Publications | Chuan Yue

Refereed Journal Papers

Fuzzing-Based Hard-Label Black-Box Attacks Against Machine Learning Models.
By Yi Qin and Chuan Yue.
In Journal of Computers & Security (COMPSEC), Elsevier, 117: 102694, 2022.
Crowdsourcing as a Tool for Research: Methodological, Fair, and Political Considerations.
By Stephen C. Rea, Hanzelle Kleeman, Qin Zhu, Benjamin Gilbert, and Chuan Yue.
In Journal of Bulletin of Science, Technology & Society (BSTS), 2021.
Sensor-based Mobile Web Cross-site Input Inference Attacks and Defenses.
By Rui Zhao, Chuan Yue, and Qi Han.
In IEEE Transactions on Information Forensics and Security (TIFS), 2019.
Design and Evaluation of the Highly Insidious Extreme Phishing Attacks.
By Rui Zhao, Samantha John, Stacy Karas, Cara Bussell, Jennifer Roberts, Daniel Six, Brandon Gavett, and Chuan Yue.
In Journal of Computers & Security (COMPSEC), Elsevier, 70: 634–647, 2017.
Phishing Suspiciousness in Older and Younger Adults: The Role of Executive Functioning.
By Brandon Gavett, Rui Zhao, Samantha John, Cara Bussell, Jennifer Roberts, and Chuan Yue.
In Journal of PLoS ONE, 12(2): e0171620, 2017.
Toward A Secure and Usable Cloud-based Password Manager for Web Browsers.
By Rui Zhao and Chuan Yue.
In Journal of Computers & Security (COMPSEC), Elsevier, 46(3): 32–47, 2014.
(This is an extended version of our CODASPY’13 conference paper “All Your Browser-saved Passwords Could Belong to Us: a Security Analysis and a Cloud-based New Design”, which was reported by The Oregonian in March 2014, and has prompted at least one top Web browser vendor to make some important changes in its password manager feature.)
Vulnerability and Risk Analysis of Two Commercial Browser and Cloud Based Password Managers.
By Rui Zhao, Chuan Yue, and Kun Sun.
In ASE (Academy of Science and Engineering) Science Journal, 1(4): 1–15, 2013.
(This is an extended version of our PASSAT’13 conference paper “A Security Analysis of Two Commercial Browser and Cloud Based Password Managers”.)
(This work was reported by The Oregonian in March 2014, and it has prompted at least one vendor to make some important changes in its password manager.)
A Measurement Study of Insecure JavaScript Practices on the Web.
By Chuan Yue and Haining Wang.
In ACM Transactions on the Web (TWEB), 7(2): 1–39, 2013.
(This is an extended version of our WWW’09 conference paper “Characterizing Insecure JavaScript Practices on the Web”.)
BogusBiter: A Transparent Protection Against Phishing Attacks.
By Chuan Yue and Haining Wang.
In ACM Transactions on Internet Technology (TOIT), 10(2): 1–31, 2010.
(This is an extended version of our ACSAC’08 conference paper “Anti-Phishing in Offense and Defense”.)
An Automatic HTTP Cookie Management System.
By Chuan Yue, Mengjun Xie, and Haining Wang.
In Journal of Computer Networks (COMNET), Elsevier, 54(13): 2182–2198, 2010.
(This is an extended version of our DSN’07 conference paper “Automatic Cookie Usage Setting with CookiePicker”.)
Profit-aware Overload Protection in E-commerce Web Sites.
By Chuan Yue and Haining Wang.
In Journal of Network and Computer Applications, Elsevier, 32(2): 347–356, 2009.
Runtime and Programming Support for Memory Adaptation in Scientific Applications via Local Disk and Remote Memory (invited paper).
By Richard Tran Mills, Chuan Yue, Andreas Stathopoulos, and Dimitris Nikolopoulos.
In Journal of Grid Computing, Springer Verlag, 5(2): 213–234, 2007.

Refereed Conference, Workshop, and Poster Papers

Analyzing the Feasibility of Adopting Google’s Nonce-Based CSP Solutions on Websites.
By Mengxia Ren, Anhao Xiang, and Chuan Yue.
To appear in proceedings of the IEEE/ACM International Conference on Software Engineering (ICSE), 2025.
Content Security Policy Deployment Issues Related to Third-party Scripts among Builder-generated Websites and Other Websites.
By Mengxia Ren and Chuan Yue.
In proceedings of the IEEE International Performance Computing and Communications Conference (IPCCC), 2024.
Completeness Analysis of Mobile Apps’ Privacy Policies by Using Deep Learning.
By Khalid Alkhattabi and Chuan Yue.
In proceedings of the International Conference on Science of Cyber Security (SciSec), 2024
PolicyChecker: Analyzing the GDPR Completeness of Mobile Apps’ Privacy Policies
By Anhao Xiang, Weiping Pei, and Chuan Yue.
In proceedings of the ACM Conference on Computer and Communications Security (CCS), 2023.
A Tale of Two Communities: Privacy of Third Party App Users in Crowdsourcing – The Case of Receipt Transcription.
By Weiping Pei, Yanina Likhtenshteyn, and Chuan Yue.
In proceedings of the ACM on Human-Computer Interaction: ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW), 2023.
WebMea: A Google Chrome Extension for Web Security and Privacy Measurement Studies(short paper).
By Mengxia Ren, Joshua Josey, and Chuan Yue.
In proceedings of the International Conference on Science of Cyber Security (SciSec), 2023
Coverage and Secure Use Analysis of Content Security Policies via Clustering.
By Mengxia Ren and Chuan Yue.
In proceedings of the IEEE European Symposium on Security and Privacy (Euro S&P), 2023
Exploring the Negotiation Behaviors of Owners and Bystanders over Data Practices of Smart Home Devices.
By Ahmed Alshehri, Eugin Pahk, Joseph Spielman, Jacob Parker, Benjamin Gilbert, and Chuan Yue.
In proceedings of the ACM CHI Conference on Human Factors in Computing Systems (CHI), 2023
Generating Content-Preserving and Semantics-Flipping Adversarial Text.
By Weiping Pei and Chuan Yue.
In proceedings of the ACM ASIA Conference on Computer and Communications Security (AsiaCCS), 2022
Exploring the Privacy Concerns of Bystanders in Smart Homes from the Perspectives of both Owners and Bystanders.
By Ahmed Alshehri, Joseph Spielman, Amiya Prasad, and Chuan Yue.
In proceedings of the Privacy Enhancing Technologies Symposium (PETS), 2022.
Question Answering Models For Privacy Policies of Mobile Apps: Are We There Yet?
By Khalid Alkhattabi, Davita Bird, Kai Miller, and Chuan Yue.
In proceedings of the International Conference on Science of Cyber Security (SciSec), 2022.
SecQuant: Quantifying Container System Call Exposure.
By Sunwoo Jang, Somin Song, Byungchul Tak, Sahil Suneja, Michael V. Le, Chuan Yue, and Dan Williams.
In proceedings of the European Symposium on Research in Computer Security (ESORICS), 2022.
WtaGraph: Web Tracking and Advertising Detection using Graph Neural Networks.
By Zhiju Yang, Weiping Pei, Monchu Chen, and Chuan Yue.
In proceedings of the IEEE Symposium on Security and Privacy (S&P), 2022.
Quality Control in Crowdsourcing based on Fine-Grained Behavioral Features.
By Weiping Pei, Zhiju Yang, Monchu Chen, and Chuan Yue.
In proceedings of the ACM on Human-Computer Interaction: ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW), 2021.
Key-Based Input Transformation Defense Against Adversarial Examples.
By Yi Qin and Chuan Yue.
In proceedings the IEEE International Performance Computing and Communications Conference (IPCCC), 2021.
Attention Please: Your Attention Check Questions in Survey Studies Can Be Automatically Answered.
By Weiping Pei, Arthur Mayer, Kaylynn Tu, and Chuan Yue.
In proceedings of The Web Conference (formerly known as The WWW Conference), 2020.
(This paper is on Quality Control in Crowdsourcing. Arthur and Kaylynn are undergraduate research assistants whose contribution is on data collection.)
A Comparative Measurement Study of Web Tracking on Mobile and Desktop Environments.
By Zhiju Yang and Chuan Yue.
In proceedings of the Privacy Enhancing Technologies Symposium (PETS), 2020.
Distinguishability of Adversarial Examples.
By Yi Qin, Ryan Hunt, and Chuan Yue.
In proceedings of the International Conference on Availability, Reliability and Security (ARES), 2020.
Security and Privacy Analysis of Android Family Locator Apps.
By Khalid Alkhattabi, Ahmed Alshehri, and Chuan Yue.
In proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2020.
Visualizing and Interpreting RNN Models in URL-based Phishing Detection.
By Tao Feng and Chuan Yue.
In proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2020.
Attacking and Protecting Tunneled Traffic of Smart Home Devices.
By Ahmed Alshehri, Jacob Granley, and Chuan Yue.
In proceedings of the ACM Conference on Data and Applications Security (CODASPY), 2020.
Mining Least Privilege Attribute Based Access Control Policies.
By Matthew Sanders and Chuan Yue.
In proceedings of the Annual Computer Security Applications Conference (ACSAC), 2019.
On Improving the Effectiveness of Adversarial Training.
By Yi Qin, Ryan Hunt, and Chuan Yue.
In proceedings of the ACM International Workshop on Security and Privacy Analytics (IWSPA), 2019.
Website Fingerprinting by Power Estimation Based Side-Channel Attacks on Android 7.
By Yi Qin and Chuan Yue.
In proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2018.
Effective Mobile Web User Fingerprinting via Motion Sensors.
By Zhiju Yang, Rui Zhao, and Chuan Yue.
In proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2018.
Minimizing Privilege Assignment Errors in Cloud Services. (Outstanding Paper Award!)
By Matthew Sanders and Chuan Yue.
In proceedings of the ACM Conference on Data and Applications Security (CODASPY), 2018.
Automated Least Privileges in Cloud-Based Web Services.
By Matthew Sanders and Chuan Yue.
In proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb), 2017.
Cross-site Input Inference Attacks on Mobile Web Users (short paper).
By Rui Zhao, Chuan Yue, and Qi Han.
To appear in proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm), 2017.
An Analysis Of Open Ports And Port Pairs In EC2 Instances (short paper).
By Beaulah Navamani, Chuan Yue, and Xiaobo Zhou.
In proceedings of the IEEE International Conference on Cloud Computing (IEEE Cloud), 2017.
Teaching Computer Science with Cybersecurity Education Built-in.
By Chuan Yue.
In proceedings of the USENIX Workshop on Advances in Security Education (ASE), 2016.
(In this paper, we report the partial research results of our NSF project with award #1619841 (formerly #1438935))
The Highly Insidious Extreme Phishing Attacks.
By Rui Zhao, Samantha John, Stacy Karas, Cara Bussell, Jennifer Roberts, Daniel Six, Brandon Gavett, and Chuan Yue.
In proceedings of the IEEE International Conference on Computer Communication and Networks (ICCCN), 2016.
Sensor-based Mobile Web Fingerprinting and Cross-site Input Inference Attacks (position paper).
By Chuan Yue.
In proceedings of the IEEE Workshop on Mobile Security Technologies (MoST), 2016.
Using Item Response Theory to Improve the Ecological Validity of Neuropsychological Tests: An Example of Phishing Susceptibility (poster).
By Brandon E. Gavett, Rui Zhao, Samantha E. John, Daniel Six, Cara Bussell, Stacy Karas, Jennifer R. Roberts, Jason Adams, and Chuan Yue.
In proceedings of the 44th Annual Meeting in International Neuropsychological Society (INS), 2016.
Age Group, Not Executive Functioning, Predicts Past Susceptibility to Internet Phishing Scams (poster).
By Jennifer R. Roberts, Samantha E. John, Cara A. Bussell, Katalin Grajzel, Rui Zhao, Stacy Karas, Daniel Six, Chuan Yue, and Brandon E. Gavett.
In proceedings of the 35th Annual Conference of the National Academy of Neuropsychology (NAN), 2015.
SafeSky: A Secure Cloud Storage Middleware for End-user Applications.
By Rui Zhao, Chuan Yue, Byungchul Tak, and Chunqiang Tang.
In proceedings of the IEEE Symposium on Reliable Distributed Systems (SRDS), 2015.
Automatic Detection of Information Leakage Vulnerabilities in Browser Extensions.
By Rui Zhao, Chuan Yue, and Qing Yi.
In proceedings of the International World Wide Web Conference (WWW), 2015.
An Analysis of the Virtual Machine Migration Incurred Security Problems in the Cloud.
By Beaulah Navamani, Chuan Yue, Xiaobo Zhou, and Edward Chow.
In proceedings of the 3rd ASE International Conference on Cyber Security (CyberSecurity), 2014.
A Security Analysis of Two Commercial Browser and Cloud Based Password Managers.
By Rui Zhao, Chuan Yue, and Kun Sun.
In proceedings of the 5th ASE/IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT), 2013.
(This is one of the top 5% accepted papers that have also been invited to be published in the ASE Science Journal)
Unveiling Privacy Setting Breaches in Online Social Networks.
By Xin Ruan, Chuan Yue, and Haining Wang.
In proceedings of the 9th International Conference on Security and Privacy in Communication Networks (SecureComm), 2013.
The Devil is Phishing: Rethinking Web Single Sign-On Systems Security.
By Chuan Yue.
In proceedings of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2013.
Toward Secure and Convenient Browsing Data Management in the Cloud.
By Chuan Yue.
In proceedings of the 5th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud), 2013.
All Your Browser-saved Passwords Could Belong to Us: a Security Analysis and a Cloud-based New Design (short paper).
By Rui Zhao and Chuan Yue.
In proceedings of the ACM Conference on Data and Applications Security (CODASPY), 2013.
(This work was reported by The Oregonian in March 2014, and it has prompted at least one top Web browser vendor to make some important changes in its password manager feature.)
(Think at least twice before you use any existing password managers!)
Preventing the Revealing of Online Passwords to Inappropriate Websites with LoginInspector. (Best Paper Award!)
By Chuan Yue.
In proceedings of the USENIX Large Installation System Administration Conference (LISA), 2012.
Using Amazon EC2 in Computer and Network Security Lab Exercises: Design, Results, and Analysis.
By Chuan Yue, Weiying Zhu, Greg Williams, and Edward Chow.
In proceedings of the 119th ASEE Annual Conference and Exposition, 2012.
Mitigating Cross-Site Form History Spamming Attacks with Domain-based Ranking.
By Chuan Yue.
In proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2011.
SessionMagnifier: A Simple Approach to Secure and Convenient Kiosk Browsing.
By Chuan Yue and Haining Wang.
In proceedings of the International Conference on Ubiquitous Computing (Ubicomp), 2009.
Secure Passwords Through Enhanced Hashing.
By Benjamin Strahs, Chuan Yue, and Haining Wang.
In proceedings of the USENIX Large Installation System Administration Conference (LISA), 2009.
RCB: A Simple and Practical Framework for Real-time Collaborative Browsing.
By Chuan Yue, Zi Chu, and Haining Wang.
In proceedings of the USENIX Annual Technical Conference (USENIX ATC), 2009.
Efficient Resource Management on Template-based Web Servers.
By Eli Courtwright, Chuan Yue, and Haining Wang.
In proceedings of the IEEE/IFIP International Conference on Dependable Systems and Network (DSN), 2009.
Characterizing Insecure JavaScript Practices on the Web.
By Chuan Yue and Haining Wang.
In proceedings of the International World Wide Web Conference (WWW), 2009.
Anti-Phishing in Offense and Defense.
By Chuan Yue and Haining Wang.
In proceedings of the Annual Computer Security Applications Conference (ACSAC), 2008.
Automatic Cookie Usage Setting with CookiePicker.
By Chuan Yue, Mengjun Xie, and Haining Wang.
In proceedings of the IEEE/IFIP International Conference on Dependable Systems and Network (DSN), 2007.
Profit-aware Admission Control for Overload Protection in E-commerce Web Sites (short paper).
By Chuan Yue and Haining Wang.
In proceedings of the IEEE International Workshop on Quality of Service (IWQoS), 2007.
Runtime Support for Memory Adaptation in Scientific Applications via Local Disk and Remote Memory (Best Paper Nominee).
By Chuan Yue, Richard Tran Mills, Andreas Stathopoulos, and Dimitris Nikolopoulos.
In proceedings of the IEEE International Symposium on High Performance Distributed Computing (HPDC), 2006.
Power-Aware Resource Allocation via Online Simulation with Multiple-Queue Backfilling.
By Barry Lawson, Chuan Yue, Evgenia Smirni, and Dimitris Nikolopoulos.
In proceedings of the Workshop on Performability Modeling of Computer and Communication Systems (PMCCS), 2005.