Zhiyun Qian |
Email: zhiyunq cs.ucr.eduOffice: Winston Chung Hall 334 Phone number: 951-827-6438 |
|
Zhiyun Qian |
Email: zhiyunqcs.ucr.edu Office: Winston Chung Hall 334 Phone number: 951-827-6438 |
|
| 2025 | |
| S&P 25 | Redefining Indirect Call Analysis with KallGraph
[To appear] Guoren Li, Manu Sridharan, Zhiyun Qian In Proceedings of IEEE Security and Privacy (Oakland) 2025 (accepted in the 2nd cycle), San Francisco, CA. |
| S&P 25 | Beyond the Horizon: Uncovering Hosts and Services behind Misconfigured Firewalls
[To appear] Qing Deng, Juefei Pu, Zhaowei Tan, Zhiyun Qian, Srikanth V. Krishnamurthy In Proceedings of IEEE Security and Privacy (Oakland) 2025 (accepted in the 2nd cycle), San Francisco, CA. |
| S&P 25 | SoK: Challenges and Paths Toward Memory Safety for eBPF
[To appear] Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger In Proceedings of IEEE Security and Privacy (Oakland) 2025 (accepted in the 2nd cycle), San Francisco, CA. |
| S&P 25 | SCAD: Towards a Universal and Automated Network Side-Channel Vulnerability Detection
[PDF] Keyu Man, Zhongjie Wang, Yue Cao, Shenghan Zheng, Xin'an Zhou, Zhiyun Qian In Proceedings of IEEE Security and Privacy (Oakland) 2025 (accepted in the 1st cycle), San Francisco, CA. |
| NDSS 25 | Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel
[PDF] Hang Zhang, Jangha Kim, Chuhong Yuan, Zhiyun Qian, Taesoo Kim In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2025, San Diego, CA. |
| 2024 | |
| MobiCom 24 | M2HO: Mitigating the Adverse Effects of 5G Handovers on TCP
[PDF] Zhutian Liu, Qing Deng, Zhaowei Tan, Zhiyun Qian, Xinyu Zhang, Ananthram Swami, Srikanth V. Krishnamurthy In Proceedings of the ACM MobiCom 2024, Washington D.C. |
| ACM CCS 24 | Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects
[PDF] Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger In Proceedings of the ACM CCS 2024 (accepted in the second cycle), Salt Lake City, UT. |
| ACM CCS 24 | Untangling the Knot: Breaking Access Control in Home Wireless Mesh Networks
[PDF]
[Source] Xin'an Zhou, Qing Deng, Juefei Pu, Keyu Man, Zhiyun Qian, Srikanth V. Krishnamurthy In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2024 (accepted in the first cycle), Salt Lake City, UT. |
| USENIX Security 24 | SymBisect: Accurate Bisection for Fuzzer-Exposed Vulnerabilities
[PDF]
[Source] Zheng Zhang, Yu Hao, Weiteng Chen, Xiaochen Zou, Xingyu Li, Haonan Li, Yizhuo Zhai, Zhiyun Qian, Billy Lau In Proceedings of the USENIX Security 2024 (accepted in Winter 2024), Philadelphia, PA. |
| USENIX Security 24 | OPTISAN: Using Multiple Spatial Error Defenses to Optimize Stack Memory Protection within a Budget
[PDF] Rahul George, Mingming Chen, Kaiming Huang, Zhiyun Qian, Thomas La Porta, Trent Jaeger In Proceedings of the USENIX Security 2024 (accepted in Winter 2024), Philadelphia, PA. |
| OOPSLA 24 | Enhancing Static Analysis For Practical Bug Detection: An LLM-Integrated Approach
[PDF]
[Source] Haonan Li, Yu Hao, Yizhuo Zhai, and Zhiyun Qian In Proceedings of the ACM on Programming Languages (PACMPL), Issue OOPSLA, 2024 (accepted in R1), Pasadena, CA. |
| Euro S&P 24 | DNS Exfiltration Guided by Generative Adversarial Networks
[PDF] Abdulrahman Fahim, Shitong Zhu, Zhiyun Qian, Chengyu Song, Vagelis Papalexakis, Supriyo Chakraborty, Kevin Chan, Paul Yu, Trent Jaeger, and Srikanth V. Krishnamurthy In Proceedings of IEEE European Symposium on Security and Privacy 2024, Vienna, Austria. |
| USENIX Security 24 | Don't Waste My Efforts: Pruning Redundant Sanitizer Checks of Developer-Implemented Type Checks
[PDF]
[Source] Yizhuo Zhai, Zhiyun Qian, Chengyu Song, Manu Sridharan, Trent Jaeger, Paul Yu, and Srikanth V. Krishnamurthy In Proceedings of USENIX Security 2024 (accepted in Fall 2023), Philadelphia, PA. |
| MSR 24 | An Investigation of Patch Porting Practices of the Linux Kernel Ecosystem
[PDF] Xingyu Li, Zheng Zhang, Zhiyun Qian, Trent Jaeger, and Chengyu Song In Proceedings of the Mining Software Repositories (MSR) 2024, Lisbon, Portugal. |
| NDSS 24 | SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem
[PDF]
[Source] Xiaochen Zou, Yu Hao, Zheng Zhang, Juefei Pu, Weiteng Chen, and Zhiyun Qian In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2024, San Diego, CA. |
| NDSS 24 | K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel
[PDF]
[Source] Zhengchuan Liang, Xiaochen Zou, Chengyu Song, and Zhiyun Qian In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2024, San Diego, CA. |
| S&P 24 | SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing
[PDF]
[Source] Weiteng Chen, Yu Hao, Zheng Zhang, Xiaochen Zou, Dhilung Kirat, Shachee Mishra, Douglas Schales, Jiyong Jang, and Zhiyun Qian In Proceedings of IEEE Security and Privacy (Oakland) 2024, San Francisco, CA. |
| Black Hat 24 (industry) | PageJack: A Powerful Exploit Technique With Page-Level UAF
[Link] Zhiyun Qian, Jiayi Hu, Jinmeng Zhou, Qi Tang, and Wenbo Shen In Black Hat USA, 2024, Las Vegas, NV. |
| Black Hat 24 (Industry) | Fallen Tower of Babel: Rooting Wireless Mesh Networks by Abusing Heterogeneous Control Protocols
[Link] Xin'an Zhou, Zhiyun Qian, Juefei Pu, Qing Deng, Srikanth V. Krishnamurthy, and Keyu Man In Black Hat USA, 2024, Las Vegas, NV. |
| SP 24 (Magazine) | Comprehensive Memory Safety Validation: An Alternative Approach to Memory Safety
[PDF] Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger IEEE Security and Privacy Magazine, 2024 |
| 2023 | |
| USENIX Security 23 | A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel
[PDF]
[Source] Guoren Li, Hang Zhang, Jinmeng Zhou, Wenbo Shen, Yulei Sui, and Zhiyun Qian In Proceedings of USENIX Security 2023 (accepted in Winter 2023), Anaheim, MA. |
FSE-IVR 23 | Assisting Static Analysis with Large Language Models: A ChatGPT Experiment
[PDF] Haonan Li, Yu Hao, Yizhuo Zhai, and Zhiyun Qian In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023): Idea, Vision, and Reflection Track. [Poster in S&P 2023] |
| S&P 23 | SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers
[PDF]
[Source] Yu Hao, Guoren Li, Xiaochen Zou, Weiteng Chen, Shitong Zhu, Zhiyun Qian, and Ardalan Amiri Sani In Proceedings of IEEE Security and Privacy (Oakland) 2023, San Francisco, CA. [Linux Security Summit 2023] [Qualcomm Security Summit 2023] Selected syzkaller patches: [Patch1] [Patch2] [Patch3] |
| FAST 23 | Unsafe at Any Copy: Name Collisions from Mixing Case Sensitivities
[PDF]
[Source] Aditya Basu, John Sampson, Zhiyun Qian, and Trent Jaeger In Proceedings of USENIX Conference on File and Storage Technologies (FAST) 2023, Santa Clara, CA. |
| Black Hat 23 (Industry) | Dilemma in IoT Access Control: Revealing Novel Attacks and Design Challenges in Mobile-as-a-Gateway IoT
[Link] Luyi Xing, Xin'an Zhou, Jiale Guan, and Zhiyun Qian In Black Hat (Asia) 2023, Singapore. |
| TDSC 23 (Journal) | PolyScope: Multi-policy Access Control Analysis to Triage Android Scoped Storage
[PDF] Yu-Tsung Lee, Haining Chen, William Enck, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Giuseppe Petracca, and Trent Jaeger IEEE Transactions on Dependable and Secure Computing, 2023 |
| 2022 | |
| ACM CCS 22 | Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT
[PDF] Xin’an Zhou, Jiale Guan, Luyi Xing, and Zhiyun Qian In Proceedings of the ACM CCS 2022, Los Angeles, CA. [CVE-2022-23776] [CVE-2022-36268] [CVE-2022-26262] [CVE-2022-37192] [CVE-2022-37193] |
| ICSE 22 | Demystifying the Dependency Challenge in Kernel Fuzzing
[PDF]
[Source] Yu Hao, Hang Zhang, Guoren Li, Xingyun Du, Zhiyun Qian, Ardalan Amiri Sani In Proceedings of IEEE/ACM International Conference on Software Engineering (ICSE) 2022, Pittsburgh, PA. [Google Research Paper Reward] |
| USENIX Security 22 | Off-Path Network Traffic Manipulation via Revitalized ICMP Redirect Attacks
[PDF] Xuewei Feng, Qi Li, Kun Sun, Zhiyun Qian, Gang Zhao, Xiaohui Kuang, Chuanpu Fu, and Ke Xu In Proceedings of USENIX Security 2022 (accepted in Winter 2022), Boston, MA. |
| USENIX Security 22 | SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs
[PDF]
[Source] Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, and Zhiyun Qian In Proceedings of USENIX Security 2022 (accepted in Summer 2021), Boston, MA. [Linux Security Summit 2021] [Google Research Paper Reward] [CVE-2021-33034] [CVE-2021-33033] [CVE-2020-36387] [CVE-2020-36386] [CVE-2020-36385] [CVE-2020-36387] [CVE-2019-25044] [CVE-2018-25015] [CVE-2019-25045] |
| USENIX Security 22 | LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution
[PDF] Jian Liu, Lin Yi, Weiteng Chen, Chengyu Song, Zhiyun Qian, and Qiuping Yi In Proceedings of USENIX Security 2022 (accepted in Summer 2021), Boston, MA. |
| NDSS 22 | Progressive Scrutiny: Incremental Detection of UBI bugs in the Linux Kernel
[PDF]
[Source] Yizhuo Zhai, Yu Hao, Zheng Zhang, Weiteng Chen, Guoren Li, Zhiyun Qian, Chengyu Song, Manu Sridharan, Srikanth V. Krishnamurthy, Trent Jaeger, Paul Yu In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2022, San Diego, CA. Selected patches: [Patch1] [Patch2] [Patch3] |
| NDSS 22 | PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP
[PDF] Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, Zhiyun Qian In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2022, San Diego, CA. |
| NDSS 22 | The Taming of the Stack: Isolating Stack Data from Memory Errors
[PDF] Kaiming Huang, Yongzhe Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, and Trent Jaeger In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2022, San Diego, CA. |
| S&P 22 | Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK
[PDF]
[Source] Xuancheng Jin, Xuangan Xiao, Songlin Jia, Wang Gao, Hang Zhang, Dawu Gu, Siqi Ma, Zhiyun Qian, and Juanru Li In Proceedings of IEEE Security and Privacy (Oakland) 2022, San Francisco, CA. |
| TDSC 22 [Journal] |
DNS Poisoning of Operating System Caches: Attacks and Mitigations Fatemah Alharbi, Jie Chang, Yuchen Zhou, Feng Qian, Zhiyun Qian, Nael Abu-Ghazaleh In IEEE Transactions on Dependable and Secure Computing (TDSC) 2022. |
| 2021 | |
| ACSAC 21 | Eluding ML-based Adblockers With Actionable Adversarial Examples
[PDF]
[Source] Shitong Zhu, Zhongjie Wang, Xun Chen, Shasha Li, Keyu Man, Umar Iqbal, Zhiyun Qian, Kevin S. Chan, Srikanth V. Krishnamurthy, Zubair Shafiq, Yu Hao, Guoren Li, Zheng Zhang, Xiaochen Zou In Proceedings of Annual Computer Security Applications Conference (ACSAC) 2021. |
| ACM CCS 21 | DNS Cache Poisoning Attack: Resurrections with Side Channels
[PDF] [CVE-2021-20322] Keyu Man, Xinan Zhou, and Zhiyun Qian In Proceedings of the ACM CCS 2021. Media coverage: [Ars Technica] [TechTarget] [The Hacker News] |
| ACM CCS 21 | Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels
[PDF] [Source] Hang Zhang, Weiteng Chen, Yu Hao, Guoren Li, Yizhuo Zhai, Xiaochen Zou, and Zhiyun Qian In Proceedings of the ACM CCS 2021. |
| ACM CCS 21 | Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison
[PDF] [Source] Zhongjie Wang, Shitong Zhu, Keyu Man, Pengxiong Zhu, Yu Hao, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, and Michael J. De Lucia In Proceedings of the ACM CCS 2021. |
| ACM CCS 21 | SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers
[PDF] [Source] Weiteng Chen, Yu Wang, Zheng Zhang, and Zhiyun Qian In Proceedings of ACM CCS 2021. [CVE-2020-9929] [CVE-2020-9928] [CVE-2021-30899] [CVE-2021-30982] [CVE-2021-30931] |
| USENIX Security 21 | SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
[PDF] [Source] Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, and Nael Abu-Ghazaleh In Proceedings of USENIX Security 2021. |
| USENIX Security 21 | PolyScope: Multi-Policy Access Control Analysis to Compute
Authorized Attack Operations in Android Systems
[PDF] Yu-Tsung Lee, William Enck, Haining Chen, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Daimeng Wang, Giuseppe Petracca, and Trent Jaeger In Proceedings of USENIX Security 2021. |
| USENIX Security 21 | Undo Workarounds for Kernel Bugs
[PDF] [Source] Seyed Mohammadjavad Seyed Talebi, Zhihao Yao, Ardalan Amiri Sani, Zhiyun Qian, and Daniel Austin In Proceedings of USENIX Security 2021. |
| USENIX Security 21 | An Investigation of the Android Kernel
Patch Ecosystem
[PDF] [Source] Zheng Zhang, Hang Zhang, Zhiyun Qian, and Billy Lau In Proceedings of USENIX Security 2021. |
| MobiCom 21 | A Nationwide Census on WiFi Security
Threats: Prevalence, Riskiness, and the Economics Behind
[PDF] Di Gao, Hao Lin, Zhenhua Li, Feng Qian, Qi Alfred Chen, Zhiyun Qian, Wei Liu, Liangyi Gong, and Yunhao Liu In Proceedings of ACM MobiCom 2021. |
| TDSC 21 [Journal] |
Who Moves My App Promotion Investment? A Systematic Study about App Distribution Fraud Shaoyong Du, Minrui Zhao, Jingyu Hua, Hang Zhang, Xiaoyu Chen, Zhiyun Qian, and Sheng Zhong In IEEE Transactions on Dependable and Secure Computing (TDSC) 2021. |
| IEEE Design & Test 21 [Journal] |
Beyond the CPU: Side Channel Attacks on GPUs Hoda Naghibijouybari, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh In IEEE Design & Test 2021. |
| Elsevier HCC 21 [Journal] |
A Model Checking-Based Security Analysis Framework for IoT Systems Zheng Fanga, Hao Fu, Tianbo Gub, Zhiyun Qian, Trent Jaeger, Pengfei Hu, Prasant Mohapatra In Elsevier High-Confidence Computing 2021. |
| 2020 | |
| CoNEXT 20 | You Do (Not) Belong Here: Detecting
DPI Evasion Attacks with Context Learning
[PDF]
[Ethics] Shitong Zhu, Shasha Li, Zhongjie Wang, Xun Chen, Zhiyun Qian, Srikanth V. Krishnamurthy, Kevin S. Chan, and Ananthram Swami In Proceedings of ACM Conference on emerging Networking EXperiments and Technologies (CoNEXT) 2020. |
| CCS 20 | DNS Cache Poisoning Attack Reloaded:
Revolutions with Side Channels [PDF]
[Slides] Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, and Haixin Duan In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2020. [Distinguished Paper Award] [CVE-2020-25705] Media coverage: [Ars Technica] [ZDNet] [TechRepublic] [The Hacker News] |
| FSE 20 | UBITect: A Precise and Scalable Method
to Detect Use-Before-Initialization bugs in Linux Kernel [PDF]
[Source] Yizhuo Zhai, Yu Hao, Hang Zhang, Daimeng Wang, Chengyu Song, Zhiyun Qian, Mohsen Lesani, Srikanth V. Krishnamurthy, Paul Yu In Proceedings of the 2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE'20), Sacramento, CA. Selected patches: [Patch1] [Patch2] [Patch3] |
| USENIX Security 20 | Poison Over Troubled Forwarders: A
Cache Poisoning Attack Targeting DNS Forwarding Devices [PDF]
Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, Zhiyun Qian In Proceedings of USENIX Security 2020 (accepted in Winter 2020), Boston MA. |
| USENIX Security 20 | KOOBE: Towards Facilitating Exploit
Generation of Kernel Out-Of-Bounds Write Vulnerabilities
[PDF]
[Source] Weiteng Chen, Xiaochen Zou, Guoren Li, Zhiyun Qian In Proceedings of USENIX Security 2020 (accepted in Summer 2019), Boston MA. [Linux Security Summit 2021] |
| Eurosys 20 | Experiences of Landing Machine
Learning onto Market-Scale Mobile Malware Detection [PDF]
Liangyi Gong, Zhenhua Li, Feng Qian, Zifan Zhang, Qi Alfred Chen, Zhiyun Qian, Hao Lin, Yunhao Liu In Proceedings of Eurosys 2020, Dresden, Germany. |
| Sigmetrics 20 | Characterizing Transnational Internet
Performance and the Great Bottleneck of China
[PDF] Pengxiong Zhu, Keyu Man, Zhongjie Wang, Zhiyun Qian, Roya Ensafi, J. Alex Halderman, Haixin Duan In Proceedings of ACM SIGMETRICS 2020, Boston, MA. |
| NDSS 20 | SymTCP: Eluding Stateful Deep Packet
Inspection with Automated Discrepancy Discovery
[PDF]
[Source] Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth Krishnamurthy, Tracy D. Braun, Kevin S. Chan In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2020, San Diego, CA. |
| S&P 20 | AdGraph: A Graph-Based Approach to Ad
and Tracker Blocking
[PDF] Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian, Zubair Shafiq In Proceedings of IEEE Symposium on Security & Privacy (Oakland), 2020, San Francisco CA. |
| ToN 20 [Journal] |
Packet Header Obfuscation Using MIMO
Yue Cao, Ahmed Fathy Atya, Shailendra Singh, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, Prashant Krishnamurthy, Lisa Marvel In IEEE/ACM Transactions on Networking (TON) 2020. |
| 2019 | |
| CCS 19 | Principled Unearthing of TCP Side
Channel Vulnerabilities
[PDF] [Source] Yue Cao, Zhongjie Wang, Zhiyun Qian, Chengyu Song, Srikanth Krishnamurthy, Paul Yu In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2019, London, UK. |
| MASS 19 | ForeSee: A Cross-layer Vulnerability
Detection Framework for the Internet of Things
[PDF] Zheng Fang, Hao Fu, Tianbo Gu, Zhiyun Qian, Trent Jaeger, Prasant Mohapatra In Proceedings of IEEE International Conference on Mobile Ad hoc and Smart Systems (MASS), Monterey, Canada. |
| RAID 19 | Application level attacks on Connected
Vehicle Protocols
[PDF] Ahmed Abdo, Sakib Md Bin Malek, Zhiyun Qian, Qi Zhu, Matthew Barth, Nael Abu-Ghazaleh In Proceedings of International Symposium on Research in Attacks, Intrusions and Defenses (RAID) 2019, Beijing, China. |
| NSPW 19 | Employing Attack Graphs for Intrusion
Detection [PDF] Frank Capobianco, Rahul George, Kaiming Huang, Trent Jaeger, Mathias Payer, Srikanth Krishnamurthy, Zhiyun Qian, Paul Yu In Proceedings of New Security Paradigms Workshop (NSPW) 2019, San Carlos, Costa Rica. |
| ISC 19 | When The Attacker Knows A Lot: The
GAGA Graph Anonymizer
[PDF] Arash Alavi, Rajiv Gupta, Zhiyun Qian In Proceedings of Information Security Conference (ISC) 2019, New York. |
| DAC 19 | PAPP: Prefetcher-Aware Prime and Probe
Side-channel Attack
[PDF] [Source] Daimeng Wang, Zhiyun Qian, Nael Abu-Ghazaleh, Srikanth V. Krishnamurthy In Proceedings of Design Automation Conference (DAC) 2019, Las Vegas, NV. |
| WWW 19 | ShadowBlock: A Lightweight and
Stealthy Adblocking Browser
[PDF]
[Source] Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen In Proceedings of WWW 2019, San Francisco, CA. |
| Sigmetrics 19 | App in the Middle : Demystify
Application Virtualization in Android and its Security Threats
[PDF]
Lei Zhang, Zhemin Yang, Yuyu He, Mingqi Li, Sen Yang, Min Yang, Yuan Zhang, Zhiyun Qian In Proceedings of ACM SIGMETRICS 2019, Phoenix, AZ. |
| INFOCOM 19 | Collaborative Client-Side DNS Cache
Poisoning Attack [PDF]
Fatemah Alharbi, Jie Chang, Yuchen Zhou, Feng Qian, Zhiyun Qian, Nael Abu-Ghazaleh In Proceedings of IEEE International Conference on Computer Communications (INFOCOM), 2019, Paris, France. [Apple advisory 1] [Apple advisory 2] |
| INFOCOM 19 | Figment: Fine-grained Permission
Management for Mobile Apps [PDF]
Ioannis Gasparis, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Rajiv Gupta, and Paul Yu In Proceedings of IEEE International Conference on Computer Communications (INFOCOM), 2019, Paris, France. |
| NDSS 19 | Unveiling your keystrokes: A
Cache-based Side-channel Attack on Graphics Libraries [PDF]
[Source] Daimeng Wang, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh, Srikanth V. Krishnamurthy, Edward J. M. Colbert, Paul Yu In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2019, San Diego, CA. |
| ToN 19 [Journal] |
Catch Me if You Can: A Closer Look at Malicious
Co-Residency on the Cloud [PDF]
Ahmed Osama Fathy Atya, Zhiyun Qian, Srikanth V. Krishnamurthy, Thomas La Porta, Patrick McDaniel, and Lisa Marvel In IEEE/ACM Transactions on Networking (TON) 2019. |
| TDSC 19 [Journal] |
Resilient User-Side Android
Application Repackaging and Tampering Detection Using
Cryptographically Obfuscated Logic Bombs Qiang Zeng, Lannan Luo, Zhiyun Qian, Xiaojiang Du, Zhoujun Li, Chin-Tser Huang, and Csilla Farkas In IEEE Transactions on Dependable and Secure Computing (TDSC) 2019. |
| TDSC 19 [Journal] |
Side Channel Attacks on GPUs [PDF]
Hoda Naghibijouybari, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh In IEEE Transactions on Dependable and Secure Computing (TDSC) 2019. |
| 2018 | |
| CoNext 18 | IoTSan: Fortifying the Safety of IoT
Systems [PDF]
Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, Patrick McDaniel In Proceedings of International Conference on emerging Networking EXperiments and Technologies (CoNext) 2018, Heraklion/Crete, Greece. |
| CCS 18 | Rendered Insecure: GPU Side Channel
Attacks are Practical [PDF]
Hoda Naghibijouybari, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2018, Toronto, Canada. [Top pick in hardware security (ICCAD'19)] [CVE‑2018‑6260] [DarkReading] [TechSpot] |
| CCS 18 | How You Get Shot in the Back: A
Systematical Study about Cryptojacking in the Real World [PDF]
Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, Haixin Duan In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2018, Toronto, Canada. |
| CCS 18 | Invetter: Locating Insecure Input
Validations in Android Services [PDF]
[Source] Lei Zhang, Zhemin Yang, Yuyu He, Zhenyu Zhang, Zhiyun Qian, Geng Hong, Yuan Zhang, Min Yang In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2018, Toronto, Canada. |
| USENIX Security 18 |
Precise and Accurate Patch Presence
Test for Binaries [PDF]
[Source] Hang Zhang and Zhiyun Qian In Proceedings of USENIX Security 2018, Baltimore, MD. |
| USENIX Security 18 |
Off-Path TCP Exploit: How Wireless
Routers Can Jeopardize Your Secret [PDF]
[Demo]
[Source] Weiteng Chen and Zhiyun Qian In Proceedings of USENIX Security 2018, Baltimore, MD. [ACM TechNews] [GeekPwn Award] [CSAW 2018 Finalist] [IRTF 2019 Applied Networking Research Prize] |
| USENIX Security 18 |
Charm: Facilitating Dynamic Analysis of Device Drivers of
Mobile Systems [PDF]
[Source] Seyed Mohammadjavad Seyed Talebi and Hamid Tavakoli, Hang Zhang and Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian In Proceedings of USENIX Security 2018, Baltimore, MD. |
| AsiaCCS 18 | Droid M+: Developer Support for Imbibing Android’s New
Permission Model [PDF] Ioannis Gasparis, Azeem Aqil, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Rajiv Gupta, and Edward Colbert In Proceedings of the 13th ACM ASIA Conference on Information, Computer and Communications Security (AsiaCCS) 2018, Incheon, Korea. |
| S&P 18 | Static Evaluation of Noninterference using Approximate
Model Counting [PDF] Ziqiao Zhou, Zhiyun Qian, Michael K. Reiter, Yinqian Zhang In Proceedings of IEEE Security and Privacy (Oakland) 2018, San Francisco, CA. |
| INFOCOM 18 | A Framework for MIMO-based Packet Header Obfuscation [PDF] Yue Cao, Ahmed Fathy Atya, Shailendra Singh, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, Prashant Krishnamurthy, Lisa Marvel In Proceedings of IEEE International Conference on Computer Communications (INFOCOM) 2018, Honolulu, HI. |
| INFOCOM 18 | Accurate and Efficient Wireless Device Fingerprinting Using
Channel State Information [PDF] Jingyu Hua, Hongyi Sun, Zhenyu Shen, Zhiyun Qian, Sheng Zhong In Proceedings of IEEE International Conference on Computer Communications (INFOCOM) 2018, Honolulu, HI. |
| PAM 18 | RARE: A Systematic Augmented Router Emulation for Malware
Analysis [PDF] Ahmad Darki, Chun-Yu Chuang, Michalis Faloutsos, Zhiyun Qian, and Heng Yin In Proceedings of Passive and Active Measurement Conference (PAM) 2018, Berlin, Germany. |
| NDSS 18 | Measuring and Disrupting Anti-Adblockers Using Differential
Execution Analysis [PDF] Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq, Heng Yin In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2018, San Diego, CA. Media coverage: [Techcrunch] [Ars Technica] [Hacker News] [DMNews] |
| CGO 18 | Resilient Decentralized Android
Application Repackaging Detection [PDF] Qiang Zeng, Lannan Luo, Zhiyun Qian, Xiaojiang Du, and Zhoujun Li In International Symposium on Code Generation and Optimization (CGO), 2018, Vösendorf, Austria. |
| TDSC 18 [Journal] |
An Empirical Analysis of Hazardous Uses of Android Shared
Storage [PDF] Shaoyong Du, Pengxiong Zhu, Jingyu Hua, Zhiyun Qian, Zhao Zhang, Xiaoyu Chen, and Sheng Zhong In IEEE Transactions on Dependable and Secure Computing (TDSC) 2018. |
| ToN 18 [Journal] |
Off-Path TCP Exploits of the Challenge ACK Global Rate
Limit [PDF] Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, and Lisa M. Marvel In IEEE/ACM Transactions on Networking (TON) 2018. |
| 2017 | |
| IMC 17 | Your State is Not Mine: A Closer Look at Evading Stateful
Internet Censorship [PDF]
[Source] Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy In ACM Internet Measurement Conference (IMC) 2017, London, UK. |
| IMC 17 | The Ad Wars: Retrospective Measurement and Analysis of
Anti-Adblock Filter Lists [PDF] Umar Iqbal, Zubair Shafiq, Zhiyun Qian In ACM Internet Measurement Conference (IMC) 2017, London, UK. |
| ICNP 17 | Multipath TCP Traffic Diversion Attacks and Countermeasures
[PDF]
[IETF discussion & patch] Ali Munir, Zhiyun Qian, Zubair Shafiq, Alex Liu, Franck Le In IEEE International Conference on Network Protocols (ICNP) 2017, Toronto, Canada. |
| ICNP 17 | Selective HTTPS Traffic Manipulation at Middleboxes for
BYOD Devices
[PDF] Xing Liu, Feng Qian, and Zhiyun Qian In IEEE International Conference on Network Protocols (ICNP) 2017, Toronto, Canada. |
| WOOT 17 | Stalling Live Migrations on the Cloud [PDF] Ahmed Atya, Azeem Aqil, Karim Khalil, Zhiyun Qian, Srikanth V. Krishnamurthy, and Thomas F. La Porta In USENIX Workshop on Offensive Technologies (WOOT) 2017, Vancouver, Canada. |
| USENIX Security 17 |
Detecting Android Root Exploits by Learning from Root
Providers [PDF] Ioannis Gasparis, Zhiyun Qian, Chengyu Song, and Srikanth V. Krishnamurthy In Proceedings of USENIX Security 2017, Vancouver, Canada. |
| Sigmetrics 17 | Investigation of the 2016 Linux TCP Stack Vulnerability at
Scale [PDF] Alan Quach*, Zhongjie Wang*, and Zhiyun Qian Both authors contributed equally. In Proceedings of ACM SIGMETRICS 2017, Urbana-Champaign, IL. |
| PETS 17 | Detecting Anti Ad-blockers in the Wild [PDF] Muhammad Haris Mughees, Zhiyun Qian, and Zubair Shafiq In Proceedings of 17th Privacy Enhancing Technologies Symposium (PETS) 2017, Minneapolis, MN. [Data Transparency Lab Award] [FTC Privacy Con] [MIT Technology Review (tech report version)] |
| INFOCOM 17 | Malicious Co-Residency on the Cloud: Attacks and Defense
[PDF] Ahmed Osama Fathy Atya, Zhiyun Qian, Srikanth V. Krishnamurthy, Thomas La Porta, Patrick McDaniel, and Lisa Marvel In Proceedings of IEEE International Conference on Computer Communications (INFOCOM) 2017, Atlanta, GA. |
| PAM 17 | Where is the Weakest Link? A Study on Security
Discrepancies between Android Apps and Their Website
Counterparts [PDF] Arash Alavi, Alan Quach, Hang Zhang, Bryan Marsh, Farhan Ul Haq, Zhiyun Qian, Long Lu, Rajiv Gupta In Proceedings of Passive and Active Measurement Conference (PAM) 2017, Sydney, Australia. |
| 2016 | |
| CCS 16 | Android ION Hazard: the Curse of Customizable Memory
Management System [PDF]
[Website] Hang Zhang, Dongdong She, Zhiyun Qian In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2016, Vienna, Austria. [CVE-2015-8950] [CVE-2016-8756] [CVE-2016-8757] [CVE-2016-8758] [CVE-2017-8164] [CVE-2017-8165] |
| CCS 16 | The Misuse of Android Unix Domain Socket and Security
Implications [PDF] Yuru Shao, Jason Ott, Yunhan Jack Jia, Zhiyun Qian, Z. Morley Mao In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2016, Vienna, Austria. [CVE-2016-3360] [CVE-2016-3683] [CVE-2016-3898] |
| Globecom 16 | Optimal Monitor Placement for Detection of Persistent
Threats [PDF] Karim A. Khalil, Zhiyun Qian, Paul Yu, Srikanth V. Krishnamurthy, Ananthram Swami In Proceedings of IEEE GLOBECOM 2016, Washington, D.C. |
| USENIX Security 16 |
Off-Path TCP Exploits: Global Rate Limit Considered
Dangerous [CVE-2016-5696] [PDF] Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel In Proceedings of USENIX SECURITY 2016, Austin, TX. [GeekPwn Award] [Internet Defense Prize Runner-up] Media coverage: [LWN.net] [ARS Technica] [Slashdot] [The Register] [ZDNET] [FreeBuf(Chinese) 中文] ... |
| AsiaCCS 16 | revDroid: Code Analysis of the Side Effects after Dynamic
Permission Revocation of Android Apps [PDF] Zheran Fang, Weili Han, Dong Li, Zeqing Guo, Danhao Guo, Xiaoyang Sean Wang, Zhiyun Qian, Hao Chen In Proceedings of the 11th ACM Asia Conference on Computer and Communications Security (ASIACCS) 2016, Xi'an, China. |
| VLDB 16 | Behavior Query Discovery in System-Generated Temporal
Graphs [PDF] Bo Zong, Xusheng Xiao, Zhichun Li, Zhenyu Wu, Zhiyun Qian, Xifeng Yan, Ambuj K. Singh, and Guofei Jiang In Proceedings of the 42nd International Conference on Very Large Data Bases (VLDB) 2016, New Delhi, India. |
| NDSS 16 | Kratos: Discovering Inconsistent Security Policy
Enforcement in the Android Framework [PDF]
[Website] Yuru Shao, Jason Ott, Qi Alfred Chen, Zhiyun Qian, Z. Morley Mao In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2016, San Diego, CA. |
| 2015 | |
| CCS 15 | Android Root and its Providers: A Double-Edged Sword [PDF] Hang Zhang, Dongdong She, Zhiyun Qian In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2015, Denver, CO. Media coverage: [ARS Technica] [Trustlook] [Marketwired] |
| CCS 15 | Static Detection of Packet Injection Vulnerabilities: A Case
for Identifying Attacker-controlled Implicit Information Leaks [PDF] [Website]
Qi Alfred Chen, Zhiyun Qian, Yunhan Jack Jia, Yuru Shao, Z. Morley Mao In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2015, Denver, CO. |
| MILCOM 15 | Proactive Restart as Cyber Maneuver for Android [PDF] Zhiyong Shan, Iulian Neamtiu, Zhiyun Qian, Don Torrieri. In Proceedings of the Military Communications Conference (MILCOM) 2015, Tampa, FL. |
| ASIACCS 15 | Discover and Tame Long-running Idling Processes in Enterprise
Systems [PDF] Jun Wang, Zhiyun Qian, Zhichun Li, Zhenyu Wu, Junghwan Rhee, Xia Ning, Peng Liu, Guofei Jiang In Proceedings of 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2015, Singapore. |
| NDSS 15 | Checking More and Alerting Less: Detecting Privacy Leakages
via Enhanced Data-flow Analysis and Peer Voting [PDF] Kangjie Lu, Zhichun Li, Vasileios Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, Guofei Jiang In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2015, San Diego, CA. |
| <= 2014 | |
| USENIX Security 14 |
Peeking into Your App without Actually Seeing it: UI State
Inference and Novel Android Attacks [PDF] Qi Alfred Chen, Zhiyun Qian, Z. Morley Mao In Proceedings of USENIX SECURITY 2014, San Diego, CA. Media coverage: [ARS Technica] [CBS] [Slashdot] [CNET] [ZDNET] |
| CODASPY 13 | AppProfiler: A Flexible Method of Exposing Privacy-Related
Behavior in Android Applications to End Users [PDF] Sanae Rosen, Zhiyun Qian, Z. Morley Mao In Proceedings of ACM CODASPY 2013, San Antonio, TX. |
| CCS 12 | Collaborative TCP Sequence Number Inference Attack -- How to
Crack Sequence Number Under A Second [PDF] Zhiyun Qian, Z. Morley Mao, Yinglian Xie In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2012, Raleigh, NC. Impact on Linux: [LWN.net] [Linux patch] [Apple advisory 1 (CVE-2017-13810 )] [Apple advisory 2] |
| S&P 12 | Off-Path TCP Sequence Number Inference Attack -- How Firewall
Middleboxes Reduce Security [PDF]
[Webiste] Zhiyun Qian, Z. Morley Mao In Proceedings of IEEE Security and Privacy (Oakland) 2012, San Francisco, CA. Media coverage: [Check Point response] [Cisco response] [ARS Technica] [Engadget] [The Register] [Silicon India News] [Science Daily] ... |
| NDSS 12 | You Can Run, but You Can't Hide: Exposing Network Location
for Targeted DoS Attacks in Cellular Networks [PDF] Zhiyun Qian, Zhaoguang Wang, Qiang Xu, Z. Morley Mao, Ming Zhang and Yi-Min Wang In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2012, San Diego, CA. |
| SecureComm 11 | Designing Scalable and Effective Decision Support for
Mitigating Attacks in Large Enterprise Network [PDF] Zhiyun Qian, Z. Morley Mao, Ammar Rayes, and David Jaffe In Proceedings of SecureComm 2011, London, UK. |
| Sigcomm 11 | An Untold Story of Middleboxes in Cellular Networks [PDF] Zhaoguang Wang, Zhiyun Qian, Qiang Xu, Zhuoqing Morley Mao, and Ming Zhang In Proceedings of ACM SIGCOMM 2011, Toronto, Canada. Media coverage: [MIT Technology Review] [Slashdot] [CNET] |
| CODES/ ISSS 10 |
Accurate online power estimation and automatic battery
behavior based power model generation for smartphones
[PDF] Lide Zhang, Birjodh Tiwana, Zhiyun Qian, Zhaoguang Wang, Robert P. Dick, Z. Morley Mao, and Lei Yang In Proceedings of the eighth IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis (CODES/ISSS) 2010, Scottsdale, AZ. |
| S&P 10 | Investigation of Triangular Spamming: a Stealthy and
Efficient Spamming Technique [PDF] Zhiyun Qian, Z. Morley Mao, Yinglian Xie, and Fang Yu In Proceedings of IEEE Security and Privacy (Oakland) 2010, Berkeley, CA. |
| NDSS 10 | On Network-level Clusters for Spam Detection [PDF] Zhiyun Qian, Z. Morley Mao, Yinglian Xie, and Fang Yu In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2010, San Diego, CA. |
| SecureComm 09 |
Ensemble: Community-based Anomaly Detection for Popular
Applications [PDF] Feng Qian, Zhiyun Qian, Z. Morley Mao, and Atul Prakash In Proceedings of SecureComm 2009, Athens, Greece. |
