Our SysFlow work will appear in IEEE Transactions on Information Forensics and Security (TIFS) 2023. SysFlow is the first programmable zero trust (ZT) framework for system security! It presents a novel system security development framework for programmable ZT security control of host system activities at runtime. It offers unprecedented and unified programmability for users to achieve their dynamic security needs. Read our paper (here) and try to use our prototype system here. Now you can build your own security applications on top of that!
Publication
Our new software-defined programmable security research “Mew” will appear in IEEE S&P’23
Our new research work “Mew” in the area of SPS (Software-defined Programmable Security) is accepted by IEEE S&P. This work shows how we can enable large-scale and dynamic link-flooding defenses on programmable switches. Congratulations, Huancheng!
Our IoT malware analysis/detection paper won the Best Paper Award at ASIACCS’22!
Our collaborative paper “Understanding and Detecting Remote Infection on Linux-based IoT Devices” just won the Best Paper Award at ASIACCS’22! Congratulations to all collaborators at University of Buffalo and Clemson University!
SWAPP paper (programmable web security platform) is accepted to USENIX Security’22!
Our SWAPP paper is accepted to USENIX Security’22! In this work, we build a new programmable playground/platform for web application security. Source code will be released soon. Congratulations, Patrick & Jianwei!
IoT malware analysis/detection paper is accepted to ASIACCS’22!
Our collaborative paper on IoT malware analysis and detection is accepted to ASIACCS’22. Congratulations, Hongda!
Software-defined vehicle security papers accepted to USENIX Security’22!
Our collaborative papers on software-defined vehicle security research are accepted to USENIX Security’22! Congratulations Lei, Le & Xiapu!
Two papers accepted to RAID’21
Our research papers on Service Worker security and voice service security are accepted to RAID’21. Congratulations Patrick & Yangyong!
Happer paper accepted to S&P’21
Happer is a new tool for unpacking Android apps via a hardware-assisted approach. Congratulations, Lei & Xiapu!
Hidden Property Abusing (HPA) paper accepted to USENIX Security’21!
We discovered a new type of security issue in Node.js ecosystem (named HPA, Hidden Property Abusing) and developed a new detection and verification tool, Lynx (released here). Congratulations, Feng & Jianwei!
New web vulnerability (SW-XSS) and detection tool released
Our work on discovering a new type of Web vulnerability, namely Service Worker based Cross-Site Scripting (SW-XSS), will appear in ACSAC’20. The artifacts (including VM and new detection tool source code) are also released (check here). Congratulations, Patrick!