Li Juanru 李卷孺 (a.k.a Liarod RomanGol 诺慢)I am the director of Group of Software Security In Progress (G.O.S.S.I.P).
Email: mail@lijuanru.com Publications: DBLP Blog: 锡的心 Page at SJTU: page@SJTU or local copy |
2023: 华为火花奖 -- 华为云难题第三期难题3
2022: 移动互联网APP产品安全漏洞治理优秀案例(CSTC-APP-0004)-- 移动APP二维码扫码安全漏洞发现与修复
2020: Best Paper Award of SANER '20 -- SmartShield: Automatic Smart Contract Protection Made Easy
2018: 上海市科技进步奖一等奖,第三完成人
2017: 上海市计算机学会信息安全杰出论文奖 -- From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
2014: Hack.lu CTF -- 2nd place
2011: Forensic Challenge 9 - "Mobile Malware", 2nd place.
2010: Best student paper award -- E-Forensics 2010
Goshawk: Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis @ [IEEE S&P’22] IEEE Symposium on Security and Privacy, San Francisco CA, United States. May 22-26, 2022. [PDF] | [Website]
Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK @ [IEEE S&P’22] IEEE Symposium on Security and Privacy, San Francisco CA, United States. May 22-26, 2022. [PDF] | [Website]
SmartShield: Automatic Smart Contract Protection Made Easy @ [SANER’20, Best Paper Award!] IEEE International Conference on Software Analysis, Evolution and Reengineering, London, Ontario, Canada. February 18-21, 2020. [PDF] | [Website]
EthPloit: From Fuzzing to Efficient Exploit Generation against Smart Contracts @ [SANER’20] IEEE International Conference on Software Analysis, Evolution and Reengineering, London, Ontario, Canada. February 18-21, 2020. [PDF]
NLP-EYE: Detecting Memory Corruptions via Semantic-Aware Memory Operation Function Identification @ [RAID’19] International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [PDF]
K-Hunt: Pinpointing Insecure Cryptographic Keys in Execution Traces @ [CCS’18] ACM Conference on Computer and Communications Security, Toronto, Canada. October 15-19, 2018. [PDF]
BinMatch: A Semantics-based Hybrid Approach on Binary Code Clone Analysis @ [ICSME’18] International Conference on Software Maintenance and Evolution, Madrid, Spain. September 23-29, 2018. [PDF]
Nightingale: Translating Embedded VM Code in x86 Binary Executables @ [ISC’17] International Information Security Conference, Ho Chi Minh City, Vietnam, November 22-24, 2017. [PDF]
Embroidery: Patching Vulnerable Binary Code of Fragmentized Android Devices @ [ICSME’17] IEEE International Conference on Software Maintenance and Evolution, Shanghai, China. September 8-October 3, 2017. [PDF]
MIRAGE : Randomizing Large Chunk Allocation Via Dynamic Binary Instrumentation @ [DSC’17] IEEE Conference on Dependable and Secure Computing, Taipei, China. August 7-10, 2017. [PDF]
Binary Code Clone Detection across Architecturesand Compiling Configurations @ [ICPC’17] International Conference on Program Comprehension, Buenos Aires, Argentina. May 22-23, 2017. [PDF]
New Exploit Methods against Ptmalloc of Glibc @ [TrustCom’16] IEEE International Conference on Trust, Security and Privacy in Computing and Communications , Tianjin, China. August 23-26, 2016. [PDF]
Cross-Architecture Binary Semantics Understanding via Similar Code Comparison @ [SANER’16] IEEE International Conference on Software Analysis, Evolution, and Reengineering , Osaka, Japan. March 14-18, 2016. [PDF]
Medusa Attack: Exploring Security Hazards of In-App QR Code Scanning @ [USENIX Securiyt ’23] USENIX Security Symposium (USENIX Security) , Anaheim, CA, USA. August 9-11, 2023. [PDF] | [Website]
EvilScreen Attack: Smart TV Hijacking via Multi-channel Remote Control Mimicry @ [arXiv’22] arXiv:2210.03014 [cs.CR], Submitted on 6 Oct 2022. [PDF] | [Website]
SIMulation: Demystifying (Insecure) Cellular Network based One-Tap Authentication Services @ [DSN’22] IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Baltimore, Maryland, USA, June 27-30, 2022. [PDF] | [Website]
PEDroid: Automatically Extracting Patches from Android App Updates @ [ECOOP’22] European Conference on Object-Oriented Programming (ECOOP), Berlin, Germany, June 6 - July 7, 2022. [PDF]
Fine with "1234"? An Analysis of SMS One-Time Password Randomness in Android Apps @ [ICSE’21] International Conference on Software Engineering (ICSE), Virtual (originally in Madrid, Spain). May 25-28, 2021. [PDF]
Orchestration or Automation: Authentication Flaw Detection in Android Apps @ [TDSC] Transactions on Dependable and Secure Computing [PDF]
Certified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone Services @ [ACSAC’20] 2020 Annual Computer Security Applications Conference, Austin, Texas, USA, December 7-11, 2020. [PDF]
An Empirical Study of the SMS One-Time Password Authentication in Android Apps @ [ACSAC’19] 2019 Annual Computer Security Applications Conference, San Juan, December 9-13, 2019. [PDF]
Security analysis of third-party in-app payment in mobile applications @ [JISA] Journal of Information Security and Applications, Volume 48, October 2019. [PDF]
Finding Flaws from Password Authentication Code in Android Apps @ [ESORICS’19] The European Symposium on Research in Computer Security, Luxembourg. September 23-27, 2019. [PDF]
AppCommune: Automated Third-Party Libraries De-duplicating and Updating for Android Apps. @ [SANER’19] IEEE International Conference on Software Analysis, Evolution and Reengineering, Hangzhou, China. Februray 24-27, 2019. [PDF]
An Empirical Study of SDK Credential Misuse in iOS Apps @ [APSEC’18] Asia-Pacific Software Engineering Conference, Nara, Japan. December 4-7, 2018. [PDF]
Burn After Reading: Expunging Execution Footprints of Android Apps @ [NSS’18] International Conference on Network and System Security, Hong Kong, China. August 27-29, 2018. [PDF]
AppSpear: Automating the Hidden-Code Extraction and Reassembling of Packed Android Malware @ [JSS] Journal of Systems and Software. 140: 3-16 (2018). [PDF]
Oh-Pwn_VPN! Security Analysis of OpenVPN-based Android Apps @ [CANS’17] International Conference on Cryptology And Network Security , Hong Kong, China. November 29-December 2, 2017. [PDF]
NativeSpeaker: Identifying Crypto Misuses in Android Native Code Libraries @ [Inscrypt’17] International Conference on Information Security and Cryptology , Xi'an, China. November 3-5, 2017. [PDF]
Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps @ [NDSS’17] Network and Distributed System Security Symposium , San Diego, CA, USA. February 26-March 1, 2017. [PDF]
The Achilles' Heel of OAuth: A Multi-Platform Study of OAuth-based Authentication @ [ACSAC’16] Annual Computer Security Applications Conference , Los Angeles, CA, USA. December 5-9, 2016. [PDF]
An Empirical Study of Insecure Communication in Android Apps @ [Inscrypt’16] China International Conference on Information Security and Cryptology , Beijing, China, November 4-6, 2016. [PDF]
Open Sesame! Web Authentication Cracking via Mobile app Analysis @ [APWeb’16] Asia Pacific Web Conference , Suzhou, China. September 23-25, 2016. [PDF]
Vulnerability Assessment of OAuth Implementations in Android Applications @ [ACSAC’15] Annual Computer Security Applications Conference , Los Angeles, California, USA. December 7-11, 2015. [PDF]
SSG: Sensor Security Guard for Android Smartphones @ [CollaborateCom’15] EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing , Wuhan, China. November 10-11, 2015. [PDF]
AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware @ [RAID’15] International Symposium on Research in Attacks, Intrusions and Defenses , Kyoto, Japan. November 2–4, 2015. [PDF]
APKLancet: Tumor Payload Diagnosis and Purification for Android Applications @ [AsiaCCS’14] ACM Symposium on Information, Computer and Communications Security , Kyoto, Japan. June 4–6, 2014 [PDF]
EvilScreen Attack: Smart TV Hijacking via Multi-channel Remote Control Mimicry @ [arXiv’22] arXiv:2210.03014 [cs.CR], Submitted on 6 Oct 2022. [PDF] | [Website]
KingFisher: Unveiling Insecurely Used Credentials in IoT-to-Mobile Communications @ [DSN’22] IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Baltimore, Maryland, USA, June 27-30, 2022. [PDF] | [Website]
Control Parameters Considered Harmful: Detecting Range Specification Bugs in Drone Configuration Modules via Learning-Guided Search @ [ICSE ’22] International Conference on Software Engineering, Pittsburgh, PA, United States. May 22-27, 2022. [PDF]
Rethinking the Security of IoT From the Perspective of Developer Customized Device-cloud Interaction @ [SAC’22] ACM/SIGAPP Symposium on Applied Computing , Virtual Event. April 25-29, 2022. [PDF]
Understanding the security of app-in-the-middle IoT @ [CS] Computers & Security , Volume 97, October 2020, 102000. [PDF]
Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning @ [Wisec’18] ACM Conference on Security and Privacy in Wireless and Mobile Networks, Stockholm, Sweden. June 18-20, 2018. [PDF]
Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home Devices @ [CCSW-IoT S&P’17] ACM CCS Workshop on Internet of Things Security and Privacy , Dallas, TX, USA, November 3, 2017. [PDF]
Security Testing of Software on Embedded Devices Using x86 Platform @ [CollaborateComm’16] EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing , Beijing, China, November 12-13, 2016. [PDF]
Security Analysis of Vendor Customized Code in Firmware of Embedded Device @ [SecureComm’16] EAI International Conference on Security and Privacy in Communication Networks , Guangzhou, China, October 10-12, 2016. [PDF]
Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK @ [IEEE S&P’22] IEEE Symposium on Security and Privacy, San Francisco CA, United States. May 22-26, 2022. [PDF]
Re-check Your Certificates! Experiences and Lessons Learnt from Real-world HTTPS Certificate Deployments @ [NSS’21] International Conference on Network and System Security , Tianjin, China. October 23, 2021. [PDF]
Accelerating SM2 Digital Signature Algorithm using Modern Processor Features @ [ICICS’19] International Conference on Information and Communications Security , Beijing, China. December 15-17, 2019. [PDF]
K-Hunt: Pinpointing Insecure Cryptographic Keys in Execution Traces @ [CCS’18] ACM Conference on Computer and Communications Security , Toronto, Canada. October 15-19, 2018. [PDF]
Oh-Pwn_VPN! Security Analysis of OpenVPN-based Android Apps @ [CANS’17] International Conference on Cryptology And Network Security , Hong Kong, China. November 29-December 2, 2017. [PDF]
NativeSpeaker: Identifying Crypto Misuses in Android Native Code Libraries @ [Inscrypt’17] International Conference on Information Security and Cryptology , Xi'an, China. November 3-5, 2017. [PDF]
Open Sesame! Web Authentication Cracking via Mobile app Analysis @ [APWeb’16] Asia Pacific Web Conference , Suzhou, China. September 23-25, 2016. [PDF]
TagDroid: Hybrid SSL Certificate Verification in Android @ [ICICS’14] International Conference on Information and Communications Security , Hong Kong, China. December 16–17, 2014. [PDF]
iCryptoTracer: Dynamic Analysis on Misuse of Cryptography Functions in iOS Applications @ [NSS’14] International Conference on Network and System Security , Xi'an, China. October 15-17, 2014. [PDF]
Automatic Detection and Analysis of Encrypted Messages in Malware @ [Inscrypt’13] China International Conference on Information Security and Cryptology , Guangzhou, China, November 27-30, 2013. [PDF]
Detecting Encryption Functions via Process Emulation and IL-Based Program Analysis @ [ICICS’12] International Conference on Information Security and Cryptology , Hong Kong, China. October 29-31, 2012. [PDF]
Detection and Analysis of Cryptographic Data Inside Software @ [ISC’11] International Conference on Information Security , Xi'an, China, October 26-29, 2011. [PDF]
Re-check Your Certificates! Experiences and Lessons Learnt from Real-world HTTPS Certificate Deployments @ [NSS’21] International Conference on Network and System Security , Tianjin, China. October 23, 2021. [PDF]
Yet Another Traffic Black Hole: Amplifying CDN Fetching Traffic with RangeFragAmp Attacks @ [CollaborateCom’21] EAI International Conference on Collaborative Computing , Suzhou, China. October 15-17, 2021. [PDF]
PC Member:
19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2024)
18th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2023)
17th International Conference on Information Security and Cryptology (Inscrypt 2021)
Reviewer:
IEEE Transactions on Information Forensics and Security
IEEE Transactions on Dependable and Secure Computing
Network and Distributed System Security Symposium (NDSS): 2019
ACM Conference on Computer and Communications Security (CCS): 2018
ACM Asia Conference on Computer and Communications Security (ASIACCS): 2018
EAI International Conference on Security and Privacy in Communication Networks (SecureComm): 2018
Information Security Conference (ISC): 2018