Selected Publications
  • [USENIX Security 24] Yunlong Xing, Shu Wang, Shiyu Sun, Xu He, Kun Sun and Qi Li. "What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual Check". To appear in 33rd USENIX Security Symposium (USENIX Security'24), Philadelphia, PA, August 14–16, 2024.
  • [USENIX Security 24] Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, and Ning Zhang. "Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities". To appear in 33rd USENIX Security Symposium (USENIX Security'24), Philadelphia, PA, August 14–16, 2024.
  • [NDSS24] Shiqing Luo, Anh Nguyen, Hafsa Farooq, Kun Sun, and Zhisheng Yan. "Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
  • [NDSS24] Yue Xiao, Yi He, Xiaoli Zhang, Qian Wang, Renjie Xie, Kun Sun, Ke Xu, and Qi Li. "From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
  • [NDSS24] Shu Wang, Kun Sun, and Qi Li. "Compensating Removed Frequency Components: Thwarting Voice Spectrum Reduction Attacks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
  • [NDSS24] Yuxiang Yang, Xuewei Feng, Qi Li, Kun Sun, Ziqiang Wang, and Ke Xu . "Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
  • [NDSS24] Yuqi Qing, Qilei Yin, Xinhao Deng, Yihao Chen, Zhuotao Liu, Kun Sun, Ke Xu, Jia Zhang, and Qi Li. "RAPIER: A Robust Framework for Detecting Encrypted Malicious Network Traffic with Low-Quality Training Data". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
  • [ICSME23] Shiyu Sun, Shu Wang, Xinda Wang, Yunlong Xing, Elisa Zhang and Kun Sun, ”Exploring Security Commits in Python”. To appear in the 39th IEEE International Conference on Software Maintenance and Evolution (ICSME), Bogota, Colombia, October 1-6, 2023.
  • [USENIX Security23] Yi He, Roland Guo, Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, and Qi Li. "Cross Container Attacks: The Bewildered eBPF on Clouds". To appear in 32nd USENIX Security Symposium (USENIX Security'23), August 9–11, 2023, ANAHEIM, CA, USA.
  • [USENIX Security23] Renjie Xie, Jiahao Cao, Enhuan Dong, Mingwei Xu, Kun Sun, Qi Li, Licheng Shen, and Menghao Zhang. "Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation". To appear in 32rd USENIX Security Symposium (USENIX Security'23), August 9–11, 2023, ANAHEIM, CA, USA.
  • [S&P23] Shu Wang, Xinda Wang, Kun Sun, Sushil Jajodia, Haining Wang, and Qi Li. "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, May 22-26, 2023. [pdf][web link]
  • [S&P23] Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, and Ke Xu. "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, MAY 22-26, 2023. [pdf][web link]
  • [CCS22] Guannan Liu, Daiping Liu, Shuai Hao, Xing Gao, Kun Sun, and Haining Wang. "Ready Raider One: Exploring the Misuse of Cloud Gaming Services." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Los Angeles, CA, November 7-11, 2022. [pdf]
  • [RAID22] Xu He, Shu Wang, Yunlong Xing, Pengbin Feng, Haining Wang, Qi Li, Songqing Chen, and Kun Sun. "BinProv: Binary Code Provenance Identification without Disassembly". To appear in the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022), Limassol, Cyprus on 26-28 October, 2022. [pdf]
  • [USENIX Security22] Xuewei Feng, Qi Li, Kun Sun, Zhiyun Qian, Chuanpu Fu, Gang Zhao, Xiaohui Kuang, and Ke Xu. "Off-Path Network Traffic Manipulation via Revitalizing ICMP Redirect Attacks". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf]
  • [USENIX Security22] Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. "RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices". To appear in 31st USENIX Security Symposium (USENIX Security), BOSTON, MA, USA, August 10-12, 2022. [pdf
  • [USENIX Security22] Guannan Liu, Xing Gao, Haining Wang, and Kun Sun. "Exploring the Unchartered Space of Container Registry Typosquatting". To appear in 31st USENIX Security Symposium (USENIX Security), BOSTON, MA, USA, August 10-12, 2022. [pdf]
  • [NDSS22] Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, and Zhiyun Qian. "PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 27- March 3, 2022. [pdf]
  • [WWW22] Xin Tan, Yuan Zhang, Jiajun Cao, Kun Sun, Mi Zhang and Min Yang. "Understanding the Practice of Security Patch Management across Multiple Branches in OSS Projects". To appear in the Proceedings of 31st ACM Web Conference (WWW), Virtual Event, Lyon, France, April 25–29, 2022. [pdf]
  • [ACSAC21] Qiyang Song, Jiahao Cao, Kun Sun, Qi Li, and Ke Xu. "Try before You Buy: Privacy-preserving Data Evaluation on Cloud-based Machine Learning Data Marketplace." To appear in the Annual Computer Security Applications Conference (ACSAC), Austin, Texas, USA, December 6-10, 2021. [pdf]  
  • [CCS21] Jiaming Mu, Binghui Wang, Qi Li, Kun Sun, Mingwei Xu, and Zhuotao Liu. "A Hard Label Black-box Adversarial Attack Against Graph Neural Networks." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
  • [CCS21] Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, and Min Yang. "Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
  • [DSN21] Xinda Wang, Shu Wang, Pengbin Feng, Kun Sun, and Sushil Jajodia. "PatchDB: A Large-Scale Security Patch Dataset". To appear in the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN), Taibei, Taiwan, June 21-24, 2021. (Acceptance ratio: 16.3%=48/295) [pdf]
  • [INFOCOM21] Fengting Li, Xuankai Liu, Xiaoli Zhang, Qi Li, Kun Sun, and Kang Li. "Detecting Localized Adversarial Examples: A Generic Approach using Critical Region Analysis". To appear in the IEEE International Conference on Computer Communications (INFOCOM) 10-13 May 2021. Virtual Conference. [pdf]
  • [ASIACCS21] Zeyu Zhang, Xiaoli Zhang, Qi Li, Kun Sun, Yinqian Zhang, SongSong Liu, Yukun Liu, and Xiaoning Li. "See through Walls: Detecting Malware in SGX Enclaves with SGX-Bouncer". To appear in The ACM Asia Conference on Computer and Communications Security (ASIACCS), Hong Kong, China, June 7-11, 2021. (Acceptance ratio: 18.47%=29/157) [pdf]
  • [SenSys20] Jie Wang, Yuewu Wang, Lingguang Lei, Kun Sun, Jiwu Jing, and Quan Zhou. "TrustICT: An Efficient Trusted Interaction Interface between Isolated Execution Domains on ARM Multi-core Processor". To appear in the Proceedings of the 18th Conference on Embedded Networked Sensor Systems (SenSys) November 2020. [pdf]
  • [ACSAC20] Shengye Wan, Mingshen Sun, Kun Sun, Ning Zhang, and Xu He. "RusTEE: Developing Memory-Safe ARM TrustZone Applications". To appear in Annual Computer Security Applications Conference (ACSAC), Austin, Texas, USA, December 7-11, 2020. [pdf]
  • [CCS20] Jie Wang, Kun Sun, Lingguang Lei, Shengye Wan, Yuewu Wang, and Jiwu Jing. "Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
  • [CCS20] Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu. "Off-Path TCP Exploits of the Mixed IPID Assignment". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
  • [CCS20] Shu Wang, Jiahao Cao, Xu He, Kun Sun, and Qi Li. "When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
  • [RAID20] Shu Wang, Jiahao Cao, Kun Sun, and Qi Li. "SIEVE: Secure In-Vehicle Automatic Speech Recognition Systems". To appear in the 23nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Donostia/San Sebastian, Spain on October 14-16, 2020. (Acceptance ratio: 24.79%=31/121) [pdf]
  • [NDSS20] Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, and Mingwei Xu. "When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23-26, 2020. [pdf]
  • [RAID19] Jiahao Cao, Zijie Yang, Kun Sun, Qi Li, Mingwei Xu, and Peiyi Han. "Fingerprinting SDN Applications via Encrypted Control Traffic." To appear in the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Beijing, China, September 23-25, 2019. (Acceptance ratio: 22.28%=37/166) [pdf]
  • [DSN19] Shengye Wan, Jianhua Sun, Kun Sun, Ning Zhang, and Qi Li. "SATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors". To appear in the 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, Oregon, June 24-27, 2019. (Acceptance ratio: 21.40%=54/252) [pdf]
  • [DSN19] Xinda Wang, Kun Sun, Archer Batcheller, and Sushil Jajodia. "Detecting “0-Day” Vulnerability: An Empirical Study of Secret Security Patch in OSS (short paper)". To appear in the 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, Oregon, June 24-27, 2019. (Acceptance ratio: 21.40%=54/252) [pdf]
  • [USENIX Security19] Jiahao Cao, Qi Li, Renjie Xie, Kun Sun, Guofei Gu, Mingwei Xu, and Yuan Yang. "The CrossPath Attack: Disrupting the SDN Control Channel via Shared Links". To appear 28th USENIX Security Symposium (USENIX Security), Santa Clara, CA, August 14-16, 2019. (The first round acceptance ratio: 9.8%=25/254) [pdf]
  • [ACSAC18] Xin Lin, Yuewu Wang, Lingguang Lei, Jiwu Jing, Kun Sun, and Quan Zhou. "A Measurement Study on Linux Container Security: Attacks and Countermeasures". To appear in 2018 Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, December 3-7, 2018. (Acceptance ratio: 20.1%=60/299) [pdf]
  • [ICDCS18] Kyle Wallace, Gang Zhou and Kun Sun. "CADET: Investigating a Collaborative and Distributed Entropy Transfer Protocol". To appear in the 38th IEEE International Conference on Distributed Computing Systems (ICDCS), July 2 – 5, 2018, Vienna, Austria. (Acceptance ratio: 20%=78/378) [pdf]
  • [INFOCOM18] Ning Zhang, Kun Sun, Deborah Shands, Wenjing Lou, and Thomas Hou. "TruSense: Information Leakage from TrustZone."To appear in IEEE International Conference on Computer Communications (INFOCOM), Honolulu, HI, April 15-19, 2018. (Acceptance ratio: 19.2%=309/1,606) [pdf]
  • [INFOCOM18] Yue Li, Haining Wang, and Kun Sun. "Email as a Master Key: Analyzing Account Recovery in the Wild." To appear in IEEE International Conference on Computer Communications (INFOCOM), Honolulu, HI, April 15-19, 2018. (Acceptance ratio: 19.2%=309/1,606) [pdf]
  • [CCS] Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, and Jian Weng. "Vulnerable Implicit Service: A Revisit". To appear in the 24nd ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, October 30-November 3, 2017. (Acceptance ratio: 18%=151/836) [pdf]
  • [SECURECOMM] Jiahao Cao, Mingwei Xu, Qi Li, Kun Sun, Yuan Yang and Jing Zheng. “Disrupting SDN via the Data Plane: A Low-Rate Flow Table Overflow Attack”. To appear in the International Conference on Security and Privacy in Communication Networks (SECURECOMM), Niagara Falls, CANADA, October 22–25, 2017. (Acceptance ratio (full paper): 29.5%=31/105) [pdf] (Best Paper Award)
  • [CNS17] Jianhua Sun, Kun Sun, and Qi Li. “CyberMoat: Camouflaging Critical Server Infrastructures with Large Scale Decoy Farms”. To appear in IEEE Conference on Communications and Network Security (CNS), Las Vegas, NV, October 9-11, 2017.(Acceptance ratio: 29.99%=41/137) [pdf]
  • [DIMVA17] Lingguang Lei, Jianhua Sun, Kun Sun, Chris Shenefiel, Rui Ma, Yuewu Wang, and Qi L,. "SPEAKER: Split-Phase Execution of Application Containers. " To appear in the 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Bonn, Germany, July 6-7. 2017. (Acceptance ratio: 26.86%=18/67) [pdf]
  • [DSN17] Yacong Gu, Kun Sun, Purui Su, Qi Li, Yemian Lu, Lingyun Ying, and Denguo Feng. "JGRE: An Analysis of JNI Global Reference Exhaustion Vulnerabilities in Android." To appear in the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO, June 26-29, 2017. (Acceptance ratio: 22.27%=49/220) [pdf]
  • [ICDCS16] Luren Wang, Yue Li, and Kun Sun. "Amnesia: A Bilateral Generative Password Manager." To appear in the 36th IEEE International Conference on Distributed Computing Systems (ICDCS), Nara, Japan, June 27-30, 2016. (Acceptance ratio: 17.62%=68/386) [pdf]
  • [S&P16] Ning Zhang, Kun Sun, Wenjing Lou, and Tom Hou. "CaSE: Cache-Assisted Secure Execution on ARM Processors." To appear in the 37th IEEE Symposium on Security and Privacy (S&P), SAN JOSE, CA, MAY 23-25, 2016. (Acceptance ratio: 13.75%=55/400) [pdf]
  • [ASIACCS16] Chong Guan, Kun Sun, Zhan Wang and Wen Tao Zhu. "Privacy Breach by Exploiting postMessage in HTML5: Identification, Evaluation, and Countermeasure." To appear in the 11th ACM Symposium on Information, Compute rand Communications Security (ASIACCS), Xi'an, China, May 30 - June 3, 2016. (Acceptance ratio: 20.9%=73/350 (full paper)) [pdf]
  • [INFOCOM16] Yue Li, Haining Wang, and Kun Sun. "A Study of Personal Information in Human-chosen Passwords and Its Security Implications." To appear in IEEE International Conference on Computer Communications (INFOCOM), San Francisco, CA, April 10-15, 2016. (Acceptance ratio: 18.25%=300/1,644) [pdf]
  • [INFOCOM16] Jianhua Sun and Kun Sun. "DESIR: Decoy-Enhanced Seamless IP Randomization." To appear in IEEE International Conference on Computer Communications (INFOCOM), San Francisco, CA, April 10-15, 2016. (Acceptance ratio: 18.25%=300/1,644) [pdf]
  • [EuroS&P16] Ning Zhang, He Sun, Kun Sun, Wenjing Lou, and Thomas Hou. "CacheKit: Evading Memory Introspection Using Cache Incoherence". To appear in the 1st IEEE European Symposium on Security and Privacy (EuroS&P), Saarbrücken, GERMANY, on March 21-24, 2016. (Acceptance ratio: 17.26%=29/168) [pdf]
  • [CCS15] He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing. "TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens". In the 22nd ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, October 12-16, 2015. (Acceptance ratio: 19.81%=128/646) [pdf]
  • [DSN15] He Sun, Kun Sun, Yuewu Wang, Jiwu Jing, and Haining Wang, "TrustICE: Hardware-assisted Isolated Computing Environments on Mobile Devices". In the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Rio de Janeiro, Brazil, June 22-25, 2015. (Acceptance ratio: 21.83%=50/229) [pdf]
  • [S&P15] Fengwei Zhang, Kevin Leach, Angelos Stavrou, HainingWang, and Kun Sun, "Using Hardware Features for Increased Debugging Transparency". In the 36th IEEE Symposium on Security and Privacy (S&P), Fairmont, San Jose, CA, May 18-20, 2015. (Acceptance ratio:13.51%=55/407) [pdf]
  • [ASIACCS15] Ning Zhang, Kun Sun,Wenjing Lou, Y. Thomas Hou and Sushil Jajodia. "Now You SeeMe: Hide and Seek in Physical Address Space". In the 10th ACM Symposium on Information, Compute rand Communications Security (ASIACCS), Singapore, April 14-17, 2015. (Acceptance ratio: 17.84%=48/269 (full paper)) [pdf]
  • [NDSS15] Xueqiang Wang, Kun Sun, Yuewu Wang, and Jiwu Jing, "DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices". In the 22nd Annual Network & Distributed System Security Symposium (NDSS), San Diego, California, February 2015. (Acceptance ratio: 16.88%=51/302) [pdf]
  • [ESORICS14] He Sun, Kun Sun, Yuewu Wang, Jiwi Jing, and Sushil Jajodia. "TrustDump: Reliable memory acquisition on smartphones" Proc. 18th European Symp. on Research in Computer Security (ESORICS), Springer Lecture Notes in Computer Science, Wroclaw, Poland, September 7-11, 2014. (Acceptance ratio: 24.78%=58/234) [pdf]
  • [ASIACCS14] Xingjie Yu, Zhan Wang, Kun Sun, Wen Tao Zhu, Neng Gao and Jiwu Jing, "Remotely Wiping Sensitive Data on Stolen Smartphones". In the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Kyoto, Japan, June 4-6, 2014. (Acceptance ratio: 19.60%=50/255 (short paper)) [pdf]
  • [DSN13] Fengwei Zhang, Kevin Leach, Kun Sun, and Angelos Stavrou, "Spectre: A Dependable Introspection Framework via System Management Mode". In the 43nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Budapest, June 2013. (Acceptance ratio: 20.90%=46/220) [pdf]
  • [DSN12] Jiang Wang, Kun Sun, and Angelos Stavrou, "A Dependability Analysis of Hardware-Assisted Polling Integrity Checking Systems". In the Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Boston, Massachusetts, June, 2012. (Acceptance ratio: 21.61%=51/236) [pdf]
  • [NDSS12] Kun Sun, Jiang Wang, Fengwei Zhang, and Angelos Stavrou, "SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes". In the Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS), San Diego, California, 5-8 February 2012. (Acceptance ratio: 17.82%=46/258) [pdf]
  • [CCS06] Kun Sun, Peng Ning, Cliff Wang, An Liu, and Yuzheng Zhou, "TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks". In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, November 2006. (Acceptance ratio: 14.84%=38/256) [pdf]
  • [ACSAC06] Kun Sun, Pai Peng, Peng Ning, Cliff Wang, "Secure Distributed Cluster Formation in Wireless Sensor Networks". In The 22nd Annual Computer Security Applications Conference (ACSAC),Miami Beach, FL, December 2006. (Acceptance ratio: 30.30%=40/132) [pdf]
  • [IAW03] Peng Ning, Kun Sun, "How to Misuse AODV: A Case Study of Insider Attacks against Mobile Ad-hoc Routing Protocols". The 4th Annual IEEE Information Assurance Workshop, pages 60-67, West Point, June 2003. (Best Paper Award) [pdf]
  • [CCS03] Donggang Liu, Peng Ning, Kun Sun, "Efficient Self-Healing Group Key Distribution with Revocation Capability". The 10th ACM Conference on Computer and Communications Security (CCS), pages 231-240, Washington D.C., October 2003. (Acceptance ratio: 13.83%=35/253) [pdf]
sic