About
54
Publications
9,288
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
835
Citations
Introduction
Trusted Execution, program analysis, secure compiling
Publications
Publications (54)
Many vehicular applications, especially safety-related ones, rely on spatial-temporal messages periodically broadcast by vehicles. In the absence of a secure authentication scheme, invalid spatial-temporal messages may be sent out by malicious vehicles. Meanwhile, malicious applications may also collect a lot of personal information from spatial-te...
The massive growth of smart mobile devices has attracted numerous apps to embed third-party in-app payment, which involves more sophisticated interactions between multiple participants compared to traditional payments. Therefore, such payment is error prone and could be exploited easily, leading to serious financial deceptions. To investigate curre...
Binary code similarity comparison is a methodology for identifying similar or identical code fragments in binary programs. It is indispensable in fields of software engineering and security, which has many important applications (e.g., plagiarism detection, bug detection). With the widespread of smart and IoT (Internet of Things) devices, an increa...
Binary code similarity comparison is a methodology for identifying similar or identical code fragments in binary programs. It is indispensable in fields of software engineering and security, which has many important applications (e.g., plagiarism detection, bug detection). With the widespread of smart and IoT (Internet of Things) devices, an increa...
The security of binary programs is significantly threatened by software vulnerabilities. When vulnerabilities are found, those applications are exposed to malicious attacks which exploit the known vulnerabilities. Thus, it is necessary to patch them when vulnerabilities are reported to the public as soon as possible. However, it still heavily relie...
The only secrets in modern cryptography (crypto for short) are the crypto keys. Understanding how crypto keys are used in a program and discovering insecure keys is paramount for crypto security. This paper presents K-Hunt, a system for identifying insecure keys in binary executables. K-Hunt leverages the properties of crypto operations for identif...
Binary code clone analysis is an important technique which has a wide range of applications in software engineering (e.g., plagiarism detection, bug detection). The main challenge of the topic lies in the semantics-equivalent code transformation (e.g., optimization, obfuscation) which would alter representations of binary code tremendously. Another...
Mobile apps nowadays are consuming and producing a mass of sensitive data. In response, a wide variety of privacy protection techniques and tools have been proposed since mobile users have the escalating privacy concerns. However, only a few privacy protection schemes consider how to thoroughly erase the runtime information of an app after its exec...
Binary code clone analysis is an important technique which has a wide range of applications in software engineering (e.g., plagiarism detection, bug detection). The main challenge of the topic lies in the semantics-equivalent code transformation (e.g., optimization, obfuscation) which would alter representations of binary code tremendously. Another...
Smart devices without an interactive UI (e.g., a smart bulb) typically rely on specific provisioning schemes to connect to wireless networks. Among all the provisioning schemes, SmartCfg is a popular technology to configure the connection between smart devices and wireless routers. Although the SmartCfg technology facilitates the Wi-Fi configuratio...
Code packing is one of the most frequently used protection techniques for malware to evade detection. Particularly, Android packers originally designed to protect intellectual property are widely utilized by Android malware nowadays to hide their malicious behaviors. What’s worse, Android code packing techniques are evolving rapidly with new featur...
Free VPN apps have gained popularity among millions of users due to their convenience, and have been massively used for accessing blocked sites and preventing network eavesdropping. As a popular open-source VPN solution, OpenVPN is widely used by developers to implement their own VPN services. Despite the prevalence of OpenVPN, it can be insecurely...
The concept of Smart Home drives the upgrade of home devices from traditional mode to an Internet-connected version. Instead of developing the smart devices from scratch, manufacturers often utilize existing smart home solutions released by large IT companies (e.g., Amazon, Google) to help build the smart home network. A smart home solution provide...
Security testing of software on embedded devices is often impeded for lacking advanced program analysis tools. The main obstacle is that state-of-the-art tools do not support the instruction set of common architectures of embedded device (e.g., MIPS). It requires either developing new program analysis tool aiming to architecture or introducing many...
Despite the increased concerning about embedded system security, the security assessment of commodity embedded devices is far from being adequate. The lack of assessment is mainly due to the tedious, time-consuming, and the very ad hoc reverse engineering procedure of the embedded device firmware. To simplify this procedure, we argue that only a pa...
Binary code clone detection (or similarity comparison) is a fundamental technique for many important applications , such as plagiarism detection, malware analysis, software vulnerability assessment and program comprehension. With the prevailing of smart and IoT (Internet of Things) devices, more and more programs are ported from traditional desktop...
Smart mobile devices are becoming the main vessel of personal privacy information. While they carry valuable information, data erasure is somehow much more vulnerable than was predicted. The security mechanisms provided by the Android system are not flexible enough to thoroughly delete sensitive data. In addition to the weakness among several provi...
Websites and mobile applications today increasingly utilize OAuth for authorization and authentication. Major companies such as Facebook, Google and Twitter all provide OAuth services. The usage of OAuth for authorization is well documented and has been studied by many researchers. However, little work has been done to specify or analyze the usage...
Web authentication security can be undermined by flawed mobile web implementations. Mobile web implementations may use less secure transport channel and enforce less strict brute-force-proof measures, making web authentication services vulnerable to typical attacks such as password cracking. This paper presents an in-depth penetration testing based...
Social applications are becoming one of the most popular applications for users to share data and communicate online. These applications deal with a lot of personal data, e.g., users’ locations, interests and documents stored on the remote cloud storage servers. Therefore, we need to pay a deeper attention to data confidentiality and privacy. To ad...
With the prevailing of smart devices (e.g., smart phone, routers, cameras), more and more programs are ported from traditional desktop platform to embedded hardware with ARM or MIPS architecture. While the compiled binary code differs significantly due to the variety of CPU architectures, these ported programs share the same code base of the deskto...
Enforcing security on various implementations of OAuth in Android apps should consider a wide range of issues comprehensively. OAuth implementations in Android apps differ from the recommended specification due to the provider and platform factors, and the varied implementations often become vulnerable. Current vulnerability assessments on these OA...
The smartphone sensors provide extraordinary user experience in various Android apps, e.g. sport apps, gravity sensing games. Recent works have been proposed to launch powerful sensor-based attacks such as location tracing and sound eavesdropping. The use of sensors does not require any permission in Android apps, so these attacks are very difficul...
As the techniques for Android malware detection are progressing, malware also fights back through deploying advanced code encryption with the help of Android packers. An effective Android malware detection therefore must take the unpacking issue into consideration to prove the accuracy. Unfortunately, this issue is not easily addressed. Android pac...
Since vulnerabilities in Linux kernel are on the increase, attackers have turned their interests into related exploitation techniques. However, compared with numerous researches on exploiting use-after-free vulnerabilities in the user applications, few efforts studied how to exploit use-after-free vulnerabilities in Linux kernel due to the difficul...
SSL/TLS protocol is designed to protect the end-to-end communication by cryptographic means. However, the widely applied SSL/TLS protocol is facing many inadequacies on current mobile platform. Applications may suffer from MITM (Man-In-The-Middle) attacks when the certificate is not appropriately validated or local truststore is contaminated. In th...
With the pervasiveness of mobile communications, MSNs have become a promising networking paradigm for users to share contents with others through mobile devices. This convenience comes at the cost of some serious security and privacy issues. In this work, we propose a novel privacy-preserving scheme for MSNs, which can efficiently solve some of the...
Wireless sensor networks (WSNs)are inherently susceptible to attacks as malicious nodes can disrupt the communication from any other node to the sink. To address a wide range of attacks, we propose a novel and comprehensive approach called Secure and Scalable Geographic Opportunistic Routing with Received Signal Strength (SGOR), satisfying the requ...
Online program analysis aims to analyze a program as it executes. Traditional online program analysis is generally interactive and not automated. An automated online program analysis requires fine-grained yet flexible analyzing infrastructure to support. Android system, although providing many high-level debugging interfaces, lacks such functionali...
Encryption is increasingly used in network communications, especially by malicious software (malware) to hide its malicious activities and protect itself from being detected or analyzed. Understanding malware’s encryption schemes helps researchers better analyze its network protocol, and then derive the internal structure of the malware. However, c...
Cryptography is the common means to achieve strong data protection in mobile applications. However, cryptographic misuse is becoming one of the most common issues in development. Attackers usually make use of those flaws in implementation such as non-random key/IV to forge exploits and recover the valuable secrets. For the application developers wh...
To protect Android app from malicious reproduction or tampering, code obfuscation techniques are introduced to increase the difficulty of reverse engineering and program understanding. Current obfuscation schemes focus more on the protection of the meta information over the executable code which contains valuable or patented algorithms. Therefore,...
A huge number of Android applications are bundled with relatively independent modules either during the development or by intentionally repackaging. Undesirable behaviors such as stealthily acquiring and distributing user's private information are frequently discovered in some bundled third-party modules, i.e., advertising libraries or malicious co...
Packet pollution attack is considered as the most threatening attack model against network coding-based sensor networks. A widely held belief says that, in a single source multi-destination dissemination scenario, the total number of polluted packets in the network will grow with the length of the transmission path and the decoding failure DF rate...
This chapter presents security solutions designed to ward off attacks specific to network coding. It gives a taxonomy of attacks that exist against network coding by using a classification based on the power of the attacker, the nature of the attack and the place of the attacker in the network. From this threat model, confidentiality and authentici...
Traditional routing protocols are quite vulnerable
under the attacks from both external and internal attackers. In
this work, we examine the impact of a wide variety of attacks
in malicious wireless sensor networks scenario. An Efficient and
Secure Geographic Routing protocol ESGR is proposed to exploit
the geographic location, cryptography mechani...
Network coding has attracted the attention of many researchers in security and cryptography. In this paper, a well-known attack selective forwarding attack will be studied in network coding systems. While most of the works have been dedicated to the countermeasures against pollution attacks where an attacker modifies intermediate packets, only few...
Network coding has attracted the attention of many researchers in security and cryptography. While most of the works have been dedicated to the protection of messages carrying information, nothing has been done to protect the acknowledgment messages needed in network coding. These flooding attacks are critical in resource constraint networks such a...
Self-securing storage devices prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, we design an efficient self-securing disk architecture, which is based on traditional self-securing storage prototype S4: 1) On the confidentiality protection side, authenticated encryption mode GCM is adapted t...
Wireless sensor networks are designed for outdoor environment surveillance and require benign coverage, steady working status and long lifetime, moreover, they require efficient security services for rigorous applications. Most security schemes are designed to work efficiently only when bidirectional links exist. So do most key establishment protoc...
The establishment of pair-wise key between two nodes in wireless sensor network is a big challenge. We propose a protocol PWKEP including three contributions: 1) Achieve secure key exchange protocol with mutual authentication. 2) Propose a modular approach for design of secure authenticated key exchange protocols. 3) Adopt elliptic curve Diffie-Hel...
Hybrid hard drives (HHD) are coming up with potential high viability in mobile computing. It's quite necessary to put forward an efficient secure scheme for hybrid hard drives. NAND Flash of HHD is made full use as a container and a buffer for metadata. We propose an efficient combined scheme based on Galois/Counter Mode (GCM) to protect hard disk...
Wireless sensor networks are designed for outdoor environment surveillance and require benign coverage, steady working status and long lifetime, so they require efficient security services eagerly. Most security schemes work efficiently only when bidirectional links exist. So does key establishment protocols in WSNs. However, unidirectional links m...
Public-key cryptography protocols provide more scalability and security than symmetric-key protocols. It is assumed that public-key cryptography pair-wise key establishment protocols are not suitable for wireless sensor networks due to its high energy cost. This paper reports on the results of performance comparison of three typical pair-wise key e...