1

Ethics in Security Research: Visions, Reality, and Paths Forward

Ethics has become a prevalent and important criterion for academic research. However, achieving ethical compliance in practice is a highly complex and specialized task. In the field of computer security research, although top-tier conferences all …

HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations

The Internet has become a complex distributed network with numerous middle-boxes, where an end-to-end HTTP request is often processed by multiple intermediate servers before it reaches its destination. However, a general problem in this distributed …

Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

We discovered a new HTTPS hijacking attack method and won the GeekPwn International Championship

An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?

DNS packets are designed to travel in unencrypted form through the Internet based on its initial standard. Recent discoveries show that real-world adversaries are actively exploiting this design vulnerability to compromise Internet users' security …

Measuring Privacy Threats in China-Wide Mobile Networks

HTTP transparent proxies are widely deployed in mobile networks and can lead to potential security and privacy issues. HTTP traffic is increasingly subject to in-path manipulation, especially in cellular networks. Although the traffic manipulation …