Yinzhi Cao's Publications

2017

Yinzhi Cao, Song Li, Erik Wijmans, (Cross-)Browser Fingerprinting via OS and Hardware Level Features, to appear in the Proc. of Network & Distributed System Security Symposium (NDSS), 2017 (68/423=16.1%).

demo

2016

  • Xiang Pan, Yinzhi Cao, Shuangping Liu, Yu Zhou, Yan Chen, and Tingzhe Zhou, CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-World Websites, in the Proc. of The ACM Conference on Computer and Communications Security (CCS), 2016 (137/837 = 16.4%, bib).

    All the student authors finished the paper under my mentoring.
    Demo for dynamic scripts

  • 2015

  • Vaibhav Rastogi, Zhengyang Qu, Jedidiah McClurg, Yinzhi Cao, and Yan Chen, Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android, in the Proc. of 11th International Conference on Security and Privacy in Communication Networks (SecureComm), 2015 (30/108 = 27.8%, bib).


  • Yinzhi Cao, Xiang Pan and Yan Chen, SafePay: Protecting against Credit Card Forgery with Existing Magnetic Card Readers, in the IEEE Conference on Communications and Network Security (CNS), 2015 (48/171 = 28.1%, bib).

    The research is featured by over 30 media outlets, such as NSF Science360 News, Yahoo! News, Lehigh News, ScienceDaily, Tech News Today, Times Today News, and The Economics Times. A detailed list can be found at the following link.
    I was interviewed by CCTV America for SafePay, and the video was broadcasted on CCTV News (YouTube link).
    SafePay is also featured in NSF Science Now Episode 38. (YouTube link, our story starts at 1'26''.)
    We won the best paper award of IEEE CNS 2015 for the SafePay paper.

  • Yinzhi Cao and Junfeng Yang, Towards Making Systems Forget with Machine Unlearning, in the IEEE Symposium on Security and Privacy (Oakland), 2015 (55/407 = 13.5%, bib).

    The research is featured by The Atlantic (translated to Chinese by almosthuman.cn and appeared in 163 and sohu news), EurekAlert, The Stack, KurzweilAI and ACM Tech News.

  • Boyuan He, Vaibhav Rastogi, Yinzhi Cao, Yan Chen, V.N. Venkatakrishnan, Runqing Yang and Zhenrui Zhang, Vetting SSL Usage in Applications with SSLINT, in the IEEE Symposium on Security and Privacy (Oakland), 2015 (55/407 = 13.5%, bib).


  • Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna and Yan Chen, EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework, in the Proc. of Network & Distributed System Security Symposium (NDSS), 2015 (50/313 = 15.9%, bib).

    Data and source code are downloadable at this link.

  • Xiang Pan, Yinzhi Cao and Yan Chen, I Do Not Know What You Visited Last Summer: Protecting users from third-party web tracking with TrackingFree browser, in the Proc. of Network & Distributed System Security Symposium (NDSS), 2015 (50/313 = 15.9%, bib).

    The first author finished the paper under my mentoring.

  • 2014

  • Yinzhi Cao, Xiang Pan, Yan Chen and Jianwei Zhuge, JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks, in the the Proc. of Annual Computer Security Applications Conference (ACSAC), 2014 (47/236 = 19.9%, bib).
    Presentation PowerPoint

  • Yinzhi Cao, Chao Yang, Vaibhav Rastogi, Yan Chen and Guofei Gu, Abusing Browser Address Bar for Fun and Profit - An Empirical Investigation of Add-on Cross Site Scripting Attacks, in the Proc. of 10th International Conference on Security and Privacy in Communication Networks (SecureComm), 2014 (bib).
    Presentation PowerPoint

  • Yinzhi Cao, Yan Shoshitaishvili, Kevin Borgolte, Christopher Kruegel, Giovanni Vigna, and Yan Chen, Protecting Web-based Single Sign-on Protocols against Relying Party Impersonation Attacks through a Dedicated Bi-directional Authenticated Secure Channel, in the Proc. of International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2014 (22/113=19.5%, bib).
    Presentation PowerPoint

  • Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna and Yan Chen, EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework, Technical Report TR-UCSB-2014-05, Department of Computer Science, UC Santa Barbara, July 2014.

  • Yinzhi Cao, Protecting Client Browsers with a Principal-based Approach, PhD thesis, Department of Electrical Engineering and Computer Science, Northwestern University, June 2014.

  • 2013

  • Yinzhi Cao, Vaibhav Rastogi, Zhichun Li, Yan Chen, and Alex Moshchuk, Redefining Web Browser Principals with a Configurable Origin Policy, in the Proc. of The Annual IEEE/IFIP International Conference on Dependable Systems and Network - Dependable Computing and Communications Symposium (DSN - DCCS), 2013 (21/107=19.6%, bib).
    Presentation PowerPoint

  • Xun Lu, Jianwei Zhuge , Ruoyu Wang, Yinzhi Cao, and Yan Chen, De-obfuscation and Detection of Malicious PDF Files with High Accuracy, in the Proc. of Hawaii International Conference on System Sciences (HICSS), 2013 ( bib).

  • Yao Zhao, Yinzhi Cao, Yan Chen, Ming Zhang, and Anup Goyal, Rake: Semantics Assisted Network-based Tracing Framework, in IEEE Trans. on Network and Service Management, Volume 10, Issue 1, 2013.

  • 2012

  • Yinzhi Cao, Zhichun Li, Vaibhav Rastogi, Yan Chen, Xitao Wen, Virtual Browser: a Virtualized Browser to Sandbox Third-party JavaScripts with Enhanced Security , in the Proc. of ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2012 (35/159=22%, full paper, bib).
    Presentation PowerPoint

  • Yinzhi Cao, Vinod Yegneswaran, Phil Porras, Yan Chen, PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks, in the Proc. of 19th Network & Distributed System Security Symposium (NDSS), 2012 (46/258=17.8%, bib).
    Presentation PowerPoint
  • 2011 and before


  • Yinzhi Cao, Vinod Yegneswaran, Phil Porras, Yan Chen, POSTER: A Path-cutting Approach to Blocking XSS Worms in Social Web Networks, poster paper in ACM CCS 2011,

  • Yao Zhao, Yinzhi Cao, Anup Goyal, Yan Chen, and Ming Zhang, Rake: Semantics Assisted Network-based Tracing Framework, in the Proc. of IEEE/ACM International Symposium on Quality of Service (IWQoS), 2011 (23/80=28.8%).
    Presentation Powerpoint Presented by Me.

  • Zhichun Li, Yi Tang, Yinzhi Cao, Vaibhav Rastogi, Yan Chen, Bin Liu, Clint Sbisa, WebShield: Enabling Various Web Defense Techniques without Client Side Modifications, in the Proc. of 18th Network & Distributed System Security Symposium (NDSS), 2011 (28/139=20%, bib).
    Presentation PowerPoint

  • Yinzhi Cao, Zhichun Li, Vaibhav Rastogi, Yan Chen, Virtual Browser: a Web-Level Sandbox to Protect Third-Party JavaScript without Sacricing Functionality, poster paper in the Proc. of ACM CCS 2010,