- Signing Me onto Your Accounts
through Facebook and Google: A Traffic-Guided Security Study of
Commercially Deployed Single-Sign-On Web Services, Microsoft Research
CoolTalk, May 10th, 2012
and privacy implications of the multi-component nature of
Security Seminar, Stanford, CA, April 4th, 2011. Also
given in MSR Silicon Valley Lab (video),
April 5th, 2011.
in Web Applications: A Reality Today, A Challenge Tomorrow, IEEE
Symposium on Security and Privacy, Oakland, CA, May 17th, 2010
Objects: A Challenge to Web Browser Security, ACM EuroSys,
Paris, France, April 15th, 2010 (demo)
- Pretty-Bad-Proxy: An Overlooked
Adversary in Browsers HTTPS Deployments, IEEE Symposium on Security
and Privacy, Oakland, CA, May 20th, 2009. (demo)
the Challenges in Browser Logic Correctness, Stanford
Security Seminar, Stanford, CA, March 13th, 2008.
- An Analysis of Browser Domain-Isolation
Bugs and A Light-Weight Transparent Defense Mechanism, ACM Conference
on Computer and Communications Security, Alexandria, VA, Oct 30th,
- A Systematic Approach to Uncover
Security Flaws in GUI Logic, IEEE Symposium on Security and Privacy,
Oakland, CA, May 21st, 2007. (demo)
- Browser Security: A New Research
Territory, CS seminars in Purdue University and University of
Illinois at Urbana-Champaign, April, 2007
- Non-Control-Data Attacks Are
Realistic Threats, USENIX Security Symposium, Baltimore, MD,
Aug. 4th, 2005.
- Enhancing Security of Real-World
Systems with a Better Understanding of Threats, (video)
job interview talk, Microsoft Research, Redmond, WA, 3/14/2005.
- A Black-Box Tracing Technique to
Identify Causes of Least-Privilege Incompatibilities. Network and
Distributed System Security Symposium (NDSS), San Diego, CA,
Feb. 4, 2005.
- "Formal Reasoning of Security
Vulnerabilities by Pointer Taintedness
Semantics". Given in Computer Engineering Seminar, Coordinated
Science Lab, UIUC, 10/12/2004.
- "A Finite State Machine
Methodology for Analyzing Security Vulnerabilities". Given in
IEEE International Conference on Dependable Systems and Networks, San
Francisco, June, 2003.
- "Secure Detection and Isolation of
TCP-unfriendly Flows" (Summer Project in Bell Labs). Given in the
Data Network Research Center, Bell Laboratories, Holmdel, New Jersey,
- "Evaluating the Security Threat of
Instruction Corruptions in Firewalls". Given in IEEE
International Conference on Dependable Systems and Networks, Washington D.C., June, 2002.
for Windows" (Summer Project in Avaya Labs). Given in the Network
Software Research Department, Avaya Labs, Basking Ridge, New Jersey, August,
1. How to Shop for
Free Online Security Analysis of Cashier-as-a-Service Based Web Stores,
presented by Rui Wang at IEEE Symposium on Security and Privacy, Oakland, CA,
May 25th, 2011
2. Defeating Memory Corruption
Attacks via Pointer Taintedness Detection,
presented by Jun Xu at IEEE International Conference on Dependable Systems and
Networks, Yokohama, Japan, June 30, 2005