Publications
Medusa Attack: Exploring Security Hazards of In-App QR Code Scanning
Xing Han, Yuheng Zhang, Xue Zhang, Zeyuan Chen, Mingzhe Wang, Yiwei Zhang, Siqi Ma, Yu Yu, Elisa Bertino, Juanru Li
USENIX Security Symposium (USENIX Security)
Anaheim, CA, USA. August 9-11, 2023.
EvilScreen Attack: Smart TV Hijacking via Multi-channel Remote Control Mimicry
Yiwei Zhang, Siqi Ma, Tiancheng Chen, Juanru Li, Robert H. Deng, Elisa Bertino
IEEE Transactions on Dependable and Secure Computing (TDSC)
Early Access, 14 June 2023
KingFisher: Unveiling Insecurely Used Credentials in IoT-to-Mobile Communications
Yiwei Zhang, Siqi Ma, Juanru Li, Dawu Gu, Elisa Bertino
IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Baltimore, Maryland, USA, June 27-30, 2022.
SIMulation: Demystifying (Insecure) Cellular Network based One-Tap Authentication Services
Ziyi Zhou, Xing Han, Zeyuan Chen, Yuhong Nan, Juanru Li, Dawu Gu
IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Baltimore, Maryland, USA, June 27-30, 2022.
PEDroid: Automatically Extracting Patches from Android App Updates
Hehao Li, Yizhuo Wang, Yiwei Zhang, Juanru Li, Dawu Gu
European Conference on Object-Oriented Programming (ECOOP)
Berlin, Germany, June 6 - July 7, 2022
Goshawk: Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis
Yunlong Lyu, Yi Fang, Yiwei Zhang, Qibin Sun, Siqi Ma, Elisa Bertino, Kangjie Lu, Juanru Li
IEEE Symposium on Security and Privacy (IEEE S&P)
San Francisco CA, United States. May 22-26, 2022.
Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK
Xuancheng Jin, Xuangan Xiao, Songlin Jia, Wang Gao, Dawu Gu, Hang Zhang, Siqi Ma, Zhiyun Qian, Juanru Li
IEEE Symposium on Security and Privacy (IEEE S&P)
San Francisco CA, United States. May 22-26, 2022.
Control Parameters Considered Harmful: Detecting Range Specification Bugs in Drone Configuration Modules via Learning-Guided Search
Ruidong Han, Chao Yang, Siqi Ma, Jianfeng Ma, Cong Sun, Juanru Li, Elisa Bertino
International Conference on Software Engineering (ICSE)
Pittsburgh, PA, United States. May 22-27, 2022.
Rethinking the Security of IoT From the Perspective of Developer Customized Device-cloud Interaction
Yiwei Zhang, Juanru Li, Dawu Gu
ACM/SIGAPP Symposium on Applied Computing (SAC)
Virtual Event. April 25-29, 2022.
Re-check Your Certificates! Experiences and Lessons Learnt from Real-world HTTPS Certificate Deployments
Wenya Wang, Yakang Li, Chao Wang, Yuan Yan, Juanru Li, Dawu Gu
International Conference on Network and System Security (NSS)
Tianjin, China. October 23, 2021.
Yet Another Traffic Black Hole: Amplifying CDN Fetching Traffic with RangeFragAmp Attacks
Chi Xu, Junrong Liu, Juanru Li
EAI International Conference on Collaborative Computing (CollaborateCom)
Suzhou, China. October 15-17, 2021.
SparrowHawk: Memory Safety Flaw Detection via Data-driven Source Code Annotation
Yunlong Lyu, Wang Gao, Siqi Ma, Qibin sun, Juanru Li
International Conference on Information Security and Cryptology (Inscrypt)
Qindao, China. August 11-14, 2021.
Fine with "1234"? An Analysis of SMS One-Time Password Randomness in Android Apps
Siqi Ma, Juanru Li, Hyoungshick Kim, Elisa Bertino, Surya Nepal, Diet Ostry, Cong Sun
International Conference on Software Engineering (ICSE)
Virtual (originally in Madrid, Spain). May 25-28, 2021.
Orchestration or Automation: Authentication Flaw Detection in Android Apps
Siqi Ma, Juanru Li, Surya Nepal, Diet Ostry, David Lo, Sanjay Jha, Robert Deng, Elisa Bertino
IEEE Transactions on Dependable and Secure Computing (TDSC)
Volume: 19, Issue: 4, 01 July-Aug. 2022. Page(s): 2165 - 2178
Certified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone Services
Siqi Ma, Hehao Li, Wenbo Yang, Juanru Li, Surya Nepal, Elisa Bertino
Annual Computer Security Applications Conference (ACSAC)
Austin, Texas, USA. December 7-11, 2020.
Understanding the security of app-in-the-middle IoT
Hui Liu, Juanru Li, Dawu Gu
Computers & Security
Volume 97, October 2020, 102000.
SmartShield: Automatic Smart Contract Protection Made Easy
Yuyao Zhang, Siqi Ma, Juanru Li, Kailai Li, Surya Nepal, Dawu Gu
IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)
London, Ontario, Canada. February 18-21, 2020.
EthPloit: From Fuzzing to Efficient Exploit Generation against Smart Contracts
Qingzhao Zhang, Yizhuo Wang, Juanru Li, Siqi Ma
IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)
London, Ontario, Canada. February 18-21, 2020.
Accelerating SM2 Digital Signature Algorithm using Modern Processor Features
Long Mai, Yuan Yan, Songlin Jia, Shuran Wang, Jianqiang Wang, Juanru Li, Siqi Ma, Dawu Gu
International Conference on Information and Communications Security (ICICS)
Beijing, China. December 15-17, 2019
An Empirical Study of the SMS One-Time Password Authentication in Android Apps
Siqi Ma, Runhan Feng, Juanru Li, Surya Nepal, Diethelm Ostry, Yang Liu, Elisa Bertino, Robert Deng, Sanjay Jha, Zhuo Ma
Annual Computer Security Applications Conference (ACSAC)
San Juan. December 9-13, 2019
Security analysis of third-party in-app payment in mobile applications
Wenbo Yang, Juanru Li, Yuanyuan Zhang, Dawu Gu
Journal of Information Security and Applications (JISA)
Volume 48. October, 2019
Finding Flaws from Password Authentication Code in Android Apps
Siqi Ma, Elisa Bertino, Robert Deng, Juanru Li, Diet Ostry, Surya Nepal, Sanjay Jha
The European Symposium on Research in Computer Security (ESORICS)
Luxembourg. September 23-27, 2019
NLP-EYE: Detecting Memory Corruptions via Semantic-Aware Memory Operation Function Identification
Jianqiang Wang, Siqi Ma, Yuanyuan Zhang, Zheyu Ma, Long Mai, Tiancheng Chen, Juanru Li, Dawu Gu
International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Beijing, China. September 23-25, 2019
AppCommune: Automated Third-Party Libraries De-duplicating and Updating for Android Apps
Bodong Li, Yuanyuan Zhang, Juanru Li, Runhan Feng, Dawu Gu
IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)
Hangzhou, China. February 24-27, 2019
An Empirical Study of SDK Credential Misuse in iOS Apps
Haohuang Wen, Juanru Li, Yuanyuan Zhang, Dawu Gu
Asia-Pacific Software Engineering Conference (APSEC)
Nara, Japan. December 4-7, 2018
K-Hunt: Pinpointing Insecure Cryptographic Keys in Execution Traces
Juanru Li, Zhiqiang Lin, Juan Caballero, Yuanyuan Zhang, Dawu Gu
ACM Conference on Computer and Communications Security (CCS)
Toronto, Canada. October 15-19, 2018
BinMatch: A Semantics-based Hybrid Approach on Binary Code Clone Analysis
Yikun Hu, Yuanyuan Zhang, Juanru Li, Hui Wang, Bodong Li, Dawu Gu
International Conference on Software Maintenance and Evolution (ICSME)
Madrid, Spain. September 23-29, 2018
Burn After Reading: Expunging Execution Footprints of Android Apps
Junliang Shu, Juanru Li, Yuanyuan Zhang, Dawu Gu.
International Conference on Network and System Security (NSS)
Hong Kong, China. August 27-29, 2018
Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning
Changyu Li, Quanpu Cai, Juanru Li, Yuanyuan Zhang, Dawu Gu, Yu Yu
ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)
Stockholm, Sweden. June 18-20, 2018
AppSpear: Automating the Hidden-Code Extraction and Reassembling of Packed Android Malware
Bodong Li, Yuanyuan Zhang, Juanru Li, Wenbo Yang, Dawu Gu
Journal of Systems and Software
140: 3-16 (2018)
Why Data Deletion Fails? A Study on Deletion Flaws and Data Remanence in Android Systems
Junliang Shu, Yuanyuan Zhang, Juanru Li, Bodong Li, Dawu Gu
ACM Transactions on Embedded Computing Systems
Volume 16(2): 61:1-61:22 (2017)
Oh-Pwn-VPN! Security Analysis of OpenVPN-based Android Apps
Qi Zhang, Juanru Li, Yuanyuan Zhang, Hui Wang, Dawu Gu
International Conference on Cryptology And Network Security (CANS)
Hong Kong, China, November 29 - December 2, 2017
Nightingale: Translating Embedded VM Code in x86 Binary Executables
Haijiang Xie, Yuanyuan Zhang, Juanru Li, Dawu Gu
Information Security Conference (ISC)
Ho Chi Minh City, Vietnam, November 22-24, 2017
NativeSpeaker: Identifying Crypto Misuses in Android Native Code Libraries
Qing Wang, Juanru Li, Yuanyuan Zhang, Hui Wang, Yikun Hu, Bodong Li, Dawu Gu
International Conference on Information Security and Cryptology (INSCRYPT)
Xi'an, China, November 3-5, 2017
Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home Devices
Hui Liu, Changyu Li, Xuancheng Jin, Juanru Li, Yuanyuan Zhang, Dawu Gu
Workshop on Internet of Things Security and Privacy (IoT S&P) Collocated with ACM CCS
Dallas, Texas, USA, November 3, 2017
Embroidery: Patching Vulnerable Binary Code of Fragmentized Android Devices
Xuewen Zhang, Yuanyuan Zhang, Juanru Li, Yikun Hu, Huayi Li, Dawu Gu
IEEE International Conference on Software Maintenance and Evolution (ICSME)
Shanghai, China, September 17-22, 2017
MIRAGE: Randomizing Large Chunk Allocation via Dynamic Binary Instrumentation
Zhenghao Hu, Yuanyuan Zhang, Hui Wang, Juanru Li, Wenbo Yang, Dawu Gu
IEEE Conference on Dependable and Secure Computing (DSC)
Taipei, Taiwan, China, August 7-10, 2017.
Binary Code Clone Detection across Architectures and Compiling Configurations
Yikun Hu, Yuanyuan Zhang, Juanru Li, Dawu Gu
International Conference on Program Comprehension (ICPC)
Buenos Aires, Argentina, May 22-23, 2017
Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps
Wenbo Yang, Yuanyuan Zhang, Juanru Li, Hui Liu, Qing Wang, Yueheng Zhang, Dawu Gu
Network and Distributed System Security Symposium (NDSS)
San Diego, CA, USA, Feburary 26-March 1, 2017
The Achilles' Heel of OAuth: A Multi-platform Study of OAuth-based Authentication
Hui Wang, Yuanyuan Zhang, Juanru Li, Dawu Gu
Annual Computer Security Applications Conference (ACSAC)
Los Angeles, California, USA, December 5–9, 2016
Security Testing of Software on Embedded Devices Using x86 Platform
Yesheng Zhi, Yuanyuan Zhang, Juanru Li, Dawu Gu
EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom)
Beijing, China, November 12-13, 2016
An Empirical Study of Insecure Communication in Android Apps
Yueheng Zhang, Junliang Shu, Yuanyuan Zhang, Juanru Li, Qing Wang, Dawu Gu
China International Conference on Information Security and Cryptology (INSCRYPT)
Beijing, China, November 4-6, 2016
Open Sesame! Web Authentication Cracking via Mobile App Analysis
Hui Liu, Yuanyuan Zhang, Juanru Li, Hui Wang, Dawu Gu
Asia Pacific Web Conference (APWeb)
Suzhou, China, September 23-25, 2016
Security Analysis of Vendor Customized Code in Firmware of Embedded Device
Muqing Liu, Yuanyuan Zhang, Juanru Li, Junliang Shu, Dawu Gu
EAI International Conference on Security and Privacy in Communication Networks (SecureComm)
Guangzhou, China, October 10-12, 2016
New Exploit Methods against Ptmalloc of GLIBC
Tianyi Xie, Yuanyuan Zhang, Juanru Li, Hui Liu, Dawu Gu
IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Tianjin, China, August 23-26, 2016
Cross-Architecture Binary Semantics Understanding via Similar Code Comparison
Yikun Hu, Yuanyuan Zhang, Juanru Li, Dawu Gu
International Conference on Software Analysis, Evolution, and Reengineering (SANER)
Osaka, Japan, March 14-18, 2016
Vulnerability Assessment of OAuth Implementations in Android Applications
Hui Wang, Yuanyuan Zhang, Juanru Li, Hui Liu, Wenbo Yang, Bodong Li, Dawu Gu
Annual Computer Security Applications Conference (ACSAC)
Los Angeles, California, USA. December 7–11, 2015
SSG: Sensor Security Guard for Android Smartphones
Bodong Li, Yuanyuan Zhang, Chen Lyu, Juanru Li, Dawu Gu
EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom)
Hangzhou, China, October 27-30, 2015
From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
Wen Xu, Juanru Li, Junliang Shu, Wenbo Yang, Tianyi Xie, Yuanyuan Zhang, Dawu Gu
ACM Conference on Computer and Communications Security (CCS)
Denver, Colorado, US. October 12-16, 2015
AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware
Wenbo Yang, Yuanyuan Zhang, Juanru Li, Bodong Li, Junliang Shu, Wenjun Hu, Dawu Gu
International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Kyoto, Japan. November 2–4, 2015
TagDroid: Hybrid SSL Certificate Verification in Android
Hui Liu, Yuanyuan Zhang, Hui Wang, Wenbo Yang, Juanru Li, Dawu Gu
International Conference on Information and Communications Security (ICICS)
Hong Kong, China. December 16–17, 2014
iCryptoTracer: Dynamic Analysis on Misuse of Cryptographic Functions in iOS Applications
Yong Li, Yuanyuan Zhang, Juanru Li, Dawu Gu
International Conference on Network and System Security (NSS)
Xi'an, China. October 15–17, 2014
DIAS: Automated Online Analysis for Android Applications
Juanru Li, Yuanyuan Zhang, Wenbo Yang, Junliang Shu, Dawu Gu
IEEE International Conference on Computer and Information Technology (CIT)
Xi'an, China. September 11–13, 2014
Android App Protection via Interpretation Obfuscation
Junliang Shu, Juanru Li, Yuanyuan Zhang, Dawu Gu
IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC)
Dalian, China. August 24–27, 2014
APKLancet: Tumor Payload Diagnosis and Purification for Android Applications
Wenbo Yang, Juanru Li, Yuanyuan Zhang, Yong Li, Junliang Shu, Dawu Gu
ACM Symposium on Information, Computer and Communications Security (AsiaCCS)
Kyoto, Japan. June 4–6, 2014
Automatic Detection and Analysis of Encrypted Messages in Malware
Ruoxu Zhao, Dawu Gu, Juanru Li, Yuanyuan Zhang
China International Conference on Information Security and Cryptology (Inscrypt)
Guangzhou, China. November 27–30, 2013
Toward Active and Efficient Privacy Protection for Android
Yuhao Luo, Juanru Li, Dawu Gu
IEEE International Conference on Information Science and Technology (ICIST)
Yangzhou, China. March 27-28, 2013
Detecting Encryption Functions via Process Emulation and IL-based Program Analysis
Ruoxu Zhao, Dawu Gu, Juanru Li, Hui Liu
International Conference on Information Security and Cryptology (ICICS)
Hong Kong, China, October 29-31, 2012
Android Malware Forensics: Reconstruction of Malicious Events
Juanru Li, Dawu Gu, Yuhao Luo
International Conference on Distributed Computing Systems Workshops (ICDCSW)
Macau, China. June 18–21, 2012
PyXhon: Dynamic Detection of Security Vulnerabilities in Python
Ming Sun, Dawu Gu, Juanru Li, Bailan Li
International Conference on Information Science and Technology (ICIST)
Wuhan, China. March 23–25, 2012
Detection and Analysis of Cryptographic Data Inside Software
Ruoxu Zhao, Dawu Gu, Juanru Li, Ran Yu
International Conference on Information Security (ISC)
Xi'an, China. October 26-29, 2011
Digital Forensic Analysis on Runtime Instruction Flow (Journal Version)
Juanru Li, Dawu Gu, Chaoguo Deng, Yuhao Luo
China Communications
Volume 7 Issue (6): 112-119 (2010)
Digital Forensic Analysis on Runtime Instruction Flow
Juanru Li, Dawu Gu, Chaoguo Deng, Yuhao Luo
International ICST Conference on Forensic (E-forensics)
Shanghai, China. November 11-12, 2010
