2025
Enhanced Differential Testing in Emerging Database Systems.
CoRR, January, 2025
2024
Fuzzing the PHP Interpreter via Dataflow Fusion.
CoRR, 2024
MASKDROID: Robust Android Malware Detection with Masked Graph Representations.
CoRR, 2024
Unraveling the Key of Machine Learning Solutions for Android Malware Detection.
CoRR, 2024
UIHash: Detecting Similar Android UIs through Grid-Based Visual Appearance Representation.
Proceedings of the 33rd USENIX Security Symposium, 2024
CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning.
Proceedings of the 27th International Symposium on Research in Attacks, 2024
KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities.
Proceedings of the 27th International Symposium on Research in Attacks, 2024
MaskDroid: Robust Android Malware Detection with Masked Graph Representations.
Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, 2024
VulZoo: A Comprehensive Vulnerability Intelligence Dataset.
Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, 2024
Detecting Logic Bugs in Graph Database Management Systems via Injective and Surjective Graph Query Transformation.
Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, 2024
The HitchHiker's Guide to High-Assurance System Observability Protection with Efficient Permission Switches.
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024
2023
I Know Your Social Network Accounts: A Novel Attack Architecture for Device-Identity Association.
IEEE Trans. Dependable Secur. Comput., 2023
Learning Graph-based Code Representations for Source-level Functional Similarity Detection.
Proceedings of the 45th IEEE/ACM International Conference on Software Engineering, 2023
2022
Semantic-Fuzzing-Based Empirical Analysis of Voice Assistant Systems of Asian Symbol Languages.
IEEE Internet Things J., 2022
FlowMatrix: GPU-Assisted Information-Flow Analysis through Matrix-Based Representation.
Proceedings of the 31st USENIX Security Symposium, 2022
FreeWill: Automatically Diagnosing Use-after-free Bugs via Reference Miscounting Detection on Binaries.
Proceedings of the 31st USENIX Security Symposium, 2022
SHADEWATCHER: Recommendation-guided Cyber Threat Analysis using System Audit Records.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022
TeLL: log level suggestions via modeling multi-level code block information.
Proceedings of the ISSTA '22: 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, South Korea, July 18, 2022
AttacKG: Constructing Technique Knowledge Graph from Cyber Threat Intelligence Reports.
Proceedings of the Computer Security - ESORICS 2022, 2022
Extensible Virtual Call Integrity.
Proceedings of the Computer Security - ESORICS 2022, 2022
PalanTír: Optimizing Attack Provenance with Hardware-enhanced System Observability.
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022
Non-uniform Deformation Behavior of Magneto-Sensitive Elastomer Containing Uniform Sphere Particles with V-ShapedArrangement.
Proceedings of the Bio-Inspired Computing: Theories and Applications, 2022
RecIPE: Revisiting the Evaluation of Memory Error Defenses.
Proceedings of the ASIA CCS '22: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May 2022, 2022
2021
Scrutinizing Implementations of Smart Home Integrations.
IEEE Trans. Software Eng., 2021
WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.
Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021
Identifying privacy weaknesses from multi-party trigger-action integration platforms.
Proceedings of the ISSTA '21: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2021
2020
Asia's surging interest in binary analysis.
Commun. ACM, 2020
Robust P2P Primitives Using SGX Enclaves.
Proceedings of the 40th IEEE International Conference on Distributed Computing Systems, 2020
2019
I Can See Your Brain: Investigating Home-Use Electroencephalography System Security.
IEEE Internet Things J., 2019
Phishing page detection via learning classifiers from page layout feature.
EURASIP J. Wirel. Commun. Netw., 2019
Adversarial Neural Network Inversion via Auxiliary Knowledge Alignment.
CoRR, 2019
Understanding Rowhammer Attacks through the Lens of a Unified Reference Framework.
CoRR, 2019
Fuzzing Program Logic Deeply Hidden in Binary Program Stages.
Proceedings of the 26th IEEE International Conference on Software Analysis, 2019
Detecting Android Side Channel Probing Attacks Based on System States.
Proceedings of the Wireless Algorithms, Systems, and Applications, 2019
One Engine To Serve 'em All: Inferring Taint Rules Without Architectural Semantics.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019
LightSense: A Novel Side Channel for Zero-permission Mobile User Tracking.
Proceedings of the Information Security - 22nd International Conference, 2019
Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment.
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019
2018
SplitPass: A Mutually Distrusting Two-Party Password Manager.
J. Comput. Sci. Technol., 2018
Automated identification of sensitive data from implicit user specification.
Cybersecur., 2018
Detecting Malicious Behaviors in JavaScript Applications.
IEEE Access, 2018
Automated Identification of Sensitive Data via Flexible User Requirements.
Proceedings of the Security and Privacy in Communication Networks, 2018
A Novel Graph-based Mechanism for Identifying Traffic Vulnerabilities in Smart Home IoT.
Proceedings of the 2018 IEEE Conference on Computer Communications, 2018
HOMESCAN: Scrutinizing Implementations of Smart Home Integrations.
Proceedings of the 23rd International Conference on Engineering of Complex Computer Systems, 2018
Robust Detection of Android UI Similarity.
Proceedings of the 2018 IEEE International Conference on Communications, 2018
DTaint: Detecting the Taint-Style Vulnerability in Embedded Device Firmware.
Proceedings of the 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2018
2017
Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android.
IEEE Trans. Inf. Forensics Secur., 2017
Toward Exposing Timing-Based Probing Attacks in Web Applications.
Sensors, 2017
Robust Synchronous P2P Primitives Using SGX Enclaves.
IACR Cryptol. ePrint Arch., 2017
RoppDroid: Robust permission re-delegation prevention in Android inter-component communication.
Comput. Secur., 2017
Phishing-Alarm: Robust and Efficient Phishing Detection via Page Component Similarity.
IEEE Access, 2017
Phishing Website Detection Based on Effective CSS Features of Web Pages.
Proceedings of the Wireless Algorithms, Systems, and Applications, 2017
Neural Nets Can Learn Function Type Signatures From Binaries.
Proceedings of the 26th USENIX Security Symposium, 2017
Privilege Leakage and Information Stealing through the Android Task Mechanism.
Proceedings of the IEEE Symposium on Privacy-Aware Computing, 2017
Automatically assessing crashes from heap overflows.
Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, 2017
Detecting Phishing Websites via Aggregation Analysis of Page Layouts.
Proceedings of the 2017 International Conference on Identification, 2017
Enabling practical experimentation in cyber-security training.
Proceedings of the IEEE Conference on Dependable and Secure Computing, 2017
2016
A Framework for Practical Dynamic Software Updating.
IEEE Trans. Parallel Distributed Syst., 2016
Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation.
Proc. Priv. Enhancing Technol., 2016
Automatic permission inference for hybrid mobile apps.
J. High Speed Networks, 2016
Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks.
Proceedings of the IEEE Symposium on Security and Privacy, 2016
A Function-Level Behavior Model for Anomalous Behavior Detection in Hybrid Mobile Applications.
Proceedings of the International Conference on Identification, 2016
"The Web/Local" Boundary Is Fuzzy: A Security Study of Chrome's Process-based Sandboxing.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016
2015
I Know Where You've Been: Geo-Inference Attacks via the Browser Cache.
IEEE Internet Comput., 2015
Man-in-the-browser-cache: Persisting HTTPS attacks via browser cache poisoning.
Comput. Secur., 2015
Automatic Generation of Data-Oriented Exploits.
Proceedings of the 24th USENIX Security Symposium, 2015
Identifying Arbitrary Memory Access Vulnerabilities in Privilege-Separated Software.
Proceedings of the Computer Security - ESORICS 2015, 2015
Web-to-Application Injection Attacks on Android: Characterization and Detection.
Proceedings of the Computer Security - ESORICS 2015, 2015
2014
A Light-Weight Software Environment for Confining Android Malware.
Proceedings of the IEEE Eighth International Conference on Software Security and Reliability, 2014
You Can't Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers.
Proceedings of the Research in Attacks, Intrusions and Defenses, 2014
AirBag: Boosting Smartphone Resistance to Malware Infection.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014
A Usage-Pattern Perspective for Privacy Ranking of Android Apps.
Proceedings of the Information Systems Security - 10th International Conference, 2014
SQLR: Grammar-Guided Validation of SQL Injection Sanitizers.
Proceedings of the 2014 19th International Conference on Engineering of Complex Computer Systems, 2014
DroidVault: A Trusted Data Vault for Android Devices.
Proceedings of the 2014 19th International Conference on Engineering of Complex Computer Systems, 2014
Understanding Complex Binary Loading Behaviors.
Proceedings of the 2014 19th International Conference on Engineering of Complex Computer Systems, 2014
TrustFound: Towards a Formal Foundation for Model Checking Trusted Computing Platforms.
Proceedings of the FM 2014: Formal Methods, 2014
CCS'14 Co-Located Workshop Summary for SPSM 2014.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014
2013
SafeStack: Automatically Patching Stack-Based Buffer Overflow Vulnerabilities.
IEEE Trans. Dependable Secur. Comput., 2013
BaitAlarm: Detecting Phishing Sites Using Similarity in Fundamental Visual Features.
Proceedings of the 2013 5th International Conference on Intelligent Networking and Collaborative Systems, 2013
Rating Web Pages Using Page-Transition Evidence.
Proceedings of the Information and Communications Security - 15th International Conference, 2013
A Software Environment for Confining Malicious Android Applications via Resource Virtualization.
Proceedings of the 2013 18th International Conference on Engineering of Complex Computer Systems, 2013
A Comprehensive Client-Side Behavior Model for Diagnosing Attacks in Ajax Applications.
Proceedings of the 2013 18th International Conference on Engineering of Complex Computer Systems, 2013
A Quantitative Evaluation of Privilege Separation in Web Browser Designs.
Proceedings of the Computer Security - ESORICS 2013, 2013
Enforcing system-wide control flow integrity for exploit detection and diagnosis.
Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security, 2013
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013
CRYPTSERVER: strong data protection in commodity LAMP servers.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013
2012
DARWIN: An approach to debugging evolving programs.
ACM Trans. Softw. Eng. Methodol., 2012
A Framework to Eliminate Backdoors from Response-Computable Authentication.
Proceedings of the IEEE Symposium on Security and Privacy, 2012
Identifying and Analyzing Pointer Misuses for Sophisticated Memory-corruption Exploit Diagnosis.
Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012
An Empirical Study of Dangerous Behaviors in Firefox Extensions.
Proceedings of the Information Security - 15th International Conference, 2012
Detecting and Preventing ActiveX API-Misuse Vulnerabilities in Internet Explorer.
Proceedings of the Information and Communications Security - 14th International Conference, 2012
Codejail: Application-Transparent Isolation of Libraries with Tight Program Interactions.
Proceedings of the Computer Security - ESORICS 2012, 2012
Tracking the Trackers: Fast and Scalable Dynamic Analysis of Web Content for Privacy Violations.
Proceedings of the Applied Cryptography and Network Security, 2012
2011
Towards Fine-Grained Access Control in JavaScript Contexts.
Proceedings of the 2011 International Conference on Distributed Computing Systems, 2011
Jump-oriented programming: a new class of code-reuse attack.
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, 2011
AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements.
Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, 2011
2010
Golden implementation driven software debugging.
Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2010
Transparent Protection of Commodity OS Kernels Using Hardware Virtualization.
Proceedings of the Security and Privacy in Communication Networks, 2010
Test generation to expose changes in evolving programs.
Proceedings of the ASE 2010, 2010
Heap Taichi: exploiting memory allocation granularity in heap-spraying attacks.
Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, 2010
2009
Alcatraz: An Isolated Environment for Experimenting with Untrusted Software.
ACM Trans. Inf. Syst. Secur., 2009
Darwin: an approach for debugging evolving programs.
Proceedings of the 7th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2009
Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration.
Proceedings of the Recent Advances in Intrusion Detection, 12th International Symposium, 2009
2008
Automatically Identifying Trigger-based Behavior in Malware.
Proceedings of the Botnet Detection: Countering the Largest Security Threat, 2008
HookFinder: Identifying and Understanding Malware Hooking Behaviors.
Proceedings of the Network and Distributed System Security Symposium, 2008
BitBlaze: A New Approach to Computer Security via Binary Analysis.
Proceedings of the Information Systems Security, 4th International Conference, 2008
AGIS: Towards automatic generation of infection signatures.
Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2008
Expanding Malware Defense by Securing Software Installations.
Proceedings of the Detection of Intrusions and Malware, 2008
2007
Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation.
Proceedings of the 16th USENIX Security Symposium, Boston, MA, USA, August 6-10, 2007, 2007
Polyglot: automatic extraction of protocol message format using dynamic binary analysis.
Proceedings of the 2007 ACM Conference on Computer and Communications Security, 2007
2005
Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems.
Proceedings of the 2005 USENIX Annual Technical Conference, 2005
One-Way Isolation: An Effective Approach for Realizing Safe Execution Environments.
Proceedings of the Network and Distributed System Security Symposium, 2005
Fast and automated generation of attack signatures: a basis for building self-protecting servers.
Proceedings of the 12th ACM Conference on Computer and Communications Security, 2005
Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models.
Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005
2003
Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs.
Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), 2003
2002
An Approach for Secure Software Installation.
Proceedings of the 16th Conference on Systems Administration (LISA 2002), 2002