Li Juanru (Liarod RomanGol) @ G.O.S.S.I.P

alt text 

Li Juanru 李卷孺 (a.k.a Liarod RomanGol 诺慢)

I am the director of Group of Software Security In Progress (G.O.S.S.I.P, 蜚语安全) at Shanghai Jiao Tong University (上海交通大学).

My research focuses on software security and cryptology. I work closely with Dr. Siqi Ma and Prof. Zhiqiang Lin.

Email: roman@sjtusec.com

Publications: DBLP

Blog: 锡的心

Awards

Researches

Security Analysis and Protection of Code

  1. NLP-EYE: Detecting Memory Corruptions via Semantic-Aware Memory Operation Function Identification​ @ [RAID’19]
    International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019.
    [PDF]

  2. K-Hunt: Pinpointing Insecure Cryptographic Keys in Execution Traces​ @ [CCS’18]
    ACM Conference on Computer and Communications Security, Toronto, Canada. October 15-19, 2018.
    [PDF]

  3. BinMatch: A Semantics-based Hybrid Approach on Binary Code Clone Analysis​ @ [ICSME’18]
    International Conference on Software Maintenance and Evolution, Madrid, Spain. September 23-29, 2018.
    [PDF]

  4. Nightingale: Translating Embedded VM Code in x86 Binary Executables​ @ [ISC’17]
    International Information Security Conference, Ho Chi Minh City, Vietnam, November 22-24, 2017.
    [PDF]

  5. Embroidery: Patching Vulnerable Binary Code of Fragmentized Android Devices​ @ [ICSME’17]
    IEEE International Conference on Software Maintenance and Evolution, Shanghai, China. September 8-October 3, 2017.
    [PDF]

  6. MIRAGE : Randomizing Large Chunk Allocation Via Dynamic Binary Instrumentation​ @ [DSC’17]
    IEEE Conference on Dependable and Secure Computing, Taipei, China. August 7-10, 2017.
    [PDF]

  7. Binary Code Clone Detection across Architecturesand Compiling Configurations​ @ [ICPC’17]
    International Conference on Program Comprehension, Buenos Aires, Argentina. May 22-23, 2017.
    [PDF]

  8. New Exploit Methods against Ptmalloc of Glibc ​ @ [TrustCom’16]
    IEEE International Conference on Trust, Security and Privacy in Computing and Communications , Tianjin, China. August 23-26, 2016.
    [PDF]

  9. Cross-Architecture Binary Semantics Understanding via Similar Code Comparison ​ @ [SANER’16]
    IEEE International Conference on Software Analysis, Evolution, and Reengineering , Osaka, Japan. March 14-18, 2016.
    [PDF]

Mobile Security

  1. An Empirical Study of the SMS One-Time Password Authentication in Android Apps​ @ [ACSAC’19]
    2019 Annual Computer Security Applications Conference, San Juan, December 9-13, 2019.
    [PDF]

  2. Security analysis of third-party in-app payment in mobile applications​ @ [JISA]
    Journal of Information Security and Applications, Volume 48, October 2019.
    [PDF]

  3. Finding Flaws from Password Authentication Code in Android Apps​ @ [ESORICS’19]
    The European Symposium on Research in Computer Security, Luxembourg. September 23-27, 2019.
    [PDF]

  4. AppCommune: Automated Third-Party Libraries De-duplicating and Updating for Android Apps.​ @ [SANER’19]
    IEEE International Conference on Software Analysis, Evolution and Reengineering, Hangzhou, China. Februray 24-27, 2019.
    [PDF]

  5. An Empirical Study of SDK Credential Misuse in iOS Apps​ @ [APSEC’18]
    Asia-Pacific Software Engineering Conference, Nara, Japan. December 4-7, 2018.
    [PDF]

  6. Burn After Reading: Expunging Execution Footprints of Android Apps​ @ [NSS’18]
    International Conference on Network and System Security, Hong Kong, China. August 27-29, 2018.
    [PDF]

  7. AppSpear: Automating the Hidden-Code Extraction and Reassembling of Packed Android Malware @ [JSS]
    Journal of Systems and Software. 140: 3-16 (2018).
    [PDF]

  8. Oh-Pwn_VPN! Security Analysis of OpenVPN-based Android Apps ​ @ [CANS’17]
    International Conference on Cryptology And Network Security , Hong Kong, China. November 29-December 2, 2017.
    [PDF]

  9. Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps ​ @ [NDSS’17]
    Network and Distributed System Security Symposium , San Diego, CA, USA. February 26-March 1, 2017.
    [PDF]

  10. The Achilles' Heel of OAuth: A Multi-Platform Study of OAuth-based Authentication ​ @ [ACSAC’16]
    Annual Computer Security Applications Conference , Los Angeles, CA, USA. December 5-9, 2016.
    [PDF]

  11. An Empirical Study of Insecure Communication in Android Apps ​ @ [Inscrypt’16]
    China International Conference on Information Security and Cryptology , Beijing, China, November 4-6, 2016.
    [PDF]

  12. Open Sesame! Web Authentication Cracking via Mobile app Analysis ​ @ [APWeb’16]
    Asia Pacific Web Conference , Suzhou, China. September 23-25, 2016.
    [PDF]

  13. Vulnerability Assessment of OAuth Implementations in Android Applications ​ @ [ACSAC’15]
    Annual Computer Security Applications Conference , Los Angeles, California, USA. December 7-11, 2015.
    [PDF]

  14. SSG: Sensor Security Guard for Android Smartphones ​ @ [CollaborateCom’15]
    EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing , Wuhan, China. November 10-11, 2015.
    [PDF]

IoT Security

  1. Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning​ @ [Wisec’18]
    ACM Conference on Security and Privacy in Wireless and Mobile Networks, Stockholm, Sweden. June 18-20, 2018.
    [PDF]

  2. Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home Devices ​ @ [CCSW-IoT S&P’17]
    ACM CCS Workshop on Internet of Things Security and Privacy , Dallas, TX, USA, November 3, 2017.
    [PDF]

  3. Security Testing of Software on Embedded Devices Using x86 Platform ​ @ [CollaborateComm’16]
    EAI International Conference on Collaborative Computing: Networking, Applications and Worksharing , Beijing, China, November 12-13, 2016.
    [PDF]

  4. Security Analysis of Vendor Customized Code in Firmware of Embedded Device ​ @ [SecureComm’16]
    EAI International Conference on Security and Privacy in Communication Networks , Guangzhou, China, October 10-12, 2016.
    [PDF]

Real-world Crypto Security

  1. Accelerating SM2 Digital Signature Algorithm using Modern Processor Features ​ @ [ICICS’19]
    International Conference on Information and Communications Security , Beijing, China. December 15-17, 2019.
    [PDF]

  2. K-Hunt: Pinpointing Insecure Cryptographic Keys in Execution Traces ​ @ [CCS’18]
    ACM Conference on Computer and Communications Security , Toronto, Canada. October 15-19, 2018.
    [PDF]

  3. Oh-Pwn_VPN! Security Analysis of OpenVPN-based Android Apps ​ @ [CANS’17]
    International Conference on Cryptology And Network Security , Hong Kong, China. November 29-December 2, 2017.
    [PDF]

  4. Open Sesame! Web Authentication Cracking via Mobile app Analysis ​ @ [APWeb’16]
    Asia Pacific Web Conference , Suzhou, China. September 23-25, 2016.
    [PDF]

  5. iCryptoTracer: Dynamic Analysis on Misuse of Cryptography Functions in iOS Applications ​ @ [NSS’14]
    International Conference on Network and System Security , Xi'an, China. October 15-17, 2014.
    [PDF]

  6. Automatic Detection and Analysis of Encrypted Messages in Malware ​ @ [Inscrypt’13]
    China International Conference on Information Security and Cryptology , Guangzhou, China, November 27-30, 2013.
    [PDF]

  7. Detecting Encryption Functions via Process Emulation and IL-Based Program Analysis ​ @ [ICICS’12]
    International Conference on Information Security and Cryptology , Hong Kong, China. October 29-31, 2012.
    [PDF]

  8. Detection and Analysis of Cryptographic Data Inside Software ​ @ [ISC’11]
    International Conference on Information Security , Xi'an, China, October 26-29, 2011.
    [PDF]

Professional Activities

Reviewer:

External Reviewer:

Links