• Publications
  • Influence
Binary stirring: self-randomizing instruction addresses of legacy x86 binary code
TLDR
Binary stirring is introduced, a new technique that imbues x86 native code with the ability to self-randomize its instruction addresses each time it is launched to transparently protect large, realistic applications that cannot be perfectly disassembled due to computed jumps, code-data interleaving, OS callbacks, dynamic linking and a variety of other difficult binary features. Expand
Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
TLDR
VMST is an entirely new technique that can automatically bridge the semantic gap and generate the VMI tools and automatically enables an in-guest inspection program to become an introspection program. Expand
SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps
TLDR
SMV-HUNTER is a system for the automatic, large-scale identification of such vulnerabilities that combines both static and dynamic analysis, and uses user interface enumeration and automation techniques to trigger the potentially vulnerable code under an active Man-in-the-Middle attack. Expand
Automatic Reverse Engineering of Data Structures from Binary Execution
TLDR
This paper proposes a reverse engineering technique to automatically reveal program data structures from binaries based on dynamic analysis and demonstrates that REWARDS provides unique benefits to two applications: memory image forensics and binary fuzzing for vulnerability discovery. Expand
SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution
TLDR
SgxPectre Attacks that exploit the recently disclosed CPU bugs to subvert the confidentiality of SGX enclaves are presented and it is shown that when branch prediction of the enclave code can be influenced by programs outside the enclave, the control flow can be temporarily altered to execute instructions that lead to observable cache-state changes. Expand
IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
TLDR
A novel automatic fuzzing framework, called IOTFUZZER, which aims at finding memory corruption vulnerabilities in IoT devices without access to their firmware images, and successfully identified 15 memory Corruption vulnerabilities (including 8 previously unknown ones). Expand
Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution
TLDR
The results show that AutoFormat can not only identify individual message fields automatically and with high accuracy, but also unveil the structure of the protocol format by revealing possible relations among the message fields. Expand
IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution
TLDR
This paper presents a system, IntScope, which can automatically detect integer overflow vulnerabilities in x86 binaries before an attacker does, with the goal of finally eliminating the vulnerabilities. Expand
EXTERIOR: using a dual-VM based external shell for guest-OS introspection, configuration, and recovery
TLDR
The experimental results show that EXTERIOR can be used for a timely administration of guest-OS, including introspection and (re)configuration of theGuest-OS state and timely response of kernel malware intrusions, without any user account in the guest- OS. Expand
Towards Memory Safe Enclave Programming with Rust-SGX
TLDR
The key idea is to enable the development of enclave programs with an efficient memory safe system language Rust with a RUST-SGX SDK by solving the key challenges of how to make the SGX software memory safe and meanwhile run as efficiently as with the SDK provided by Intel. Expand
...
1
2
3
4
5
...