复旦大学-系统软件与安全实验室

论文发表：Security

[USENIX Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

Authors:
Zhang Xin; Zhang Xiaohan; Zhao Bo; Nan Yuhong; Liu Zhichen; Chen Jianzhou; Zhou Huijun; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025] Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers

Authors:
Lian Keke; Zhang Lei; Zhao Haoran; Cao Yinzhi; Liu Yongheng; Sun Fute; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025]Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation

Authors:
Huang Xinyou; Zhang Lei; Liu Yongheng; Deng Peng; Cao Yinzhi; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025]Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection

Authors:
Lin Zihan; Zhang Yuan; Dai Jiarun; Huang Xinyou; Xiang Bocheng; Yang Guangliang; Yuan Letian; Zhang Lei; Liu Fengyu; Chen Tian; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[USENIX Security 2025]ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains

Authors:
Deng Peng; Zhang Lei; Meng Yuchuan; Yang Zhemin; Zhang Yuan; Yang Min

Publication:
This paper is included in proceedings of the 34th USENIX Security Symposium (USENIX Security 2025)

[Security 2023] Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps

Authors:
Shuai Li, Zhemin Yang,Guangliang Yang, Hange Zhang, Nan Hua, Yurui Huang, Min Yang

Publication:
This paper is included in the Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023.

[Security 2023] Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation

Authors:
Yifan Yan, Xudong Pan, Mi Zhang, and Min Yang, Fudan University

Publication:
This paper is included in the Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023.

[Security 2023] Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs

Authors:
Yudi Zhao, Yuan Zhang and Min Yang

Publication:
This paper is included in the Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023.

[Security 2023] Exorcising ''Wraith'': Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks

Authors:
Qifan Xiao，Xudong Pan，Yifan Lu，Mi Zhang，Jiarun Dai，Min Yang

Publication:
This paper is included in the Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023.

[Security 2022 Distinguished Paper Award] Identity Confusion in WebView-based Mobile App-in-app Ecosystems

Authors:
Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, Min Yang

Publication:
This paper is included in the Proceedings of the 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022.

[Security 2022] Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation

Authors:
Xudong Pan，Mi Zhang，Beina Sheng，Jiaming Zhu，Min Yang

Publication:
This paper is included in the Proceedings of the 31st USENIX Security Symposium (USENIX Security), August 10-12, 2022.

[Security 2022] Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches

Authors:
Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Yinzhi Cao, Ziwen Wang, Yudi Zhao, Zongan Huang, Min Yang

Publication:
This paper is included in the Proceedings of the 31st USENIX Security Symposium (USENIX Security), August 10-12, 2022.

[Security 2022] Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths

Authors:
Shunfan Zhou, Zhemin Yang, Dan Qiao, Peng Liu, Min Yang, Zhe Wang, Chenggang Wu

Publication:
This paper is included in the Proceedings of the 31st USENIX Security Symposium, August 10–12, 2022.

[Security 2018] Who is answering my queries: Understanding and characterizing interception of the DNS resolution path

Authors:
Baojun Liu , Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao and Min Yang

Publication:
This paper is included in the Proceedings of the 27th USENIX Security Symposium, August 15–17, 2018

[Security 2018] We Still Don' t Have Secure Cross-Domain Requests:an Empirical Study of CORS

Authors:
Jianjun Chen ; Jian Jiang; Haixin Duan ; Tao Wan; Shuo Chen; Vern Paxson; Min Yang

Publication:
This paper is included in the Proceedings of the 27th USENIX Security Symposium, August 15–17, 2018

[Security 2018] An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications

Authors:
Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang, Xiaofeng Wang, Long Lu, and Haixin Duan

Publication:
This paper is included in the Proceedings of the 27th USENIX Security Symposium, August 15–17, 2018

[Security 2020] Justinian' s GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent

Authors:
Xudong Pan, Mi Zhang, Duocai Wu, Qifan Xiao, Shouling Ji and Min Yang

Publication:
This paper is included in the Proceedings of the 29th USENIX Security Symposium, August 12–14, 2020

[Security 2020] TEXTSHIELD: Robust Text Classification Based on Multimodal Embedding and Neural Machine Translation

Authors:
Jinfeng Li, Tianyu Du, Shouling Ji, Rong Zhang, Quan Lu, Min Yang, Ting Wang

Publication:
This paper is included in the Proceedings of the 29th USENIX Security Symposium, August 12–14, 2020

[Security 2021] Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking

Authors:
Xin Tan, Yuan Zhang, Xiyu Yang, Kangjie Lu, Min Yang

Publication:
This paper is included in the Proceedings of the 30th USENIX Security Symposium. August 11–13, 2021

[Security 2015]UIpicker: User-input privacy identification in mobile applications

Authors:
Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou, Guofei Gu, and Xiaofeng Wang

Publication:
This paper is included in the Proceedings of the 24th USENIX Security Symposium August 12–14, 2015.

[Security 2020] An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum Ecosystem

Authors:
Shunfan Zhou, Zhemin Yang, Jie Xiang, Yinzhi Cao, Min Yang, Yuan Zhang.

Publication:
This paper is included in the Proceedings of the 29th USENIX Security Symposium. August 12–14, 2020

[Security 2020] BScout: Direct Whole Patch Presence Test for Java Executables

Authors:
Jiarun Dai, Yuan Zhang, Zheyue Jiang, Yingtian Zhou, Junyan Chen, Xinyu Xing, Xiaohan Zhang, Xin Tan, Min Yang, Zhemin Yang.

Publication:
This paper is included in the Proceedings of the 29th USENIX Security Symposium. August 12–14, 2020

系统软件与安全实验室

[USENIX Security 2025]Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

[USENIX Security 2025] Careless Retention and Management: Understanding and Detecting Data Retention Denial-of-Service Vulnerabilities in Java Web Containers

[USENIX Security 2025]Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation

[USENIX Security 2025]Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection

[USENIX Security 2025]ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains

[Security 2023] Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps

[Security 2023] Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation

[Security 2023] Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs

[Security 2023] Exorcising ''Wraith'': Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks

[Security 2022 Distinguished Paper Award] Identity Confusion in WebView-based Mobile App-in-app Ecosystems

[Security 2022] Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation

[Security 2022] Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches

[Security 2022] Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths

[Security 2018] Who is answering my queries: Understanding and characterizing interception of the DNS resolution path

[Security 2018] We Still Don' t Have Secure Cross-Domain Requests:an Empirical Study of CORS

[Security 2018] An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications

[Security 2020] Justinian' s GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent

[Security 2020] TEXTSHIELD: Robust Text Classification Based on Multimodal Embedding and Neural Machine Translation

[Security 2021] Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking

[Security 2015]UIpicker: User-input privacy identification in mobile applications

[Security 2020] An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum Ecosystem

[Security 2020] BScout: Direct Whole Patch Presence Test for Java Executables

会议

年份