I completed my Ph.D. (2014) in Electrical and Computer Engineering at Carnegie Mellon University. I received my M.S. (2008) and B.S. (2006) degrees in Electrical Engineering at National Taiwan University.
Letters of Recommendation Policy: Please read this before requesting for letters of recommendation.
Interested in joining Network Security Lab (NSLab)? We are interested in the field of computer and network security, with focuses on DDoS defense, automated vulnerability discovery, and IoT security lately. Some of our members are also affiliated with the Balsn CTF team. We are actively recruiting highly motivated students and researchers! Email me or drop by R307 to chat with awesome nslab members.
[C44] Risky Cohabitation: Understanding and Addressing Over-privilege Risks of Commodity Application Virtualization Platforms in Android. S.-C. Hsiao, S.-W. Li, H.-C. Hsiao. To appear in ACM Conference on Data and Application Security and Privacy (CODASPY), June 2024.
[C43] ALBUS: a Probabilistic Monitoring Algorithm to Counter Burst-Flood Attacks. S. Scherrer, J. Vliegen, A. Sateesan, H.-C. Hsiao, N. Mentens, A. Perrig. In International Symposium on Reliable Distributed Systems, September 2023.
[C42] Capturing Antique Browsers in Modern Devices: A Security Analysis of Captive Portal Mini-Browsers. [code] P.-L. Wang, K.-H. Chou, S.-C. Hsiao, A. T. Low, T. H.-J. Kim and H.-C. Hsiao. The 21st International Conference on Applied Cryptography and Network Security (ACNS), June 2023. (Best Student Paper Award)
[C41] OmniCrawl: Comprehensive Measurement of Web Tracking With Real Desktop and Mobile Browsers. [code] D. Cassel, S.-C. Lin, A. Buraggina, W. Wang, A. Zhang, L. Bauer, H.-C. Hsiao, L. Jia, T. Libert. In Privacy Enhancing Technologies Symposium (PETS), July 2022. (Best Artifact Award)
[C40] Tool: An Efficient and Flexible Simulator for Byzantine Fault-Tolerant Protocols. [code] P.-L. Wang, T.-W. Chao, C.-C. Wu, H.-C. Hsiao. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June 2022.
[C39] LAEG: Leak-based AEG using Dynamic Binary Analysis to Defeat ASLR. [code (TBA)] W.-L. Mow, S.-K. Huang, H.-C. Hsiao. In The 6th International Workshop on Privacy, data Assurance, Security Solutions for Internet of Things, June 2022.
[C38] Investigating Advertisers' Domain-changing Behaviors and Their Impacts on Ad-blocker Filter Lists. [extended] [code & dataset] S.-C. Lin, K.-H. Chou, Y. Chen, H.-C. Hsiao, D. Cassel, L. Bauer, and L. Jia. In The Web Conference (TheWebConf, formerly known as WWW), April 2022.
[C37] HeadStart: Efficiently Verifiable and Low-Latency Participatory Randomness Generation at Scale. [code (TBA)] H. Lee, Y.-M. Hsu, J.-J. Wang, H.-C. Yang, Y.-H. Chen, Y.-C. Hu, and H.-C. Hsiao. In Network and Distributed System Security Symposium (NDSS), April 2022.
[C36] Low-Rate Overuse Flow Tracer (LOFT): An Efficient and Scalable Algorithm for Detecting Overuse Flows. [preprint] S. Scherrer, C.-Y. Wu, Y.-H. Chiang, B. Rothenberger, D. Asoni, A. Sateesan, J. Vliegen, N. Mentens, H.-C. Hsiao, A. Perrig. In International Symposium on Reliable Distributed Systems, September, 2021.
[C35] ProMutator: Detecting Price Oracle Vulnerabilities in DeFi by Mutated Transactions. [code & disclosure] S.-H. Wang, C.-C. Wu, Y.-C. Liang, L.-H. Hsieh and H.-C. Hsiao. In IEEE Workshop on Security & Privacy on the Blockchain (co-located with IEEE Euro S&P), September 2021.
[C34] Speed Records in Network Flow Measurement on FPGA. A. Sateesan, J. Vliegen, S. Scherrer, H.-C. Hsiao, A. Perrig, and N. Mentens. In International Conference on Field-Programmable Logic and Applications (FPL), August 2021.
[C33] icLibFuzzer: Isolated-context libFuzzer for Improving Fuzzer Comparability. [preprint] [code] Y.-C. Liang, H.-C. Hsiao. In NDSS workshop on Binary Analysis Research, February 2021.
[J9] A decentralized framework for cultivating research lifecycle transparency. [code] W. Jeng, S.-H. Wang, H.-W. Chen, P.-W. Huang, Y.-J. Chen, H.-C. Hsiao. PLOS ONE 15(11): e0241496, 2020.
[C32] On the Privacy Risks of Compromised Trigger-Action Platforms. [code] Y.-H. Chiang, H.-C. Hsiao, C.-M. Yu and T. H.-J. Kim. In European Symposium on Research in Computer Security (ESORICS), September 2020.
[C31]
FALCO: Detecting JavaScript-based Cyber Attack UsingWebsite Fingerprints.
C.-C. Liu, H.-C. Hsiao, T. H.-J. Kim.
In International Conference on Security and Cryptography (SECRYPT), July 2020.
[C30] Practical and Verifiable Electronic Sortition. H. Lee, H.-C. Hsiao. In Workshop on Foundations of Computer Security, June 2020.
[C29]
On Using Camera-based Visible Light Communication for Security Protocols.
W.-Y. Chu, T.-G. Yu, Y.-K. Lin, S.-C. Lee and H.-C. Hsiao.
In IEEE Workshop on the Internet of Safe Things (SafeThings), May 2020.
[J8] SAFECHAIN: Securing Trigger-Action Programming from Attack Chains. [code&dataset] K.-H. Hsu, Y.-H. Chiang, H.-C. Hsiao. IEEE Transactions on Information Forensics and Security, 14(10), pp.2607-2622, Oct. 2019.
[C28] On the Feasibility of Rerouting-based DDoS Defenses. M. Tran, M. S. Kang, H.-C. Hsiao, W.-H. Chiang, S.-P. Tung and Y.-S. Wang. In IEEE Symposium on Security and Privacy (IEEE S&P), May 2019.
[C27] An Investigation of Cyber Autonomy on Government Websites. (Short Paper) [dataset] H.-C. Hsiao, T. H.-J. Kim, Y.-M. Ku, C.-M. Chang, H.-F. Chen, Y.-J. Chen, C.-W. Wang and W. Jeng. In The Web Conference (TheWebConf, formerly known as WWW), May 2019.
[C26] Enhancing Symbolic Execution by Machine Learning Based Solver Selection. [code] S.-H. Wen, W.-L. Mow, W.-N. Chen, C.-Y. Wang, H.-C. Hsiao. In NDSS workshop on Binary Analysis Research, February 2019.
[J7] GROUPIT: Lightweight Group Key Management for Dynamic IoT Environments. Y.-H. Kung, H.-C. Hsiao. IEEE Internet of Things Journal, vol. 5, no. 6, pp. 5155-5165, Dec. 2018.
[C25] Dynamic Path Pruning in Symbolic Execution. Y.-S. Chen, W.-N. Chen, C.-Y. Wu, H.-C. Hsiao, S.-K. Huang. In IEEE Conference on Dependable and Secure Computing (DSC), December 2018.
[C24] CLEF: Limiting the Damage Caused by Large Flows in the Internet Core. H. Wu, H.-C. Hsiao, D. E. Asoni, S. Scherrer, A. Perrig, Y.-C. Hu. In International Conference on Cryptology and Network Security (CANS), September 2018.
[C23] SDNProbe: Lightweight Fault Localization in the Error-Prone Environment. [code] Y.-M, Ke, H.-C. Hsiao, T. H.-J. Kim. In IEEE International Conference on Distributed Computing Systems (ICDCS), July 2018.
[C22] DAMUP: Practical and Privacy-aware Cloud-based DDoS Mitigation. [code] S.-C. Lin, P.-W. Huang, H.-Y. Wang, H.-C. Hsiao. In IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), April 2018.
[C21] INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing. [code] C.-C. Hsu, C.-Y. Wu, H.-C. Hsiao, S.-K. Huang. In NDSS Workshop on Binary Analysis Research, February 2018.
[J6] Traffic-aware Patching for Cyber Security in Mobile IoT. S.-M. Cheng, P.-Y. Chen, C.-C. Lin, H.-C. Hsiao. IEEE Communications Magazine, 2017.
[C20] A Generic Web Application Testing and Attack Data Generation Method. H.-Y. Shih, H.-L. Lu, C.-C. Yeh, H.-C. Hsiao, S.-K. Huang. In International Conference on Security with Intelligent Computing and Big-data Services (SICBS), December 2017.
[C19] Security Implications of Redirection Trail in Popular Websites Worldwide. L. Chang, W.-H. Lin, H.-C. Hsiao, W. Jeng, T. H.-J. Kim. In 26th International World Wide Web Conference (WWW), April 2017.
[J5] Decapitation via Digital Epidemics: A Bio-Inspired Transmissive Attack. P.-Y. Chen, C.-C. Lin, S.-M. Cheng, H.-C. Hsiao, and C.-Y. Huang. IEEE Communications Magazine, 2016.
[J4] Insider Collusion Attack on Privacy-preserving Kernel-based Data Mining Systems. P. S. Wang, F. Lai, H.-C. Hsiao, and J.-L. Wu. IEEE Access, vol. 4, pp. 2244-2255, 2016.
[C18] SandUSB: An Installation-Free Sandbox for USB Peripherals. E. L. Loe, H.-C. Hsiao, T. H.-J. Kim, S.-C. Lee, and S.-M. Cheng. In IEEE World Forum on Internet of Things Workshop on User Centric Security, Privacy, and Interoperability in the Context of Internet of Things and Smart Cities, December 2016.
[C17] Migrant Attack: A Multi-resource DoS Attack on Cloud Virtual Machine Migration Schemes. J.-R. Yeh, H.-C. Hsiao, A.-C. Pang. In 11th Asia Joint Conference on Information Security (AsiaJCIS), August 2016.
[C16] Securing Data Planes in Software-Defined Networks. T.-W. Chao, Y.-M. Ke, B.-H. Chen, J.-L. Chen, C. J. Hsieh, S.-C. Lee, H.-C. Hsiao. In IEEE International Workshop on Security in Virtualized Networks (Sec-VirtNet), June 2016.
[C15] CICADAS: Congesting the Internet with Coordinated And Decentralized Pulsating Attacks. Y.-M. Ke, C.-W. Chen, H.-C. Hsiao, A. Perrig, V. Sekar. In ACM Asia Conference on Computer and Communications Security (ASIACCS), May 2016.
[C14] SIBRA: Scalable Internet Bandwidth Reservation Architecture. C. Basescu, R. M. Reischuk, P. Szalachowski, A. Perrig, Y. Zhang, H.-C. Hsiao, A. Kubota, J. Urakawa. In Networked & Distributed System Security Symposium (NDSS), February 2016.
[C13] A Secure Authorization System in PHR based on CP-ABE. H.-H. Chung, P. Wang, T.-W. Ho, H.-C. Hsiao, F. Lai. In IEEE E-Health and Bioengineering Conference (EHB), November 2015.
[C12] A Practical System for Guaranteed Access in the Presence of DDoS Attacks and Flash Crowds. Y.-H. Kung, T. Lee, P.-N. Tseng, H.-C. Hsiao, T. H.-J. Kim, S. B. Lee, Y.-H. Lin, and A. Perrig. In IEEE International Conference on Internet Protocols (ICNP), November 2015.
[C11] Efficient Large Flow Detection over Arbitrary Windows: An Algorithm Exact Outside An Ambiguity Region. H. Wu, H.-C. Hsiao, and Y.-C. Hu. In ACM Internet Measurement Conference (IMC), November 2014.
[C10] YourPassword: Applying Feedback Loops to Improve Security Behavior of Managing Multiple Passwords. (Short Paper) T. H.-J. Kim, H. C. Stuart, H.-C. Hsiao, Y.-H. Lin, L. Zhang, L. Dabbish, and S. Kiesler. In ACM Symposium on Information, Computer and Communications Security (ASIACCS), June 2014.
[C9] Policy-based secure deletion. C. Cachin, K. Haralambiev, H.-C. Hsiao, and A. Sorniotti. In ACM Conference on Computer and Communications Security (CCS), November 2013.
[C8] STRIDE: Sanctuary Trail -- Refuge from Internet DDoS Entrapment. H.-C. Hsiao, T. H.-J. Kim, S. B. Lee, X. Zhang, S. Yoo, V. Gligor and A. Perrig. In ACM Symposium on Information, Computer and Communications Security (ASIACCS), May 2013.
[C7] LAP: Lightweight Anonymity and Privacy. H.-C. Hsiao, T. H.-J. Kim, A. Perrig, A. Yamada, S. C. Nelson, M. Gruteser, and W. Meng. In IEEE Symposium on Security and Privacy (Oakland), May 2012.
[C6] ShortMAC: Efficient Data-Plane Fault Localization. X. Zhang, Z. Zhou, H.-C. Hsiao, T. H.-J. Kim, A. Perrig, and P. Tague. In Networked & Distributed System Security Symposium (NDSS), February 2012.
[J3] Secure Distributed Data Aggregation. H. Chen, H.-C. Hsiao, A. Perrig, and D. Song. Journal of Foundations and Trends in Databases, Vol. 3, No. 3, pp 149-201, 2011.
[C5] Flooding-Resilient Broadcast Authentication for VANETs. H.-C. Hsiao, A. Studer, C. Chen, A. Perrig, F. Bai, B. Bellur, and A. Iyer. In ACM Conference on Mobile Computing and Networking (MobiCom), September 2011.
[C4] Efficient and Secure Threshold-based Event Validation for VANETs. H.-C. Hsiao, A. Studer, R. Dubey, E. Shi, and Adrian Perrig. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), June 2011.
[C3] SCION: Scalability, Control, and Isolation On Next-Generation Networks. X. Zhang, H.-C. Hsiao, G. Hasker, H. Chan, A. Perrig, and D. Andersen. In IEEE Symposium on Security and Privacy (Oakland), May 2011. (2022 Test-of-Time Award)
[J2] SPATE: Small-group PKI-less Authenticated Trust Establishment. Y.-H. Lin, A. Studer, Y.-H. Chen, H.-C. Hsiao, E. L.-H. Kuo, J. M. McCune, K.-H. Wang, M. Krohn, A. Perrig, B.-Y. Yang, H.-M. Sun, P.-L. Lin, and J. Lee. IEEE Transactions on Mobile Computing, 9(12): 1666-1681, 2010.
[C2] A Study of User-Friendly Hash Comparison Schemes. H.-C. Hsiao, Y.-H. Lin, A. Studer, C. Studer, K.-H. Wang, H. Kikuchi, A. Perrig, H.-M. Sun, and B.-Y. Yang. In Annual Computer Security Applications Conference (ACSAC), December 2009.
[C1] SPATE: Small-group PKI-less Authenticated Trust Establishment. Y.-H. Lin, A. Studer, H.-C. Hsiao, J. M. McCune, K.-H. Wang, M. Krohn, P.-L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang. In ACM Annual International Conference on Mobile Systems, Applications and Services (MobiSys) 2009.
[J1] A Survey of Secure Data Aggregation on Sensor Networks. Y.-S. Chen, H.-C. Hsiao, and C.-L. Lei. Communications of Chinese Cryptology and Information Security Association (CCISA), Vol.13 No.4 pp17-28, 2007.
[P13] "Prove it!" A user-centered design client for the blockchain-based research lifecycle transparency framework. Y.-C. Chang, L.-F. Kang, H.-C. Hsiao, & W. Jeng In ASIS&T AM, October 2022. (Best Poster Award)
[P12] PluginPermCheck: Preventing Permission Escalation in App Virtualization. S.-C. Hsiao, H.-C. Hsiao In IEEE Symposium on Security and Privacy (IEEE S&P), May 2022.
[P11] Know Your Victim: Tor Browser Setting Identification via Network Traffic Analysis. [code] C.-M. Chang, H.-C. Hsiao, T. Lynar, T. Mori In the Poster Track of The Web Conference (TheWebConf), April 2022.
[P10] POSTER: Challenges in Stopping Ticket Scalping Bots. H. C. Yang, H. Lee, H.-C. Hsiao In ACM Asia Conference on Computer and Communications Security (ASIACCS), October 2020.
[P9] POSTER: Android IME Privacy Leakage Analyzer. P. Lo, J.-C. Huo, H.-C. Hsiao, B. Sun, T. Ban, T. Takahashi In IEEE Symposium on Security and Privacy (IEEE S&P), May 2020.
[P8] Keeping passwords in your pocket: Managing password locally with mobile fingerprint sensors. P.-Y. Lin, Z.-Y. Zhou, C.-M. Chang, H.-W. Chen, S.-P. Tung, and H.-C. Hsiao In the Poster Track of The Web Conference (TheWebConf), April 2020.
[P7] Detecting JavaScript Injection via Website Behavior Fingerprint. C.-C. Liu, H.-C. Hsiao, and T.H.-J. Kim In the Poster Track of The Web Conference (TheWebConf), April 2020.
[P6] Hybrid-Voting:A Hybrid Structured Electronic Voting System. P.-L.Wang, S.-H.Yang, and H.-C. Hsiao In the Poster Track of The Web Conference (TheWebConf), April 2020.
[P5] Secure Device Pairing. H.-C. Hsiao In Encyclopedia of Wireless Networks (Springer), 2019.
[P4] Poster: Protecting Campus Networks with Cost-effective DDoS Defense. W.-H. Chiang, S.-P. Tung, Y.-S. Wang, I-J. Hsiao, H.-C. Hsiao In IEEE Symposium on Security and Privacy (IEEE S&P), May 2019.
[P3] Challenges in Realizing Privacy-aware Cloud-based DDoS Mitigation Mechanism. S.-C. Lin, W.-N. Chen, H.-C. Hsiao In USENIX Security Symposium Poster Session, August 2018.
[P2] Need Tickets? A Case Study of Bot-enabled Ticket Scalping. C.-C. Lin, H.-C. Hsiao Extended Abstract in APWG.EU eCrime Cyber-Security Symposium, October 2017.
[P1] Poster: VLC-based Authenticated Key Exchange. Y.-S. Chen, C.-L. Lin, H.-C. Hsiao, Y.-H. Lin, H.-M. Tsai In IEEE Symposium on Security and Privacy (IEEE S&P), May 2016.
