Here, you can find materials relevant to my published research and research in progress.

You can also browse my Google Scholar profile.


Journal Publications

  1. Jingqiang Lin, Bo Luo, Le Guan and Jiwu Jing, “Secure Computing Using Registers and Caches: The Problem, Challenges, and Solutions,” IEEE Security Privacy, vol. 14, no. 6, pp. 63-70, Nov 2016.
    [BibTeX] [PDF]

    @article{7782711,
      author = {Lin, Jingqiang and Luo, Bo and Guan, Le and Jing, Jiwu},
      title = {Secure Computing Using Registers and Caches: The Problem, Challenges, and Solutions},
      journal = {IEEE Security Privacy},
      year = {2016},
      volume = {14},
      number = {6},
      pages = {63-70},
      doi = {http://doi.org/10.1109/MSP.2016.130}
    }
    
  2. Jingqiang Lin, Le Guan, Ziqiang Ma, Bo Luo, Luning Xia and Jiwu Jing, “Copker: A Cryptographic Engine against Cold-Boot Attacks,” IEEE Transactions on Dependable and Secure Computing (TDSC). (Accepted)
    [BibTeX] [PDF]

    @article{coperTDSC,
      author = {Lin, Jingqiang and Guan, Le and Ma, Ziqiang and Luo, Bo and Xia, Luning and Jing, Jiwu},
      title = {Copker: A Cryptographic Engine against Cold-Boot Attacks},
      journal = {IEEE Transactions on Dependable and Secure Computing (TDSC)},
      year = {2016},
      volume = {PP},
      number = {99},
      pages = {1-1}
    }
    

Conference Publications

  1. Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing and Luning Xia, “Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices,” in Proceedings of the 33rd Annual Conference on Computer Security Applications, ACSAC '17, 2017. (Acceptance rate: 48/244=19.7%, Best Paper Award).
    [BibTeX] [Abstract] [PDF]

    @inproceedings{bolt,
      author = {Guan, Le and Jia, Shijie and Chen, Bo and Zhang, Fengwei and Luo, Bo and Lin, Jingqiang and Liu, Peng and Xing, Xinyu and Xia, Luning},
      title = {Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices},
      booktitle = {Proceedings of the 33rd Annual Conference on Computer Security Applications},
      series = {ACSAC '17},
      year = {2017}
    }
    

    The increasing growth of cybercrimes targeting mobile devices urges an efficient malware analysis platform. With the emergence of evasive malware, which is capable of detecting that it is being analyzed in virtualized environments, bare-metal analysis has become the definitive resort. Existing works mainly focus on extracting the malicious behaviors exposed during bare-metal analysis. However, after malware analysis, it is equally important to quickly restore the system to a clean state to examine the next sample. Unfortunately, state-of-the-art solutions on mobile platforms can only restore the disk, and require a time-consuming system reboot. In addition, all of the existing works require some in-guest components to assist the restoration. Therefore, a kernel-level malware is still able to detect the presence of the in-guest components. We propose Bolt, a transparent restoration mechanism for bare-metal analysis on mobile platform without rebooting. Bolt achieves a reboot-less restoration by simultaneously making a snapshot for both the physical memory and the disk. Memory snapshot is enabled by an isolated operating system (BoltOS) in the ARM TrustZone secure world, and disk snapshot is accomplished by a piece of customized firmware (BoltFTL) for flash-based block devices. Because both the BoltOS and the BoltFTL are isolated from the guest system, even kernel-level malware cannot interfere with the restoration. More importantly, Bolt does not require any modifications into the guest system. As such, Bolt is the first restoration mechanism for bare-metal malware analysis that simultaneously achieves efficiency, isolation, and stealthiness. We have implemented a Bolt prototype working with the Android OS. Experimental results show that Bolt can restore the guest system to the clean state in only 2.80 seconds.

  2. Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu and Trent Jaeger, “TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone,” in Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys '17, pp. 488-501, 2017. (Acceptance rate: 34/188=18.1%).
    [BibTeX] [Abstract] [PDF]

    @inproceedings{trustshadow,
      author = {Guan, Le and Liu, Peng and Xing, Xinyu and Ge, Xinyang and Zhang, Shengzhi and Yu, Meng and Jaeger, Trent},
      title = {TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone},
      booktitle = {Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services},
      series = {MobiSys '17},
      year = {2017},
      pages = {488--501}
    }
    

    The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. A variety of applications now run simultaneously on an ARM-based processor. For example, devices on the edge of the Internet are provided with higher horsepower to be entrusted with storing, processing and analyzing data collected from IoT devices. This significantly improves efficiency and reduces the amount of data that needs to be transported to the cloud for data processing, analysis and storage. However, commodity OSes are prone to compromise. Once they are exploited, attackers can access the data on these devices. Since the data stored and processed on the devices can be sensitive, left untackled, this is particularly disconcerting. In this paper, we propose a new system, TrustShadow that shields legacy applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system that coordinates the communication between applications and the ordinary OS running in the normal world. The runtime system does not provide system services itself. Rather, it forwards requests for system services to the ordinary OS, and verifies the correctness of the responses. To demonstrate the efficiency of this design, we prototyped TrustShadow on a real chip board with ARM TrustZone support, and evaluated its performance using both microbenchmarks and real-world applications. We showed TrustShadow introduces only negligible overhead to real-world applications.

  3. Le Guan, Sadegh Farhang, Yu Pu, Pinyao Guo, Jens Grossklags and Peng Liu, “VaultIME: Regaining User Control For Password Managers through Auto-correction,” in Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017, 2017. (Short)
    [BibTeX] [Abstract] [PDF]

    @inproceedings{vaultIME,
      author = {Guan, Le and Farhang, Sadegh and Pu, Yu and Guo, Pinyao and Grossklags, Jens and Liu, Peng},
      title = {VaultIME: Regaining User Control For Password Managers through Auto-correction},
      booktitle = {Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017},
      year = {2017}
    }
    

    Users are often educated to follow different forms of advice from security experts. For example, using a password manager is considered an effective way to maintain a unique and strong password for every important website. However, user surveys reveal that most users are not willing to adopt this tool. They feel uncomfortable or even threatened, when they grant password managers the privilege to automate access to their digital accounts. Likewise, they are worried that individuals close to them may be able to access important websites by using the password manager stealthily. We propose VaultIME to nudge more users towards the adoption of password managers by offering them a tangible benefit with minimal interference with their current usage practices. Instead of "auto-filling" password fields, we propose a new mechanism to "auto-correct" passwords in the presence of minor typos. VaultIME innovates by integrating the functionality of a password manager into an input method editor. Specifically, running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set. We show that VaultIME achieves high levels of usability and security. With respect to usability, VaultIME is able to correct as many as 47.8% of password typos in a real-world password typing dataset. Regarding security, simulated attacks reveal that the security loss brought by VaultIME against a brute-force attacker is at most 0.43%.

  4. Pinyao Guo, Hunmin Kim, Le Guan, Minghui Zhu and Peng Liu, “VCIDS: Collaborative Intrusion Detection of Sensor and Actuator Attacks on Connected Vehicles,” in Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017, 2017.
    [BibTeX]

    @inproceedings{VCIDS,
      author = {Guo, Pinyao and Kim, Hunmin and Guan, Le and Zhu, Minghui and Liu, Peng},
      title = {VCIDS: Collaborative Intrusion Detection of Sensor and Actuator Attacks on Connected Vehicles},
      booktitle = {Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017},
      year = {2017}
    }
    

  5. Le Guan, Jun Xu, Shuai Wang, Xinyu Xing, Lin Lin, Heqing Huang, Peng Liu and Wenke Lee, “From Physical to Cyber: Escalating Protection for Personalized Auto Insurance,” in Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems, SenSys '16, pp. 42-55, 2016. (Acceptance rate: 21/119=17.6%).
    [BibTeX] [Abstract] [PDF]

    @inproceedings{insurance,
      author = {Guan, Le and Xu, Jun and Wang, Shuai and Xing, Xinyu and Lin, Lin and Huang, Heqing and Liu, Peng and Lee, Wenke},
      title = {From Physical to Cyber: Escalating Protection for Personalized Auto Insurance},
      booktitle = {Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems},
      series = {SenSys '16},
      year = {2016},
      pages = {42--55}
    }
    

    Nowadays, auto insurance companies set personalized insurance rate based on data gathered directly from their customers' cars. In this paper, we show such a personalized insurance mechanism -- wildly adopted by many auto insurance companies -- is vulnerable to exploit. In particular, we demonstrate that an adversary can leverage off-the-shelf hardware to manipulate the data to the device that collects drivers' habits for insurance rate customization and obtain a fraudulent insurance discount. In response to this type of attack, we also propose a defense mechanism that escalates the protection for insurers' data collection. The main idea of this mechanism is to augment the insurer's data collection device with the ability to gather unforgeable data acquired from the physical world, and then leverage these data to identify manipulated data points. Our defense mechanism leveraged a statistical model built on unmanipulated data and is robust to manipulation methods that are not foreseen previously. We have implemented this defense mechanism as a proof-of-concept prototype and tested its effectiveness in the real world. Our evaluation shows that our defense mechanism exhibits a false positive rate of 0.032 and a false negative rate of 0.013.

  6. Le Guan, Jingqiang Lin, Bo Luo, Jiwu Jing and Jing Wang, “Protecting private keys against memory disclosure attacks using hardware transactional memory,” in 2015 IEEE Symposium on Security and Privacy, pp. 3-19, 2015. (Acceptance rate: 55/407=13.5%).
    [BibTeX] [Abstract] [PDF]

    @inproceedings{mimosa,
      author = {Guan, Le and Lin, Jingqiang and Luo, Bo and Jing, Jiwu and Wang, Jing},
      title = {Protecting private keys against memory disclosure attacks using hardware transactional memory},
      booktitle = {2015 IEEE Symposium on Security and Privacy},
      year = {2015},
      pages = {3--19}
    }
    

    Cryptography plays an important role in computer and communication security. In practical implementations of cryptosystems, the cryptographic keys are usually loaded into the memory as plaintext, and then used in the cryptographic algorithms. Therefore, the private keys are subject to memory disclosure attacks that read unauthorized data from RAM. Such attacks could be performed through software methods (e.g., OpenSSL Heartbleed) even when the integrity of the victim system’s executable binaries is maintained. They could also be performed through physical methods (e.g., cold-boot attacks on RAM chips) even when the system is free of software vulnerabilities. In this paper, we propose Mimosa that protects RSA private keys against the above software-based and physical memory attacks. When the Mimosa service is in idle, private keys are encrypted and reside in memory as ciphertext. During the cryptographic computing, Mimosa uses hardware transactional memory (HTM) to ensure that (a) whenever a malicious process other than Mimosa attempts to read the plaintext private key, the transaction aborts and all sensitive data are automatically cleared with hardware mechanisms, due to the strong atomicity guarantee of HTM; and (b) all sensitive data, including private keys and intermediate states, appear as plaintext only within CPU-bound caches, and are never loaded to RAM chips. To the best of our knowledge, Mimosa is the first solution to use transactional memory to protect sensitive data against memory disclosure attacks. We have implemented Mimosa on a commodity machine with Intel Core i7 Haswell CPUs. Through extensive experiments, we show that Mimosa effectively protects cryptographic keys against various attacks that attempt to read sensitive data from memory, and it only introduces a small performance overhead.

  7. Le Guan, Jingqiang Lin, Bo Luo and Jiwu Jing, “Copker: Computing with Private Keys without RAM,” in 21st Annual Network and Distributed System Security Symposium, NDSS '14, 2014. (Acceptance rate: 55/295=18.6%).
    [BibTeX] [Abstract] [PDF]

    @inproceedings{copker,
      author = {Guan, Le and Lin, Jingqiang and Luo, Bo and Jing, Jiwu},
      title = {Copker: Computing with Private Keys without RAM},
      booktitle = {21st Annual Network and Distributed System Security Symposium},
      series = {NDSS '14},
      publisher = {The Internet Society},
      year = {2014}
    }
    

    Cryptographic systems are essential for computer and communication security, for instance, RSA is used in PGP Email clients and AES is employed in full disk encryption. In practice, the cryptographic keys are loaded and stored in RAM as plain-text, and therefore vulnerable to physical memory attacks (e.g., cold-boot attacks). To tackle this problem, we propose Copker, which implements asymmetric cryptosystems entirely within the CPU, without storing plain-text private keys in the RAM. In its active mode, Copker stores kilobytes of sensitive data, including the private key and the intermediate states, only in on-chip CPU caches (and registers). Decryption/signing operations are performed without storing sensitive information in system memory. In the suspend mode, Copker stores symmetrically encrypted private keys in memory, while employs existing solutions to keep the key-encryption key securely in CPU registers. Hence, Copker releases the system resources in the suspend mode. In this paper, we implement Copker with the most common asymmetric cryptosystem, RSA, with the support of multiple private keys. We show that Copker provides decryption signing services that are secure against physical memory attacks. Meanwhile, with intensive experiments, we demonstrate that our implementation of Copker is secure and requires reasonable overhead.

  8. Le Guan, Fengjun Li, Jiwu Jing, Jing Wang and Ziqiang Ma, “virtio-ct: A Secure Cryptographic Token Service in Hypervisors,” in International Conference on Security and Privacy in Communication Networks: 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II, pp. 285-300, 2015.
    [BibTeX] [PDF]

    @inproceedings{Guan2015,
      author = {Guan, Le and Li, Fengjun and Jing, Jiwu and Wang, Jing and Ma, Ziqiang},
      title = {virtio-ct: A Secure Cryptographic Token Service in Hypervisors},
      booktitle = {International Conference on Security and Privacy in Communication Networks: 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II},
      publisher = {Springer International Publishing},
      year = {2015},
      pages = {285--300}
    }
    

  9. Jing Wang, Le Guan, Limin Liu and Daren Zha, “Implementing a Covert Timing Channel Based on Mimic Function,” in Information Security Practice and Experience: 10th International Conference, ISPEC 2014, Fuzhou, China, May 5-8, 2014. Proceedings, pp. 247-261, 2014.
    [BibTeX] [PDF]

    @inproceedings{Wang2014,
      author = {Wang, Jing and Guan, Le and Liu, Limin and Zha, Daren},
      title = {Implementing a Covert Timing Channel Based on Mimic Function},
      booktitle = {Information Security Practice and Experience: 10th International Conference, ISPEC 2014, Fuzhou, China, May 5-8, 2014. Proceedings},
      publisher = {Springer International Publishing},
      year = {2014},
      pages = {247--261}
    }
    

  10. Jing Wang, Peng Liu, Limin Liu, Le Guan and Jiwu Jing, “Fingerprint Embedding: A Proactive Strategy of Detecting Timing Channels,” in Information and Communications Security: 15th International Conference, ICICS 2013, Beijing, China, November 20-22, 2013. Proceedings, pp. 229-244, 2013.
    [BibTeX] [PDF]

    @inproceedings{Wang2013,
      author = {Wang, Jing and Liu, Peng and Liu, Limin and Guan, Le and Jing, Jiwu},
      title = {Fingerprint Embedding: A Proactive Strategy of Detecting Timing Channels},
      booktitle = {Information and Communications Security: 15th International Conference, ICICS 2013, Beijing, China, November 20-22, 2013. Proceedings},
      publisher = {Springer International Publishing},
      year = {2013},
      pages = {229--244}
    }
    

Patents and Other Publications

  1. Jingqiang Lin, Jiwu Jing, Le Guan, Bingyu Li, Jing Wang, Wuqiong Pan, and Yuewu Wang, “Method and system for protecting root CA certificate in a virtualization environment,” U.S. Patent Application 20170295024, Published on October 12, 2017.

  2. Jingqiang Lin, Le Guan, Qiongxiao Wang, Jing Wang, Jiwu Jing, “Key protecting method and apparatus,” U.S. Patent Application 20160359621, Published on December 8, 2016.

  3. Jingqiang Lin, Le Guan, Jing Wang, Qiongxiao Wang, Jiwu Jing and Bingyu Li, “Multi-Core Processor Based Key Protection Method And System,” U.S. Patent Application 20150310231, Published on October 29, 2015.

  4. Jingqiang Lin, Jiwu Jing, Le Guan, Jing Wang, Bingyu Li, Yuewu Wang and Wuqiong Pan, “Method and system for providing password service in virtualized environment,” Chinese Patent CN104461678, 2015. (in Chinese).

  5. Wuqiong Pan, Jiwu Jing, Le Guan, Ji Xiang, Jingqiang Lin, and Xingjie Yu, “Method and apparatus for implementing SM2 cryptographic algorithm based on GPU,” Chinese Patent CN103532710, 2014. (in Chinese).

  6. Xueyan Lin, Jingqiang Lin, Le Guan, and Lei Wang, “Deploying Chinese Commercial Cryptography in Virtual Desktop Infrastructure,” in Journal of University of Chinese Academy of Sciences, 2015, 32(5):701-707. (in Chinese).
    [BibTeX] [PDF]

    @inproceedings{smcrypto,
      author = {Lin, Xueyang and Lin, Jingqiang and Guan, Le and Wang, Lei},
      title = {Deploying Chinese Commercial Cryptography in Virtual Desktop Infrastructure},
      journal = {Journal of University of Chinese Academy of Sciences},
      volume={32},
      number={5},
      pages={701-707},
      year={2015},
    }
    
  7. Jing Wang, Neng Gao, Jingqiang Lin, and Le Guan, “A Survey of Network-based Covert Timing Channels,” in Netinfo Security 8 (2012): 053. (in Chinese).
    [BibTeX] [PDF]

    @inproceedings{covertsurvey,
      author = {Wang, Jing and Gao, Neng and Lin, Jingqiang and Guan Le},
      title = {A Survey of Network-based Covert Timing Channels},
      journal={Netinfo Security},
      volume={8},
      pages={53},
      year={2012}
    }
    
  8. “Research on the Protection of Cryptographic Keys in Commodity Platform,” PhD Thesis, University of Chinese Academy of Sciences, 2015. (in Chinese).

  9. “Deploying Public Key Infrastructure In Mobile Devices,” Bachelor Thesis, University of Science and Technology of China, 2009. (in Chinese).