Publications | Welcome

Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation

Duan, Yue and Zhang, Mu and Bhaskar, Abhishek Vasisht and Yin, Heng and Pan, Xiaorui and Li, Tongxin and Wang, Xueqiang and Wang, XiaoFeng

PDF Bib

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Zhang, Xiaokuan and Wang, Xueqiang and Bai, Xiaolong and Zhang, Yinqian and Wang, XiaoFeng

PDF Bib

Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations

Wang, Peng and Mi, Xianghang and Liao, Xiaojing and Wang, XiaoFeng and Yuan, Kan and Qian, Feng and Beyah, Raheem

PDF Bib

Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps

Nan, Yuhong and Yang, Zhemin and Wang, XiaoFeng and Zhang, Yuan and Zhu, Donglai and Yang, Min

PDF Bib

Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews

Li, Tongxin and Wang, Xueqiang and Zha, Mingming and Chen, Kai and Wang, XiaoFeng and Xing, Luyi and Bai, Xiaolong and Zhang, Nan and Han, Xinhui

PDF Bib

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits

You, Wei and Zong, Peiyuan and Chen, Kai and Wang, XiaoFeng and Liao, Xiaojing and Bian, Pan and Liang, Bin

PDF Bib

Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution

Chen, Yi and You, Wei and Lee, Yeonjoon and Chen, Kai and Wang, XiaoFeng and Zou, Wei

PDF Bib

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX

Wang, Wenhao and Chen, Guoxing and Pan, Xiaorui and Zhang, Yinqian and Wang, XiaoFeng and Bindschaedler, Vincent and Tang, Haixu and Gunter, Carl A

PDF Bib

SmartAuth: User-Centered Authorization for the Internet of Things

Tian, Yuan and Zhang, Nan and Lin, Yueh-Hsun and Wang, XiaoFeng and Ur, Blase and Guo, XianZheng and Tague, Patrick

PDF Bib

Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment

Bai, Xiaolong and Zhou, Zhe and Wang, XiaoFeng and Li, Zhou and Mi, Xianghang and Zhang, Nan and Li, Tongxin and Hu, Shi-Min and Zhang, Kehuan

PDF Bib

Under the Shadow of Sunshine: Understanding and Detecting BulletProof Hosting on Legitimate Service Provider Networks

S. Alrwais, X. Liao, X. Mi, P. Wang, X. Wang, F. Qian, R. Beyah, D. McCoy

PDF Bib

An empirical characterization of IFTTT: ecosystem, usage, and performance

Mi, Xianghang and Qian, Feng and Zhang, Ying and Wang, XiaoFeng

PDF Bib

Dark Hazard: Learning-based, Large-scale Discovery of Hidden Sensitive Operations in Android Apps

X. Pan, X. Wang, Y. Duan, X. Wang, H. Yin

PDF Slides Bib

Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites

S. Alrwais, K. Yuan, E. Alowaisheq, X. Liao, A. Oprea, X. Wang, Z. Li

PDF Bib

Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service

X. Liao, S. Alrwais, K. Yuan, L. Xing, X. Wang, S. Hao, R. Beyah

PDF Bib

Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence

X. Liao, K.Yuan, X. Wang, Z. Li, L. Xing, R. Beyah

PDF Bib

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf

X. Bai, L. Xing, N. Zhang, X. Wang, X. Liao, T. Li, S. Hu

PDF Bib

Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search

X. Liao, K. Yuan, X. Wang, Z. Pei, H. Yang, J. Chen, H. Duan, K. Du, E. Alowaisheq, S. Alrwais, L. Xing, R. Beyah

PDF Bib

Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS

K. Chen, X. Wang, Y. Chen, P. Wang, Y. Lee, X. Wang, B. Ma, A. Wang, Y. Zhang, W. Zou

PDF Bib

Practicing oblivious access on cloud storage: the gap, the fallacy, and the new way forward

Bindschaedler, Vincent and Naveed, Muhammad and Pan, Xiaorui and Wang, XiaoFeng and Huang, Yan

PDF Bib

Perplexed messengers from the cloud: Automated security analysis of push-messaging integrations

Chen, Yangyi and Li, Tongxin and Wang, XiaoFeng and Chen, Kai and Han, Xinhui

PDF Bib

Hare hunting in the wild android: A study on the threat of hanging attribute references

Aafer, Yousra and Zhang, Nan and Zhang, Zhongwen and Zhang, Xiao and Chen, Kai and Wang, XiaoFeng and Zhou, Xiaoyong and Du, Wenliang and Grace, Michael

PDF Bib

Efficient genome-wide, privacy-preserving similar patient query based on private edit distance

Wang, Xiao Shaun and Huang, Yan and Zhao, Yongan and Tang, Haixu and Wang, XiaoFeng and Bu, Diyue

PDF Bib

Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS

Xing, Luyi and Bai, Xiaolong and Li, Tongxin and Wang, XiaoFeng and Chen, Kai and Liao, Xiaojing and Hu, Shi-Min and Han, Xinhui

PDF Bib

Uipicker: User-input privacy identification in mobile applications

Nan, Yuhong and Yang, Min and Yang, Zhemin and Zhou, Shunfan and Gu, Guofei and Wang, XiaoFeng

PDF Bib

Finding unknown malice in 10 seconds: Mass vetting for new threats at the google-play scale

Chen, Kai and Wang, Peng and Lee, Yeonjoon and Wang, XiaoFeng and Zhang, Nan and Huang, Heqing and Zou, Wei and Liu, Peng

PDF Bib

Leave me alone: App-level protection against runtime information gathering on Android

Zhang, Nan and Yuan, Kan and Naveed, Muhammad and Zhou, Xiaoyong and Wang, XiaoFeng

PDF Bib

What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources.

Demetriou, Soteris and Zhou, Xiao-yong and Naveed, Muhammad and Lee, Yeonjoon and Yuan, Kan and Wang, XiaoFeng and Gunter, Carl A

PDF Bib

Mayhem in the push clouds: Understanding and mitigating security hazards in mobile push-messaging services

Li, Tongxin and Zhou, Xiaoyong and Xing, Luyi and Lee, Yeonjoon and Naveed, Muhammad and Wang, XiaoFeng and Han, Xinhui

PDF Bib

Controlled functional encryption

Naveed, Muhammad and Agrawal, Shashank and Prabhakaran, Manoj and Wang, XiaoFeng and Ayday, Erman and Hubaux, Jean-Pierre and Gunter, Carl

PDF Bib

Understanding the dark side of domain parking

Alrwais, Sumayah and Yuan, Kan and Alowaisheq, Eihal and Li, Zhou and Wang, XiaoFeng

PDF Bib

Upgrading your android, elevating my malware: Privilege escalation through mobile os updating

Xing, Luyi and Pan, Xiaorui and Wang, Rui and Yuan, Kan and Wang, XiaoFeng

PDF Bib

The peril of fragmentation: Security hazards in android device driver customizations

Zhou, Xiaoyong and Lee, Yeonjoon and Zhang, Nan and Naveed, Muhammad and Wang, XiaoFeng

PDF Bib

Hunting the red fox online: Understanding and detection of mass redirect-script injections

Li, Zhou and Alrwais, Sumayah and Wang, XiaoFeng and Alowaisheq, Eihal

PDF Bib

The Tangled Web of Password Reuse.

Das, Anupam and Bonneau, Joseph and Caesar, Matthew and Borisov, Nikita and Wang, XiaoFeng

PDF Bib

Screenmilker: How to Milk Your Android Screen for Secrets.

Lin, Chia-Chi and Li, Hongyang and Zhou, Xiao-yong and Wang, XiaoFeng

PDF Bib

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android.

Naveed, Muhammad and Zhou, Xiao-yong and Demetriou, Soteris and Wang, XiaoFeng and Gunter, Carl A

PDF Bib

Privacy Risk in Anonymized Heterogeneous Information Networks.

Zhang, Aston and Xie, Xing and Chang, Kevin Chen-Chuan and Gunter, Carl A and Han, Jiawei and Wang, XiaoFeng

PDF Bib

Choosing blindly but wisely: differentially private solicitation of DNA datasets for disease marker discovery

Zhao, Yongan and Wang, Xiaofeng and Jiang, Xiaoqian and Ohno-Machado, Lucila and Tang, Haixu

PDF Bib

Unauthorized origin crossing on mobile platforms: Threats and mitigation

Wang, Rui and Xing, Luyi and Wang, XiaoFeng and Chen, Shuo

PDF Bib

Identity, location, disease and more: Inferring your secrets from android public resources

Zhou, Xiaoyong and Demetriou, Soteris and He, Dongjing and Naveed, Muhammad and Pan, Xiaorui and Wang, XiaoFeng and Gunter, Carl A and Nahrstedt, Klara

PDF Bib

Finding the linchpins of the dark web: a study on topologically dedicated hosts on malicious web infrastructures

Li, Zhou and Alrwais, Sumayah and Xie, Yinglian and Yu, Fang and Wang, XiaoFeng

PDF Bib

InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations.

Xing, Luyi and Chen, Yangyi and Wang, XiaoFeng and Chen, Shuo

PDF Bib

Knowing your enemy: understanding and detecting malicious web advertising

Li, Zhou and Zhang, Kehuan and Xie, Yinglian and Yu, Fang and Wang, XiaoFeng

PDF Bib

Signing me onto your accounts through facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services

Wang, Rui and Chen, Shuo and Wang, XiaoFeng

PDF Bib

Large-Scale Privacy-Preserving Mapping of Human Genomic Sequences on Hybrid Clouds.

Chen, Yangyi and Peng, Bo and Wang, XiaoFeng and Tang, Haixu

PDF Bib

Sedic: privacy-aware data intensive computing on hybrid clouds

Zhang, Kehuan and Zhou, Xiaoyong and Chen, Yangyi and Wang, XiaoFeng and Ruan, Yaoping

PDF Bib

To release or not to release: evaluating information leaks in aggregate human-genome data

Zhou, Xiaoyong and Peng, Bo and Li, Yong Fuga and Chen, Yangyi and Tang, Haixu and Wang, XiaoFeng

PDF Bib

How to Shop for Free Online--Security Analysis of Cashier-as-a-Service Based Web Stores

Wang, Rui and Chen, Shuo and Wang, XiaoFeng and Qadeer, Shaz

PDF Bib

Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones.

Schlegel, Roman and Zhang, Kehuan and Zhou, Xiao-yong and Intwala, Mehool and Kapadia, Apu and Wang, XiaoFeng

PDF Bib

FIRM: Capability-based inline mediation of Flash behaviors

Li, Zhou and Wang, XiaoFeng

PDF Bib

Sidebuster: automated detection and quantification of side-channel leaks in web application development

Zhang, Kehuan and Li, Zhou and Wang, Rui and Wang, XiaoFeng and Chen, Shuo

PDF Bib

Mash-if: Practical information-flow control within client-side mashups

Li, Zhou and Zhang, Kehuan and Wang, XiaoFeng

PDF Bib

Side-channel leaks in web applications: A reality today, a challenge tomorrow

Chen, Shuo and Wang, Rui and Wang, XiaoFeng and Zhang, Kehuan

PDF Bib

Privacy-preserving genomic computation through program specialization

Wang, Rui and Wang, XiaoFeng and Li, Zhou and Tang, Haixu and Reiter, Michael K and Dong, Zheng

PDF Bib

Learning your identity and disease from research papers: information leaks in genome wide association study

Wang, Rui and Li, Yong Fuga and Wang, XiaoFeng and Tang, Haixu and Zhou, Xiaoyong

PDF Bib

Effective and Efficient Malware Detection at the End Host.

Kolbitsch, Clemens and Comparetti, Paolo Milani and Kruegel, Christopher and Kirda, Engin and Zhou, Xiao-yong and Wang, XiaoFeng

PDF Bib

Mitigating inadvertent insider threats with incentives

Liu, Debin and Wang, XiaoFeng and Camp, L Jean

PDF Bib

Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems

Kehuan Zhang, XiaoFeng Wang

PDF Bib

Denial of service attacks and defenses in decentralized trust management

Li, Jiangtao and Li, Ninghui and Wang, XiaoFeng and Yu, Ting

PDF Bib

Towards automatic reverse engineering of software security configurations

Wang, Rui and Wang, XiaoFeng and Zhang, Kehuan and Li, Zhuowei

PDF Bib

Panalyst: Privacy-Aware Remote Error Analysis on Commodity Software.

Wang, Rui and Wang, XiaoFeng and Li, Zhuowei

PDF Bib

Agis: Towards automatic generation of infection signatures

Li, Zhuowei and Wang, XiaoFeng and Liang, Zhenkai and Reiter, Michael K

PDF Bib

PRECIP: Towards Practical and Retrofittable Confidential Information Protection.

Wang, XiaoFeng and Li, Zhuowei and Li, Ninghui and Choi, Jong Youl

PDF Bib

Making captchas clickable

Chow, Richard and Golle, Philippe and Jakobsson, Markus and Wang, Lusha and Wang, XiaoFeng

PDF Bib

A multi-layer framework for puzzle-based denial-of-service defense

Wang, XiaoFeng and Reiter, Michael K

PDF Bib

Spyshield: Preserving privacy from spy add-ons

Li, Zhuowei and Wang, XiaoFeng and Choi, Jong Youl

PDF Bib

Wraps: Denial-of-service defense through web referrals

Wang, XiaoFeng and Reiter, Michael K

PDF Bib

Packet vaccine: Black-box exploit detection and signature generation

Wang, XiaoFeng and Li, Zhuowei and Xu, Jun and Reiter, Michael K and Kil, Chongkyung and Choi, Jong Youl

PDF Bib

Deterring voluntary trace disclosure in re-encryption mix networks

Golle, Philippe and Wang, XiaoFeng and Jakobsson, Markus and Tsow, Alex

PDF Bib

Building reliable mix networks with fair exchange

Reiter, Michael K and Wang, XiaoFeng and Wright, Matthew

PDF Bib

Mitigating bandwidth-exhaustion attacks using congestion puzzles

Wang, XiaoFeng and Reiter, Michael K

PDF Bib

Fragile mixing

Reiter, Michael K and Wang, Xiaofeng

PDF Bib

Stealth Attacks on Vehicular Wireless Networks

Jakobsson, Markus and Wang, XiaoFeng and Wetzel, Susanne

PDF Bib

Defending against denial-of-service attacks with puzzle auctions

Wang, XiaoFeng and Reiter, Michael K

PDF Bib

Learning near-Pareto-optimal conventions in polynomial time

Wang, Xiaofeng and Sandholm, Tuomas

PDF Bib

Reinforcement learning to play an optimal Nash equilibrium in team Markov games

Wang, Xiaofeng and Sandholm, Tuomas

PDF Bib

(Im) possibility of safe exchange mechanism design

Sandholm, Tuomas and Wang, XiaoFeng

PDF Bib