Li Juanru (Liarod RomanGol) @ G.O.S.S.I.P

alt text 

Li Juanru 李卷孺 (a.k.a Liarod RomanGol 诺慢)

I am the director of Group of Software Security In Progress (G.O.S.S.I.P).

My research focuses on software security and cryptology. I work closely with Dr. Siqi Ma.

Email: romangol@lijuanru.com

Publications: DBLP

Blog: 锡的心

Page at SJTU: page@SJTU

Awards

Researches

Security Analysis and Protection of Code

  1. Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK​ @ [IEEE S&P’22]
    IEEE Symposium on Security and Privacy, San Francisco CA, United States. May 22-26, 2022.
    [PDF]

  2. SmartShield: Automatic Smart Contract Protection Made Easy​ @ [SANER’20, Best Paper Award!]
    IEEE International Conference on Software Analysis, Evolution and Reengineering, London, Ontario, Canada. February 18-21, 2020.
    [PDF]

  3. EthPloit: From Fuzzing to Efficient Exploit Generation against Smart Contracts​ @ [SANER’20]
    IEEE International Conference on Software Analysis, Evolution and Reengineering, London, Ontario, Canada. February 18-21, 2020.
    [PDF]

  4. NLP-EYE: Detecting Memory Corruptions via Semantic-Aware Memory Operation Function Identification​ @ [RAID’19]
    International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019.
    [PDF]

  5. K-Hunt: Pinpointing Insecure Cryptographic Keys in Execution Traces​ @ [CCS’18]
    ACM Conference on Computer and Communications Security, Toronto, Canada. October 15-19, 2018.
    [PDF]

  6. BinMatch: A Semantics-based Hybrid Approach on Binary Code Clone Analysis​ @ [ICSME’18]
    International Conference on Software Maintenance and Evolution, Madrid, Spain. September 23-29, 2018.
    [PDF]

  7. Nightingale: Translating Embedded VM Code in x86 Binary Executables​ @ [ISC’17]
    International Information Security Conference, Ho Chi Minh City, Vietnam, November 22-24, 2017.
    [PDF]

  8. Embroidery: Patching Vulnerable Binary Code of Fragmentized Android Devices​ @ [ICSME’17]
    IEEE International Conference on Software Maintenance and Evolution, Shanghai, China. September 8-October 3, 2017.
    [PDF]

  9. MIRAGE : Randomizing Large Chunk Allocation Via Dynamic Binary Instrumentation​ @ [DSC’17]
    IEEE Conference on Dependable and Secure Computing, Taipei, China. August 7-10, 2017.
    [PDF]

  10. Binary Code Clone Detection across Architecturesand Compiling Configurations​ @ [ICPC’17]
    International Conference on Program Comprehension, Buenos Aires, Argentina. May 22-23, 2017.
    [PDF]

  11. New Exploit Methods against Ptmalloc of Glibc ​ @ [TrustCom’16]
    IEEE International Conference on Trust, Security and Privacy in Computing and Communications , Tianjin, China. August 23-26, 2016.
    [PDF]

  12. Cross-Architecture Binary Semantics Understanding via Similar Code Comparison ​ @ [SANER’16]
    IEEE International Conference on Software Analysis, Evolution, and Reengineering , Osaka, Japan. March 14-18, 2016.
    [PDF]

Mobile Security

  1. Fine with "1234"? An Analysis of SMS One-Time Password Randomness in Android Apps​ @ [ICSE’21]
    International Conference on Software Engineering (ICSE), Virtual (originally in Madrid, Spain). May 25-28, 2021.
    [PDF]

  2. Orchestration or Automation: Authentication Flaw Detection in Android Apps​ @ [TDSC]
    Transactions on Dependable and Secure Computing
    [PDF]

  3. Certified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone Services​ @ [ACSAC’20]
    2020 Annual Computer Security Applications Conference, Austin, Texas, USA, December 7-11, 2020.
    [PDF]

  4. An Empirical Study of the SMS One-Time Password Authentication in Android Apps​ @ [ACSAC’19]
    2019 Annual Computer Security Applications Conference, San Juan, December 9-13, 2019.
    [PDF]

  5. Security analysis of third-party in-app payment in mobile applications​ @ [JISA]
    Journal of Information Security and Applications, Volume 48, October 2019.
    [PDF]

  6. Finding Flaws from Password Authentication Code in Android Apps​ @ [ESORICS’19]
    The European Symposium on Research in Computer Security, Luxembourg. September 23-27, 2019.
    [PDF]

  7. AppCommune: Automated Third-Party Libraries De-duplicating and Updating for Android Apps.​ @ [SANER’19]
    IEEE International Conference on Software Analysis, Evolution and Reengineering, Hangzhou, China. Februray 24-27, 2019.
    [PDF]

  8. An Empirical Study of SDK Credential Misuse in iOS Apps​ @ [APSEC’18]
    Asia-Pacific Software Engineering Conference, Nara, Japan. December 4-7, 2018.
    [PDF]

  9. Burn After Reading: Expunging Execution Footprints of Android Apps​ @ [NSS’18]
    International Conference on Network and System Security, Hong Kong, China. August 27-29, 2018.
    [PDF]

  10. AppSpear: Automating the Hidden-Code Extraction and Reassembling of Packed Android Malware @ [JSS]
    Journal of Systems and Software. 140: 3-16 (2018).
    [PDF]

  11. Oh-Pwn_VPN! Security Analysis of OpenVPN-based Android Apps ​ @ [CANS’17]
    International Conference on Cryptology And Network Security , Hong Kong, China. November 29-December 2, 2017.
    [PDF]

  12. NativeSpeaker: Identifying Crypto Misuses in Android Native Code Libraries ​ @ [Inscrypt’17]
    International Conference on Information Security and Cryptology , Xi'an, China. November 3-5, 2017.
    [PDF]

  13. Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps ​ @ [NDSS’17]
    Network and Distributed System Security Symposium , San Diego, CA, USA. February 26-March 1, 2017.
    [PDF]

  14. The Achilles' Heel of OAuth: A Multi-Platform Study of OAuth-based Authentication ​ @ [ACSAC’16]
    Annual Computer Security Applications Conference , Los Angeles, CA, USA. December 5-9, 2016.
    [PDF]

  15. An Empirical Study of Insecure Communication in Android Apps ​ @ [Inscrypt’16]
    China International Conference on Information Security and Cryptology , Beijing, China, November 4-6, 2016.
    [PDF]

  16. Open Sesame! Web Authentication Cracking via Mobile app Analysis ​ @ [APWeb’16]
    Asia Pacific Web Conference , Suzhou, China. September 23-25, 2016.
    [PDF]

  17. Vulnerability Assessment of OAuth Implementations in Android Applications ​ @ [ACSAC’15]
    Annual Computer Security Applications Conference , Los Angeles, California, USA. December 7-11, 2015.
    [PDF]

  18. SSG: Sensor Security Guard for Android Smartphones ​ @ [CollaborateCom’15]
    EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing , Wuhan, China. November 10-11, 2015.
    [PDF]

  19. APKLancet: Tumor Payload Diagnosis and Purification for Android Applications ​ @ [AsiaCCS’14]
    ACM Symposium on Information, Computer and Communications Security , Kyoto, Japan. June 4–6, 2014
    [PDF]

IoT Security

  1. Understanding the security of app-in-the-middle IoT ​ @ [CS]
    Computers & Security , Volume 97, October 2020, 102000.
    [PDF]

  2. Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning​ @ [Wisec’18]
    ACM Conference on Security and Privacy in Wireless and Mobile Networks, Stockholm, Sweden. June 18-20, 2018.
    [PDF]

  3. Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home Devices ​ @ [CCSW-IoT S&P’17]
    ACM CCS Workshop on Internet of Things Security and Privacy , Dallas, TX, USA, November 3, 2017.
    [PDF]

  4. Security Testing of Software on Embedded Devices Using x86 Platform ​ @ [CollaborateComm’16]
    EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing , Beijing, China, November 12-13, 2016.
    [PDF]

  5. Security Analysis of Vendor Customized Code in Firmware of Embedded Device ​ @ [SecureComm’16]
    EAI International Conference on Security and Privacy in Communication Networks , Guangzhou, China, October 10-12, 2016.
    [PDF]

Real-world Crypto Security

  1. Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK​ @ [IEEE S&P’22]
    IEEE Symposium on Security and Privacy, San Francisco CA, United States. May 22-26, 2022.
    [PDF]

  2. Accelerating SM2 Digital Signature Algorithm using Modern Processor Features ​ @ [ICICS’19]
    International Conference on Information and Communications Security , Beijing, China. December 15-17, 2019.
    [PDF]

  3. K-Hunt: Pinpointing Insecure Cryptographic Keys in Execution Traces ​ @ [CCS’18]
    ACM Conference on Computer and Communications Security , Toronto, Canada. October 15-19, 2018.
    [PDF]

  4. Oh-Pwn_VPN! Security Analysis of OpenVPN-based Android Apps ​ @ [CANS’17]
    International Conference on Cryptology And Network Security , Hong Kong, China. November 29-December 2, 2017.
    [PDF]

  5. NativeSpeaker: Identifying Crypto Misuses in Android Native Code Libraries ​ @ [Inscrypt’17]
    International Conference on Information Security and Cryptology , Xi'an, China. November 3-5, 2017.
    [PDF]

  6. Open Sesame! Web Authentication Cracking via Mobile app Analysis ​ @ [APWeb’16]
    Asia Pacific Web Conference , Suzhou, China. September 23-25, 2016.
    [PDF]

  7. TagDroid: Hybrid SSL Certificate Verification in Android ​ @ [ICICS’14]
    International Conference on Information and Communications Security , Hong Kong, China. December 16–17, 2014.
    [PDF]

  8. iCryptoTracer: Dynamic Analysis on Misuse of Cryptography Functions in iOS Applications ​ @ [NSS’14]
    International Conference on Network and System Security , Xi'an, China. October 15-17, 2014.
    [PDF]

  9. Automatic Detection and Analysis of Encrypted Messages in Malware ​ @ [Inscrypt’13]
    China International Conference on Information Security and Cryptology , Guangzhou, China, November 27-30, 2013.
    [PDF]

  10. Detecting Encryption Functions via Process Emulation and IL-Based Program Analysis ​ @ [ICICS’12]
    International Conference on Information Security and Cryptology , Hong Kong, China. October 29-31, 2012.
    [PDF]

  11. Detection and Analysis of Cryptographic Data Inside Software ​ @ [ISC’11]
    International Conference on Information Security , Xi'an, China, October 26-29, 2011.
    [PDF]

Professional Activities

Reviewer:

External Reviewer:

Links