System Security Lab

Department of Information Engineering, The Chinese University of Hong Kong

Publications

  1. Xiaolong Bai, Zhe Zhou, XiaoFeng Wang, Zhou Li, Xianghang Mi, Nan Zhang, Tongxin Li, Shi-Min Hu, and Kehuan Zhang. Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment. The 26th USENIX Security Symposium (Security’17), Vancouver, BC, Canada. August, 2017.

  2. Zhe Zhou, Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang, and Rui Liu. Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU. The 17th Privacy Enhancing Technologies Symposium (PETS’17), Minneapolis, MN, USA. July 2017.

  3. Zhe Zhou, Zhou Li, Kehuan Zhang. All Your VMs are Disconnected: Attacking Hardware Virtualized Network. Accepted. The 7th ACM Conference on Data and Application Security and Privacy (CODASPY’17). Scottsdale, AZ, USA. March, 2017,

  4. Yannan Liu, Lingxiao Wei, Zhe Zhou, Kehuan Zhang, Wenyuan Xu, and Qiang Xu. On Code Execution Tracking via Power Side-Channel. The 23rd ACM Conference on Computer and Communication Security (CCS’16), Vienna, Austria. October 2016.

  5. Kun Du, Hao Yang, Zhou Li, Haixin Duan, and Kehuan Zhang. The Ever-changing Labyrinth: A Large-scale Analysis of Wildcard DNS Powered Blackhat SEO. The 25th USENIX Security Symposium (Security’16), Austin, TX, USA. August 2016.

  6. Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. Evading Android Runtime Analysis Through Detecting Programmed Interactions. The 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’16), Darmstadt, Germany. July 2016.

  7. Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. The 37th IEEE Symposium on Security and Privacy (IEEE S&P’16), San Jose, CA, USA. May 2016.

  8. Zhe Zhou, Tao Zhang, Sherman S.M. Chow, Yupeng Zhang, and Kehuan Zhang. Efficient Authenticated Multi-Pattern Matching. The 2016 ACM Asia Conference on Computer and Communications Security (ASIACCS’16), Xi'an, Shanxi, China, May 2016.

  9. Yang Ronghai, Guanchen Li, Wing Cheong Lau, Kehuan Zhang, and Pili Hu. Model-based Security Testing: an Empirical Study on OAuth 2.0 Implementations. The 2016 ACM Asia Conference on Computer and Communications Security (ASIACCS’16), Xi'an, Shanxi, China, May 2016.

  10. Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. When Good Becomes Evil: Keystroke Inference with Smartwatch. The 22nd ACM Conference on Computer and Communications Security (CCS’15), Denver, CO, USA. October 2015.

  11. Rui Liu, Jiannong Cao, Lei Yang, and Kehuan Zhang. PriWe: Recommendation for Privacy Settings of Mobile Apps Based on Crowdsourced Users’ Expectations. The 4th IEEE International Conference on Mobile Services (IEEE MS’15), New York, USA, June 2015.

  12. Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang, and Zhou Li. Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections. The 20th European Symposium on Research in Computer Security (ESORICS’15), Vienna, Austria. September 2015.

  13. Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. An Empirical Study on Android for Saving Non-shared Data on Public Storage. The 30th IFIP International Information Security and Privacy Conference (IFIP SEC’15), Hamburg, Germany. May 2015.

  14. Wenrui Diao, Xiangyu Liu, Zhe Zhou, and Kehuan Zhang. Your Voice Assistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone. The 4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’14), Scottsdale, AZ, USA. November 2014.

  15. Zhe Zhou, Wenrui Diao, Xiangyu Liu, and Kehuan Zhang. Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. The 21st ACM Conference on Computer and Communications Security (CCS’14), Scottsdale, AZ, USA. November 2014.