Publications

Book Chapters

  1. Automatically Identifying Trigger-based Behavior in Malware. [PDF]
    David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Pongsin Poosankam, Dawn Song, and Heng Yin.
    In Botnet Analysis and Defense, vol. 36 of Advances in Information Security Series, Wenke Lee, Cliff Wang, and David Dagon (editors), pp. 65-88, Springer, 2008.

Journals and Magazines

  1. Tool, Technique, and Tao in Computer Security Education.
    Zhenkai Liang and Jian Mao.
    In IEEE Reliability Magazine, August/September/October, 2015.
  2. A Framework for Practical Dynamic Software Updating.
    Gang Chen, Hai Jin, Deqing Zou, Zhenkai Liang, Bing Bing Zhou, and Hao Wang.
    To appear in IEEE Transactions on Parallel and Distributed Systems, accepted in April 2015.
  3. I Know Where You've Been: Geo-Inference Attacks via the Browser Cache.
    Yaoqi Jia, Xinshu Dong, Zhenkai Liang, and Prateek Saxena.
    In IEEE Internet Computing, Januany/February 2015.
  4. SafeStack: Automatically Patching Stack-based Buffer Overflow Vulnerabilities.
    Gang Chen, Hai Jin, Deqing Zou, Bing Bing Zhou, Zhenkai Liang, Weide Zheng, and Xuanhua Shi.
    To appear in IEEE Transactions on Dependable and Secure Computing (TDSC), (Accepted as of May 2013)
  5. DARWIN: An Approach for Debugging Evolving Programs. [PDF]
    Dawei Qi, Abhik Roychoudhury, Zhenkai Liang, and Kapil Vaswani.
    In ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 21, Issue 3, 2012.
  6. Alcatraz: An Isolated Environment for Experimenting with Untrusted Software. [PDF]
    Zhenkai Liang, Weiqing Sun, R.Sekar, and V.N. Venkatakrishnan.
    In ACM Transactions on Information and System Security (TISSEC), Volume 12, Issue 3, January 2009. 

Conferences

  1. Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks.
    Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang.
    To Appear in the IEEE Symposium on Security and Privacy, May 2016.
  2. Automatic Generation of Data-Oriented Exploits.
    Hong Hu, Zheng Leong Chua, Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang.
    In the 24th USENIX Security Symposium, Washington DC, August 2015.
  3. You Can’t Be Me: Enabling Trusted Paths & User Sub-Origins in Web Browsers.
    Enrico Budianto, Yaoqi Jia, Xinshu Dong, Prateek Saxena, and Zhenkai Liang.
    In the 17th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), Gothenburg, Sweden, September 2014.
  4. Understanding Complex Binary Loading Behaviors.
    Ting Dai,Mingwei Zhang, Roland Yap, and Zhenkai Liang.
    In the 19th International Conference on Engineering of Complex Computer Systems (ICECCS), August 2014
  5. DroidVault: A Trusted Data Vault for Android Devices.
    (Best Paper Award)
    Xiaolei Li, Hong Hu, Guangdong Bai, Yaoqi Jia, Zhenkai Liang, and Prateek Saxena. In the 19th International Conference on Engineering of Complex Computer Systems (ICECCS), Tianjin, China, August 2014.
  6. A Light-weight Software Environment for Confining Android Malware.
    Xiaolei Li, Guangdong Bai, Benjamin Thian, Zhenkai Liang, and Heng Yin.
    In the International Workshop on Trustworthy Computing, San Francisco, CA, June 2014.
  7. I Know Where You've Been: Geo-Inference Attacks via the Browser Cache.
    (Best Paper Award)
    Yaoqi Jia, Xinshu Dong, Zhenkai Liang, and Prateek Saxena.
    In the Web 2.0 Security & Privacy Workshop (W2SP), San Jose, CA, May 2014.
  8. TrustFound: Towards a Formal Foundation for Model Checking Trusted Computing Platforms.
    Guangdong Bai, Jianan Hao, Jianliang Wu, Yang Liu, Zhenkai Liang, and Andrew Martin.
    In the 19th International Symposium on Formal Methods (FM), Singapore, May 2014.
  9. AirBag: Boosting Smartphone Resistance to Malware Infection. [PDF]
    Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, and Xuxian Jiang.
    In the 21st Annual Network & Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.
  10. Protecting Sensitive Web Content from Client-side Vulnerabilities with Cryptons. [PDF]
    Xinshu Dong, Zhaofeng Chen, Hossein Siadati, Shruti Tople, Prateek Saxena, and Zhenkai Liang.
    In the 14th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.
  11. A Quantitative Evaluation of Privilege Separation in Web Browser Designs. [PDF]
    Xinshu Dong, Hong Hu, Prateek Saxena, and Zhenkai Liang.
    In the 18th European Symposium on Research in Computer Security (ESORICS), Egham, UK, September 2013.
  12. A Comprehensive Client-side Behavior Model for Diagnosing Attacks in Ajax Applications. [PDF]
    Xinshu Dong, Kailas Patil, Jian Mao, and Zhenkai Liang.
    In the 18th International Conference on Engineering of Complex Computer Systems (ICECCS), Singapore, July 2013.
  13. Enforcing System-Wide Control Flow Integrity for Exploit Detection and Diagnosis.[PDF]
    Aravind Prakash, Heng Yin and Zhenkai Liang.
    In the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hangzhou, China, May 2013.
  14. An Empirical Study of Dangerous Behaviors in Firefox Extensions. [PDF]
    Jiangang Wang, Xiaohong Li, Xuhui Liu, Xinshu Dong, Junjie Wang, Zhenkai Liang, and Zhiyong Feng.
    In the 15th Information Security Conference (ISC), Passau, Germany, September 2012.
  15. Codejail: Application-transparent Isolation of Libraries with Tight Program Interactions. [PDF]
    Yongzheng Wu, Sai Sathyanarayan, Roland Yap, and Zhenkai Liang.
    In the 17th European Symposium on Research in Computer Security (ESORICS), Pisa, Italy, September 2012.
  16. Tracking the Trackers: Fast and Scalable Dynamic Analysis of Web Content for Privacy Violations. [PDF]
    Minh Tran, Xinshu Dong, Zhenkai Liang, and Xuxian Jiang.
    In the 10th International Conference on Applied Cryptography and Network Security (ACNS), Singapore, June 2012.
  17. A Framework to Eliminate Backdoors from Response Computable Authentication. [PDF]
    Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Zhenkai Liang, and Wei Zou.
    In the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2012.
  18. Identifying and Analyzing Pointer Misuses for Sophisticated Memory-corruption Exploit Diagnosis. [PDF]
    Mingwei Zhang, Aravind Prakash, Xiaolei Li, Zhenkai Liang, and Heng Yin.
    In the 19th Annual Network & Distributed System Security Symposium (NDSS), San Diego, CA, February 2012.
  19. AdSentry: Comprehensive and Flexible Confinement of JavaScript-based Advertisements. [PDF]
    Xinshu Dong, Minh Tran, Zhenkai Liang, and Xuxian Jiang.
    In the 27th Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2011.
  20. Towards Fine-Grained Access Control in JavaScript Contexts. [PDF]
    Kailas Patil, Xinshu Dong, Xiaolei Li, Zhenkai Liang, and Xuxian Jiang.
    In the 31st IEEE International Conference on Distributed Computing Systems (ICDCS), Minneapolis, MN, June 2011.
  21. Jump-Oriented Programming: A New Class of Code-Reuse Attack. [PDF]
    Tyler Bletsch, Xuxian Jiang, Vince Freeh, and Zhenkai Liang.
    In the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hong Kong, China, March 2011.
  22. Heap Taichi: Exploiting Memory Allocation Granularity In Heap-spraying Attacks. [PDF]
    Yu Ding, Tao Wei, Tielei Wang, Zhenkai Liang, and Wei Zou.
    In the 25th Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 2010.
  23. Golden Implementation Driven Software Debugging. [PDF]
    Ansuman Banerjee, Abhik Roychoudhury, Johannes A. Harlie, and Zhenkai Liang.
    In the ACM SIGSOFT 18th International Symposium on Foundations of Software Engineering (FSE), Sata Fe, NM, November 2010.
  24. Test Generation to Expose Changes in Evolving Programs. [PDF]
    Dawei Qi, Abhik Roychoudhury, and Zhenkai Liang.
    In the 25th IEEE/ACM International Conference on Automated Software Engineering (ASE), September 2010.
  25. Transparent Protection of Commodity OS Kernels using Hardware Virtualization. [PDF]
    Michael Grace, Zhi Wang, Deepa Srinivasan, Jinku Li, Xuxian Jiang, Zhenkai Liang, and Siarhei Liakh.
    In the 6th International ICST Conference on Security and Privacy in Communication Networks (SecureComm), Singapore, September 2010.
  26. Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration. [PDF]
    Juan Caballero, Zhenkai Liang, Pongsin Poosankam, and Dawn Song.
    In the 12th International Symposium on Recent Advances in Intrusion Detection (RAID), Saint-Malo, France, September 2009.
  27. DARWIN: An Approach for Debugging Evolving Programs. [PDF]
    (Distinguished paper award)
    Dawei Qi, Abhik Roychoudhury, Zhenkai Liang, Kapil Vaswani.
    In the ESEC and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC-FSE), Amsterdam, the Netherlands, August 2009. (Acceptance rate: 14.7%)
  28. BitBlaze: A New Approach to Computer Security via Binary Analysis. [PDF] (*Invited keynote paper)
    Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena.
    In the 4th International Conference on Information Systems Security (ICISS), Hyderabad, India, December 2008.
  29. Expanding Malware Defense by Securing Software Installations. [PDF]
    Weiqing Sun, R. Sekar, Zhenkai Liang, and V.N. Venkatakrishnan.
    In the Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA), Paris, France, July 2008.
  30. AGIS: Automatic Generation of Infection Signatures. [PDF]
    Zhuowei. Li, Xiaofeng. Wang, Zhenkai Liang and Mike. K. Reiter.
    In the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Anchorage, AK, June 2008. 
  31. HookFinder: Identifying and Understanding Malware Hooking Behaviors. [PDF]
    Heng Yin, Zhenkai Liang, and Dawn Song.
    In the 15th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2008. (Acceptance rate: 17.8%)
  32. Polyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis. [PDF]
    Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Dong.
    In the 14th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2007. (Acceptance rate: 18%)
  33. Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation. [PDF]
    (Best paper award)
    David Brumley, Juan Caballero, Zhenkai Liang, James Newsome, and Dawn Song.
    In the 16th USENIX Security Symposium, Boston, MA, August 2007. (Acceptance rate: 12.3%)
  34. Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models. [PDF]
    Zhenkai Liang and R. Sekar.
    In the 21st Annual Computer Security Applications Conference (ACSAC), Tucson, AZ, December 2005. (Acceptance rate: 19.6%)
  35. Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers. [PDF]
    Zhenkai Liang and R. Sekar.
    In the 12th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, November 2005. (Acceptance rate: 15.2%)
  36. Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems. [PDF]
    Zhenkai Liang, R. Sekar, and Daniel C. DuVarney.
    In the USENIX Annual Technical Conference (short paper), Anaheim, CA, April 2005.
  37. One-way Isolation: An Effective Approach for Realizing Safe Execution Environments. [PDF]
    Weiqing Sun, Zhenkai Liang, R.Sekar, and V.N. Venkatakrishnan.
    In the 12th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2005. (Acceptance rate: 13%)
  38. Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs. [PDF]
    (Outstanding paper award)
    Zhenkai Liang, V.N. Venkatakrishnan, and R. Sekar.
    In the 19th Annual Computer Security Applications Conference (ACSAC), Las Vegas, NV, December 2003.
  39. An approach for Secure Software Installation. [PDF]
    V.N. Venkatakrishnan, R. Sekar, S. Tsipa, T. Kamat, and Z. Liang.
    In the 16th Large Installation System Administration Conference (LISA), Philadelphia, PA, November 2002.