Xusheng Xiao

Xusheng Xiao
Case Western Reserve University | CWRU · Department of Computer and Data Sciences

PhD

About

70
Publications
7,042
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,413
Citations
Introduction
My general research interests span between software engineering and computer security, with the focus on making software and computer systems more Reliable, Intelligent, Secure, and Efficient (RISE). Specially, our lab is working on the research in mobile app security, system/enterprise security, blockchain security, automated software testing, program analysis, and bug detection.

Publications

Publications (70)
Article
The prosperity of the cryptocurrency ecosystem drives the need for digital asset trading platforms. Beyond centralized exchanges (CEXs), decentralized exchanges (DEXs) are introduced to allow users to trade cryptocurrency without transferring the custody of their digital assets to the middlemen, thus eliminating the security and privacy issues of t...
Preprint
The prosperity of the cryptocurrency ecosystem drives the needs for digital asset trading platforms. Beyond centralized exchanges (CEXs), decentralized exchanges (DEXs) are introduced to allow users to trade cryptocurrency without transferring the custody of their digital assets to the middlemen, thus eliminating the security and privacy issues of...
Article
Web3.0, often cited to drastically shape our lives, is ubiquitous. However, few literatures have discussed the crucial differentiators that separate Web3.0 from the era we are currently living in. Via a thorough analysis of the recent blockchain infrastructure evolution, we capture a key invariant featuring the evolution, based on which we provide...
Preprint
Millions of mobile apps have been available through various app markets. Although most app markets have enforced a number of automated or even manual mechanisms to vet each app before it is released to the market, thousands of low-quality apps still exist in different markets, some of which violate the explicitly specified market policies.In order...
Preprint
Log-based cyber threat hunting has emerged as an important solution to counter sophisticated cyber attacks. However, existing approaches require non-trivial efforts of manual query construction and have overlooked the rich external knowledge about threat behaviors provided by open-source Cyber Threat Intelligence (OSCTI). To bridge the gap, we buil...
Preprint
Log-based cyber threat hunting has emerged as an important solution to counter sophisticated cyber attacks. However, existing approaches require non-trivial efforts of manual query construction and have overlooked the rich external knowledge about threat behaviors provided by open-source Cyber Threat Intelligence (OSCTI). To bridge the gap, we prop...
Conference Paper
System monitoring has recently emerged as an effective way to analyze and counter advanced cyber attacks. The monitoring data records a series of system events and provides a global view of system behaviors in an organization. Querying such data to identify potential system risks and malicious behaviors helps security analysts detect and analyze ab...
Conference Paper
Mobile apps have been an indispensable part in our daily life. However, there exist many potentially harmful apps that may exploit users' privacy data, e.g., collecting the user's information or sending messages in the background. Keeping these undesired apps away from the market is an ongoing challenge. While existing work provides techniques to d...
Conference Paper
Blockchain interoperability, which allows state transitions across different blockchain networks, is critical functionality to facilitate major blockchain adoption. Existing interoperability protocols mostly focus on atomic token exchanges between blockchains. However, as blockchains have been upgraded from passive distributed ledgers into programm...
Preprint
Full-text available
Blockchain interoperability, which allows state transitions across different blockchain networks, is critical to facilitate major blockchain adoption. Existing interoperability protocols mostly focus on atomic token exchange between blockchains. However, as blockchains have been upgraded from passive distributed ledgers into programmable state mach...
Article
The need for countering Advanced Persistent Threat (APT) attacks has led to the solutions that ubiquitously monitor system activities in each enterprise host, and perform timely attack investigation over the monitoring data for uncovering the attack sequence. However, existing general-purpose query systems lack explicit language constructs for expr...
Preprint
The need for countering Advanced Persistent Threat (APT) attacks has led to the solutions that ubiquitously monitor system activities in each enterprise host, and perform timely abnormal system behavior detection over the stream of monitoring data. However, existing stream-based solutions lack explicit language constructs for expressing anomaly mod...
Conference Paper
Automated-test-generation tools generate test cases to enable dynamic analysis of Android apps, such as functional testing. These tools build a GUI model to describe the app states during the app execution, and generate a script that performs actions on UI widgets to form a test case. However, when the test cases are re-executed, the apps under ana...
Conference Paper
Today's enterprises are exposed to sophisticated attacks, such as Advanced Persistent Threats~(APT) attacks, which usually consist of stealthy multiple steps. To counter these attacks, enterprises often rely on causality analysis on the system activity data collected from a ubiquitous system monitoring to discover the initial penetration point, and...
Preprint
Advanced Persistent Threat (APT) attacks are sophisticated and stealthy, exploiting multiple software vulnerabilities and plaguing many well-protected businesses with significant financial losses. Due to the complexity introduced by numerous installed software applications and the limited visibility into their behaviors, enterprises are seeking sol...
Conference Paper
Routing the bug reports to potential fixers (i.e., bug triaging), is an integral step in software development and maintenance. However, manually inspecting and assigning bug reports is tedious and time-consuming, especially in those software projects that have a large amount of bug reports and developers. To make bug triaging more efficient, many m...
Preprint
Recently, advanced cyber attacks, which consist of a sequence of steps that involve many vulnerabilities and hosts, compromise the security of many well-protected businesses. This has led to the solutions that ubiquitously monitor system activities in each host (big data) as a series of events, and search for anomalies (abnormal behaviors) for tria...
Preprint
The need for countering Advanced Persistent Threat (APT) attacks has led to the solutions that ubiquitously monitor system activities in each host, and perform timely attack investigation over the monitoring data for analyzing attack provenance. However, existing query systems based on relational databases and graph databases lack language construc...
Article
Full-text available
Software defect data has long been used to drive software development process improvement. If security defects (vulnerabilities) are discovered and resolved by different software development practices than non-security defects, the knowledge of that distinction could be applied to drive process improvement. The goal of this research is to support t...
Conference Paper
Context: Software defect data has long been used to drive software development process improvement. If security defects (i.e.,vulnerabilities) are discovered and resolved by different software development practices than non-security defects, the knowledge of that distinction could be applied to drive process improvement. Objective: The goal of this...
Conference Paper
As battery-powered embedded devices have limited computational capacity, computation offloading becomes a promising solution that selectively migrates computations to powerful remote severs. The driving problem that motivates this work is to leverage remote resources to facilitate the development of mobile augmented reality (AR) systems. Due to the...
Conference Paper
Fault localization is a well-received technique for helping developers to identify faulty statements of a program. Research has shown that the coverages of faulty statements and its predecessors in program dependence graph are important for effective fault localization. However, app executions in Android split into segments in different components,...
Conference Paper
Intrusive multi-step attacks, such as Advanced Persistent Threat (APT) attacks, have plagued enterprises with significant financial losses and are the top reason for enterprises to increase their security budgets. Since these attacks are sophisticated and stealthy, they can remain undetected for years if individual steps are buried in background "n...
Article
Full-text available
For this special section on software systems, six research leaders in software systems, as guest editors for this special section, discuss important issues that will shape this field’s future research directions. The essays included in this roundtable article cover research opportunities and challenges for large-scale software systems such as query...
Article
Software continues to evolve due to changing requirements, platforms and other environmental pressures. Modern software is dependent on frameworks, and if the frameworks evolve, the software has to evolve as well. On the other hand, the software may be changed due to changing requirements. Therefore, in high-confidence software evolution, we must c...
Conference Paper
In recent years, online programming and software engineering education via information technology has gained a lot of popularity. Typically, popular courses often have hundreds or thousands of students but only a few course staff members. Tool automation is needed to maintain the quality of education. In this paper, we envision that the capability...
Chapter
Computer system monitoring generates huge amounts of logs that record the interaction of system entities. How to query such data to better understand system behaviors and identify potential system risks and malicious behaviors becomes a challenging task for system administrators due to the dynamics and heterogeneity of the data. System monitoring d...
Article
Computer system monitoring generates huge amounts of logs that record the interaction of system entities. How to query such data to better understand system behaviors and identify potential system risks and malicious behaviors becomes a challenging task for system administrators due to the dynamics and heterogeneity of the data. System monitoring d...
Conference Paper
Full-text available
While smartphones and mobile apps have been an essen- tial part of our lives, privacy is a serious concern. Previ- ous mobile privacy related research efforts have largely focused on predefined known sources managed by smart- phones. Sensitive user inputs through UI (User Inter- face), another information source that may contain a lot of sensitive...
Conference Paper
Full-text available
Mobile malware attempts to evade detection during app analysis by mimicking security-sensitive behaviors of benign apps that provide similar functionality (e.g., sending SMS messages), and suppressing their payload to reduce the chance of being observed (e.g., executing only its payload at night). Since current approaches focus their analyses on th...
Conference Paper
With over forty years of use and refinement, access control, often in the form of access control rules (ACRs), continues to be a significant control mechanism for information security. However, ACRs are typically either buried within existing natural language (NL) artifacts or elicited from subject matter experts. To address the first situation, ou...
Article
Software hangs can be caused by expensive operations in responsive actions (such as time-consuming operations in UI threads). Some of the expensive operations depend on the input workloads, referred to as workload-dependent performance bottlenecks (WDPBs). WDPBs are usually caused by workload-dependent loops (i.e., WDPB loops) that contain relative...
Conference Paper
The ever-increasing reliance of today's society on software requires scalable and precise techniques for checking the cor-rectness, reliability, and robustness of software. Object-ori-ented languages have been used extensively to build large-scale systems, including Java and C++. While many scal-able static analysis approaches for C and Java have b...
Article
In recent years, to maximize the value of software testing and analysis, we have proposed the methodology of cooperative software testing and analysis (in short as cooperative testing and analysis) to enable testing and analysis tools to cooperate with their users (in the form of tool-human cooperation), and enable one tool to cooperate with anothe...
Article
Full-text available
To keep malware out of mobile application markets, existing techniques analyze the security aspects of application behaviors and summarize patterns of these security aspects to determine what applications do. However, user expectations (reflected via user perception in combination with user judgment) are often not incorporated into such analysis to...
Conference Paper
Dynamic Symbolic Execution (DSE) is a state-of-the-art test-generation approach that systematically explores program paths to generate high-covering tests. In DSE, the presence of loops (especially unbound loops) can cause an enormous or even infinite number of paths to be explored. There exist techniques (such as bounded iteration, heuristics, and...
Conference Paper
Software hangs can be caused by expensive operations in re-sponsive actions (such as time-consuming operations in UI threads). Some of the expensive operations depend on the input workloads, referred to as workload-dependent perfor-mance bottlenecks (WDPBs). WDPBs are usually caused by workload-dependent loops (i.e., WDPB loops) that con-tain relat...
Conference Paper
Application markets such as Apple's App Store and Google's Play Store have played an important role in the popularity of smartphones and mobile devices. However, keeping malware out of application markets is an ongo-ing challenge. While recent work has developed various techniques to determine what applications do, no work has provided a technical...
Chapter
Developer testing, a common step in software development, involves generating desirable test inputs and checking the behavior of the program unit under test during the execution of the test inputs. Existing developer testing tools include various techniques to address challenges of generating desirable test inputs and checking the behavior of the p...
Conference Paper
Full-text available
Access Control Policies (ACP) specify which principals such as users have access to which resources. Ensuring the correctness and consistency of ACPs is crucial to prevent security vulnerabil-ities. However, in practice, ACPs are commonly written in Natu-ral Language (NL) and buried in large documents such as require-ments documents, not amenable f...
Conference Paper
Applications in mobile-marketplaces may leak private user infor-mation without notification. Existing mobile platforms provide lit-tle information on how applications use private user data, making it difficult for experts to validate applications and for users to grant applications access to their private data. We propose a user-aware privacy contr...
Conference Paper
Full-text available
Application Programming Interface (API) docu-ments are a typical way of describing legal usage of reusable software libraries, thus facilitating software reuse. However, even with such documents, developers often overlook some documents and build software systems that are inconsistent with the legal usage of those libraries. Existing software verif...
Article
Full-text available
As one of the most fundamental security mechanisms of re-sources, Access Control Policies (ACP) specify which prin-cipals such as users or processes have access to which re-sources. Ensuring the correct specification and enforcement of ACPs is crucial to prevent security vulnerabilities. How-ever, in practice, ACPs are commonly written in Natural L...
Conference Paper
Full-text available
Achieving high structural coverage is an important goal of software testing. Instead of manually producing test inputs that achieve high structural coverage, testers or developers can employ tools built based on automated test-generation approaches, such as Pex, to automatically generate such test inputs. Although these tools can easily generate te...
Conference Paper
Full-text available
An important goal of software testing is to achieve at least high structural coverage. To reduce the manual eorts of producing such high-covering test inputs, testers or developers can employ tools built based on automated structural test-generation approaches. Although these tools can easily achieve high structural coverage for simple programs, wh...
Conference Paper
Achieving high structural coverage is an important goal of software testing. Instead of manually producing high-covering test inputs that achieve high structural coverage, testers or developers can employ tools built based on automated test-generation approaches to automatically generate such test inputs. Although these tools can easily generate hi...
Article
Full-text available
The process of achieving high structural coverage of the pro- gram under test can be automated using Dynamic Sym- bolic Execution (DSE), which generates test inputs to it- eratively explore paths of the program under test. When applied on real-world applications, DSE faces various chal- lenges in generating test inputs to achieve high structural co...
Article
Full-text available
A common problem faced by modern mobile-device platforms is that third-party applications in the marketplace may leak private information without notifying users. Existing approaches adopted by these platforms provide little information on what applications will do with the private information, failing to effectively assist users in deciding whethe...
Article
Full-text available
High structural coverage of the code under test is often used as an indicator of the thoroughness and the confidence level of testing. Dynamic symbolic execution is a testing tech-nique which explores feasible paths of the program under test by executing it with different generated test inputs to achieve high structural coverage. It collects the sy...
Article
In today's software development process, testing has become an irreplaceable part, which should be performed through the whole software development life cycle. Unit testing is considered a fundamental part of software testing. In this field, there already exist several tools that can automatically generation conventional unit tests. However, some o...

Network

Cited By