Academic Papers

2025

• My Model is Malware to You: Transforming AI Models into Malware by Abusing TensorFlow APIs
  Ruofan Zhu, Ganhao Chen, Wenbo Shen, Xiaofei Xie, Rui Chang
  IEEE Symposium on Security and Privacy 25 [[PDF]]

2024

• CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon
  Jiaxun Zhu, Minghao Lin, Tingting Yin, Zechao Cai, Yu Wang, Rui Chang, Wenbo Shen
  ACM CCS 24 [PDF]

• Interp-flow Hijacking: Launching Non-control Data Attack via Hijacking eBPF Interpretation Flow
  Qirui Liu, Wenbo Shen, Jinmeng Zhou, Zhuoruo Zhang, Jiayi Hu, Shukai Ni, Kangjie Lu and Rui Chang
  ESORICS 24 [PDF] Distinguished Paper Award (1/535)

• DMAAUTH: A Lightweight Pointer Integrity-based Secure Architecture to Defeat DMA Attacks
  Xingkai Wang, Wenbo Shen, Yujie Bu, Jinmeng Zhou, Yajin Zhou
  USENIX Security Symposium 24 [PDF]

• LightZone: Lightweight Hardware-Assisted In-Process Isolation for ARM64
  Ziqi Yuan, Siyu Hong, Ruorong Guo, Rui Chang, Mingyu Gao, Wenbo Shen, Yajin Zhou
  Middleware 24 [PDF]

• PageJack: A Powerful Exploit Technique With Page-Level UAF
  Jiayi Hu, Zhiyun Qian, Jinmeng Zhou, Qi Tang, Wenbo Shen
  Black Hat USA 24 [PDF]

• A novel page-UAF exploit strategy
  Jinmeng Zhou, Jiayi Hu, Wenbo Shen, Zhiyun Qian
  Phrack Magazine [Link]

• Automated Data Binding Vulnerability Detection for Java Web Frameworks via Nested Property Graph
  Xiaoyong Yan, Biao He, Wenbo Shen, Yu Ouyang, Kaihang Zhou, Xingjian Zhang, Xingyu Wang, Yukai Cao, Rui Chang
  ISSTA 24[PDF]

• Bugs in Pods: Understanding Bugs in Container Runtime Systems
  Jiongchi Yu, Xiaofei Xie, Cen Zhang, Sen Chen, Yuekang Li, Wenbo Shen
  ISSTA 24[PDF]

• Atlas: Automating Cross-Language Fuzzing on Android Closed-Source Libraries
  Hao Xiong, Qinming Dai, Rui Chang, Mingran Qiu, Renxiang Wang, Wenbo Shen, Yajin Zhou
  ISSTA 24[PDF]

• ModuleGuard: Understanding and Detecting Module Conflicts in Python Ecosystem
  Ruofan Zhu, Xingyu Wang, Chengwei Liu, Zhengzi Xu, Wenbo Shen, Rui Chang, Yang Liu
  ICSE 24 [PDF]

• Demystifying Compiler Unstable Feature Usage and Impacts in the Rust Ecosystem
  Chenghao Li, Yifei Wu, Wenbo Shen, Zichen Zhao, Rui Chang, Chengwei Liu, Yang Liu, Kui Ren
  ICSE 24 [PDF]

• Towards Understanding and Defeating Abstract Resource Attacks for Container Platforms
  Wenbo Shen, Yifei Wu, Yutian Yang, Qirui Liu, Nanzi Yang, Jinku Li, Kangjie Lu, Jianfeng Ma
  TDSC [PDF]

• The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its Defense
  Xiao Han, Junjie Xiong, Wenbo Shen, Mingkui Wei,Shangqing Zhao, Zhuo Lu, Yao Liu
  TDSC [PDF]

2023

• kCPA: Towards Sensitive Pointer Full Life Cycle Authentication for OS Kernels
  Yutian Yang, Jinjiang Tu, Wenbo Shen, Songbo Zhu, Rui Chang, and Yajin Zhou
  Transactions on Dependable and Secure Computing (TDSC) [PDF]

• Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications
  Nanzi Yang, Wenbo Shen, Jinku Li, Xunqi Liu, Xin Guo, Jianfeng Ma
  ACM CCS 23 [PDF]

• Travelling the Hypervisor and SSD: A Tag-Based Approach Against Crypto Ransomware with Fine-Grained Data Recovery
  Boyang Ma, Yilin Yang, Jinku Li, Fengwei Zhang, Wenbo Shen, Yajin Zhou, Jianfeng Ma
  ACM CCS 23 [PDF]

• A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel
  Guoren Li, Hang Zhang, Jinmeng Zhou, Wenbo Shen, Yulei Sui, Zhiyun Qian
  USENIX Security Symposium 23 [PDF]

• Demystifying Pointer Authentication on Apple M1
  Zechao Cai, Jiaxun Zhu, Wenbo Shen, Yutian Yang, Rui Chang, Yu Wang, Jinku Li, Kui Ren
  USENIX Security Symposium 23 [PDF]

• Apple PAC, Four Years Later: Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1
  Zechao Cai, Jiaxun Zhu, Yutian Yang, Wenbo Shen, Yu Wang
  Black Hat USA 23 [PDF]

• Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
  Jietao Xiao, Nanzi Yang, Wenbo Shen, Jinku Li, Xin Guo, Zhiqiang Dong, Fei Xie, Jianfeng Ma
  USENIX Security Symposium 23 [PDF]

• Ambush from All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines
  Ziyue Pan, Wenbo Shen, Xingkai Wang, Yutian Yang, Rui Chang, Yao Liu, Chengwei Liu, Yang Liu, Kui Ren
  Transactions on Dependable and Secure Computing (TDSC) [PDF]

• VDom: Fast and Unlimited Virtual Domains on Multiple Architectures
  Ziqi Yuan, Siyu Hong, Rui Chang, Yajin Zhou, Wenbo Shen, Kui Ren
  ASPLOS 23 [PDF]

• 面向Java语言生态的软件供应链安全分析技术
  毛天宇，王星宇，常瑞，申文博，任奎
  软件学报[PDF]

2022

• Location Heartbleeding: The Rise of Wi-Fi Spoofing Attack Via Geolocation API
  Xiao Han, Junjie Xiong, Wenbo Shen, Zhuo Lu, Yao Liu
  ACM CCS 22 [PDF]

• Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms
  Yutian Yang, Wenbo Shen, Xun Xie, Kangjie Lu, Mingsen Wang, Tianyu Zhou, Chenggang Qin, Wang Yu, Kui Ren
  ACSAC 22[PDF] Distinguished Paper Award (3/303)

• Automatic Permission Check Analysis for Linux Kernel
  Jinmeng Zhou, Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed Azab, Ruowen Wang, Peng Ning, Kui Ren
  Transactions on Dependable and Secure Computing (TDSC) [PDF]

• RegVault: Hardware Assisted Selective Data Randomization for Operating System Kernels
  Jinyan Xu, Haoran Lin, Ziqi Yuan, Wenbo Shen, Yajin Zhou, Rui Chang, Lei Wu, Kui Ren
  In Design Automation Conference (DAC 2022) [PDF]

• OPEC: Operation-based Security Isolation for Bare-metal Embedded Systems
  Xia Zhou, Jiaqi Li, Wenlong Zhang, Yajin Zhou, Wenbo Shen, Kui Ren
  In European Conference on Computer Systems (EuroSys 2022) [PDF]

2021

• Security Challenges in the Container Cloud
  Yutian Yang, Wenbo Shen, Bonan Ruan, Wenmao Liu, Kui Ren
  IEEE TPS 21 [PDF]
• Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization
  Nanzi Yang, Wenbo Shen, Jinku Li, Yutian Yang, Kangjie Lu, Jietao Xiao, Tianyu Zhou, Chenggang Qin, Wang Yu, Jianfeng Ma, Kui Ren
  ACM CCS 21 [PDF]
• FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution
  Qiang Liu, Cen Zhang, Lin Ma, Muhui Jiang, Yajin Zhou, Lei Wu, Wenbo Shen, Xiapu Luo, Yang Liu, Kui Ren
  In ASE 2021 [PDF]
• Practical Struct-Field based Forward-Edge Control-Flow Integrity for Kernel
  Jinmeng Zhou, Wenbo Shen, Xun Xie, Jiadong Sun, Kui Ren
  In AsiaCCS 21 [Poster] [Full Version]
• Revisiting Challenges for Selective Data Protection of Real Applications
  Lin Ma, Jinyan Xu, Jiadong Sun, Yajin Zhou, Xun Xie, Wenbo Shen, Rui Chang, Kui Ren
  In ApSys 21 [PDF]
• KALD: Detecting Direct Pointer Disclosure Vulnerabilities
  Brian Belleville, Wenbo Shen, Stijn Volckaert, Ahmed M. Azab, and Michael Franz
  In the Transactions on Dependable and Secure Computing (TDSC) [PDF]

2020 and before

• ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels
  Yutian Yang, Songbo Zhu, Wenbo Shen, Yajin Zhou, Jiadong Sun, Kui Ren
  In arxiv [PDF]
• Docker 组件间标准输入输出复制的 DoS 攻击分析
  周天昱，申文博，杨男子，李金库，秦承刚，喻望
  网络与信息安全学报 2020 [PDF]

• PESC: A Per System-Call Stack Canary Design for Linux Kernel
  Jiadong Sun, Xia Zhou, Wenbo Shen, Yajin Zhou, Kui Ren
  In CODASPY 20 [PDF]

• PeX: A Permission Check Analysis Framework for Linux Kernel
  Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed Azab, Ruowen Wang
  In USENIX Security 19 [PDF]
• PTrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
  Yaohui Chen, Dongliang Mu, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, Bing Mao
  In AsiaCCS 19 [PDF]

• Trustworthy Authentication for IoT with Human-and-Environment-in-the-Loop
  Jinsong Han, Feng Lin, Wenbo Shen, Kui Ren
  In SocialSens@CPSIoTWeek

• Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64
  Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed M. Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen
  In the IEEE Symposium on Security and Privacy (S&P’17), 2017 [PDF]

• SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android
  Ruowen Wang, Ahmed M. Azab, William Enck, Ninghui Li, Peng Ning, Xun Chen, Wenbo Shen, Yueqiang Cheng
  ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 [PDF] Distinguished Paper Award

• SKEE: A lightweight Secure Kernel-level Execution Environment for ARM
  Ahmed Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang and Peng Ning
  Network and Distributed System Security Symposium (NDSS), 2016 [PDF] Distinguished Paper Award

• Towards Proper Guard Zones for Link Signature
  Xiaofan He, Huaiyu Dai, Wenbo Shen, Peng Ning, Rudra Dutta
  IEEE Transactions on Wireless Communications, 2016 [PDF]

• Virtual Multipath Attack and Defense for Location Distinction in Wireless Networks
  Song Fang, Yao Liu, Wenbo Shen, Haojin Zhu, and Tao Wang
  IEEE Transactions on Mobile Computing (TMC), 2017 [PDF]

• No Time to Demodulate: Fast Physical Layer Verification of Friendly Jamming
  Wenbo Shen, Yao Liu, Xiaofan He, Huaiyu Dai, and Peng Ning
  International conference for military communications (MILCOM) 2015, [PDF]

• Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World
  Ahmed Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, Wenbo Shen
  In ACM Conference on Computer and Communications Security (CCS), 2014 [PDF]

• The Security of Link Signature: A View from Channel Models
  Xiaofan He, Huaiyu Dai, Yufan Huang, Dong Wang, Wenbo Shen, and Peng Ning
  In 2014 IEEE Conference on Communications and Network Security Workshop on Physical-layer Methods for Wireless Security, [PDF]

• MCR Decoding: A MIMO Approach for Defending Against Wireless Jamming Attacks
  Wenbo Shen, Peng Ning, Xiaofan He, Huaiyu Dai, and Yao Liu
  In 2014 IEEE Conference on Communications and Network Security Workshop on Physical-layer Methods for Wireless Security, 2014 [PDF]

• An Open Source Web-Mapping System for Tourism Planning and Marketing
  Stacy Supak, Hugh Devine, Gene Brothers, Samantha Rich and Wenbo Shen
  The Journal of Travel and Tourism Marketing, 2014

• Where Are You From? Confusing Location Distinction Using Virtual Multipath Camouflage
  Song Fang, Yao Liu, Wenbo Shen, and Haojin Zhu
  In Annual International Conference on Mobile Computing and Networking (MobiCom’14), 2014, [PDF]

• Is Link Signature Dependable for Wireless Security?
  Xiaofan He, Huaiyu Dai, Wenbo Shen, and Peng Ning
  In IEEE International Conference on Computer Communications (INFOCOM) Mini-Conference, 2013 [PDF]

• Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time
  Wenbo Shen, Peng Ning, Xiaofan He, and Huaiyu Dai
  In the IEEE Symposium on Security and Privacy (S&P ‘13), San Francisco, CA, 2013 [PDF]

Patents

• Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation, US 2017/0140148, 2017 [PDF]
• Apparatus and method for protection of critical embedded system components via hardware-isolated secure element-based monitor，US 2017/0098070, 2017 [[PDF]
• Apparatus and method for transparent, secure element-based mediation of on-board diagnostic operations，US 2017/0041290 A1, 2017 [PDF]
• Methods and apparatus to enable runtime checksum verification of block device images，US 2016/0092701, 2016 [PDF]