* Applied crypto
– Practical Detection of Entropy Loss in Pseudo-Random Number Generators, CCS 2016
– A Comprehensive Formal Security Analysis of OAuth 2.0, CCS 2016
– Cryptographic Function Detection in Obfuscated Binaries via Bit-precise Symbolic Loop Mapping, Security and Privacy 2017
– Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions, USENIX Security 2017
– Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, CCS 2017
* Network security
– DELTA: A Security Assessment Framework for Software-Defined Networks, NDSS 2017
– Dissecting Tor Bridges: A Security Evaluation of their Private and Public Infrastructures, NDSS 2017
* Software security
– Statistical Deobfuscation of Android Applications, CCS 2016
– Scalable Graph-based Bug Search for Firmware Images, CCS 2016
– VUzzer: Application-aware Evolutionary Fuzzing, NDSS 2017
– PayBreak: Defense Against Cryptographic Ransomware, ASIACCS 2017
– IMF: Inferred Model-based Fuzzer, CCS 2017
* Mobile security
– TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime, CCS 2016
– Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, CCS 2016
– Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop, Security and Privacy 2017
* System security
– AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems, CCS 2016
– Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud, NDSS 2017
– Iron: Functional Encryption using Intel SGX, CCS 2017
* Web security
– Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots, NDSS 2017
– (Cross-)Browser Fingerprinting via OS and Hardware Level Features, NDSS 2017
* Authentication
– The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio, CCS 2016
– KEH-Gait: Towards a Mobile Healthcare User Authentication System by Kinetic Energy Harvesting, NDSS 2017
– The Password Reset MitM Attack, Security and Privacy 2017
– SysPal:System-guided Pattern Locks for Android, Security and Privacy 2017
– Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication, CCS 2017
* AI security
– Virtual U: Defeating Face Liveness Detection by Building Virtual Models From Your Public Photos, USENIX Security 2016
– FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature, CCS 2016
– Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition, CCS 2016
– DolphinAttack: Inaudible Voice Commands, CCS 2017
* New applications
– On the Security and Performance of Proof of Work Blockchains, CCS 2016
– Making Smart Contracts Smarter, CCS 2016
– Hijacking Bitcoin: Routing Attacks on Cryptocurrencies, Security and Privacy 2017
– Detecting Credential Spearphishing in Enterprise Settings, USENIX Security 2017
– Understanding the Mirai Botnet, USENIX Security 2017