[News] (11/03/2017) I gave a short talk on our recent work on emerging smart transportation system security in ACM FEAST workshop. The slides can be accessed here.
[News] (10/26/2017) Our paper on the first security analysis of the emerging Connected Vehicle (CV) based traffic signal control got into NDSS'18! We find that due to several newly-discovered vulnerabilties, even one single attack vehicle can greatly manipulate the intelligent traffic control algorithm, causing severe traffic jams.
[News] (08/02/2017) Our paper on the first systematic study of client-side name collision vulnerability got into CCS'17! We find that the name collision problem broadly breaks common security assumptions in internal network services today, causing widespread vulnerability exposure.
My research generally focuses on network and systems security. More specifically, my research interest includes software security, network protocol security, DNS system security, smartphone system security, CPS/IoT system security, access control system security, vulnerability discovery and analysis, side channel attack and defense. Most recently, my research focuses mainly on security problems in smart systems and IoT, e.g., smart home systems, smart transportation systems, and autonomous vehicle systems.
The major theme of my research is to proactively address security challenges through systematic problem analysis and design, leveraging techniques such as static/dynamic program analysis, software testing, and network measurement. My research has developed such approaches to systematically discover, analyze, detect, and fix vulnerabilities in a wide range of important computer systems and components such as smartphone OSes, network protocols, DNS, GUI systems, access control systems, and very recently intelligent traffic signal control systems.
[NDSS'18] Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao, and Henry X. Liu
To appear in the 25th Network and Distributed System Security Symposium (NDSS'18), San Diego, Feb. 2018. (acceptance rate 21.5% = 71/331)
[PDF (available upon request due to responsible disclosure process)] [BIB] [Project website] [Attack demos]
[CCS'17] Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao
Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS'17), Dallas, Oct. 2017. (acceptance rate 18.1% = 151/836)
[PDF] [BIB] [Slides] [Vulnerability responses (coming soon)]
[CCS'15] Static Detection of Packet Injection Vulnerabilities -- A Case for Identifying Attacker-controlled Implicit Information Leaks Qi Alfred Chen, Zhiyun Qian, Yunhan Jia, Yuru Shao, and Z. Morley Mao
Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15), Denver, Oct. 2015. (acceptance rate 19.8% = 128/646)
[PDF] [BIB] [Slides] [Vulnerability result website]
[IMC'15] QoE Doctor: Diagnosing Mobile App QoE with Automated UI Control and Cross-layer Analysis Qi Alfred Chen, Haokun Luo, Sanae Rosen, Z. Morley Mao, Karthik Iyer, Jie Hui, Kranthi Sontineni, and Kevin Lau
Proceedings of the 14th ACM Internet Measurement Conference (IMC'14), Vancouver, Canada, Nov. 2014. (acceptance rate 22.9% = 43/188)
[PDF] [BIB] [Slides] [Tool demos: Post status on Facebook, Post photos on Facebook]
[TRB'18] Vulnerability of Traffic Control System Under Cyber-Attacks Using Falsified Data Yiheng Feng, Shihong Huang, Qi Alfred Chen, Henry X. Liu, and Z. Morley Mao
To appear in Transportation Research Board 2018 Annual Meeting (TRB'18), Washington, D.C., Jan. 2018. (selected for journal publication with acceptance rate 20.0%)
[IV'17] Towards Secure and Safe Appified Automated Vehicles Yunhan Jack Jia, Ding Zhao, Qi Alfred Chen, and Z. Morley Mao
Proceedings of the 28th IEEE Intelligent Vehicles Symposium (IV'17), Redondo Beach, Jun. 2017. (selected for oral presentation with acceptance
[PDF] [BIB] [OpenAV project website]
[NDSS'17] ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, and Atul Prakash
Proceedings of the 24th Network and Distributed System Security Symposium (NDSS'17), San Diego, Feb. 2017. (acceptance rate 16.1% = 68/423)
[PDF] [BIB] [IoT malware taxonomy]
[NDSS'16] Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework Yuru Shao, Jason Ott, Qi Alfred Chen, Zhiyun Qian, and Z. Morley Mao
Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS'16), San Diego, Feb. 2016. (acceptance rate 15.4% = 60/389)
[PDF] [BIB] [Vulnerability result website]