We stand with Ukraine

We stand with Ukraine

Tiffany Bao

Orcid: 0000-0001-6424-0001

According to our database¹, Tiffany Bao authored at least 39 papers between 2014 and 2024.

Collaborative distances:

Dijkstra number² of three.
Erdős number³ of four.

Timeline

Legend:

Book

In proceedings

Article

PhD thesis

Dataset

Other

Links

On csauthors.net:

Bibliography

2024

ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software.

[BibT_eX]

[DOI]

,

Pulkit Singh Singaria

,

Jordi Del Castillo

,

,

Abdelouahab Benchikh

,

,

,

Yan Shoshitaishvili

,

,

,

Brendan Dolan-Gavitt

CoRR, 2024

TYGR: Type Inference on Stripped Binaries using Graph Neural Networks.

[BibT_eX]

[DOI]

,

,

,

Ati Priya Bajaj

,

,

,

,

,

,

,

,

Yan Shoshitaishvili

,

,

Aravind Machiry

Proceedings of the 33rd USENIX Security Symposium, 2024

Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation.

[BibT_eX]

[DOI]

,

,

,

,

,

,

Yan Shoshitaishvili

,

,

Proceedings of the 33rd USENIX Security Symposium, 2024

Ahoy SAILR! There is No Need to DREAM of C: A Compiler-Aware Structuring Algorithm for Binary Decompilation.

[BibT_eX]

[DOI]

Zion Leonahenahe Basque

,

Ati Priya Bajaj

,

,

,

,

,

,

Yan Shoshitaishvili

,

Proceedings of the 33rd USENIX Security Symposium, 2024

AirTaint: Making Dynamic Taint Analysis Faster and Easier.

[BibT_eX]

[DOI]

,

,

,

,

,

Proceedings of the IEEE Symposium on Security and Privacy, 2024

"Watching over the shoulder of a professional": Why Hackers Make Mistakes and How They Fix Them.

[BibT_eX]

[DOI]

,

,

Faris Bugra Kokulu

,

Jayakrishna Vadayath

,

Zion Leonahenahe Basque

,

,

,

,

,

,

Yan Shoshitaishvili

Proceedings of the IEEE Symposium on Security and Privacy, 2024

From Victims to Defenders: An Exploration of the Phishing Attack Reporting Ecosystem.

[BibT_eX]

[DOI]

,

Faris Bugra Kokulu

,

,

,

Gianluca Stringhini

,

,

,

Yan Shoshitaishvili

,

,

Proceedings of the 27th International Symposium on Research in Attacks, 2024

SandPuppy: Deep-State Fuzzing Guided by Automatic Detection of State-Representative Variables.

[BibT_eX]

[DOI]

,

,

,

,

,

Yan Shoshitaishvili

Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2024

Nothing Personal: Understanding the Spread and Use of Personally Identifiable Information in the Financial Ecosystem.

[BibT_eX]

[DOI]

Mehrnoosh Zaeifi

,

Faezeh Kalantari

,

,

,

,

Yan Shoshitaishvili

,

,

,

Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy, 2024

Fuzz to the Future: Uncovering Occluded Future Vulnerabilities via Robust Fuzzing.

[BibT_eX]

[DOI]

,

,

,

Jayakrishna Menon Vadayath

,

Michael Tompkins

,

,

,

,

,

Gokulkrishna Praveen Menon

,

Brendan Dolan-Gavitt

,

,

,

Yan Shoshitaishvili

,

Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

Deep Dive into Client-Side Anti-Phishing: A Longitudinal Study Bridging Academia and Industry.

[BibT_eX]

[DOI]

Rana Pourmohamad

,

,

,

,

Yan Shoshitaishvili

,

,

,

Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, 2024

2023

Exploring the Limits of ChatGPT in Software Security Applications.

[BibT_eX]

[DOI]

,

,

Ati Priya Bajaj

,

,

,

,

CoRR, 2023

Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation.

[BibT_eX]

[DOI]

,

,

Jayakrishna Menon Vadayath

,

,

,

,

,

Zion Leonahenahe Basque

,

,

,

,

,

Yan Shoshitaishvili

,

Proceedings of the 32nd USENIX Security Symposium, 2023

Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities.

[BibT_eX]

[DOI]

,

,

,

,

,

Christopher Kruegel

,

,

,

Yan Shoshitaishvili

,

Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale.

[BibT_eX]

[DOI]

,

,

,

,

,

,

,

,

Yan Shoshitaishvili

,

Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections.

[BibT_eX]

[DOI]

,

,

,

,

,

,

Yan Shoshitaishvili

,

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022

CrawlPhish: Large-Scale Analysis of Client-Side Cloaking Techniques in Phishing.

[BibT_eX]

[DOI]

,

,

,

,

,

,

,

Alexandros Kapravelos

,

,

,

Yan Shoshitaishvili

,

,

IEEE Secur. Priv., 2022

Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability.

[BibT_eX]

[DOI]

,

,

,

,

,

Yan Shoshitaishvili

,

Proceedings of the 31st USENIX Security Symposium, 2022

Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs.

[BibT_eX]

[DOI]

Jayakrishna Vadayath

,

,

,

Nicolaas Weideman

,

Gokulkrishna Praveen Menon

,

Yanick Fratantonio

,

Davide Balzarotti

,

,

,

,

Christophe Hauser

,

Yan Shoshitaishvili

Proceedings of the 31st USENIX Security Symposium, 2022

Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits.

[BibT_eX]

[DOI]

,

,

,

,

Proceedings of the 31st USENIX Security Symposium, 2022

"Flawed, but like democracy we don't have a better system": The Experts' Insights on the Peer Review Process of Evaluating Security Papers.

[BibT_eX]

[DOI]

,

Faris Bugra Kokulu

,

Carlos E. Rubio-Medrano

,

,

,

Yan Shoshitaishvili

,

Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

Context-Auditor: Context-sensitive Content Injection Mitigation.

[BibT_eX]

[DOI]

Faezeh Kalantari

,

Mehrnoosh Zaeifi

,

,

,

Yan Shoshitaishvili

,

Proceedings of the 25th International Symposium on Research in Attacks, 2022

Mitigating Threats Emerging from the Interaction between SDN Apps and SDN (Configuration) Datastore.

[BibT_eX]

[DOI]

,

,

Yan Shoshitaishvili

,

Proceedings of the 2022 on Cloud Computing Security Workshop, 2022

I'm SPARTACUS, No, I'm SPARTACUS: Proactively Protecting Users from Phishing by Intentionally Triggering Cloaking Behavior.

[BibT_eX]

[DOI]

,

,

,

Hans Walter Behrens

,

Zion Leonahenahe Basque

,

,

,

,

,

Yan Shoshitaishvili

,

,

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

ViK: practical mitigation of temporal memory safety violations through object ID inspection.

[BibT_eX]

[DOI]

,

,

,

,

,

Yan Shoshitaishvili

,

,

Proceedings of the ASPLOS '22: 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Lausanne, Switzerland, 28 February 2022, 2022

2021

Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service.

[BibT_eX]

[DOI]

,

,

,

Carlos E. Rubio-Medrano

,

,

,

,

Yan Shoshitaishvili

,

,

Proceedings of the 30th USENIX Security Symposium, 2021

SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning.

[BibT_eX]

[DOI]

,

,

,

,

,

Andrea Continella

,

,

Christopher Kruegel

,

Proceedings of the RAID '21: 24th International Symposium on Research in Attacks, 2021

Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases.

[BibT_eX]

[DOI]

,

,

,

,

,

Alexandros Kapravelos

,

,

,

,

,

Yan Shoshitaishvili

Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021

MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts.

[BibT_eX]

[DOI]

Pradeep Kumar Duraisamy Soundrapandian

,

,

,

Yan Shoshitaishvili

,

,

,

Proceedings of the 54th Hawaii International Conference on System Sciences, 2021

Everything You Ever Wanted to Know About Bitcoin Mixers (But Were Afraid to Ask).

[BibT_eX]

[DOI]

,

Yan Shoshitaishvili

,

,

,

Proceedings of the Financial Cryptography and Data Security, 2021

2020

Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers.

[BibT_eX]

[DOI]

,

,

,

,

,

Yan Shoshitaishvili

,

,

Proceedings of the 14th USENIX Workshop on Offensive Technologies, 2020

Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization.

[BibT_eX]

[DOI]

,

,

,

,

,

,

Proceedings of the 27th Annual Network and Distributed System Security Symposium, 2020

Scam Pandemic: How Attackers Exploit Public Fear through Phishing.

[BibT_eX]

[DOI]

,

,

,

,

,

Rana Pourmohamad

,

,

,

,

Yan Shoshitaishvili

,

,

Proceedings of the APWG Symposium on Electronic Crime Research, 2020

HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems.

[BibT_eX]

[DOI]

Efrén López-Morales

,

Carlos E. Rubio-Medrano

,

,

Yan Shoshitaishvili

,

,

,

Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020

2019

Understanding and Predicting Private Interactions in Underground Forums.

[BibT_eX]

[DOI]

,

Carlos E. Rubio-Medrano

,

,

,

,

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, 2019

Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues.

[BibT_eX]

[DOI]

Faris Bugra Kokulu

,

,

,

Yan Shoshitaishvili

,

,

,

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

2017

Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits.

[BibT_eX]

[DOI]

,

,

Yan Shoshitaishvili

,

Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

How Shall We Play a Game?: A Game-theoretical Model for Cyber-warfare Games.

[BibT_eX]

[DOI]

,

Yan Shoshitaishvili

,

,

Christopher Kruegel

,

,

Proceedings of the 30th IEEE Computer Security Foundations Symposium, 2017

2014

BYTEWEIGHT: Learning to Recognize Functions in Binary Code.

[BibT_eX]

[DOI]

,

Jonathan Burket

,

,

,

Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

Loading...