Yinzhi Cao's Publication

Yinzhi Cao's Publications

2018

Zhiheng Liu, Zhen Zhang, Yinzhi Cao, Zhaohan Xi, Shihao Jing, and Humberto La Roche, Towards a Secure Zero-rating Framework with Three Parties, in the Proceedings of USENIX Security Symposium , 2018 (100/524 = 19%, bib).

Xiang Pan, Yinzhi Cao, Xuechao Du, Boyuan He, Gan Fang, and Yan Chen, FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps, in the Proceedings of USENIX Security Symposium , 2018 (100/524 = 19%, bib).

Yinzhi Cao, Alexander Fangxiao Yu, Andrew Aday, Eric Stahl, Jon Merwine and Junfeng Yang, Efficient Repair of Polluted Machine Learning Systems via Causal Unlearning, in the Proceedings of ACM ASIA Conference on Computer & Communications Security (ASIACCS), 2018 (62/310 = 20%, bib).

2017

Kexin Pei, Yinzhi Cao, Junfeng Yang and Suman Jana, DeepXplore: Automated Whitebox Testing of Deep Learning Systems, in the Proceedings of the 26th ACM Symposium on Operating Systems Principles (SOSP), 2017 (39/232 = 16.8%, bib).

We won best paper award of ACM SOSP 2017 for the DeepXplore paper.

Yinzhi Cao, Zhanhao Chen, Song Li and Shujiang Wu, Deterministic Browser, in the Proceedings of The ACM Conference on Computer and Communications Security (CCS), 2017 (151/836 = 18%, bib).

Yinzhi Cao, Song Li, Erik Wijmans, (Cross-)Browser Fingerprinting via OS and Hardware Level Features, to appear in the Proc. of Network & Distributed System Security Symposium (NDSS), 2017 (68/423=16.1%).

demo

2016

Xiang Pan, Yinzhi Cao, Shuangping Liu, Yu Zhou, Yan Chen, and Tingzhe Zhou, CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-World Websites, in the Proc. of The ACM Conference on Computer and Communications Security (CCS), 2016 (137/837 = 16.4%, bib).

All the student authors finished the paper under my mentoring.
Demo for dynamic scripts

2015

Vaibhav Rastogi, Zhengyang Qu, Jedidiah McClurg, Yinzhi Cao, and Yan Chen, Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android, in the Proc. of 11th International Conference on Security and Privacy in Communication Networks (SecureComm), 2015 (30/108 = 27.8%, bib).

Yinzhi Cao, Xiang Pan and Yan Chen, SafePay: Protecting against Credit Card Forgery with Existing Magnetic Card Readers, in the IEEE Conference on Communications and Network Security (CNS), 2015 (48/171 = 28.1%, bib).

The research is featured by over 30 media outlets, such as NSF Science360 News, Yahoo! News, Lehigh News, ScienceDaily, Tech News Today, Times Today News, and The Economics Times. A detailed list can be found at the following link.
I was interviewed by CCTV America for SafePay, and the video was broadcasted on CCTV News (YouTube link).
SafePay is also featured in NSF Science Now Episode 38. (YouTube link, our story starts at 1'26''.)
We won the best paper award of IEEE CNS 2015 for the SafePay paper.

Yinzhi Cao and Junfeng Yang, Towards Making Systems Forget with Machine Unlearning, in the IEEE Symposium on Security and Privacy (Oakland), 2015 (55/407 = 13.5%, bib).

The research is featured by The Atlantic (translated to Chinese by almosthuman.cn and appeared in 163 and sohu news), EurekAlert, The Stack, KurzweilAI and ACM Tech News.

Boyuan He, Vaibhav Rastogi, Yinzhi Cao, Yan Chen, V.N. Venkatakrishnan, Runqing Yang and Zhenrui Zhang, Vetting SSL Usage in Applications with SSLINT, in the IEEE Symposium on Security and Privacy (Oakland), 2015 (55/407 = 13.5%, bib).

Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna and Yan Chen, EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework, in the Proc. of Network & Distributed System Security Symposium (NDSS), 2015 (50/313 = 15.9%, bib).

Data and source code are downloadable at this link.

Xiang Pan, Yinzhi Cao and Yan Chen, I Do Not Know What You Visited Last Summer: Protecting users from third-party web tracking with TrackingFree browser, in the Proc. of Network & Distributed System Security Symposium (NDSS), 2015 (50/313 = 15.9%, bib).

The first author finished the paper under my mentoring.

2014

Yinzhi Cao, Xiang Pan, Yan Chen and Jianwei Zhuge, JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks, in the the Proc. of Annual Computer Security Applications Conference (ACSAC), 2014 (47/236 = 19.9%, bib).

Presentation PowerPoint

Yinzhi Cao, Chao Yang, Vaibhav Rastogi, Yan Chen and Guofei Gu, Abusing Browser Address Bar for Fun and Profit - An Empirical Investigation of Add-on Cross Site Scripting Attacks, in the Proc. of 10th International Conference on Security and Privacy in Communication Networks (SecureComm), 2014 (bib).

Presentation PowerPoint

Yinzhi Cao, Yan Shoshitaishvili, Kevin Borgolte, Christopher Kruegel, Giovanni Vigna, and Yan Chen, Protecting Web-based Single Sign-on Protocols against Relying Party Impersonation Attacks through a Dedicated Bi-directional Authenticated Secure Channel, in the Proc. of International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2014 (22/113=19.5%, bib).

Presentation PowerPoint

Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna and Yan Chen, EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework, Technical Report TR-UCSB-2014-05, Department of Computer Science, UC Santa Barbara, July 2014.

Yinzhi Cao, Protecting Client Browsers with a Principal-based Approach, PhD thesis, Department of Electrical Engineering and Computer Science, Northwestern University, June 2014.

2013

Yinzhi Cao, Vaibhav Rastogi, Zhichun Li, Yan Chen, and Alex Moshchuk, Redefining Web Browser Principals with a Configurable Origin Policy, in the Proc. of The Annual IEEE/IFIP International Conference on Dependable Systems and Network - Dependable Computing and Communications Symposium (DSN - DCCS), 2013 (21/107=19.6%, bib).

Presentation PowerPoint

Xun Lu, Jianwei Zhuge , Ruoyu Wang, Yinzhi Cao, and Yan Chen, De-obfuscation and Detection of Malicious PDF Files with High Accuracy, in the Proc. of Hawaii International Conference on System Sciences (HICSS), 2013 ( bib).

Yao Zhao, Yinzhi Cao, Yan Chen, Ming Zhang, and Anup Goyal, Rake: Semantics Assisted Network-based Tracing Framework, in IEEE Trans. on Network and Service Management, Volume 10, Issue 1, 2013.

2012

Yinzhi Cao, Zhichun Li, Vaibhav Rastogi, Yan Chen, Xitao Wen, Virtual Browser: a Virtualized Browser to Sandbox Third-party JavaScripts with Enhanced Security , in the Proc. of ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2012 (35/159=22%, full paper, bib).

Presentation PowerPoint

Yinzhi Cao, Vinod Yegneswaran, Phil Porras, Yan Chen, PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks, in the Proc. of 19th Network & Distributed System Security Symposium (NDSS), 2012 (46/258=17.8%, bib).

Presentation PowerPoint

2011 and before

Yinzhi Cao, Vinod Yegneswaran, Phil Porras, Yan Chen, POSTER: A Path-cutting Approach to Blocking XSS Worms in Social Web Networks, poster paper in ACM CCS 2011,

Yao Zhao, Yinzhi Cao, Anup Goyal, Yan Chen, and Ming Zhang, Rake: Semantics Assisted Network-based Tracing Framework, in the Proc. of IEEE/ACM International Symposium on Quality of Service (IWQoS), 2011 (23/80=28.8%).

Presentation Powerpoint Presented by Me.

Zhichun Li, Yi Tang, Yinzhi Cao, Vaibhav Rastogi, Yan Chen, Bin Liu, Clint Sbisa, WebShield: Enabling Various Web Defense Techniques without Client Side Modifications, in the Proc. of 18th Network & Distributed System Security Symposium (NDSS), 2011 (28/139=20%, bib).

Presentation PowerPoint

Yinzhi Cao, Zhichun Li, Vaibhav Rastogi, Yan Chen, Virtual Browser: a Web-Level Sandbox to Protect Third-Party JavaScript without Sacricing Functionality, poster paper in the Proc. of ACM CCS 2010,