复旦大学-系统软件与安全实验室

论文发表：2025

[NDSS 2025]The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps

Authors:
Shi Yizhe; Yang Zhemin; Zhong Kangwei; Yang Guangliang; Yang Yifan; Zhang Xiaohan; Yang Min

Publication:
This paper is included in in proceedings of the 32nd Network and Distributed System Security Symposium (NDSS 2025)

[NDSS 2025]An Empirical Study on Fingerprint API Misuse with Lifecycle Analysis in Real-world Android Apps

Authors:
Zhang Xin; Zhang Xiaohan; Liu Zhichen; Zhao Bo; Yang Zhemin; Yang Min

Publication:
This paper is included in proceedings of the 32nd Network and Distributed System Security Symposium (NDSS 2025)

[USENIX Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

Authors:
Zhang Xin; Zhang Xiaohan; Zhao Bo; Nan Yuhong; Liu Zhichen; Chen Jianzhou; Zhou Huijun; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[NDSS 2025]Revealing the black box of device search engine: scanning assets, strategies, and ethical consideration

Authors:
Wu Mengying; Hong Geng; Chen Jinsong; Liu Qi; Tang Shujun; L, Youhao; Liu Baojun; Duan Haixin; Yang Min

Publication:
This paper is included in proceedings of the 32nd Network and Distributed System Security Symposium (NDSS 2025)

[ICSE 2025]Exposing the Hidden Layer: Software Repositories in the Service of SEO Manipulation

Authors:
Wu, Mengying; Hong, Geng; Mai, Wuyuao; Wu, Xinyi; Zhang, Lei; Pu, Yingyuan; Chai, Huajun; Ying, Lingyun; Duan, Haixin; Yang, Min

Publication:
This paper is included in proceedings of the 47th IEEE/ACM International Conference on Software Engineering

[USENIX Security 2025] Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers

Authors:
Lian Keke; Zhang Lei; Zhao Haoran; Cao Yinzhi; Liu Yongheng; Sun Fute; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025]Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation

Authors:
Huang Xinyou; Zhang Lei; Liu Yongheng; Deng Peng; Cao Yinzhi; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025]Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection

Authors:
Lin Zihan; Zhang Yuan; Dai Jiarun; Huang Xinyou; Xiang Bocheng; Yang Guangliang; Yuan Letian; Zhang Lei; Liu Fengyu; Chen Tian; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[NDSS 2025] Misdirection of Trust: Demystifying the Abuse of Dedicated URL Shortening Service

Authors:
Zhang Zhibo; Zhang Lei; Zhang Zhangyue; Hong Geng; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 32nd Network and Distributed System Security Symposium (NDSS 2025)

[WWW 2025]You Can't Eat Your Cake and Have It Too: The Performance Degradation of LLMs with Jailbreak Defense

Authors:
Mai Wuyuao; Hong Geng; Chen Pei; Pan Xudong; Liu Baojun; Zhang Yuan; Duan Haixin; Yang Min

Publication:
This paper is included in proceedings of the 34th ACM Web Conference (WWW 2025)

[S&P 2025] EPScan: Automated Detection of Excessive RBAC Permissions in Kubernetes Applications

Authors:
Zhang Zhibo; Zhang Lei; Zhang Zhangyue; Hong Geng; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 32nd Network and Distributed System Security Symposium (NDSS 2025)

[S&P 2025] MOCGuard: Automatically Detecting Missing-Owner-Check Vulnerabilities in Java Web Applications

Authors:
Liu Fengyu; Shi Youkun; Zhang Yuan; Yang Guangliang; Li Enhao; Yang Min

Publication:
This paper is included in proceedings of the 46th IEEE Symposium on Security and Privacy (S&P 2025)

[USENIX Security 2025]ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains

Authors:
Deng Peng; Zhang Lei; Meng Yuchuan; Yang Zhemin; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

系统软件与安全实验室

[NDSS 2025]The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps

[NDSS 2025]An Empirical Study on Fingerprint API Misuse with Lifecycle Analysis in Real-world Android Apps

[USENIX Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

[NDSS 2025]Revealing the black box of device search engine: scanning assets, strategies, and ethical consideration

[ICSE 2025]Exposing the Hidden Layer: Software Repositories in the Service of SEO Manipulation

[USENIX Security 2025] Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers

[USENIX Security 2025]Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation

[USENIX Security 2025]Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection

[NDSS 2025] Misdirection of Trust: Demystifying the Abuse of Dedicated URL Shortening Service

[WWW 2025]You Can't Eat Your Cake and Have It Too: The Performance Degradation of LLMs with Jailbreak Defense

[S&P 2025] EPScan: Automated Detection of Excessive RBAC Permissions in Kubernetes Applications

[S&P 2025] MOCGuard: Automatically Detecting Missing-Owner-Check Vulnerabilities in Java Web Applications

[USENIX Security 2025]ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains

会议

年份