Our Work

Exceptional projects we have accomplished.

 

2018

  • Li Changyu, Cai Quanpu, Li Juanru, Hui Liu, Zhang Yuanyuan, Gu Dawu, Yu Yu. Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning. in Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2018). Stockholm, Sweden. June 18-20, 2018.
  • Bodong Li, Yuanyuan Zhang, Juanru Li, Wenbo Yang, Dawu Gu. AppSpear: Automating the Hidden-Code Extraction and Reassembling of Packed Android Malware. Journal of Systems and Software (JSS).

2017

  • Qi Zhang, Juanru Li, Yuanyuan Zhang(*), Hui Wang, Dawu Gu, Oh-Pwn_VPN! Security Analysis of OpenVPN-based Android Apps, in Proceedings of the 16th International Conference on Cryptology And Network Security (CANS 2017). Hong Kong. November 29 - December 2, 2017.
  • Haijiang Xie, Juanru Li, Yuanyuan Zhang, Dawu Gu. Nightingale: Translating Embedded VM Code in x86 Binary Executables, in Proceedings of the 20th International Information Security Conference (ISC 2017). Ho Chi Minh City, Vietnam, November 22-24, 2017.
  • Hui Liu, Changyu Li, Xuancheng Jin, Juanru Li, Yuanyuan Zhang, Dawu Gu. Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home Devices, First ACM CCS Workshop on Internet of Things Security and Privacy (IoTS&P’17). Dallas, TX, USA, November 3, 2017.
  • Xuewen Zhang, Yuanyuan Zhang, Juanru Li, Yikun Hu, Huayi Li, Dawu Gu. Embroidery: Patching Vulnerable Binary Code of Fragmentized Android Devices, in Proceedings of the 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME 2017). Shanghai, China. Sep.28-Oct.3, 2017.
  • Zhenghao Hu, Yuanyuan Zhang, Hui Wang, Juanru Li, Wenbo Yang, Dawu Gu, MIRAGE : Randomizing Large Chunk Allocation Via Dynamic Binary Instrumentation, in Dependable and Secure Computing, 2017 IEEE Conference (DSC 2017). Taipei, Taiwan. 7-10 Aug. 2017.
  • Siqi Zhao, Xuhua Ding, Wen Xu and Dawu Gu. Seeing Through The Same Lens: Introspecting Guest Address Space At Native Speed, in Proceedings of the 26th Usenix Security Symposium (Security 2017).Vancourver, BC, Canada. August 16-18, 2017.
  • Yikun Hu, Yuanyuan Zhang, Juanru Li and Dawu Gu. Binary Code Clone Detection across Architecturesand Compiling Configurations, in Proceedings of the 25th International Conference on Program Comprehension (ICPC 2017). Buenos Aires, Argentina. May 22-23, 2017.
  • Wenbo Yang, Yuanyuan Zhang, Juanru Li, Hui Liu, Qing Wang, Yueheng Zhang and Dawu Gu. Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps, in Proceedings of the 24th Network and Distributed System Security Symposium (NDSS 2017). San Diego, CA, USA. February 26 - March 1, 2017.
  • Junliang Shu, Yuanyuan Zhang, Juanru Li, Bodong Li, Dawu Gu: Why Data Deletion Fails? A Study on Deletion Flaws and Data Remanence in Android Systems. ACM Trans. Embedded Comput. Syst. 16(2): 61:1-61:22 (2017)

2016

  • Hui Wang, Yuanyuan Zhang, Juanru Li and Dawu Gu. The Achilles' Heel of OAuth: A Multi-Platform Study of OAuth-based Authentication. in Proceeding of the 32th Annual Computer Security Applications Conference (ACSAC 2016). Los Angeles, California, USA. December 5–9, 2016.
  • Yesheng Zhi, Yuanyuan Zhang, Juanru Li, Dawu Gu. Security Testing of Software on Embedded Devices Using x86 Platform. in 12th EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2016), Beijing, China, 12-13 November, 2016.
  • Yueheng Zhang, Junliang Shu, Yuanyuan Zhang, Juanru Li, Qing Wang, Dawu Gu. An Empirical Study of Insecure Communication in Android Apps. in 12th China International Conference on Information Security and Cryptology (INSCRYPT 2016), Beijing, China, 4-6 November, 2016.
  • Muqing Liu, Yuanyuan Zhang, Juanru Li, Junliang Shu, Dawu Gu. Security Analysis of Vendor Customized Code in Firmware of Embedded Device. in 12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2016), Guangzhou, China, 10-12 October, 2016.
  • Liu Hui, Zhang Yuanyuan, Li Juanru, Wang Hui, Gu Dawu. Open Sesame! Web Authentication Cracking via Mobile app Analysis. in 18th Asia Pacific Web Conference (APWEB 2016). Suzhou, China. Sept 23-25, 2016
  • Xie Tianyi, Zhangyuanyuan, Li Juanru, Liu Hui, Gu Dawu. New Exploit Methods against Ptmalloc of Glibc. in 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2016). Tianjin, China. 23-26 August, 2016
  • Yikun Hu, Yuanyuan Zhang, Juanru Li, Dawu Gu. Cross-Architecture Binary Semantics Understanding via Similar Code Comparison. in 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016). Osaka, Japan. March 14-18, 2016

2015

  • Bodong Li, Yuanyuan Zhang, Chen Lyu, JuanruLi, Dawu Gu. SSG: Sensor Security Guard for Android Smartphones. in Proceeding of the 11th EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2015). Wuhan, Hubei, China. NOVEMBER 10–11, 2015.
  • Hui Wang, Yuanyuan Zhang, Juanru Li, Hui Liu, Wenbo Yang, Bodong Li, Dawu Gu. Vulnerability Assessment of OAuth Implementations in Android Applications. in Proceeding of the 31th Annual Computer Security Applications Conference (ACSAC 2015). Los Angeles, California, USA. December 7–11, 2015.
  • Wen Xu, Juanru Li, Junliang Shu, Wenbo Yang, Tianyi Xie, Yuanyuan Zhang, Dawu Gu. From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel. in Proceeding of the 22nd ACM Conference on Computer and Communications Security(CCS 2015). The Denver Marriot City Center, Denver, Colorado, US. October 12-16, 2015.
  • Wenbo Yang, Yuanyuan Zhang, Juanru Li, Bodong Li, Junliang Shu, Wenju Hu, Dawu Gu. AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware. in Proceeding of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2015). Kyoto, Japan. November 2–4, 2015.

2014

  • Hui Liu, Yuanyuan Zhang, Hui Wang, Wenbo Yang, Juanru Li and Dawu Gu.TagDroid: Hybrid SSL Certificate Verification in Android. in Proceeding of the 16th International Conference on Information and Communications Security (ICICS2014). Hong Kong,China. December 16-17, 2014
  • Juanru Li, Yuanyuan Zhang, Wenbo Yang, Junliang Shu and Dawu Gu. DIAS: Automated Online Analysis for Android Applications. in Proceeding of the 14th IEEE International Conference on Computer and Information Technology (IEEE CIT'14). Xi'an, China. Sept 11-13, 2014.
  • Yong Li, Yuanyuan Zhang, Juanru Li and Dawu Gu. iCryptoTracer: Dynamic Analysis on Misuse of Cryptographic Functions in iOS Applications. in Proceeding of the 8th International Conference on Network and System Security (NSS 2014). Xi'an, China. Oct 15-17, 2014.
  • Junliang Shu, Juanru Li, Yuanyuan Zhang and Dawu Gu. Android App Protection via Interpretation Obfuscation. in Proceeding of the 12th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2014), Dalian, China, August 24-27, 2014
  • Wenbo Yang, Juanru Li, Yuanyuan Zhang, Yong Li, Junliang Shu and Dawu Gu. APKLancet: Tumor Payload Diagnosis and Purification for Android Applications. in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security(ASIACCS'14). Kyoto, Japan. June 2014

2013

  • Ruoxu Zhao, Dawu Gu, Juanru Li and Yuanyuan Zhang, Automatic Detection and Analysis of Encrypted Messages in Malware. In Lin, Dongdai, Xu, Shouhuai, Yung, Moti (Eds.), The 9th China International Conference on Information Security and CryptologyInscrypt 2013, Guangzhou, Vol. 8567 of Lecture Notes in Computer Science, China, November 27-30, 2013. Springer, Heidelberg.
  • Yuhao Luo, Dawu Gu, Juanru Li. Toward Active and Efficient Privacy Protection for Android. in Proceeding of the 3rd IEEE International Conference on Information Science and Technology(ICIST'13), Yangzhou, China. Mar 27-28, 2013.

2012

  • Ruoxu Zhao, Dawu Gu, Juanru Li, Liu Hui. “Detecting Encryption Functions via Process Emulation and IL-based Program Analysis”. * Information and Communications Security. Lecture Notes in Computer Science Volume 7618, 2012, pp 252-263.
  • Juanru Li, Dawu Gu, Yuhao Luo, “Android Malware Forensics: Reconstruction of Malicious Events,” 32nd International Conference on Distributed Computing Systems Workshops, icdcsw, pp.552-558, 2012
  • Ming Sun, Dawu Gu, Juanru Li and Bailan Li. PyXhon: Dynamic Detection of Security Vulnerabilities in Python. * 2012 IEEE International Conference on Information Science and Technology. Page(s): 461-466. Wuhan, Hubei, China; March 23-25 2012.

2011

Ruoxu Zhao, Dawu Gu, Juanru Li, Ran Yu. “Detection and Analysis of Cryptographic Data Inside Software”. * ISC 2011, LNCS, Volume 7001/2011, pp. 182-196, 2011.

2010

Juanru Li, Dawu Gu, Chaoguo Deng, Yuhao Luo. Digital Forensic Analysis on Runtime Instruction Flow[C]. 3rd International ICST Conference on Forensic, Shanghai, China. Nov.11-12, 2010.

Journal papers

  • Li Bodong, Zhang Yuanyuan, Li Juanru, Yang Wenbo, Gu Dawu. AppSpear: Automating the Hidden-Code Extraction and Reassembling of Packed Android Malware, in Journal of Systems and Software, 140: 3-16 (2018)
  • Junliang Shu, Yuanyuan Zhang, Juanru Li, Bodong Li, Dawu Gu. Why data deletion fails? A study on deletion flaws and data remanence in Android systems, in ACM Trans. Embed. Comput. Syst. 16, 2, Article 61 (January 2017).
  • 李柏岚 谷大武 李卷孺 孙明. iOS备份机制中隐私威胁问题的分析[J]. 通信技术, Vol.45, No.02.2012, 25-28页
  • 孙明,谷大武,李卷孺,罗宇皓. 动态指令流差分分析在恶意软件分析中的应用[J]. 计算机应用研究,2012,29(2):658-660.
  • 邓超国,谷大武,李卷孺,孙明. 一种基于全系统仿真和指令流分析的二进制代码分析方法[J]. 计算机应用研究, 2011,28(4):1437-1441
  • Juanru Li, Dawu Gu, Chaoguo Deng, Yuhao Luo. Digital Forensic Analysis on Runtime Instruction Flow[J]. China Communications, 2010, Vol. 7 Issue (6): 112-119
  • 李卷孺,谷大武,陆海宁. 一种精简二进制代码的程序理解方法[J]. 计算机应用. 2008,28(10):2608-2612