2018. Print.
Cho, Haehyun, et al. "Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone." Proceedings of the Annual Computer Security Applications Conference (ACSAC). Ed. N/A. n.p., 2018. Print.
Gutierrez, Mauricio, et al. "CacheLight: Defeating the CacheKit Attack." Proceedings of the Workshop on Attacks and Solutions in Hardware Security (Ashes). Ed. N/A. n.p., 2018. Print.
Mabey, Mike, et al. "Challenges, Opportunities, and a Framework for Web Environment Forensics." Proceedings of the IFIP Working Group 11.9 Digital Forensics (11.9 Digital Forensics). Ed. N/A. n.p., 2018. Print.
Chandramouli, Sai Prashanth, et al. "Measuring E-Mail Header Injections on the World Wide Web." Proceedings of the ACM/SIGAPP Symposium On Applied Computing (SAC). Ed. N/A. n.p., 2018. Print.
Dixit, Vaibhav Hemant, et al. "Challenges and Preparedness of SDN-based Firewalls." Proceedings of the ACM Workshop on Security in Software Defined Networks and Network Function Virtualization (SDNNFV). Ed. N/A. Tempe, AZ: n.p., 2018. Print.
Sengupta, Sailik, et al. "A Game Theoretic Approach in Strategy Generation for Moving Target Defense in Web Applications." Proceedings of the International Conference on Autonomous Agents and Multiagent Systems. Ed. N/A. N/A, N/A: n.p., 2017. Print.
Deng, Juan, et al. "On the Safety and Efficiency of Virtual Firewall Elasticity Control." Proceedings of the Network and Distributed System Security Symposium (NDSS), 2017. Ed. N/A. N/A, N/A: n.p., 2017. Print.
Journal Paper
Chen, Jing, et al. "Uncovering the Face of Android Ransomware: Characterization and Real-time Detection." IEEE Transactions on Information Forensics & Security (TIFS). (2018): 0-0. Print.
Jing, Yiming, et al. "TRIPLEMON: A Multi-layer Security Framework for Mediating Inter-Process Communication on Android." Journal of Computer Security (JCS). (2016): 0-0. Print.