News

2020

Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

CCS 2020

Mingming Zhang , Xiaofeng Zheng , Kaiwen Shen , Ziqiao Kong , Chaoyi Lu , Yu Wang , Haixin Duan , Shuang Hao , Baojun Liu , Min Yang .

HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack)

Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices

publications

USENIX Security 2020

Xiaofeng Zheng , Chaoyi Lu , Jian Peng , Qiushi Yang , Dongjie Zhou , Baojun Liu , Keyu Man , Shuang Hao , Haixin Duan , Zhiyun Qian .

A cache poisoning attack targeting DNS forwarders.

GREYONE: Data Flow Sensitive Fuzzing

publications

USENIX Security 2020 , download

Shuitao Gan , Chao Zhang , Peng Chen , Bodong Zhao , Xiaojun Qin , Dong Wu , Zuoning Chen .

Improve fuzzing efficiency with lightweight data flow analysis.

FANS: Fuzzing Android Native System Services via Automated Interface Analysis

publications

USENIX Security 2020 , download

Baozheng Liu , Chao Zhang , Guang Gong , Yishun Zeng , Haifeng Ruan , Jianwei Zhuge .

Fuzzing Android Binder services with automated interface analysis.

DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks

publications

INFOCOM 2020 , download

Zhiyuan Lv , Youjian Zhao , Chao Zhang , Haibin Li .

AI-based Side Channel and Covert Channel Detection.

Argot: Generating Adversarial Readable Chinese Texts

publications

IJCAI 2020 , download

Zihan Zhang , Mingxuan Liu , Chao Zhang , Yiming Zhang , Zhou Li , Qi Li , Haixin Duan , Donghong Sun .

Generate adversarial Chinese texts with Glyph and Pinyin mutation.

A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned

publications

ICSE 2020 , download

Bingchang Liu , Guozhu Meng , Wei Zou , Qi Gong , Feng Li , Min Lin , Dandan Sun , Wei Huo , Chao Zhang .

Empirical Study on Vulnerability Distribution within Projects.

CDN Backfired: Amplification Attacks Based on HTTP Range Requests

publications

DSN 2020 , download

Weizhong Li , Kaiwen Shen , Run Guo , Baojun Liu , Jia Zhang , Haixin Duan , Shuang Hao , Xiarun Chen , Yao Wang .

Amplification Attacks Based on HTTP Range Requests

USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation (Usenix Sec 2020)

seminars

15:10-16:10pm June 18, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Bodong Zhao .

Abstract:

The paper presented USBFuzz, a portable, flexible, and modular framework for fuzz testing USB drivers.

CDN Backfired: Amplification Attacks Based on HTTP Range Requests (DSN 2020)

seminars

14:00-15:00pm June 18, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Weizhong Li .

Abstract:

The paper presented a novel class of HTTP amplification attack, Range-based Amplification (RangeAmp) Attack.

Squirrel: Testing Database Management Systems with Language Validity and Coverage Feedback (CCS 2020)

seminars

15:10-16:10pm June 04, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Xingman Chen .

Abstract:

The paper proposed Sqirrel, a novel fuzzing framework that considers both language validity and coverage feedback to test DBMSs.

A Longitudinal Study of PII Leaks Across Android App Versions (NDSS 2018)

seminars

14:00-15:00pm June 04, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Yiming Zhang .

Abstract:

The paper conducted a large-scale privacy analysis across multiple apps and app versions.

An Overview of TLS Certificate Measurement

seminars

14:00-15:00pm May 28, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Mingming Zhang .

Abstract:

Introduction to TLS Certificate Measurement.

FANS: Fuzzing Android Native System Services via Automated Interface Analysis

seminars

15:10-16:10pm May 28, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Baozheng Liu .

Abstract:

Fuzzing Android Native System Services via Automated Interface Analysis.