Publications

  1. Weidong Zhu, Grant Hernandez, Washington Garcia, Dave (Jing) Tian, Sara Rampazzi, Kevin Butler. Minding The Semantic Gap for Effective Strorage-Based Ransomware Defense. 38th International Conference on Massive Storage Systems and Technology (MSST’24), Santa Clara, CA, USA, June 2024.
    (acceptance rate=TBD%)
  2. Muqi Zou, Arslan Khan, Ruoyu Wu, Han Gao, Antonio Bianchi, and Dave (Jing) Tian. D-Helix: A Generic Decompiler Testing Framework Using Symbolic Differentiation. 33rd USENIX Security Symposium (Security’24), Philadelphia, PA, USA, August 2024.
    (acceptance rate=TBD%)
  3. Jiwon Kim, Dave (Jing) Tian, Hamed Okhravi, and Benjamin E. Ujcich. Security Challenges of Intent-Based Networking. Communications of the ACM (CACM), 2024.
    (acceptance rate=TBD%)
  4. Jianliang Wu, Patrick Traynor,  Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi. Finding Traceability Attacks in the Bluetooth Low Energy Specification and Its Implementations. 33rd USENIX Security Symposium (Security’24), Philadelphia, PA, USA, August 2024.
    (acceptance rate=TBD%)
  5. Xiaolong Wu, Dave (Jing) Tian, and Chung Hwan Kim. Builing GPU TEEs using CPU Secure Enclaves with GEVisor. 14th ACM Symposium on Cloud Computing (SoCC’23), Santa Cruz, CA, USA, October 2023.
    (acceptance rate=TBD%)
  6. Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi. SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth. 45th IEEE Symposium on Security and Privacy (Oakland’24), San Francisco, CA, May 2024.
    (acceptance rate=TBD%)
  7. Kyungtae Kim, Sungwoo Kim, Kevin Butler, Antonio Bianchi, Rick Kennell, and Dave (Jing) Tian. Fuzz The Power: Dual-role State Guided Black-box Fuzzing for USB Power Delivery. 32nd USENIX Security Symposium (Security’23), Anaheim, CA, August 2023.
    (acceptance rate=TBD%)
  8. Arslan Khan, Muqi Zou, Kyungtae Kim, Dongyan Xu, Antonio Bianchi, and Dave (Jing) Tian. Fuzzing SGX Enclaves via Host Program Mutations. 8th IEEE European Symposium on Security and Privacy (EuroS&P’23), TU Delft, Netherland, July 2023.
    (acceptance rate=TBD%)
  9. Arslan Khan, Dongyan Xu, and Dave (Jing) Tian. EC: Embedded Systems Compartmentalization via Intra-Kernel Isolation. 44th IEEE Symposium on Security and Privacy (Oakland’23), San Francisco, CA, May 2023.
    (acceptance rate=TBD%)
  10. Arslan Khan, Dongyan Xu, and Dave (Jing) Tian. Low-Cost Privilege Separation with Compile Time Compartmentalization for Embedded Systems. 44th IEEE Symposium on Security and Privacy (Oakland’23), San Francisco, CA, May 2023.
    (acceptance rate=TBD%)
  11. Jiwon Kim, Benjamin E. Ujcich, and Dave (Jing) Tian. Fuzzing Intent-Based Networking with Intent-State Transition Guidance. 32nd USENIX Security Symposium (Security’23), Anaheim, CA, August 2023.
    (acceptance rate=TBD%)
  12. Ruoyu Wu, Taegyu Kim, Dave (Jing) Tian, Antonio Bianchi, and Dongyan Xu. DnD: Decompiling Deep Neural Network Compiled Binary. 25th Black Hat Europe (BH-EU’22), Excel London, UK, December 2022.
    (acceptance rate=TBD%)
  13. Hui Peng, Zhihao Yao, Ardalan Amiri Sani, Dave (Jing) Tian, and Mathias Payer. GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation. 32nd USENIX Security Symposium (Security’23), Anaheim, CA, August 2023.
    (acceptance rate=TBD%)
  14. Trung Nguyen, Kyungtae Kim, Antonio Bianchi, and Dave (Jing) Tian. TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator. 25th Black Hat USA (BH-USA’22), Mandalay Bay/Las Vegas, NV, August 2022.
    (acceptance rate=TBD%)
  15. Ruoyu Wu, Taegyu Kim, Dave (Jing) Tian, Antonio Bianchi, and Dongyan Xu. DnD: A Cross-Architecture Deep Neural Network Decompiler. 31st USENIX Security Symposium (Security’22), Boston, MA, August 2022.
    (acceptance rate=17.2%)
  16. Taegyu Kim, Aolin Ding, Sriharsha Etigowni, Pengfei Sun, Jizhou Chen, Luis Garcia, Saman Zonouz, Dongyan Xu, and Dave (Jing) Tian. Reverse Engineering and Retrofitting Robotic Aerial Vehicle Control Firmware using DisPatch. 20th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys’22), Portland, Oregon, June 2022.
    (acceptance rate=21.6%)
  17. Tuba Yavuz, Farhaan Fowze, Grant Hernandez, Yihang Bai, Kevin Butler, and Dave (Jing) Tian. ENCIDER: Detecting Timing and Cache Side Channels in SGX Enclaves and Cryptographic API. IEEE Transactions on Dependable and Secure Computing (TDSC’22), 2022.
    (acceptance rate=journal)
  18. Sungwoo Kim, Gisu Yeo, Taegyu Kim, Junghwan “John” Rhee, Yuseok Jeon, Antonio Bianchi, Dongyan Xu, and Dave (Jing) Tian. ShadowAuth: Backward-Compatible Automatic CAN Authentication for Legacy ECUs. 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS’22), Nagasaki, Japan, May/June 2022.
    (acceptance rate=18.4%)
  19. Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi. Formal Model-Driven Discovery of Bluetooth Protocol Design Vulnerabilities. 43rd IEEE Symposium on Security and Privacy (Oakland’22), San Francisco, CA, May 2022.
    (acceptance rate=14.5%)
  20. Kyungtae Kim, Taegyu Kim, Ertza Warraich, Byoungyoung Lee, Kevin Butler, Antonio Bianchi, and Dave (Jing) Tian. FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks. 43rd IEEE Symposium on Security and Privacy (Oakland’22), San Francisco, CA, May 2022.
    (acceptance rate=14.5%)
  21. Arslan Khan, Joseph I. Choi, Dave (Jing) Tian, Tyler Ward, Kevin Butler, Patrick Traynor, John M. Shea, and Tang Wong. Privacy-Preserving Localization Using Enclaves. 12th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON’21), Virtual, Dec 2021.
    (acceptance rate=TBD%) (Best Presentation Award)
  22. Michael Reeves, Dave (Jing) Tian, Antonio Bianchi, and Berkay Celik. Towards Improving Container Security by Preventing Runtime Escapes. 6th IEEE Secure Development Conference (SecDev’21), Virtual, Oct 2021.
    (acceptance rate=TBD%)
  23. Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer,  Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi. LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks. 30th USENIX Security Symposium (Security’21), Vancouver, Canada, August 2021.
    (acceptance rate=18.8%)
  24. Arslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, and Dave (Jing) Tian. M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles. 30th USENIX Security Symposium (Security’21), Vancouver, Canada, August 2021.
    (acceptance rate=18.8%)
  25. Taegyu Kim, Vireshwar Kumar, Junghwan Rhee, Jizhou Chen, Kyungtae Kim, Chung Hwan Kim, Dongyan Xu, and Dave (Jing) Tian. PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-metal Embedded Applications. 30th USENIX Security Symposium (Security’21), Vancouver, Canada, August 2021.
    (acceptance rate=18.8%)
  26. Xiaolong Wu, Yang Yi, Dave (Jing) Tian, and Jiajia Li. Generic, Sparse Tensor Core for Neural Networks. 1st International Workshop on Machine Learning for Software Hardware Co-Design (MLSH’20), Virtual, USA, October 2020.
    (acceptance rate=TBD%)
  27. Kyungtae Kim, Chung Hwan Kim, Junghwan Rhee, Xiao Yu, Haifeng Chen, Dave (Jing) Tian, and Byoungyoung Lee. Vessels: Efficient and Scalable Deep Learning Prediction on Trusted Processors. 11th ACM Symposium on Cloud Computing (SoCC’20), Renton, WA, USA, October 2020.
    (acceptance rate=24.5%)
  28. Riccardo Paccagnella, Kevin Liao, Dave (Jing) Tian, and Adam Bates. Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks. 27th ACM Conference on Computer and Communications Security (CCS’20), USA, November 2020.
    (acceptance rate=16.9%)
  29. Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, and Dongyan Xu. BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy. 14th Workshop on Offensive Technologies (WOOT’20), Boston, MA, August 2020.
    (acceptance rate=33.3%) (Best Paper Award, CSAW’20 Applied Research Competition Finalist)
  30. Taegyu Kim, Chung Hwan Kim, Altay Ozen, Fan Fei, Zhan Tu, Xiangyu Zhang, Xinyan Deng, Dave (Jing) Tian, and Dongyan Xu. From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAY29th USENIX Security Symposium (Security’20), Boston, MA, August 2020.
    (acceptance rate=16.3%)
  31. Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher W. Fletcher, Andrew Miller, and Dave (Jing) Tian. CUSTOS: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution. 27th ISOC Network and Distributed System Security Symposium (NDSS’20), San Diego, CA, Feb 2020.
    (acceptance rate=17.4%)
  32. Grant Hernandez, Dave (Jing) Tian, Anurag Swarnim Yadav, Byron J. Williams, and Kevin Butler. BigMAC: Fine-Grained Policy Analysis of Android Firmware29th USENIX Security Symposium (Security’20), Boston, MA, August 2020.
    (acceptance rate=16.3%)
  33. Farhaan Fowze, Dave (Jing) Tian, Grant Hernandez, Kevin Butler, and Tuba Yavuz. ProXray: Protocol Model Learning and Guided Firmware Analysis. IEEE Transactions on Software Engineering (TSE’19), 2019; 42th International Conference on Software Engineering (ICSE’20), Journal First, Seoul, South Korea, May 2020.
    (acceptance rate=journal) (Selected for Journal-First presentation at ICSE’20)
  34. Vanessa Frost, Dave (Jing) Tian, Christie Ruales, Vijay Prakash, Kevin Butler, and Patrick Traynor. Examining DES-based Cipher Suite Support within the TLS Ecosystem. 14th ACM ASIA Conference on Computer and Communications Security (ASIACCS’19), Auckland, New Zeland, July 2019.
    (acceptance rate=17%)
  35. Joseph Choi, Dave (Jing) Tian, Grant Hernandez, Christopher Patton, Benjamin Mood, Thomas Shrimpton, Kevin Butler, and Patrick Traynor. A Hybrid Approach to Secure Function Evaluation using SGX. 14th ACM ASIA Conference on Computer and Communications Security (ASIACCS’19), Auckland, New Zeland, July 2019.
    (acceptance rate=22% short paper)
  36. Grant Hernandez, Dave (Jing) Tian, Farhaan Fowze, Tuba Yavuz, Patrick Traynor, and Kevin Butler. Towards Automated Firmware Analysis in the IoT Era. IEEE Security and Privacy Magazine, 2019.
    (acceptance rate=invited)
  37. Dave (Jing) Tian, Joseph Choi, Grant Hernandez, Patrick Traynor, and Kevin Butler. A Practical Intel SGX Setting for Linux Containers in the Cloud. 9th ACM Conference on Data and Application Security and Privacy (CODASPY’19), Dallas, TX, USA, March 2019.
    (acceptance rate=23.5%) (Distinguished Poster Award (for poster accompanying the full paper))
  38. Dave (Jing) Tian, Grant Hernandez, Joseph Choi, Vanessa Frost, Peter Johnson, and Kevin Butler. LBM: A Security Framework for Peripherals within the Linux Kernel. 40th IEEE Symposium on Security and Privacy (Oakland’19), San Francisco, CA, May 2019.
    (acceptance rate=12.5%)
  39. Bradly Reaves, Luis Vargas, Nolen Scaife, Dave (Jing) Tian, Logan Blue, Patrick Traynor, and Kevin Butler. Characterizing the Security of the SMS Ecosystem with Public GatewaysACM Transactions on Privacy and Security (TOPS), Volume 22 Issue 1, December 2018.
    (acceptance rate=journal)
  40. Dave (Jing) Tian, Grant Hernandez, Joesph Choi, Vanessa Frost, Christie Ruales, Patrick Traynor, Hayawardh Vijaykumar, Lee Harrison, Amir Rahmati, Mike Grace, and Kevin Butler. ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem27th USENIX Security Symposium (Security’18), Baltimore, MD, August 2018.
    (acceptance rate=19.1%)
  41. Dave (Jing) Tian, Nolen Scaife, Deepak Kumar, Michael Bailey, Adam Bates, and Kevin Butler. SoK: ”Plug & Pray” Today — Understanding USB Insecurity in Versions 1 through C39th IEEE Symposium on Security and Privacy (Oakland’18), San Francisco, CA, May 2018.
    (acceptance rate=11.5%)
  42. Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, and Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution. 24th ACM Conference on Computer and Communications Security (CCS’17), Dallas, TX, USA October 2017.
    (acceptance rate=18.1%)
  43. Dave (Jing) Tian, Kevin R. B. Butler, Joseph I. Choi, Patrick D. McDaniel, and Padma Krishnaswamy. Securing ARP/NDP From the Ground UpIEEE Transactions on Information Forensics and Security (TIFS), Volume 12 Issue 9, September 2017.
    (acceptance rate=journal)
  44. Adam Bates, Dave (Jing) Tian, Grant Hernandez, Thomas Moyer, Kevin R. B. Butler, and Trent Jaeger. Taming the Costs of Trustworthy Provenance through Policy ReductionACM Transactions on Internet Technology (TOIT), Volume 17 Issue 4, September 2017.
    (acceptance rate=journal)
  45. Sriharsha Etigowni, Dave Tian, Grant Hernandez, Kevin Butler, and Saman Zonouz. CPAC: Securing Critical Infrastructure with Cyber-Physical Access Control32nd Annual Computer Security Applications Conference (ACSAC’16), Los Angeles, CA, USA, December 2016.
    (acceptance rate=22.8%)
  46. Dave (Jing) Tian, Adam Bates, Kevin Butler, and Raju Rangaswami. ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices23rd ACM Conference on Computer and Communications Security (CCS’16), Hofburg Palace, Vienna, Austria, October 2016.
    (acceptance rate=16.5%)
  47. Dave (Jing) Tian, Nolen Scaife, Adam Bates, Kevin Butler, and Patrick Traynor. Making USB Great Again with USBFILTER25th USENIX Security Symposium (Security’16), Austin, TX, USA, August 2016.
    (acceptance rate=15.5%)
  48. Bradley Reaves, Logan Blue, Dave Tian, Patrick Traynor, and Kevin Butler. Detecting SMS Spam in the Age of Legitimate Bulk Messaging. 9th ACM Security Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’16), Darmstadt, Germany, July 2016.
    (acceptance rate=35.0%)
  49. Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin Butler. Sending out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways. 2016 IEEE Symposium on Security and Privacy (Oakland’16), San Jose, CA, USA, May 2016.
    (acceptance rate=13.3%)
  50. Dave (Jing) Tian, Adam Bates, and Kevin Butler. Defending Against Malicious USB Firmware with GoodUSB. 31st Annual Computer Security Applications Conference (ACSAC’15), Los Angeles, CA, USA, December 2015.
    (acceptance rate=24.3%)
  51. Adam Bates, Dave Tian, Kevin Butler, and Thomas Moyer. Trustworthy Whole-System Provenance for the Linux Kernel. 24th USENIX Security Symposium (Security’15), Washington, DC, USA, August 2015.
    (acceptance rate=15.7%)
  52. Ethan Shernan, Henry Carter, Dave Tian, Patrick Traynor, and Kevin Butler. More Guidelines Than Rules: CSRF Vulnerabilities from Noncompliant OAuth 2.0 Implementations. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA’15), Milan, Italy, July 2015.
    (acceptance rate=22.7%)
  53. Jing (Dave) Tian, Kevin Butler, Patrick McDaniel, and Padma Krishnaswamy. Securing ARP from the Ground Up. 5th ACM Conference on Data and Application Security and Privacy (CODASPY’15), San Antonio, TX, USA, March 2015.
    (acceptance rate=33.3%)
  54. Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Dave Tian, Abdulrahman Alkhelaifi, and Kevin Butler. Securing SSL Certificate Verification through Dynamic Linking. 21st ACM Conference on Computer and Communications Security (CCS’14), Scottsdale, AZ, USA, November 2014.
    (acceptance rate=19.5%)

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.