News

publications
Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

CCS 2020

Mingming Zhang , Xiaofeng Zheng , Kaiwen Shen , Ziqiao Kong , Chaoyi Lu , Yu Wang , Haixin Duan , Shuang Hao , Baojun Liu , Min Yang .

HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack)

publications
Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms

CCS 2020

Yuan Li , Mingzhe Wang , Chao Zhang , Xingman Chen , Songtao Yang , Ying Liu .

Measurement of CFI solutions’ security

seminars
FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning

15:10-16:10pm September 17, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Hao Wang .

Abstract:

seminars
Cached and Confused: Web Cache Deception in the Wild

14:00-15:00pm September 17, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Jiachen Li .

Abstract:

publications
Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices

USENIX Security 2020

Xiaofeng Zheng , Chaoyi Lu , Jian Peng , Qiushi Yang , Dongjie Zhou , Baojun Liu , Keyu Man , Shuang Hao , Haixin Duan , Zhiyun Qian .

A cache poisoning attack targeting DNS forwarders.

publications
GREYONE: Data Flow Sensitive Fuzzing

USENIX Security 2020 , download

Shuitao Gan , Chao Zhang , Peng Chen , Bodong Zhao , Xiaojun Qin , Dong Wu , Zuoning Chen .

Improve fuzzing efficiency with lightweight data flow analysis.

publications
FANS: Fuzzing Android Native System Services via Automated Interface Analysis

USENIX Security 2020 , download

Baozheng Liu , Chao Zhang , Guang Gong , Yishun Zeng , Haifeng Ruan , Jianwei Zhuge .

Fuzzing Android Binder services with automated interface analysis.

publications
DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks

INFOCOM 2020 , download

Zhiyuan Lv , Youjian Zhao , Chao Zhang , Haibin Li .

AI-based Side Channel and Covert Channel Detection.

publications
Argot: Generating Adversarial Readable Chinese Texts

IJCAI 2020 , download

Zihan Zhang , Mingxuan Liu , Chao Zhang , Yiming Zhang , Zhou Li , Qi Li , Haixin Duan , Donghong Sun .

Generate adversarial Chinese texts with Glyph and Pinyin mutation.

publications
A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned

ICSE 2020 , download

Bingchang Liu , Guozhu Meng , Wei Zou , Qi Gong , Feng Li , Min Lin , Dandan Sun , Wei Huo , Chao Zhang .

Empirical Study on Vulnerability Distribution within Projects.

publications
CDN Backfired: Amplification Attacks Based on HTTP Range Requests

DSN 2020 , download

Weizhong Li , Kaiwen Shen , Run Guo , Baojun Liu , Jia Zhang , Haixin Duan , Shuang Hao , Xiarun Chen , Yao Wang .

Amplification Attacks Based on HTTP Range Requests

seminars
USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation (Usenix Sec 2020)

15:10-16:10pm June 18, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Bodong Zhao .

Abstract:

seminars
CDN Backfired: Amplification Attacks Based on HTTP Range Requests (DSN 2020)

14:00-15:00pm June 18, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Weizhong Li .

Abstract:

seminars
Squirrel: Testing Database Management Systems with Language Validity and Coverage Feedback (CCS 2020)

15:10-16:10pm June 04, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Xingman Chen .

Abstract: