CSE 597 - Papers

Please check the following list of conferences for papers.

• IEEE S&P (aka., Oakland): 2020 , 2019 , 2018 , 2017 , 2016
• CCS: 2020 , 2019 , 2018 , 2017 , 2016
• NDSS: 2020 , 2019 , 2018 , 2017 , 2016
• Usenix Security: 2020 , 2019 , 2018 , 2017 , 2016



Network Security

• High Precision Open-World Website Fingerprinting (IEEE S&P 2020)
• Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement (IEEE S&P 2020)
• Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd (IEEE S&P 2020)
• Even Black Cats Cannot Stay Hidden in the Dark: Full-band De-anonymization of Bluetooth Classic Devices (IEEE S&P 2020)
• BIAS: Bluetooth Impersonation AttackS (IEEE S&P 2020)
• Unexpected Data Dependency Creation and Chaining: A New Attack to SDN (IEEE S&P 2020)
• The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations (IEEE S&P 2019)
• An Extensive Formal Security Analysis of the OpenID Financial-grade API (IEEE S&P 2019)
• Breaking LTE on Layer Two (IEEE S&P 2018)
• HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows (IEEE S&P 2018)
• Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane (IEEE S&P 2018)
• Resident Evil: Understanding Residential IP Proxy as a Dark Service (IEEE S&P 2018)
• An In-depth Look Into SDN Topology Discovery Mechanisms: Novel Attacks and Practical Countermeasures (CCS'19)
• Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps (CCS'19)
• Principled Unearthing of TCP Side Channel Vulnerabilities (CCS'19)
• You Are Who You Appear to Be: A Longitudinal Study of Domain Impersonation in TLS Certificates (CCS'19)
• Cross-App Poisoning in Software-Defined Networking (CCS'18)
• AIM-SDN: Attacking Information Mismanagement in SDN-datastores (CCS'18)
• Towards Fine-grained Network Security Forensics and Diagnosis in the SDN Era (CCS'18)
• Release the Kraken: New KRACKs in the 802.11 Standard (CCS'18)
• SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery (NDSS'20)
• When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN (NDSS'20)
• Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Net (NDSS'20)
• Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches (NDSS'20)
• IMP4GT: IMPersonation Attacks in 4G NeTworks (NDSS'20)
• CDN Judo: Breaking the CDN DoS Protection with Itself (NDSS'20)
• Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session Confusion (NDSS'19)
• BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals (NDSS'19)
• Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China (CCS'20)
Examining Mirai's Battle over the Internet of Things (CCS'19)
• Removing Secrets from Android’s TLS (NDSS'18)
• Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach (NDSS'18)
• Preventing (Network) Time Travel with Chronos (NDSS'18)
• Towards Measuring the Effectiveness of Telephony Blacklists (NDSS'20)
• Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks (Usenix Security'20)
• You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFi (Usenix Security'20)
• Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE (Usenix Security'20)
• Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices (Usenix Security'20)
• Programmable In-Network Security for Context-aware BYOD Policies (Usenix Security'20)
• NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities (Usenix Security'20)
• Analysis of DTLS Implementations Using Protocol State Fuzzing (Usenix Security'20)
• The CrossPath Attack: Disrupting the SDN Control Channel via Shared Links (Usenix Security'19)
• A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link (Usenix Security'19)
• Hiding in Plain Signal: Physical Signal Overshadowing Attack on LTE (Usenix Security'19)
• Please Pay Inside: Evaluating Bluetooth-based Detection of Gas Pump Skimmers (Usenix Security'19)
• The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR (Usenix Security'19)
• Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets (Usenix Security'18)




IoT Security

• Burglars' IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds (IEEE S&P 2020)
• Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses (IEEE S&P 2020)
• Some Recipes Can Do More Than Spoil Your Appetite: Analyzingthe Security and Privacy Risks of IFTTT Recipes. (WWW 2017)
• IoT Goes Nuclear: Creating a ZigBee Chain Reaction (IEEE S&Privacy 2017)
• De-centralized Action Integrity for Trigger-Action IoT Platforms.'' ISOC NDSS 2018
• Rethinking Access Control and Authentication for the Home Internet of Things (Usenix Security 2018)
• Sensitive Information Tracking in Commodity IoT (Usenix Security 2018)
• On the Safety of IoT Device Physical Interaction Control (CCS 2018)
• Situational Access Control in the Internet of Things (CCS 2018)
• HoMonit: Monitoring Smart Home Apps from Encrypted Traffic (CCS 2018)
• Charting the Attack Surface of Trigger-Action IoT Platforms (CCS'19)
• Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices (CCS'19)
• Packet-Level Signatures for Smart Home Devices (NDSS'20)
• IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT
• A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems (NDSS'19)
• Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding (NDSS'19)
• IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing (NDSS'18)
• Fear and Logging in the Internet of Things (NDSS'18)
• What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS'18)
• From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAY (Usenix Security'20)
• From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAY (Usenix Security'20)
• Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT (Usenix Security'20)
• RVFuzzer: Finding Input Validation Bugs in Robotic Vehicles through Control-Guided Testing (Usenix Security'19)
• FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation (Usenix Security'19)
• FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation (Usenix Security'19)
• Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps (Usenix Security'19)
• All Things Considered: An Analysis of IoT Devices on Home Networks (Usenix Security'19)
• Acquisitional Rule-based Engine for Discovering Internet-of-Things Devices (Usenix Security')
• Sensitive Information Tracking in Commodity IoT (Usenix Security'19)




Software Security

• RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization (IEEE S&P 2020)
• Neutaint: Efficient Dynamic Taint Analysis with Neural Networks (IEEE S&P 2020)
• SAVIOR: Towards Bug-Driven Hybrid Testing (IEEE S&P 2020)
• IJON: Exploring Deep State Spaces via Fuzzing (IEEE S&P 2020)
• Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction (IEEE S&P 2020)
• Fuzzing JavaScript Engines with Aspect-preserving Mutation (IEEE S&P 2020)
• Krace: Data Race Fuzzing for Kernel File Systems (IEEE S&P 2020)
• CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation (IEEE S&P 2019)
• Razzer: Finding Kernel Race Bugs through Fuzzing (IEEE S&P 2019)
• ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery (IEEE S&P 2019)
• Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing (IEEE S&P 2019)
• NEUZZ: Efficient Fuzzing with Neural Program Smoothing (IEEE S&P 2019)
• Fuzzing File Systems via Two-Dimensional Input Space Exploration (IEEE S&P 2019)
• Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System (IEEE S&P 2018)
• CollAFL: Path Sensitive Fuzzing (IEEE S&P 2018)
• T-Fuzz: fuzzing by program transformation (IEEE S&P 2018)
• Angora: Efficient Fuzzing by Principled Search (IEEE S&P 2018)
• SoK: Exploiting Network Printers (IEEE S&P 2018)
• CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects (CCS'19)
• Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing (CCS'19)
• Learning to Fuzz from Symbolic Execution with Application to Smart Contracts (CCS'19)
• Matryoshka: fuzzing deeply nested branches (CCS'19)
• Program-mandering: Quantitative Privilege Separation (CCS'19)
• Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis (CCS'19)
• SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback (CCS'20)
• Block Oriented Programming: Automating Data-Only Attacks (CCS'18
• Hawkeye: Towards a Desired Directed Grey-box Fuzzer (CCS'18)
• HFL: Hybrid Fuzzing on the Linux Kernel (NDSS'20)
• HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing (NDSS'20)
• Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison (NDSS'20)
• PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary (NDSS'19)
• REDQUEEN: Fuzzing with Input-to-State Correspondence (NDSS'19)
• NAUTILUS: Fishing for Deep Bugs with Grammars (NDSS'19)
• Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification (NDSS'19)
• Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing (NDSS'19)
• Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics (NDSS'18)
• Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing (NDSS'18)
• Symbolic execution with SymCC: Don't interpret, compile! (Usenix Security'20)
• Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code (Usenix Security'20)
• AURORA: Statistical Crash Analysis for Automated Root Cause Explanation (Usenix Security'20)
• KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities (Usenix Security'20)
• MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures (Usenix Security'20)
• Cardpliance: PCI DSS Compliance of Android Applications (Usenix Security'20)
• FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning (Usenix Security'20)
• FuzzGen: Automatic Fuzzer Generation (Usenix Security'20)
• ParmeSan: Sanitizer-guided Greybox Fuzzing (Usenix Security'20)
• EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit (Usenix Security'20)
• MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs (Usenix Security'20)
• GREYONE: Data Flow Sensitive Fuzzing (Usenix Security'20)
• Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection (Usenix Security'20)
• Fuzzification: Anti-Fuzzing Techniques (Usenix Security'19)
• EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers (Usenix Security'19)
• GRIMOIRE: Synthesizing Structure while Fuzzing (Usenix Security'19)
• MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation (Usenix Security'18)
• FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities (Usenix Security'18)
• More software security related papers can be found here.




Web Security

• AdGraph: A Graph-Based Approach to Ad and Tracker Blocking (IEEE S&P 2020)
• Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers (IEEE S&P 2020)
• Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill (CCS'20)
• Mystique: Uncovering Information Leakage from Browser Extensions (CCS'18
• FUSE: Finding File Upload Bugs via Penetration Testing (NDSS'20)
• Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks (NDSS'20)
• Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild (NDSS'19)
• DNS Cache-Based User Tracking (NDSS'19)
• Didn’t You Hear Me? – Towards More Successful Web Vulnerability Notifications (NDSS'18)
• What Are You Searching For? A Remote Keylogging Attack on Search Engine Autocomplete (Usenix Security'19)
• Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks (Usenix Security'18)




System's Security

• xMP: Selective Memory Protection for Kernel and User Space (IEEE S&P 2020)
• MarkUs: Drop-in use-after-free prevention for low-level languages (IEEE S&P 2020)
• SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation (IEEE S&P 2020)
• Cornuopia: Temporal Safety for CHERI Heaps (IEEE S&P 2020)
• An Analysis of Pre-installed Android Software (IEEE S&P 2020)
• Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps (IEEE S&P 2020)
• Spectre Attacks: Exploiting Speculative Execution (IEEE S&P 2019)
• Towards Automated Safety Vetting of PLC Code in Real-World Plants (IEEE S&P 2019)
• Towards Automated Safety Vetting of PLC Code in Real-World Plants (IEEE S&P 2019)
• Using Safety Properties to Generate Vulnerability Patches (IEEE S&P 2019)
• LBM: A Security Framework for Peripherals within the Linux Kernel (IEEE S&P 2019)
• Why Does Your Data Leak? Uncovering the Data Leakage in Cloud from Mobile Apps (IEEE S&P 2018)
• Page Cache Attacks (CCS'19)
• ZombieLoad: Cross-Privilege-Boundary Data Sampling (CCS'19)
• FirmRay: Detecting BLE Link Layer Vulnerabilities from Configurations in Bare-Metal Firmware (CCS'20)
• Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps (NDSS'20)
• Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation (NDSS'18)
• Automated Generation of Event-Oriented Exploits in Android Hybrid Apps (NDSS'18)
• FANS: Fuzzing Android Native System Services via Automated Interface Analysis (Usenix Security'20)
• BigMAC: Fine-Grained Policy Analysis of Android Firmware (Usenix Security'20)
• HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation (Usenix Security'20)
• P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (Usenix Security'20)
• SpecFuzz: Bringing Spectre-type vulnerabilities to the surface (Usenix Security'20)
• DECAF: Automatic, Adaptive De-bloating and Hardening of COTS Firmware (Usenix Security'20)
• TPM-FAIL: TPM meets Timing and Lattice Attacks (Usenix Security'20)
• FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware (Usenix Security'20)
• USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation (Usenix Security'20)
• The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends (Usenix Security'19)
• PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play (Usenix Security'19)
• Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation (Usenix Security'19)
• Devils in the Guidance: Predicting Logic Vulnerabilities in Payment Syndication Services through Automated Documentation Analysis (Usenix Security'19)
• KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities (Usenix Security'19)
• PeX: A Permission Check Analysis Framework for Linux Kernel (Usenix Security'19)
• Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences (Usenix Security'19)
• Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems (Usenix Security'18)
• Inception: System-Wide Security Testing of Real-World Embedded Systems Software (Usenix Security'18)
• Meltdown: Reading Kernel Memory from User Space (Usenix Security'18)
• Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution




Formal Analysis

• The Last Mile: High-Assurance and High-Speed Cryptographic Implementations (IEEE S&P 2020)
• EverCrypt: A Fast, Verified, Cross-Platform Crytographic Provider (IEEE S&P 2020)
• Rigorous Engineering for Hardware Security: Formal Modelling and Proof in the CHERI Design and Implementation Process
(IEEE S&P 2020)
• Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level (IEEE S&P 2020)
• Static Evaluation of Noninterference using Approximate Model Counting (IEEE S&P 2018)
• Distance-Bounding Protocols: Verification without Time and Location (IEEE S&P 2018)
• Formally Verified Cryptographic Web Applications in WebAssembly (IEEE S&P 2019)
• SOSP'09: seL4: Formal Verification of an OS Kernel
• CCS'02: Runtime verification of authorization hook placement for the Linux Security Modules framework
• Verifying Constant-Time Implementations (Usenix Security'16)
• überSpark: Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor (Usenix Security'16)
• ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities (Usenix Security'15)
• Micro-Policies: Formally Verified, Tag-Based Security Monitors (IEEE S&P 2015)
• Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework (NDSS'16)
• The Last Mile: An Empirical Study of Some Timing Channels on seL4 (CCS'14')
• 5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol (CCS'19)
• Security Analysis and Implementation of Relay-Resistant Contactless Payments (CCS'20)
• SECURIFY: Practical Security Analysis of Smart Contracts (CCS'18)
• Formal Analysis of 5G Authentication (CCS'18)
• LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE (NDSS'18)
• A Formal Analysis of IEEE 802.11's WPA2: Countering the Kracks Caused by Cracking the Counters (Usenix Security'20)
• SmartVerif: Push the Limit of Automation Capability of Verifying Security Protocols by Dynamic Strategies (Usenix Security'20)




Forensic Analysis

• PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning (IEEE S&P 2020)
• Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics (IEEE S&P 2020)
• TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks (IEEE S&P 2020)
• Tactical Provenance Analysis for Endpoint Detection and Response Systems (IEEE S&P 2020)
• Throwing Darts in the Dark? Detecting Bots with Limited Data using Neural Data Augmentation (IEEE S&P 2020)
• EviHunter: Identifying Digital Evidence in the Permanent Storage of Android Devices via Static Analysis
• Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats (NDSS'20)
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution (NDSS'20) You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis (NDSS'20) OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis (NDSS'20)
• NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage (NDSS'19)
• JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions (NDSS'18)
• Towards a Timely Causality Analysis for Enterprise Security (NDSS'18)
• MCI : Modeling-based Causality Inference in Audit Logging for Attack Investigation (NDSS'18)
• Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs (NDSS'18)




Reference Monitors

• Security Enhanced (SE) Android: Bringing Flexible MAC to Android (NDSS'13)
• Secure web browsing with the OP web browser (IEEE S&P 2008)
• Trustworthy Whole-System Provenance for the Linux Kernel (Usenix Security'15)
• JIGSAW: Protecting Resource Access by Inferring Programmer Expectations (Usenix Security'14)
• What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources (NDSS'15)
• Rosemary: A Robust, Secure, and High-performance Network Operating System (CCS'14)
• The inevitability of failure: The flawed assumption of computer security in modern computing environments (NISSC'98)
.