Our paper “Understanding and Detecting Remote Infection on Linux-based IoT Devices” just won the Best Paper Award at ASIACCS’22! Congratulations to all collaborators!
News
SWAPP paper (programmable web security platform) is accepted to USENIX Security’22!
Our SWAPP paper is accepted to USENIX Security’22! In this work, we build a new programmable playground/platform for web application security. Source code will be released soon. Congratulations, Patrick & Jianwei!
IoT malware analysis/detection paper is accepted to ASIACCS’22!
Our IoT malware analysis and detection paper is accepted to ASIACCS’22. Congratulations, Hongda!
Software-defined vehicle security papers accepted to USENIX Security’22!
Our collaborative papers on software-defined vehicle security research are accepted to USENIX Security’22! Congratulations Lei, Le & Xiapu!
Yangyong has successfully defended his PhD thesis!
Yangyong has successfully defended his PhD thesis titled “Understanding and Securing Voice
Assistant Applications”! Big congratulations!
Two papers accepted to RAID’21
Our research papers on Service Worker security and voice service security are accepted to RAID’21. Congratulations Patrick & Yangyong!
Happer paper accepted to S&P’21
Happer is a new tool for unpacking Android apps via a hardware-assisted approach. Congratulations, Lei & Xiapu!
Hidden Property Abusing (HPA) paper accepted to USENIX Security’21!
We discovered a new type of security issue in Node.js ecosystem (named HPA, Hidden Property Abusing) and developed a new detection and verification tool, Lynx (released here). Congratulations, Feng & Jianwei!
New web vulnerability (SW-XSS) and detection tool released
Our work on discovering a new type of Web vulnerability, namely Service Worker based Cross-Site Scripting (SW-XSS), will appear in ACSAC’20. The artifacts (including VM and new detection tool source code) are also released (check here). Congratulations, Patrick!
SVHunter (from our S&P’20 paper) code released!
SVHunter is a novel tool to pinpoints a wide range of sensitive methods in SDN controllers and create data dependencies to attack these methods. The source code is available here.
See our S&P’20 paper for more details: Feng Xiao, Jinquan Zhang, Jianwei Huang, Guofei Gu, Dinghao Wu, Peng Liu. “Unexpected Data Dependency Creation and Chaining: A New Attack to SDN.” In Proc. of the 41st IEEE Symposium on Security and Privacy (S&P’20), San Francisco, CA, May 2020. [pdf] [bib]