Publications
Refereed Conference Publications
- Rui Wang, Yuchen Zhou, Shuo Chen, Shaz Qadeer, David Evans, and Yuri Gurevich, Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization, no. MSR-TR-2013-37, 19 March 2013
- Luyi Xing, Yangyi Chen, XiaoFeng Wang, and Shuo Chen, InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations, in Network & Distributed System Security Symposium (NDSS), February 2013
- Rui Wang, Shuo Chen, and XiaoFeng Wang, Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services, in Proceedings of the IEEE Symposium on Security and Privacy (Oakland), IEEE Computer Society, May 2012
- Rui Wang, Shuo Chen, XiaoFeng Wang, and Shaz Qadeer, How to Shop for Free Online – Security Analysis of Cashier-as-a-Service Based Web Stores, in Proceedings of the IEEE Symposium on Security and Privacy (Oakland) (Best Practical Paper award), IEEE Computer Society, May 2011
- Kehuan Zhang, Zhou Li, Rui Wang, XiaoFeng Wang, and Shuo Chen, Sidebuster: Automated Detection and Quantification of Side-Channel Leaks in Web Application Development, in Proceedings of the ACM Conference on Computer and Communications Security (CCS), Association for Computing Machinery, Inc., October 2010
- George Danezis, Tuomas Aura, Shuo Chen, and Emre Kıcıman, How to share your favourite search results while preserving privacy and quality, in Privacy Enhancing Technologies Symposium, Springer, 21 July 2010
- Shuo Chen, Rui Wang, XiaoFeng Wang, and Kehuan Zhang, Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow, in Proceedings of the IEEE Symposium on Security and Privacy (Oakland), IEEE Computer Society, May 2010
- Shuo Chen, Hong Chen, and Manuel Caballero, Residue Objects: A Challenge to Web Browser Security, in Proceedings of EuroSys, Association for Computing Machinery, Inc., April 2010
- Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang, Pretty-Bad-Proxy: An Overlooked Adversary in Browsers’ HTTPS Deployments, in Proceedings of the IEEE Symposium on Security and Privacy (Oakland), IEEE Computer Society, May 2009
- Shuo Chen, David Ross, and Yi-Min Wang, An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent Defense Mechanism, in Proceedings of the ACM Conference on Computer and Communications Security (CCS), Association for Computing Machinery, Inc., 31 October 2007
- Jose Brustoloni and Shuo Chen, Automatically Segregating Greedy and Malicious Internet Flows, in Proceedings of IEEE International Conference on Communications, IEEE Computer Society, June 2007
- Shuo Chen, Jose Meseguer, Ralf Sasse, Helen J. Wang, and Yi-Min Wang, A Systematic Approach to Uncover Security Flaws in GUI Logic, in Proceedings of the IEEE Symposium on Security and Privacy (Oakland), IEEE Computer Society, May 2007
- Yi-Min Wang, Doug Beck, Xuxian Jiang, Roussi Roussev, Chad Verbowski, Shuo Chen, and Sam King, Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities, in Proceedings of Network and Distributed System Security (NDSS) Symposium, Internet Society, February 2006
- Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer, Non-Control-Data Attacks Are Realistic Threats, in Proceedings of USENIX Security Symposium, USENIX, August 2005
- Shuo Chen, Jun Xu, Nithin Nakka, Zbigniew Kalbarczyk, and Ravishankar K. Iyer, Defeating Memory Corruption Attacks via Pointer Taintedness Detection, in Proceedings of IEEE International Conference on Dependable Systems and Networks , IEEE Computer Society, June 2005
Related reading:
-
Asia Slowinska and Herbert Bos, "Pointless tainting? Evaluating the practicality of pointer tainting," EUROSYS 2009.
- Michael Dalton, Hari Kannan and Christos Kozyrakis, "Tainting is Not Pointless," ACM SIGOPS Operating Systems Review vol. 44, no 2, April 2010.
- Asia Slowinska and Herbert Bos, "Pointer tainting still pointless (but we all see the point of tainting)," ACM SIGOPS Operating Systems Review, 44(3), July 2010
- My brief note, October 2010.
- Shuo Chen, John Dunagan, Chad Verbowski, and Yi-Min Wang, A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities, in Proceedings of Network and Distributed System Security Symposium (NDSS), Internet Society, February 2005
- Shuo Chen, Karthik Pattabiraman, Zbigniew Kalbarczyk, and Ravishankar K. Iyer, Formal Reasoning of Various Categories of Widely Exploited Security Vulnerabilities Using Pointer Taintedness Semantics, in Proceedings of IFIP International Information Security Conference , August 2004
- Shuo Chen, Zbigniew Kalbarczyk, Jun Xu, and Ravishankar K. Iyer, A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities, in IEEE International Conference on Dependable Systems and Networks , IEEE Computer Society, June 2003
- Shuo Chen, Jun Xu, Ravishankar K. Iyer, and Keith Whisnant, Modeling and Analyzing the Security Threat of Firewall Data Corruption Caused by Instruction Transient Errors, in IEEE International Conference on Dependable Systems and Networks , IEEE Computer Society, June 2002
- Jun Xu, Shuo Chen, Zbigniew Kalbarczyk, and Ravishankar K. Iyer, An Experimental Study of Security Vulnerabilities Caused by Errors, in IEEE International Conference on Dependable Systems and Networks, IEEE Computer Society, July 2001
Journal Publications
- Shuo Chen, Jun Xu, Zbigniew Kalbarczyk, and Ravishankar K. Iyer, Security Vulnerabilities: From Analysis to Detection and Masking Techniques (invited paper), in Proceedings of the IEEE, February 2006
- Shuo Chen, Jun Xu, Zbigniew Kalbarczyk, and Ravishankar K. Iyer, Modeling and Evaluating the Security Threats of Transient Errors in Firewall Software, in Performance Evaluation, Elsevier , March 2004
Ph.D. Dissertation
- Shuo Chen, Design for Security: Measurement, Analysis and Mitigation Techniques, December 2005
See my co-authors
