Recent Publications

(2023). Facilitating Non-Intrusive In-Vivo Firmware Testing with Stateless Instrumentation. 31st Network and Distributed System Security Symposium (NDSS ‘24).

(2023). Physical Devices-Agnostic Hybrid Fuzzing of IoT Firmware. IEEE Internet of Things Journal.

(2023). CAUSEC: Cache-based Secure Key Computation with (Mostly) Deprivileged Execution. 2023 IEEE 43nd International Conference on Distributed Computing Systems (ICDCS ‘23).

(2023). Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis. 2023 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA ‘23).

(2023). Understanding MPU Usage in Microcontroller-based Systems in the Wild. Workshop on Binary Analysis Research (BAR ‘23).

(2022). Good Motive but Bad Design: Pitfalls in MPU Usage in Embedded Systems in the Wild. Black Hat Europe ‘22.

(2022). What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation. 2022 ACM Conference on Computer and Communications Security (CCS ‘22).

(2022). HARM: Hardware-assisted Continuous Re-randomization for Microcontrollers. 2022 IEEE European Symposium on Security and Privacy (EuroS&P ‘22).

(2022). 𝜇AFL: Non-intrusive Feedback-driven Fuzzing for Microcontroller Firmware. 2022 IEEE/ACM 44rd International Conference on Software Engineering (ICSE ‘22).

(2021). ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing. Proceedings of the 37th Annual Computer Security Applications Conference (ACSAC ‘21).

(2021). Automatic Firmware Emulation through Invalidity-guided Knowledge Inference. 30th USENIX Security Symposium, Security ‘21.

(2021). From Library Portability to Para-rehosting: Natively Executing Open-source Microcontroller OSs on Commodity Hardware. 28th Network and Distributed System Security Symposium, NDSS ‘21.

(2021). Reviewing IoT Security via Logic Bugs in IoT Platforms and Systems. IEEE Internet of Things Journal.

(2020). Device-Agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation. Annual Computer Security Applications Conference, ACSAC’20 (Acceptance rate 23.2% = 70302)(*equal contribution).

PDF DOI

(2020). Cyber-Physical Security of Powertrain Systems in Modern Electric Vehicles: Vulnerabilities, Challenges and Future Visions. IEEE Journal of Emerging and Selected Topics in Power Electronics.

DOI

(2020). Systematic Assessment of Cyber-physical Security of Energy Management System for Connected and Automated Electric Vehicles. IEEE Transactions on Industrial Informatics.

DOI

(2019). TF-BIV: Transparent and Fine-grained Binary Integrity Verification in the Cloud. Proceedings of the 35rd Annual Computer Security Applications Conference, ACSAC’19.

(2019). Secure Cryptography Infrastructures in the Clouds. 2019 IEEE Global Communications Conference, GLOBECOM’19.

(2019). Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. 28th USENIX Security Symposium, Security’19.

(2019). Mimosa: Protecting Private Keys against Memory Disclosure Attacks using Hardware Transactional Memory. IEEE Transactions on Dependable and Secure Computing.

DOI

(2019). Poster: Energy Distribution Matters in Greybox Fuzzing. 41th International Conference on Software Engineering, ICSE’19.

(2019). Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption. 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec’19.

(2018). Copker: A Cryptographic Engine Against Cold-Boot Attacks. IEEE Transactions on Dependable and Secure Computing.

DOI

(2018). Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM. IEEE Transactions on Dependable and Secure Computing.

DOI

(2018). VaultIME: Regaining User Control for Password Managers through Auto-correction. EAI Endorsed Transactions on Security and Safety.

DOI

(2018). CryptMe: Data Leakage Prevention for Unmodified Programs on ARM Devices. Research in Attacks, Intrusions, and Defenses.

(2018). Enforcing Access Controls for the Cryptographic Cloud Service Invocation Based on Virtual Machine Introspection. Information Security.

(2017). Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices. Proceedings of the 33rd Annual Computer Security Applications Conference, ACSAC’17 (Acceptance rate: 48244=19.7%, Best Paper Award).

PDF DOI

(2017). TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone. Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys’17 (Acceptance rate: 34188=18.1%).

(2017). VCIDS: Collaborative Intrusion Detection of Sensor and Actuator Attacks on Connected Vehicles. Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017.

(2017). VCIDS: Collaborative Intrusion Detection of Sensor and Actuator Attacks on Connected Vehicles. Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017.

(2017). VaultIME: Regaining User Control For Password Managers through Auto-correction. Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017.

(2016). Secure Computing Using Registers and Caches: The Problem, Challenges, and Solutions. IEEE Security Privacy.

DOI

(2016). From Physical to Cyber: Escalating Protection for Personalized Auto Insurance. Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems, SenSys’16 (Acceptance rate: 21119=17.6%).

(2015). Protecting private keys against memory disclosure attacks using hardware transactional memory. 2015 IEEE Symposium on Security and Privacy, Oakland’15 (Acceptance rate: 55407=13.5%).

(2015). virtio-ct: A Secure Cryptographic Token Service in Hypervisors. International Conference on Security and Privacy in Communication Networks: 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II.

(2014). Copker: Computing with Private Keys without RAM. 21st Annual Network and Distributed System Security Symposium, NDSS’14 (Acceptance rate: 55295=18.6%).

(2014). Implementing a Covert Timing Channel Based on Mimic Function. Information Security Practice and Experience: 10th International Conference, ISPEC 2014, Fuzhou, China, May 5-8, 2014. Proceedings.

(2013). Fingerprint Embedding: A Proactive Strategy of Detecting Timing Channels. Information and Communications Security: 15th International Conference, ICICS 2013, Beijing, China, November 20-22, 2013. Proceedings.

Teaching

  • Spring 2019, 2020, 2021, 2022, 2023: CSCI 4250 /6250: Computer Security
  • Fall 2019, 2020, 2021, 2022: CSCI 8965: IoT Security

Contact