@inproceedings {285453, author = {Yuhong Nan and Xueqiang Wang and Luyi Xing and Xiaojing Liao and Ruoyu Wu and Jianliang Wu and Yifan Zhang and XiaoFeng Wang}, title = {Are You Spying on Me? {Large-Scale} Analysis on {IoT} Data Exposure through Companion Apps}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {6665--6682}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/nan}, publisher = {USENIX Association}, month = aug } @inproceedings {285457, author = {Xueqiang Wang and Yuqiong Sun and Susanta Nanda and XiaoFeng Wang}, title = {Credit Karma: Understanding Security Implications of Exposed Cloud Services through Automated Capability Inference}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {6007--6024}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/wang-xueqiang-karma}, publisher = {USENIX Association}, month = aug } @inproceedings {287360, author = {Yi Chen and Di Tang and Yepeng Yao and Mingming Zha and XiaoFeng Wang and Xiaozhong Liu and Haixu Tang and Baoxu Liu}, title = {Sherlock on Specs: Building {LTE} Conformance Tests through Automated Reasoning}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {3529--3545}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/chen-yi}, publisher = {USENIX Association}, month = aug } @inproceedings {291037, author = {Xueqiang Wang and Yifan Zhang and XiaoFeng Wang and Yan Jia and Luyi Xing}, title = {Union under Duress: Understanding Hazards of Duplicate Resource Mismediation in Android Software Supply Chain}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {3403--3420}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/wang-xueqiang-duress}, publisher = {USENIX Association}, month = aug } @inproceedings {291293, author = {Hongbo Chen and Haobin Hiroki Chen and Mingshen Sun and Kang Li and Zhaofeng Chen and XiaoFeng Wang}, title = {A Verified Confidential Computing as a Service Framework for Privacy Preservation}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {4733--4750}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/chen-hongbo}, publisher = {USENIX Association}, month = aug } @inproceedings {287344, author = {Zhiyuan Yu and Yuanhaur Chang and Shixuan Zhai and Nicholas Deily and Tao Ju and XiaoFeng Wang and Uday Jammalamadaka and Ning Zhang}, title = {{XCheck}: Verifying Integrity of 3D Printed {Patient-Specific} Devices via Computing Tomography}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {2815--2832}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/yu-zhiyuan-xcheck}, publisher = {USENIX Association}, month = aug } @inproceedings {279972, author = {Yi Chen and Di Tang and Yepeng Yao and Mingming Zha and XiaoFeng Wang and Xiaozhong Liu and Haixu Tang and Dongfang Zhao}, title = {Seeing the Forest for the Trees: Understanding Security Hazards in the {3GPP} Ecosystem through Intelligent Analysis on Change Requests}, booktitle = {31st USENIX Security Symposium (USENIX Security 22)}, year = {2022}, isbn = {978-1-939133-31-1}, address = {Boston, MA}, pages = {17--34}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yi}, publisher = {USENIX Association}, month = aug } @inproceedings {263780, author = {Di Tang and XiaoFeng Wang and Haixu Tang and Kehuan Zhang}, title = {Demon in the Variant: Statistical Analysis of {DNNs} for Robust Backdoor Contamination Detection}, booktitle = {30th USENIX Security Symposium (USENIX Security 21)}, year = {2021}, isbn = {978-1-939133-24-3}, pages = {1541--1558}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/tang-di}, publisher = {USENIX Association}, month = aug } @inproceedings {263810, author = {Liya Su and Xinyue Shen and Xiangyu Du and Xiaojing Liao and XiaoFeng Wang and Luyi Xing and Baoxu Liu}, title = {Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications}, booktitle = {30th USENIX Security Symposium (USENIX Security 21)}, year = {2021}, isbn = {978-1-939133-24-3}, pages = {1307--1324}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/su}, publisher = {USENIX Association}, month = aug } @inproceedings {272284, author = {Jice Wang and Yue Xiao and Xueqiang Wang and Yuhong Nan and Luyi Xing and Xiaojing Liao and JinWei Dong and Nicolas Serrano and Haoran Lu and XiaoFeng Wang and Yuqing Zhang}, title = {Understanding Malicious Cross-library Data Harvesting on Android}, booktitle = {30th USENIX Security Symposium (USENIX Security 21)}, year = {2021}, isbn = {978-1-939133-24-3}, pages = {4133--4150}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/wang-jice}, publisher = {USENIX Association}, month = aug } @inproceedings {247642, author = {Yuxuan Chen and Xuejing Yuan and Jiangshan Zhang and Yue Zhao and Shengzhi Zhang and Kai Chen and XiaoFeng Wang}, title = {{Devil{\textquoteright}s} Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices}, booktitle = {29th USENIX Security Symposium (USENIX Security 20)}, year = {2020}, isbn = {978-1-939133-17-5}, pages = {2667--2684}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/chen-yuxuan}, publisher = {USENIX Association}, month = aug } @inproceedings {255328, author = {Bin Yuan and Yan Jia and Luyi Xing and Dongfang Zhao and XiaoFeng Wang and Yuqing Zhang}, title = {Shattered Chain of Trust: Understanding Security Risks in {Cross-Cloud} {IoT} Access Delegation}, booktitle = {29th USENIX Security Symposium (USENIX Security 20)}, year = {2020}, isbn = {978-1-939133-17-5}, pages = {1183--1200}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/yuan}, publisher = {USENIX Association}, month = aug } @inproceedings {236222, author = {Yi Chen and Luyi Xing and Yue Qin and Xiaojing Liao and XiaoFeng Wang and Kai Chen and Wei Zou}, title = {Devils in the Guidance: Predicting Logic Vulnerabilities in Payment Syndication Services through Automated Documentation Analysis}, booktitle = {28th USENIX Security Symposium (USENIX Security 19)}, year = {2019}, isbn = {978-1-939133-06-9}, address = {Santa Clara, CA}, pages = {747--764}, url = {https://www.usenix.org/conference/usenixsecurity19/presentation/chen-yi}, publisher = {USENIX Association}, month = aug } @inproceedings {242044, author = {Wenrui Diao and Yue Zhang and Li Zhang and Zhou Li and Fenghao Xu and Xiaorui Pan and Xiangyu Liu and Jian Weng and Kehuan Zhang and XiaoFeng Wang}, title = {Kindness is a Risky Business: On the Usage of the Accessibility {APIs} in Android }, booktitle = {22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)}, year = {2019}, isbn = {978-1-939133-07-6}, address = {Chaoyang District, Beijing}, pages = {261--275}, url = {https://www.usenix.org/conference/raid2019/presentation/diao}, publisher = {USENIX Association}, month = sep } @inproceedings {236342, author = {Xueqiang Wang and Yuqiong Sun and Susanta Nanda and XiaoFeng Wang}, title = {Looking from the Mirror: Evaluating {IoT} Device Security through Mobile Companion Apps}, booktitle = {28th USENIX Security Symposium (USENIX Security 19)}, year = {2019}, isbn = {978-1-939133-06-9}, address = {Santa Clara, CA}, pages = {1151--1167}, url = {https://www.usenix.org/conference/usenixsecurity19/presentation/wang-xueqiang}, publisher = {USENIX Association}, month = aug } @inproceedings {236238, author = {Xuan Feng and Xiaojing Liao and XiaoFeng Wang and Haining Wang and Qiang Li and Kai Yang and Hongsong Zhu and Limin Sun}, title = {Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis}, booktitle = {28th USENIX Security Symposium (USENIX Security 19)}, year = {2019}, isbn = {978-1-939133-06-9}, address = {Santa Clara, CA}, pages = {887--903}, url = {https://www.usenix.org/conference/usenixsecurity19/presentation/feng}, publisher = {USENIX Association}, month = aug } @inproceedings {236272, author = {Yeonjoon Lee and Xueqiang Wang and Kwangwuk Lee and Xiaojing Liao and XiaoFeng Wang and Tongxin Li and Xianghang Mi}, title = {Understanding {iOS-based} Crowdturfing Through Hidden {UI} Analysis}, booktitle = {28th USENIX Security Symposium (USENIX Security 19)}, year = {2019}, isbn = {978-1-939133-06-9}, address = {Santa Clara, CA}, pages = {765--781}, url = {https://www.usenix.org/conference/usenixsecurity19/presentation/lee}, publisher = {USENIX Association}, month = aug } @inproceedings {217607, author = {Xuejing Yuan and Yuxuan Chen and Yue Zhao and Yunhui Long and Xiaokang Liu and Kai Chen and Shengzhi Zhang and Heqing Huang and XiaoFeng Wang and Carl A. Gunter}, title = {{CommanderSong}: A Systematic Approach for Practical Adversarial Voice Recognition}, booktitle = {27th USENIX Security Symposium (USENIX Security 18)}, year = {2018}, isbn = {978-1-939133-04-5}, address = {Baltimore, MD}, pages = {49--64}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/yuan-xuejing}, publisher = {USENIX Association}, month = aug } @inproceedings {217531, author = {Xiaohan Zhang and Yuan Zhang and Qianqian Mo and Hao Xia and Zhemin Yang and Min Yang and XiaoFeng Wang and Long Lu and Haixin Duan}, title = {An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications}, booktitle = {27th USENIX Security Symposium (USENIX Security 18)}, year = {2018}, isbn = {978-1-939133-04-5}, address = {Baltimore, MD}, pages = {1183--1198}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/zhang-xiaohan}, publisher = {USENIX Association}, month = aug } @inproceedings {217509, author = {Kan Yuan and Haoran Lu and Xiaojing Liao and XiaoFeng Wang}, title = {Reading Thieves{\textquoteright} Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces}, booktitle = {27th USENIX Security Symposium (USENIX Security 18)}, year = {2018}, isbn = {978-1-939133-04-5}, address = {Baltimore, MD}, pages = {1027--1041}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/yuan-kan}, publisher = {USENIX Association}, month = aug } @inproceedings {203632, author = {Xiaolong Bai and Zhe Zhou and XiaoFeng Wang and Zhou Li and Xianghang Mi and Nan Zhang and Tongxin Li and Shi-Min Hu and Kehuan Zhang}, title = {Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment}, booktitle = {26th USENIX Security Symposium (USENIX Security 17)}, year = {2017}, isbn = {978-1-931971-40-9}, address = {Vancouver, BC}, pages = {593--608}, url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/bai}, publisher = {USENIX Association}, month = aug } @inproceedings {203866, author = {Yuan Tian and Nan Zhang and Yueh-Hsun Lin and XiaoFeng Wang and Blase Ur and Xianzheng Guo and Patrick Tague}, title = {{SmartAuth}: {User-Centered} Authorization for the Internet of Things}, booktitle = {26th USENIX Security Symposium (USENIX Security 17)}, year = {2017}, isbn = {978-1-931971-40-9}, address = {Vancouver, BC}, pages = {361--378}, url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tian}, publisher = {USENIX Association}, month = aug } @inproceedings {190924, author = {Kai Chen and Peng Wang and Yeonjoon Lee and XiaoFeng Wang and Nan Zhang and Heqing Huang and Wei Zou and Peng Liu}, title = {Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the {Google-Play} Scale}, booktitle = {24th USENIX Security Symposium (USENIX Security 15)}, year = {2015}, isbn = {978-1-939133-11-3}, address = {Washington, D.C.}, pages = {659--674}, url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/chen-kai}, publisher = {USENIX Association}, month = aug } @inproceedings {190949, author = {Yuhong Nan and Min Yang and Zhemin Yang and Shunfan Zhou and Guofei Gu and XiaoFeng Wang}, title = {{UIPicker}: {User-Input} Privacy Identification in Mobile Applications}, booktitle = {24th USENIX Security Symposium (USENIX Security 15)}, year = {2015}, isbn = {978-1-939133-11-3}, address = {Washington, D.C.}, pages = {993--1008}, url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/nan}, publisher = {USENIX Association}, month = aug } @inproceedings {184417, author = {Sumayah Alrwais and Kan Yuan and Eihal Alowaisheq and Zhou Li and XiaoFeng Wang}, title = {Understanding the Dark Side of Domain Parking}, booktitle = {23rd USENIX Security Symposium (USENIX Security 14)}, year = {2014}, isbn = {978-1-931971-15-7}, address = {San Diego, CA}, pages = {207--222}, url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/alrwais}, publisher = {USENIX Association}, month = aug } @inproceedings {268075, author = {Rui Wang and XiaoFeng Wang and Zhuowei Li}, title = {Panalyst: {Privacy-Aware} Remote Error Analysis on Commodity Software}, booktitle = {17th USENIX Security Symposium (USENIX Security 08)}, year = {2008}, address = {San Jose, CA}, url = {https://www.usenix.org/conference/17th-usenix-security-symposium/panalyst-privacy-aware-remote-error-analysis-commodity}, publisher = {USENIX Association}, month = jul }