Lianying Zhao
Associate Professor
School of Computer Science, Carleton University

Home  |  Research   |  Teaching   |  Students

Research Group

         Carleton Computer Security Lab (CCSL)

Publications

         Duumviri: Detecting Trackers and Mixed Trackers with a Breakage Detector.

  H. Shuang, L. Zhao, D. Lie. Network and Distributed System Security Symposium (NDSS'25), Feb. 24-28, 2025, San Diego, CA, USA (to be presented).

 

         Multi-target Risk Score Aggregation for Security Evaluation of Network Environments.

  M. Lei, T. A. Madi, M. Nitschke, L. Zhao, M. Pourzandi. IEEE International Conference on Cloud Computing Technology and Science (CloudCom'24), Dec. 9-11, 2024, Abu Dhabi, UAE (to be presented).

 

         Towards Exploring Cross-Regional and Cross-Platform Differences in Login Throttling.

  M. Cai, X. de Carné de Carnavalet, S. Zhang, L. Zhao, M. Zhang. Nordic Conference on Secure IT systems (NordSec'24), Nov. 6-7, 2024, Karlstad, Sweden (to be presented).

 

         TEE-Receipt: A TEE-based Non-repudiation Framework for Web Applications.

  M. Hofny, L. Zhao, M.Mannan, A. Youssef. EAI International Conference on Security and Privacy in Communication Networks (SecureComm'24), Oct. 28-30, 2024, Dubai, UAE (to be presented).

 

         Detecting Command Injection Vulnerabilities in Linux-Based Embedded Firmware with LLM-based Taint Analysis of Library Functions.

  J. Ye, X. Fei, X. de Carné de Carnavalet, L. Zhao, L. Wu, M. Zhang. Elsevier Computers & Security (COSE), to appear (accepted June 2024).

 

         A Survey of Hardware Improvements to Secure Program Execution.

  L. Zhao, H. Shuang, S. Xu, W. Huang, R. Cui, P. Bettadpur, D. Lie. ACM Computing Surveys (CSUR), volume 56, issue 12, pages 1 - 37 (author's version, 2024).

 

         Racing for TLS Certificate Validation: A Hijacker’s Guide to the Android TLS Galaxy.

  S. Pourali, X. Yu, L. Zhao, M. Mannan, A. Youssef. USENIX Security Symposium (USENIX Security '24), Aug. 14–16, 2024, Philadelphia, PA, USA (author's copy).

 

         Exposed by Default: A Security Analysis of Home Router Default Settings.

  J. Ye, X. de Carné de Carnavalet, L. Zhao, M. Zhang, L. Wu, W. Zhang. ACM ASIA Conference on Computer and Communications Security (AsiaCCS'24), Jul. 1-5, 2024, Singapore (author's copy).

 

         The Flaw Within: Identifying CVSS Score Discrepancies in the NVD.

  S. Zhang, M. Cai, M. Zhang, L. Zhao, X. de Carné de Carnavalet. IEEE International Conference on Cloud Computing Technology and Science (CloudCom'23), Dec. 4-6, 2023, Napoli, Italy (author's copy).

 

         Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case.

  S. Baskaran, L. Zhao, M. Mannan, A. Youssef. Symposium on Research in Attacks, Intrusions and Defenses (RAID'23)., Oct. 16-18, 2023, Hong Kong  (author's copy).

 

         VIET: A Tool for Extracting Essential Information from Vulnerability Descriptions for CVSS Evaluation.

  S. Zhang, M. Zhang, L. Zhao. IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec'23)., Jul. 19-21, 2023, Sophia Antipolis, France  (author's copy).

 

         vWitness: Certifying Web Page Interactions with Computer Vision.

  H. Shuang, L. Zhao, D. Lie. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'23), Jun. 27-30, 2023, Porto, Portugal  (author's copy).

 

         A Hybrid Decision-making Approach to Security Metrics Aggregation in Cloud Environments.

  M. Lei, L. Zhao, M. Pourzandi, F. Farrahi Moghaddam. IEEE International Conference on Cloud Computing Technology and Science (CloudCom'22), Dec. 13-16, 2022, Bangkok, Thailand  (author's copy).

 

         Towards 5G-ready Security Metrics.

  L. Zhao, M. Shafayat Oshman, M. Zhang, F. Farrahi Moghaddam, S. Chander, M. Pourzandi. IEEE International Conference on Communications (ICC'21), Jun. 14-23, 2021  (author's copy).

 

         Emilia: Catching Iago in Legacy Code.

  R. Cui, L. Zhao, D. Lie. Network and Distributed System Security Symposium (NDSS'21), Feb. 21-25, 2021  (published version).

 

         Is Hardware More Secure than Software?

  L. Zhao, D. Lie. IEEE Security & Privacy 2020 (author's copy), see the published version here.

 

         Position Paper: Using Inputs and Context to Verify User Intentions in Internet Services.

  H. Shuang, W. Huang P. Bettadpur, L. Zhao, I. Pustogarov, D. Lie. 10th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys'19), Aug. 19-20, 2019. Hangzhou, China.

 

         TEE-aided Write Protection Against Privileged Data Tampering.

  L. Zhao, M. Mannan. Network and Distributed System Security Symposium (NDSS'19), Feb. 24-27, 2019, San Diego, CA, USA.

 

         One-Time Programs Made Practical.

  L. Zhao, J. Choi, D. Demirag, K. Butler, M. Mannan, E. Ayday, J. Clark. Financial Cryptography and Data Security 2019 (FC'19), Feb. 18-22, 2019, St. Kitts.

 

         Hypnoguard: Protecting Secrets across Sleep-wake Cycles. Extended version

  L. Zhao, M. Mannan. ACM Conference on Computer and Communications Security (CCS'16), Oct. 24-28, 2016, Vienna, Austria.

 

         Deceptive Deletion Triggers under Coercion.

  L. Zhao, M. Mannan. IEEE Transactions on Information Forensics and Security (TIFS 2016).

 

         Gracewipe: Secure and Verifiable Deletion under Coercion.

  L. Zhao, M. Mannan. Network and Distributed System Security Symposium (NDSS'15), Feb. 8-11, 2015, San Diego, CA, USA.

 

         Explicit Authentication Response Considered Harmful. (Post-proceedings version: October 26, 2013).

  L. Zhao, M. Mannan. New Security Paradigms Workshop 2013 (NSPW'13), Sept. 9-12, 2013, Banff, Canada.

 

         Design of Hardware and Control Software with Wavecom Communication Module Q2406B.

  K. Li, X. Zhu, L. Zhao. Electronic Measurement Technology, issue 4, pp 95-97, 2006.

 

 

 

gps icon

1125 Colonel By Drive

Ottawa, ON K1S 5B6

 

 

 

phone icon

+1 (613) 520-2600 x2435

 

 

 

email icon

firstname.lastname@scs.carleton.ca

 

 

 

website icon

HP5129