Yuval Elovici was born in Beer-Sheva, Israel in 1966. He received his B.Sc. and M.Sc. degrees in computer and electrical engineering from Ben-Gurion University of the Negev in 1989 and 1991, respectively. He received his Ph.D. from Tel Aviv University’s Faculty of Management's information systems program.
Career
Elovici began his academic career at BGU in 1998, where he served as a Senior Teaching Assistant/Instructor in the Department of Industrial Engineering and Management while pursuing his Ph.D. at Tel Aviv University. In 2000 he became a Lecturer in BGU's Department of InformationSystems Engineering. In 2006 he advanced to Senior Lecturer, and he received academic tenure in 2007. From 2010 through 2012 Elovici was an Associate Professor in the Department of Information Systems Engineering, and in 2012 he became a full Professor in this department which was recently renamed the Department of Software and Information Systems Engineering. He has held a variety of positions in academic administration at BGU as well. Since 2014 Elovici has served as the Director of BGU's Cyber Security Research Center, and since 2005 he has been the Director of Telekom Innovation Laboratories at BGU. In the past, he has served as Head of the Software Engineering Program at BGU.
Research
Elovici's research interests include Privacy and Anonymity in the Electronic Society, Malware Detection, Mobile Phone Security, and Web Intelligence and Social Network Security. Elovici has published over 75 academic papers, and he has been awarded 20 patents. He is a co-author of the book, A Survey of Data Leakage Detection and Prevention Solutions and co-editor of another book, Security and Privacy in Social Network.
Privacy and Anonymity in the Electronic Society
Although surfing the World Wide Web feels as if it is a bilateral private interaction, this impression is far from being accurate, as users leave identifiable digital tracks at every website they visit, and Elovici's research aims to address this. Elovici has demonstrated how a collaborative attack on the anonymity of Web users can be performed by analyzing only a small number of Internet routers. The computer security community has concentrated on improving users’ privacy by concealing their identities on the Web. However, users may want or need to identify themselves on the Web in order to receive certain services, while retaining the privacy of their interests, needs, and intentions. PRAW, the privacy model developed by Elovici, is aimed at hiding users’ navigation tracks, in an attempt to prevent eavesdroppers from inferring their profiles, while still allowing them to be identified. Securing data at rest stored in a database is a very challenging privacy-related task, and Elovici has developed a new database encryption scheme, SPDE, which preserves the structure of the database and encrypts its content, such that even the DBA cannot view or modify the database cells’ content.
Bridging the Air-Gap
Air-gapped networks in which the computer network is separated physically from other networks, specifically those that are less secure, are widely used to protect the networks of military defense systems and critical infrastructure. The air-gap isolation was once thought to be a means of successfully preventing sensitive data from leaking from critical networks; however, some of Elovici's recent research has challenged this, exposing techniques that enable attackers to leak data from these networks via covert channels, including electromagnetic, ultrasonic, thermal, optical channels. In each case, new types of attacks that can bridge the air-gap have been demonstrated.
Malware Detection
Malware detection is a central component of cyber security and the focus of the Telekom Innovation Laboratories at Ben-Gurion University's flagship project: Net Centric Security, which is aimed at purifying NSP networks of malware. As Director of the laboratories, Elovici developed methods based on machine learning techniques for detecting whether a suspected file is malicious or benign. The methods were based on static code analysis and dynamic code analysis, where the suspected file activity was monitored in a sandbox. One of the challenges associated with this research was the synthesis of powerful malware signatures yielding a low false positive detection rate. The issues of detection scalability and performance were addressed in by employing the complex network theory to pinpoint the most influential set of routers for employing monitoring and filtering devices. This research was extended, to find the optimal places for deploying a scribing center for mitigating the denial of service attack launched via botnets.
Before Android-based mobile devices were introduced into the market for the first time by T-Mobile USA, Elovici was asked to study Android vulnerabilities, threats, and security mechanisms. The findings were summarized in several publications. Following this analysis, he developed several security mechanisms for the Android platform, demonstrating how to secure Android mobile devices using SELinux and developing several prototypes of an intrusion detection system for strengthening Android-based devices based on various techniques, such as temporal reasoning and anomaly detection. In addition, an efficient, collaborative application-monitoring scheme was developed for mobile devices that allow the devices to detect malicious applications without relying on a central authority.
Web Intelligence and Social Network Security
Terrorist groups use the Web as their infrastructure for various purposes. Elovici designed the advanced terrorist detection system which analyzes the content of information accessed by Web users in order to track down online access to abnormal content, including terrorist-generated sites; ATDS was developed and evaluated using real users and terror-related data. In other research, he hypothesized that a new type of information security threat may involve a class of malware that does not have the goal of corrupting and taking control of the machines it infects or stealing specific information stored on them. This research focused on malware aimed at stealing social network and behavioral information through data collection and network science inference techniques. Elovici referred to this type of attack as the stealing-reality attack, and he demonstrated how such an attack can propagate in real social networks. Link prediction in social networks is one of the key tools in Web intelligence, and Elovici developed a very accurate link prediction algorithm to detect fake profiles in social networks which was evaluated on several large social networks. Fake profiles which proliferate on social networks may be used for good as well as malicious purposes, and the link prediction algorithm may allow identifying a connection between terrorists that does not exist in a social graph. Elovici also developed the Social Network Protector, software based on advanced detection mechanisms that can help teenagers identify suspicious members in their social network. The Social Network Protector Facebook app was installed by more than 3000 users.