Our research papers on Service Worker security and voice service security are accepted to RAID’21. Congratulations Patrick & Yangyong!
Publication
Happer paper accepted to S&P’21
Happer is a new tool for unpacking Android apps via a hardware-assisted approach. Congratulations, Lei & Xiapu!
Hidden Property Abusing (HPA) paper accepted to USENIX Security’21!
We discovered a new type of security issue in Node.js ecosystem (named HPA, Hidden Property Abusing) and developed a new detection and verification tool, Lynx (released here). Congratulations, Feng & Jianwei!
New web vulnerability (SW-XSS) and detection tool released
Our work on discovering a new type of Web vulnerability, namely Service Worker based Cross-Site Scripting (SW-XSS), will appear in ACSAC’20. The artifacts (including VM and new detection tool source code) are also released (check here). Congratulations, Patrick!
3 papers to appear in NDSS’20
Our papers on programmable data plane security (Poseidon), new Buffered Packets Hijacking attack in SDN, and blockchain security (SODA) are to appear in NDSS’20. Congratulations, Menghao, Jiahao &Qi, Ting & Xiapu!
Our PBS paper in the finalist (TOP 10) of 2016 CSAW Best Applied Security Paper Award
Our PBS paper was selected into the finalist (top 10) of 2016 CSAW Best Applied Security Paper Award.
Congratulations to Kevin!
In this paper, we present PBS (Programmable BYOD Security), a new security solution to enable fine-grained, application-level network security programmability for the purpose of network management and policy enforcement on mobile apps and devices. Our work is motivated by another emerging and powerful concept, SDN (Software-Defined Networking). With a novel abstraction of mobile device elements (e.g., apps and network interfaces on the device) into conventional SDN network elements, PBS intends to provide network-wide, context-aware, app-specific policy enforcement at run-time without introducing much overhead on a resource-constrained mobile device, and without the actual deployment of SDN switches in enterprise networks.