Publication

  1. [X. Liao, K. Yuan] co-first author, X. Wang, Z. Li, L. Xing, R. Beyah. “Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence“. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), 2016. [PDF] [Demo]
  2. X. Liao, S. Alrwais, K. Yuan, L. Xing, X. Wang, S. Hao, R. Beyah. “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service“. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), 2016. [PDF] [Demo]
  3. [X. Bai, L. Xing] co-first author, N. Zhang, X. Wang, X. Liao, T. Li and S. Hu, “Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf”, To appear in the 37th IEEE Symposium on Security and Privacy (S&P), 2016. [PDF] [Demo]
  4. K. Chen, X. Wang, Y. Chen, P. Wang, Y. Lee, X. Wang, B. Ma, A. Wang, Y. Zhang, W. Zou, “Following Devil’s Footprints: Cross Platform Analysis of Potentially Harmful Libraries on Android and iOS”, To appear in the 37th IEEE Symposium on Security and Privacy (S&P), 2016. [PDF] [Demo]
  5. X. Liao, K. Yuan, X. Wang, Z. Pei, H. Yang, J. Chen, H. Duan, K. Du, E. Alowaisheq, S. Alrwais, L. Xing and R. Beyah, “Seeking Nonsense, Loking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search”. To appear in the 37th IEEE Symposium on Security and Privacy (S&P), 2016. [PDF] [Demo]
  6. [Yousra Aafer, Nan Zhang] co-first author, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, Michael Grace, “Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References“. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015. [PDF] [Demo]
  7. Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Shi-min Hu, Xinhui Han, “Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS“. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015. [PDF] [Demo]
  8. [Yangyi Chen, Tongxin Li] co-first author, XiaoFeng Wang, Kai Chen, Xinhui Han, “Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations“. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015. [PDF] [Demo]
  9. Vincent Bindschaedler, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, Yan Huang, “Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy and the New Way Forward“. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015. [PDF] [Demo]
  10. Xiao Shaun Wang, Yan Huang, Yongan Zhao, Haixu Tang, XiaoFeng Wang, Diyue Bu. “Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance“. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015. [PDF] [Demo]
  11. Kai Chen, Peng Wang, Yeonjoon Lee, XiaoFeng Wang, Nan Zhang, Heqing Huang, Wei Zou, Peng Liu, “Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale“. In Proceedings of the 24th USENIX Security Symposium (USENIX Security), 2015. [PDF] [Demo]
  12. Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou, Guofei Gu, XiaoFeng Wang, “UIPicker: User-Input Privacy Identification in Mobile Applications“. In Proceedings of the 24th USENIX Security Symposium (USENIX Security), 2015. [PDF] [Demo]
  13. Nan Zhang, Kan Yuan, Muhammad Naveed, Xiaoyong Zhou, XiaoFeng Wang, “Leave Me Alone: App-level Protection Against Runtime Information Gathering on Android“. In Proceedings of the 36th IEEE Symposium on Security and Privacy (S&P), 2015. [PDF] [Demo][App]
  14. [Soteris Demetriou, Xiaoyong Zhou] co-first author, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, Xiaofeng Wang, Carl A. Gunter. “What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources“. In the 2015 Network and Distributed System Security Symposium (NDSS), 2015. [PDF] [Demo]

  15. Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, XiaoFeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter. “Controlled Functional Encryption“. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), 2014. [PDF]
  16. Tongxing Li, Xiaoyong Zhou, Luyi Xing, Yeonjoon Lee, Muhammad Naveed, Xiaofeng Wang, Xinhui Han. “Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services“. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), 2014. [PDF] [Demo]
  17. Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Zhou Li, XiaoFeng Wang. “Understanding the Dark Side of Domain Parking“. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security), 2014. [PDF]
  18. Luyi Xing, Xiaorui Pan, Rui Wang, Kan Yuan, XiaoFeng Wang. “Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating“. In Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P), 2014. [PDF] [Demo][App]
  19. Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed, Xiaofeng Wang. “The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations“. In Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P), 2014. [PDF] [Demo]
  20. Zhou Li, Sumayah Alrwais, XiaoFeng Wang, Eihal Alowaisheq. “Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections“. In Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P), 2014. [PDF] [Demo]
  21. Aston Zhang, Xing Xie, Kevin Chang, Carl Gunter, Jiawei Han, Xiaofeng Wang. “Privacy Risk in Anonymized Heterogeneous Information Networks“. In the 17th International Conference on Extending Database Technology (EDBT), 2014. [PDF]
  22. Chia-Chi Lin, Hongyang Li, Xiaoyong Zhou, XiaoFeng Wang. “Screenmilker: How to Milk Your Android Screen for Secrets“. In the 2014 Network and Distributed System Security Symposium (NDSS), 2014. [PDF]
  23. Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang, Carl A. Gunter. “Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android“. In the 2014 Network and Distributed System Security Symposium (NDSS), 2014. [PDF]
  24. Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, XiaoFeng Wang. “The Tangled Web of Password Reuse“. In the 2014 Network and Distributed System Security Symposium (NDSS), 2014. [PDF]

  25. Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, Carl A. Gunter, Klara Nahrstedt, “Identity, Location, Disease and More: Inferring Your Secrets from Android Public Resources”, In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), 2013. [PDF]
  26. Rui Wang, Luyi Xing, XiaoFeng Wang, Shuo Chen, “Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation”, In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), 2013. [PDF]
  27. Zhou Li, Sumayah Alrwais, Yinglian Xie, Fang Yu, XiaoFeng Wang, “Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures”, In Proceedings of the 34th IEEE Symposium on Security and Privacy (S&P), 2013. [PDF]
  28. Luyi Xing, Yangyi Chen, XiaoFeng Wang, Shuo Chen, “InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations”, In Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS), 2013. [PDF]
  29. Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, XiaoFeng Wang, “Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising”, In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), 2012. [PDF]
  30. Rui Wang, Shuo Chen, XiaoFeng Wang, “Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services”, In Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P), 2012. [PDF]
  31. Yangyi Chen, Bo Peng, XiaoFeng Wang, Haixu Tang, “Large-Scale Privacy-Preserving Mapping of Human Genomic Sequences on Hybrid Clouds”, In Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS), 2012. [PDF]
  32. Kehuan Zhang, Xiaoyong Zhou, Yangyi Chen, XiaoFeng Wang, Yaoping Ruan, “Sedic: Privacy-Aware Data Intensive Computing on Hybrid Clouds”, In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), 2011. [PDF]
  33. Xiaoyong Zhou, Bo Peng, Yong Fuga Li, Yangyi Chen, Haixu Tang, XiaoFeng Wang, “To Release Or Not To Release: Evaluating Information Leaks in Aggregate Human-Genome Data”, In Proceeding of European Symposium on Research in Computer Security (ESORICS), 2011. [PDF]
  34. Rui Wang, Shuo Chen, XiaoFeng Wang, Shaz Qadeer, “How to Shop for Free Online – Security Analysis of Cashier-as-a-Service Based Web Stores”, In Proceedings of the 32nd IEEE Symposium on Security and Privacy (S&P), 2011. [PDF]
  35. Roman Schlegel, Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, XiaoFeng Wang, “SoundComber: A Stealthy and Context-Aware Sound Trojan for Smartphones”, In Proceedings of the 18th Annual Network & Distributed System Security Symposium (NDSS), 2011. [PDF]
  36. Zhou Li, XiaoFeng Wang, “FIRM: Capability-based Inline Mediation of Flash Begaviors”, In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC), 2010. [PDF]
  37. Khan Zhang, Zhou Li, Rui Wang, XiaoFeng Wang, Shuo Chen, “Sidebuster: Automated Detection and Quantification of Side-Channel Leaks in Web Application Development”, In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), 2010. [PDF]
  38. Zhou Li, Kehuan Zhang, XiaoFeng Wang, “Mash-IF: Practical Information-Flow Control within Client-side Mashups”, In Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2010. [PDF]
  39. Rui Wang, XiaoFeng Wang, Zhou Li, Haixu Tang, Michael K. Reiter, Zheng Dong, “Privacy-Preserving Genomic Computation Through Program Specialization”, In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), 2009. [PDF]
  40. Rui Wang, Yong Fuga Li, XiaoFeng Wang, Haixu Tang, Xiaoyong Zhou, “Learning Your Identity and Disease from Research Papers: Information Leaks in Genome Wide Association Study”, In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), 2009. [PDF]
  41. Kehuan Zhang, XiaoFeng Wang, “Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems”, In Proceedings of the 18th USENIX Security Symposium (USENIX Security), 2009. [PDF]
  42. Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, XiaoFeng Wang, “Effective and Efficient Malware Detection at the End Host”, In Proceedings of the 18th USENIX Security Symposium (USENIX Security), 2009. [PDF]
  43. Debbie Liu, XiaoFeng Wang, L. Jean Camp, “Mitigating Inadvertent Insider Threats with Incentives”, In Proceedings of the 13th International Conference on Financial Cryptography and Data Security (FC), 2009. [PDF]
  44. Rui Wang, XiaoFeng Wang, Kehuan Zhang, Zhuowei Li, “Towards Automatic Reverse Engineering of Software Security Configurations”, In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS), 2008. [PDF]
  45. Rui Wang, XiaoFeng Wang, Zhuowei Li, “Panalyst: Privacy-Adware Remote Error Analysis on Commodity Software”, In Proceedings of the 17th USENIX Security Symposium (USENIX Security), 2008. [PDF]
  46. Zhuowei Li, XiaoFeng Wang, Zhenkai Liang, Michael K. Reiter, “AGIS: Towards Automatic Generation of Infection Signatures”, In Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2008. [PDF]
  47. Richard Chow, Philippe Golle, Markus Jakobsson, Lusha Wang, XiaoFeng Wang, “Making CAPTCHAs Clickable”, In Proceedings of Workshop on Mobile Computing Systems and Applications (HotMobile), 2008.
  48. XiaoFeng Wang, Zhuowei Li, Ninghui Li, Jong Youl Choi, “PRECIP: Towards Practical and Retrofittable Confidential Information Protection”, In Proceedings of the 15th Annual Network & Distributed System Security Symposium (NDSS), 2008. [PDF]