Tiffany Bao

Publication Activity (10 Years)

Years Active: 2014-2024
Publications (10 Years): 38

Top Topics

Histogram Intersection

Academia And Industry

Peer Review Process

Top Venues

USENIX Security Symposium

IEEE Symposium on Security and Privacy

Publications

Vivin Paliath, Erik Trickel, Tiffany Bao, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili
SandPuppy: Deep-State Fuzzing Guided by Automatic Detection of State-Representative Variables. DIMVA (2024)
Zion Leonahenahe Basque, Ati Priya Bajaj, Wil Gibbs, Jude O'Kain, Derron Miao, Tiffany Bao, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang
Ahoy SAILR! There is No Need to DREAM of C: A Compiler-Aware Structuring Algorithm for Binary Decompilation. USENIX Security Symposium (2024)
Chang Zhu, Ziyang Li, Anton Xue, Ati Priya Bajaj, Wil Gibbs, Yibo Liu, Rajeev Alur, Tiffany Bao, Hanjun Dai, Adam Doupé, Mayur Naik, Yan Shoshitaishvili, Ruoyu Wang, Aravind Machiry
TYGR: Type Inference on Stripped Binaries using Graph Neural Networks. USENIX Security Symposium (2024)
Ziyi Guo, Dang K. Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé, Xinyu Xing
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation. USENIX Security Symposium (2024)
Rana Pourmohamad, Steven Wirsz, Adam Oest, Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Adam Doupé, Rida A. Bazzi
Deep Dive into Client-Side Anti-Phishing: A Longitudinal Study Bridging Academia and Industry. AsiaCCS (2024)
Ziyi Guo, Dang K. Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé, Xinyu Xing
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation. CoRR (2024)
Mehrnoosh Zaeifi, Faezeh Kalantari, Adam Oest, Zhibo Sun, Gail-Joon Ahn, Yan Shoshitaishvili, Tiffany Bao, Ruoyu Wang, Adam Doupé
Nothing Personal: Understanding the Spread and Use of Personally Identifiable Information in the Financial Ecosystem. CODASPY (2024)
Fangzhou Wu, Qingzhao Zhang, Ati Priya Bajaj, Tiffany Bao, Ning Zhang, Ruoyu Wang, Chaowei Xiao
Exploring the Limits of ChatGPT in Software Security Applications. CoRR (2023)
Hui Jun Tay, Kyle Zeng, Jayakrishna Menon Vadayath, Arvind S. Raj, Audrey Dutcher, Tejesh Reddy, Wil Gibbs, Zion Leonahenahe Basque, Fangzhou Dong, Zack Smith, Adam Doupé, Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang
Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation. USENIX Security Symposium (2023)
Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé
Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities. SP (2023)
Kyle Zeng, Zhenpeng Lin, Kangjie Lu, Xinyu Xing, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili, Tiffany Bao
RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections. CCS (2023)
Marzieh Bitaab, Haehyun Cho, Adam Oest, Zhuoer Lyu, Wei Wang, Jorij Abraham, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé
Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale. SP (2023)
Sana Habib, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé
Mitigating Threats Emerging from the Interaction between SDN Apps and SDN (Configuration) Datastore. CCSW@CCS (2022)
Faezeh Kalantari, Mehrnoosh Zaeifi, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé
Context-Auditor: Context-sensitive Content Injection Mitigation. RAID (2022)
Penghui Zhang, Zhibo Sun, Sukwha Kyung, Hans Walter Behrens, Zion Leonahenahe Basque, Haehyun Cho, Adam Oest, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Gail-Joon Ahn, Adam Doupé
I'm SPARTACUS, No, I'm SPARTACUS: Proactively Protecting Users from Phishing by Intentionally Triggering Cloaking Behavior. CCS (2022)
Faezeh Kalantari, Mehrnoosh Zaeifi, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé
Context-Auditor: Context-sensitive Content Injection Mitigation. CoRR (2022)
Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
CrawlPhish: Large-Scale Analysis of Client-Side Cloaking Techniques in Phishing. IEEE Secur. Priv. 20 (2) (2022)
Octavian Suciu, Connor Nelson, Zhuoer Lyu, Tiffany Bao, Tudor Dumitras
Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits. USENIX Security Symposium (2022)
Ananta Soneji, Faris Bugra Kokulu, Carlos E. Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé
"Flawed, but like democracy we don't have a better system": The Experts' Insights on the Peer Review Process of Evaluating Security Papers. IEEE Symposium on Security and Privacy (2022)
Haehyun Cho, Jinbum Park, Adam Oest, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
ViK: practical mitigation of temporal memory safety violations through object ID inspection. ASPLOS (2022)
Kyle Zeng, Yueqi Chen, Haehyun Cho, Xinyu Xing, Adam Doupé, Yan Shoshitaishvili, Tiffany Bao
Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability. USENIX Security Symposium (2022)
Jayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang, Christophe Hauser, Yan Shoshitaishvili
Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs. USENIX Security Symposium (2022)
Octavian Suciu, Connor Nelson, Zhuoer Lyu, Tiffany Bao, Tudor Dumitras
Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits. CoRR (2021)
Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing. IEEE Symposium on Security and Privacy (2021)
Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Kyle Zeng, Alexandros Kapravelos, Gail-Joon Ahn, Tiffany Bao, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili
Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. NDSS (2021)
Jaswant Pakki, Yan Shoshitaishvili, Ruoyu Wang, Tiffany Bao, Adam Doupé
Everything You Ever Wanted to Know About Bitcoin Mixers (But Were Afraid to Ask). Financial Cryptography (1) (2021)
Nicola Ruaro, Kyle Zeng, Lukas Dresel, Mario Polino, Tiffany Bao, Andrea Continella, Stefano Zanero, Christopher Kruegel, Giovanni Vigna
SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning. RAID (2021)
Zhibo Sun, Adam Oest, Penghui Zhang, Carlos E. Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service. USENIX Security Symposium (2021)
Marzieh Bitaab, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
Scam Pandemic: How Attackers Exploit Public Fear through Phishing. CoRR (2021)
Pradeep Kumar Duraisamy Soundrapandian, Tiffany Bao, Jaejong Baek, Yan Shoshitaishvili, Adam Doupé, Ruoyu Wang, Gail-Joon Ahn
MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts. HICSS (2021)
Haehyun Cho, Jinbum Park, Joonwon Kang, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers. WOOT @ USENIX Security Symposium (2020)
Marzieh Bitaab, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
Scam Pandemic: How Attackers Exploit Public Fear through Phishing. eCrime (2020)
Efrén López-Morales, Carlos E. Rubio-Medrano, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang, Tiffany Bao, Gail-Joon Ahn
HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems. CCS (2020)
Yanhao Wang, Xiangkun Jia, Yuwei Liu, Kyle Zeng, Tiffany Bao, Dinghao Wu, Purui Su
Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization. NDSS (2020)
Faris Bugra Kokulu, Ananta Soneji, Tiffany Bao, Yan Shoshitaishvili, Ziming Zhao, Adam Doupé, Gail-Joon Ahn
Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues. CCS (2019)
Zhibo Sun, Carlos E. Rubio-Medrano, Ziming Zhao, Tiffany Bao, Adam Doupé, Gail-Joon Ahn
Understanding and Predicting Private Interactions in Underground Forums. CODASPY (2019)
Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, David Brumley
Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits. IEEE Symposium on Security and Privacy (2017)
Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, David Brumley
How Shall We Play a Game?: A Game-theoretical Model for Cyber-warfare Games. CSF (2017)
Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, David Brumley
BYTEWEIGHT: Learning to Recognize Functions in Binary Code. USENIX Security Symposium (2014)