[News] (06/2020) [Usenix Security'20] Our paper on the first security analysis of Multi-Sensor Fusion (MSF) based localization in autonomous driving got into Usenix Security'20! Discovered a novel & general attack, FusionRipper, that can fundamenally defeat MSF design principle! Attack demos are in our project website. Earlier version of this work also won the NDSS'19 Distinguished Poster Presentation Award.
[News] (06/2020) [Usenix Security'20] Our paper on the first general adversarial sensor attack & defense for LiDAR-based perception in autonomous driving got into Usenix Security'20! Discovered a general black-box attack based on LiDAR spoofing, and designed novel physical invariants based defense at both system & DNN model levels! More details in our project website.
[News] (02/2019) [Award] Our poster "Security of Deep Learning based Lane Keeping Assistance System under Physical-World Adversarial Attack" wins the NDSS 2020 Best Technical Poster Award (top 1/30)! Congratulations to my students Takami, Junjie, and Ningfei! Junjie has been winning NDSS Best Poster Award for 2 consecutive years, bravo!
[News] (02/2020) [EuroS&P'20] Our paper on the first study of publish-subscribe overprivilege vulnerability in autonomous driving software got into EuroS&P'20! It's the first to discover this new class of domain-specific vulnerability, and contributes not only a novel static detection method but also an efficient & module-transparent defense solution! Website & attack demos coming soon.
[News] (02/2020) [EuroSys'20] Our paper on the first study of real-world challenges in deploying ML-based smartphone malware detection at market scale got into EuroSys'20 (top-tier conference in computer systems)!
[News] (01/2020) CTF team from Cyber@UCI placed 4th out of 18 teams in National Collegiate Cyber Defense Competition (CCDC) Qualifiers, and moved on to the Western Region Final! So proud!
[News] (01/2020) [NDSS'20] Our paper on reverse engineering CAN bus commands using mobile apps got into NDSS'20! It's the first cost-effective (no real car needed) & automatic (no human intervention required) approach for reverse engineering CAN bus commands!
[News] (12/2019) [ICLR'20] Our paper on the first adversarial physical-world attack against object tracking in autonomous driving got into ICLR'20 (top-tier conference in machine learning)!
[News] (12/2019) [ICSE'20] Our paper on the first comprehensive study of autonomous driving software bugs got into ICSE'20 (top-tier conference in software engineering)!
[News] (11/2019) [Usenix Security'20] Our paper on the first security analysis of car IoT dongles got into Usenix Security'20! Identified 5 types of security vulnerabilities that can cause safety threat and car theft, with 4 CVEs newly generated (and more to come)!
[News] (11/2019) [News Coverage] Our ACM CCS'19 work on attacking LiDAR-based perception in self-driving cars is recognized by Forbes: Five Components Of Autonomous Car Security
[News] (09/2019) [CCS'19] Our paper on the first effective & light-weight PowerShell deobfuscation and attack detection got into ACM CCS'19!
[News] (08/2019) [Award] My HotSec'19 talk on self-driving and smart transportation security won 2 out of 4 awards (Most Amusing & Most Engaging)! More details: Professor Chen’s Talk on Self-Driving Security Wins HotSec Awards.
[News] (07/2019) Please check out the project website and attack demo for our new ACM CCS'19 work on autonomous driving systems security! A collection of our recent research progress in this space is here: Connected and Autonomous Vehicle Systems Security.
[News] (04/2019) [CCS'19] Our paper on the first security analysis of LiDAR-based perception in autonomous driving got into ACM CCS'19!
[News] (03/2019) [MobiSys'19*2] Two papers accepted by MobiSys'19! One is about capturing and characterizing emerging fileless IoT malware, and the other is about market-scale detection of UI-based Android malware.
[News] (03/2019) I am co-chairing the first ACM Workshop on Automotive Cybersecurity (AutoSec) in conjuction with ACM CODASPY 2019, and will give a tutorial on "The Dawn of Systems Security Research in Connected and Automated Vehicles". Please join us on March 27 to build a community on automotive and transportation systems security together!
[News] (02/2019) [Award] Our poster "Security Analysis of Multi-Sensor Fusion based Localization in Autonomous Vehicles" wins the NDSS 2019 Distinguished Poster Presentation! Congratulations, Junjie!
[News] (02/2019) [Award] Thrilled to learn that my Ph.D. dissertation is selected to receive the 2018 ProQuest Distinguished Dissertation Award! It recognizes top 10 dissertations across all graduate schools in U of Michigan ranging from science and engineering to archaeology and history.
[News] (02/2019) My NSF proposal about automated security analysis of emerging smart transportation software is awarded! Excited to keep exploring security problems in emerging Connected and Autonomous Vehicle technology.
[News] (07/2018) Joined CS@UC-Irvine as a tenure-track assistant professor!
[News] (06/2018) Please checkout my article in The Conversation about our recent work on software security in emerging smart traffic control!
[News] (03/2018) [News Coverage] Our NDSS'18 paper on next generation smart transportation systems security is receiving widespread news coverage: The Register, Trend Micro, Naked Security, Slashdot, Bleeping Computer, Smart Cities Dive, Boing Boing, PriusChat, ...
[News] (01/2018) Please check out the project webpage and the attack video demo for our NDSS'18 work! This website will keep documenting our research progress in Connected and Autonomous Vehicle Security.
[News] (01/2018) First time attending the Transportation Research Board annual meeting in D.C.! Got in touch with members in Connected Vehicle Pilot Program team in Tampa, FL and reported the problems discovered in our NDSS'18 paper.
[News] (11/2017) I gave a short talk on our recent work of emerging smart transportation system security in ACM FEAST workshop. The slides can be accessed here.
[News] (10/2017) Our paper on the first security analysis of the emerging Connected Vehicle (CV) based traffic signal control got into NDSS'18! We find that due to several newly-discovered vulnerabilties, even one single attack vehicle can greatly manipulate the intelligent traffic control algorithm, causing severe traffic jams.
[News] (10/2017) Our paper on analyzing the vulnerability of traffic signal operations under falsified data attacks got into TRB'18!
[News] (09/2017) Our position paper on developing systematic and automated protocol customization got into FEAST'17!
[News] (08/2017) Our paper on the first systematic study of client-side name collision vulnerability got into CCS'17! We find that the name collision problem broadly breaks common security assumptions in internal network services today, causing widespread vulnerability exposure.
[News] (06/2017) Our Euro S&P'17 are receiving widespread news coverage! Please checkout My TV interview at FOX news, and other coverage in Wired, TechRepublic, Bleeping Computer, and more!
[News] (03/2017) Our position paper on securing future appified autonoumous vehicle (AV) systems got into IEEE IV'17!
[News] (03/2017) I am awarded the prestigious Rackham Predoctoral Fellowship to support my security research in smart systems and IoT! Check out the news coverage here. Thanks, Rackham!
[News] (10/2016) Our paper on securing access control in emerging smart home IoT systems got into NDSS'17!
[News] (10/2016) Our paper on Android open port usage security got into Euro S&P'17!
[News] (07/2016) Our paper on analyzing on-device bufferbloat problem got into IMC'16!
[News] (02/2016) Our WPAD name collision attack paper got into S&P'16! This is a newly-exposed MitM attack vector in the new gTLD era, which can be exploited to launch MitM attack from anywhere on the Internet with only a domain name registration!
[News] (11/2015) Our paper on new Android UI deception attacks and defenses got into FC'16!
[News] (10/2015) Our Kratos paper on discovering inconsistent security policy enforcement in Android got into NDSS'16!
[News] (07/2015) Our PacketGuardian paper got into CCS'15'! Visit our website to see full details of packet injection vulnerabilities we found, covering TCP, RTP, and more!
----Packet injection vulnerability detection is one case of identifying attacker-controlled implicit information leaks, a new class of highly-exploitable implicit information leaks coined by this paper.
[News] (06/2015) Our VoLTE performance measurement & problem diagnosis paper got into Mobicom'15!
[News] (01/2015) New 90 sec lightning video for UI state inference attack at 2015 NSF Secure and Trustworthy Cyberspace PIs' Meeting (SaTCPI'15)!
[News] (09/07/2014) My UI state inference attack videos attracted more than 60,000 views on YouTube!
[News] (07/2014) Check out this 60 sec video to know about our UI state inference attack work in Usenix Security'14!
[News] (07/2014) Our QoE Doctor paper got into IMC'14!
[News] (06/2014) Our fine-grained & global-scale RRC state analysis paper got into Mobicom'14!
[News] (05/2014) I just passed the PhD qualification exam and now becomes a PhD candidate!
[News] (05/2014) Our UI state inference attack paper got into Usenix Security'14!