Skip to content

Latest commit

 

History

History
221 lines (219 loc) · 20.3 KB

G.O.S.S.I.P 学术论文推荐 2020.md

File metadata and controls

221 lines (219 loc) · 20.3 KB

G.O.S.S.I.P 学术论文推荐 2020

https://github.com/GoSSIP-SJTU/dailyPaper/

  • 2020-02-14: A Survey of Binary Code Similarity
  • 2020-02-15: μRAI: Securing Embedded Systems with ReturnAddress Integrity @ NDSS 2020
  • 2020-02-16: Security Analysis of Unified Payments Interface and Payment Apps in India @ USENIX Security 2020
  • 2020-02-17: Why Cryptosystems Fail Revisited
  • 2020-02-18: Nail: A Practical Tool for Parsing and Generating Data Formats @ OSDI 2014
  • 2020-02-19: Postcards from the Post-HTTP World:Amplification of HTTPS Vulnerabilities in the Web Ecosystem @ IEEE S&P 2019
  • 2020-02-20: Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps @ CCS 2019
  • 2020-02-21: SMARTSHIELD: Automatic Smart Contract Protection Made Easy @ SANER 2020
  • 2020-02-23: 新型冠状病毒感染疫情下的思考
  • 2020-02-24: An Empirical Study of Android Security Bulletins in Different Vendors @ WWW 2020
  • 2020-02-25: Burglars’ IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds @ IEEE S&P 2020
  • 2020-02-26: Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters @ CCS 2019
  • 2020-02-27: An Observational Investigation of Reverse Engineers’ Processes @ Usenix Security 2020
  • 2020-02-28: Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem @ NDSS 2020
  • 2020-03-02: Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities @ ACM Computing Surveys 2019-8
  • 2020-03-03: Pseudorandom Black Swans: Cache Attacks on CTR DRBG @ IEEE S&P 2020
  • 2020-03-04: Why Does Your Data Leak? Uncovering the Data Leakage in Cloud from Mobile Apps @ IEEE S&P 2019
  • 2020-03-05: Evanesco: Architectural Support for Efficient Data Sanitization in Modern Flash-Based Storage Systems @ ASPLOS 2020
  • 2020-03-06: Container Security: Issues, Challenges, and the Road Ahead @ IEEE Access
  • 2020-03-09: FUSE: Finding File Upload Bugs via Penetration Testing @ NDSS 2020
  • 2020-03-10: An Analysis of Pre-installed Android Software @ IEEE S&P 2020
  • 2020-03-11: DEEPBINDIFF: Learning Program-Wide Code Representations for Binary Diffing @ NDSS 2020
  • 2020-03-12: Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars @ CHES 2019
  • 2020-03-13: A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned @ ICSE 2020
  • 2020-3-16: IJON: Exploring Deep State Spaces via Fuzzing @ IEEE S&P 2020
  • 2020-03-17: SoK: Benchmarking Flaws in Systems Security @ Euro S&P 2019
  • 2020-03-18: KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware @ IEEE S&P 2020
  • 2020-03-19: SPIDER: Enabling Fast Patch Propagation in Related Software Repositories @ IEEE S&P 2020
  • 2020-03-20: Revealing Injection Vulnerabilities by Leveraging Existing Tests @ ICSE 2020
  • 2020-03-23: Serving Mobile Apps A Slice at a Time @ Eurosys 2019
  • 2020-03-24: CRYPTOGUARD @ CCS 2019
  • 2020-03-25: InputScope @ S&P 2020
  • 2020-03-26: Hurdle @ ASPLOS 2020
  • 2020-04-01: EcoFuzz Usenix Security 2020
  • 2020-04-02: Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines @ Usenix Security 2020
  • 2020-04-03: KOOBE @ Usenix Security 2020
  • 2020-04-07: Cached and Confused Web Cache Deception in the Wild @ Usenix Security 2020
  • 2020-04-08: SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red Handed) @ AsiaCCS 2019
  • 2020-04-09: “Go eat a bat, Chang!” An Early Look on the Emergence of Sinophobic Behavior on Web Communities in the Face of COVID-19
  • 2020-04-10: Automated Program Repair @ Communications of the ACM 2019
  • 2020-04-13: Plug-N-Pwned @ Usenix Security 2020
  • 2020-04-14: Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities @ ICSE 2020
  • 2020-04-15: FANS @ Usenix Security 2020
  • 2020-04-16: SoK Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems @ S&P 2020
  • 2020-04-17: Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison @ NDSS 2020
  • 2020-04-20: KRACE @ S&P 2020
  • 2020-04-21: KASLR @ AsiaCCS 2020
  • 2020-04-22: “Anyone Else Seeing this Error” Community, System Administrators, and Patch Information @ EuroS&P 2020
  • 2020-04-23: BinRec @ EuroSys 2020
  • 2020-04-24: HYPER-CUBE @ NDSS 2020
  • 2020-04-27: An Empirical Assessment of Security Risks of Global Android Banking Apps @ ICSE 2020
  • 2020-04-28: NOJITSU @ NDSS 2020
  • 2020-04-29: Binary Rewriting without Control Flow Recovery @ PLDI 2020
  • 2020-04-30: MassBrowser @ NDSS 2020
  • 2020-05-06: Scalable Validation of Binary Lifters @ PLDI 2020
  • 2020-05-07: Binary Debloating for Security via Demand Driven Loading @ PLDI 2020
  • 2020-05-08: HFL Hybrid Fuzzing on the Linux Kernel @ NDSS 2020
  • 2020-05-09: Introduction-to-Trusted-Execution-Environment @ IEEE S&P May2018
  • 2020-05-11: NetCAT @ S&P 2020
  • 2020-05-12: From Needs to Actions to Secure Apps The Effect of Requirements and Developer Practices on App Security @ Usenix Security 2020
  • 2020-05-13: SoK Delegation and Revocation, the Missing Links in the Web’s Chain of Trust @ EuroS&P 2020
  • 2020-05-14: Extracting Taint Specifications for JavaScript Libraries @ ICSE 2020
  • 2020-05-15: A Survey of Compiler Testing @ ACM Computing Surveys2019
  • 2020-05-18: CHEx86 @ ISCA 2020
  • 2020-05-19: One Giant Leap for Computer Security @ S&P 2020
  • 2020-05-20: Packet Chasing Spying on Network Packets over a Cache Side-Channel @ ISCA 2020
  • 2020-05-21: BIAS @ S&P 2020
  • 2020-05-22: Ex-vivo dynamic analysis framework for Android device drivers @ S&P 2020
  • 2020-05-25: xMP @ S&P 2020
  • 2020-05-26: SPIDER @ S&P 2020
  • 2020-05-28: GREYONE @ Usenix Security 2020
  • 2020-05-29: Getafix @ OOPSLA 2019
  • 2020-06-01: Meddling Middlemen @ Oakland 2020
  • 2020-06-02: Automatic Techniques to Systematically Discover @ Usenix Security 2020
  • 2020-06-03: Intra-Unikernel Isolation with Intel Memory @ VEE 2020
  • 2020-06-04: Instrew @ VEE 2020
  • 2020-06-05: FuzzGen Automatic Fuzzer Generation @ Usenix Security 2020
  • 2020-06-08: MarkUs Drop-in use-after-free prevention for low-level languages @ S&P 2020
  • 2020-06-09: Exploitation Techniques and Defenses for Data-Oriented Attacks @ SecDev 2019
  • 2020-06-10: Egalito @ ASPLOS 2020
  • 2020-06-11: PKU Pitfalls @ Usenix Security 2020
  • 2020-06-12: Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks @ Usenix Security 2020
  • 2020-06-15: USBFuzz @ Usenix Security 2020
  • 2020-06-16: CDN Judo @ NDSS 2020
  • 2020-06-17: Speculative Data-Oblivious Execution Mobilizing Safe Prediction For Safe and Efficient Speculative Execution @ ISCA 2020
  • 2020-06-18: Not So Fast Understanding and Mitigating Negative Impacts of Compiler Optimizationson Code Reuse Gadget Sets
  • 2020-06-19: What Developers Want and Need from Program Analysis An Empirical Study @ ASE 2016
  • 2020-06-22: An Empirical Study on ARM Disassembly Tools @ ISSTA 2020
  • 2020-06-23: Retrofitting Fine Grain Isolation in the Firefox Renderer @ Usenix Security 2020
  • 2020-06-24: You shall not pass Mitigating SQL Injection Attacks on Legacy Web Applications @ AsiaCCS 2020
  • 2020-06-28: LIBSPECTOR @ DSN 2020
  • 2020-06-29: Squirrel Testing Database Management Systems with Language Validity and Coverage Feedback @ CCS 2020
  • 2020-06-30: Everything Old is New Again Binary Security of WebAssembly @ Usenix Security 2020
  • 2020-07-01: AURORA Statistical Crash Analysis for Automated Root Cause Explanation @ USENIX Security 2020
  • 2020-07-02: Quantitative Assessment on the Limitations of Code Randomization for Legacy Binaries @ Euro S&P 2020
  • 2020-07-03: Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs @ PLDI 2020
  • 2020-07-06: KShot Live Kernel Patching with SMM and SGX @ DSN 2020
  • 2020-07-07: Sys a StaticSymbolic Tool for Finding Good Bugs in Good (Browser) Code @ Usenix Security 2020
  • 2020-07-08: Identifying Java Calls in Native Code via Binary Scanning @ ISSTA 2020
  • 2020-07-09: CRYLOGGER Detecting Crypto Misuses Dynamically @ S&P 2021
  • 2020-07-10: An Empirical Study of Potentially Malicious Third-Party @ WiSec 2020
  • 2020-07-13: Fuzzing JavaScript Engines with Aspect-preserving Mutation @ S&P 2020
  • 2020-07-14: Zigator @ WiSec 2020
  • 2020-07-15: Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection @ Usenix Security 2020
  • 2020-07-16: Demystifying Resource Management Risks in Emerging MobileApp-in-App Ecosystems @ CCS 2020
  • 2020-07-17: iOS, Your OS, Everybody’s OS Vetting and Analyzing Network Services of iOS Applications @ USENIX Security 2020
  • 2020-07-20: Experimental Security Analysis of a Modern Automobile @ Oakland 2010
  • 2020-07-21: The Industrial Age of Hacking @ Usenix Security 2020
  • 2020-07-22: Shattered Chain of Trust Understanding Security Risks in Cross-Cloud IoT Access Delegation @ Usenix Security 2020
  • 2020-07-23: (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization @ Usenix Security 2020
  • 2020-07-24: DICE @ S&P 2021
  • 2020-07-27: Text Captcha Is Dead A Large Scale Deployment and Empirical Study @ CCS 2020
  • 2020-07-28: Reverse Debugging of Kernel Failures in Deployed Systems @ USENIX ATC 2020
  • 2020-07-29: How far we have come testing decompilation correctness of C decompilers @ ISSTA 2020
  • 2020-07-30: HardSnap @ DSN 2020
  • 2020-07-31: SoK All You Ever Wanted to Know About x86 x64 Binary Disassembly But Were Afraid to Ask @ arxiv
  • 2020-08-03: Symbolic execution with SYMCC @ Usenix Security 2020
  • 2020-08-04: Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection @ CCS 2020
  • 2020-08-05: How Does Misconfiguration of Analytic Services Compromise Mobile Privacy @ ICSE 2020
  • 2020-08-06: SweynTooth: Unleashing Mayhem over Bluetooth Low Energy @ Usenix ATC 2020
  • 2020-08-07: CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing @ S&P 2021
  • 2020-08-10: Finding Client-side Business Flow Tampering Vulnerabilities @ ICSE 2020
  • 2020-08-11: Running Symbolic Execution Forever @ ISSTA 2020
  • 2020-08-12: Confine: Automated System Call Policy Generation for Container Attack Surface Reduction @ RAID 2020
  • 2020-08-13: Unearthing the TrustedCore: A Critical Review on Huawei’s Trusted Execution Environment @ WOOT 2020
  • 2020-08-14: Eight Years of Rider Measurement in the Android Malware Ecosystem @ TDSC 2020
  • 2020-08-17: All Your App Links are Belong to Us: Understanding the Threats of Instant Apps based Attacks
  • 2020-08-18: BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy Networks @ RAID 2020
  • 2020-08-19: Firmware Insider: Bluetooth Randomness is Mostly Random @ WOOT 2020
  • 2020-08-20: BASTION: A Security Enforcement Network Stack for Container Networks @ Usenix ATC 2020
  • 2020-08-21: FuZZan: Efficient Sanitizer Metadata Design for Fuzzing @ Usenix ATC 2020
  • 2020-08-24: Magma: A Ground-Truth Fuzzing Benchmark
  • 2020-08-25: SoK: Security and Privacy in the Age of Commercial Drones @ S&P 2021
  • 2020-08-26: A Generic Technique for Automatically FindingDefense-Aware Code Reuse Attacks @ CCS 2020
  • 2020-08-27: A Study of the Privacy of COVID-19 Contact Tracing Apps @ SECURECOMM 2020
  • 2020-08-28: The Art, Science, and Engineering of Fuzzing: A Survey @ TSE 2019
  • 2020-08-31: SPINFER: Inferring Semantic Patches for the Linux Kernel @ Usenix ATC 2020
  • 2020-09-01: The Taint Rabbit: Optimizing Generic Taint Analysis with Dynamic Fast Path Generation @ AsiaCCS 2020
  • 2020-09-02: When TLS Meets Proxy on Mobile @ ACNS 2020
  • 2020-09-03: Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic @ DSN 2020
  • 2020-09-04: Temporal System Call Specialization for Attack Surface Reduction @ Usenix Security 2020
  • 2020-09-07: Donky: Domain Keys – Efficient In-Process Isolation for RISC-V and x86 @ Usenix Security 2020
  • 2020-09-08: Datalog Disassembly @ Usenix Security 2020
  • 2020-09-09: Towards HTTPS Everywhere on Android: We Are Not There Yet @ Usenix Security 2020
  • 2020-09-10: Saffire: Context-sensitive Function Specialization against Code Reuse Attacks @ Euro S&P 2020
  • 2020-09-11: PTAuth: Temporal Memory Safety via Robust Points-to Authentication @ Usenix Security 2021
  • 2020-09-14: Let’s Revoke: Scalable Global Certificate Revocation @ NDSS 2020
  • 2020-09-15: MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures @ Usenix Security 2020
  • 2020-09-16: From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security @ USENIX Security 2020
  • 2020-09-17: MemLock: Memory Usage Guided Fuzzing @ ICSE 2020
  • 2020-09-18: Summary-Based Symbolic Evaluation for Smart Contracts @ ASE 2020
  • 2020-09-21: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities @ RAID 2020
  • 2020-09-22: Saffire: Context-sensitive Function Specialization against Code Reuse Attacks @ EuroS&P 2020
  • 2020-09-23: Systematic comparison of symbolic execution systems: intermediate representation and its generation @ ACSAC 2019
  • 2020-09-24: When Function Signature Recovery Meets Compiler Optimization @ IEEE S&P 2021
  • 2020-09-25: Reading between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems @ IEEE S&P 2021
  • 2020-09-27: Muzz: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs @ USENIX Security 2020
  • 2020-09-28: SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems @ S&P 2020
  • 2020-09-29: BigMAC: Fine-Grained Policy Analysis of Android Firmware @ USENIX Security 2020
  • 2020-09-30: A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link @ USENIX Security 2019
  • 2020-10-10: That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers @ USENIX Security 2020
  • 2020-10-12: ConFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections forModern Software @ USENIX Security 2019
  • 2020-10-13: A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces @ S&P 2021
  • 2020-10-14: What’s in an Exploit? An Empirical Analysis of Reflected Server XSS Exploitation Techniques @ RAID 2020
  • 2020-10-16: Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code @ USENIX Security 2021
  • 2020-10-19: HyDiff: Hybrid Differential Software Analysis @ ICSE 2020
  • 2020-10-20: ParmeSan: Sanitizer-guided Greybox Fuzzing @ USENIX Security 2020
  • 2020-10-21: PatchScope: Memory Object Centric Patch Diffing @ CCS 2020
  • 2020-10-22: Lightweight Kernel Isolation with Virtualization and VM Functions @ VEE 2020
  • 2020-10-23: A Comb for Decompiled C Code @ AsiaCCS 2020
  • 2020-10-26: HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities @ ACSAC 2020
  • 2020-10-27: FuzziFication: Anti-Fuzzing Techniques @ USENIX Security 2019
  • 2020-10-28: NativeX: Native Executioner Freezes Android @ ASIA CCS 2020
  • 2020-10-29: PANGOLIN: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction @ S&P 2020
  • 2020-10-30: Exploiting Mixed Binaries
  • 2020-11-02: iDEA: Static Analysis on the Security of Apple Kernel Drivers @ CCS 2020
  • 2020-11-03: RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection @ CCS 2020
  • 2020-11-04: A Systematic Study of Elastic Objects in Kernel Exploitation @ CCS 2020
  • 2020-11-05: Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups @ CCS 2019
  • 2020-11-07: Investigating Large Scale HTTPS Interception in Kazakhstan @ IMC 2020
  • 2020-11-09: PDiff: Semantic-based Patch Presence Testing for Downstream Kernels @ CCS 2020
  • 2020-11-10: On Measuring RPKI Relying Parties @ IMC 2020
  • 2020-11-12: Method Confusion Attack on Bluetooth Pairing @ IEEE S&P 2021
  • 2020-11-13: Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident? @ IMC 2020
  • 2020-11-16: Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP @ CCS 2020
  • 2020-11-17: Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks @ CCS 2020
  • 2020-11-18: Similarity of Binaries Across Optimization Levels and Obfuscation @ ESORICS 2020
  • 2020-11-19: Nibbler: Debloating Binary Shared Libraries @ ACSAC 2020
  • 2020-11-20: Tracing and Analyzing Web Access Paths Based on User-Side Data Collection: How Do Users Reach Malicious URLs? @ RAID 2020
  • 2020-11-23: The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws @ CCS 2020
  • 2020-11-24: Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches @ NDSS 2020
  • 2020-11-25: PMForce: Systematically Analyzing postMessage Handlers at Scale @ CCS 2020
  • 2020-11-26: BlueDoor: breaking the secure information flow via BLE vulnerability @ MobiSys 2020
  • 2020-11-27: Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill @ CCS 2020
  • 2020-11-30: FreeDom: Engineering a State-of-the-Art DOM Fuzzer @ CCS 2020
  • 2020-12-01: UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats @ NDSS 2020
  • 2020-12-02: Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists @ Usenix Security 2021
  • 2020-12-03: Black Widow: Blackbox Data-driven Web Scanning @ IEEE S&P 2021
  • 2020-12-04: HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes @ Usenix Security 2021
  • 2020-12-07: PACStack: an Authenticated Call Stack @ Usenix Security 2021
  • 2020-12-08: PAC it up: Towards Pointer Integrity using ARM Pointer Authentication @ Usenix Security 2019
  • 2020-12-09: CAPS: Smoothly Transitioning to a More Resilient Web PKI @ ACSAC 2020
  • 2020-12-10: Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications @ Usenix Security 2021
  • 2020-12-11: JSKernel: Fortifying JavaScript against Web Concurrency Attacks via a Kernel-like Structure @ DSN 2020
  • 2020-12-14: UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers @ Usenix Security 2021
  • 2020-12-15: Understanding and Securing Device Vulnerabilities through Automated BugReport Analysis @ Usenix Security 2019
  • 2020-12-16: Depending on HTTP/2 for Privacy? Good Luck! @ DSN 2020
  • 2020-12-17: A Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New Bugs @ ACSAC 2020
  • 2020-12-18: Up2Dep: Android Tool Support to Fix Insecure Code Dependencies @ ACSAC 2020
  • 2020-12-21: Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets @ Usenix Security 2020
  • 2020-12-22: BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy @ Usenix Security Woot 2020
  • 2020-12-23: MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis @ CCS 2019
  • 2020-12-24: Can I Take Your Subdomain? Exploring Related-Domain Attacks in the Modern Web
  • 2020-12-28: An Investigation of the Android Kernel Patch Ecosystem @ Usenix Security 2021
  • 2020-12-29: Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses @ IEEE S&P 2020
  • 2020-12-30: Melting Pot of Origins: Compromising theIntermediary Web Services that Rehost Websites @ NDSS 2020