Publications

(2024). FirmRCA: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-based Fault Localization. IEEE S&P 2025, CCF-A.

(2023). SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices. IEEE S&P 2024, CCF-A.

PDF Code

(2023). MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency. NDSS 2024, CCF-A.

PDF

(2022). One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware. IEEE Transactions on Dependable and Secure Computing (TDSC), CCF-A.

PDF Dataset Slides

(2022). UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware. USENIX Security 2023, CCF-A.

PDF

(2022). MINER: A Hybrid Data-Driven Approach for REST API Fuzzing. USENIX Security 2023, CCF-A.

PDF Code

(2022). A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware. ISSTA 2022, CCF-A.

PDF Dataset Slides

(2022). SLIME: Program-sensitive Energy Allocation for Fuzzing. ISSTA 2022, CCF-A.

PDF Code

(2021). EMS: History-Driven Mutation for Coverage-based Fuzzing. NDSS 2022, CCF-A.

PDF Cite Code

(2021). MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols. USENIX Security 2021, CCF-A.

PDF Cite Code

(2020). A Large-scale Empirical Study on the Vulnerability of Deployed IoT Devices. IEEE Transactions on Dependable and Secure Computing (TDSC), CCF-A.

PDF Cite

(2019). Towards Understanding the Security of Modern Image Captchas and Underground Captcha-solving Services. Big Data Mining and Analytics, CCF-T2.

PDF Cite

(2018). Towards Evaluating the Security of Real-world Deployed Image CAPTCHAs. Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security (AISec 2018), co-located with CCS.

PDF Cite