Publications

Download BibTeX.

2024
May
Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol Implementations.
Zhengjie Du, Yuekang Li, Yaowen Zheng, Xiaohan Zhang, Cen Zhang, Yi Liu, Sheikh Mahbub Habib, Xinghua Li, Linzhang Wang, Yang Liu, and others.
Proceedings of the ACM on Web Conference 2024.
[paper]
2023
June
OCFI: Make Function Entry Identification Hard Again.
Chengbin Pang, Tiantai Zhang, Xuelan Xu, Linzhang Wang, and Bing Mao.
Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis.
[paper]
2023
April
Warpattack: bypassing cfi through compiler-introduced double-fetches.
Jianhao Xu, Luca Di Bartolomeo, Flavio Toffalini, Bing Mao, and Mathias Payer.
2023 IEEE Symposium on Security and Privacy (SP).
[paper]
2023
February
Silent Bugs Matter: A Study of $\$Compiler-Introduced$\$ Security Bugs.
Jianhao Xu, Kangjie Lu, Zhengjie Du, Zhu Ding, Linke Li, Qiushi Wu, Mathias Payer, and Bing Mao.
32nd USENIX Security Symposium (USENIX Security 23).
[paper]
2022
December
Nimbus: Toward Speed Up Function Signature Recovery via Input Resizing and Multi-Task Learning.
Yi Qian, Ligeng Chen, Yuyang Wang, and Bing Mao.
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS).
[paper]
2022
August
Ground Truth for Binary Disassembly is Not Easy.
Chengbin Pang, Tiantai Zhang, Ruotong Yu, Bing Mao, and Jun Xu.
31st USENIX Security Symposium (USENIX Security 22).
[paper]
2022
May
WindRanger: A Directed Greybox Fuzzer driven by Deviation Basic Block.
Zhengjie Du, Yuekang Li, Yang Liu, and Bing Mao.
44th International Conference on Software Engineering(ICSE 2022).
[paper]
2022
March
DIComP: Lightweight Data-Driven Inference of Binary Compiler Provenance with High Accuracy.
Ligeng Chen, Zhongling He, Wu Hao, fengyuan Xu, Yi Qian, and Bing Mao.
29th IEEE International Conference onSoftware Analysis, Evolution and Reengineering(SANER 2022).
[paper]
2021
September
RoBin: Facilitating the Reproduction of Configuration-Related Vulnerability.
Ligeng Chen, Jian Guo, Zhongling He, Dongliang Mu, and Bing Mao.
20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications(IEEE TrustCom 2021).
[paper]
2021
May
SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask.
C Pang, R Yu, Y Chen, E Koskinen, G Portokalidis, B Mao, and J Xu.
42nd IEEE Symposium on Security and Privacy(S&P 2021).
[paper] [code] [data]
2020
September
HART: Hardware-Assisted Kernel Module Tracing on Arm.
Yunlan Du, Zhenyu Ning, Jun Xu, Zhilong Wang, Yueh-Hsun Lin, Fengwei Zhang, Xinyu Xing, and Bing Mao.
European Symposium on Research in Computer Security(ESORICS 2020).
[paper]
2020
July
CATI: Context-Assited Type Inference from Stripped Binaries.
Ligeng Chen, Zhongling He, and Bing Mao.
50th IEEE/IFIP International Conference on Dependable Systems and Networks(DSN 2020).
[paper]
2019
November
RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis.
D Mu, W Guo, Y Chen, A Cuevas, C Song, X Xing, and M Bing.
34th International Conference on Automated Software Engineering (ASE 2019).
[paper] [code]
2019
September
POMP++: Facilitating Postmortem Program Diagnosis with Value-set Analysis.
Dongliang Mu, Yunlan Du, Jianhao Xu, Jun Xu, Xinyu Xing, Bing Mao, and Peng Liu.
IEEE Transactions on Software Engineering(TSE).
[paper]
2019
August
Ptrix: Efficient hardware-assisted fuzzing for cots binary.
Yaohui Chen, Dongliang Mu, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, and Bing Mao.
Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security(ASIACCS 2019).
2018
December
Mapping to Bits: Efficiently Detecting Type Confusion Errors.
Chengbin Pang, Yunlan Du, bing Mao, and Shanqing Guo.
34th Annual Computer Security Applications Conference(ACSAC 2018).
[paper] [code]
2018
August
Understanding the reproducibility of crowd-reported security vulnerabilities.
Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, and Gang Wang.
27th USENIX Security Symposium 18(USENIX Security 2018).
[paper] [data]
2018
April
To Detect Stack Buffer Overflow with Polymorphic Canaries.
Zhilong Wang, Xuhua Ding, Chengbin Pang, Jian Guo, Jun Zhu, and Bing Mao.
2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018).
[paper] [code]
2017
October
DiffGuard: Obscuring Sensitive Information in Canary Based Protections.
Jun Zhu, Weiping Zhou, Zhilong Wang, Dongliang Mu, and Bing Mao.
International Conference on Security and Privacy in Communication Systems.
2017
October
ROPOB: Obfuscating Binary Code via Return Oriented Programming.
Dongliang Mu, Jia Guo, Wenbiao Ding, Zhilong Wang, Bing Mao, and Lei Shi.
International Conference on Security and Privacy in Communication Systems.
2017
August
Postmortem program analysis with hardware-enhanced post-crash artifacts.
Jun Xu, Dongliang Mu, Xinyu Xing, Peng Liu, Ping Chen, and Bing Mao.
26th USENIX Security Symposium (USENIX Security 17).
2017
June
What you see is not what you get! thwarting just-in-time rop with chameleon.
Ping Chen, Jun Xu, Zhisheng Hu, Xinyu Xing, Minghui Zhu, Bing Mao, and Peng Liu.
Dependable Systems and Networks (DSN), 2017 47th Annual IEEE/IFIP International Conference on.
2016
October
Data Flow Analysis on Android Platform with Fragment Lifecycle Modeling.
Yongfeng Li, Jinbin Ouyang, Shanqing Guo, and Bing Mao.
International Conference on Security and Privacy in Communication Systems.
2016
May
Impeding behavior-based malware analysis via replacement attacks to malware specifications.
Jiang Ming, Zhi Xin, Pengwei Lan, Dinghao Wu, Peng Liu, and Bing Mao.
Journal of Computer Virology and Hacking Techniques 13(3).
2015
October
Detection, classification and characterization of Android malware using API data dependency.
Yongfeng Li, Tong Shen, Xin Sun, Xuerui Pan, and Bing Mao.
International Conference on Security and Privacy in Communication Systems.
2015
September
A practical approach for adaptive data structure layout randomization.
Ping Chen, Jun Xu, Zhiqiang Lin, Dongyan Xu, Bing Mao, and Peng Liu.
European Symposium on Research in Computer Security.
2015
June
Textlogger: inferring longer inputs on touch screen using motion sensors.
Dan Ping, Xin Sun, and Bing Mao.
Proceedings of the 8th ACM Conference on Security \& Privacy in Wireless and Mobile Networks.
2015
June
Replacement attacks: automatically impeding behavior-based malware specifications.
Jiang Ming, Zhi Xin, Pengwei Lan, Dinghao Wu, Peng Liu, and Bing Mao.
International Conference on Applied Cryptography and Network Security.
2014
October
Automatic construction of printable return-oriented programming payload.
Wenbiao Ding, Xiao Xing, Ping Chen, Zhi Xin, and Bing Mao.
Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on.
2014
September
Detect Android malware variants using component based topology graph.
Tong Shen, Yibing Zhongyang, Zhi Xin, Bing Mao, and Hao Huang.
2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).
2014
September
Defensor: Lightweight and efficient security-enhanced framework for Android.
Xuerui Pan, Yibing Zhongyang, Zhi Xin, Bing Mao, and Hao Huang.
Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on.
2014
June
Detecting code reuse in android applications using component-based control flow graph.
Xin Sun, Yibing Zhongyang, Zhi Xin, Bing Mao, and Li Xie.
IFIP International Information Security Conference.
2014
June
System call redirection: A practical approach to meeting real-world virtual machine introspection needs.
Rui Wu, Ping Chen, Peng Liu, and Bing Mao.
Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on.
2013
May
JITSafe: a framework against Just-in-time spraying attacks.
Ping Chen, Rui Wu, and Bing Mao.
IET Information Security 7(4).
2013
April
DroidAlarm: an all-sided static analysis tool for Android privilege-escalation malware.
Yibing Zhongyang, Zhi Xin, Bing Mao, and Li Xie.
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security.
2012
December
Replacement attacks: automatically evading behavior-based software birthmark.
Zhi Xin, Huiyu Chen, Xinche Wang, Peng Liu, Sencun Zhu, Bing Mao, and Li Xie.
International Journal of Information Security 11(5).
2012
August
Rim: A method to defend from jit spraying attack.
Rui Wu, Ping Chen, Bing Mao, and Li Xie.
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on.
2012
June
Randhyp: preventing attacks via xen hypercall interface.
Feifei Wang, Ping Chen, Bing Mao, and Li Xie.
IFIP International Information Security Conference.
2012
May
Clouder: a framework for automatic software vulnerability location and patching in the cloud.
Ping Chen, Dongyan Xu, and Bing Mao.
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security.
2011
October
Replacement attacks on behavior based software birthmark.
Zhi Xin, Huiyu Chen, Xinche Wang, Peng Liu, Sencun Zhu, Bing Mao, and Li Xie.
International Conference on Information Security.
2011
June
JITDefender: A defense against JIT spraying attacks.
Ping Chen, Yi Fang, Bing Mao, and Li Xie.
IFIP International Information Security Conference.
2011
March
Automatic construction of jump-oriented programming shellcode (on the x86).
Ping Chen, Xiao Xing, Bing Mao, Li Xie, Xiaobin Shen, and Xinchun Yin.
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security.
2010
December
Efficient detection of the return-oriented programming malicious code.
Ping Chen, Xiao Xing, Hao Han, Bing Mao, and Li Xie.
International Conference on Information Systems Security.
2010
December
Return-oriented rootkit without returns (on the x86).
Ping Chen, Xiao Xing, Bing Mao, and Li Xie.
International Conference on Information and Communications Security.
2009
December
IntFinder: Automatically detecting integer bugs in x86 binary program.
Ping Chen, Hao Han, Yi Wang, Xiaobin Shen, Xinchun Yin, Bing Mao, and Li Xie.
International Conference on Information and Communications Security.
2009
June
TMAC: Taint-Based Memory Protection via Access Control.
Lei Wang, Chen Fang, Bing Mao, and Li Xie.
2009 Second International Conference on Dependability.
2009
March
Brick: A binary tool for run-time detecting and locating integer-based vulnerability.
Ping Chen, Yi Wang, Zhi Xin, Bing Mao, and Li Xie.
Availability, Reliability and Security, 2009. ARES'09. International Conference on.
2009
March
Traffic controller: A practical approach to block network covert timing channel.
Yi Wang, Ping Chen, Yi Ge, Bing Mao, and Li Xie.
Availability, Reliability and Security, 2009. ARES'09. International Conference on.
2007
June
Using BufferGuard to Defend Against Buffer Overflow Attacks.
Wang Yi, Mao Bing, and Xie Li.
IEEE/IFIP International Conference on Dependable Systems and Networks(DSN 07).
2007
March
AutoPaG: towards automated software patch generation with source code root cause identification and repair.
Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, Bing Mao, and Li Xie.
Proceedings of the 2nd ACM symposium on Information, computer and communications security.
2006
December
Efficient and practical control flow monitoring for program security.
Nai Xia, Bing Mao, Qingkai Zeng, and Li Xie.
Annual Asian Computing Science Conference.
2006
September
Transparent run-time prevention of format-string attacks via dynamic taint and flexible validation.
Zhiqiang Lin, Nai Xia, Guole Li, Bing Mao, and Li Xie.
International Conference on Information Security.
2006
June
LibsafeXP: a practical and transparent tool for run-time buffer overflow preventions.
Zhiqiang Lin, Bing Mao, and Li Xie.
Information Assurance Workshop, 2006 IEEE.
2006
April
A practical framework for dynamically immunizing software security vulnerabilities.
Zhiqiang Lin, Bing Mao, and Li Xie.
Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on.
2005
December
A policy flexible architecture for secure operating system.
Zhiqiang Lin, Chao Wang, Bing Mao, and Li Xie.
ACM SIGOPS Operating Systems Review 39(3).
2004
November
The design and implementation of a runtime system for graph-oriented parallel and distributed programming.
Jiannong Cao, Ying Liu, Li Xie, Bing Mao, and Kang Zhang.
Journal of Systems and Software 72(3).
2000
December
Portable runtime support for graph-oriented parallel and distributed programming.
Jiannong Cao, Y Liu, Li Xie, B Mao, and K Zhang.
Parallel Architectures, Algorithms and Networks, 2000. I-SPAN 2000. Proceedings. International Symposium on.
1997
November
An object-based model for p prototyping user interfaces of cooperative systems.
Mao Bing and Xie Li.
ACM SIGSOFT Software Engineering Notes 22(2).