Publications

Filter by type:

(2017). Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews. In CCS’17.

PDF Bib

(2017). SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits. In CCS’17.

PDF Bib

(2017). Mass Discovery of Android Tra ic Imprints through Instantiated Partial Execution. In CCS’17.

PDF Bib

(2017). Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. In CCS’17.

PDF Bib

(2017). SmartAuth: User-Centered Authorization for the Internet of Things. In USENIX Security’17.

PDF Bib

(2017). Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment. In USENIX Security’17.

PDF Bib

(2017). Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation. To appear in NDSS’18.

PDF Bib

(2017). OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS. To appear in NDSS’18.

PDF Bib

(2017). IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. To appear in NDSS’18.

PDF Bib

(2017). Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations. To appear in NDSS’18.

PDF Bib

(2017). Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps. To appear in NDSS’18.

PDF Bib

(2017). Under the Shadow of Sunshine: Understanding and Detecting BulletProof Hosting on Legitimate Service Provider Networks. In Oakland’17.

PDF

(2017). An empirical characterization of IFTTT: ecosystem, usage, and performance. In IMC’17.

PDF Bib

(2017). Dark Hazard: Learning-based, Large-scale Discovery of Hidden Sensitive Operations in Android Apps. In NDSS 2017.

PDF Slides Bib

(2017). Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites. In ACSAC’16.

PDF Bib

(2016). Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service. In CCS’16.

PDF Bib

(2016). Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence. In CCS’16.

PDF Bib

(2016). Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf. In Oakland’16.

PDF Bib

(2016). Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search. In Oakland’16.

PDF Bib

(2016). Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS. In Oakland’16.

PDF Bib

(2015). Practicing oblivious access on cloud storage: the gap, the fallacy, and the new way forward. In CCS’15.

PDF Bib

(2015). Perplexed messengers from the cloud: Automated security analysis of push-messaging integrations. In CCS’15.

PDF Bib

(2015). Hare hunting in the wild android: A study on the threat of hanging attribute references. In CCS’15.

PDF Bib

(2015). Efficient genome-wide, privacy-preserving similar patient query based on private edit distance. In CCS’15.

PDF Bib

(2015). Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS. In CCS’15.

PDF Bib

(2015). Uipicker: User-input privacy identification in mobile applications. USENIX Security’15.

PDF Bib

(2015). Finding unknown malice in 10 seconds: Mass vetting for new threats at the google-play scale. In USENIX Security’15.

PDF Bib

(2015). Leave me alone: App-level protection against runtime information gathering on Android. In Oakland’15.

PDF Bib

(2015). What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources.. In NDSS’15.

PDF Bib

(2014). Mayhem in the push clouds: Understanding and mitigating security hazards in mobile push-messaging services. In CCS’14.

PDF Bib

(2014). Controlled functional encryption. In CCS’14.

PDF Bib

(2014). Understanding the dark side of domain parking. In USENIX Security’14.

PDF Bib

(2014). Upgrading your android, elevating my malware: Privilege escalation through mobile os updating. In Oakland’14.

PDF Bib

(2014). The peril of fragmentation: Security hazards in android device driver customizations. In Oakland’14.

PDF Bib

(2014). Hunting the red fox online: Understanding and detection of mass redirect-script injections. In Oakland’14.

PDF Bib

(2014). The Tangled Web of Password Reuse.. In NDSS’14.

PDF Bib

(2014). Screenmilker: How to Milk Your Android Screen for Secrets.. In NDSS’14.

PDF Bib

(2014). Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android.. In NDSS’14.

PDF Bib

(2014). Privacy Risk in Anonymized Heterogeneous Information Networks.. In EDBT’14.

PDF Bib

(2014). Choosing blindly but wisely: differentially private solicitation of DNA datasets for disease marker discovery. Journal of the American Medical Informatics Association.

PDF Bib

(2013). Unauthorized origin crossing on mobile platforms: Threats and mitigation. In CCS’13.

PDF Bib

(2013). Identity, location, disease and more: Inferring your secrets from android public resources. In CCS’13.

PDF Bib

(2013). Finding the linchpins of the dark web: a study on topologically dedicated hosts on malicious web infrastructures. In Oakland’13.

PDF Bib

(2013). InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations.. In NDSS’13.

PDF Bib

(2012). Knowing your enemy: understanding and detecting malicious web advertising. In CCS’12.

PDF Bib

(2012). Large-Scale Privacy-Preserving Mapping of Human Genomic Sequences on Hybrid Clouds.. In NDSS’12.

PDF Bib

(2011). Sedic: privacy-aware data intensive computing on hybrid clouds. In CCS’11.

PDF Bib

(2011). To release or not to release: evaluating information leaks in aggregate human-genome data. In ESORICS’11.

PDF Bib

(2011). How to Shop for Free Online--Security Analysis of Cashier-as-a-Service Based Web Stores. In Oakland’11.

PDF Bib

(2011). Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones.. In NDSS’11.

PDF Bib

(2010). FIRM: Capability-based inline mediation of Flash behaviors. In ACSAC’10.

PDF Bib

(2010). Sidebuster: automated detection and quantification of side-channel leaks in web application development. In CCS’10.

PDF Bib

(2010). Mash-if: Practical information-flow control within client-side mashups. In DSN’10.

PDF Bib

(2010). Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Oakland’10.

PDF Bib

(2009). Privacy-preserving genomic computation through program specialization. In CCS’09.

PDF Bib

(2009). Learning your identity and disease from research papers: information leaks in genome wide association study. In CCS’09.

PDF Bib

(2009). Effective and Efficient Malware Detection at the End Host.. In USENIX Security’09.

PDF Bib

(2009). Mitigating inadvertent insider threats with incentives. International Conference on Financial Cryptography and Data Security.

PDF Bib

(2009). Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems. In USENIX Security’09.

PDF Bib

(2009). Denial of service attacks and defenses in decentralized trust management. International Journal of Information Security.

PDF Bib

(2008). Towards automatic reverse engineering of software security configurations. In CCS’08.

PDF Bib

(2008). Panalyst: Privacy-Aware Remote Error Analysis on Commodity Software.. In USENIX Security’08.

PDF Bib

(2008). Agis: Towards automatic generation of infection signatures. In DSN’08.

PDF Bib

(2008). PRECIP: Towards Practical and Retrofittable Confidential Information Protection.. In NDSS’08.

PDF Bib

(2008). Making captchas clickable. Proceedings of the 9th workshop on Mobile computing systems and applications.

PDF Bib

(2008). A multi-layer framework for puzzle-based denial-of-service defense. International Journal of Information Security.

PDF Bib

(2007). Spyshield: Preserving privacy from spy add-ons. In RAID’07.

PDF Bib

(2006). Wraps: Denial-of-service defense through web referrals. In SRDS’06.

PDF Bib

(2006). Packet vaccine: Black-box exploit detection and signature generation. In CCS’06.

PDF Bib

(2006). Deterring voluntary trace disclosure in re-encryption mix networks. In Oakland’06.

PDF Bib

(2005). Building reliable mix networks with fair exchange. In ACNS’05.

PDF Bib

(2004). Mitigating bandwidth-exhaustion attacks using congestion puzzles. In CCS’04.

PDF Bib

(2004). Fragile mixing. In CCS’04.

PDF Bib

(2004). Stealth Attacks on Vehicular Wireless Networks.

PDF Bib

(2003). Defending against denial-of-service attacks with puzzle auctions. In Oakland’03.

PDF Bib

(2003). Learning near-Pareto-optimal conventions in polynomial time. In NIPS’03.

PDF Bib

(2002). (Im) possibility of safe exchange mechanism design. Eighteenth national conference on Artificial intelligence.

PDF Bib