Publication List

See my full list of publications and citations on Google Scholar.


DnD: A Cross-Architecture Deep Neural Network Decompiler
Ruoyu Wu, Taegyu Kim, Dave Jing Tian, Antonio Bianchi, Dongyan Xu
In Proceedings of the USENIX Security Symposium (Usenix SEC)
August 2022
[PDF]


SARA: Secure Android Remote Authorization
Abdullah Imran, Habiba Farrukh, Muhammad Ibrahim, Z. Berkay Celik, Antonio Bianchi
In Proceedings of the USENIX Security Symposium (Usenix SEC)
August 2022
[PDF]


PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Z Berkay Celik, Antonio Bianchi, Dongyan Xu
In Proceedings of the IEEE Symposium on Security and Privacy (S&P)
May 2022
[PDF]


FUZZUSB: Hybrid Stateful Fuzzing of the Linux USB Gadget Stack
Kyungtae Kim, Ertza Warraich, Taegyu Kim, Byoungyoung Lee, Kevin Butler, Antonio Bianchi, Dave (Jing) Tian
In Proceedings of the IEEE Symposium on Security and Privacy (S&P)
May 2022
[PDF]


Formal Model-Driven Discovery of Bluetooth Protocol Design Vulnerabilities
Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi
In Proceedings of the IEEE Symposium on Security and Privacy (S&P)
May 2022
[PDF]


Towards Improving Container Security by Preventing Runtime Escapes
Michael Reeves, Dave (Jing) Tian, Antonio Bianchi, Z. Berkay Celik
In Proceedings of the IEEE Secure Development Conference (SecDev)
October 2021
[PDF]


APPJITSU: Investigating the Resiliency of Android Applications
Onur Zungur, Antonio Bianchi, Gianluca Stringhini, Manuel Egele
In Proceedings of the European IEEE Symposium on Security and Privacy (Euro S&P)
September 2021
[PDF]


LIGHTBLUE : Automatic Profile-Aware Debloating of Bluetooth Stacks
Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi
In Proceedings of the USENIX Security Symposium (Usenix SEC)
August 2021
[PDF]


M2MON: Building a MMIO-based Security Reference Monitor for Cyber-Physical Systems
Arslan Khan, Hyungsub Kim Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, Dave (Jing) Tian
In Proceedings of the USENIX Security Symposium (Usenix SEC)
August 2021
[PDF]


SafetyNOT: On the Usage of the SafetyNet Attestation API in Android
Muhammad Ibrahim, Abdullah Imran, Antonio Bianchi
In Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobySys)
June 2021
[PDF]


Diane: Identifying Fuzzing Triggers in Apps for Effective Vulnerability Analysis of IoT Devices
Nilo Redini, Andrea Continella, Aravind Machiry, Giulio De Pasquale, Dipanjan Das, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
In Proceedings of the IEEE Symposium on Security and Privacy (S&P)
May 2021
[PDF]


PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu
In Proceedings of the Network & Distributed System Security Symposium (NDSS)
February 2021
[PDF]


On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices
Lei Zeyu, Yuhong Nan, Yanick Fratantonio, Antonio Bianchi
In Proceedings of the Network & Distributed System Security Symposium (NDSS)
February 2021
[PDF]


BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, Dongyan Xu
In Proceedings of the USENIX Workshop on Offensive Technologies (WOOT)
August 2020
Best Paper Award
[PDF]


Exploring Syscall-Based Semantics Reconstruction of Android Applications
Dario Nisi, Antonio Bianchi, Yanick Fratantonio
In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Beijing, China, September 2019
[PDF]


HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security
Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvil, Christopher Kruegel, Giovanni Vigna
In Proceedings of the USENIX Security Symposium (Usenix SEC)
Baltimore, MD, August 2018
[PDF]


Mechanical Phish: Resilient Autonomous Hacking
Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Audrey Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Chris Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna
In IEEE Security & Privacy Magazine — SPSI: Hacking without Humans
[PDF]


Broken Fingers: On the Usage of the Fingerprint API in Android
Antonio Bianchi, Yanick Fratantonio, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Pak Chung, Wenke Lee
In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS)
San Diego, CA, February, 2018
[PDF]


Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information
Antonio Bianchi, Eric Gustafson, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna
In Proceedings of the Annual Computer Security Applications Conference (ACSAC)
Orlando, FL, December 2017
[PDF]


BootStomp: On the Security of Bootloaders in Mobile Devices
Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
In Proceedings of the USENIX Security Symposium (Usenix SEC)
Vancouver, Canada, August, 2017
[PDF]


BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments
Aravind Machiry, Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, Giovanni Vigna
In Proceedings of the Network and Distributed System Security Symposium (NDSS)
San Diego, CA, February, 2017
[PDF]


Ramblr: Making Reassembly Great Again
Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna
In Proceedings of the Network and Distributed System Security Symposium (NDSS)
San Diego, CA, February, 2017
Distinguished Paper Award
[PDF]


Cyber Grand Shellphish
Antonio Bianchi, Kevin Borgolte, Jacopo Corbetta, Francesco Disperati, Andrew Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Nick Stephens, Giovanni Vigna, Ruoyu Wang (Authors listed alphabetically)
In Phrack Magazine
[link]


TriggerScope: Towards Detecting Logic Bombs in Android Apps
Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna
In Proceedings of the IEEE Symposium on Security and Privacy (SP),
San Jose, CA, May, 2016
[PDF]


Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy
Vitor Afonso, Antonio Bianchi, Yanick Fratantonio, Adam Doupe, Mario Polino, Paulo de Geus, Christopher Kruegel, Giovanni Vigna
In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS),
San Diego, CA, February, 2016
[PDF]


NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running Stock Android
Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna
In Proceedings of the ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM),
Denver, CO, October, 2015
[PDF]


BareDroid: Large-Scale Analysis of Android Apps on Real Devices
Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, Giovanni Vigna
In Proceedings of the Annual Computer Security Applications Conference (ACSAC),
Los Angeles, CA, December, 2015
[PDF]


CLAPP: Characterizing Loops in Android Applications
Yanick Fratantonio, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
In Proceedings of the Symposium on the Foundations of Software Engineering (FSE),
Bergamo, Italy, August 2015
[PDF]


CLAPP: Characterizing Loops in Android Applications (Invited Talk)
Yanick Fratantonio, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
In Proceedings of International Workshop on Software Development Lifecycle for Mobile (DeMobile),
Bergamo, Italy, August, 2015
[PDF]


On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users
Yanick Fratantonio, Antonio Bianchi, William Robertson, Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna
In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA),
Milan, Italy, July 2015
[PDF]


What the App is That? Deception and Countermeasures in the Android User Interface
Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna
In Proceedings of the IEEE Symposium on Security and Privacy (S&P),
San Jose, CA, May 2015
[PDF]


EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework
Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Yan Chen
In Proceedings of the Network and Distributed System Security Symposium (NDSS),
San Diego, CA, February 2015
[PDF]


Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications
Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
In Proceedings of the Network and Distributed System Security Symposium (NDSS),
San Diego, CA, February 2014
[PDF]


Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds
Antonio Bianchi, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
In Proceedings of the ACM Conference on Computer and Communications Security (CCS),
Raleigh, NC, October 2012
[PDF]