[17] CCS'20
Haoran Lu, Luyi Xing*,
Yue Xiao, Yifan Zhang, Xiaojing Liao, Xiaofeng Wang, Xueqiang Wang.
"Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems." To appear in the ACM Conference on Computer and Communications Security (CCS), 2020.
[pdf, attack demos, source code]
(* Corresponding author.)
[16] Usenix Security'20
Bin Yuan, Yan Jia, Luyi Xing*,
Dongfang Zhao, Xiaofeng Wang, Deqing Zou, Hai Jin, Yuqing Zhang.
"Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation." The 28th USENIX Security Symposium, 2020.
[pdf, attack demos, source code]
(* Corresponding author.)
[15] S&P'20 (Oakland)
Yan Jia, Luyi Xing,
Yuhang Mao, Dongfang Zhao, Xiaofeng Wang, Shangru Zhao, Yuqing Zhang.
"Burglars’ IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds". The 41st IEEE Symposium on Security and Privacy (Oakland), 2020.
[pdf, attack demos, source code]
(I spent major efforts in the advising of this paper.)
[14] Usenix Security'19
Yi Chen, Luyi Xing,
Yue Qin, Xiaojing Liao, XiaoFeng Wang, Kai Chen, Wei Zou.
"Devils in the Guidance: Predicting Logic Vulnerabilities in Payment Syndication Services through Automated Documentation Analysis". The 28th USENIX Security Symposium, 2019.
[pdf, bibtex, attack demos, source code]
[13] Black Hat'19
Yan Jia, Luyi Xing.
"Sneak into Your Room: Security Holes in the Integration and Management of Messaging Protocols on Commercial IoT Clouds".
Research Gap:
From Nov. 2015 to Jun. 2018, I was away from academia, focusing on engineering large commercial systems at AWS and Amazon.com.
[12] CCS'17
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. "Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews."
The ACM Conference on Computer and Communications Security (CCS), 2017.
[pdf, bibtex, attack demos]
[11] BlackHat'16
Luyi Xing, Xiaolong Bai.
"Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf."
[10] CCS'16
Xiaojing Liao, Sumach Alrwais, Kan Yuan, Luyi Xing, XiaoFeng Wang, Shuang Hao, and Raheem Beyah.
"Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service.”
The ACM Conference on Computer and Communications Security (CCS), 2016.
[pdf, bibtex]
[9] CCS'16
Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhou Li, Luyi Xing, and Raheem Beyah.
"Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence.”
The ACM Conference on Computer and Communications Security (CCS), 2016.
[pdf, bibtex]
[8] S&P'16 (Oakland)
Luyi Xing, Xiaolong Bai (co-first author), Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li and Shi-min Hu.
“Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf."
The 37th IEEE Symposium on Security and Privacy (IEEE S&P) 2016.
[pdf, bibtex, attack demos]
[7] S&P'16 (Oakland)
Xiaojing Liao, K. Yuan, X. Wang, Z. Pei, H. Yang, J. Chen, H. Duan, K. Du, E. Alowaisheq, S. Alrwais,
Luyi Xing and R. Beyah.
“Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search”.
The 37th IEEE Symposium on Security and Privacy (IEEE S&P) 2016.
[pdf, bibtex]
[6] IEEE Security & Privacy (Journal)
Luyi Xing, Xiaolong Bai(co-first author), Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, and Shi-min Hu.
"Apple ZeroConf Holes: How Hackers Can Steal iPhone Photos."
[pdf, bibtex]
[5] CCS'15.
Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-min Hu, Xinhui Han.
"Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS."
The 22nd ACM Conference on Computer and Communications Security (CCS) 2015.
[pdf, bibtex, attack demos]
[4] CCS'14.
Tongxin Li, Xiaoyong Zhou, Luyi Xing, Yeonjoon Lee, Muhammad Naveed, XiaoFeng Wang and Xinhui Han.
"Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services."
The 21st ACM Conference on Computer and Communications Security (CCS) 2014.
[pdf, bibtex, attack demos]
[3] S&P'14 (Oakland)
Luyi Xing, Xiaorui Pan, Rui Wang, Kan Yuan, XiaoFeng Wang.
"Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating."
The 35th IEEE Symposium on Security and Privacy (IEEE S&P) 2014.
[pdf, bibtex, attack demos]
[2] CCS'13.
Rui Wang, Luyi Xing, XiaoFeng Wang, Shuo Chen.
"Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation."
The 20th ACM Conference on Computer and Communications Security (CCS) 2013.
[pdf, bibtex, attack demos]
[1] NDSS'13.
Luyi Xing, Yangyi Chen, XiaoFeng Wang, Shuo Chen.
"InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations."
The 20th Annual Network &Distributed System Security Symposium (NDSS) 2013.
[pdf, bibtex, demo]
Haoran Lu, Luyi Xing*,
Yue Xiao, Yifan Zhang, Xiaojing Liao, Xiaofeng Wang, Xueqiang Wang.
"Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems." To appear in the ACM Conference on Computer and Communications Security (CCS), 2020.
[pdf, attack demos, source code]
(* Corresponding author.)
[16] Usenix Security'20
Bin Yuan, Yan Jia, Luyi Xing*,
Dongfang Zhao, Xiaofeng Wang, Deqing Zou, Hai Jin, Yuqing Zhang.
"Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation." The 28th USENIX Security Symposium, 2020.
[pdf, attack demos, source code]
(* Corresponding author.)
[15] S&P'20 (Oakland)
Yan Jia, Luyi Xing,
Yuhang Mao, Dongfang Zhao, Xiaofeng Wang, Shangru Zhao, Yuqing Zhang.
"Burglars’ IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds". The 41st IEEE Symposium on Security and Privacy (Oakland), 2020.
[pdf, attack demos, source code]
(I spent major efforts in the advising of this paper.)
[14] Usenix Security'19
Yi Chen, Luyi Xing,
Yue Qin, Xiaojing Liao, XiaoFeng Wang, Kai Chen, Wei Zou.
"Devils in the Guidance: Predicting Logic Vulnerabilities in Payment Syndication Services through Automated Documentation Analysis". The 28th USENIX Security Symposium, 2019.
[pdf, bibtex, attack demos, source code]
[13] Black Hat'19
Yan Jia, Luyi Xing.
"Sneak into Your Room: Security Holes in the Integration and Management of Messaging Protocols on Commercial IoT Clouds".
Research Gap:
From Nov. 2015 to Jun. 2018, I was away from academia, focusing on engineering large commercial systems at AWS and Amazon.com.
[12] CCS'17
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. "Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews."
The ACM Conference on Computer and Communications Security (CCS), 2017.
[pdf, bibtex, attack demos]
[11] BlackHat'16
Luyi Xing, Xiaolong Bai.
"Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf."
[10] CCS'16
Xiaojing Liao, Sumach Alrwais, Kan Yuan, Luyi Xing, XiaoFeng Wang, Shuang Hao, and Raheem Beyah.
"Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service.”
The ACM Conference on Computer and Communications Security (CCS), 2016.
[pdf, bibtex]
[9] CCS'16
Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhou Li, Luyi Xing, and Raheem Beyah.
"Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence.”
The ACM Conference on Computer and Communications Security (CCS), 2016.
[pdf, bibtex]
[8] S&P'16 (Oakland)
Luyi Xing, Xiaolong Bai (co-first author), Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li and Shi-min Hu.
“Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf."
The 37th IEEE Symposium on Security and Privacy (IEEE S&P) 2016.
[pdf, bibtex, attack demos]
[7] S&P'16 (Oakland)
Xiaojing Liao, K. Yuan, X. Wang, Z. Pei, H. Yang, J. Chen, H. Duan, K. Du, E. Alowaisheq, S. Alrwais,
Luyi Xing and R. Beyah.
“Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search”.
The 37th IEEE Symposium on Security and Privacy (IEEE S&P) 2016.
[pdf, bibtex]
[6] IEEE Security & Privacy (Journal)
Luyi Xing, Xiaolong Bai(co-first author), Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, and Shi-min Hu.
"Apple ZeroConf Holes: How Hackers Can Steal iPhone Photos."
[pdf, bibtex]
[5] CCS'15.
Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-min Hu, Xinhui Han.
"Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS."
The 22nd ACM Conference on Computer and Communications Security (CCS) 2015.
[pdf, bibtex, attack demos]
[4] CCS'14.
Tongxin Li, Xiaoyong Zhou, Luyi Xing, Yeonjoon Lee, Muhammad Naveed, XiaoFeng Wang and Xinhui Han.
"Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services."
The 21st ACM Conference on Computer and Communications Security (CCS) 2014.
[pdf, bibtex, attack demos]
[3] S&P'14 (Oakland)
Luyi Xing, Xiaorui Pan, Rui Wang, Kan Yuan, XiaoFeng Wang.
"Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating."
The 35th IEEE Symposium on Security and Privacy (IEEE S&P) 2014.
[pdf, bibtex, attack demos]
[2] CCS'13.
Rui Wang, Luyi Xing, XiaoFeng Wang, Shuo Chen.
"Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation."
The 20th ACM Conference on Computer and Communications Security (CCS) 2013.
[pdf, bibtex, attack demos]
[1] NDSS'13.
Luyi Xing, Yangyi Chen, XiaoFeng Wang, Shuo Chen.
"InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations."
The 20th Annual Network &Distributed System Security Symposium (NDSS) 2013.
[pdf, bibtex, demo]
