复旦大学-系统软件与安全实验室

论文发表：Security

[Security 2025]Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink

Authors:
Wang, Yining; Zhang, Mi; Sun, Junjie; Wang, Chenyue; Yang, Min; Xue, Hui; Tao, Jialing; Duan, Ranjie; Liu, Jiexi

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

Authors:
Zhang, Xin; Zhang, Xiaohan; Zhao, Bo; Nan, Yuhong; Liu, Zhichen; Chen, Jianzhou; Zhou, Huijun; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2025]Beyond Exploit Scanning: A Functional Change-Driven Approach to Remote Software Version Identification

Authors:
Chen, Jinsong; Wu, Mengying; Hong, Geng, An, Baichao ; Liu, Mingxuan; Zhang, Lei; Liu, Baojun; Duan, Haixin; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2025]Pig in a Poke: Automatically Detecting and Exploiting Link Following Vulnerabilities in Windows File Operations

Authors:
Xiang, Bocheng; Zhang, Yuan; Liu, Fengyu; Huang, Hao; Lin, Zihan; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2025]XSSky: Detecting XSS Vulnerabilities through Local Path-Persistent Fuzzing

Authors:
Shi, Youkun; Zhang, Yuan; Bai, Tianhao; Xue, Feng; Dai, Jiarun; Liu, Fengyu; Zhang, Lei; Luo, Xiapu; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2025]Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents

Authors:
Liu, Fengyul Zhang, Yuan; Luo, Jiaqi; Dai, Jiarun; Chen, Tian; Yuan, Letian; Yu, Zhangmin; Shi, Youkun; Li, Ke; Zhou, Chengyuan; Yang, Min

Publication:
This paper is included in Proceedings of the 34th USENIX Security Symposium

[Security 2022]Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis

Authors:
Pan, Xudong; Zhang, Mi; Yan, Yifan; Zhu, Jiaming; Yang, Min

Publication:
This paper is included in proceedings of the 31st USENIX Security Symposium

[USENIX Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

Authors:
Zhang Xin; Zhang Xiaohan; Zhao Bo; Nan Yuhong; Liu Zhichen; Chen Jianzhou; Zhou Huijun; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025] Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers

Authors:
Lian Keke; Zhang Lei; Zhao Haoran; Cao Yinzhi; Liu Yongheng; Sun Fute; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025]Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation

Authors:
Huang Xinyou; Zhang Lei; Liu Yongheng; Deng Peng; Cao Yinzhi; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025]Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection

Authors:
Lin Zihan; Zhang Yuan; Dai Jiarun; Huang Xinyou; Xiang Bocheng; Yang Guangliang; Yuan Letian; Zhang Lei; Liu Fengyu; Chen Tian; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025]ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains

Authors:
Deng Peng; Zhang Lei; Meng Yuchuan; Yang Zhemin; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[Security 2023] Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps

Authors:
Shuai Li, Zhemin Yang,Guangliang Yang, Hange Zhang, Nan Hua, Yurui Huang, Min Yang

Publication:
This paper is included in the Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023.

[Security 2023] Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation

Authors:
Yifan Yan, Xudong Pan, Mi Zhang, and Min Yang, Fudan University

Publication:
This paper is included in the Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023.

[Security 2023] Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs

Authors:
Yudi Zhao, Yuan Zhang and Min Yang

Publication:
This paper is included in the Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023.

[Security 2023] Exorcising ''Wraith'': Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks

Authors:
Qifan Xiao，Xudong Pan，Yifan Lu，Mi Zhang，Jiarun Dai，Min Yang

Publication:
This paper is included in the Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023.

[Security 2022 Distinguished Paper Award] Identity Confusion in WebView-based Mobile App-in-app Ecosystems

Authors:
Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, Min Yang

Publication:
This paper is included in the Proceedings of the 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022.

[Security 2022] Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation

Authors:
Xudong Pan，Mi Zhang，Beina Sheng，Jiaming Zhu，Min Yang

Publication:
This paper is included in the Proceedings of the 31st USENIX Security Symposium (USENIX Security), August 10-12, 2022.

[Security 2022] Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches

Authors:
Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Yinzhi Cao, Ziwen Wang, Yudi Zhao, Zongan Huang, Min Yang

Publication:
This paper is included in the Proceedings of the 31st USENIX Security Symposium (USENIX Security), August 10-12, 2022.

系统软件与安全实验室

[Security 2025]Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink

[Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

[Security 2025]Beyond Exploit Scanning: A Functional Change-Driven Approach to Remote Software Version Identification

[Security 2025]Pig in a Poke: Automatically Detecting and Exploiting Link Following Vulnerabilities in Windows File Operations

[Security 2025]XSSky: Detecting XSS Vulnerabilities through Local Path-Persistent Fuzzing

[Security 2025]Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents

[Security 2022]Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis

[USENIX Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

[USENIX Security 2025] Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers

[USENIX Security 2025]Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation

[USENIX Security 2025]Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection

[USENIX Security 2025]ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains

[Security 2023] Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps

[Security 2023] Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation

[Security 2023] Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs

[Security 2023] Exorcising ''Wraith'': Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks

[Security 2022 Distinguished Paper Award] Identity Confusion in WebView-based Mobile App-in-app Ecosystems

[Security 2022] Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation

[Security 2022] Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches

[Security 2022] Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths

[Security 2018] Who is answering my queries: Understanding and characterizing interception of the DNS resolution path

[Security 2018] We Still Don' t Have Secure Cross-Domain Requests:an Empirical Study of CORS

[Security 2018] An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications

[Security 2020] Justinian' s GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent

[Security 2020] TEXTSHIELD: Robust Text Classification Based on Multimodal Embedding and Neural Machine Translation

[Security 2021] Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking

[Security 2015]UIpicker: User-input privacy identification in mobile applications

[Security 2020] An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum Ecosystem

[Security 2020] BScout: Direct Whole Patch Presence Test for Java Executables

安全四大论文统计

安全

软工

AI

其他

年份