复旦大学-系统软件与安全实验室

论文发表：2025

[SaTS 2025]Fast Play, Fast Profit: Unveiling the Prevalence of Aggressive Ad Behaviors in Mini-Game

Authors:
Chen, Pei; Hong, Geng; Qin, Yicheng; Wang, Huazhe; Wu, Mengying; Zhang, Yuan; Yang, Min; Zhao, Ziru; Zhu, Yuanpeng; Su, Tao

Publication:
This paper is included in ACM Workshop on Security and Privacy of AI-Empowered Mobile Super Apps

[CCS 2025]Be Aware of What You Let Pass: Demystifying URL-based Authentication Bypass Vulnerability in Java Web Applications

Authors:
Zhang, Qiyi; Liu, Fengyu; Lin, Zihan; Zhang, Yuan

Publication:
This paper is included in Proceedings of the 32nd ACM Conference on Computer and Communications Security

[ASE 2025]Security Debt in LLM Agent Applications: A Measurement Study of Vulnerabilities and Mitigation Trade-offs

Authors:
Shen Zhuoxiang; Dai, Jiarun; Zhang, Yuan; Yang, Min

Publication:
This paper is included in the 40th IEEE/ACM International Conference on Automated Software Engineering

[Security 2025]Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink

Authors:
Wang, Yining; Zhang, Mi; Sun, Junjie; Wang, Chenyue; Yang, Min; Xue, Hui; Tao, Jialing; Duan, Ranjie; Liu, Jiexi

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[VehicleSec 2025]APSFUZZ: Simulation-Based Fuzzing Testing for Automated Parking Systems

Authors:
Bu, Tong; Dai, Jiarun; Luo, Jiaqi; Peng, Songyang; Huang, Zongan; Yang, Min

Publication:
This paper is included in the 3rd USENIX Symposium on Vehicle Security and Privacy

[CCS 2025]BACScan: Automatic Black-Box Detection of Broken-Access-Control Vulnerabilities in Web Applications

Authors:
Liu, Fengyu; Zhang, Yuan; Li, Enhao; Meng, Wei; Shi, Youkun; Wang, Qianheng; Wang, Chenlin; Lin, Zihan; Yang, Min

Publication:
This paper is included in Proceedings of the 32nd ACM Conference on Computer and Communications Security

[TIFS 2025]Locating Security Patch Variants with Two-Dimensional Code Commit Features

Authors:
Wang, Lin; Zhang, Yuan; Chen, Xiaoting; Yang, Min

Publication:
This paper is included in IEEE Transactions on Information Forensics and Security

[WWW 2025]Revisiting Backdoor Attacks on Time Series Classification in the Frequency Domain

Authors:
Huang, Yuanmin; Zhang, Mi; Wamg, Zhaoxiang; Li, Wenxuan; Yang, Min

Publication:
This paper is included in the 2025 ACM Web Conference

[S&P 2025]HouseFuzz: Service-Aware Grey-Box Fuzzing for Vulnerability Detection in Linux-Based Firmware

Authors:
Xiao, Haoyu; Wei, Ziqi; Dai, Jiarun; Li, Bowen; Zhang, Yuan; Yang, Min

Publication:
This paper is included in Proceedings of the 46th IEEE Symposium on Security and Privacy

[S&P 2025]Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications

Authors:
Liu, Fengyu; Zhang, Yuan; Chen, Tian; Shi, Youkun; Yang, Guangliang; Lin, Zihan; Yang, Min; He, Junyao; Li, Qi

Publication:
This paper is included in Proceedings of the 46th IEEE Symposium on Security and Privacy

[FSE 2025]CXXCrafter: An LLM-Based Agent for Automated C/C++ Open Source Software Building

Authors:
Yu, Zhengmin; Zhang, Yuan; Wen, Ming; Nie, Yinan; Zhang, Wenhui; Yang, Min

Publication:
This paper is included in Proceedings of ACM International Conference on the Foundations of Software Engineering

[CVPR 2025]Detect-and-Guide: Self-regulation of Diffusion Models for Safe Text-to-Image Generation via Guideline Token Optimization

Authors:
Li, Feifei; Zhang, Mi; Sun, Yiming; Yang, Min

Publication:
This paper is included in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2025

[ICML 2025]InfoCons: Identifying Interpretable Critical Concepts in Point Clouds via Information Theory

Authors:
Li, Feifei; Zhang, Mi; Wang, Zhaoxiang; Yang, Min

Publication:
This paper is included in the 42nd International Conference on Machine Learning

[Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

Authors:
Zhang, Xin; Zhang, Xiaohan; Zhao, Bo; Nan, Yuhong; Liu, Zhichen; Chen, Jianzhou; Zhou, Huijun; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2025]Beyond Exploit Scanning: A Functional Change-Driven Approach to Remote Software Version Identification

Authors:
Chen, Jinsong; Wu, Mengying; Hong, Geng, An, Baichao ; Liu, Mingxuan; Zhang, Lei; Liu, Baojun; Duan, Haixin; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2025]Pig in a Poke: Automatically Detecting and Exploiting Link Following Vulnerabilities in Windows File Operations

Authors:
Xiang, Bocheng; Zhang, Yuan; Liu, Fengyu; Huang, Hao; Lin, Zihan; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2025]XSSky: Detecting XSS Vulnerabilities through Local Path-Persistent Fuzzing

Authors:
Shi, Youkun; Zhang, Yuan; Bai, Tianhao; Xue, Feng; Dai, Jiarun; Liu, Fengyu; Zhang, Lei; Luo, Xiapu; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2025]Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents

Authors:
Liu, Fengyul Zhang, Yuan; Luo, Jiaqi; Dai, Jiarun; Chen, Tian; Yuan, Letian; Yu, Zhangmin; Shi, Youkun; Li, Ke; Zhou, Chengyuan; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[NDSS 2025]The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps

Authors:
Shi Yizhe; Yang Zhemin; Zhong Kangwei; Yang Guangliang; Yang Yifan; Zhang Xiaohan; Yang Min

Publication:
This paper is included in in proceedings of the 32nd Network and Distributed System Security Symposium (NDSS 2025)

[NDSS 2025]An Empirical Study on Fingerprint API Misuse with Lifecycle Analysis in Real-world Android Apps

Authors:
Zhang Xin; Zhang Xiaohan; Liu Zhichen; Zhao Bo; Yang Zhemin; Yang Min

Publication:
This paper is included in proceedings of the 32nd Network and Distributed System Security Symposium (NDSS 2025)

[USENIX Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

Authors:
Zhang Xin; Zhang Xiaohan; Zhao Bo; Nan Yuhong; Liu Zhichen; Chen Jianzhou; Zhou Huijun; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[NDSS 2025]Revealing the black box of device search engine: scanning assets, strategies, and ethical consideration

Authors:
Wu Mengying; Hong Geng; Chen Jinsong; Liu Qi; Tang Shujun; L, Youhao; Liu Baojun; Duan Haixin; Yang Min

Publication:
This paper is included in proceedings of the 32nd Network and Distributed System Security Symposium (NDSS 2025)

[ICSE 2025]Exposing the Hidden Layer: Software Repositories in the Service of SEO Manipulation

Authors:
Wu, Mengying; Hong, Geng; Mai, Wuyuao; Wu, Xinyi; Zhang, Lei; Pu, Yingyuan; Chai, Huajun; Ying, Lingyun; Duan, Haixin; Yang, Min

Publication:
This paper is included in proceedings of the 47th IEEE/ACM International Conference on Software Engineering

[USENIX Security 2025] Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers

Authors:
Lian Keke; Zhang Lei; Zhao Haoran; Cao Yinzhi; Liu Yongheng; Sun Fute; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025]Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation

Authors:
Huang Xinyou; Zhang Lei; Liu Yongheng; Deng Peng; Cao Yinzhi; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

系统软件与安全实验室

[SaTS 2025]Fast Play, Fast Profit: Unveiling the Prevalence of Aggressive Ad Behaviors in Mini-Game

[CCS 2025]Be Aware of What You Let Pass: Demystifying URL-based Authentication Bypass Vulnerability in Java Web Applications

[ASE 2025]Security Debt in LLM Agent Applications: A Measurement Study of Vulnerabilities and Mitigation Trade-offs

[Security 2025]Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink

[VehicleSec 2025]APSFUZZ: Simulation-Based Fuzzing Testing for Automated Parking Systems

[CCS 2025]BACScan: Automatic Black-Box Detection of Broken-Access-Control Vulnerabilities in Web Applications

[TIFS 2025]Locating Security Patch Variants with Two-Dimensional Code Commit Features

[WWW 2025]Revisiting Backdoor Attacks on Time Series Classification in the Frequency Domain

[S&P 2025]HouseFuzz: Service-Aware Grey-Box Fuzzing for Vulnerability Detection in Linux-Based Firmware

[S&P 2025]Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications

[FSE 2025]CXXCrafter: An LLM-Based Agent for Automated C/C++ Open Source Software Building

[CVPR 2025]Detect-and-Guide: Self-regulation of Diffusion Models for Safe Text-to-Image Generation via Guideline Token Optimization

[ICML 2025]InfoCons: Identifying Interpretable Critical Concepts in Point Clouds via Information Theory

[Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

[Security 2025]Beyond Exploit Scanning: A Functional Change-Driven Approach to Remote Software Version Identification

[Security 2025]Pig in a Poke: Automatically Detecting and Exploiting Link Following Vulnerabilities in Windows File Operations

[Security 2025]XSSky: Detecting XSS Vulnerabilities through Local Path-Persistent Fuzzing

[Security 2025]Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents

[NDSS 2025]The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps

[NDSS 2025]An Empirical Study on Fingerprint API Misuse with Lifecycle Analysis in Real-world Android Apps

[USENIX Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

[NDSS 2025]Revealing the black box of device search engine: scanning assets, strategies, and ethical consideration

[ICSE 2025]Exposing the Hidden Layer: Software Repositories in the Service of SEO Manipulation

[USENIX Security 2025] Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers

[USENIX Security 2025]Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation

[USENIX Security 2025]Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection

[NDSS 2025] Misdirection of Trust: Demystifying the Abuse of Dedicated URL Shortening Service

[WWW 2025]You Can't Eat Your Cake and Have It Too: The Performance Degradation of LLMs with Jailbreak Defense

[S&P 2025] EPScan: Automated Detection of Excessive RBAC Permissions in Kubernetes Applications

[S&P 2025] MOCGuard: Automatically Detecting Missing-Owner-Check Vulnerabilities in Java Web Applications

[USENIX Security 2025]ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains

安全四大论文统计

安全

软工

AI

其他

年份