My Google Scholar

Journal

  1. Stopping Memory Disclosures via Diversification and Replicated Execution [ Paper ]
    Kangjie Lu, Meng Xu, Chengyu Song, Taesoo Kim, and Wenke Lee. IEEE Transactions on Dependable and Secure Computing (TDSC), 2018.
  2. Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques [ Paper ]
    Meng Xu, Chengyu Song, Yang ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, and Taesoo Kim. ACM Computing Surveys (CSUR) 49(2), August 2016.

Conference and Workshop

  1. Can Textual Unlearning Solve Cross-Modality Safety Alignment? (to appear)
    Trishna Chakraborty, Erfan Shayegani, Zikui Cai, Nael Abu-Ghazaleh, Salman Asif, Yue Dong, Amit Roy-Chowdhury, Chengyu Song.
    In Proceedings of 2024 Conference on Empirical Methods in Natural Language Processing (EMNLP'24) Findings,
    Miami, FL, November 2024.
  2. PeTAL: Ensuring Access Control Integrity against Data-only Attacks on Linux [ Preprint | Code ]
    Juhee Kim, Jinbum Park, Yoochan Lee, Chengyu Song, Taesoo Kim, and Byoungyoung Lee.
    In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS'24),
    Salt Lake City, UT, October 2024.
  3. Don't Waste My Efforts: Pruning Redundant Sanitizer Checks of Developer-Implemented Type Checks [ Preprint | Code ]
    Yizhuo Zhai, Zhiyun Qian, Chengyu Song, Manu Sridharan, Trent Jaeger, Paul Yu, and Srikanth Krishnamurthy.
    In Proceedings of the 33rd USENIX Security Symposium (Security'24),
    Philadelphia, PA, August 2024.
  4. DNS Exfiltration Guided by Generative Adversarial Networks
    Abdulrahman Fahim, Shitong Zhu, Zhiyun Qian, Chengyu Song, Vagelis Papalexakis, Supriyo Chakraborty, Kevin Chan, Paul Yu, Trent Jaeger, and Srikanth Krishnamurthy. In Proceedings of 9th IEEE European Symposium on Security and Privacy (EuroSP'24),
    Vienna, Austria, July 2024.
  5. An Investigation of Patch Porting Practices of the Linux Kernel Ecosystem [ Preprint ]
    Xingyu Li, Zheng Zhang, Zhiyun Qian, Trent Jaeger, and Chengyu Song.
    In Proceedings of the 21st International Conference on Mining Software Repositories (MSR'24),
    Lisbon, Portugal, April 2024.
  6. K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel [ Paper | Code ]
    Zhengchuan Liang, Xiaochen Zou, Chengyu Song, and Zhiyun Qian.
    In Proceedings of the 2024 Network and Distributed System Security Symposium (NDSS'24),
    San Diego, CA, February 2024.
  7. Leveraging Local Patch Differences in Multi-Object Scenes for Generative Adversarial Attacks [ Preprint ]
    Abhishek Aich, Shasha Li, Chengyu Song, Salman Asif, Srikanth Krishnamurthy, and Amit Roy-Chowdhury.
    In Proceedings of the 2023 Winter Conference on Applications of Computer Vision (WACV'23),
    Waikoloa, HI, January 2023.
  8. GAMA: Generative Adversarial Multi-Object Scene Attacks [ Preprint ]
    Abhishek Aich, Calvin Khang-Ta, Akash Gupta, Chengyu Song, Srikanth Krishnamurthy, Salman Asif, and Amit Roy-Chowdhury.
    In Proceedings of the 36th Conference on Neural Information Processing Systems (NeurIPS'22),
    New Orleans, LA, November 2022.
  9. Blackbox Attacks via Surrogate Ensemble Search [ Preprint ]
    Zikui Cai, Chengyu Song, Srikanth Krishnamurthy, Amit Roy-Chowdhury, and Salman Asif.
    In Proceedings of the 36th Conference on Neural Information Processing Systems (NeurIPS'22),
    New Orleans, LA, November 2022.
  10. SymSan: Time and Space Efficient Concolic Execution via Dynamic Data-Flow Analysis [ Preprint | Code ]
    Ju Chen, Wookhyun Han, Mingjun Yin, Haochen Zeng, Chengyu Song, Byoungyong Lee, Heng Yin, and Insik Shin.
    In Proceedings of the 31st USENIX Security Symposium (Security'22),
    Boston, MA, August 2022.
  11. LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution [ Preprint ]
    Jian Liu, Lin Yi, Weiting Chen, Chengyu Song, Zhiyun Qian, and Qiuping Yi
    In Proceedings of the 31st USENIX Security Symposium (Security'22),
    Boston, MA, August 2022.
  12. Zero-Query Transfer Attacks on Context-Aware Object Detectors [ Preprint ]
    Zikui Cai, Shantanu Rane, Alejandro Brito, Chengyu Song, Srikanth Krishnamurthy, Amit Roy-Chowdhury, and Salman Asif
    In Proceedings of the 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR'22),
    New Orleans, LA, June 2022.
  13. Jigsaw: Efficient and Scalable Path Constraints Fuzzing [ Preprint | Code ]
    Ju Chen, Jinghan Wang, Chengyu Song, and Heng Yin
    In Proceedings of the 43rd IEEE Symposium on Security and Privacy (Oakland'22),
    San Francisco, CA, May 2022.
  14. Progressive Scrutiny: Incremental Detection of UBI bugs in the Linux Kernel [ Paper | Code ]
    Yizhuo Zhai, Yu Hao, Zheng Zhang, Weiteng Chen, Guoren Li, Zhiyun Qian, Chengyu Song, Manu Sridharan, Srikanth Krishnamurthy, Trent Jaeger, and Paul Yu
    In Proceedings of the 2022 Network and Distributed System Security Symposium (NDSS'22),
    San Diego, CA, April 2022.
  15. Context-Aware Transfer Attacks for Object Detection [ Preprint ]
    Zikui Cai, Xinxin Xie, Shasha Li, Mingjun Yin, Chengyu Song, Srikanth Krishnamurthy, Amit Roy-Chowdhury, and Salman Asif
    In Proceedings of 36th AAAI Conference on Artificial Intelligence (AAAI'22),
    February 2022.
  16. ADC: Adversarial attacks against object Detection that evade Context consistency checks [ Preprint ]
    Mingjun Yin*, Shasha Li*, Chengyu Song, Salman Asif, Amit Roy-Chowdhury, and Srikanth Krishnamurthy
    In Proceedings of the 2022 Winter Conference on Applications of Computer Vision (WACV'22),
    Waikoloa, HI, January 2022.
  17. Adversarial Attacks on Black Box Video Classifiers: Leveraging the Power of Geometric Transformations [ Preprint ]
    Shasha Li, Abhishek Aich, Shitong Zhu, Salman Asif, Chengyu Song, Amit Roy-Chowdhury, and Srikanth Krishnamurthy
    In Proceedings of the 35th Conference on Neural Information Processing Systems (NeurIPS'21),
    December 2021.
  18. Exploiting Multi-Object Relationships for Detecting Adversarial Attacks in Complex Scenes [ Preprint ]
    Mingjun Yin, Shasha Li, Zikui Cai, Chengyu Song, M. Salman Asif, Amit K. Roy-Chowdhury, and Srikanth V. Krishnamurthy
    In Proceedings of the 2021 International Conference of Computer Vision (ICCV'21),
    October 2021.
  19. Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing [ Paper | Code ]
    Jinghan Wang, Chengyu Song, and Heng Yin
    In Proceedings of the 2021 Network and Distributed System Security Symposium (NDSS'21),
    February 2021.
  20. UBITect: A Precise and Scalable Method to Detect Use-Before-Initialization bugs in Linux Kernel [ Paper | Code ]
    Yizhuo Zhai, Yu Hao, Hang Zhang, Daimeng Wang, Chengyu Song, Zhiyun Qian, Mohsen Lesani, Srikanth V. Krishnamurthy, and Paul Yu
    In Proceedings of the 2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE'20), Sacramento, CA, November 2020.
  21. CrFuzz: Fuzzing Multi-purpose Programs through Input Validation [ Paper ]
    Suhwan Song, Chengyu Song, Yeongjin Jang, and Byoungyoung Lee
    In Proceedings of the 2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE'20), Sacramento, CA, November 2020.
  22. SpecROP: Speculative Exploitation of ROP Chains [ Paper | Code ]
    Atri Bhattacharyya, Andres S. Marin, Esmaeil M. Koruyeh, Nael Abu-Ghazaleh, Chengyu Song, and Mathias Payer
    In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID'20),
    Donostia/San Sebastian, Spain, October 2020.
  23. Connecting the Dots: Detecting Adversarial Perturbations Using Context Inconsistency [ Preprint | Code ]
    Shasha Li, Shitong Zhu, Sudipta Paul, Amit K. Roy-Chowdhury, Chengyu Song, Srikanth V. Krishnamurthy, Ananthram Swami, and Kevin S. Chan
    In Proceedings of the 16th European Conference on Computer Vision (ECCV'20), August 2020.
  24. SPECCFI: CFI Informed Branch Prediction [ Paper | Presentation | Preprint ]
    Esmaeil M. Koruyeh, Shirin H. Shirazi, Khaled N. Khaswaneh, Chengyu Song, and Nael Abu-Ghazaleh
    In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland'20),
    San Francisco, CA, May 2020.
  25. KLOTSKI: Efficient Obfuscated Execution against Controlled-Channel Attacks [ Paper | Presentation | Code ]
    Pan Zhang, Chengyu Song, Heng Yin, Deqing Zou, Elaine Shi, and Hai Jin
    In Proceedings of the 25th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'20), Lausanne, Switzerland, March 2020.
  26. SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery [ Paper | Code ]
    Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Tracy D. Braun, and Kevin S. Chan
    In Proceedings of the 2020 Network and Distributed System Security Symposium (NDSS'20),
    San Diego, CA, February 2020.
  27. RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis [ Paper | Code ]
    Dongliang Mu, Wenbo Guo, Alejandro Cuevas, Yueqi Chen, Jinxuan Gai, Xinyu Xing, Bing Mao, and Chengyu Song
    In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE'19),
    San Diego, CA, November 2019.
  28. Principled Unearthing of TCP Side Channel Vulnerabilities [ Paper ]
    Yue Cao, Zhongjie Wang, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, and Paul Yu
    In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS'19),
    London, UK, November 2019.
  29. Be Sensitive and Collaborative: Analyzing Impact of Coverage Metrics in Greybox Fuzzing [ Paper | Code ]
    Jinghan Wang, Yue Duan, Wei Song, Heng Yin, and Chengyu Song
    In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID'19),
    Beijing, China, September 2019. ( Best Paper )
  30. Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation [ Paper ]
    Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun
    In Proceedings of the 28th USENIX Security Symposium (Security'19),
    Santa Clara, CA, August 2019.
  31. SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation [ Paper | Preprint ]
    Khaled N. Khasawneh, Esmaeil M. Koruyeh, Chengyu Song, Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh
    In Proceedings of the 2019 Design Automation Conference (DAC'19),
    Las Vegas, NV, June 2019.
  32. Figment: Fine-grained Permission Management for Mobile Apps [ Paper ]
    Ioannis Gasparis, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Rajiv Gupta, and Paul Yu
    In Proceedings of IEEE International Conference on Computer Communications (INFOCOM'19),
    Paris, France, April 2019.
  33. Stealthy Adversarial Perturbations Against Real-Time Video Classification Systems [ Paper ]
    Shasha Li, Ajaya Neupane, Sujoy Paul, Chengyu Song, Srikanth V. Krishnamurthy, Amit K. Roy-Chowdhury, and Ananthram Swami
    In Proceedings of the 2019 Network and Distributed System Security Symposium (NDSS'19),
    San Diego, CA, February 2019.
  34. IoTSan: Fortifying the Safety of IoT Systems [ Paper | Code ]
    Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, and Patrick McDaniel
    In Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies (CoNext'18), Heraklion/Crete, Greece, December 2018.
  35. IAC: On the Feasibility of Utilizing Neural Signals for Access Control [ Paper ]
    Md Lutfor Rahman, Ajaya Neupane, and Chengyu Song
    In Proceedings of the 2018 Annual Computer Security Applications Conference (ACSAC'18),
    San Juan, Puerto Rico, December 2018.
  36. Learning Tensor-based Representations from Brain-Computer Interface Data for Cybersecurity [ Paper ]
    Md Lutfor Rahman*, Sharmistha Bardhan*, Ajaya Neupane, Evangelos E. Papalexakis, and Chengyu Song
    In Proceedings of the European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML-PKDD'18), Dublin, Ireland, September 2018.
  37. Spectre Returns! Speculation Attacks using the Return Stack Buffer [ Paper ]
    Esmaiel M. Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh
    In Proceedings of the 12th USENIX Workshop on Offensive Technologies (WOOT'18),
    Baltimore, MD, August 2018. ( Best Paper )
  38. Droid M+: Developer Support for Imbibing Android’s New Permission Model [ Paper ]
    Ioannis Gasparis, Azeem Aqil, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Rajiv Gupta, and Edward Colbert
    In Proceedings of the 13th ACM ASIA Conference on Information, Computer and Communications Security (AsiaCCS'18),
    Incheon, Korea, June 2018.
  39. Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing [ Paper | Code ]
    Wookhyun Han, Byunggill Joe, Byoungyoung Lee, Chengyu Song, and Insik Shin
    In Proceedings of the 2018 Network and Distributed System Security Symposium (NDSS'18),
    San Diego, CA, February 2018.
  40. Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship [ Paper | Code ]
    Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy
    In ACM Internet Measurement Conference (IMC'17),
    London, UK, November 2017.
  41. Detecting Android Root Exploits by Learning from Root Providers [ Paper ]
    Ioannis Gasparis, Zhiyun Qian, Chengyu Song, and Srikanth V. Krishnamurthy
    In Proceedings of the 26th USENIX Security Symposium (Security'17),
    Vancouver, Canada, August 2017.
  42. Efficient Protection of Path-Sensitive Control Security [ Paper ]
    Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee
    In Proceedings of the 26th USENIX Security Symposium (Security'17),
    Vancouver, Canada, August 2017.
  43. UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages [ Paper | Code ]
    Kangjie Lu, Chengyu Song, Taesoo Kim, and Wenke Lee
    In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS'16),
    Vienna, Austria, October 2016.
  44. HDFI: Hardware-Assisted Data-flow Isolation [ Paper | Code ]
    Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek
    In Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland'16),
    San Jose, CA, May 2016.
  45. Enforcing Kernel Security Invariants with Data Flow Integrity [ Paper | Kernel | Analyzer ]
    Chengyu Song, Byoungyoung Lee, Kangjie Lu, William R. Harris, Taesoo Kim, and Wenke Lee
    In Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS'16),
    San Diego, CA, February 2016.
  46. VTrust: Regaining Trust on Virtual Calls [ Paper ]
    Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, and Dawn Song
    In Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS'16),
    San Diego, CA, February 2016.
  47. ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks [ Paper | Code ]
    Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee
    In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15),
    Denver, CO, October 2015.
  48. Cross-checking Semantic Correctness: The Case of Finding File System Bugs [ Paper | Code ]
    Changwoo Min, Sanidhya Kashyap, Byoungyoung Lee, Chengyu Song, and Taesoo Kim
    In Proceedings of the 25th ACM Symposium on Operating Systems Principles (SOSP'15),
    Monterey, CA, October 2015.
  49. Type Casting Verification: Stopping an Emerging Attack Vector [ Paper | Code ]
    Byoungyoung Lee, Chengyu Song, Taesoo Kim, and Wenke Lee
    In Proceedings of the 24th USENIX Security Symposium (Security'15),
    Washington, D.C., August 2015. ( 2015 Internet Defense Prize )
  50. JITScope: Protecting Web Users from Control-Flow Hijacking Attacks [ Paper ]
    Chao Zhang, Mehrdad Niknami, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, and Dawn Song
    In Proceedings of the 34th Annual IEEE International Conference on Computer Communications (INFOCOM'15),
    Hong Kong, China, April 2015.
  51. Exploiting and Protecting Dynamic Code Generation [ Paper | Code ]
    Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, and David Melski
    In Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS'15),
    San Diego, CA, February 2015.
  52. VTint: Protecting Virtual Function Tables' Integrity [ Paper ]
    Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, and Dawn Song
    In Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS'15),
    San Diego, CA, February 2015.
  53. Preventing Use-after-free with Dangling Pointers Nullification [ Paper ]
    Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee
    In Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS'15),
    San Diego, CA, February 2015. ( CSAW Best Applied Research Papers (3rd place) )
  54. A11y Attacks: Exploiting Accessibility in Operating Systems [ Paper ]
    Yeongjin Jang, Chengyu Song, Simon P. Chung, Tielei Wang, and Wenke Lee
    In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS'14),
    Scottsdale, AZ, November 2014.
  55. Mimesis Aegis: A Mimicry Privacy Shield [ Paper ]
    Billy Lau, Pak Ho Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, and Alexandra Boldyreva
    In Proceedings of the 23rd USENIX Security Symposium (Security'14),
    San Diego, CA, August 2014.
  56. Abusing Performance Optimization Weaknesses to Bypass ASLR [ Slides ]
    Byoungyoung Lee, Yeongjin Jang, Tielei Wang, Chengyu Song, Long Lu, Taesoo Kim, and Wenke Lee
    In BlackHat USA 2014,
    Las Vegas, NV, Auguest 2014.
  57. Diagnosis and Emergency Patch Generation for Integer Overflow Exploits [ Paper ]
    Tielei Wang, Chengyu Song, and Wenke Lee
    In Proceedings of the 11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'14),
    Egham, London, UK, July 2014.
  58. Mactans: Injecting Malware Into iOS Devices via Malicious Chargers [ Paper | Slides ]
    Billy Lau, Yeongjin Jang, Chengyu Song, Tielei Wang, Pak Ho Chung, and Paul Royal
    In BlackHat USA 2013,
    Las Vegas, NV, Auguest 2013.
  59. Flowers for Automated Malware Analysis [ Paper | Slides ]
    Chengyu Song and Paul Royal
    In BloackHat USA 2012,
    Las Vegas, NV, July 2012.
  60. Impeding Automated Malware Analysis with Environment-sensitive Malware [ Paper ]
    Chengyu Song, Paul Royal, and Wenke Lee
    In Proceedings of the 7th USENIX conference on Hot topics in Security (HotSec'12),
    Bellevue, WA, USA, August 2012.
  61. Preventing Drive-by Download via Inter-Module Communication Monitoring [ Paper ]
    Chengyu Song, Jianwei Zhuge, Xinhui Han, and Zhiyuan Ye
    In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (AsiaCCS'10),
    Beijing, China, April 2010.
  62. Studying Malicious Websites and the Undergrounding Economy on the Chinese Web [ Paper ]
    Jianwei Zhuge, Thorsen Holz, Chengyu Song, Jinpeng Guo, Xinhui Han, and Wei Zou
    In Proceedings of the 7th Workshop on the Economics of Information Security (WEIS'08),
    Hanover, NH, June, 2008.
  63. Collecting Autonomous Spreading Malware Using High-interaction Honeypot [ Paper ]
    Jianwei Zhuge, Thorsen Holz, Xinhui Han, Chengyu Song, and Wei Zou
    In Proceedings of the 9th International Conference on Information and Communications Security (ICICS'07),
    Zhengzhou, China, Dec 2007.
bar