Publications

2023

  1. SmartSP
    Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles
    Wenbo Ding, Song Liao, Long ChengZiming Zhao, Keyan Guo, and Hongxin Hu
    EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles, 2023
  2. CCS
    SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems
    Xi Tan, and Ziming Zhao
    ACM Conference on Computer and Communications Security, 2023
  3. USENIX
    xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses
    Feng WeiHongda LiZiming Zhao, and Hongxin Hu
    USENIX Security Symposium, 2023
  4. DAC
    Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense
    Zheyuan Ma, Xi TanLukasz ZiarekNing ZhangHongxin Hu, and Ziming Zhao
    ACM/IEEE Design Automation Conference, 2023

2022

  1. CCS
    EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices
    Cong Wu, Jing Chen, Kun He, Ziming Zhao, Ruiying Du, and Chen Zhang
    ACM Conference on Computer and Communications Security, Nov 2022
  2. ICMLA
    Understanding the Generalizability of Hateful Memes Detection Models Against COVID-19-related Hateful Memes
    Keyan Guo, Wentai Zhao, Jaden Mu, Nishant VishwamitraZiming Zhao, and Hongxin Hu
    IEEE International Conference on Machine Learning and Applications, Nov 2022
  3. TDSC
    FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework Protocol
    Haonan Feng, Jingjing Guan, Hui Li, Xuesong Pan, and Ziming Zhao
    IEEE Transactions on Dependable and Secure Computing, Nov 2022
  4. ESORICS
    A Formal Analysis of the FIDO2 Protocols
    Jingjing Guan, Hui Li, Haisong Ye, and Ziming Zhao
    European Symposium on Research in Computer Security, Nov 2022
  5. arXiv
    BYOTee: Towards Building Your Own Trusted Execution Environments Using FPGA
    Md Armanuzzaman, and Ziming Zhao
    Mar 2022
  6. arXiv
    SoK: On the Semantic AI Security in Autonomous Driving
    Junjie ShenNingfei Wang, Ziwen Wan, Yunpeng Luo, Takami Sato, Zhisheng Hu, Xinyang Zhang, Shengjian Guo, Zhenyu Zhong, Kang LiZiming ZhaoChunming Qiao, and Qi Alfred Chen
    Mar 2022
  7. arXiv
    Understanding and Measuring Robustness of Multimodal Learning
    Dec 2022
  8. AsiaCCSBest Paper Award
    Understanding and Detecting Remote Infection on Linux-based IoT Devices
    Hongda Li, Qiqing Huang, Fei Ding, Hongxin HuLong ChengGuofei Gu, and Ziming Zhao
    ACM Asia Conference on Computer and Communications Security, Jun 2022
  9. TDSC
    Toward Robust Detection of Puppet Attacks via Characterizing Fingertip-Touch Behaviors
    Cong Wu, Kun He, Jing ChenZiming Zhao, and Ruiying Du
    IEEE Transactions on Dependable and Secure Computing, Sep 2022
  10. CODASPY
    Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks
    Nishant Vishwamitra, Yifang Li, Hongxin HuKelly CaineLong ChengZiming Zhao, and Gail-Joon Ahn
    ACM Conference on Data and Application Security and Privacy, Apr 2022

2021

  1. USENIX
    Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service
    USENIX Security Symposium, Apr 2021
  2. DTRAP
    ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems
    Digital Threats: Research and Practice, Apr 2021
  3. NDSS
    A Formal Analysis of the FIDO UAF Protocol
    Haonan Feng, Hui Li, Xuesong Pan, and Ziming Zhao
    Network and Distributed System Security Symposium, Apr 2021

2020

  1. TPS
    Toward Automated Enforcement of Cyber-Physical Security Requirements for Energy Delivery Systems
    Carlos Rubio-MedranoZiming Zhao, and Gail-Joon Ahn
    IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications , Apr 2020
  2. USENIX
    Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks
    Cong Wu, Kun He, Jing ChenZiming Zhao, and Ruiying Du
    USENIX Security Symposium, Apr 2020
  3. MobiSys
    SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture
    Haehyun ChoJinbum Park, Donguk Kim, Ziming ZhaoYan ShoshitaishviliAdam Doupé, and Gail-Joon Ahn
    International Conference on Mobile Systems, Applications, and Services, Apr 2020
  4. Book Chapter
    Mitigating the CacheKit Attack
    Mauricio Gutierrez, Ziming ZhaoAdam DoupéYan Shoshitaishvili, and Gail-Joon Ahn
    Frontiers in Hardware Security and Trust: Theory, Design and Practice, Apr 2020
  5. CODASPY
    DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection
    Stuart Millar, Niall McLaughlin, Jesus Rincon, Paul Miller, and Ziming Zhao
    ACM Conference on Data and Application Security and Privacy, Apr 2020

2019

  1. CCS
    Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues
    ACM Conference on Computer and Communications Security, Apr 2019
  2. US Patent
    Systems and methods for authenticating caller identity and call request header information for outbound telephony communications
    Huahong TuAdam DoupéGail-Joon Ahn, and Ziming Zhao
    Oct 2019
  3. USENIXDistinguished Paper Award
    Users Really Do Answer Telephone Scams
    Huahong TuAdam DoupéZiming Zhao, and Gail-Joon Ahn
    USENIX Security Symposium, Oct 2019
  4. COSE
    Towards a Reliable Firewall for Software-Defined Networks
    Hongxin Hu, Wonkyu Han, Sukwha Kyung, Juan Wang, Gail-Joon AhnZiming Zhao, and Hongda Li
    Computers & Security, Oct 2019
  5. SACMAT
    Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies
    Carlos E Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao, and Gail-Joon Ahn
    ACM Symposium on Access Control Models and Technologies, Oct 2019
  6. MSCPES
    ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems
    IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, Oct 2019
  7. SAC
    iCORE: Continuous and Proactive Extrospection on Multi-core IoT Devices
    ACM/SIGAPP Symposium on Applied Computing, Oct 2019
  8. CODASPY
    Understanding and Predicting Private Interactions in Underground Forums
    ACM Conference on Data and Application Security and Privacy, Oct 2019

2018

  1. TDSC
    Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps
    Jing Chen, Chiheng Wang, Kun He, Ziming Zhao, Min Chen, Ruiying Du, and Gail-Joon Ahn
    IEEE Transactions on Dependable and Secure Computing, Oct 2018
  2. ACSAC
    Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling
    Annual Computer Security Applications Conference, Oct 2018
  3. ACSAC
    Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone
    Haehyun ChoPenghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    Annual Computer Security Applications Conference, Oct 2018
  4. ASHES
    CacheLight: Defeating the CacheKit Attack
    Mauricio Gutierrez, Ziming ZhaoAdam DoupéYan Shoshitaishvili, and Gail-Joon Ahn
    Workshop on Attacks and Solutions in Hardware Security, Oct 2018
  5. CCS
    AIM-SDN: Attacking Information Mismanagement in SDN-datastores
    ACM Conference on Computer and Communications Security, Oct 2018
  6. MedSPT
    The Danger of Missing Instructions: A Systematic Analysis of Security Requirements for MCPS
    IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, Oct 2018
  7. TIFS
    Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection
    Jing Chen, Chiheng Wang, Ziming ZhaoKai Chen, Ruiying Du, and Gail-Joon Ahn
    IEEE Transactions on Information Forensics and Security, Oct 2018
  8. SAC
    Measuring E-Mail Header Injections on the World Wide Web
    Sai Prashanth Chandramouli, Pierre-Marie Bajan, Christopher KruegelGiovanni VignaZiming ZhaoAdam Doupé, and Gail-Joon Ahn
    ACM/SIGAPP Symposium On Applied Computing, Oct 2018
  9. 11.9 Digital Forensics
    Challenges, Opportunities and a Framework for Web Environment Forensics
    Mike Mabey, Adam DoupéZiming Zhao, and Gail-Joon Ahn
    IFIP International Conference on Digital Forensics, Oct 2018
  10. ABAC
    RiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies
    Carlos E Rubio-MedranoZiming Zhao, and Gail-Joon Ahn
    ACM Workshop on Attribute-Based Access Control, Oct 2018
  11. SDNNFV
    Challenges and Preparedness of SDN-based Firewalls
    ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Oct 2018

2017

  1. CIC
    OntoEDS: Protecting Energy Delivery Systems by Collaboratively Analyzing Security Requirements
    IEEE International Conference on Collaboration and Internet Computing (CIC), Oct 2017
  2. MTD
    Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control
    Workshop on Moving Target Defense, Oct 2017
  3. CNS
    HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN
    Sukwha Kyung, Wonkyu Han, Naveen Tiwari, Vaibhav Dixit, Lakshmi Srinivas, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    IEEE Conference on Communications and Network Security, Oct 2017
  4. CSM
    Toward Standardization of Authenticated Caller ID Transmission
    Huahong TuAdam DoupéZiming Zhao, and Gail-Joon Ahn
    IEEE Communications Standards Magazine, Oct 2017
  5. ITIT
    E-mail Header Injection Vulnerabilities
    Sai Prashanth Chandramouli, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    it - Information Technology, Oct 2017
  6. AAMAS
    A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications.
    Sailik Sengupta, Satya Gautam VadlamudiSubbarao KambhampatiAdam DoupéZiming Zhao, Marthony Taguinod, and Gail-Joon Ahn
    AAMAS, Oct 2017
  7. CODASPY
    Deep Android Malware Detection
    Niall McLaughlin, Jesus Rincon, Yeganeh Safaei, Erik Trickel, Ziming Zhao, and Adam Doupé
    ACM Conference on Data and Application Security and Privacy, Oct 2017
  8. ICST
    NIVAnalyzer: A Tool for Automatically Detecting and Verifying Next-Intent Vulnerabilities in Android Apps
    Junjie Tang, Xingmin Cui, Ziming ZhaoShanqing Guo, Xinshun Xu, Chengyu Hu, Tao Ban, and Bing Mao
    IEEE Conference on Software Testing, Verification and Validation, Oct 2017
  9. NDSS
    On the Safety and Efficiency of Virtual Firewall Elasticity Control
    Juan Deng, Hongda LiHongxin HuKuang-Ching WangGail-Joon AhnZiming Zhao, and Wonkyu Han
    Network and Distributed System Security Symposium, Oct 2017
  10. US Patent
    Systems and Methods for Authenticating Caller Identity and Call Request Header Information for Outbound Telephony Communications
    Huahong TuAdam DoupéGail-Joon Ahn, and Ziming Zhao
    Oct 2017

2016

  1. ITUBest Paper Award
    Toward Authenticated Caller ID Transmission: The Need for a Standardized Authentication Scheme in Q.731.3 Calling Line Identification Presentation
    Huahong TuAdam DoupéZiming Zhao, and Gail-Joon Ahn
    ITU Kaleidoscope: ICTs for a Sustainable World, Oct 2016
  2. CIC
    Towards Automated Threat Intelligence Fusion
    Ajay Modi, Zhibo Sun, Anupam Panwar, Tejas Khairnar, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    IEEE International Conference on Collaboration and Internet Computing, Oct 2016
  3. JCS
    TripleMon: A Multi-layer Security Framework for Mediating Inter-Process Communication on Android
    Yiming Jing, Gail-Joon AhnHongxin HuHaehyun Cho, and Ziming Zhao
    Journal of Computer Security, Oct 2016
  4. DFRWS
    dbling: Identifying Extensions Installed on Encrypted Web Thin Clients
    Mike Mabey, Adam DoupéZiming Zhao, and Gail-Joon Ahn
    Digital Investigation, Oct 2016
  5. ICWS
    Toward Discovering and Exploiting Private Server-Side Web APIs
    Jia Chen, Xingmin Cui, Ziming Zhao, Jie Liang, and Shanqing Guo
    IEEE International Conference on Web Services, Oct 2016
  6. SACMAT
    State-aware Network Access Management for Software-Defined Networks
    Wonkyu Han, Hongxin HuZiming ZhaoAdam DoupéGail-Joon AhnKuang-Ching Wang, and Juan Deng
    ACM Symposium on Access Control Models and Technologies, Oct 2016
  7. eCrime
    Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin
    Kevin LiaoZiming ZhaoAdam Doupé, and Gail-Joon Ahn
    APWG Symposium on Electronic Crime Research, Oct 2016
  8. SPM
    Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces
    Ziming Zhao, Mukund Sankaran, Gail-Joon AhnThomas J. Holt, Yiming Jing, and Hongxin Hu
    IEEE Security & Privacy Magazine, Oct 2016
  9. Oakland
    SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam
    Huahong TuAdam DoupéZiming Zhao, and Gail-Joon Ahn
    IEEE Symposium on Security and Privacy, Oct 2016
  10. AAMAS
    Moving Target Defense for Web Applications using Bayesian Stackelberg Games
    Satya Gautam Vadlamudi, Sailik Sengupta, Marthony Taguinod, Ziming ZhaoAdam DoupéGail-Joon Ahn, and Subbarao Kambhampati
    International Conference on Autonomous Agents & Multiagent Systems, Oct 2016
  11. ABAC
    Towards a Moving Target Defense Approach for Attribute-based Access Control
    Carlos E Rubio-MedranoJosephine Lamp, Marthony Taguinod, Ziming Zhao, Adam Doupe, and Gail-Joon Ahn
    ACM Workshop on Attribute-based Access Control, Oct 2016
  12. CODASPY
    HoneyMix: Toward SDN-based Intelligent Honeynet
    Wonkyu Han, Ziming ZhaoAdam Doupé, and Gail-Joon Ahn
    ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Oct 2016

2015

  1. IRI
    Toward a Moving Target Defense for Web Applications
    Marthony Taguinod, Adam DoupéZiming Zhao, and Gail-Joon Ahn
    IEEE International Conference on Information Reuse and Integration, Oct 2015
  2. US Patent
    Methods, Systems, and Media for Measuring Quality of Gesture-based Passwords
    Gail-Joon Ahn, and Ziming Zhao
    Oct 2015
  3. TISSEC
    Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation
    Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    ACM Transactions on Information and System Security, Oct 2015
  4. SACMAT
    Federated Access Management for Collaborative Network Environments: Framework and Case Study
    ACM Symposium on Access control Models and Technologies, Oct 2015
  5. TDSC
    Towards Automated Risk Assessment and Mitigation of Mobile Applications
    Yiming Jing, Gail-Joon AhnZiming Zhao, and Hongxin Hu
    IEEE Transactions on Dependable and Secure Computing, Oct 2015

2014

  1. ACSAC
    Morpheus: Automatically Generating Heuristics to Detect Android Emulators
    Yiming Jing, Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    Annual Computer Security Applications Conference, Oct 2014
  2. HotSDN
    FlowGuard: Building Robust Firewalls for Software-Defined Networks
    Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, and Ziming Zhao
    ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, Oct 2014
  3. SACMAT
    Game Theoretic Analysis of Multiparty Access Control in Online Social Networks
    Hongxin HuGail-Joon AhnZiming Zhao, and Dejun Yang
    ACM Symposium on Access Control Models and Technologies, Oct 2014
  4. ONS
    Towards a Reliable SDN Firewall
    Hongxin HuGail-Joon Ahn, Wonkyu Han, and Ziming Zhao
    Open Networking Summit Research Track, Oct 2014
  5. CODASPYBest Paper Award
    RiskMon: Continuous and Automated Risk Assessment for Mobile Applications
    Yiming Jing, Gail-Joon AhnZiming Zhao, and Hongxin Hu
    ACM Conference on Data and Application Security and Privacy, Oct 2014

2013

  1. CNS
    Using Instruction Sequence Abstraction for Shellcode Detection and Attribution
    Ziming Zhao, and Gail-Joon Ahn
    IEEE Conference on Communications and Network Security, Oct 2013
  2. USENIX
    On the Security of Picture Gesture Authentication
    Ziming ZhaoGail-Joon Ahn, Jeong-Jin Seo, and Hongxin Hu
    USENIX Security Symposium, Oct 2013
  3. Book Chapter
    Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks
    Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    Hackers and Hacking: A Reference Handbook, Oct 2013

2012

  1. ESORICS
    SocialImpact: Systematic Analysis of Underground Social Dynamics
    Ziming ZhaoGail-Joon AhnHongxin Hu, and Deepinder Mahi
    European Conference on Research in Computer Security, Oct 2012
  2. TDSC
    Risk-Aware Mitigation for MANET Routing Attacks
    Ziming ZhaoHongxin HuGail-Joon Ahn, and Ruoyu Wu
    IEEE Transactions on Dependable and Secure Computing, Oct 2012

2011

  1. GLOBECOM
    Examining Social Dynamics for Countering Botnet Attacks
    Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    IEEE Global Telecommunications Conference, Oct 2011
  2. WCRE
    Automatic Extraction of Secrets from Malware
    Ziming ZhaoGail-Joon Ahn, and Hongxin Hu
    Working Conference on Reverse Engineering, Oct 2011

2010

  1. GLOBECOM
    Risk-Aware Response for Mitigating MANET Routing Attacks
    Ziming ZhaoHongxin HuGail-Joon Ahn, and Ruoyu Wu
    IEEE Global Telecommunications Conference, Oct 2010