XiaoFeng Wang

Orcid: 0000-0002-0607-4946

Affiliations:
  • Indiana University Bloomington, School of Informatics and Computing, IN, USA


According to our database1, XiaoFeng Wang authored at least 214 papers between 2003 and 2024.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

Online presence:

On csauthors.net:

Bibliography

2024
AutoPwn: Artifact-Assisted Heap Exploit Generation for CTF PWN Competitions.
IEEE Trans. Inf. Forensics Secur., 2024

The Early Bird Catches the Leak: Unveiling Timing Side Channels in LLM Serving Systems.
CoRR, 2024

LLM-Enhanced Software Patch Localization.
CoRR, 2024

AGORA: Open More and Trust Less in Binary Verification Service.
CoRR, 2024

Disassembling Obfuscated Executables with LLM.
CoRR, 2024

WitheredLeaf: Finding Entity-Inconsistency Bugs with LLMs.
CoRR, 2024

Shining Light into the Tunnel: Understanding and Classifying Network Traffic of Residential Proxies.
CoRR, 2024

NestedSGX: Bootstrapping Trust to Enclaves within Confidential VMs.
CoRR, 2024

Racing on the Negative Force: Efficient Vulnerability Root-Cause Analysis through Reinforcement Learning on Counterexamples.
Proceedings of the 33rd USENIX Security Symposium, 2024

DPAdapter: Improving Differentially Private Deep Learning through Noise Tolerance Pre-training.
Proceedings of the 33rd USENIX Security Symposium, 2024

Tossing in the Dark: Practical Bit-Flipping on Gray-box Deep Neural Networks for Runtime Trojan Injection.
Proceedings of the 33rd USENIX Security Symposium, 2024

Toward Unbiased Multiple-Target Fuzzing with Path Diversity.
Proceedings of the 33rd USENIX Security Symposium, 2024

Malla: Demystifying Real-world Large Language Model Integrated Malicious Services.
Proceedings of the 33rd USENIX Security Symposium, 2024

Navigating the Privacy Compliance Maze: Understanding Risks with Privacy-Configurable Mobile SDKs.
Proceedings of the 33rd USENIX Security Symposium, 2024

MAWSEO: Adversarial Wiki Search Poisoning for Illicit Online Promotion.
Proceedings of the IEEE Symposium on Security and Privacy, 2024

Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering.
Proceedings of the 31st Annual Network and Distributed System Security Symposium, 2024

Alexa, is the skill always safe? Uncover Lenient Skill Vetting Process and Protect User Privacy at Run Time.
Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Society, 2024

Detection Vs. Anti-detection: Is Text Generated by AI Detectable?
Proceedings of the Wisdom, Well-Being, Win-Win, 2024

SpecFL: An Efficient Speculative Federated Learning System for Tree-based Model Training.
Proceedings of the IEEE International Symposium on High-Performance Computer Architecture, 2024

Stealthy Peers: Understanding Security and Privacy Risks of Peer-Assisted Video Streaming.
Proceedings of the 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2024

Understanding Cross-Platform Referral Traffic for Illicit Drug Promotion.
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

Security Of AI, By AI and For AI: Charting New Territories in AI-Centered Cybersecurity Research.
Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, 2024

2023
HE-Booster: An Efficient Polynomial Arithmetic Acceleration on GPUs for Fully Homomorphic Encryption.
IEEE Trans. Parallel Distributed Syst., April, 2023

Trust Beyond Border: Lightweight, Verifiable User Isolation for Protecting In-Enclave Services.
IEEE Trans. Dependable Secur. Comput., 2023

The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks.
CoRR, 2023

Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering.
CoRR, 2023

XCheck: Verifying Integrity of 3D Printed Patient-Specific Devices via Computing Tomography.
Proceedings of the 32nd USENIX Security Symposium, 2023

Credit Karma: Understanding Security Implications of Exposed Cloud Services through Automated Capability Inference.
Proceedings of the 32nd USENIX Security Symposium, 2023

Union under Duress: Understanding Hazards of Duplicate Resource Mismediation in Android Software Supply Chain.
Proceedings of the 32nd USENIX Security Symposium, 2023

Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps.
Proceedings of the 32nd USENIX Security Symposium, 2023

Sherlock on Specs: Building LTE Conformance Tests through Automated Reasoning.
Proceedings of the 32nd USENIX Security Symposium, 2023

A Verified Confidential Computing as a Service Framework for Privacy Preservation.
Proceedings of the 32nd USENIX Security Symposium, 2023

Selective Amnesia: On Efficient, High-Fidelity and Blind Suppression of Backdoor Effects in Trojaned Machine Learning Models.
Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

Poster: SigRec - Automatic Recovery of Function Signatures in Smart Contracts.
Proceedings of the 43rd IEEE International Conference on Distributed Computing Systems, 2023

Understanding the Security Risks of Decentralized Exchanges by Uncovering Unfair Trades in the Wild.
Proceedings of the 8th IEEE European Symposium on Security and Privacy, 2023

The Danger of Minimum Exposures: Understanding Cross-App Information Leaks on iOS through Multi-Side-Channel Learning.
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

Lost along the Way: Understanding and Mitigating Path-Misresolution Threats to Container Isolation.
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022
SigRec: Automatic Recovery of Function Signatures in Smart Contracts.
IEEE Trans. Software Eng., 2022

SoK: A Modularized Approach to Study the Security of Automatic Speech Recognition Systems.
ACM Trans. Priv. Secur., 2022

The evolving privacy and security concerns for genomic data analysis and sharing as observed from the iDASH competition.
J. Am. Medical Informatics Assoc., 2022

Stealthy Peers: Understanding Security Risks of WebRTC-Based Peer-Assisted Video Streaming.
CoRR, 2022

Understanding Impacts of Task Similarity on Backdoor Attack and Detection.
CoRR, 2022

Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change Requests.
Proceedings of the 31st USENIX Security Symposium, 2022

Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat Systems.
Proceedings of the 29th Annual Network and Distributed System Security Symposium, 2022

Demystifying Local Business Search Poisoning for Illicit Drug Promotion.
Proceedings of the 29th Annual Network and Distributed System Security Symposium, 2022

Clues in Tweets: Twitter-Guided Discovery and Analysis of SMS Spam.
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

When Evil Calls: Targeted Adversarial Voice over IP Network.
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

Order-Disorder: Imitation Adversarial Attacks for Black-box Neural Ranking Models.
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

2021
Detecting Adversarial Image Examples in Deep Neural Networks with Adaptive Noise Reduction.
IEEE Trans. Dependable Secur. Comput., 2021

Understanding Illicit UI in iOS Apps Through Hidden UI Analysis.
IEEE Trans. Dependable Secur. Comput., 2021

Understanding TEE Containers, Easy to Use? Hard to Trust.
CoRR, 2021

Haplotype-based membership inference from summary genomic data.
Bioinform., 2021

Understanding Malicious Cross-library Data Harvesting on Android.
Proceedings of the 30th USENIX Security Symposium, 2021

Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection.
Proceedings of the 30th USENIX Security Symposium, 2021

Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications.
Proceedings of the 30th USENIX Security Symposium, 2021

Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis.
Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

DarkJargon.net: A Platform for Understanding Underground Conversation with Latent Meaning.
Proceedings of the SIGIR '21: The 44th International ACM SIGIR Conference on Research and Development in Information Retrieval, 2021

Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks.
Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021

As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service.
Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021

Towards Dark Jargon Interpretation in Underground Forums.
Proceedings of the Advances in Information Retrieval, 2021

Practical and Efficient in-Enclave Verification of Privacy Compliance.
Proceedings of the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2021

Who's In Control? On Security Risks of Disjointed IoT Device Management Channels.
Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021

HySec-Flow: Privacy-Preserving Genomic Computing with SGX-based Big-Data Analytics Framework.
Proceedings of the 14th IEEE International Conference on Cloud Computing, 2021

2020
CPU Elasticity to Mitigate Cross-VM Runtime Monitoring.
IEEE Trans. Dependable Secur. Comput., 2020

Using Sonar for Liveness Detection to Protect Smart Speakers against Remote Attackers.
Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., 2020

Confidential Attestation: Efficient in-Enclave Verification of Privacy Policy Compliance.
CoRR, 2020

Privacy-preserving construction of generalized linear mixed model for biomedical computation.
Bioinform., 2020

Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation.
Proceedings of the 29th USENIX Security Symposium, 2020

Devil's Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices.
Proceedings of the 29th USENIX Security Symposium, 2020

Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment.
Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

Burglars' IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds.
Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals.
Proceedings of the 27th Annual Network and Distributed System Security Symposium, 2020

A Pragmatic Approach to Membership Inferences on Machine Learning Models.
Proceedings of the IEEE European Symposium on Security and Privacy, 2020

RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection.
Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020

Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems.
Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020

Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral.
Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020

2019
Toward Scalable Fully Homomorphic Encryption Through Light Trusted Computing Assistance.
CoRR, 2019

Enabling Privacy-Preserving, Compute- and Data-Intensive Computing using Heterogeneous Trusted Execution Environment.
CoRR, 2019

Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps.
Proceedings of the 28th USENIX Security Symposium, 2019

Understanding iOS-based Crowdturfing Through Hidden UI Analysis.
Proceedings of the 28th USENIX Security Symposium, 2019

Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis.
Proceedings of the 28th USENIX Security Symposium, 2019

Devils in the Guidance: Predicting Logic Vulnerabilities in Payment Syndication Services through Automated Documentation Analysis.
Proceedings of the 28th USENIX Security Symposium, 2019

Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems.
Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion.
Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

ProFuzzer: On-the-fly Input Type Probing for Better Zero-Day Vulnerability Discovery.
Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

Resident Evil: Understanding Residential IP Proxy as a Dark Service.
Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

Demystifying Hidden Privacy Settings in Mobile Apps.
Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android.
Proceedings of the 22nd International Symposium on Research in Attacks, 2019

MBeacon: Privacy-Preserving Beacons for DNA Methylation Data.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

secGAN: A Cycle-Consistent GAN for Securely-Recoverable Video Transformation.
Proceedings of the 2019 Workshop on Hot Topics in Video Analytics and Intelligent Edges, 2019

TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-Scale DNS Analysis.
Proceedings of the IEEE European Symposium on Security and Privacy, 2019

2018
A Secure Alignment Algorithm for Mapping Short Reads to Human Genome.
J. Comput. Biol., 2018

Detecting telecommunication fraud by understanding the contents of a call.
Cybersecur., 2018

Cloud repository as a malicious service: challenge, identification and implication.
Cybersecur., 2018

Understanding and Mitigating the Security Risks of Voice-Controlled Third-Party Skills on Amazon Alexa and Google Home.
CoRR, 2018

Invisible Mask: Practical Attacks on Face Recognition with Infrared.
CoRR, 2018

Query-Free Attacks on Industry-Grade Face Recognition Systems under Resource Constraints.
CoRR, 2018

Understanding Membership Inferences on Well-Generalized Learning Models.
CoRR, 2018

An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications.
Proceedings of the 27th USENIX Security Symposium, 2018

Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces.
Proceedings of the 27th USENIX Security Symposium, 2018

CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition.
Proceedings of the 27th USENIX Security Symposium, 2018

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races.
Proceedings of the 2018 IEEE Symposium on Security and Privacy, 2018

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild.
Proceedings of the Security and Privacy in Communication Networks, 2018

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

Leveraging Hardware Transactional Memory for Cache Side-Channel Defenses.
Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 2018

Beware of Your Screen: Anonymous Fingerprinting of Device Screens for Off-line Payment Protection.
Proceedings of the 34th Annual Computer Security Applications Conference, 2018

2017
Identifying User-Input Privacy in Mobile Applications at a Large Scale.
IEEE Trans. Inf. Forensics Secur., 2017

Addressing Beacon re-identification attacks: quantification and mitigation of privacy risks.
J. Am. Medical Informatics Assoc., 2017

Apple ZeroConf Holes: How Hackers Can Steal iPhone Photos.
IEEE Secur. Priv., 2017

Privacy Loss in Apple's Implementation of Differential Privacy on MacOS 10.12.
CoRR, 2017

Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be.
CoRR, 2017

Detecting Adversarial Examples in Deep Networks with Adaptive Noise Reduction.
CoRR, 2017

Guardian of the HAN: Thwarting Mobile Attacks on Smart-Home Devices Using OS-level Situation Awareness.
CoRR, 2017

HanGuard: SDN-driven protection of smart home WiFi devices from malicious mobile apps.
Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2017

SmartAuth: User-Centered Authorization for the Internet of Things.
Proceedings of the 26th USENIX Security Symposium, 2017

Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment.
Proceedings of the 26th USENIX Security Symposium, 2017

Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

Filtering for Malice Through the Data Ocean: Large-Scale PHA Install Detection at the Communication Service Provider Level.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2017

Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps.
Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2017

Characterizing Smartwatch Usage in the Wild.
Proceedings of the 15th Annual International Conference on Mobile Systems, 2017

An empirical characterization of IFTTT: ecosystem, usage, and performance.
Proceedings of the 2017 Internet Measurement Conference, 2017

Ghost Installer in the Shadow: Security Analysis of App Installation on Android.
Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2017

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

Binary Code Retrofitting and Hardening Using SGX.
Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, 2017

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

2016
Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

On the Privacy Risks of Sharing Clinical Proteomics Data.
Proceedings of the Summit on Clinical Research Informatics, 2016

SMig: Stream Migration Extension for HTTP/2.
Proceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies, 2016

Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

Catching predators at watering holes: finding and understanding strategically compromised websites.
Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016

2015
Choosing blindly but wisely: differentially private solicitation of DNA datasets for disease marker discovery.
J. Am. Medical Informatics Assoc., 2015

Privacy in the Genomic Era.
ACM Comput. Surv., 2015

Unauthorized Cross-App Resource Access on MAC OS X and iOS.
CoRR, 2015

UIPicker: User-Input Privacy Identification in Mobile Applications.
Proceedings of the 24th USENIX Security Symposium, 2015

Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale.
Proceedings of the 24th USENIX Security Symposium, 2015

Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android.
Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015

Elite: Automatic Orchestration of Elastic Detection Services to Secure Cloud Hosting.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2015

What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources.
Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015

Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS~X and iOS.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

2014
Thwarting Wi-Fi Side-Channel Analysis through Traffic Demultiplexing.
IEEE Trans. Wirel. Commun., 2014

Privacy and Security in the Genomic Era.
CoRR, 2014

Understanding the Dark Side of Domain Parking.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations.
Proceedings of the 2014 IEEE Symposium on Security and Privacy, 2014

Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating.
Proceedings of the 2014 IEEE Symposium on Security and Privacy, 2014

Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections.
Proceedings of the 2014 IEEE Symposium on Security and Privacy, 2014

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014

Screenmilker: How to Milk Your Android Screen for Secrets.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014

The Tangled Web of Password Reuse.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014

Privacy Risk in Anonymized Heterogeneous Information Networks.
Proceedings of the 17th International Conference on Extending Database Technology, 2014

Controlled Functional Encryption.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

2013
Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures.
Proceedings of the 2013 IEEE Symposium on Security and Privacy, 2013

InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations.
Proceedings of the 20th Annual Network and Distributed System Security Symposium, 2013

Identity, location, disease and more: inferring your secrets from android public resources.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

Unauthorized origin crossing on mobile platforms: threats and mitigation.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

2012
Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services.
Proceedings of the IEEE Symposium on Security and Privacy, 2012

Large-Scale Privacy-Preserving Mapping of Human Genomic Sequences on Hybrid Clouds.
Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012

Privacy Protection in Sharing Personal Genome Sequencing Data.
Proceedings of the 2012 IEEE Second International Conference on Healthcare Informatics, 2012

Knowing your enemy: understanding and detecting malicious web advertising.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

2011
Memory and State Exhaustion Denial of Service.
Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

Computational Puzzles.
Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

Security Risk Management Using Incentives.
IEEE Secur. Priv., 2011

How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores.
Proceedings of the 32nd IEEE Symposium on Security and Privacy, 2011

Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones.
Proceedings of the Network and Distributed System Security Symposium, 2011

Beyond Risk-Based Access Control: Towards Incentive-Based Access Control.
Proceedings of the Financial Cryptography and Data Security, 2011

To Release or Not to Release: Evaluating Information Leaks in Aggregate Human-Genome Data.
Proceedings of the Computer Security - ESORICS 2011, 2011

Toward securing sensor clouds.
Proceedings of the 2011 International Conference on Collaboration Technologies and Systems, 2011

Sedic: privacy-aware data intensive computing on hybrid clouds.
Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

2010
Deterring voluntary trace disclosure in re-encryption mix-networks.
ACM Trans. Inf. Syst. Secur., 2010

Using Web-Referral Architectures to Mitigate Denial-of-Service Threats.
IEEE Trans. Dependable Secur. Comput., 2010

Using Budget-Based Access Control to Manage Operational Risks Caused by Insiders.
J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 2010

Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010

Monitoring Heavy-Hitter Flows in High-Speed Network Concurrently.
Proceedings of the Fourth International Conference on Network and System Security, 2010

Mash-IF: Practical information-flow control within client-side mashups.
Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks, 2010

Secure cloud computing with brokered trusted sensor networks.
Proceedings of the 2010 International Symposium on Collaborative Technologies and Systems, 2010

Sidebuster: automated detection and quantification of side-channel leaks in web application development.
Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

FIRM: capability-based inline mediation of Flash behaviors.
Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, 2010

2009
Denial of service attacks and defenses in decentralized trust management.
Int. J. Inf. Sec., 2009

Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems.
Proceedings of the 18th USENIX Security Symposium, 2009

Effective and Efficient Malware Detection at the End Host.
Proceedings of the 18th USENIX Security Symposium, 2009

Mitigating Inadvertent Insider Threats with Incentives.
Proceedings of the Financial Cryptography and Data Security, 2009

Privacy-preserving genomic computation through program specialization.
Proceedings of the 2009 ACM Conference on Computer and Communications Security, 2009

Learning your identity and disease from research papers: information leaks in genome wide association study.
Proceedings of the 2009 ACM Conference on Computer and Communications Security, 2009

2008
Fast and Black-box Exploit Detection and Signature Generation for Commodity Software.
ACM Trans. Inf. Syst. Secur., 2008

A multi-layer framework for puzzle-based denial-of-service defense.
Int. J. Inf. Sec., 2008

Game-theoretic modeling and analysis of insider threats.
Int. J. Crit. Infrastructure Prot., 2008

Making CAPTCHAs clickable.
Proceedings of the 9th Workshop on Mobile Computing Systems and Applications, 2008

Panalyst: Privacy-Aware Remote Error Analysis on Commodity Software .
Proceedings of the 17th USENIX Security Symposium, 2008

PRECIP: Towards Practical and Retrofittable Confidential Information Protection.
Proceedings of the Network and Distributed System Security Symposium, 2008

AGIS: Towards automatic generation of infection signatures.
Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2008

Towards automatic reverse engineering of software security configurations.
Proceedings of the 2008 ACM Conference on Computer and Communications Security, 2008

2007
SpyShield: Preserving Privacy from Spy Add-Ons.
Proceedings of the Recent Advances in Intrusion Detection, 10th International Symposium, 2007

2006
WRAPS: Denial-of-Service Defense through Web Referrals.
Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems (SRDS 2006), 2006

Packet vaccine: black-box exploit detection and signature generation.
Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006

2005
Building Reliable Mix Networks with Fair Exchange.
Proceedings of the Applied Cryptography and Network Security, 2005

2004
Stealth attacks in vehicular technologies.
Proceedings of the 60th IEEE Vehicular Technology Conference, 2004

Mitigating bandwidth-exhaustion attacks using congestion puzzles.
Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004

Fragile mixing.
Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004

2003
Defending Against Denial-of-Service Attacks with Puzzle Auction.
Proceedings of the 2003 IEEE Symposium on Security and Privacy (S&P 2003), 2003


  Loading...