ROLoad: Securing Sensitive Operations with Pointee Integrity
Protect sensitive operations with hardware support.
Publications
2021
VScape: Assessing and Escaping Virtual Call Protections
Bypass virtual protections towards AEG.
Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems
Finding vulnerabilities in embedded systems
MAZE: Towards Automated Heap Feng Shui
Manipulate heap layouts automatically.
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
This work explored the vulnerabilities of the chain-based authentication structure in the email ecosystem. We conducted a large-scale analysis of 30 popular email services and 23 email clients.
Code is the (F)Law: Demystifying and Mitigating Blockchain Inconsistency AttacksCaused by Software Bugs
Exploit vulnerabilities in blockchains
POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming
Mitigate port-oriented programming attacks for macOS
Argot: Generating Adversarial Readable Chinese Texts
Generate adversarial Chinese texts with Glyph and Pinyin mutation.
2020
Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks
HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack)
Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms
Measurement of CFI solutions’ security
Adapting to local conditions: Similarities and differences in anonymous online market between Chinese and English Speaking Communities
A comparative analysis of anonymous online market between Chinese and English speaking communities
Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices
A cache poisoning attack targeting DNS forwarders.
GREYONE: Data Flow Sensitive Fuzzing
Improve fuzzing efficiency with lightweight data flow analysis.
FANS: Fuzzing Android Native System Services via Automated Interface Analysis
Fuzzing Android Binder services with automated interface analysis.
DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks
AI-based Side Channel and Covert Channel Detection.
A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned
Empirical Study on Vulnerability Distribution within Projects.
CDN Backfired: Amplification Attacks Based on HTTP Range Requests
Amplification Attacks Based on HTTP Range Requests
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches
Mitigating DDoS Attacks with P4
When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN
Packet Hijacking in SDN
CDN Judo: Breaking the CDN DoS Protection with Itself
abuse CDN for DDoS attacks
A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices
A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Selected as the journal issue cover Paper.
A Market in Dream: the Rapid Development of Anonymous Cybercrime
Measurement of a darknet market - dream market.
2019
Detecting Fake Accounts in Online Social Networks at the Time of Registrations
Fake account detection for WeChat
Certificate Transparency in the Wild: Exploring the Reliability of Monitors
Exploring the Reliability of CT Monitors
MOPT: Optimized Mutation Scheduling for Fuzzers
A fuzzing mutation scheduling strategy based on PSO.
The CrossPath Attack: Disrupting the SDN Control Channel via Shared Link
Shared channels in SDN: attacks and defenses
2018
Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)
Generate exploits for POCs that do not crash.
αDiff: Cross-Version Binary Code Similarity Detection with DNN
Detect binary code similarity with DNN.
CollAFL: Path Sensitive Fuzzing
Improve fuzzing efficiency with high accuracy control flow information.
2017
Towards Efficient Heap Overflow Discovery
Detect heap overflow vulnerabilities thoroughly with symbolic execution.