Publications

Pinji Chen, Jianjun Chen, Mingming Zhang, Qi Wang, Yiming Zhang, Mingwei Xu, Haixin Duan (2024). Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange. In NDSS 2025. San Diego, California, 24 February – 28 February, 2025. To appear.

Yunyi Zhang, Mingming Zhang, Baojun Liu, Zhan Liu, Jia Zhang, Haixin Duan, Min Zhang, Fan Shi, Chengxi Xu (2024). Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure. In Usenix Security ‘23. Philadelphia, PA, USA, August 14-16, 2024. (Acceptance rate: 417/2276=18.32%).
* Presented in OARC 43 by Yunyi Zhang.

PDF Slides

Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li (2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P 2024. San Francisco, California, May 20–23, 2024. (Acceptance rate: 261/1,466=17.8%).

PDF Poster Slides Source Document

Chuhan Wang, YASUHIRO KURANAGA, Yihang Wang, Mingming Zhang, Linkai Zheng, lixiang, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan (2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan, Qi Li (2023). Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In NDSS ‘23. San Diego, California, 27 February – 3 March, 2023. (Acceptance rate: 94/581=16.2%).
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.

PDF Code Project Slides DOI

Mingming Zhang, Xiang Li, Baojun Liu, Jianyu Lu, Yiming Zhang, Jianjun Chen, Haixin Duan, Shuang Hao, Xiaofeng Zheng (2022). Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. In SIGMETRICS ‘23. Orlando, Florida, June 19-23, 2023. (Acceptance rate: 55/342=16.1%, Acceptance rate in summer: 17/93=18.3%, Acceptance rate in fall: 26/119=21.9%, Acceptance rate in winter: 12/130=9.2%).
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.

PDF Code Project Slides

Kaiwen Shen, Jianyu Lu, Yaru Yang, Jianjun Chen, Mingming Zhang, Haixin Duan, Jia Zhang, Xiaofeng Zheng (2022). HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations. In DSN 2022.

PDF

Yiming Zhang, Mingxuan Liu, Mingming Zhang, Chaoyi Lu, Haixin Duan (2022). Ethics in Security Research: Visions, Reality, and Paths Forward. In EthiCS 2022.

PDF

Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan (2022). A Large-scale and Longitudinal Measurement Study of DKIM Deployment. In Usenix Security 2022.

PDF

Mingming Zhang, Xiaofeng Zheng, Kaiwen Shen, Ziqiao Kong, Chaoyi Lu, Yu Wang, Haixin Duan, Shuang Hao, Baojun Liu, Min Yang (2020). Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks. In CCS 2020.

PDF Slides

Mingming Zhang, Baojun Liu, Chaoyi Lu, Jia Zhang, Shuang Hao, Haixin Duan (2020). Measuring Privacy Threats in China-Wide Mobile Networks. In FOCI 2018.

PDF Slides

Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, Jianping Wu (2020). An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?. In IMC 2019.
* IRTF Applied Networking Research Prize (ANRP) 2020 Award Winner..

PDF Slides Video