Reading (Security)

The Security of Mobile OS

1. Landon P. Cox, et al., SpanDex: Secure Password Tracking for Android. In USENIX Security 2014.

Key words: implicit flow, symbolic execution.

2. Q. A. Chen, et al., Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks. In USENIX Security 2014.

Key words: UI state inference attacks.

3. X. Jin, et al., Code Injection Attacks on HTML5-based Mobile Apps Characterization, Detection and Mitigation. In ACM CCS 2014.

Key words: XSS attacks, code injection.

4. T. Wang, et al., On the Feasibility of Large-Scale Infections of iOS Devices. In USENIX Security 2014.

Key words: Man in the middle attack.

5. T. Wang, et al. JekyII on iOS: When Benign Apps Become Evil. USENIX Security 2013.

Key words: ROP in iOS.

Sanity Checks

1. Jonas Wagner, et al., High System-Code Security with Low Overhead. In IEEE S&P 2015.

Key words: sanity checks.

2. M. Abadi, et al., Control-flow Integrity: Principles, Implementations and Applications. In ACM TISS 2009.

Key words: control-flow integrity.

Code Reuse Attacks & Code Diversification

1. J. Seibert, et al., Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code. In ACM CCS 2014.

Key words: code reuse attacks, code diversification.

2. J. Dahse, et al., Code Reuse Attacks in PHP Automated POP Chain Generation. In ACM CCS 2014.

Key words: code reuse attacks, PHP object injection.

3. C. Giurida, et al., Enhanced Operating System Security through Efficient and Fine-grained Address Space Randomization. In USENIX Security 2012.

Key words: address space randomization (ASR), os-level vs. app-level ASR (brute force attacks usually cannot work in OS-level).

4. H. Shacham et al., On the Effectiveness of Address-Space Randomization. In ACM CCS 2004.

Key words: ASR, brute force attacks.

5. R. Roemer, et al., Return-oriented Programming: Systems, Languages and Applications. In ACM TISS 2012.

Key words: return-oriented programming.

6. C. Cowan et al., FormatGuard: Automatic Protection from printf Format String Vulnerabilities. In USENIX Security 2001.

Key words: format string attacks and defences.

7. C. Cowan et al., PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities. In USENIX Security 2003.

Key words: Pointer encryption, buffer overflow vulnerabilities.

8. N. Carlini et al., ROP is Still Dangerous Breaking Modern Defenses. In USENIX Security 2014.

Key words: defeating (1) call-preceded ROP defences (2) long gadget sequences defences (3) history inspection defenses.


1. X. Wang, et al., Oblivious Data Structures. In ACM CCS 2014.

Key words: oblivious data structures & algorithms, access pattern leakage.

2. C. Liu, et al., Memory Trace Oblivious Program Execution. In CSF 2013.

Key words: memory trace obliviousness.

Timing Channels

1. D. Zhang, et al., Language-based Control and Mitigation of Timing Channels. In ACM PLDI 2012.

Typical Security Vulnerability

1. The story of a simple and dangerous kernel bug. Local Version.

Key words: unchecked deref.

2. Linux vmsplice vulnerabilities. Local Version.

Key words: unchecked deref.

3. OpenBSD's IPv6 mbufs remote kernel buffer overflow. Local Version.

Key words: stack buffer overflow.

4. Heap Overflow Attacks. Local Version.

Key words: heap buffer overflow.

Memory Image Forensics

1. Brendan Saltaformaggio et al., DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse. In SEUNIX Security 2014.

Key word: scanner identification.

2. M. Carbone, et al., Mapping kernel objects to enable systematic integrity checking. In ACM CCS 2009.

Key word: structure-invariant-based & signature-based brute force scanning.

3. B. Dolan-Gavitt, et al., Robust signatures for kernel data structures. In ACM CCS 2009.

Key word: value-invariant-based & signature-based brute force scanning.

4. R. Walls, et al., Forensic triage for mobile phones with dec0de. In USENIX Security 2011.

Key word: value-invariant-based & signature-based brute force scanning.

5. D. Kirat, et al., BareCloud Bare-metal Analysis-based Evasive Malware Detection. In USENIX Security 2014.

Key word: behavior comparison.

Domain Specific Language

1. A. Johnsoon, et al., Exploring and Enforcing Security Guarantees via Program Dependence Graphs. In PLDI 2015.


1. F. Peng, et al., X-Force: Force-Executing Binary Programs for Security Applications. In USENIX Security 2014.

Key word: forcing execution of arbitrary branches.