2024
Methods and Benchmark for Detecting Cryptographic API Misuses in Python.
IEEE Trans. Software Eng., May, 2024
Measurement of Embedding Choices on Cryptographic API Completion Tasks.
ACM Trans. Softw. Eng. Methodol., March, 2024
Rebuttal How-To: Strategies, Tactics, and the Big Picture in Research.
Commun. ACM, January, 2024
Semi-Supervised Code Translation Overcoming the Scarcity of Parallel Code Data.
Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, 2024
A First Look at Security and Privacy Risks in the RapidAPI Ecosystem.
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024
2023
Spatiotemporal estimations of temperature rise during electroporation treatments using a deep neural network.
Comput. Biol. Medicine, July, 2023
Specializing Neural Networks for Cryptographic Code Completion Applications.
IEEE Trans. Software Eng., June, 2023
Evaluation of Static Vulnerability Detection Tools With Java Cryptographic API Benchmarks.
IEEE Trans. Software Eng., February, 2023
Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?
IEEE Trans. Software Eng., 2023
Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases.
DTRAP, 2023
Deep Phenotyping of Non-Alcoholic Fatty Liver Disease Patients with Genetic Factors for Insights into the Complex Disease.
CoRR, 2023
How well does LLM generate security tests?
CoRR, 2023
Crypto-ransomware Detection through Quantitative API-based Behavioral Profiling.
CoRR, 2023
Not All Data are Created Equal: Data and Pointer Prioritization for Scalable Protection Against Data-Oriented Attacks.
Proceedings of the 32nd USENIX Security Symposium, 2023
DRGCoder: Explainable Clinical Coding for the Early Prediction of Diagnostic-Related Groups.
Proceedings of the 2023 Conference on Empirical Methods in Natural Language Processing, 2023
Poster: Cybersecurity Usage in the Wild: A look at Deployment Challenges in Intrusion Detection and Alert Handling.
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023
A First Look at Toxicity Injection Attacks on Open-domain Chatbots.
Proceedings of the Annual Computer Security Applications Conference, 2023
SpanL: Creating Algorithms for Automatic API Misuse Detection with Program Analysis Compositions.
Proceedings of the Applied Cryptography and Network Security Workshops, 2023
2022
From Theory to Code: Identifying Logical Flaws in Cryptographic Implementations in C/C++.
IEEE Trans. Dependable Secur. Comput., 2022
Being the Developers' Friend: Our Experience Developing a High-Precision Tool for Secure Coding.
,
,
,
,
,
,
,
,
,
,
,
,
,
,
IEEE Secur. Priv., 2022
Deep Learning-based Anomaly Detection in Cyber-physical Systems: Progress and Opportunities.
ACM Comput. Surv., 2022
Privacy Guarantees of Bluetooth Low Energy Contact Tracing: A Case Study on COVIDWISE.
Computer, 2022
Industrial Strength Static Detection for Cryptographic API Misuses.
Proceedings of the IEEE Secure Development Conference, 2022
How Do Developers Follow Security-Relevant Best Practices When Using NPM Packages?
Proceedings of the IEEE Secure Development Conference, 2022
Example-based vulnerability detection and repair in Java code.
Proceedings of the 30th IEEE/ACM International Conference on Program Comprehension, 2022
Poster: Comprehensive Comparisons of Embedding Approaches for Cryptographic API Completion.
Proceedings of the 44th IEEE/ACM International Conference on Software Engineering: Companion Proceedings, 2022
Privacy Guarantees of BLE Contact Tracing for COVID-19 and Beyond: A Case Study on COVIDWISE.
Proceedings of the ASIA CCS '22: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May 2022, 2022
2021
Exploitation Techniques for Data-oriented Attacks with Existing and Potential Defense Approaches.
ACM Trans. Priv. Secur., 2021
Checking is Believing: Event-Aware Program Anomaly Detection in Cyber-Physical Systems.
IEEE Trans. Dependable Secur. Comput., 2021
Context-Rich Privacy Leakage Analysis Through Inferring Apps in Smart Home IoT.
IEEE Internet Things J., 2021
ACSAC 2020: Furthering the Quest to Tackle Hard Problems and Find Practical Solutions.
IEEE Secur. Priv., 2021
Privacy Guarantees of BLE Contact Tracing: A Case Study on COVIDWISE.
CoRR, 2021
Embedding Code Contexts for Cryptographic API Suggestion: New Methodologies and Comparisons.
CoRR, 2021
Data-Driven Vulnerability Detection and Repair in Java Code.
CoRR, 2021
Depth and persistence: what researchers need to know about impostor syndrome.
Commun. ACM, 2021
Tutorial: Investigating Advanced Exploits for System Security Assurance.
Proceedings of the IEEE Secure Development Conference, 2021
Measurement of Local Differential Privacy Techniques for IoT-based Streaming Data.
Proceedings of the 18th International Conference on Privacy, Security and Trust, 2021
Measurable and Deployable Security: Gaps, Successes, and Opportunities.
Proceedings of the CODASPY '21: Eleventh ACM Conference on Data and Application Security and Privacy, 2021
2020
Identifying Mobile Inter-App Communication Risks.
IEEE Trans. Mob. Comput., 2020
Detection of Repackaged Android Malware with Code-Heterogeneity Features.
IEEE Trans. Dependable Secur. Comput., 2020
Prediction of High-Performance Computing Input/Output Variability and Its Application to Optimization for System Configurations.
CoRR, 2020
Prioritizing data flows and sinks for app security transformation.
Comput. Secur., 2020
Tutorial: Principles and Practices of Secure Cryptographic Coding in Java.
Proceedings of the IEEE Secure Development, SecDev 2020, Atlanta, GA, USA, 2020
Coding Practices and Recommendations of Spring Security for Enterprise Applications.
Proceedings of the IEEE Secure Development, SecDev 2020, Atlanta, GA, USA, 2020
GPU-Based Static Data-Flow Analysis for Fast and Scalable Android App Vetting.
Proceedings of the 2020 IEEE International Parallel and Distributed Processing Symposium (IPDPS), 2020
Investigating The Reproducibility of NPM Packages.
Proceedings of the IEEE International Conference on Software Maintenance and Evolution, 2020
Deployment-quality and Accessible Solutions for Cryptography Code Development.
Proceedings of the CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy, 2020
A Comprehensive Benchmark on Java Cryptographic API Misuses.
Proceedings of the CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy, 2020
Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP.
Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020
2019
DroidCat: Effective Android Malware Detection and Categorization via App-Level Profiling.
IEEE Trans. Inf. Forensics Secur., 2019
Measuring Attack Surface Reduction in the Presence of Code (Re-)Randomization.
CoRR, 2019
Exploitation Techniques and Defenses for Data-Oriented Attacks.
CoRR, 2019
Comparative Measurement of Cache Configurations' Impacts on Cache Timing Side-Channel Attacks.
Proceedings of the 12th USENIX Workshop on Cyber Security Experimentation and Test, 2019
CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses.
Proceedings of the 2019 IEEE Cybersecurity Development, 2019
Exploitation Techniques and Defenses for Data-Oriented Attacks.
Proceedings of the 2019 IEEE Cybersecurity Development, 2019
Neural Cryptanalysis: Metrics, Methodology, and Applications in CPS Ciphers.
Proceedings of the 2019 IEEE Conference on Dependable and Secure Computing, 2019
Poster: Deployment-quality and Accessible Solutions for Cryptography Code Development.
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019
CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019
Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations.
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019
2018
CHIRON: Deployment-quality Detection of Java Cryptographic Vulnerabilities.
CoRR, 2018
FrameHanger: Evaluating and Classifying Iframe Injection at Large Scale.
Proceedings of the Security and Privacy in Communication Networks, 2018
Tutorial: Principles and Practices of Secure Crypto Coding in Java.
Proceedings of the 2018 IEEE Cybersecurity Development, SecDev 2018, Cambridge, MA, USA, 2018
Data Breach and Multiple Points to Stop It.
Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, 2018
Needle in a Haystack: Tracking Down Elite Phishing Domains in the Wild.
Proceedings of the Internet Measurement Conference 2018, 2018
Secure coding practices in Java: challenges and vulnerabilities.
Proceedings of the 40th International Conference on Software Engineering, 2018
Novel meshes for multivariate interpolation and approximation.
,
,
,
,
,
,
,
,
,
,
,
Proceedings of the ACMSE 2018 Conference, Richmond, KY, USA, March 29-31, 2018, 2018
2017
Anomaly Detection as a Service: Challenges, Advances, and Opportunities
Synthesis Lectures on Information Security, Privacy, and Trust, Morgan & Claypool Publishers, ISBN: 978-3-031-02354-5, 2017
Enterprise data breach: causes, challenges, prevention, and future directions.
WIREs Data Mining Knowl. Discov., 2017
Long-Span Program Behavior Modeling and Attack Detection.
ACM Trans. Priv. Secur., 2017
Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation.
Proc. Priv. Enhancing Technol., 2017
Breaking the Target: An Analysis of Target Data Breach and Lessons Learned.
CoRR, 2017
Measuring the Insecurity of Mobile Deep Links of Android.
Proceedings of the 26th USENIX Security Symposium, 2017
MR-Droid: A Scalable and Prioritized Analysis of Inter-App Communication Risks.
Proceedings of the 2017 IEEE Security and Privacy Workshops, 2017
Program Analysis of Cryptographic Implementations for Security.
Proceedings of the IEEE Cybersecurity Development, SecDev 2017, Cambridge, MA, USA, 2017
A First Look: Using Linux Containers for Deceptive Honeypots.
Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense, 2017
Prioritized Analysis of Inter-App Communication Risks.
Proceedings of the Seventh ACM Conference on Data and Application Security and Privacy, 2017
Black penguin: On the feasibility of detecting intrusion with homogeneous memory.
Proceedings of the 2017 IEEE Conference on Communications and Network Security, 2017
On Threat Modeling and Mitigation of Medical Cyber-Physical Systems.
Proceedings of the Second IEEE/ACM International Conference on Connected Health: Applications, 2017
CCS 2017: Women in Cyber Security (CyberW) Workshop.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017
Cloud Data Analytics for Security: Applications, Challenges, and Opportunities.
Proceedings of the Fifth ACM International Workshop on Security in Cloud Computing, 2017
ReDroid: Prioritizing Data Flows and Sinks for App Security Transformation.
Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, 2017
POSTER: Detection of CPS Program Anomalies by Enforcing Cyber-Physical Execution Semantics.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017
Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications.
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017
Orpheus: Enforcing Cyber-Physical Execution Semantics to Defend Against Data-Oriented Attacks.
Proceedings of the 33rd Annual Computer Security Applications Conference, 2017
2016
Fast Detection of Transformed Data Leaks.
IEEE Trans. Inf. Forensics Secur., 2016
Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming.
IEEE Trans. Dependable Secur. Comput., 2016
Causality reasoning about network events for detecting stealthy malware activities.
Comput. Secur., 2016
Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware.
Proceedings of the 2016 IEEE Security and Privacy Workshops, 2016
ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications.
Proceedings of the 8th IFIP International Conference on New Technologies, 2016
DECT: Distributed Evolving Context Tree for Mining Web Behavior Evolution.
Proceedings of the 19th International Conference on Extending Database Technology, 2016
A Sharper Sense of Self: Probabilistic Reasoning of Program Behaviors for Anomaly Detection with Context Sensitivity.
Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2016
Program Anomaly Detection: Methodology and Practices.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016
Causality-based Sensemaking of Network Traffic for Android Application Security.
Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, 2016
O3FA: A Scalable Finite Automata-based Pattern-Matching Engine for Out-of-Order Deep Packet Inspection.
Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems, 2016
DECT: Distributed Evolving Context Tree for Understanding User Behavior Pattern Evolution.
Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence, 2016
2015
Privacy-Preserving Detection of Sensitive Data Exposure.
IEEE Trans. Inf. Forensics Secur., 2015
Profiling user-trigger dependence for Android malware detection.
Comput. Secur., 2015
A Formal Framework for Program Anomaly Detection.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2015
Rapid and parallel content screening for detecting transformed data exposure.
Proceedings of the 2015 IEEE Conference on Computer Communications Workshops, 2015
MadeCR: Correlation-based malware detection for cognitive radio.
Proceedings of the 2015 IEEE Conference on Computer Communications, 2015
Probabilistic Program Modeling for High-Precision Anomaly Classification.
Proceedings of the IEEE 28th Computer Security Foundations Symposium, 2015
Visualizing Traffic Causality for Analyzing Network Anomalies.
Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics, 2015
Rapid Screening of Transformed Data Leaks with Efficient Algorithms and Parallel Computing.
Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, 2015
Privacy-Preserving Scanning of Big Content for Sensitive Data Exposure with MapReduce.
Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, 2015
Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015
2014
Process Authentication for High System Assurance.
IEEE Trans. Dependable Secur. Comput., 2014
Comprehensive Behavior Profiling for Proactive Android Malware Detection.
Proceedings of the Information Security - 17th International Conference, 2014
High Precision Screening for Android Malware with Dimensionality Reduction.
Proceedings of the 13th International Conference on Machine Learning and Applications, 2014
Role-playing game for studying user behaviors in security: A case study on email secrecy.
Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, 2014
DroidBarrier: know what is executing on your android.
Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy, 2014
Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014
2013
DNS for Massive-Scale Command and Control.
IEEE Trans. Dependable Secur. Comput., 2013
Massive distributed and parallel log analysis for organizational security.
Proceedings of the Workshops Proceedings of the Global Communications Conference, 2013
CloudSafe: Securing data processing within vulnerable virtualization environments in the cloud.
Proceedings of the IEEE Conference on Communications and Network Security, 2013
A semantic-aware approach to reasoning about network traffic relations.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013
Device-based Isolation for Securing Cryptographic Keys.
Proceedings of the 4th International Conference on Ambient Systems, 2013
2012
Data-Provenance Verification For Secure Hosts.
IEEE Trans. Dependable Secur. Comput., 2012
Adaptive Key Protection in Complex Cryptosystems with Attributes.
IACR Cryptol. ePrint Arch., 2012
Robustness of keystroke-dynamics based biometrics against synthetic forgeries.
Comput. Secur., 2012
User Intention-Based Traffic Dependence Analysis for Anomaly Detection.
Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops, 2012
Data Leak Detection as a Service.
Proceedings of the Security and Privacy in Communication Networks, 2012
A semantics aware approach to automated reverse engineering unknown protocols.
Proceedings of the 20th IEEE International Conference on Network Protocols, 2012
Towards end-to-end secure content storage and delivery with public cloud.
Proceedings of the Second ACM Conference on Data and Application Security and Privacy, 2012
Identifying native applications with high assurance.
Proceedings of the Second ACM Conference on Data and Application Security and Privacy, 2012
2011
K2C: Cryptographic Cloud Storage with Lazy Revocation and Anonymous Access.
Proceedings of the Security and Privacy in Communication Networks, 2011
CloudSeal: End-to-End Content Protection in Cloud-Based Storage and Delivery Services.
Proceedings of the Security and Privacy in Communication Networks, 2011
Detecting infection onset with behavior-based policies.
Proceedings of the 5th International Conference on Network and System Security, 2011
Inferring Protocol State Machine from Network Traces: A Probabilistic Approach.
Proceedings of the Applied Cryptography and Network Security, 2011
Quantitatively Analyzing Stealthy Communication Channels.
Proceedings of the Applied Cryptography and Network Security, 2011
2010
Independently Verifiable Decentralized Role-Based Delegation.
IEEE Trans. Syst. Man Cybern. Part A, 2010
Applications and Security of Next-Generation, User-Centric Wireless Systems.
Future Internet, 2010
Detecting the Onset of Infection for Secure Hosts.
Proceedings of the Recent Advances in Intrusion Detection, 13th International Symposium, 2010
Keystroke-dynamics authentication against synthetic forgeries.
Proceedings of the 6th International Conference on Collaborative Computing: Networking, 2010
Towards publishing recommendation data with predictive anonymization.
Proceedings of the 5th ACM Symposium on Information, 2010
2009
Forward-Secure Hierarchical IBE with Applications to Broadcast Encryption.
Proceedings of the Identity-Based Cryptography, 2009
Compact and Anonymous Role-Based Authorization Chain.
ACM Trans. Inf. Syst. Secur., 2009
Building robust authentication systems with activity-based personal questions.
Proceedings of the 2nd ACM Workshop on Assurable and Usable Security Configuration, 2009
Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases.
Proceedings of the Privacy Enhancing Technologies, 9th International Symposium, 2009
Detection and Prevention of Insider Threats in Database Driven Web Services.
Proceedings of the Trust Management III, Third IFIP WG 11.11 International Conference, 2009
User-Assisted Host-Based Detection of Outbound Malware Traffic.
Proceedings of the Information and Communications Security, 11th International Conference, 2009
Privacy-aware identity management for client-side mashup applications.
Proceedings of the 5th Workshop on Digital Identity Management, 2009
Towards automatic privacy management in Web 2.0 with semantic analysis on annotations.
Proceedings of the 5th International Conference on Collaborative Computing: Networking, 2009
The union-split algorithm and cluster-based anonymization of social networks.
Proceedings of the 2009 ACM Symposium on Information, 2009
2008
Privacy-Aware Authentication and Authorization in Trust Management.
PhD thesis, 2008
Efficient and Secure Content Processing and Distribution by Cooperative Intermediaries.
IEEE Trans. Parallel Distributed Syst., 2008
Private Information: To Reveal or not to Reveal.
ACM Trans. Inf. Syst. Secur., 2008
Notarized federated ID management and authentication.
J. Comput. Secur., 2008
Securing location aware services over VANET using geographical secure path routing.
Proceedings of the IEEE International Conference on Vehicular Electronics and Safety, 2008
An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing.
Proceedings of the 2008 International Conference on Security & Management, 2008
SelectAudit: A Secure and Efficient Audit Framework for Networked Virtual Environments.
Proceedings of the Collaborative Computing: Networking, 2008
Improving Email Trustworthiness through Social-Group Key Authentication.
Proceedings of the CEAS 2008, 2008
Efficient signature schemes supporting redaction, pseudonymization, and data deidentification.
Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, 2008
OMOS: A Framework for Secure Communication in Mashup Applications.
Proceedings of the Twenty-Fourth Annual Computer Security Applications Conference, 2008
2007
Decentralized authorization and data security in web content delivery.
Proceedings of the 2007 ACM Symposium on Applied Computing (SAC), 2007
Private Distributed Scalar Product Protocol With Application To Privacy-Preserving Computation of Trust.
Proceedings of the Trust Management, 2007
Privacy-Preserving Schema Matching Using Mutual Information.
Proceedings of the Data and Applications Security XXI, 2007
2006
Point-Based Trust: Define How Much Privacy Is Worth.
Proceedings of the Information and Communications Security, 8th International Conference, 2006
Notarized Federated Identity Management for Web Services.
Proceedings of the Data and Applications Security XX, 2006
2005
Visualization of Automated Trust Negotiation.
Proceedings of the 2nd IEEE Workshop on Visualization for Computer Security, 2005
On Improving the Performance of Role-Based Cascaded Delegation in Ubiquitous Computing.
Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005
Accredited DomainKeys: A Service Architecture for Improved Email Validation.
Proceedings of the CEAS 2005, 2005
2004
ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption.
IACR Cryptol. ePrint Arch., 2004
Role-based cascaded delegation.
Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, 2004