Tiffany Bao

I am a Ph.D. student at Carnegie Mellon University, Electrical and Computing Engineering Department. My research interests focus on cyber autonomy on software security, including automated binary analysis techniques and autonomous game-theoretical strategy for software vulnerabilities. I am fortunate to be advised by David Brumley.

Contact

Carnegie Mellon University
4720 Forbes Avenue
Pittsburgh, PA 15213

Education

• Ph.D. student in Electrical and Computer Engineering, Carnegie Mellon University
• B.A. in Schools of Electronics Engineering and Computer Science, Peking University

Publication

• Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits.
  Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili and David Brumley.
  In Proceedings of the 38th IEEE Symposium on Security and Privacy (Oakland '17).
[pdf][slides]

• How Shall We Play a Game: A Game-Theoretical Model for Cyber-warfare Games.
  Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna and David Brumley.
  In Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF '17).
[pdf][slides]

• Security is a game.
  Tiffany Bao.
  In 2017 USENIX Summit on Hot Topics in Security (HotSec ’17).
  Awarded Talk.
[slides]

• Efficient Crash Triage with Black-box Dependency Inference.
  Tiffany Bao, Thanassis Avgerinos, Gustavo Grieco and David Brumley.
  Submitted for Publication.

• Primus: Memory Check with Micro Execution.
  Ivan Gotovchits, Tiffany Bao and David Brumley.
  Submitted for Publication.

• Does IT Make us Secure? A Qualitative Evaluation for Binary Analysis Techniques.
  Tiffany Bao and David Brumley.
  To be Submitted.

• A Game-theoretical Model for Cyber-warfare Games. (Invited Poster)
  Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna and David Brumley.
  In the 8th Workshop on Computational Cybersecurity in Compromised Environments (C3E '16).
[pdf]

• ByteWeight: Learning to Recognize Functions in Binary Code.
  Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley.
  In Proceedings of the 23rd USENIX Security Symposium (USENIX '14).
[website] [pdf] [slides]

• Type-based Dynamic Taint Analysis Technology.
  Libo Chen, Jianwei Zhuge, Fan Tian, Tiffany Bao, and Xun Lu.
  Journal of Tsinghua University.
[pdf]

• Research of Technology for Type-based Dynamic Taint Analysis.
  Libo Chen, Jianwei Zhuge, Fan Tian, Tiffany Bao, and Xun Lu.
  In the Proceedings of 5th Conference on Vulnerability Analysis and Risk Assessment (VARA '12).
  Outstanding Paper Award.
[pdf]

Research Experience

• Research Assistant at The Security Lab, University of California, Santa Barbara.
• Research Internship at Network and Information Security Lab, Tsinghua University, Beijing.
• Research Assistant at Institute of Computer Science & Technology, Peking Univeristy, Beijing.