Selected Publications

    2019

    Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, Kehuan Zhang. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. Accepted. To appear in Proceedings of the 26th Annual Network and Distributed System Security Symposium (NDSS 2019). Feb 24-27, 2019. San Diego, California, USA. Acceptance rate: 17.08% (89/521).
    [ PDF ]

    2018

  1. Ronghai Yang*, Wing Cheong Lau, Jiongyi Chen*, Kehuan Zhang, “Vetting Single-Sign-On SDK Implementations via Symbolic Reasoning,” in the 27th USENIX Security Symposium (Security 2019) , Aug 2018. This work received the 2018 Internet Defense Prize (2nd Runner-up) from USENIX and Facebook.
    [ PDF ]
  2. Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, Kehuan Zhang. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In Proceedings of Network and Distributed System Security Symposium 2018 (NDSS 2018). Feb 18-21, 2018. San Diego, California, USA. Acceptance rate: 21.45% (71/331).
    [ PDF ]
  3. Di Tang, Zhe Zhou, Yinqian Zhang, Kehuan Zhang. Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections. In Proceedings of Network and Distributed System Security Symposium 2018 (NDSS 2018). Feb 18-21, 2018. San Diego, California, USA. Acceptance rate: 21.45% (71/331).
    [ PDF ]
  4. 2017

  5. Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian, Carl A. Gunter, Kehuan Zhang, Patrick Tague, Yue-Hsun Lin. SoK: Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going To Be. arXiv preprint arXiv:1703.09809. https://arxiv.org/abs/1703.09809. 2017.
  6. Xiaolong Bai, Zhe Zhou, XiaoFeng Wang, Zhou Li, Xianghang Mi, Nan Zhang, Tongxin Li, Shi-Min Hu, Kehuan Zhang*. Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment. In Proceedings of the 26th USENIX Security Symposium (Security'2017). August 16-18, 2017. Vancouver, BC, Canada.
    [ PDF ]
  7. Zhe Zhou, Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang, Rui Liu. Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU. Accepted, In journal Proceedings on Privacy Enhancing Technologies (PoPETs), 2017.
    [ PDF ]
  8. Zhe Zhou, Zhou Li, Kehuan Zhang. All Your VMs are Disconnected: Attacking Hardware Virtualized Network. Accepted. In Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (ACM CODASPY 2017). March 22-24, 2017, Scottsdale, Arizona, USA.
    [ PDF ]
  9. 2016

  10. Yannan Liu, Lingxiao Wei, Zhe Zhou, Kehuan Zhang, Wenyuan Xu and Qiang Xu. On Code Execution Tracking via Power Side-Channel. In Proceedings of 23rd ACM Conference on Computer and Communications Security ( ACM CCS 2016 ), Hofburg Palace, Vienna, Austria October 24-28, 2016. [ PDF ]

  11. Kun Du, Hao Yang, Zhou Li, Haixin Duan, Kehuan Zhang. The Ever-changing Labyrinth: A Large-scale Analysis of Wildcard DNS Powered Blackhat SEO. In Proceeding of the 25th USENIX Security Symposium (Security'2016). Auguest 10-12, 2016. Austin, TX, USA. Acceptance rate: 72/463. [ PDF ]

  12. Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang. Evading Android Runtime Analysis Through Detecting Programmed Interactions. In Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2016). July 18-20, 2016. Darmstadt, Germany. [ PDF ]

  13. Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. In proceeding of the 37th IEEE Symposium on Security and Privacy (Oakland'16). May 23-25, 2016. San Jose, CA, USA. Acceptance rate: 55/400. [ PDF ]

  14. Zhe Zhou, Tao Zhang, Sherman S.M. Chow, Yupeng Zhang and Kehuan Zhang. Efficient Authenticated Multi-Pattern Matching. In Proceedings of the 2016 ACM Asia Conference on Computer and Communications Security (ASIACCS) . Xi'an, Shanxi, China. May 30 - June 3, 2016. Acceptance rate: 73/350. [ PDF ]

  15. Yang Ronghai, Guanchen Li, Wing Cheong Lau, Kehuan Zhang and Pili Hu. Model-based Security Testing: an Empirical Study on OAuth 2.0 Implementations. In Proceedings of the 2016 ACM Asia Conference on Computer and Communications Security (ASIACCS) . Xi'an, Shanxi, China. May 30 - June 3, 2016. Acceptance rate: 73/350. [ PDF ]

    2015

  16. Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, Kehuan Zhang. When Good Becomes Evil: Keystroke Inference with Smartwatch. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'2015) . Denver, Colorado, US. October 12-16, 2015. Acceptance rate 19.8% (128/646). [ PDF ]

  17. Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang and Zhou Li. Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections. In proceedings of the 20th European Symposium on Researchh in Computer Security (ESORICS’2015). Sept 21-25, 2015. Vienna, Austria. Acceptance rate 19.79% (58/293) [ PDF ]

  18. Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, Kehuan Zhang. An Empirical Study on Android for Saving Non-shared Data on Public Storage. In proceedings of the 30th IFIP International Information Security and Privacy Conference (IFIP SEC’2015). Hamburg, Germany. May 26-28, 2015. [ PDF ]

    2014

  19. Zhe Zhou, Wenrui Diao, Xiangyu Liu and Kehuan Zhang. Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. In proceedings of the 21st ACM Conference on Computer and Communications Security (CCS'2014), Scottsdale, Arizona, USA. November 3-7, 2014. Acceptance Rate: 19% (114/585). [ PDF ]

  20. Wenrui Diao, Xiangyu Liu, Zhe Zhou and Kehuan Zhang. Your Voice Assistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone. The 4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM'2014). Scottsdale, Arizona, USA, November 3-7, 2014. [ PDF ]
    (Our preview has get wide media coverages according to Google search with keyword "Android GVS attack"

    2012

  21. Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, XiaoFeng Wang, Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising. The 19th ACM Conference on Computer and Communications Security (CCS’12) , Raleigh, North Carolina, Oct. 2012. [ PDF ]

    2011

  22. Kehuan Zhang , Xiaoyong Zhou, Yangyi Chen, XiaoFeng Wang, Yaoping Ruan. Sedic: Privacy-Aware Data Intensive Computing on Hybrid Clouds. In Proceedings of 18th ACM Conference on Computer and Communications Security (CCS'11). October 17-21, 2011, Chicago, Illinois, USA. Acceptance Rate: 14% (60/429). [ PDF ]

  23. Roman Schlegel, Kehuan Zhang , Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang, "Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones", In Proceedings of the 18th Annual Network & Distributed System Security Symposium (NDSS '11), pp. 17-33, San Diego, CA, February 6-9, 2011. USA. Acceptance Rate: 20% (28/139). [ PDF ]

    2010

  24. Kehuan Zhang , Zhou Li, Rui Wang, XiaoFeng Wang and Shuo Chen. Sidebuster: Automated Detection and Quantification of Side-Channel Leaks in Web Application Development. 17th ACM Conference on Computer and Communications Security (CCS'2010). Oct 2010, Chicago, IL, USA. Acceptance Rate: 17% (55/320) [ PDF ]

  25. Shuo Chen, Rui Wang, Xiaofeng Wang and Kehuan Zhang . Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow. The 31st IEEE Security and Privacy Symposium (Oakland'2010), Oakland California, USA, 2010. Acceptance Rate: 11%(26/237) [ PDF ]

  26. Zhou Li, Kehuan Zhang , XiaofengWang. Mash-IF: Practical Information-Flow Control within Client-side Mashups. The 40th Dependable Systems and Networks (DSN 2010), Chicago, Illinois, USA. [ PDF ]

    2009

  27. Kehuan Zhang , Xiaofeng Wang. Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems. USENIX Security Symposium (Security'2009), August, Montreal, Canada, 2009. Acceptance Rate: 14.8% (26/176) [ PDF ]

    2008

  28. Rui Wang, XiaoFeng Wang, Kehuan Zhang and Zhuowei Li. Towards automatic reverse engineering of software security configurations. Proceedings of the 15th ACM conference on Computer and communications security (CCS' 08) , pp245-256, Oct 2008. Acceptance Rate: 18%(51/281) [*First three authors are listed in alphabetical order]. [ PDF ]