Academic Papers
2024
CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon
Jiaxun Zhu, Minghao Lin, Tingting Yin, Zechao Cai, Yu Wang, Rui Chang, Wenbo Shen
ACM CCS 24 [PDF]Interp-flow Hijacking: Launching Non-control Data Attack via Hijacking eBPF Interpretation Flow
Qirui Liu, Wenbo Shen, Jinmeng Zhou, Zhuoruo Zhang, Jiayi Hu, Shukai Ni, Kangjie Lu and Rui Chang
ESORICS 24 [PDF] Distinguished Paper Award (1/535)DMAAUTH: A Lightweight Pointer Integrity-based Secure Architecture to Defeat DMA Attacks
Xingkai Wang, Wenbo Shen, Yujie Bu, Jinmeng Zhou, Yajin Zhou
USENIX Security Symposium 24 [PDF]LightZone: Lightweight Hardware-Assisted In-Process Isolation for ARM64
Ziqi Yuan, Siyu Hong, Ruorong Guo, Rui Chang, Mingyu Gao, Wenbo Shen, Yajin Zhou
Middleware 24 [PDF]PageJack: A Powerful Exploit Technique With Page-Level UAF
Jiayi Hu, Zhiyun Qian, Jinmeng Zhou, Qi Tang, Wenbo Shen
Black Hat USA 24 [PDF]A novel page-UAF exploit strategy
Jinmeng Zhou, Jiayi Hu, Wenbo Shen, Zhiyun Qian
Phrack Magazine [Link]Automated Data Binding Vulnerability Detection for Java Web Frameworks via Nested Property Graph
Xiaoyong Yan, Biao He, Wenbo Shen, Yu Ouyang, Kaihang Zhou, Xingjian Zhang, Xingyu Wang, Yukai Cao, Rui Chang
ISSTA 24[PDF]Bugs in Pods: Understanding Bugs in Container Runtime Systems
Jiongchi Yu, Xiaofei Xie, Cen Zhang, Sen Chen, Yuekang Li, Wenbo Shen
ISSTA 24[PDF]Atlas: Automating Cross-Language Fuzzing on Android Closed-Source Libraries
Hao Xiong, Qinming Dai, Rui Chang, Mingran Qiu, Renxiang Wang, Wenbo Shen, Yajin Zhou
ISSTA 24[PDF]ModuleGuard: Understanding and Detecting Module Conflicts in Python Ecosystem
Ruofan Zhu, Xingyu Wang, Chengwei Liu, Zhengzi Xu, Wenbo Shen, Rui Chang, Yang Liu
ICSE 24 [PDF]Demystifying Compiler Unstable Feature Usage and Impacts in the Rust Ecosystem
Chenghao Li, Yifei Wu, Wenbo Shen, Zichen Zhao, Rui Chang, Chengwei Liu, Yang Liu, Kui Ren
ICSE 24 [PDF]Towards Understanding and Defeating Abstract Resource Attacks for Container Platforms
Wenbo Shen, Yifei Wu, Yutian Yang, Qirui Liu, Nanzi Yang, Jinku Li, Kangjie Lu, Jianfeng Ma
TDSC [PDF]The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its Defense
Xiao Han, Junjie Xiong, Wenbo Shen, Mingkui Wei,Shangqing Zhao, Zhuo Lu, Yao Liu
TDSC [PDF]
2023
kCPA: Towards Sensitive Pointer Full Life Cycle Authentication for OS Kernels
Yutian Yang, Jinjiang Tu, Wenbo Shen, Songbo Zhu, Rui Chang, and Yajin Zhou
Transactions on Dependable and Secure Computing (TDSC) [PDF]Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications
Nanzi Yang, Wenbo Shen, Jinku Li, Xunqi Liu, Xin Guo, Jianfeng Ma
ACM CCS 23 [PDF]Travelling the Hypervisor and SSD: A Tag-Based Approach Against Crypto Ransomware with Fine-Grained Data Recovery
Boyang Ma, Yilin Yang, Jinku Li, Fengwei Zhang, Wenbo Shen, Yajin Zhou, Jianfeng Ma
ACM CCS 23 [PDF]A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel
Guoren Li, Hang Zhang, Jinmeng Zhou, Wenbo Shen, Yulei Sui, Zhiyun Qian
USENIX Security Symposium 23 [PDF]Demystifying Pointer Authentication on Apple M1
Zechao Cai, Jiaxun Zhu, Wenbo Shen, Yutian Yang, Rui Chang, Yu Wang, Jinku Li, Kui Ren
USENIX Security Symposium 23 [PDF]Apple PAC, Four Years Later: Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1
Zechao Cai, Jiaxun Zhu, Yutian Yang, Wenbo Shen, Yu Wang
Black Hat USA 23 [PDF]Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
Jietao Xiao, Nanzi Yang, Wenbo Shen, Jinku Li, Xin Guo, Zhiqiang Dong, Fei Xie, Jianfeng Ma
USENIX Security Symposium 23 [PDF]Ambush from All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines
Ziyue Pan, Wenbo Shen, Xingkai Wang, Yutian Yang, Rui Chang, Yao Liu, Chengwei Liu, Yang Liu, Kui Ren
Transactions on Dependable and Secure Computing (TDSC) [PDF]VDom: Fast and Unlimited Virtual Domains on Multiple Architectures
Ziqi Yuan, Siyu Hong, Rui Chang, Yajin Zhou, Wenbo Shen, Kui Ren
ASPLOS 23 [PDF]面向Java语言生态的软件供应链安全分析技术
毛天宇,王星宇,常瑞,申文博,任奎
软件学报[PDF]
2022
Location Heartbleeding: The Rise of Wi-Fi Spoofing Attack Via Geolocation API
Xiao Han, Junjie Xiong, Wenbo Shen, Zhuo Lu, Yao Liu
ACM CCS 22 [PDF]Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms
Yutian Yang, Wenbo Shen, Xun Xie, Kangjie Lu, Mingsen Wang, Tianyu Zhou, Chenggang Qin, Wang Yu, Kui Ren
ACSAC 22[PDF] Distinguished Paper Award (3/303)Automatic Permission Check Analysis for Linux Kernel
Jinmeng Zhou, Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed Azab, Ruowen Wang, Peng Ning, Kui Ren
Transactions on Dependable and Secure Computing (TDSC) [PDF]RegVault: Hardware Assisted Selective Data Randomization for Operating System Kernels
Jinyan Xu, Haoran Lin, Ziqi Yuan, Wenbo Shen, Yajin Zhou, Rui Chang, Lei Wu, Kui Ren
In Design Automation Conference (DAC 2022) [PDF]OPEC: Operation-based Security Isolation for Bare-metal Embedded Systems
Xia Zhou, Jiaqi Li, Wenlong Zhang, Yajin Zhou, Wenbo Shen, Kui Ren
In European Conference on Computer Systems (EuroSys 2022) [PDF]
2021
- Security Challenges in the Container Cloud
Yutian Yang, Wenbo Shen, Bonan Ruan, Wenmao Liu, Kui Ren
IEEE TPS 21 [PDF] - Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization
Nanzi Yang, Wenbo Shen, Jinku Li, Yutian Yang, Kangjie Lu, Jietao Xiao, Tianyu Zhou, Chenggang Qin, Wang Yu, Jianfeng Ma, Kui Ren
ACM CCS 21 [PDF] - FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution
Qiang Liu, Cen Zhang, Lin Ma, Muhui Jiang, Yajin Zhou, Lei Wu, Wenbo Shen, Xiapu Luo, Yang Liu, Kui Ren
In ASE 2021 [PDF] - Practical Struct-Field based Forward-Edge Control-Flow Integrity for Kernel
Jinmeng Zhou, Wenbo Shen, Xun Xie, Jiadong Sun, Kui Ren
In AsiaCCS 21 [Poster] [Full Version] - Revisiting Challenges for Selective Data Protection of Real Applications
Lin Ma, Jinyan Xu, Jiadong Sun, Yajin Zhou, Xun Xie, Wenbo Shen, Rui Chang, Kui Ren
In ApSys 21 [PDF] - KALD: Detecting Direct Pointer Disclosure Vulnerabilities
Brian Belleville, Wenbo Shen, Stijn Volckaert, Ahmed M. Azab, and Michael Franz
In the Transactions on Dependable and Secure Computing (TDSC) [PDF]
2020 and before
- ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels
Yutian Yang, Songbo Zhu, Wenbo Shen, Yajin Zhou, Jiadong Sun, Kui Ren
In arxiv [PDF] - Docker 组件间标准输入输出复制的 DoS 攻击分析
周天昱,申文博,杨男子,李金库,秦承刚,喻望
网络与信息安全学报 2020 [PDF] PESC: A Per System-Call Stack Canary Design for Linux Kernel
Jiadong Sun, Xia Zhou, Wenbo Shen, Yajin Zhou, Kui Ren
In CODASPY 20 [PDF]- PeX: A Permission Check Analysis Framework for Linux Kernel
Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed Azab, Ruowen Wang
In USENIX Security 19 [PDF] - PTrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
Yaohui Chen, Dongliang Mu, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, Bing Mao
In AsiaCCS 19 [PDF] Trustworthy Authentication for IoT with Human-and-Environment-in-the-Loop
Jinsong Han, Feng Lin, Wenbo Shen, Kui Ren
In SocialSens@CPSIoTWeekNorax: Enabling Execute-Only Memory for COTS Binaries on AArch64
Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed M. Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen
In the IEEE Symposium on Security and Privacy (S&P’17), 2017 [PDF]SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android
Ruowen Wang, Ahmed M. Azab, William Enck, Ninghui Li, Peng Ning, Xun Chen, Wenbo Shen, Yueqiang Cheng
ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 [PDF] Distinguished Paper AwardSKEE: A lightweight Secure Kernel-level Execution Environment for ARM
Ahmed Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang and Peng Ning
Network and Distributed System Security Symposium (NDSS), 2016 [PDF] Distinguished Paper AwardTowards Proper Guard Zones for Link Signature
Xiaofan He, Huaiyu Dai, Wenbo Shen, Peng Ning, Rudra Dutta
IEEE Transactions on Wireless Communications, 2016 [PDF]Virtual Multipath Attack and Defense for Location Distinction in Wireless Networks
Song Fang, Yao Liu, Wenbo Shen, Haojin Zhu, and Tao Wang
IEEE Transactions on Mobile Computing (TMC), 2017 [PDF]No Time to Demodulate: Fast Physical Layer Verification of Friendly Jamming
Wenbo Shen, Yao Liu, Xiaofan He, Huaiyu Dai, and Peng Ning
International conference for military communications (MILCOM) 2015, [PDF]Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World
Ahmed Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, Wenbo Shen
In ACM Conference on Computer and Communications Security (CCS), 2014 [PDF]The Security of Link Signature: A View from Channel Models
Xiaofan He, Huaiyu Dai, Yufan Huang, Dong Wang, Wenbo Shen, and Peng Ning
In 2014 IEEE Conference on Communications and Network Security Workshop on Physical-layer Methods for Wireless Security, [PDF]MCR Decoding: A MIMO Approach for Defending Against Wireless Jamming Attacks
Wenbo Shen, Peng Ning, Xiaofan He, Huaiyu Dai, and Yao Liu
In 2014 IEEE Conference on Communications and Network Security Workshop on Physical-layer Methods for Wireless Security, 2014 [PDF]An Open Source Web-Mapping System for Tourism Planning and Marketing
Stacy Supak, Hugh Devine, Gene Brothers, Samantha Rich and Wenbo Shen
The Journal of Travel and Tourism Marketing, 2014Where Are You From? Confusing Location Distinction Using Virtual Multipath Camouflage
Song Fang, Yao Liu, Wenbo Shen, and Haojin Zhu
In Annual International Conference on Mobile Computing and Networking (MobiCom’14), 2014, [PDF]Is Link Signature Dependable for Wireless Security?
Xiaofan He, Huaiyu Dai, Wenbo Shen, and Peng Ning
In IEEE International Conference on Computer Communications (INFOCOM) Mini-Conference, 2013 [PDF]- Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time
Wenbo Shen, Peng Ning, Xiaofan He, and Huaiyu Dai
In the IEEE Symposium on Security and Privacy (S&P ‘13), San Francisco, CA, 2013 [PDF]
Patents
- Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation, US 2017/0140148, 2017 [PDF]
- Apparatus and method for protection of critical embedded system components via hardware-isolated secure element-based monitor,US 2017/0098070, 2017 [[PDF]
- Apparatus and method for transparent, secure element-based mediation of on-board diagnostic operations,US 2017/0041290 A1, 2017 [PDF]
- Methods and apparatus to enable runtime checksum verification of block device images,US 2016/0092701, 2016 [PDF]