Publication List


⏺ Selected Publications

My full list of publications and citations is available on Google Scholar.

Finding Traceability Attacks in the Bluetooth Low Energy Specification and Its Implementations
Jianliang Wu, Patrick Traynor, Dongyan Xu, Dave Jing Tian, Antonio Bianchi.
To appear in Proceedings of the USENIX Security Symposium (Usenix SEC), 2024
[PDF]


SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth
Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave Tian, Antonio Bianchi.
In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), 2024
[PDF]


Automated Detection of Cryptographic Inconsistencies in Android’s Keymaster Implementations
Abdullah Imran, Antonio Bianchi.
In Proceedings of the Annual International Conference on Mobile Systems, Applications, and Services (MobiSys), 2024
[PDF]


Wear’s my Data? Understanding the Cross-Device Runtime Permission Model in Wearables
Doguhan Yeke, Muhammad Ibrahim, Güliz Seray Tuncay, Habiba Farrukh, Abdullah Imran, Antonio Bianchi, Z Berkay Celik.
In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), 2024
[PDF]


PatchVerif: Discovering Faulty Patches in Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]


DnD: A Cross-Architecture Deep Neural Network Decompiler
Ruoyu Wu, Taegyu Kim, Dave (Jing) Tian, Antonio Bianchi, Dongyan Xu.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2022
[PDF]


PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu.
In Proceeding of the IEEE Symposium on Security and Privacy (S&P), 2022.
[PDF]


Formal Model-Driven Discovery of Bluetooth Protocol Design Vulnerabilities
Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi.
In Proceeding of the IEEE Symposium on Security and Privacy (S&P), 2022.
[PDF]


SafetyNot: on the usage of the SafetyNet attestation API in Android
Muhammad Ibrahim, Abdullah Imran, Antonio Bianchi.
In Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services, 2021.
[PDF]


LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks
Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi.
In Proceedings of the USENIX Security Symposium (Security), 2021.
[PDF]


On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices
Zeyu Lei, Yuhong Nan, Yanick Fratantonio, Antonio Bianchi.
In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2021.
[PDF]



⏺ Publications

ATTention Please! An Investigation of the App Tracking Transparency Permission
Reham Mohamed, Arjun Arunasalam, Habiba Farrukh, Jason Tong, Antonio Bianchi, Z Berkay Celik.
To appear in Proceedings of the USENIX Security Symposium (Usenix SEC), 2024
[PDF]


Finding Traceability Attacks in the Bluetooth Low Energy Specification and Its Implementations
Jianliang Wu, Patrick Traynor, Dongyan Xu, Dave Jing Tian, Antonio Bianchi.
To appear in Proceedings of the USENIX Security Symposium (Usenix SEC), 2024
[PDF]


Automated Detection of Cryptographic Inconsistencies in Android’s Keymaster Implementations
Abdullah Imran, Antonio Bianchi.
In Proceedings of the Annual International Conference on Mobile Systems, Applications, and Services (MobiSys), 2024
[PDF]


A Systematic Study of Physical Sensor Attack Hardness
Hyungsub Kim, Rwitam Bandyopadhyay, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Yongdae Kim, Dongyan Xu.
In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), 2024
[PDF]


SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth
Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave Tian, Antonio Bianchi.
In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), 2024
[PDF]


Wear’s my Data? Understanding the Cross-Device Runtime Permission Model in Wearables
Doguhan Yeke, Muhammad Ibrahim, Güliz Seray Tuncay, Habiba Farrukh, Abdullah Imran, Antonio Bianchi, Z Berkay Celik.
In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), 2024
[PDF]


Crystallizer: A Hybrid Path Analysis Framework to Aid in Uncovering Deserialization Vulnerabilities
Prashast Srivastava, Flavio Toffalini, Kostyantyn Vorobyov, François Gauthier, Antonio Bianchi, Mathias Payer.
In Proceedings of the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE), 2023
[PDF]


Making Sense of Constellations: Methodologies for Understanding Starlink’s Scheduling Algorithms
Hammas Bin Tanveer, Mike Puchol, Rachee Singh, Antonio Bianchi, Rishab Nithyanand.
In Companion of the International Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2023
[PDF]


Demo: Discovering Faulty Patches in Robotic Vehicle Control Software
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu.
In Proceedings of the Inaugural ISOC Symposium on Vehicle Security and Privacy (VehicleSec), 2023
[PDF]


Short: Rethinking Secure Pairing in Drone Swarms
Muslum Ozgur Ozmen, Habiba Farrukh, Hyungsub Kim, Antonio Bianchi, Z. Berkay Celik.
In Proceedings of the Inaugural ISOC Symposium on Vehicle Security and Privacy (VehicleSec), 2023
[PDF]


AoT-Attack on Things: A security analysis of IoT firmware updates
Muhammad Ibrahim, Andrea Continella, Antonio Bianchi.
In Proceedings of The 8th IEEE European Symposium on Security and Privacy (EuroS&P 2023)
[PDF]


Fuzzing SGX enclaves via host program mutations
Arslan Khan, Muqi Zou, Kyungtae Kim, Dongyan Xu, Antonio Bianchi, Dave Jing Tian.
In Proceedings of The 8th IEEE European Symposium on Security and Privacy (EuroS&P 2023)
[PDF]


LocIn: Inferring Semantic Location from Spatial Maps in Mixed Reality
Habiba Farrukh, Reham Mohamed, Aniket Nare, Antonio Bianchi, Z. Berkay Celik.
In Proceedings of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]


Discovering Adversarial Driving Maneuvers against Autonomous Vehicles
Ruoyu Song, Muslum Ozgur Ozmen, Hyungsub Kim, Raymond Muller, Z. Berkay Celik, Antonio Bianchi.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]


ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
Siddharth Muralee, Igibek Koishybayev, Aleksandr Nahapetyan, Greg Tystahl, Brad Reaves, Antonio Bianchi, William Enck, Alexandros Kapravelos, Aravind Machiry.
In Proceedings of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]


PatchVerif: Discovering Faulty Patches in Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]


Fuzz The Power: Dual-role State Guided Black-box Fuzzing for USB Power Delivery
Kyungtae Kim, Sungwoo Kim, Kevin RB Butler, Antonio Bianchi, Rick Kennell, Dave Jing Tian.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2023
[PDF]


COLUMBUS: Android App Testing Through Systematic Callback Exploration
Priyanka Bose, Dipanjan Das, Saastha Vasan, Sebastiano Mariani, Ilya Grishchenko, Andrea Continella, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna. In Proceedings of the International Conference on Software Engineering (ICSE), 2023
[PDF]


DnD: Decompiling Deep Neural Network Compiled Binary
Ruoyu Wu, Taegyu Kim, Dave (Jing) Tian, Antonio Bianchi, Dongyan Xu
Black Hat Europe 2022


Demo: Policy-based Discovery and Patching of Logic Bugs in Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu.
In Proceedings of the Automotive and Autonomous Vehicle Security Workshop (AutoSec 2022)
[PDF]


ShadowAuth: Backward-Compatible Automatic CAN Authentication for Legacy ECUs
Sungwoo Kim, Gisu Yeo, Taegyu Kim, Junghwan “John” Rhee, Yuseok Jeon, Antonio Bianchi, Dongyan Xu, and Dave (Jing) Tian.
In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIA CCS ’22), 2022
[PDF]


TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator
Trung Nguyen, Kyungtae Kim, Antonio Bianchi, Dave (Jing) Tian.
Black Hat 2022
[Slides], [Video]


DnD: A Cross-Architecture Deep Neural Network Decompiler
Ruoyu Wu, Taegyu Kim, Dave (Jing) Tian, Antonio Bianchi, Dongyan Xu
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2022
[PDF]


SARA: Secure Android Remote Authorization
Abdullah Imran, Habiba Farrukh, Muhammad Ibrahim, Z. Berkay Celik, Antonio Bianchi.
In Proceeding of the USENIX Security Symposium (Usenix SEC), 2022
[PDF]


One Fuzz Doesn’t Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction
Prashast Srivastava, Stefan Nagy, Matthew Hicks, Antonio Bianchi, Mathias Payer.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2022
[PDF]


PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu.
In Proceeding of the IEEE Symposium on Security and Privacy (S&P), 2022.
[PDF]


FUZZUSB: Hybrid Stateful Fuzzing of the Linux USB Gadget Stack
Kyungtae Kim, Ertza Warraich, Taegyu Kim, Byoungyoung Lee, Kevin Butler, Antonio Bianchi, Dave (Jing) Tian.
In Proceeding of the IEEE Symposium on Security and Privacy (S&P), 2022.
[PDF]


Formal Model-Driven Discovery of Bluetooth Protocol Design Vulnerabilities
Jianliang Wu, Ruoyu Wu, Dongyan Xu, Dave (Jing) Tian, Antonio Bianchi.
In Proceeding of the IEEE Symposium on Security and Privacy (S&P), 2022.
[PDF]


SafetyNot: on the usage of the SafetyNet attestation API in Android
Muhammad Ibrahim, Abdullah Imran, Antonio Bianchi.
In Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services, 2021.
[PDF]


Towards Improving Container Security by Preventing Runtime Escapes
Michael Reeves, Dave (Jing) Tian, Antonio Bianchi, Z. Berkay Celik.
In Proceeding of the IEEE Secure Development Conference (SecDev), 2021.
[PDF]


APPJITSU: Investigating the Resiliency of Android Applications
Onur Zungur, Antonio Bianchi, Gianluca Stringhini, Manuel Egele.
In Proceedings of the European IEEE Symposium on Security and Privacy (Euro S&P), 2021.
[PDF]


LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks
Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi.
In Proceedings of the USENIX Security Symposium (Security), 2021.
[PDF]


M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles
Arslan Khan, Hyubgsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, and Dave (Jing) Tian.
In Proceedings of the USENIX Security Symposium (Security), 2021.
[PDF]


PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu.
In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2021.
[PDF]


On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices
Zeyu Lei, Yuhong Nan, Yanick Fratantonio, Antonio Bianchi.
In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2021.
[PDF]


BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, Dongyan Xu.
In Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), 2020.
Best Paper Award   —   CSAW'20 Applied Research Competition Finalist
[PDF]


Exploring Syscall-Based Semantics Reconstruction of Android Applications
Dario Nisi, Antonio Bianchi, Yanick Fratantonio
In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
[PDF]