Academic Papers

2023

• Ambush from All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines
  Ziyue Pan, Wenbo Shen, Xingkai Wang, Yutian Yang, Rui Chang, Yao Liu, Chengwei Liu, Yang Liu, Kui Ren
  Transactions on Dependable and Secure Computing (TDSC) [PDF]

• Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
  Jietao Xiao, Nanzi Yang,Wenbo Shen, Jinku Li, Xin Guo, Zhiqiang Dong, Fei Xie, Jianfeng Ma
  USENIX Security 23[PDF]

• VDom: Fast and Unlimited Virtual Domains on Multiple Architectures
  Ziqi Yuan, Siyu Hong, Rui Chang, Yajin Zhou, Wenbo Shen, Kui Ren
  ASPLOS 23 [PDF]

• 面向Java语言生态的软件供应链安全分析技术
  毛天宇，王星宇，常瑞，申文博，任奎
  软件学报[PDF]

2022

• Location Heartbleeding: The Rise of Wi-Fi Spoofing Attack Via Geolocation API
  Xiao Han, Junjie Xiong, Wenbo Shen, Zhuo Lu, Yao Liu
  ACM CCS 22 [PDF]

• Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms
  Yutian Yang, Wenbo Shen, Xun Xie, Kangjie Lu, Mingsen Wang, Tianyu Zhou, Chenggang Qin, Wang Yu, Kui Ren
  ACSAC 22[PDF] Distinguished Paper Award

• Automatic Permission Check Analysis for Linux Kernel
  Jinmeng Zhou, Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed Azab, Ruowen Wang, Peng Ning, Kui Ren
  Transactions on Dependable and Secure Computing (TDSC) [PDF]

• RegVault: Hardware Assisted Selective Data Randomization for Operating System Kernels
  Jinyan Xu, Haoran Lin, Ziqi Yuan, Wenbo Shen, Yajin Zhou, Rui Chang, Lei Wu, Kui Ren
  In Design Automation Conference (DAC 2022) [PDF]

• OPEC: Operation-based Security Isolation for Bare-metal Embedded Systems
  Xia Zhou, Jiaqi Li, Wenlong Zhang, Yajin Zhou, Wenbo Shen, Kui Ren
  In European Conference on Computer Systems (EuroSys 2022) [PDF]

2021

• Security Challenges in the Container Cloud
  Yutian Yang, Wenbo Shen, Bonan Ruan, Wenmao Liu, Kui Ren
  IEEE TPS 21 [PDF]
• Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization
  Nanzi Yang, Wenbo Shen, Jinku Li, Yutian Yang, Kangjie Lu, Jietao Xiao, Tianyu Zhou, Chenggang Qin, Wang Yu, Jianfeng Ma, Kui Ren
  ACM CCS 21 [PDF]
• FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution
  Qiang Liu, Cen Zhang, Lin Ma, Muhui Jiang, Yajin Zhou, Lei Wu, Wenbo Shen, Xiapu Luo, Yang Liu, Kui Ren
  In ASE 2021 [PDF]
• Practical Struct-Field based Forward-Edge Control-Flow Integrity for Kernel
  Jinmeng Zhou, Wenbo Shen, Xun Xie, Jiadong Sun, Kui Ren
  In AsiaCCS 21 [Poster] [Full Version]
• Revisiting Challenges for Selective Data Protection of Real Applications
  Lin Ma, Jinyan Xu, Jiadong Sun, Yajin Zhou, Xun Xie, Wenbo Shen, Rui Chang, Kui Ren
  In ApSys 21 [PDF]
• KALD: Detecting Direct Pointer Disclosure Vulnerabilities
  Brian Belleville, Wenbo Shen, Stijn Volckaert, Ahmed M. Azab, and Michael Franz
  In the Transactions on Dependable and Secure Computing (TDSC) [PDF]

2020 and before

• ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels
  Yutian Yang, Songbo Zhu, Wenbo Shen, Yajin Zhou, Jiadong Sun, Kui Ren
  In arxiv [PDF]
• Docker 组件间标准输入输出复制的 DoS 攻击分析
  周天昱，申文博，杨男子，李金库，秦承刚，喻望
  网络与信息安全学报 2020 [PDF]

• PESC: A Per System-Call Stack Canary Design for Linux Kernel
  Jiadong Sun, Xia Zhou, Wenbo Shen, Yajin Zhou, Kui Ren
  In CODASPY 20 [PDF]

• PeX: A Permission Check Analysis Framework for Linux Kernel
  Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed Azab, Ruowen Wang
  In USENIX Security 19 [PDF]
• PTrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
  Yaohui Chen, Dongliang Mu, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, Bing Mao
  In AsiaCCS 19 [PDF]

• Trustworthy Authentication for IoT with Human-and-Environment-in-the-Loop
  Jinsong Han, Feng Lin, Wenbo Shen, Kui Ren
  In SocialSens@CPSIoTWeek

• Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64
  Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed M. Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen
  In the IEEE Symposium on Security and Privacy (S&P’17), 2017 [PDF]

• SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android
  Ruowen Wang, Ahmed M. Azab, William Enck, Ninghui Li, Peng Ning, Xun Chen, Wenbo Shen, Yueqiang Cheng
  ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 [PDF] Distinguished Paper Award

• SKEE: A lightweight Secure Kernel-level Execution Environment for ARM
  Ahmed Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang and Peng Ning
  Network and Distributed System Security Symposium (NDSS), 2016 [PDF] Distinguished Paper Award

• Towards Proper Guard Zones for Link Signature
  Xiaofan He, Huaiyu Dai, Wenbo Shen, Peng Ning, Rudra Dutta
  IEEE Transactions on Wireless Communications, 2016 [PDF]

• Virtual Multipath Attack and Defense for Location Distinction in Wireless Networks
  Song Fang, Yao Liu, Wenbo Shen, Haojin Zhu, and Tao Wang
  IEEE Transactions on Mobile Computing (TMC), 2017 [PDF]

• No Time to Demodulate: Fast Physical Layer Verification of Friendly Jamming
  Wenbo Shen, Yao Liu, Xiaofan He, Huaiyu Dai, and Peng Ning
  International conference for military communications (MILCOM) 2015, [PDF]

• Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World
  Ahmed Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, Wenbo Shen
  In ACM Conference on Computer and Communications Security (CCS), 2014 [PDF]

• The Security of Link Signature: A View from Channel Models
  Xiaofan He, Huaiyu Dai, Yufan Huang, Dong Wang, Wenbo Shen, and Peng Ning
  In 2014 IEEE Conference on Communications and Network Security Workshop on Physical-layer Methods for Wireless Security, [PDF]

• MCR Decoding: A MIMO Approach for Defending Against Wireless Jamming Attacks
  Wenbo Shen, Peng Ning, Xiaofan He, Huaiyu Dai, and Yao Liu
  In 2014 IEEE Conference on Communications and Network Security Workshop on Physical-layer Methods for Wireless Security, 2014 [PDF]

• An Open Source Web-Mapping System for Tourism Planning and Marketing
  Stacy Supak, Hugh Devine, Gene Brothers, Samantha Rich and Wenbo Shen
  The Journal of Travel and Tourism Marketing, 2014

• Where Are You From? Confusing Location Distinction Using Virtual Multipath Camouflage
  Song Fang, Yao Liu, Wenbo Shen, and Haojin Zhu
  In Annual International Conference on Mobile Computing and Networking (MobiCom’14), 2014, [PDF]

• Is Link Signature Dependable for Wireless Security?
  Xiaofan He, Huaiyu Dai, Wenbo Shen, and Peng Ning
  In IEEE International Conference on Computer Communications (INFOCOM) Mini-Conference, 2013 [PDF]

• Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time
  Wenbo Shen, Peng Ning, Xiaofan He, and Huaiyu Dai
  In the IEEE Symposium on Security and Privacy (S&P ‘13), San Francisco, CA, 2013 [PDF]

Patents

• Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation, US 2017/0140148, 2017 [PDF]
• Apparatus and method for protection of critical embedded system components via hardware-isolated secure element-based monitor，US 2017/0098070, 2017 [[PDF]
• Apparatus and method for transparent, secure element-based mediation of on-board diagnostic operations，US 2017/0041290 A1, 2017 [PDF]
• Methods and apparatus to enable runtime checksum verification of block device images，US 2016/0092701, 2016 [PDF]