Biblio

Filters: Author is Liu, Yue  [Clear All Filters]
2023-01-06
Xu, Huikai, Yu, Miao, Wang, Yanhao, Liu, Yue, Hou, Qinsheng, Ma, Zhenbang, Duan, Haixin, Zhuge, Jianwei, Liu, Baojun.  2022.  Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers. 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P). :171—187.
MQTT is widely adopted by IoT devices because it allows for the most efficient data transfer over a variety of communication lines. The security of MQTT has received increasing attention in recent years, and several studies have demonstrated the configurations of many MQTT brokers are insecure. Adversaries are allowed to exploit vulnerable brokers and publish malicious messages to subscribers. However, little has been done to understanding the security issues on the device side when devices handle unauthorized MQTT messages. To fill this research gap, we propose a fuzzing framework named ShadowFuzzer to find client-side vulnerabilities when processing incoming MQTT messages. To avoiding ethical issues, ShadowFuzzer redirects traffic destined for the actual broker to a shadow broker under the control to monitor vulnerabilities. We select 15 IoT devices communicating with vulnerable brokers and leverage ShadowFuzzer to find vulnerabilities when they parse MQTT messages. For these devices, ShadowFuzzer reports 34 zero-day vulnerabilities in 11 devices. We evaluated the exploitability of these vulnerabilities and received a total of 44,000 USD bug bounty rewards. And 16 CVE/CNVD/CN-NVD numbers have been assigned to us.
2019-02-22
Li, Gang, Liu, Yue, Wang, Yongtian.  2018.  An Empirical Evaluation of Labelling Method in Augmented Reality. Proceedings of the 16th ACM SIGGRAPH International Conference on Virtual-Reality Continuum and Its Applications in Industry. :7:1-7:9.

In an augmented reality system, labelling technique is a very useful assistant technique for browsing and understanding unfamiliar objects or environments, through which the superimposed virtual labels of words or pictures on the real scene provide convenient information to the viewers, expand the recognition to area of interests and promote the interaction with real scene. How to design the layout of labels in user's field of view, keep the clarity of virtual information and balance the ratio between virtual information and real scene information is a key problem in the field of view management. This paper presents the empirical results extracted from experiment aiming at the user's visual perception to labelling layout, which reflects the subjective preferences to different factors influencing the labelling result. Statistical analysis of the experiment results shows the intuitive visual judgement accomplished by subjects. The quantitative measurement of clutter indicates the change induced by labels on real scene, therefore contributing the label design on view management in future.