2024
Retrofitting XoM for Stripped Binaries without Embedded Data Relocation.
CoRR, 2024
Towards Intelligent Automobile Cockpit via A New Container Architecture.
Proceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation, 2024
2023
Reverse Engineering of Obfuscated Lua Bytecode via Interpreter Semantics Testing.
IEEE Trans. Inf. Forensics Secur., 2023
Capturing Invalid Input Manipulations for Memory Corruption Diagnosis.
IEEE Trans. Dependable Secur. Comput., 2023
Security Analysis of Zigbee Protocol Implementation via Device-agnostic Fuzzing.
DTRAP, 2023
On the Feasibility of Malware Unpacking via Hardware-assisted Loop Profiling.
Proceedings of the 32nd USENIX Security Symposium, 2023
Leveraging Hardware Performance Counters for Efficient Classification of Binary Packers.
Proceedings of the 22nd IEEE International Conference on Trust, 2023
Assessing Risk in High Performance Computing Attacks.
Proceedings of the 9th International Conference on Information Systems Security and Privacy, 2023
Intelligent Zigbee Protocol Fuzzing via Constraint-Field Dependency Inference.
Proceedings of the Computer Security - ESORICS 2023, 2023
PackGenome: Automatically Generating Robust YARA Rules for Accurate Malware Packer Detection.
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023
2022
PolyCruise: A Cross-Language Dynamic Information Flow Analysis.
Proceedings of the 31st USENIX Security Symposium, 2022
Chosen-Instruction Attack Against Commercial Code Virtualization Obfuscators.
Proceedings of the 29th Annual Network and Distributed System Security Symposium, 2022
One size does not fit all: security hardening of MIPS embedded systems via static binary debloating for shared libraries.
Proceedings of the ASPLOS '22: 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Lausanne, Switzerland, 28 February 2022, 2022
2021
Z-Fuzzer: device-agnostic fuzzing of Zigbee protocol implementation.
Proceedings of the WiSec '21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Abu Dhabi, United Arab Emirates, 28 June, 2021
MBA-Blast: Unveiling and Simplifying Mixed Boolean-Arithmetic Obfuscation.
Proceedings of the 30th USENIX Security Symposium, 2021
Obfuscation-Resilient Executable Payload Extraction From Packed Malware.
Proceedings of the 30th USENIX Security Symposium, 2021
Boosting SMT solver performance on mixed-bitwise-arithmetic expressions.
Proceedings of the PLDI '21: 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, 2021
Unleashing the hidden power of compiler optimization on binary code difference: an empirical study.
Proceedings of the PLDI '21: 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, 2021
App's Auto-Login Function Security Testing via Android OS-Level Virtualization.
Proceedings of the 43rd IEEE/ACM International Conference on Software Engineering, 2021
Towards Transparent and Stealthy Android OS Sandboxing via Customizable Container-Based Virtualization.
Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021
2020
Layered obfuscation: a taxonomy of software obfuscation techniques for layered security.
Cybersecur., 2020
Android Data-Clone Attack via Operating System Customization.
IEEE Access, 2020
PatchScope: Memory Object Centric Patch Diffing.
Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020
VAHunt: Warding Off New Repackaged Android Malware in App-Virtualization's Clothing.
Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020
Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation.
Proceedings of the ACSAC '20: Annual Computer Security Applications Conference, 2020
2019
"Jekyll and Hyde" is Risky: Shared-Everything Threat Mitigation in Dual-Instance Apps.
Proceedings of the 17th Annual International Conference on Mobile Systems, 2019
Capturing the Persistence of Facial Expression Features for Deepfake Video Detection.
Proceedings of the Information and Communications Security - 21st International Conference, 2019
MetaHunt: Towards Taming Malware Mutation via Studying the Evolution of Metamorphic Virus.
Proceedings of the 3rd ACM Workshop on Software Protection, 2019
2018
Resetting Your Password Is Vulnerable: A Security Study of Common SMS-Based Authentication in IoT Device.
Wirel. Commun. Mob. Comput., 2018
Towards Predicting Efficient and Anonymous Tor Circuits.
Proceedings of the 27th USENIX Security Symposium, 2018
VMHunt: A Verifiable Approach to Partially-Virtualized Binary Code Simplification.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018
Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018
StateDroid: Stateful Detection of Stealthy Attacks in Android Apps via Horn-Clause Verification.
Proceedings of the 34th Annual Computer Security Applications Conference, 2018
2017
MalwareHunt: semantics-based malware diffing speedup by normalized basic block memoization.
J. Comput. Virol. Hacking Tech., 2017
Impeding behavior-based malware analysis via replacement attacks to malware specifications.
J. Comput. Virol. Hacking Tech., 2017
Semantics-Based Obfuscation-Resilient Binary Code Similarity Comparison with Applications to Software and Algorithm Plagiarism Detection.
IEEE Trans. Software Eng., 2017
BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking.
Proceedings of the 26th USENIX Security Symposium, 2017
Cryptographic Function Detection in Obfuscated Binaries via Bit-Precise Symbolic Loop Mapping.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017
2016
Deviation-Based Obfuscation-Resilient Program Equivalence Checking With Application to Software Plagiarism Detection.
IEEE Trans. Reliab., 2016
BinCFP: Efficient Multi-threaded Binary Code Control Flow Profiling.
Proceedings of the 16th IEEE International Working Conference on Source Code Analysis and Manipulation, 2016
StraightTaint: decoupled offline symbolic taint analysis.
Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, 2016
Generalized Dynamic Opaque Predicates: A New Control Flow Obfuscation Method.
Proceedings of the Information Security - 19th International Conference, 2016
Translingual Obfuscation.
Proceedings of the IEEE European Symposium on Security and Privacy, 2016
Program-object Level Data Flow Analysis with Applications to Data Leakage and Contamination Forensics.
Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, 2016
2015
Automatic building information model query generation.
J. Inf. Technol. Constr., 2015
TaintPipe: Pipelined Symbolic Taint Analysis.
Proceedings of the 24th USENIX Security Symposium, 2015
Memoized Semantics-Based Binary Diffing with Application to Malware Lineage Inference.
Proceedings of the ICT Systems Security and Privacy Protection, 2015
LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015
Replacement Attacks: Automatically Impeding Behavior-Based Malware Specifications.
Proceedings of the Applied Cryptography and Network Security, 2015
2014
Semantics-based obfuscation-resilient binary code similarity comparison with applications to software plagiarism detection.
Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, (FSE-22), Hong Kong, China, November 16, 2014
2012
iBinHunt: Binary Hunting with Inter-procedural Control Flow.
Proceedings of the Information Security and Cryptology - ICISC 2012, 2012
2011
Towards ground truthing observations in gray-box anomaly detection.
Proceedings of the 5th International Conference on Network and System Security, 2011
Linear Obfuscation to Combat Symbolic Execution.
Proceedings of the Computer Security - ESORICS 2011, 2011
2009
Denial-of-Service Attacks on Host-Based Generic Unpackers.
Proceedings of the Information and Communications Security, 11th International Conference, 2009