Publications

(2022). One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware. IEEE Transactions on Dependable and Secure Computing, CCF-A.

PDF Dataset Slides

(2022). State-of-the-Art Survey of Open-source Software Supply Chain Security. Journal of Software, CCF-T1.

PDF

(2022). UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware. 32nd USENIX Security Symposium (USENIX 2023), CCF-A.

(2022). MINER: A Hybrid Data-Driven Approach for REST API Fuzzing. 32nd USENIX Security Symposium (USENIX 2023), CCF-A.

PDF Code

(2022). A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware. ISSTA 2022, CCF-A.

PDF Dataset Slides

(2022). SLIME: Program-sensitive Energy Allocation for Fuzzing. ISSTA 2022, CCF-A.

PDF Code

(2021). EMS: History-Driven Mutation for Coverage-based Fuzzing. NDSS 2022, CCF-A.

PDF Cite Code

(2021). MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols. 30th USENIX Security Symposium (USENIX 2021), CCF-A.

PDF Cite Code

(2020). A Large-scale Empirical Study on the Vulnerability of Deployed IoT Devices. IEEE Transactions on Dependable and Secure Computing (TDSC), CCF-A.

PDF Cite

(2019). Towards Understanding the Security of Modern Image Captchas and Underground Captcha-solving Services. Big Data Mining and Analytics, CCF-T2.

PDF Cite

(2018). Towards Evaluating the Security of Real-world Deployed Image CAPTCHAs. Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security (AISec 2018), co-located with CCS.

PDF Cite