Publications
2023
KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations
macOS closed-source driver fuzzing
2022
PG-VulNet: Detect Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs
we design and implement PG-VulNet, a tool for detecting Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs.
An Empirical Study on Implicit Constraints in Smart Contract Static Analysis
Smart contracts static vulnerability detection
2021
ROLoad: Securing Sensitive Operations with Pointee Integrity
Protect sensitive operations with hardware support.
ZKCPlus: Optimized Fair-exchange Protocol Supporting Practical and Flexible Data Exchange
An optimized fair-exchange protocol
Igor: Crash Deduplication Through Root-Cause Clustering
deduplicate crash samples
VScape: Assessing and Escaping Virtual Call Protections
Bypass virtual protections towards AEG.
Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems
Finding vulnerabilities in embedded systems
MAZE: Towards Automated Heap Feng Shui
Manipulate heap layouts automatically.
RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis
diagnosing data race bugs
iDEV: Exploring and Exploiting Semantic Deviations in ARM Instruction Processing
discovering inconsistencies in ARM instruction processing
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
This work explored the vulnerabilities of the chain-based authentication structure in the email ecosystem. We conducted a large-scale analysis of 30 popular email services and 23 email clients.
Code is the (F)Law: Demystifying and Mitigating Blockchain Inconsistency AttacksCaused by Software Bugs
Exploit vulnerabilities in blockchains
Adapting to local conditions: Similarities and differences in anonymous online market between Chinese and English Speaking Communities
Similarities and differences in anonymous online market between Chinese and English Speaking Communities
POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming
Mitigate port-oriented programming attacks for macOS
From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age
we design and implement ICScope, a passive vulnerability assessment system based on device search engines.
Argot: Generating Adversarial Readable Chinese Texts
Generate adversarial Chinese texts with Glyph and Pinyin mutation.
2020
Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks
HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack)
Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms
Measurement of CFI solutions’ security
Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices
A cache poisoning attack targeting DNS forwarders.
GREYONE: Data Flow Sensitive Fuzzing
Improve fuzzing efficiency with lightweight data flow analysis.
FANS: Fuzzing Android Native System Services via Automated Interface Analysis
Fuzzing Android Binder services with automated interface analysis.
DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks
AI-based Side Channel and Covert Channel Detection.
A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned
Empirical Study on Vulnerability Distribution within Projects.
CDN Backfired: Amplification Attacks Based on HTTP Range Requests
Amplification Attacks Based on HTTP Range Requests
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches
Mitigating DDoS Attacks with P4
When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN
Packet Hijacking in SDN
CDN Judo: Breaking the CDN DoS Protection with Itself
abuse CDN for DDoS attacks
A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices
A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Selected as the journal issue cover Paper.
A Market in Dream: the Rapid Development of Anonymous Cybercrime
Measurement of a darknet market - dream market.
2019
Detecting Fake Accounts in Online Social Networks at the Time of Registrations
Fake account detection for WeChat
Certificate Transparency in the Wild: Exploring the Reliability of Monitors
Exploring the Reliability of CT Monitors
MOPT: Optimized Mutation Scheduling for Fuzzers
A fuzzing mutation scheduling strategy based on PSO.
The CrossPath Attack: Disrupting the SDN Control Channel via Shared Link
Shared channels in SDN: attacks and defenses
2018
Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)
Generate exploits for POCs that do not crash.
αDiff: Cross-Version Binary Code Similarity Detection with DNN
Detect binary code similarity with DNN.
CollAFL: Path Sensitive Fuzzing
Improve fuzzing efficiency with high accuracy control flow information.
2017
Towards Efficient Heap Overflow Discovery
Detect heap overflow vulnerabilities thoroughly with symbolic execution.
2016
VTrust: Regaining Trust on Virtual Calls
protecting virtual function calls for programs with source code
2015
JITScope: Protecting Web Users from Control-Flow Hijacking Attacks
a control flow integrity (CFI) solution for JIT code
VTint: Protecting Virtual Function Tables’ Integrity
protecting virtual function calls for binaries
Exploiting and Protecting Dynamic Code Generation
a control flow integrity (CFI) solution for JIT code
2013
Practical Control Flow Integrity & Randomization for Binary Executables
a control flow integrity (CFI) solution for binaries
2012
A Framework to Eliminate Backdoors from Response-Computable Authentication
a framework to mitigate backdoor threats