Publications

  • Journal Papers
  • Invention Patent
  • Authored Books

Authors with an underline “_” is student/scholar mentored by me in my lab; * indicates the corresponding author.

Peer-Reviewed Conference and Workshop Publications

[1].BadUSB- C: Revisiting BadUSB with Type-C, Hongyi LuShuqing LiYou LinChaozu ZhangYechang Wu, Fengwei Zhang*, To Appear In Proceedings of the 15th Workshop On Offensive Technologies (WOOT'21), in conjunction with the 42nd IEEE Symposium on Security and Privacy (S&P'21), May, 2021. This work is a course project from my CS 315 Computer Security Class, all co-authors are undergraduates in the class.

[2].Happer: Unpacking Android Apps via a Hardware-Assisted Approach , Lei Xue, Hao Zhou, Xiapu Luo, Yajin Zhou, Yang Shi, Guofei Gu, Fengwei Zhang, and Man Ho Au, To Appear In 42nd IEEE Symposium on Security and Privacy (S&P'21), May, 2021.

[3].E-SGX: Cache Side-Channel Protection for Intel SGX on Untrusted OS, Fan Lang, Huorong Li, Wei Wang, Jingqiang Lin, Fengwei Zhang, Wuqiong Pan, and Qiongxiao Wang, To Appear In Proceedings of the 16th International Conference on Information Security and Cryptology (Inscrypt'20), Guangzhou, China, December, 2020.

[4].SEED: Confidential Big Data Workflow Scheduling with Intel SGX Under Deadline Constraints, Ishtiaq Ahmed, Saeid Mofrad, Shiyong Lu, Changxin Bai, Fengwei Zhang*, and Dunren Che, In Proceedings of the IEEE International Conference on Services Computing (SCC'20), Beijing, China, October, 2020.

[5].HART: Hardware-assisted Kernel Module Tracing on Arm, Yunlan Duˆ, Zhenyu Ningˆ, Jun Xu, Zilong Wang, Yueh-Hsun Lin, Fengwei Zhang*, Xinyu Xing, and Bing Mao, In Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS'20), Guildford, United Kingdom, September, 2020. (ˆ These authors contributed equally to this work).

[6].Uranus: Simple, Efficient SGX Programming and Its Applications, Jianyu Jiang, Xusheng Chen, Tze On Li, Cheng Wang, Tianxiang Shen, Shixiong Zhao, Heming Cui, Cho-Li Wang, Fengwei Zhang, In Proceedings of the 15th ACM ASIA Conference on Computer and Communications Security (AsiaCCS'20), Taipei, Taiwan, October, 2020.

[7].KShot: Live Kernel Patching with SMM and SGX, Lei Zhou, Fengwei Zhang*, Jinghui LiaoZhenyu Ning, Jidong Xiao, Kevin Leach, Westley Weimer, and Guojun Wang, In Proceedings of the 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'20), Valencia, Spain, June, 2020 (Runner-up Best Paper Award, 3 out of 291 submissions).

[8].SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments, Saeid Mofrad, Ishtiaq Ahmed, Shiyong Lu, Ping Yang, Heming Cui, and Fengwei Zhang*, In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC'19), San Juan, Puerto Rico, December, 2019.

[9].Defeating Speculative-Execution Attacks on SGX with HyperRace, Guoxing Chen, Mengyuan Li, Fengwei Zhang, and Yinqian Zhang, In Proceedings of the 2019 IEEE Conference on Dependable and Secure Computing (IDSC'19), Hangzhou, China, November, 2019.

[10].SecLabel: Enhancing RISC-V Platform Security with Labelled Architecture, Zhenyu Ning, Yinqian Zhang, and Fengwei Zhang*, In the 1st China RISC-V Forum (CRVF'19), Shenzhen, China, November, 2019.

[11].A Study of the Multiple Sign-in Feature in Web Applications, Marwan Albahar, Xing Gao, Gaby G. Dagher, Daiping Liu, Fengwei Zhang, and Jidong Xiao, In Proceedings of the 15th EAI International Conference on Security and Privacy in Communication Networks (SecureComm'19), Short paper, Orlando, Florida, October, 2019.

[12].Nighthawk: Transparent System Introspection from Ring -3, Lei Zhou, Jidong Xiao, Kevin Leach, Westley Weimer, Fengwei Zhang*, and Guojun Wang, In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS'19), Luxembourg, September, 2019.

[13].Understanding the Security of Traffic Signal Infrastructure, Zhenyu Ning, Fengwei Zhang*, and Stephen Remias, In Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'19), Gothenburg, Sweden, June, 2019.

[14].Understanding the Security of ARM Debugging Features, Zhenyu Ning and Fengwei Zhang, In Proceedings of the 40th IEEE Symposium on Security & Privacy (S&P'19), San Francisco, California, May, 2019. , Nailgun project is online! CVE-2018-18068.

[15].Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms, Zhenyu NingJinghui Liao, Fengwei Zhang, and Weisong Shi, In Proceedings of the 1st ACM/IEEE Workshop on Security and Privacy in Edge Computing (EdgeSP'18), in conjunction with The 3rd ACM/IEEE Symposium on Edge Computing (SEC'18), Bellevue, WA, October, 2018.

[16].A Comparison Study of Intel SGX and AMD Memory Encryption Technology, Saeid Mofrad, Fengwei Zhang, Shiyong Lu, and Weidong Shi, In Proceedings of the Hardware and Architectural Support for Security and Privacy (HASP'18), in conjunction with The 45th International Symposium on Computer Architecture (ISCA'18), Los Angeles, California, June, 2018.

[17].DexLego: Reassembleable Bytecode Extraction for Aiding Static Analysis, Zhenyu Ning and Fengwei Zhang, In Proceedings of the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'18), Luxembourg, June, 2018.

[18].MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices, Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen-Tao Zhu, Yangguang Tian, Zhan Wang, and Albert Ching, In Proceedings of the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'18), Luxembourg, June, 2018.

[19].Transparent Malware Debugging on x86 and ARM, Zhenyu Ning and Fengwei Zhang, In DEF CON China Hacking Conference, Beijing, China, May, 2018.

[20].Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices, Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing, and Luning Xia, In Proceedings of the 33rd Annual Computer Security Application Conference (ACSAC'17), Orlando, Florida, December, 2017 (Distinguished Paper Award).

[21].Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage, Kevin Leach, Fengwei Zhang, and Westley Weimer, In Proceedings of the 20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'17), Atlanta, Georgia, September, 2017.

[22].Ninja: Towards Transparent Tracing and Debugging on ARM, Zhenyu Ning and Fengwei Zhang, In Proceedings of the 26th USENIX Security Symposium (USENIX-Security'17), Vancouver, BC, Canada, August, 2017.

[23].Using Asynchronous Collaborative Attestation to Build A Trusted Computing Environment for Mobile Applications, Lei Zhou, Fengwei Zhang, and Guojun Wang, In Proceedings of the 3rd IEEE International Conference on Smart World Congress (SWC'17), Newark, California, August, 2017.

[24].Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments, Zhenyu Ning, Fengwei Zhang, Weisong Shi, and Larry Shi, In Proceedings of the Hardware and Architectural Support for Security and Privacy(HASP'17) , in conjunction with The 44th International Symposium on Computer Architecture (ISCA'17), Toronto, ON, Canada, June, 2017.

[25].COMS: Customer Oriented Migration Service, Kai Huang, Xing Gao, Fengwei Zhang, and Jidong Xiao, In Proceedings of the 10th IEEE International Conference on Cloud Computing (CLOUD'17), Honolulu, Hawaii, June, 2017.

[26].Breaking BLE Beacons For Fun But Mostly Profit, Constantinos Kolias, Lucas Copi, Fengwei Zhang, and Angelos Stavrou, In Proceedings of the 10th European Workshop on Systems Security (EuroSec'17), in conjunction with The 12th European Conference on Computer Systems (EuroSys'17), Belgrade, Serbia, April, 2017.

[27].SoK: A Study of Using Hardware-assisted Isolated Execution Environments for Security, Fengwei Zhang and Hongwei Zhang, In Proceedings of the Hardware and Architectural Support for Security and Privacy (HASP'16), in conjunction with The 43rd International Symposium on Computer Architecture (ISCA'16), Seoul, South Korea, June, 2016.

[28].Towards Transparent Introspection, Kevin Leach, Chad Spensky, Westley Weime, and Fengwei Zhang, In Proceedings of the 23rd IEEE Conference on Software Analysis, Evolution, and Reengineering (SANER'16), Osaka, Japan, March, 2016.

[29].MobiPluto: File System Friendly Deniable Storage for Mobile Devices, Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang, In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC'15), Los Angeles, California, December, 2015.

[30].Class-Chord: Efficient Messages to Classes of Nodes in Chord, Dan Fleck, Sharath Hiremagalore, Stephen Reese, Liam McGhee, and Fengwei Zhang, In Proceedings of the 2nd IEEE International Conference on Cyber Security and Cloud Computing (CSCloud'15), New York City, New York, November, 2015.

[31].Using Hardware Features for Increased Debugging Transparency, Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun, In Proceedings of the 36th IEEE Symposium on Security and Privacy (S&P'15), San Jose, California, May, 2015.

[32].TrustLogin: Securing Password-Login on Commodity Operating Systems, Fengwei Zhang, Kevin Leach, Haining Wang, and Angelos Stavrou, In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS'15), Singapore, April, 2015.

[33].A Framework to Secure Peripherals at Runtime, Fengwei Zhang, Haining Wang, Kevin Leach, and Angelos Stavrou, In Proceedings of the 19th European Symposium on Research in Computer Security (ESORICS'14), Wroclaw, Poland, September, 2014.

[34].IOCheck: A Framework to Enhance the Security of I/O Devices at Runtime (student paper) , Fengwei Zhang, In Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'13), Budapest, Hungary, June, 2013.

[35].SPECTRE: A Dependable Introspection Framework via System Management Mode, Fengwei Zhang, Kevin Leach, Kun Sun, and Angelos Stavrou, In Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'13), Budapest, Hungary, June, 2013.

[36].SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes, Kun Sun, Jiang Wang, Fengwei Zhang, and Angelos Stavrou, In Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS'12), San Diego, California, February, 2012.

[37].Firmware-assisted Memory Acquisition and Analysis tools for Digital Forensic, Jiang Wang, Fengwei Zhang, Kun Sun, and Angelos Stavrou, In Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'11), in conjunction with The 32nd IEEE Symposium on Security and Privacy (S&P'11), Oakland, California, May, 2011.

[38].Temporal Metrics for Software Vulnerabilities, Ju An Wang, Fengwei Zhang, and Min Xia, In Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW'08), Oak Ridge, Tennessee, May, 2008.

Journal Publications
[1].A Coprocessor-based Introspection Framework via Intel Management Engine, Lei Zhou, Fengwei Zhang*, Jidong Xiao, Kevin Leach, Westley Weimer, Xuhua Ding, and Guojun Wang. To Appear In IEEE Transactions on Dependable and Secure Computing (TDSC'21), 2021.

[2].An Attribute-Isolated Secure Communication Architecture for Intelligent Connected Vehicles, Mu Han, Ailan Wan, Fengwei Zhang, and Shidian Ma, To Appear In IEEE Transactions on Intelligent Vehicle (T-IV'20), 2020. Impact Factor: 7.420.

[3].DAENet: Making Strong Anonymity Scale in a Fully Decentralized Network, Tianxiang Shen, Jianyu Jiang, Yunpeng Jiang, Xusheng Chen, Ji Qi, Shixiong Zhao, Fengwei Zhang*, Xiapu Luo, and Heming Cui*, To Appear In IEEE Transactions on Dependable and Secure Computing (TDSC'20), 2020. Impact Factor: 6.404.

[4].RansomSpector: An Introspection-Based Approach to Detect Crypto Ransomware, Fei Tang, Boyang Ma, Jinku Li, Fengwei Zhang, Jipeng Su, Jianfeng Ma, To Appear In Elsevier Computers & Security (CompSec'20), 2020. Impact Factor: 3.579.

[5].Nailgun: Breaking Privilege Isolation on ARM, 钉枪:突破ARM特权隔离, Fengwei Zhang and Zhenyu Ning, 张锋巍,宁振宇, In Communications of China Computer Federation (CCCF'20),《中国计算机学会通讯》Vol.16, No.1, pp.51-54, 2020.

[6].A Study of Using TEE on Edge Computing, 基于边缘计算的可信执行环境研究, Zhenyu Ning, Fengwei Zhang*, and Weisong Shi, 宁振宇,张锋巍*,施巍松, In Journal of Computer Research and Development (JCDR'19),《计算机研究与发展》Vol.56, No.7, pp.1441-1453, 2019.

[7].Hardware-assisted Transparent Tracing and Debugging on ARM, Zhenyu Ning and Fengwei Zhang, In IEEE Transactions on Information Forensics & Security (TIFS'19), Vol.14, No.6, pp.1595-1609, 2019. Impact Factor: 5.824 (11/2018).

[8].SADUS: Secure Data Deletion in User Space for Mobile Devices, Li Yang, Teng Wei, Fengwei Zhang, Jianfeng Ma, In Elsevier Computers & Security (CompSec'18), Vol.77, pp.612-626, 2018. Impact Factor: 2.849.

[9].FINE-CFI: Fine-grained Control- Flow Integrity for Operating System Kernels, Jinku Li, Xiaomeng Tong, Fengwei Zhang, and Jianfeng Ma, In IEEE Transactions on Information Forensics & Security (TIFS'18), Vol.13, No.6, pp.1535-1550, 2018. Impact Factor: 4.332.

[10].User-Friendly Deniable Storage for Mobile Devices, Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen Tao Zhu, Yingjiu Li, and Zhan Wang, In Elsevier Computers & Security (CompSec'18), Vol.72, pp.163-174, 2018. Impact Factor: 2.849.

[11].Towards Transparent Debugging, Fengwei Zhang, Kevin Leach, Angelos Stavrou, and Haining Wang, In IEEE Transactions on Dependable and Secure Computing (TDSC'18), Vol.15, No.2, pp.321-335, 2018. Impact Factor: 4.410.

[12].HyperCheck: A Hardware-Assisted Integrity Monitor, Fengwei Zhang, Jiang Wang, Kun Sun, and Angelos Stavrou, In IEEE Transactions on Dependable and Secure Computing (TDSC'14), Vol.11, No.4, pp.332-344, July-August 2014.

[13].Metrics for Information Security Vulnerabilities, Ju An Wang, Min Xia, and Fengwei Zhang,In Journal of Applied Global Research (JAGR'08), Vol.1, No.1, pp.48-58, 2008.

Methods and Systems for Increased Debugging Transparency  [bib]
Fengwei Zhang, Kevin Leach, Angelos Stavrou, and Haining Wang
U.S. Patent Number 10,127,137. Issued on November 13, 2018.

Copyright © 2018 All Rights Reserved.