Publications

[ Books | Pubs by Year | Patents ]

BOOK

  • Danfeng Yao, Xiaokui Shu, Long Cheng, and Salvatore J. Stolfo. Anomaly Detection as a Service: Challenges, Advances, and Opportunities. In Information Security, Privacy, and Trust Series. Morgan & Claypool. Oct. 2017. (Invited book)
  • BOOK CHAPTERS

  • Xiaokui Shu, Fang Liu, and Danfeng Yao. Rapid Screening of Big Data Against Inadvertent Leaks. (Book Chapter) In Big Data: Theories, Applications and Concepts. Editors: Shui Yu and Song Guo. Springer.

  • Forward-Secure Hierarchical IBE with Applications to Broadcast Encryption Schemes. Danfeng Yao, Nelly Fazio, Yevgeniy Dodis, and Anna Lysyanskaya. In Cryptology and Information Security Series on Identity-Based Cryptography. Editors: Marc Joye and Greg Nevens. IOS Press.

  • REFEREED CONFERENCES, JOURNALS, AND WORKSHOPS (BY YEAR)

    2020

  • Coding Practices and Recommendations of Spring Security for Enterprise Applications.
    Mazharul Islam, Sazzadur Rahaman, Na Meng, Behnaz Hassanshahi, Padmanabhan Krishnan, Danfeng (Daphne) Yao.
    IEEE Secure Development Conference (SecDev 2020). Atlanta, GA, September 2020

  • Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases.
    Ya Xiao, Yang Zhao, Nicholas Allen, Nathan Keynes, Danfeng (Daphne) Yao, and Cristina Cifuentes.
    arXiv:2007.06122

  • Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP.
    Salman Ahmed, Ya Xiao, Kevin Z. Snow, Gang Tan, Fabian Monrose, and Danfeng (Daphne) Yao.
    In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS'20). November 9–13, 2020.

  • Prioritizing Data Flows and Sinks for App Security Transformation.
    Ke Tian, Gang Tan, Barbara G. Ryder, and Danfeng (Daphne) Yao.
    Computers & Security. Feb. 2020.

  • Identifying Mobile Inter-App Communication Risks.
    Karim O. Elish, Haipeng Cai, Daniel Barton, Danfeng (Daphne) Yao, and Barbara G. Ryder.
    IEEE Transactions on Mobile Computing, Vol. 19, No. 1, Janurary 2020.

  • From Theory to Code: Identifying Logical Flaws in Cryptographic Implementations.
    Sazzadur Rahaman, Haipeng Cai, Omar Chowdhury and Danfeng (Daphne) Yao.
    IEEE Transactions on Dependable and Secure Computing (TDSC), 2020

  • GPU-Based Static Data-Flow Analysis for Fast and Scalable Android App Vetting
    Xiaodong Yu, Fengguo Wei, Xinming Ou, Michela Becchi, Tekin Bicer, and Danfeng (Daphne) Yao.
    The 34th IEEE International Parallel and Distributed Processing Symposium (IPDPS). New Orleans, LA. May 2020

  • Context-rich Privacy Leakage Analysis through Inferring Apps in Smart Home IoT.
    Yuan Luo, Long Cheng, Hongxin Hu, Guojun Peng, and Danfeng Yao.
    IEEE Internet of Things Journal. Aug. 2020.

  • Investigating The Reproducibility of NPM Packages.
    Pronnoy Goswami, Saksham Gupta, Zhiyuan Li, Na Meng, and Danfeng (Daphne) Yao.
    In Proceedings of the International Conference on Software Maintenance and Evolution (ICSME). Oct. 2020.

  • Detection of Repackaged Android Malware with Code-Heterogeneity Features.
    Ke Tian, Danfeng Yao, Barbara Ryder, Gang Tan, and Guojun Peng.
    IEEE Transactions on Dependable and Secure Computing (TDSC). Jan. 2020.
  • 2019

  • Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations.
    Sazzadur Rahaman, Gang Wang, and Daphne Yao.
    ACM Conference on Computer and Communications Security (CCS). London, UK. Nov. 2019. (Acceptance rate: 16%)

  • CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.
    Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, and Danfeng (Daphne) Yao.
    ACM Conference on Computer and Communications Security (CCS). London, UK. Nov. 2019. (Acceptance rate: 16%)

  • Neural Cryptanalysis: Metrics, Methodology, and Applications in CPS Ciphers.
    Ya Xiao, Qingying Hao and Danfeng Yao.
    IEEE Conference on Dependable and Secure Computing (DSC-2019) Hangzhou, China, 18-20 November, 2019

  • CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses.
    Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao.
    IEEE Secure Development Conference (SecDev). McLean, VA. Sept. 2019. (Acceptance rate: 36%)

  • Exploitation Techniques and Defenses for Data-Oriented Attacks.
    Long Cheng, Hans Liljestrand, Md Salman Ahmed, Thomas Nyman, Trent Jaeger, N. Asokan, and Danfeng (Daphne) Yao.
    IEEE Secure Development Conference (SecDev). McLean, VA. Sept. 2019. (Acceptance rate: 36%)

  • Comparative Measurement of Cache Configurations’ Impacts on Cache Timing Side-Channel Attacks.
    Xiaodong Yu, Ya Xiao, Kirk Cameron, and Danfeng (Daphne) Yao.
    The 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET). Santa Clara, CA. Aug. 2019. (Acceptance rate: 31%)

  • Checking is Believing:Event-aware Program Anomaly Detection in Cyber-physical Systems.
    Long Cheng, Ke Tian, Danfeng Yao, Lui Sha, and Raheem Beyah.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 2019. (Impact factor: 6.4)

  • Identifying Mobile Inter-App Communication Risks.
    Karim Elish, Haipeng Cai, Daniel Barton, Danfeng Yao, and Barbara Ryder.
    IEEE Transactions on Mobile Computing. 19(1). 90-102. 1-13. Dec., 2018. DOI: 10.1109/TMC.2018.2889495
  • 2018

  • Needle in a Haystack: Tracking Down Elite Phishing Domains in the Wild.
    Ke Tian, Steve Jan, Hang Hu, Danfeng Yao, and Gang Wang.
    In ACM Internet Measurement Conference (IMC). Boston, MA. Oct. 2018. (Acceptance rate: 25%)

  • FrameHanger: Evaluating and Classifying Iframe Injection at Large Scale.
    Ke Tian, Zhou Li, Kevin Bowers, and Danfeng Yao.
    In Proceedings of the International Conference on Security and Privacy in Communication Networks (SECURECOMM). Singapore. Aug. 2018. (Acceptance rate: 30.5%)

  • Secure Coding Practices in Java: Challenges and Vulnerabilities.
    Na Meng, Stefan Nagy, Danfeng Yao, Wenjie Zhuang, and Gustavo Argoty.
    International Conference on Software Engineering (ICSE). Gothenburg, Sweden. May, 2018. (Acceptance rate: 20.9%) Multiple high-profile media reports.

  • DroidCat: Effective Android Malware Detection and Categorization via App-Level Profiling.
    Haipeng Cai, Na Meng, Barbara Ryder, and Danfeng Yao.
    IEEE Transactions on Information Forensics & Security (TIFS). Oct. 2018.
  • 2017

  • ReDroid: Prioritizing Data Flows and Sinks for App Security Transformation.
    Ke Tian, Gang Tan, Danfeng Yao, and Barbara Ryder.
    In Proceedings of workshop on Forming an Ecosystem Around Software Transformation (FEAST). Collocated with the ACM Conference on Computer and Communications Security (CCS). Dallas, TX. Nov. 2017

  • A First Look: Using Linux Containers for Deceptive Honeypots.
    Alexander Kedrowitsch, Danfeng (Daphne) Yao, Gang Wang, and Kirk Cameron.
    In Proceedings of ACM Workshop on Assurable & Usable Security Configuration (SafeConfig). Collocated with the ACM Conference on Computer and Communications Security (CCS). Dallas, TX. Nov. 2017.

  • Enforcing Cyber-Physical Execution Semantics to Defend Against Data-Oriented Attacks.
    Long Cheng, Ke Tian, and Danfeng Yao.
    In Proceedings of Annual Computer Security Applications Conference (ACSAC). Puerto Rico, US. Dec. 2017. (Acceptance rate: 19.7%)

  • Program Analysis of Cryptography Implementations for Security.
    Sazzadur Rahaman and Danfeng (Daphne) Yao.
    In Proceedings of IEEE Secure Development Conference (SecDev) Cambridge, MA. Sep., 2017.

  • Measuring the Insecurity of Mobile Deep Links of Android.
    Fang Liu, Chun Wang, Andres Pico, Danfeng Yao, and Gang Wang.
    In Proceedings of the 26th USENIX Security Symposium. Vancouver, Canada. Aug. 2017.(Acceptance rate: 16.3%)

  • Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation.
    Sazzadur Rahaman, Long Cheng, Danfeng Yao, He Li, and Jung-Min Park.
    The 17th Privacy Enhancing Technologies Symposium (PETS). Minneapolis, MN. Jul. 2017.(Acceptance rate: 21.7%)

  • On Threat Modeling and Mitigation of Medical Cyber-Physical Systems.
    Hussain Almohri, Long Cheng, Danfeng Yao, and Homa Alemzadeh.
    In Proceedings of IEEE International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT), in conjunction with the IEEE/ACM Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE). Philadelphia, PA. Jul. 2017. (Invited paper)

  • Cloud Data Analytics for Security: Applications, Challenges, and Opportunities.
    Danfeng Yao.
    In Proceedings of Security in Cloud Computing (SCC) Workshop, in conjunction with ASIACCS. Abu Dhabi, UAE. Apr., 2017.
    Keynote speech SLIDES are here.

  • MR-Droid: A Scalable and Prioritized Analysis of Inter-App Communication Risks.
    Fang Liu, Haipeng Cai, Gang Wang, Danfeng Yao, Karim O. Elish and Barbara G. Ryder.
    In Proceedings of Mobile Security Technologies (MoST) Workshop, in conjunction with the IEEE Symposium on Security and Privacy. San Jose, CA. May 2017.(Acceptance rate: 33%)

  • Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications.
    Amiangshu Bosu, Fang Liu, Danfeng Yao, and Gang Wang.
    In Proceedings of ACM Symposium on Information, Computer & Communication Security (ASIACCS) Apr. 2017. (Acceptance rate: 20%) DIALDroid SLIDES HERE

  • Long-Span Program Behavior Modeling and Attack Detection.
    Xiaokui Shu, Danfeng Yao, Naren Ramakrishnan, and Trent Jaeger
    ACM Transactions on Privacy and Security (TOPS). May 2017.

  • Enterprise Data Breach: Causes, Challenges, Prevention, and Future Directions.
    Long Cheng, Fang Liu, and Danfeng Yao.
    WIREs Data Mining and Knowledge Discovery. Wiley. 2017.
    Featured by Wiley’s Advanced Science News. Invited Review Paper

  • Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation.
    Sazzadur Rahaman, Long Cheng, Danfeng Yao, He Li, and Jung-Min Park.
    Proceedings on Privacy Enhancing Technologies (PoPETs). De Gruyter Open. Accepted. (Journal paper of the hybrid venue PoPETs/PETS 2017).

  • Breaking the target: An analysis of target data breach and lessons learned.
    Xiaokui Shu, Ke Tian, Andrew Ciambrone, and Danfeng Yao.
    arXiv preprint arXiv:1701.04940 (2017)
  • 2016

  • Causality-based Sensemaking of Network Traffic for Android Application Security.
    Hao Zhang, Danfeng Yao, and Naren Ramakrishnan.
    In Proceedings of 9th ACM Workshop on Artificial Intelligence and Security (AISec), co-located with the 23nd ACM Conference on Computer and Communications (CCS). October 28, 2016, Hofburg Palace, Vienna, Austria.(Acceptance rate: 32%)

  • Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware.
    Ke Tian, Danfeng Yao, Barbara Ryder, and Gang Tan.
    In Proceedings of Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy. San Jose, CA. May 2016.(Acceptance rate: 29%)

  • A Sharper Sense of Self: Probabilistic Reasoning of Program Behaviors for Anomaly Detection with Context Sensitivity.
    Kui Xu, Ke Tian, Danfeng Yao, and Barbara Ryder.
    In Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Toulouse, France. Jun., 2016. (Acceptance rate: 22%)

  • O3FA: A Scalable, Finite Automata-based, Pattern-Matching Engine for Out-of-Order Packet Inspection in IDS.
    Xiaodong Yu, Wu-chun Feng, Danfeng Yao, and Michela Becchi.
    In Proceedings of The 12th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), co-located with the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI). Santa Clara, CA.Mar. 2016. (Acceptance rate: 21%).

  • DECT: Distributed Evolving Context Tree for Understanding User Behavior Pattern Evolution.
    Xiaokui Shu, Nikolay Laptev, and Danfeng Yao.
    In Proceedings of 19th International Conference on Extending Database Technology (EDBT), co-located with International Conference on Database Theory (ICDT). Mar., 2016. Bordeaux, France. (with Yahoo! Lab)

  • Causality Reasoning about Network Events for Detecting Stealthy Malware Activities.
    Hao Zhang, Danfeng Yao, Naren Ramakrishnan, and Zhibin Zhang.
    Computers & Security (C&S). 58: 180-198. Elsevier. 2016. (Patent Granted)

  • Fast Detection of Transformed Data Leaks.
    Xiaokui Shu, Jing Zhang, Danfeng Yao, and Wu-Chun Feng.
    IEEE Transactions on Information Forensics & Security (TIFS). 11(3): 528-542. 2016.

  • Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming.
    Hussain Almohri, Layne T. Watson, Danfeng Yao, and Xinming Ou.
    IEEE Transactions on Secure and Dependable Computing (TDSC). 13(4): 474-487. 2016.
  • 2015

  • A Formal Framework for Program Anomaly Detection.
    Xiaokui Shu, Danfeng Yao, and Barbara Ryder.
    In Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses(RAID). Kyoto, Japan. Nov. 2015.(Acceptance rate: 23.5%.)
    RAID SLIDES

  • Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths
    Xiaokui Shu, Danfeng Yao, and Naren Ramakrishnan.
    In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS). Denver, Colorado. Oct. 2015.(Acceptance rate: 19.8%.) (Featured in Communications of ACM)
    CCS SLIDES

  • Probabilistic Program Modeling for High-Precision Anomaly Classification.
    Kui Xu, Danfeng Yao, Barbara Ryder, and Ke Tian.
    In Proceedings of the 2015 IEEE Computer Security Foundations Symposium (CSF). Verona, Italy. Jul. 2015.(Acceptance rate: 35%.)

  • On the Need of Precise Inter-App ICC Classification for Detecting Android Malware Collusions.
    Karim Elish, Danfeng Yao, and Barbara Ryder.
    In Proceedings of Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy. San Jose, CA. May 2015.(Acceptance rate: 30%)

  • Rapid and Parallel Content Screening for Detecting Transformed Data Exposure.
    Xiaokui Shu, Jing Zhang, Danfeng Yao, and Wu-Chun Feng.
    In Proceedings of the International Workshop on Security and Privacy in Big Data (BigSecurity), co-located with IEEE INFOCOM. Hong Kong. April, 2015. (Acceptance rate: 26%)

  • Visualizing Traffic Causality for Analyzing Network Anomalies.
    Hao Zhang, Maoyuan Sun, Danfeng Yao, and Chris North.
    In Proceedings of International Workshop on Security and Privacy Analytics (SPA), co-located with ACM CODASPY. San Antonio, TX. Mar. 2015.

  • Privacy-Preserving Scanning of Big Content for Sensitive Data Exposure with MapReduce.
    Fang Liu, Xiaokui Shu, Danfeng Yao, and Ali Butt.
    In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX. Mar. 2015. (Acceptance rate: 21%) (Featured by S2ERC, an NSF I/UCRC on software security)

  • Rapid Screening of Transformed Data Leaks with Efficient Algorithms and Parallel Computing.
    Xiaokui Shu, Jing Zhang, Danfeng Yao, and Wu-Chun Feng.
    In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX. Mar. 2015. Extended abstract. (Best Poster Award)

  • MadeCR: Correlation-based Malware Detection for Cognitive Radio.
    Yanzhi Dou, Kexiong (Curtis) Zeng, Yaling Yang, and Danfeng Yao.
    In Proceedings of IEEE Conference on Computer Communications (INFOCOM). Hong Kong. Apr. 2015. (Acceptance rate: 19%).

  • Privacy-Preserving Detection of Sensitive Data Exposure.
    Xiaokui Shu, Danfeng Yao, and Elisa Bertino.
    IEEE Transactions on Information Forensics & Security (TIFS). 10(5). 1092-1103. May 2015.

  • Profiling User-Trigger Dependence for Android Malware Detection.
    Karim O. Elish, Xiaokui Shu, Danfeng Yao, Barbara Ryder, and Xuxian Jiang.
    Computers & Security (C&S) . 49, 255–273. March 2015.
  • 2014

  • High Precision Screening for Android Malware with Dimensionality Reduction.
    Britton Wolfe, Karim Elish, and Danfeng Yao.
    In Proceedings of the 13th International Conference on Machine Learning and Applications. (ICMLA) Detroit, MI. Dec. 2014. (Acceptance rate: 35%)

  • Role-Playing Game for Studying User Behaviors in Security: A Case Study on Email Secrecy.
    Kui Xu, Danfeng Yao, Manuel A. Perez-Quinones, Casey Link, and E. Scott Geller.
    In Proceedings of the IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). Miami, FL. Oct. 2014. (Acceptance rate: 20%).

  • Comprehensive Behavior Profiling for Proactive Android Malware Detection.
    Britton Wolfe, Karim Elish, and Danfeng Yao.
    In Proceedings of the 7th International Conference on Information Security (ISC). Hong Kong. Oct. 2014. (Acceptance rate: 19%).

  • Detection of Stealthy Malware Activities with Traffic Causality and Scalable Triggering Relation Discovery.
    Hao Zhang, Danfeng Yao and Naren Ramakrishnan.
    In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Kyoto, Japan. Jun. 2014. (Acceptance rate: 20%).

  • DroidBarrier: Know What is Executing on Your Android.
    Hussain Almohri, Danfeng Yao, and Dennis Kafura.
    In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX. Mar. 2014.(Acceptance rate: 23.5%).

  • Process Authentication for High System Assurance.
    Hussain M.J. Almohri, Danfeng (Daphne) Yao, and Dennis Kafura.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 11(2), 168-180. March/April 2014.
  • 2013

  • Massive Distributed and Parallel Log Analysis For Organizational Security.
    Xiaokui Shu, John Smiy, Danfeng Yao, and Heshan Lin.
    In Proceedings of the First International Workshop on Security and Privacy in Big Data (BigSecurity), in conjunct with Globecom. Atlanta, GA. Dec. 2013. (Acceptance rate: 35%).

  • CloudSafe: Securing Data Processing within Vulnerable Virtualization Environments in the Cloud.
    Huijun Xiong, Qingji Zheng, Xinwen Zhang, and Danfeng Yao.
    In Proceedings of the first IEEE Conference on Communications and Network Security (CNS). Washington, D. C. Oct. 2013. (Acceptance rate: 28%).

  • Device-Based Isolation for Securing Cryptographic Keys.
    Karim Elish, Yipan Deng, Danfeng Yao and Dennis Kafura.
    In Proceedings of the 3rd International Symposium on Internet of Ubiquitous and Pervasive Things (IUPT) Halifax, Canada. Jun. 2013.

  • DNS for Massive-Scale Command and Control.
    Kui Xu, Patrick Butler, Sudip Saha, and Danfeng (Daphne) Yao.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 10(3), 143-153. May/June 2013.
  • 2012

  • A Semantics Aware Approach to Automated Reverse Engineering Unknown Protocols.
    Yipeng Wang, Xiaochun Yun, M. Zubair Shafiq, Alex X. Liu, Zhibin Zhang, Liyan Wang, Danfeng Yao, Yongzheng Zhang, and Li Guo.
    20th IEEE International Conference on Network Protocols (ICNP). Austin, TX. Oct. 2012. (Acceptance rate: 23%). (Best Paper Award)

  • Data Leak Detection As a Service.
    Xiaokui Shu and Danfeng Yao.
    In Proceedings of the 8th International Conference on Security and Privacy in Communication Networks (SECURECOMM). Padua, Italy. Sep. 2012. (Acceptance rate: 29%).
    Online demo
    SECURECOMM slides on privacy-preserving data leak detection.

  • User Intention-Based Traffic Dependence Analysis For Anomaly Detection.
    Hao Zhang, William Banick, Danfeng Yao and Naren Ramakrishnan.
    In Proceedings of Workshop on Semantics and Security (WSCS), in conjunction with the IEEE Symposium on Security and Privacy. San Francisco, CA. May 2012.
    The submitted journal version manuscript of our traffic dependency analysis work and CR-Miner prototype can be found HERE.

  • User-Centric Dependence Analysis For Identifying Malicious Mobile Apps.
    Karim O. Elish, Danfeng Yao, and Barbara G. Ryder.
    In Proceedings of the Workshop on Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy. San Francisco, CA. May 2012.
    Full version technical report can be found HERE.

  • Identifying Native Applications with High Assurance.
    Hussain M. J. Almohri, Danfeng Yao, and Dennis Kafura.
    In Proceedings of ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX, USA. Feb. 2012. (Acceptance rate: 25%).
    The submitted journal version manuscript of our process authentication work and A2 prototype system can be found HERE.

  • Towards End-to-End Secure Content Storage and Delivery with Public Cloud.
    Huijun Xiong, Xinwen Zhang, Danfeng Yao, Xiaoxin Wu, and Yonggang Wen.
    In Proceedings of ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX, USA. Feb. 2012. (Acceptance rate: 25%).

  • Data-Provenance Verification For Secure Hosts.
    Kui Xu, Huijun Xiong, Chehai Wu, Deian Stefan, and Danfeng Yao.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 9(2), 173-183. March/April 2012.

  • Robustness of Keystroke-Dynamics Based Biometrics Against Synthetic Forgeries.
    Deian Stefan, Xiaokui Shu, and Danfeng Yao.
    Computers & Security (C&S). 31. 109-121. 2012. Elsevier.
  • 2011

  • Detecting Infection Onset With Behavior-Based Policies.
    Kui Xu, Danfeng Yao, Qiang Ma, and Alex Crowell.
    In Proceedings of the Fifth International Conference on Network and System Security (NSS). Milan, Italy. Sep. 2011. (Acceptance rate: 22%).

  • K2C: Cryptographic Cloud Storage With Lazy Revocation and Anonymous Access.
    Saman Zarandioon, Danfeng Yao, and Vinod Ganapathy.
    In Proceedings of the 7th International ICST Conference on Security and Privacy in Communication Networks (SecureComm). Lecture Notes in Computer Science (LNCS). Sep. 2011. London, UK. (Acceptance rate: 24%).

  • CloudSeal: End-to-End Content Protection in Cloud-based Storage and Delivery Services.
    Huijun Xiong, Xinwen Zhang, Wei Zhu and Danfeng Yao.
    In Proceedings of the 7th International ICST Conference on Security and Privacy in Communication Networks(SecureComm). Lecture Notes in Computer Science (LNCS). Sep. 2011. London, UK.

  • Quantitatively Analyzing Stealthy Communication Channels.
    Patrick Butler, Kui Xu, and Danfeng Yao.
    In Proceedings of International Conference on Applied Cryptography and Network Security (ACNS). Lecture Notes in Computer Science. Jun. 2011 (LNCS). Acceptance rate: 18% (31/172).
    The submitted journal version manuscript of our DNS-based botnet command and control work can be found HERE.

  • Inferring Protocol-State Machine from Network Traces: A Probabilistic Description Method.
    Yipeng Wang, Zhibin Zhang, Danfeng Yao, Buyun Qu, and Li Guo.
    In Proceedings of International Conference on Applied Cryptography and Network Security (ACNS). Lecture Notes in Computer Science (LNCS). Jun. 2011. Acceptance rate: 18% (31/172).
  • 2010

  • Keystroke-Dynamics Authentication Against Synthetic Forgeries.
    Deian Stefan and Danfeng Yao.
    In Proceedings of the International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). Chicago, IL. Nov. 2010. (Best Paper Award)

  • Knowing Where Your Input is From: Kernel-Level Provenance Verification.
    Deian Stefan, Chehau Wu, Danfeng Yao, and Gang Xu.
    In Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS). Pages 71-87. June, 2010. Beijing, China. (Patented)

  • Towards Publishing Recommendation Data With Predictive Anonymization.
    Chih-Cheng Chang, Brian Thompson, Hui Wang, and Danfeng Yao.
    In Proceedings of ACM Symposium on Information, Computer & Communication Security (ASIACCS). Apr. 2010.

  • Using a Trust Inference Model for Flexible and Controlled Information Sharing During Crises.
    Qian Yang, Danfeng Yao, Kaitlyn Muller, and James Garnett.
    Journal of Contingencies and Crisis Management. 18(4), 231-241. 2010. Wiley-Blackwell.

  • Applications and Security of Next-Generation User-Centric Wireless Systems.
    Jerry Rick Ramstetter, Yaling Yang, and Danfeng Yao.
    Future Internet, Special Issue on Security for Next Generation Wireless and Decentralized Systems. Editors: Ralf Steinmetz and Andre Koenig. 2010. (Invited Paper)

  • Independently-Verifiable Decentralized Role-Based Delegation.
    Roberto Tamassia, Danfeng Yao, and William H. Winsborough.
    IEEE Transactions on Systems, Man, and Cybernetics (SMC), Part A. 40(6), 1206-1219. Nov. 2010.
  • 2009

  • User-Assisted Host-Based Detection of Outbound Malware Traffic.
    Huijun Xiong, Prateek Malhotra, Deian Stefan, Chehai Wu, and Danfeng Yao.
    In Proceedings of International Conference on Information and Communications Security (ICICS). Beijing, P.R. China. Dec. 2009.

  • Towards Automatic Privacy Management in Web 2.0 with Semantic Analysis on Annotations.
    Nitya H. Vyas, Anna Squicciarini, Chih-Cheng Chang, and Danfeng Yao.
    In Proceedings of International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). Washington DC. Nov. 2009.

  • Building Robust Authentication Systems With Activity-Based Personal Questions.
    Anitra Babic, Huijun Xiong, Danfeng Yao, and Liviu Iftode.
    In Proceedings of ACM Workshop on Assurable & Usable Security Configuration (SafeConfig). Collocated with the ACM Conference on Computer and Communications Security (CCS). Chicago, IL. Nov. 2009.
    ( Featured in NSF News)

  • Privacy-aware Identity Management for Client-side Mashup Applications.
    Saman Zarandioon, Danfeng Yao, and Vinod Ganapathy.
    In Proceedings of the Fifth ACM Workshop on Digital Identity Management (DIM). Collocated with ACM Conference on Computer and Communications Security (CCS). Chicago, IL. Nov. 2009.

  • Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases.
    Brian Thompson, Danfeng Yao, Stuart Haber, William G. Horne, and Tomas Sander.
    In Proceedings of the 9th Privacy Enhancing Technologies Symposium (PETS). Seattle, WA. Aug. 2009.

  • Detection and Prevention of Insider Threats in Database Driven Web Services.
    Tzvika Chumash and Danfeng Yao.
    In Proceedings of The Third IFIP WG 11.11 International Conference on Trust Management (IFIPTM). Pages 117-132. Jun. 2009. West Lafayette, IN.

  • Union-Split Clustering Algorithm and Social Network Anonymization.
    Brian Thompson and Danfeng Yao.
    In Proceedings of ACM Symposium on Information, Computer & Communication Security (ASIACCS). Mar. 2009. Sydney, Australia.

  • Compact and Anonymous Role-Based Authorization Chain.
    Danfeng Yao and Roberto Tamassia.
    ACM Transactions on Information and System Security (TISSEC). 12(3). Mar. 2009.
  • 2008

  • Select Audit: A Secure and Efficient Audit Framework for Networked Virtual Environments.
    Tuan Phan and Danfeng Yao.
    In Proceedings of the 4th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). Nov. 2008. Orlando, FL.

  • Design and Implementation of an Open Framework for Secure Communication in Mashup Applications.
    Saman Zarandioon, Danfeng Yao, and Vinod Ganapathy.
    Annual Computer Security Applications Conference (ACSAC). December 8-12, 2008. Anaheim, California, USA.

  • Securing Geographic Routing in Mobile Ad-hoc Networks.
    Vivek Pathak, Danfeng Yao, and Liviu Iftode.
    International Conference on Vehicular Electronics and Safety (ICVES). September 22-24, 2008. Columbus, Ohio.

  • Improving Email Trustworthiness through Social-Group Key Authentication.
    Vivek Pathak, Danfeng Yao, and Liviu Iftode.
    Fifth Conference on Email and Anti-Spam (CEAS). Microsoft Research Silicon Valley, Mountain View, California.Aug. 21-22, 2008.

  • Efficient signature schemes supporting redaction, pseudonymization, and data deidentification.
    Stuart Haber, Yasuo Hatano, Yoshinori Honda, William Horne, Kunihiko Miyazaki, Tomas Sander, Satoru Tezuka, Danfeng Yao.
    ACM Symposium on Information, Computer & Communication Security (ASIACCS) 2008.

  • Notarized Federated ID Management and Authentication.
    Michael T. Goodrich, Roberto Tamassia, and Danfeng Yao.
    Journal of Computer Security (JCS), 16(4): 399-418. 2008.

  • Efficient and Secure Content Processing and Distribution by Cooperative Intermediaries.
    Yunhua Koglin, Danfeng Yao, and Elisa Bertino.
    IEEE Transactions on Parallel and Distributed Systems (TPDS). 19(5): 615-626. 2008.

  • Private Information: To Reveal or Not To Reveal.
    Danfeng Yao, Keith Frikken, Mike Atallah, Roberto Tamassia.
    ACM Transactions on Information and System Security (TISSEC). 12(1). Feb. 2008.
  • 2007

  • Private Distributed Scalar Product Protocol With Application To Privacy-Preserving Computation of Trust. Danfeng Yao, Roberto Tamassia, and Seth Proctor. In Proceedings Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM). Moncton, New Brunswick, Canada. Jul. 2007.

  • Privacy-Preserving Schema Matching Using Mutual Information. Isabel F. Cruz, Roberto Tamassia, and Danfeng Yao. Extended Abstract. In Proceedings of the 21th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec) . Redondo Beach, CA. Jul. 2007. Extended Abstract. Slides (.ppt).

  • Decentralized Authorization and Data Security in Web Content Delivery. Danfeng Yao, Yunhua Koglin, Elisa Bertino, and Roberto Tamassia. In Proceedings of the 22nd ACM Symposium on Applied Computing (SAC). Seoul, Korea. March, 2007. Slides (.ppt).
  • 2006

  • Point-Based Trust: Define How Much Privacy Is Worth. (Best Student Paper Award) Danfeng Yao, Keith Frikken, Mike Atallah, Roberto Tamassia. In Proceedings of the Eighth International Conference on Information and Communications Security (ICICS). Lecture Notes in Computer Science (LNCS). Volume 4307, pages 190 – 209. Ning, Qing, and Li (Eds). Springer. Raleigh, North Carolina, USA. December, 2006. Full version. Slides (.ppt). (Best Student Paper Award)

  • Cascaded Authorization with Anonymous-Signer Aggregate Signatures. Danfeng Yao and Roberto Tamassia. In Proceedings of the Seventh Annual IEEE Systems, Man and Cybernetics Information Assurance Workshop (IAW). West Point, New York. June 2006. Full version. Slides (.ppt)

  • Notarized Federated Identity Management for Increased Trust in Web Services. Michael T. Goodrich, Roberto Tamassia, and Danfeng Yao. In Proceedings of the 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec). Sophia Antipolis, France. July 2006. Full version. Slides (.ppt)
  • 2005

  • Visualization of Automated Trust Negotiation. Danfeng Yao, Michael Shin, Roberto Tamassia, and William H. Winsborough. In Proceedings of the Workshop on Visualization for Computer Security (VizSEC), in conjunction with Vis 2005 and InfoVis 2005. Pages 65-74. IEEE Press. Minneapolis, MN. October 2005. Slides (.ppt)

  • On Improving the Performance of Role-Based Cascaded Delegation in Ubiquitous Computing. Danfeng Yao, Roberto Tamassia, and Seth Proctor. In Proceedings of the First Annual IEEE/CreateNet Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm). Pages 157-168. IEEE Press. Athens, Greece. September 2005. Slides (.ppt)

  • Accredited DomainKeys: A Service Architecture for Improved Email Validation. Michael T. Goodrich, Roberto Tamassia, and Danfeng Yao. In the Second Conference on Email and Anti-Spam (CEAS). Stanford University, CA. July 2005. Slides (.ppt)
  • 2004

  • Role-Based Cascaded Delegation. Roberto Tamassia, Danfeng Yao, and William H. Winsborough. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT). Pages: 146 – 155. ACM Press. Yorktown Heights, NY, June 2004. Slides (.ppt)

  • ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption. Danfeng Yao, Nelly Fazio, Yevgeniy Dodis, and Anna Lysyanskaya. In Proceeding of the ACM Conference on Computer and Communications Security (CCS). Pages: 354 – 363. ACM Press. Washington DC, 2004. Full version Slides (.ppt)
  • Patents

    • Stuart Haber, William Horne, Tomas Sander, and Danfeng Yao. Integrity Verification of Pseudonymized Documents. U.S. Patent No. 8,266,439. Sep. 2012.

    • Danfeng Yao and Hao Zhang. Detection of Stealthy Malware Activities with Transitional Causality and Scalable Triggering Relation Discovery. Continuation-in-Part (CIP) Patent Granted. Virginia Tech. 9,888,030. 2017. A video overview

    • Danfeng Yao, Deian Stefan, and Chehai Wu. Systems and Methods for Malware Detection. U.S. Patent No. 8,763,127. Jun. 24, 2014.

    back to top