Publications

2018

  • [NDSS'18] Yue Duan, Mu Zhang, Abhishek Vasist Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang, and Xiaofeng Wang. Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation, to appear in the Network and Distributed System Security Symposium, February 2018.

  • [NDSS'18] Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq, and Heng Yin. Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis, to appear in the Network and Distributed System Security Symposium, February 2018.

  • [NDSS'18] Wookhyun Han, Byunggill Joe, Byoungyoung Lee, Chengyu Song, and Insik Shin. Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing (to appear), to appear in the Network and Distributed System Security Symposium, February 2018.

  • [ASPLOS'18] BranchScope: A New Side-Channel Attack on Directional Branch Predictor

  • 2017

  • [CCS'17] Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song and Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection, in the 24th ACM Conference on Computer and Communications Security, October 2017.

  • [CCS'17] David Korczynski and Heng Yin. Capturing Malware Propagations with Code Injections and Code-Reuse Attacks, in the 24th ACM Conference on Computer and Communications Security, October 2017.

  • [USENIX Security'17] Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee. Efficient Protection of Path-Sensitive Control Security,in Proceedings of the 26th USENIX Security Symposium, Vancouver, Canada, August 2017.

  • [RAID'17] Andrew Henderson, Heng Yin, Guang Jin, Hao Han, and Hongmei Deng. VDF: Targeted Evolutionary Fuzz Testing of Virtual Devices, in the 20th International Symposium on Research on Attacks, Intrusions and Defenses, September 2017.

  • [NDSS'17] Xiaorui Pan, Xueqiang Wang, Yue Duan, Xiaofeng Wang, and Heng Yin. Dark Hazard: Large-Scale Discovery of Unknown Hidden Sensitive Operations in Android Apps, appeared in the Network and Distributed System Security Symposium, February 2017.

  • [IMC'17] Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy. Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship, in ACM Internet Measurement Conference (IMC) 2017, London, UK. (Source)

  • [SIGMETRICS'17] Alan Quach*, Zhongjie Wang*, and Zhiyun Qian. Both authors contributed equally. Investigation of the 2016 Linux TCP Stack Vulnerability at Scale, in Proceedings of ACM SIGMETRICS 2017, Urbana-Champaign, IL.

  • [Micro'17] Khasawneh, Khaled N., Nael Abu-Ghazaleh, Dmitry Ponomarev, and Lei Yu. RHMD: evasion-resilient hardware malware detectors, in Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture, ACM, 2017.(slides)

  • [Micro'17] Naghibijouybari, Hoda, Khaled N. Khasawneh, and Nael Abu-Ghazaleh. Constructing and characterizing covert channels on GPGPUs In Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture, ACM, 2017.(slides)

  • [ICCAD'17] Elwell, Jesse, Dmitry Evtyushkin, Dmitry Ponomarev, Nael Abu-Ghazaleh, and Ryan Riley. Hardening Extended Memory Access Control Schemes with Self-Verified Address Spaces

  • [DAC'17] Kayaalp, Mehmet, Khaled N. Khasawneh, Hodjat Asghari Esfeden, Jesse Elwell, Nael Abu-Ghazaleh, Dmitry Ponomarev, and Aamer Jaleel. RIC: relaxed inclusion caches for mitigating LLC side-channel attacks, in Design Automation Conference, 2017 54th ACM/EDAC/IEEE.(slides)

  • 2016

  • [CCS'16] Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa, and Heng Yin. Scalable Graph-based Bug Search for Firmware Images, in the 23rd ACM Conference on Computer and Communications Security, October 2016.

  • [CCS'16] Hang Zhang, Dongdong She, Zhiyun Qian. Android ION Hazard: the Curse of Customizable Memory Management System, in Proceedings of ACM Conference on Computer and Communications Security (CCS) 2016, Vienna, Austria.(Website)

  • [CCS'16] Yuru Shao, Jason Ott, Yunhan Jack Jia, Zhiyun Qian, Z. Morley Mao, The Misuse of Android Unix Domain Socket and Security Implications, in Proceedings of ACM Conference on Computer and Communications Security (CCS) 2016, Vienna, Austria.

  • [USENIX SECURITY'16] Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel, Off-Path TCP Exploits: Global Rate Limit Considered Dangerous(CVE-2016-5696), in Proceedings of USENIX SECURITY 2016, Austin, TX.

  • [NDSS'16] Yuru Shao, Jason Ott, Qi Alfred Chen, Zhiyun Qian, Z. Morley Mao, Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework, in Proceedings of the Network & Distributed System Security Symposium 2016, San Diego, CA.(Website)

  • [CCS'16] Kangjie Lu, Chengyu Song, Taesoo Kim, and Wenke Lee, UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages, in Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria, October 2016.(Source)

  • [Micro'16] Evtyushkin, Dmitry, Dmitry Ponomarev, and Nael Abu-Ghazaleh. Jump over ASLR: Attacking branch predictors to bypass ASLR. In Microarchitecture, 2016 49th Annual IEEE/ACM International Symposium on. IEEE, 2016.

  • [DAC'16] Kayaalp, Mehmet, Nael Abu-Ghazaleh, Dmitry Ponomarev, and Aamer Jaleel, A high-resolution side-channel attack on last-level cache. In Proceedings of the 53rd Annual Design Automation Conference. ACM, 2016.(slides)

  • 2015

  • [CCS'15] Hang Zhang, Dongdong She, Zhiyun Qian, Android Root and its Providers: A Double-Edged Sword, in Proceedings of ACM Conference on Computer and Communications Security (CCS) 2015, Denver, CO.  Media coverage: [ARS Technica] [Trustlook] [Marketwired]

  • [CCS'15] Qi Alfred Chen, Zhiyun Qian, Yunhan Jack Jia, Yuru Shao, Z. Morley Mao, Static Detection of Packet Injection Vulnerabilities: A Case for Identifying Attacker-controlled Implicit Information Leaks, in Proceedings of ACM Conference on Computer and Communications Security (CCS) 2015, Denver, CO.(Website)