Publications

2024

  1. arXiv
    Where’s the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems
    Xi Tan, Zheyuan Ma, Sandro PintoLe GuanNing ZhangJun XuZhiqiang LinHongxin Hu, and Ziming Zhao
    2024
  2. SAC
    Is the Canary Dead? On the Effectiveness of Stack Canaries on Microcontroller Systems
    Xi Tan, Sagar Mohan, Md Armanuzzaman, Zheyuan Ma, Gaoxiang Liu, Alex Eastman, Hongxin Hu, and Ziming Zhao
    ACM/SIGAPP Symposium On Applied Computing, 2024
  3. AsiaCCS
    Building Your Own Trusted Execution Environments Using FPGA
    Md ArmanuzzamanAhmad-Reza Sadeghi, and Ziming Zhao
    ACM ASIA Conference on Computer and Communications Security, 2024
  4. Oakland
    Moderating New Waves of Online Hate with Chain-of-Thought Reasoning in Large Language Models
    Nishant VishwamitraKeyan Guo, Farhan Tajwar Romit, Isabelle Ondracek, Long ChengZiming Zhao, and Hongxin Hu
    IEEE Symposium on Security and Privacy, 2024

2023

  1. IMWUT
    LocCams: An Efficient and Robust Approach for Detecting and Localizing Hidden Wireless Cameras via Commodity Devices
    Yangyang Gu, Jing ChenCong Wu, Kun He, Ziming Zhao, and Ruiying Du
    Proceedings of ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2023
  2. ICMLA
    An Investigation of Large Language Models for Real-World Hate Speech Detection
    Keyan Guo, Alexander Hu, Jaden Mu, Ziheng Shi, Ziming ZhaoNishant Vishwamitra, and Hongxin Hu
    IEEE International Conference on Machine Learning and Applications, 2023
  3. ASONAM
    Understanding and Analyzing COVID-19-related Online Hate Propagation Through Hateful Memes Shared on Twitter
    Nishant VishwamitraKeyan Guo, Liao Song, Jaden Mu, Zheyuan Ma, Long ChengZiming Zhao, and Hongxin Hu
    IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, 2023
  4. TMC
    WiFiLeaks: Exposing Stationary Human Presence Through a Wall with Commodity Mobile Devices
    Yangyang Gu, Jing Chen, Kun He, Cong WuZiming Zhao, and Ruiying Du
    IEEE Transactions on Mobile Computing, 2023
  5. SmartSP
    Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles
    Wenbo Ding, Song Liao, Long ChengZiming ZhaoKeyan Guo, and Hongxin Hu
    EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles, 2023
  6. CCS
    SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems
    Xi Tan, and Ziming Zhao
    ACM Conference on Computer and Communications Security, 2023
  7. USENIX
    xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses
    Feng WeiHongda LiZiming Zhao, and Hongxin Hu
    USENIX Security Symposium, 2023
  8. DAC
    Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense
    Zheyuan Ma, Xi TanLukasz ZiarekNing ZhangHongxin Hu, and Ziming Zhao
    ACM/IEEE Design Automation Conference, 2023

2022

  1. CCS
    EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices
    Cong WuJing Chen, Kun He, Ziming Zhao, Ruiying Du, and Chen Zhang
    ACM Conference on Computer and Communications Security, 2022
  2. ICMLA
    Understanding the Generalizability of Hateful Memes Detection Models Against COVID-19-related Hateful Memes
    Keyan Guo, Wentai Zhao, Jaden Mu, Nishant VishwamitraZiming Zhao, and Hongxin Hu
    IEEE International Conference on Machine Learning and Applications, 2022
  3. TDSC
    FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework Protocol
    Haonan Feng, Jingjing Guan, Hui Li, Xuesong Pan, and Ziming Zhao
    IEEE Transactions on Dependable and Secure Computing, 2022
  4. ESORICS
    A Formal Analysis of the FIDO2 Protocols
    Jingjing Guan, Hui Li, Haisong Ye, and Ziming Zhao
    European Symposium on Research in Computer Security, 2022
  5. arXiv
    BYOTee: Towards Building Your Own Trusted Execution Environments Using FPGA
    Md Armanuzzaman, and Ziming Zhao
    2022
  6. arXiv
    SoK: On the Semantic AI Security in Autonomous Driving
    Junjie ShenNingfei Wang, Ziwen Wan, Yunpeng Luo, Takami Sato, Zhisheng Hu, Xinyang Zhang, Shengjian Guo, Zhenyu Zhong, Kang LiZiming ZhaoChunming Qiao, and Qi Alfred Chen
    2022
  7. arXiv
    Understanding and Measuring Robustness of Multimodal Learning
    2022
  8. AsiaCCSBest Paper Award
    Understanding and Detecting Remote Infection on Linux-based IoT Devices
    Hongda Li, Qiqing Huang, Fei Ding, Hongxin HuLong ChengGuofei Gu, and Ziming Zhao
    ACM ASIA Conference on Computer and Communications Security, 2022
  9. TDSC
    Toward Robust Detection of Puppet Attacks via Characterizing Fingertip-Touch Behaviors
    Cong Wu, Kun He, Jing ChenZiming Zhao, and Ruiying Du
    IEEE Transactions on Dependable and Secure Computing, 2022
  10. CODASPY
    Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks
    Nishant Vishwamitra, Yifang Li, Hongxin HuKelly CaineLong ChengZiming Zhao, and Gail-Joon Ahn
    ACM Conference on Data and Application Security and Privacy, 2022

2021

  1. USENIX
    Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service
    USENIX Security Symposium, 2021
  2. DTRAP
    ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems
    Digital Threats: Research and Practice, 2021
  3. NDSS
    A Formal Analysis of the FIDO UAF Protocol
    Haonan Feng, Hui Li, Xuesong Pan, and Ziming Zhao
    Network and Distributed System Security Symposium, 2021

2020

  1. TPS
    Toward Automated Enforcement of Cyber-Physical Security Requirements for Energy Delivery Systems
    Carlos Rubio-MedranoZiming Zhao, and Gail-Joon Ahn
    IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications , 2020
  2. USENIX
    Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks
    Cong Wu, Kun He, Jing ChenZiming Zhao, and Ruiying Du
    USENIX Security Symposium, 2020
  3. MobiSys
    SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture
    Haehyun ChoJinbum Park, Donguk Kim, Ziming ZhaoYan ShoshitaishviliAdam Doupé, and Gail-Joon Ahn
    ACM International Conference on Mobile Systems, Applications, and Services, 2020
  4. Book Chapter
    Mitigating the CacheKit Attack
    Mauricio Gutierrez, Ziming ZhaoAdam DoupéYan Shoshitaishvili, and Gail-Joon Ahn
    Frontiers in Hardware Security and Trust: Theory, Design and Practice, 2020
  5. CODASPY
    DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection
    Stuart Millar, Niall McLaughlin, Jesus Rincon, Paul Miller, and Ziming Zhao
    ACM Conference on Data and Application Security and Privacy, 2020

2019

  1. CCS
    Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues
    ACM Conference on Computer and Communications Security, 2019
  2. US Patent
    Systems and methods for authenticating caller identity and call request header information for outbound telephony communications
    Huahong TuAdam DoupéGail-Joon Ahn, and Ziming Zhao
    2019
  3. USENIXDistinguished Paper Award
    Users Really Do Answer Telephone Scams
    Huahong TuAdam DoupéZiming Zhao, and Gail-Joon Ahn
    USENIX Security Symposium, 2019
  4. COSE
    Towards a Reliable Firewall for Software-Defined Networks
    Hongxin Hu, Wonkyu Han, Sukwha Kyung, Juan Wang, Gail-Joon AhnZiming Zhao, and Hongda Li
    Computers & Security, 2019
  5. SACMAT
    Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies
    Carlos E Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao, and Gail-Joon Ahn
    ACM Symposium on Access Control Models and Technologies, 2019
  6. MSCPES
    ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems
    IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, 2019
  7. SAC
    iCORE: Continuous and Proactive Extrospection on Multi-core IoT Devices
    ACM/SIGAPP Symposium on Applied Computing, 2019
  8. CODASPY
    Understanding and Predicting Private Interactions in Underground Forums
    ACM Conference on Data and Application Security and Privacy, 2019

2018

  1. TDSC
    Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps
    Jing Chen, Chiheng Wang, Kun He, Ziming Zhao, Min Chen, Ruiying Du, and Gail-Joon Ahn
    IEEE Transactions on Dependable and Secure Computing, 2018
  2. ACSAC
    Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling
    Annual Computer Security Applications Conference, 2018
  3. ACSAC
    Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone
    Haehyun ChoPenghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    Annual Computer Security Applications Conference, 2018
  4. ASHES
    CacheLight: Defeating the CacheKit Attack
    Mauricio Gutierrez, Ziming ZhaoAdam DoupéYan Shoshitaishvili, and Gail-Joon Ahn
    Workshop on Attacks and Solutions in Hardware Security, 2018
  5. CCS
    AIM-SDN: Attacking Information Mismanagement in SDN-datastores
    ACM Conference on Computer and Communications Security, 2018
  6. MedSPT
    The Danger of Missing Instructions: A Systematic Analysis of Security Requirements for MCPS
    IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, 2018
  7. TIFS
    Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection
    Jing Chen, Chiheng Wang, Ziming ZhaoKai Chen, Ruiying Du, and Gail-Joon Ahn
    IEEE Transactions on Information Forensics and Security, 2018
  8. SAC
    Measuring E-Mail Header Injections on the World Wide Web
    Sai Prashanth Chandramouli, Pierre-Marie Bajan, Christopher KruegelGiovanni VignaZiming ZhaoAdam Doupé, and Gail-Joon Ahn
    ACM/SIGAPP Symposium On Applied Computing, 2018
  9. 11.9 Digital Forensics
    Challenges, Opportunities and a Framework for Web Environment Forensics
    Mike Mabey, Adam DoupéZiming Zhao, and Gail-Joon Ahn
    IFIP International Conference on Digital Forensics, 2018
  10. ABAC
    RiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies
    Carlos E Rubio-MedranoZiming Zhao, and Gail-Joon Ahn
    ACM Workshop on Attribute-Based Access Control, 2018
  11. SDNNFV
    Challenges and Preparedness of SDN-based Firewalls
    ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, 2018

2017

  1. CIC
    OntoEDS: Protecting Energy Delivery Systems by Collaboratively Analyzing Security Requirements
    IEEE International Conference on Collaboration and Internet Computing (CIC), 2017
  2. MTD
    Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control
    Workshop on Moving Target Defense, 2017
  3. CNS
    HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN
    Sukwha Kyung, Wonkyu Han, Naveen Tiwari, Vaibhav Dixit, Lakshmi Srinivas, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    IEEE Conference on Communications and Network Security, 2017
  4. CSM
    Toward Standardization of Authenticated Caller ID Transmission
    Huahong TuAdam DoupéZiming Zhao, and Gail-Joon Ahn
    IEEE Communications Standards Magazine, 2017
  5. ITIT
    E-mail Header Injection Vulnerabilities
    Sai Prashanth Chandramouli, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    it - Information Technology, 2017
  6. AAMAS
    A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications.
    Sailik Sengupta, Satya Gautam VadlamudiSubbarao KambhampatiAdam DoupéZiming Zhao, Marthony Taguinod, and Gail-Joon Ahn
    AAMAS, 2017
  7. CODASPY
    Deep Android Malware Detection
    Niall McLaughlin, Jesus Rincon, Yeganeh Safaei, Erik Trickel, Ziming Zhao, and Adam Doupé
    ACM Conference on Data and Application Security and Privacy, 2017
  8. ICST
    NIVAnalyzer: A Tool for Automatically Detecting and Verifying Next-Intent Vulnerabilities in Android Apps
    Junjie Tang, Xingmin Cui, Ziming ZhaoShanqing Guo, Xinshun Xu, Chengyu Hu, Tao Ban, and Bing Mao
    IEEE Conference on Software Testing, Verification and Validation, 2017
  9. NDSS
    On the Safety and Efficiency of Virtual Firewall Elasticity Control
    Juan Deng, Hongda LiHongxin HuKuang-Ching WangGail-Joon AhnZiming Zhao, and Wonkyu Han
    Network and Distributed System Security Symposium, 2017
  10. US Patent
    Systems and Methods for Authenticating Caller Identity and Call Request Header Information for Outbound Telephony Communications
    Huahong TuAdam DoupéGail-Joon Ahn, and Ziming Zhao
    2017

2016

  1. ITUBest Paper Award
    Toward Authenticated Caller ID Transmission: The Need for a Standardized Authentication Scheme in Q.731.3 Calling Line Identification Presentation
    Huahong TuAdam DoupéZiming Zhao, and Gail-Joon Ahn
    ITU Kaleidoscope: ICTs for a Sustainable World, 2016
  2. CIC
    Towards Automated Threat Intelligence Fusion
    Ajay Modi, Zhibo Sun, Anupam Panwar, Tejas Khairnar, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    IEEE International Conference on Collaboration and Internet Computing, 2016
  3. JCS
    TripleMon: A Multi-layer Security Framework for Mediating Inter-Process Communication on Android
    Yiming Jing, Gail-Joon AhnHongxin HuHaehyun Cho, and Ziming Zhao
    Journal of Computer Security, 2016
  4. DFRWS
    dbling: Identifying Extensions Installed on Encrypted Web Thin Clients
    Mike Mabey, Adam DoupéZiming Zhao, and Gail-Joon Ahn
    Digital Investigation, 2016
  5. ICWS
    Toward Discovering and Exploiting Private Server-Side Web APIs
    Jia Chen, Xingmin Cui, Ziming Zhao, Jie Liang, and Shanqing Guo
    IEEE International Conference on Web Services, 2016
  6. SACMAT
    State-aware Network Access Management for Software-Defined Networks
    Wonkyu Han, Hongxin HuZiming ZhaoAdam DoupéGail-Joon AhnKuang-Ching Wang, and Juan Deng
    ACM Symposium on Access Control Models and Technologies, 2016
  7. eCrime
    Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin
    Kevin LiaoZiming ZhaoAdam Doupé, and Gail-Joon Ahn
    APWG Symposium on Electronic Crime Research, 2016
  8. SPM
    Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces
    Ziming Zhao, Mukund Sankaran, Gail-Joon AhnThomas J. Holt, Yiming Jing, and Hongxin Hu
    IEEE Security & Privacy Magazine, 2016
  9. Oakland
    SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam
    Huahong TuAdam DoupéZiming Zhao, and Gail-Joon Ahn
    IEEE Symposium on Security and Privacy, 2016
  10. AAMAS
    Moving Target Defense for Web Applications using Bayesian Stackelberg Games
    Satya Gautam Vadlamudi, Sailik Sengupta, Marthony Taguinod, Ziming ZhaoAdam DoupéGail-Joon Ahn, and Subbarao Kambhampati
    International Conference on Autonomous Agents & Multiagent Systems, 2016
  11. ABAC
    Towards a Moving Target Defense Approach for Attribute-based Access Control
    Carlos E Rubio-MedranoJosephine Lamp, Marthony Taguinod, Ziming Zhao, Adam Doupe, and Gail-Joon Ahn
    ACM Workshop on Attribute-based Access Control, 2016
  12. CODASPY
    HoneyMix: Toward SDN-based Intelligent Honeynet
    Wonkyu Han, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, 2016

2015

  1. IRI
    Toward a Moving Target Defense for Web Applications
    Marthony Taguinod, Adam DoupéZiming Zhao, and Gail-Joon Ahn
    IEEE International Conference on Information Reuse and Integration, 2015
  2. US Patent
    Methods, Systems, and Media for Measuring Quality of Gesture-based Passwords
    Gail-Joon Ahn, and Ziming Zhao
    2015
  3. TISSEC
    Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation
    Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    ACM Transactions on Information and System Security, 2015
  4. SACMAT
    Federated Access Management for Collaborative Network Environments: Framework and Case Study
    ACM Symposium on Access control Models and Technologies, 2015
  5. TDSC
    Towards Automated Risk Assessment and Mitigation of Mobile Applications
    Yiming Jing, Gail-Joon AhnZiming Zhao, and Hongxin Hu
    IEEE Transactions on Dependable and Secure Computing, 2015

2014

  1. ACSAC
    Morpheus: Automatically Generating Heuristics to Detect Android Emulators
    Yiming Jing, Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    Annual Computer Security Applications Conference, 2014
  2. HotSDN
    FlowGuard: Building Robust Firewalls for Software-Defined Networks
    Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, and Ziming Zhao
    ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2014
  3. SACMAT
    Game Theoretic Analysis of Multiparty Access Control in Online Social Networks
    Hongxin HuGail-Joon AhnZiming Zhao, and Dejun Yang
    ACM Symposium on Access Control Models and Technologies, 2014
  4. ONS
    Towards a Reliable SDN Firewall
    Hongxin HuGail-Joon Ahn, Wonkyu Han, and Ziming Zhao
    Open Networking Summit Research Track, 2014
  5. CODASPYBest Paper Award
    RiskMon: Continuous and Automated Risk Assessment for Mobile Applications
    Yiming Jing, Gail-Joon AhnZiming Zhao, and Hongxin Hu
    ACM Conference on Data and Application Security and Privacy, 2014

2013

  1. CNS
    Using Instruction Sequence Abstraction for Shellcode Detection and Attribution
    Ziming Zhao, and Gail-Joon Ahn
    IEEE Conference on Communications and Network Security, 2013
  2. USENIX
    On the Security of Picture Gesture Authentication
    Ziming ZhaoGail-Joon Ahn, Jeong-Jin Seo, and Hongxin Hu
    USENIX Security Symposium, 2013
  3. Book Chapter
    Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks
    Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    Hackers and Hacking: A Reference Handbook, 2013

2012

  1. ESORICS
    SocialImpact: Systematic Analysis of Underground Social Dynamics
    Ziming ZhaoGail-Joon AhnHongxin Hu, and Deepinder Mahi
    European Conference on Research in Computer Security, 2012
  2. TDSC
    Risk-Aware Mitigation for MANET Routing Attacks
    Ziming ZhaoHongxin HuGail-Joon Ahn, and Ruoyu Wu
    IEEE Transactions on Dependable and Secure Computing, 2012

2011

  1. GLOBECOM
    Examining Social Dynamics for Countering Botnet Attacks
    Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    IEEE Global Telecommunications Conference, 2011
  2. WCRE
    Automatic Extraction of Secrets from Malware
    Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    Working Conference on Reverse Engineering, 2011

2010

  1. GLOBECOM
    Risk-Aware Response for Mitigating MANET Routing Attacks
    Ziming ZhaoHongxin HuGail-Joon Ahn, and Ruoyu Wu
    IEEE Global Telecommunications Conference, 2010