“If we knew what we were doing, it would not be called research, would it?”
—Albert Einstein
- Runhan Feng, Ziyang Yan, Shiyan Peng, Yuanyuan Zhang. Automated Detection of Password Leakage from Public GitHub Repositories. Accepted by the 44th International Conference on Software Engineering (ICSE 2022). Pittsburgh, PA, USA. May 21-29, 2022. [link] [pdf]
- Shuran Wang, Dahan Pan, Runhan Feng, Yuanyuan Zhang. MagikCube: Securing Cross-Domain Publish/Subscribe Systems with Enclave. The 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2021). Shenyang, China. August 18-20, 2021. [link] [pdf]
- Huayi Li, Yuanyuan Zhang, Jianqiang Wang, Dawu Gu. SymSem: Symbolic Execution with Time Stamps for Deobufscation. The 15th International Conference on Information Security and Cryptology (INSCRYPT 2019). Nanjing, China. December 6-8 2019. [link] [pdf]
- Jianqiang Wang, Siqi Ma, Yuanyuan Zhang, Juanru Li, Zheyu Ma, Long Mai, Tiancheng Chen, Dawu Gu. NLP-EYE: Detecting Memory Corruptions via Semantic-Aware Memory Operation Function Identification. The 22nd International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2019). Beijing, China, September 23-25, 2019. USENIX Association. [link] [pdf]
- Bodong Li, Yuanyuan Zhang, Juanru Li, Runhan Feng, Dawu Gu. AppCommune: Automated Third-party Libraries De-duplicating and Updating for Android Apps. The 26th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2019). Hangzhou, China. February 24-27, 2019. [link] [pdf]
- Yikun Hu, Hui Wang, Yuanyuan Zhang, Bodong Li, Dawu Gu. A Semantics-Based Hybrid Approach on Binary Code Similarity Comparison. IEEE Transactions on Software Engineering. 2019. [link] [pdf]
- Wenbo Yang, Juanru Li, Yuanyuan Zhang, Dawu Gu. Security analysis of third-party in-app payment in mobile applications. Journal of Information Security and Applications, vol.48. 2019. [pdf]
- Haohuang Wen, Juanru Li, Yuanyuan Zhang, Dawu Gu. An Empirical Study of SDK Credential Misuse in iOS Apps. The 25th Asia-Pacific Software Engineering Conference (APSEC 2018). Nara, Japan, December 4-7, 2018. [link] [pdf]
- Juanru Li, Zhiqiang Lin, Juan Caballero, Yuanyuan Zhang, Dawu Gu. K-Hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces. The 25th ACM Conference on Computer and Communications Security (CCS 2018). Toronto, Canada. October 15-19, 2018. [link] [pdf]
- Junliang Shu, Juanru Li, Yuanyuan Zhang, Dawu Gu. Burn After Reading: Expunging Execution Footprints of Android Apps. The 12th International Conference on Network and System Security (NSS 2018). Hong Kong, China, August 27-29, 2018. [link] [pdf]
- Yikun Hu, Yuanyuan Zhang, Juanru Li, Hui Wang, Bodong Li, Dawu Gu. BinMatch: A Semantics-based Hybrid Approach on Binary Code Clone Analysis. The 34th International Conference on Software Maintenance and Evolution (ICSME 2018), Madrid, Spain. September 23-29, 2018. [link] [pdf]
- Changyu Li, Quanpu Cai, Juanru Li, Hui Liu, Yuanyuan Zhang, Dawu Gu, Yu Yu. Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning. The 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2018). Stockholm, Sweden. June 18-20, 2018. [link] [pdf]
- Bodong Li, Yuanyuan Zhang, Juanru Li, Wenbo Yang, Dawu Gu. AppSpear: Automating the hidden-code extraction and reassembling of packed android malware. Journal of Systems and Software 140: 3-16 (2018) [link] [pdf]
- Qi Zhang, Juanru Li, Yuanyuan Zhang, Hui Wang, Dawu Gu. Oh-Pwn_VPN! Security Analysis of OpenVPN-based Android Apps. The 16th International Conference on Cryptology And Network Security (CANS 2017). Hong Kong. November 29 - December 2, 2017. [link] [pdf]
- Xuewen Zhang, Yuanyuan Zhang, Juanru Li, Yikun Hu, Huayi Li, Dawu Gu. Embroidery: Patching Vulnerable Binary Code of Fragmentized Android Devices. The 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME 2017). Shanghai, China. Sep.28-Oct.3, 2017. [link] [pdf]
- Zhenghao Hu, Yuanyuan Zhang, Hui Wang, Juanru Li, Wenbo Yang, Dawu Gu. MIRAGE: Randomizing Large Chunk Allocation Via Dynamic Binary Instrumentation. 2017 IEEE Conference Dependable and Secure Computing (DSC 2017). Taipei, Taiwan. 7-10 Aug. 2017. [link] [pdf]
- Yikun Hu, Yuanyuan Zhang, Juanru Li and Dawu Gu. Binary Code Clone Detection across Architectures and Compiling Configurations. The 25th International Conference on Program Comprehension (ICPC 2017). Buenos Aires, Argentina. May 22-23, 2017. [link] [pdf]
- Wenbo Yang, Yuanyuan Zhang, Juanru Li, Hui Liu, Qing Wang, Yueheng Zhang and Dawu Gu. Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps. The 24th Network and Distributed System Security Symposium (NDSS 2017). San Diego, CA, USA. February 26 - March 1, 2017. [link] [pdf]
- Junliang Shu, Yuanyuan Zhang, Juanru Li, Bodong Li, Dawu Gu. Why Data Deletion Fails? A Study on Deletion Flaws and Data Remanence in Android Systems. ACM Transactions on Embedded Computing Systems. 16(2): 61:1-61:22 (2017) [link] [pdf]
- Hui Wang, Yuanyuan Zhang, Juanru Li and Dawu Gu. The Achilles' Heel of OAuth: A Multi-Platform Study of OAuth-based Authentication. The 32nd Annual Computer Security Applications Conference (ACSAC 2016). Los Angeles, California, USA. December 5–9, 2016. [link] [pdf]
- Yesheng Zhi, Yuanyuan Zhang, Juanru Li, Dawu Gu. Security Testing of Software on Embedded Devices Using x86 Platform. The 12th EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2016), Beijing, China, 12-13 November 2016. [link] [pdf]
- Yueheng Zhang, Junliang Shu, Yuanyuan Zhang, Juanru Li, Qing Wang, Dawu Gu. An Empirical Study of Insecure Communication in Android Apps. 2016 International Conference on Wireless Communication and Network Engineering (WCNE 2016), Beijing, China, 4-6 November 2016. [link] [pdf]
- Muqing Liu, Yuanyuan Zhang, Juanru Li, Junliang Shu, Dawu Gu. Security Analysis of Vendor Customized Code in Firmware of Embedded Device. The 12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2016), Guangzhou, China, 10-12 October 2016. [link] [pdf]
- Hui Liu, Yuanyuan Zhang, Juanru Li, Hui Wang, Dawu Gu. Open Sesame! Web Authentication Cracking via Mobile app Analysis. The 18th Asia Pacific Web Conference (APWEB 2016). Suzhou, China. Sept 23-25, 2016. [link] [pdf]
- Tianyi Xie, Yuanyuan Zhang, Juanru Li, Hui Liu, Dawu Gu. New Exploit Methods against Ptmalloc of Glibc. The 15th IEEE International Conference on Trust, Security, and Privacy in Computing and Communications (TrustCom 2016). Tianjin, China. 23-26 August 2016. [link] [pdf]
- Yikun Hu, Yuanyuan Zhang, Juanru Li, Dawu Gu. Cross-Architecture Binary Semantics Understanding via Similar Code Comparison. The 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016). Osaka, Japan. March 14-18, 2016. [link] [pdf]
- Bodong Li, Yuanyuan Zhang, Chen Lyu, JuanruLi, Dawu Gu. SSG: Sensor Security Guard for Android Smartphones. The 11th EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2015). Wuhan, Hubei, China. NOVEMBER 10–11, 2015. [link] [pdf]
- Hui Wang, Yuanyuan Zhang, Juanru Li, Hui Liu, Wenbo Yang, Bodong Li, Dawu Gu. Vulnerability Assessment of OAuth Implementations in Android Applications. The 31st Annual Computer Security Applications Conference (ACSAC 2015) Los Angeles, California, USA. December 7–11, 2015. [link] [pdf]
- Wen Xu, Juanru Li, Junliang Shu, Wenbo Yang, Tianyi Xie, Yuanyuan Zhang, Dawu Gu. From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel. The 22nd ACM Conference on Computer and Communications Security (CCS 2015). The Denver Marriot City Center, Denver, Colorado, US. October 12-16, 2015. [link] [pdf]
- Wenbo Yang, Yuanyuan Zhang, Juanru Li, Bodong Li, Junliang Shu, Wenju Hu, Dawu Gu. AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware. The 18th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2015). Kyoto, Japan. November 2–4, 2015. [link] [pdf]
- Shi-Feng Sun, Dawu Gu, Chen Lyu, Yuanyuan Zhang and Yanli Ren. Towards Efficient, Secure, and Fine-Grained Access Control System in MSNs with Flexible Revocations. International Journal of Distributed Sensor Networks (IJDSN), vol. 2015, Article ID 857405, 15 pages, 2015. [link] [pdf]
- Hui Liu, Yuanyuan Zhang, Hui Wang, Wenbo Yang, Juanru Li and Dawu Gu. TagDroid: Hybrid SSL Certificate Verification in Android. The 16th International Conference on Information and Communications Security (ICICS 2014). Hong Kong, China. December 16-17, 2014. [link] [pdf]
- Juanru Li, Yuanyuan Zhang, Wenbo Yang, Junliang Shu and Dawu Gu. DIAS: Automated Online Analysis for Android Applications. The 14th IEEE International Conference on Computer and Information Technology (IEEE CIT 2014). Xi'an, China. Sept 11-13, 2014. [link] [pdf]
- Yong Li, Yuanyuan Zhang, Juanru Li, Dawu Gu. iCryptoTracer: Dynamic Analysis on Misuse of Cryptographic Functions in iOS Applications. The 8th International Conference on Network and System Security (NSS 2014). Xi'an, China. Oct 15-17, 2014. [link] [pdf]
- Junliang Shu, Juanru Li, Yuanyuan Zhang and Dawu Gu. Android App Protection via Interpretation Obfuscation. The 12th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2014), Dalian, China, August 24-27, 2014. [link] [pdf]
- Wenbo Yang, Juanru Li, Yuanyuan Zhang, Yong Li, Junliang Shu and Dawu Gu. APKLancet: Tumor Payload Diagnosis and Purification for Android Applications. The 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014). Kyoto, Japan. June 2014. [link] [pdf]
Intellectual Property
授权
- CN200810042777.9 采用增量检验来保护数据完整性的方法
- CN201310291711.4 基于指令混淆的Android应用程序保护方法及系统* [jbox]
- CN201310426028.7 基于进程模拟的二进制程序分析系统* [jbox]
- CN201410260715.0 Android系统隐私数据恢复实现方法* [jbox]
- CN201410260743.2 用于Android系统的磁盘隐私数据残留漏洞检测方法* [jbox]
- CN201410261034.6 对Android重打包恶意软件的恶意代码的检测、切除和恢复的方法* [jbox]
- CN201410781215.1 Android应用程序密码学误用检测方法* [jbox]
- CN201510235772.8 Android平台OAuth协议误用安全检测方法 [jbox]
- CN201710398778.6 基于动态插桩的大块内存分配系统及方法 [jbox]
实审
- CN201710405313.9 Android设备内核漏洞的修补系统及方法
- CN201810820633.5 针对软件虚拟机保护的反混淆系统及方法
- CN202011402024.1 面向密码代码的自动化程序敏感数据保护方法
- CN202010064511.5 车载诊断系统固件保护方法及系统
- CN202010065323.4 面向Intel SGX的程序自动化移植系统
- CN202110908339.1 基于Intel SGX可信执行环境的在线编译混淆实现方法
受理
- CN202011174860.9 二进制文件下的操作系统内核信息泄露漏洞检测方法
- CN202111256513.5 基于 WebAssembly 和 Intel SGX 的内存隔离方法
Software Copyright
- 2015SR124693 Android应用程序动态测试系统InDroid软件 [简称: InDroid] [pdf]
- 2015SR128116 轻量级Android平台应用数据保护框架软件 [简称: InvisibleEnc] [pdf]