Computer Security Laboratory

At Computer Security Laboratory (SecLab), our mission is to conduct cutting-edge research in computer security, with an emphasis on computer systems and software.

The problems of our interests include: (1) software security (e.g., binary code analysis, rewriting, hardening, and vulnerability discovery such as fuzzing), (2) systems security (e.g., virtualization and container security, side channel analysis with Intel SGX), and (3) security in emerging computing platforms (e.g., mobile, IoT, AI, blockchain, and cloud).

We also offer a number of courses including Operating Systems, Network Security, and Software Security.

We are (always) looking for self-motivated students with solid systems (e.g., OS, virtualization, compiler, machine code) and networking as well as security background. Interested students who wish to purse a PhD under our direction please drop us an email.

Software Security. We always have a strong interest of understanding and analyzing the native binary code, because it is everywhere and it is the final representation of the software implementation. In the past, we have investigated the reverse engineering of binary code for discovering the network protocol format as well as more generally input data format. We also have developed techniques for automatic vulnerability discovery, and automatic data structure reverse engineering. Recently, we have been working on native binary code hardening, rewriting, and debloating, and mobile app and IoT code analysis for vulnerability discovery.
Systems security. We also have strong interests with containers, OS kernels, hypervisior, and hardware-assisted security (e.g., SGX). We have been working on automating the virtual machine introspection, reverse engineering of kernel objects, understanding the side channels of kernel file systems, and most recently the attacks and defenses with Intel SGX.
Security in Emerging Computing Platforms. We always push our research to the cutting-edge technologies. With the industry's rising interest in mobile, IoT, AI, blockchains, cloud, etc., we ask ourselves what security discoveries we can find in these platforms.

2019
- [EuroS&P'19] Stealing Intel Secrets from SGX Enclaves via Speculative Execution. Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H. Lai. In Proceedings of the 4th IEEE European Symposium on Security and Privacy, June 2019
- [S&P'19] Why Does Your Data Leak? Uncovering the Data Leakage in Cloud From Mobile Apps. Chaoshun Zuo, Zhiqiang Lin, and Yinqian Zhang. IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May. 2019.
- [ICSE'19] Probabilistic Disassembly. Kenneth Miller, Yonghwi Kwon, Yi Sun, Zhuo Zhang, Xiangyu Zhang, and Zhiqiang Lin. In Proceedings of 41st ACM/IEEE Internatinoal Conference on Software Engineering, May 2019.
- [NDSS'19] Statistical Privacy for Streaming Traffic. Xiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang. Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2019.
- [NDSS'19] OBFSCURO: A Commodity Obfuscation Engine on Intel SGX. Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Insik Shin, and Byoungyoung Lee. Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2019.
- [NDSS'19] Geo-locating Drivers: A Study of Sensitive Data Leakagein Ride-Hailing Services. Qingchuan Zhao, Chaoshun Zuo, Giancarlo Pellegrino, and Zhiqiang Lin. Network and Distributed System Security Symposium, San Diego, CA, February 2019.
2018
- [ACSAC'18] Analyzing Cache Side Channels Using Deep Neural Networks. Tianwei Zhang, Yinqian Zhang, Ruby Lee
  Annual Computer Security Applications Conference, San Juan, Puerto Rico, USA, Dec. 2018
- [ACSAC'18] A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites. Bo Lu*, Xiaokuan Zhang*, Ziman Ling, Yinqian Zhang, Zhiqiang Lin. Annual Computer Security Applications Conference, San Juan, Puerto Rico, USA, Dec. 2018 (*co-first authors)
- [ICCD'18] NVCool: When Non-Volatile Caches Meet Cold Boot Attacks. Xiang Pan, Anys Bacha, Spencer Rudolph, Li Zhou, Yinqian Zhang and Radu Teodorescu. IEEE International Conference on Computer Design, Orlando, Florida, USA, Oct. 2018.
- [CCS'18] HoMonit: Monitoring Smart Home Apps from Encrypted Traffic. Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, Haojin Zhu. ACM Conference on Computer and Communications Security, Toronto, Canada, Oct. 2018.
- [CCS'18] K-Hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces. Juanru Li, Zhiqiang Lin. Juan Caballer, Yuanyuan Zhang, Dawu Gu. In Proceedings of the 25th ACM Conference on Computer and Communications Security, Toronto. 2018
- [FEAST'18] Towards Interface-Driven COTS Binary Hardening. Xiaoyang Xu, Wenhao Wang, Kevin W. Hamlen, and Zhiqiang Lin. In Proceedings of the 3rd Workshop on Forming an Ecosystem Around Software Transformation. Toronto, 2018
- [RAID'18] tCFI: Type-Assisted Control Flow Integrity for x86-64 Binaries. Paul Muntean, Matthias Fischer, Gang Tan, Zhiqiang Lin, Jens Grossklags ,and Claudia Eckert. In Proceedings of the 21st International Symposium on Research in Attacks, Intrusions and Defenses, September 2018.
- [TDSC] CPU Elasticity to Mitigate Cross-VM Runtime Monitoring. Zeyu Mi, Haibo Chen, Yinqian Zhang, Shuanghe Peng, Xiaofeng Wang, and Michael Reiter. Transactions on Dependable and Secure Computing, 2018.
- [USENIX-SEC'18] Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors, Yazhou Tu, Zhiqiang Lin, Insup Lee and Xiali Hei. In Proceedings of the 2018 USENIX Security Symposium, Baltimore, MD. August 2018.
- [USENIX-SEC'18] Guarder: A Tunable Secure Allocator, Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, and Tongping Liu. In Proceedings of the 2018 USENIX Security Symposium, Baltimore, MD. August 2018.
- [ATC'18] Peeking Behind the Curtains of Serverless Platforms. Liang Wang, Mengyuan Li, Yinqian Zhang, Thomas Ristenpart, Michael Swift. Usenix Annual Technical Conference, Boston, MA, USA, Jul. 2018.
- [AsiaCCS'18] Leveraging Hardware Transactional Memory for Cache Side-Channel Defenses. Sanchuan Chen, Fangfei Liu, Zeyu Mi, Yinqian Zhang, Ruby B. Lee, Haibo Chen, XiaoFeng Wang. ACM ASIA Conference on Information, Computer and Communications Security, Songdo, Incheon, Korea, Jun. 2018.
- [AsiaCCS'18] BCD: Decomposing Binary Code Into Components Using Graph-Based Clustering. Vishal Karande, Swarup Chandra, Zhiqiang Lin, Juan Caballero, Latifur Khan, and Kevin Hamlen. In Proceedings of the 13th ACM Asia Conference on Computer and Communications Security, Junel 2018
- [S&P'18] Static Evaluation of Noninterference Using Approximate Model Counting. Ziqiao Zhou, Zhiyun Qian, Michael K. Reiter, Yinqian Zhang. IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May. 2018
- [S&P'18] Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. Guoxing Chen*, Wenhao Wang*, Tianyu Chen, Sanchuan Chen, Yinqian Zhang, XiaoFeng Wang, Ten-Hwang Lai, Dongdai Lin. IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May. 2018. (* co-first authors)
- [INFOCOM'18] Differentially Private Access Patterns for Searchable Symmetric Encryption. Guoxing Chen, Ten H. Lai, Michael Reiter, Yinqian Zhang. IEEE International Conference on Computer Communications, Honolulu, HI, USA, Apr. 2018.
- [SIGCSE'18] Using Virtual Machine Introspection for Kernel Security Education. Manish Bhatt, Irfan Ahmed, and Zhiqiang Lin. In Proceedings of The 49th ACM Technical Symposium on Computer Science Education, Baltimore, MD, February 2018.
- [CGO'18] SGX-Elide: Enabling Enclave Code Secrecy via Self-Modification. Erick Bauman, Huibo Wang, Mingwei Zhang, and Zhiqiang Lin. In Proceedings of International Symposium on Code Generation and Optimization, Vienna, Austria, February 2018.
- [NDSS'18] OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS. Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, Xiaofeng Wang. Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2018.
- [NDSS'18] Face Flashing: A Secure Liveness Detection Protocol based on Light Reflections. Di Tang, Zhe Zhou, Yinqian Zhang, Kehuan Zhang. Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2018.
- [NDSS'18] Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics. Erick Bauman, Zhiqiang Lin, and Kevin Hamlen. In Proceedings of the 25th ISOC Network and Distributed System Security Symposium, San Diego, CA, February 2018.
- [NDSS'18] IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, Kehuan Zhang. In Proceedings of the 25th ISOC Network and Distributed System Security Symposium, San Diego, CA, February 2018.

Ohio State nav bar

About

People

Lab Director

Post-Doctoral Researchers

PhD Students

MS Student

Undergraduate Students

Research

Publications

2019

2018

Releases

Sponsors

Director

.cls-1{fill:#a91e22;}.cls-2{fill:#c2c2c2;}double-arrowAbout

.cls-1{fill:#a91e22;}.cls-2{fill:#c2c2c2;}double-arrowPeople

Current Members.a,.b{fill:#c2c2c2;}.b{opacity:0;}single-arrow-square