Publications

A Systematic Study of Physical Sensor Attack Hardness
Hyungsub Kim, Rwitam Bandyopadhyay, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Yongdae Kim, Dongyan Xu.
To appear in Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), 2024
[PDF]

SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth
Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave Tian, Antonio Bianchi.
To appear in Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), 2024

Finding Traceability Attacks in the Bluetooth Low Energy Specification and Its Implementations
Jianliang Wu, Patrick Traynor, Dongyan Xu, Dave Jing Tian, Antonio Bianchi.
To appear in Proceedings of the USENIX Security Symposium (Usenix SEC), 2024

ATTention Please! An Investigation of the App Tracking Transparency Permission
Reham Mohamed, Arjun Arunasalam, Habiba Farrukh, Jason Tong, Antonio Bianchi, Z Berkay Celik.
To appear in Proceedings of the USENIX Security Symposium (Usenix SEC), 2024

Wear’s my Data? Understanding the Cross-Device Runtime Permission Model in Wearables
Doguhan Yeke, Muhammad Ibrahim, Güliz Seray Tuncay, Habiba Farrukh, Abdullah Imran, Antonio Bianchi, Z Berkay Celik.
To appear in Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), 2024

Crystallizer: A Hybrid Path Analysis Framework to Aid in Uncovering Deserialization Vulnerabilities
Prashast Srivastava, Flavio Toffalini, Kostyantyn Vorobyov, François Gauthier, Antonio Bianchi, Mathias Payer.
In Proceedings of the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE), 2023
[PDF]

Making Sense of Constellations: Methodologies for Understanding Starlink’s Scheduling Algorithms
Hammas Bin Tanveer, Mike Puchol, Rachee Singh, Antonio Bianchi, Rishab Nithyanand.
In Companion of the International Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2023
[PDF]

Demo: Discovering Faulty Patches in Robotic Vehicle Control Software
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu.
In Proceedings of the Inaugural ISOC Symposium on Vehicle Security and Privacy (VehicleSec), 2023
[PDF]

Short: Rethinking Secure Pairing in Drone Swarms
Muslum Ozgur Ozmen, Habiba Farrukh, Hyungsub Kim, Antonio Bianchi, Z. Berkay Celik.
In Proceedings of the Inaugural ISOC Symposium on Vehicle Security and Privacy (VehicleSec), 2023
[PDF]

AoT-Attack on Things: A security analysis of IoT firmware updates
Muhammad Ibrahim, Andrea Continella, Antonio Bianchi.
In Proceedings of The 8th IEEE European Symposium on Security and Privacy (EuroS&P 2023)
[PDF]

Fuzzing SGX enclaves via host program mutations
Arslan Khan, Muqi Zou, Kyungtae Kim, Dongyan Xu, Antonio Bianchi, Dave Jing Tian.
In Proceedings of The 8th IEEE European Symposium on Security and Privacy (EuroS&P 2023)
[PDF]

Building GPU TEEs using CPU Secure Enclaves with GEVisor
Xiaolong Wu, Dave Jing Tian, Chung Hwan Kim.
In Proceedings of The 14th Symposium on CLoud Computing (SoCC 2023)
[PDF]

ZBCAN: A Zero‑Byte CAN Defense System
Khaled Serag, Rohit Bhatia, Akram Faqih, Muslum Ozgur Ozmen, Vireshwar Kumar, Z. Berkay Celik, Dongyan Xu.
In Proceedings of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]

LocIn: Inferring Semantic Location from Spatial Maps in Mixed Reality
Habiba Farrukh, Reham Mohamed, Aniket Nare, Antonio Bianchi, Z. Berkay Celik.
In Proceedings of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]

Discovering Adversarial Driving Maneuvers against Autonomous Vehicles
Ruoyu Song, Muslum Ozgur Ozmen, Hyungsub Kim, Raymond Muller, Z. Berkay Celik, Antonio Bianchi.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]

ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
Siddharth Muralee, Igibek Koishybayev, Aleksandr Nahapetyan, Greg Tystahl, Brad Reaves, Antonio Bianchi, William Enck, Alexandros Kapravelos, Aravind Machiry.
In Proceedings of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]

PatchVerif: Discovering Faulty Patches in Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]

Fuzz The Power: Dual-role State Guided Black-box Fuzzing for USB Power Delivery
Kyungtae Kim, Sungwoo Kim, Kevin RB Butler, Antonio Bianchi, Rick Kennell, Dave Jing Tian.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]

That Person Moves Like A Car: Misclassification Attack Detection for Autonomous Systems Using Spatiotemporal Consistency
Yanmao Man, Raymond Muller, Ming Li, Z. Berkay Celik, Ryan Gerdes.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023

GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation
Hui Peng, Zhihao Yao, Ardalan Amiri Sani, Dave (Jing) Tian, Mathias Payer.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023

Intender: Fuzzing Intent-Based Networking with Intent-State Transition Guidance
Jiwon Kim, Benjamin E. Ujcich, Dave (Jing) Tian.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023

EC: Embedded Systems Compartmentalization via Intra-Kernel Isolation Arslan Khan, Dongyan Xu, Dave (Jing) Tian.
In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), 2023
[PDF]

Low-Cost Privilege Separation with Compile Time Compartmentalization for Embedded Systems Arslan Khan, Dongyan Xu, Dave (Jing) Tian.
In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), 2023
[PDF]

COLUMBUS: Android App Testing Through Systematic Callback Exploration
Priyanka Bose, Dipanjan Das, Saastha Vasan, Sebastiano Mariani, Ilya Grishchenko, Andrea Continella, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna. In Proceedings of the International Conference on Software Engineering (ICSE), 2023
[PDF]

DnD: Decompiling Deep Neural Network Compiled Binary
Ruoyu Wu, Taegyu Kim, Dave (Jing) Tian, Antonio Bianchi, Dongyan Xu
Black Hat Europe 2022

Demo: Policy-based Discovery and Patching of Logic Bugs in Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu.
In Proceedings of the Automotive and Autonomous Vehicle Security Workshop (AutoSec 2022)
[PDF]

DriveTruth: Automated Autonomous Driving Dataset Generation for Security Applications
Raymond Muller, Yanmao Man, Z. Berkay Celik, Ming Li, Ryan Gerdes
In Proceedings of the Automotive and Autonomous Vehicle Security Workshop (AutoSec 2022)

Physical Hijacking Attacks against Object Trackers
Raymond Muller, Yanmao Man, Z. Berkay Celik, Ming Li, Ryan Gerdes
In Proceedings of the ACM Conference on Computer and Communications Security (CCS 2022)

ShadowAuth: Backward-Compatible Automatic CAN Authentication for Legacy ECUs
Sungwoo Kim, Gisu Yeo, Taegyu Kim, Junghwan “John” Rhee, Yuseok Jeon, Antonio Bianchi, Dongyan Xu, and Dave (Jing) Tian.
In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIA CCS ’22), 2022
[PDF]

TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator
Trung Nguyen, Kyungtae Kim, Antonio Bianchi, Dave (Jing) Tian.
Black Hat 2022
[Slides], [Video]

DnD: A Cross-Architecture Deep Neural Network Decompiler
Ruoyu Wu, Taegyu Kim, Dave (Jing) Tian, Antonio Bianchi, Dongyan Xu
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2022
[PDF]

SARA: Secure Android Remote Authorization
Abdullah Imran, Habiba Farrukh, Muhammad Ibrahim, Z. Berkay Celik, Antonio Bianchi.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2022
[PDF]

One Fuzz Doesn’t Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction
Prashast Srivastava, Stefan Nagy, Matthew Hicks, Antonio Bianchi, Mathias Payer.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2022
[PDF]

PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu.
In Proceeding of the IEEE Symposium on Security and Privacy (S&P), 2022.
[PDF]

FUZZUSB: Hybrid Stateful Fuzzing of the Linux USB Gadget Stack
Kyungtae Kim, Ertza Warraich, Taegyu Kim, Byoungyoung Lee, Kevin Butler, Antonio Bianchi, Dave (Jing) Tian.
In Proceeding of the IEEE Symposium on Security and Privacy (S&P), 2022.
[PDF]

Formal Model-Driven Discovery of Bluetooth Protocol Design Vulnerabilities
Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi.
In Proceeding of the IEEE Symposium on Security and Privacy (S&P), 2022.
[PDF]Privacy-Preserving Localization using Enclaves Arslan Khan, Joseph I. Choi, Dave Jing Tian, Tyler Ward, Kevin R. B. Butler, Patrick Traynor, John M. Shea, and Tan F. Wong.
In IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), 2021
[PDF]

SafetyNot: on the usage of the SafetyNet attestation API in Android
Muhammad Ibrahim, Abdullah Imran, Antonio Bianchi.
In Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services, 2021.
[PDF]

Towards Improving Container Security by Preventing Runtime Escapes
Michael Reeves, Dave (Jing) Tian, Antonio Bianchi, Z. Berkay Celik.
In Proceeding of the IEEE Secure Development Conference (SecDev), 2021.
[PDF]

APPJITSU: Investigating the Resiliency of Android Applications
Onur Zungur, Antonio Bianchi, Gianluca Stringhini, Manuel Egele.
In Proceedings of the European IEEE Symposium on Security and Privacy (Euro S&P), 2021.
[PDF]

LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks
Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi.
In Proceedings of the USENIX Security Symposium (Security), 2021.
[PDF]

PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-metal Embedded Applications
Taegyu Kim, Vireshwar Kumar, Junghwan Rhee, Jizhou Chen, Kyungtae Kim, Chunghwan Kim, Dongyan Xu, and Dave (Jing) Tian.
In Proceedings of the USENIX Security Symposium (Security), 2021.
[PDF]

M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles
Arslan Khan, Hyubgsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, and Dave (Jing) Tian.
In Proceedings of the USENIX Security Symposium (Security), 2021.
[PDF]

Exposing New Vulnerabilities of Error Handling Mechanism in CAN
Khaled Serag, Rohit Bhatia, Vireshwar Kumar, Z. Berkay Celik, and Dongyan Xu.
In Proceedings of the USENIX Security Symposium (Security), 2021.
[PDF]

ATLAS: A Sequence-based Learning Approach for Attack Investigation
Abdulellah Alsaheel and Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Z. Berkay Celik, Xiangyu Zhang, and Dongyan Xu.
In Proceedings of the USENIX Security Symposium (Security), 2021.
[PDF]

SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening
Muhammad Abubakar, Adil Ahmad, Pedro Fonseca, and Dongyan Xu.
In Proceedings of the USENIX Security Symposium (Security), 2021.
[PDF]

PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu.
In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2021.
[PDF]

On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices
Zeyu Lei, Yuhong Nan, Yanick Fratantonio, Antonio Bianchi.
In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2021.
[PDF]

Evading Voltage-Based Intrusion Detection on Automotive CAN
Rohit Bhatia, Khaled Serag, Vireshwar Kumar, Z. Berkay Celik, Mathias Payer, and Dongyan Xu
In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2021.
[PDF]

S3: Side-channel Attack on Stylus Pencils Through Sensors
Habiba Farrukh, Tinghan Yang, Hanwen Xu, Yuxuan Yin, He Wang, Z. Berkay Celik.
In Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (ACM UbiComp), 2021.

BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, Dongyan Xu.
In Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), 2020.
Best Paper Award   —   CSAW’20 Applied Research Competition Finalist
[PDF]

BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy (BLE) Networks
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Mathias Payer, and Dongyan Xu.
In Proceedings of 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2020.
[PDF]

Exploring Syscall-Based Semantics Reconstruction of Android Applications
Dario Nisi, Antonio Bianchi, Yanick Fratantonio
In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
 [PDF]

Computer Science Department at Purdue University