Skip to content

Contact

David Lie | 李云峰
Sandford Fleming 2001C
10 King’s College Road
Toronto, ON M5S 3G4
Phone: (416) 946-0251
Fax: (416) 978-1145
Admin: Simone RodrigueShania Dela Paz
david.lie@utoronto.ca(PGP key)

Recent News

Publications

Here are some of the publications I have authored with my students.  They are published at among the best venues in the world for computer security and systems software research. I hope you enjoy them!

All PDF files will open in a built-in viewer.  To download the PDF file, click on the download button in the upper right, or right click on the link in your browser.

2025
[73]Xiangyu Guo, Akshay Kawlay, Eric Liu and David Lie, “EvoCrawl: Exploring Web Application Code and State using Evolutionary Search“, In Proceedings of the 2025 Symposium on Network and Distributed System Security (NDSS), 2025. (To appear) [bibtex]
[72]He Shuang, Lianying Zhao and David Lie, “Duumviri: Detecting Trackers and Mixed Trackers with a Breakage Detector“, In Proceedings of the 2025 Symposium on Network and Distributed System Security (NDSS), 2025. (To appear) [bibtex]
2024
[71]Lianying Zhao, He Shuang, Shengjie Xu, Wei Huang, Rongzhen Cui, Pushkar Bettadpur and David Lie, “A Survey of Hardware Improvements to Secure Program Execution“, In ACM Computing Surveys (CSUR), 2024. (Author’s Copy. Published version is available here.) [bibtex]
[70]Yuqin Yan, Pritish Mishra, Wei Huang, Aastha Mehta, Oana Balmau and David Lie, “Stream Processing with Adaptive Edge-Enhanced Confidential Computing“, In 7th International Workshop on Edge Systems, Analytics and Networking (EdgeSys), 2024. [bibtex]
[69]Mingyue Yang, David Lie and Nicolas Papernot, “Exploring Strategies for Guiding Symbolic Analysis with Machine Learning Prediction“, In Proceedings of the 31st IEEE International Conference on Software Analysis (SANER), 2024. [bibtex]
2023
[68]Shengjie Xu, Eric Liu, Wei Huang and David Lie, “MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds Checking“, In Proceedings of the 26th International Symposium on Recent Advances in Intrusion Detection (RAID), 2023. [bibtex]
[67]Eric Liu, Shengjie Xu and David Lie, “FLUX: Finding Bugs with LLVM IR Based Unit Test Crossovers“, In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2023. [bibtex]
[66]Wenjun Qiu, David Lie and Lisa Austin, “Calpric: Inclusive and Fine-grained Labeling of Privacy Policies with Crowdsourcing and Active Learning“, In Proceedings of the 32nd USENIX Security Symposium, 2023. [bibtex]
[65]He Shuang, Lianying Zhao and David Lie, “vWitness: Certifying Web Page Interactions with Computer Vision“, In Proceedings of the 53rd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2023. (Conference talk video.) [bibtex]
[64]Mu-Huan Chung, Yuhong Yang, Lu Wang, Greg Cento, Khilan Jerath, Abhay Raman, David Lie and Mark H. Chignell, “Implementing Data Exfiltration Defense in Situ: A Survey of Countermeasures and Human Involvement“, In ACM Computing Surveys, 2023. (Author’s personal copy available here.) [bibtex]
2022
[63]Jiaqi Wang, Roei Schuster, Ilia Shumailov, David Lie and Nicolas Papernot, “In Differential Privacy, There is Truth: on Vote-Histogram Leakage in Ensemble Private Learning“, In Proceedings of the 36th Conference on Neural Information Processing Systems (NeurIPS), 2022. [bibtex]
[62]Beom Heyn Kim, Taesoo Kim and David Lie, “Modulo: Finding Convergence Failure Bugs in Distributed Systems with Divergence Resync Models“, In Proceedings of the 2022 Annual Conference on USENIX Annual Technical Conference (ATC), 2022. (Conference presentation, Source code) [bibtex]
[61]Michelle Y. Wong and David Lie, “Driving Execution of Target Paths in Android Applications with (a) CAR“, In Proceedings of the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2022. (Conference presentation) [bibtex]
2021
[60]David Lie, Lisa M. Austin, Peter Yi Ping Sun and Wenjun Qiu, “Automating Accountability? Privacy Policies, Data Transparency, and the Third Party Problem“, In University of Toronto Law Journal, pp. e20200136, 2021. (Author’s Copy. Published version is available here.) [bibtex]
[59]Mingyue Yang, David Lie and Nicolas Papernot, “Accelerating Symbolic Analysis for Android Apps“, In Proceedings of the 4th International Workshop on Advances in Mobile App Analysis (A-Mobile), 2021. (Slides, Workshop presentation) [bibtex]
[58]Lisa M. Austin, Andrea Slane, David Lie and Ian Goldberg, “Online Harms and Lawful Access: A Submission to the Government of Canada“, Technical report, SSRN 3934664, pp. 7, 2021. [bibtex]
[57]Weicheng Cao, Chunqiu Xia, Sai Teja Peddinti, David Lie, Nina Taft and Lisa M. Austin, “A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions“, In Proceedings of the 30th USENIX Security Symposium, 2021. (Media coverage, Conference presentation) [bibtex]
[56]Wei Huang, Shengjie Xu, Yueqiang Cheng and David Lie, “Aion Attacks: Manipulating Software Timers in Trusted Execution Environment“, In Proceedings of the 18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2021. (Best Paper Award, Slides, Conference presentation) [bibtex]
[55]Lisa M. Austin and David Lie, “Data Trusts and the Governance of Smart Environments: Lessons from the Failure of Sidewalk Labs’ Urban Data Trust“, In Surveillance & Society, vol. 19, no. 2, 2021. [bibtex]
[54]Lucas Bourtoule, Varun Chandrasekaran, Christopher Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie and Nicolas Papernot, “Machine Unlearning“, In Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021. (source code, blog post, media coverage, 1 minute overview, Conference presentation) [bibtex]
[53]Shengjie Xu, Wei Huang and David Lie, “In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection“, In Proceedings of the 26th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2021. (Extended abstract, 20 minute talk, 5 minute talk) [bibtex]
[52]Rongzhen Cui, Lianying Zhao and David Lie, “Emilia: Catching Iago in Legacy Code“, In Proceedings of the 2021 Symposium on Network and Distributed System Security (NDSS), 2021. (Full talk video) [bibtex]
2020
[51]Lianying Zhao and David Lie, “Is Hardware More Secure than Software?“, In IEEE Security & Privacy, 2020. (Author’s Copy. Published version is available here) [bibtex]
[50]Lisa M. Austin, Vincent Chiao, Beth Coleman, David Lie, Martha Shaffer, Andrea Slane and François Tanguay-Renaud, “Test, Trace, and Isolate: Covid-19 and the Canadian Constitution“, Technical report, SSRN 3608823, pp. 17, 2020. (This report was provided to the Minister of Justice, the Honourable David Lametti, to advise on issues regarding Covid-19 contract tracing and exposure-notification Smartphone apps. It is also available on SSRN 3608823. Media coverage) [bibtex]
[49]Ivan Pustogarov, Qian Wu and David Lie, “Ex-vivo Dynamic Analysis Framework for Android Device Drivers“, In Proceedings of the 41st IEEE Symposium on Security and Privacy, 2020. (1 minute overview, Full talk video.) [bibtex]
[48]Zhen Huang and David Lie and Gang Tan and Trent Jaeger, “Using Safety Properties to Generate Vulnerability Patches“, In Usenix login; Magazine, vol. 45, no. 4, 2020. (Read the original IEEE S&P Paper) [bibtex]
2019
[47]Lisa M. Austin and David Lie, “Safe Sharing Sites“, In N.Y.U. Law Review, vol. 94, 2019. [bibtex]
[46]He Shuang, Wei Huang, Pushkar Bettadpur, Lianying Zhao, Ivan Pustogarov and David Lie, “Using Inputs and Context to Verify User Intentions in Internet Services“, In Proceedings of the 10th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys), 2019. [bibtex]
[45]Zhen Huang, David Lie, Gang Tan and Trent Jaeger, “Using Safety Properties to Generate Vulnerability Patches“, In Proceedings of the 40th IEEE Symposium on Security and Privacy, 2019. (A shorter version appeared as a Usenix login; article) [bibtex]
2018
[44]Wei Huang, Vasily Rudchenko, He Shuang, Zhen Huang and David Lie, “Pearl-TEE: Supporting Untrusted Applications in TrustZone“, In Proceedings of the 3rd Workshop on System Software for Trusted Execution (SysTEX), 2018. [bibtex]
[43]Michelle Y. Wong and David Lie, “Tackling Runtime-based obfuscation in Android with TIRO“, In Proceedings of the 27th USENIX Security Symposium, 2018. (slides, source code) [bibtex]
[42]Lisa M. Austin, David Lie, Peter Yi Ping Sun, Robin Spilette, Michelle Y. Wong and Mariana D’Angelo, “Towards Dynamic Transparency: The AppTrans (Transparency for Android Applications) Project“, Technical report, SSRN 3203601, pp. 51, 2018. (Available at SSRN 3203601) [bibtex]
2017
[41]Andrea Bittau, Úlfar Erlingsson, Petros Maniatis, Ilya Mironov, Ananth Raghunathan, David Lie, Mitch Rudominer, Ushasree Kode, Julien Tinnes and Bernhard Seefeld, “Prochlo: Strong Privacy for Analytics in the Crowd“, In Proceedings of the 26th ACM Symposium on Operating Systems Principles (SOSP), 2017. [bibtex]
[40]David Lie and Petros Maniatis, “Glimmers: Resolving the Privacy/Trust Quagmire“, In Proceedings of the 16th USENIX Workshop on Hot Topics in Operating Systems (HotOS), 2017. [bibtex]
[39]Beom Heyn Kim, Sukwon Oh and David Lie, “Consistency Oracles: Towards an Interactive and Flexible Consistency Model Specification“, In Proceedings of the 16th USENIX Workshop on Hot Topics in Operating Systems (HotOS), 2017. [bibtex]
2016
[38]Wei Huang, Zhen Huang and David Lie, “LMP: Light-Weighted Memory Protection with Hardware Assistance“, In Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC), 2016. [bibtex]
[37]Zhen Huang, Mariana D’Angelo, Dhaval Miyani and David Lie, “Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response“, In Proceedings of the 37th IEEE Symposium on Security and Privacy, pp. 618–635, 2016. [bibtex]
[36]Michelle Y. Wong and David Lie, “IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware“, In Proceedings of the 2016 Symposium on Network and Distributed System Security (NDSS), 2016. [bibtex]
2015
[35]Beom Heyn Kim and David Lie, “Caelus: Verifying the Consistency of Cloud Services with Battery-Powered Devices“, In Proceedings of the 36th IEEE Symposium on Security and Privacy, 2015. [bibtex]
[34]Wei Huang, Afshar Ganjali, Beom Heyn Kim, Sukwon Oh and David Lie, “The State of Public Infrastructure-as-a-Service Cloud Security“, In ACM Computing Surveys (CSUR), vol. 47, no. 4, pp. 68, 2015. [bibtex]
2014
[33]Zheng Wei and David Lie, “LazyTainter: Memory-Efficient Taint Tracking in Managed Runtimes“, In Proceedings of the The 4th Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2014. [bibtex]
[32]Zhen Huang and David Lie, “Ocasta: Clustering Configuration Settings for Error Recovery“, In Proceedings of the 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2014. [bibtex]
2012
[31]Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang and David Lie, “PScout: Analyzing the Android Permission Specification“, In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), 2012. [bibtex]
[30]Beom Heyn Kim, Wei Huang and David Lie, “Unity: Secure and Durable Personal Cloud Storage“, In Proceedings of the ACM Cloud Computing Security Workshop (CCSW), 2012. [bibtex]
[29]Afshar Ganjali and David Lie, “Auditing Cloud Administrators Using Information Flow Tracking“, In Proceedings of the 7th Workshop on Scalable Trusted Computing (STC), 2012. [bibtex]
2011
[28]Mohammad Mannan, Beom Heyn Kim, Afshar Ganjali and David Lie, “Unicorn: Two-Factor Attestation for Data Security“, In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pp. 17–28, 2011. [bibtex]
[27]Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, Phillipa Gill and David Lie, “Short paper: A Look at Smartphone Permission Models“, In Proceedings of the 1st Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 63–67, 2011. [bibtex]
[26]Lionel Litty and David Lie, “Patch Auditing in Infrastructure as a Service Clouds“, In Proceedings of the 7th International Conference on Virtual Execution Environments (VEE), pp. 145–156, 2011. [bibtex]
[25]Mohammed Mannan, David Barrera, Carson Brown, Paul Van Oorschot and David Lie, “Mercury: Recovering Forgotten Passwords Using Personal Devices“, In Proceedings of the 15th International Conference on Financial Cryptography and Data Security (FC), 2011. [bibtex]
2010
[24]David Lie and Lionel Litty, “Using Hypervisors to Secure Commodity Operating Systems“, In Proceedings of the 5th Workshop on Scalable Trusted Computing (STC), 2010. [bibtex]
[23]Phillipa Gill, Yashar Ganjali, Bernard Wong and David Lie, “Dude Where’s That IP? Circumventing Measurement-Based IP Geolocation“, In Proceedings of the 19th USENIX Security Symposium, 2010. [bibtex]
[22]Lee Chew and David Lie, “Kivati: Fast Detection and Prevention of Atomicity Violations“, In Proceedings of the 2010 ACM European Conference on Computer Systems (EuroSys), pp. 307–320, 2010. [bibtex]
2009
[21]Lionel Litty, Horacio Andrés Lagar-Cavilla and David Lie, “Computer Meteorology: Monitoring Compute Clouds“, In Proceedings of the 12th USENIX Workshop on Hot Topics in Operating Systems (HotOS), 2009. [bibtex]
2008
[20]Thomas E. Hart, Kelvin Ku, David Lie, Marsha Chechik and Arie Gurfinkel, “PtYasm: Software Model Checking with Proof Templates“, In The Tools Track of the 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE), 2008. [bibtex]
[19]Thomas E. Hart, Kelvin Ku, David Lie, Marsha Chechik and Arie Gurfinkel, “Augmenting Counterexample-Guided Abstraction Refinement With Proof Templates“, In Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE), 2008. [bibtex]
[18]Lionel Litty, Horacio Andrés Lagar-Cavilla and David Lie, “Hypervisor Support for Identifying Covertly Executing Binaries“, In Proceedings of the 17th USENIX Security Symposium, pp. 243–258, 2008. [bibtex]
[17]Thomas E. Hart, Marsha Chechik and David Lie, “Security Benchmarking Using Partial Verification“, In Proceedings of the 3rd USENIX Workshop on Hot Topics in Security (HOTSEC), 2008. [bibtex]
[16]Thomas E. Hart, Kelvin Ku, David Lie, Marsha Chechik and Arie Gurfinkel, “Augmenting Counterexample-Guided Abstraction Refinement With Proof Templates“, Technical report, Department of Computer Science, University of Toronto CSRG-581, pp. 15, 2008. [bibtex]
2007
[15]Kelvin Ku, Thomas E. Hart, Marsha Chechik and David Lie, “A Buffer Overflow Benchmark for Software Model Checkers“, In Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE), 2007. [bibtex]
[14]David Lie and M. Satyanarayanan, “Quantifying the Strength of Security Systems“, In Proceedings of the 2nd USENIX Workshop on Hot Topics in Security (HOTSEC), 2007. [bibtex]
[13]Jesse Pool, Ian Sin Kwok Wong and David Lie, “Relaxed Determinism: Making Redundant Execution on Multiprocessors Practical“, In Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems (HotOS), pp. 25–30, 2007. [bibtex]
2006
[12]Richard Ta-Min, Lionel Litty and David Lie, “Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable“, In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI), pp. 279–292, 2006. [bibtex]
[11]Lionel Litty and David Lie, “Manitou: A Layer-Below Approach to Fighting Malware“, In Proceedings of the Workshop on Architectural and System Support for Improving Software Dependability (ASID), pp. 6–11, 2006. [bibtex]
[10]Kurniadi Asrigo, Lionel Litty and David Lie, “Using VMM-Based Sensors to Monitor Honeypots“, In Proceedings of the 2nd International Conference on Virtual Execution Environments (VEE), pp. 13–23, 2006. [bibtex]
2004
[9]Alan Messer, Phillippe Bernadat, Guangrui Fu, Deqing Chen, Zoran Dimitrijevic, David Lie, Durga Devi Mannaru, Alma Riska and Dejan Milojicic, “Susceptibility of Commodity Systems and Software to Memory Soft Errors“, In IEEE Transactions on Computing, pp. 1557–1568, 2004. [bibtex]
2003
[8]David Lie, Chandramohan A. Thekkath and Mark A. Horowitz, “Implementing an Untrusted Operating System on Trusted Hardware“, In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP), pp. 178–192, 2003. (Best Paper Award) [bibtex]
[7]David Lie, John Mitchell, Chandramohan A. Thekkath and Mark A. Horowitz, “Specifying and Verifying Hardware for Tamper-Resistant Software“, In Proceedings of the 24th IEEE Symposium on Security and Privacy, 2003. [bibtex]
[6]David Lie, “Architectural Support for Copy and Tamper-Resistant Software“, PhD thesis, Department of Electrical Engineering, Stanford University, 2003. [bibtex]
2001
[5]David Lie, Andy Chou, Dawson Engler and David L. Dill, “A Simple Method for Extracting Models From Protocol Code“, In Proceedings of the 28th International Symposium on Computer Architecture (ISCA), pp. 192–203, 2001. [bibtex]
[4]Deqing Chen, Alan Messer, Philippe Bernadat, Guangrui Fu, Zoran Dimitrijevic, David Lie, Durga Mannaru, Alma Riska and Dejan Milojicic, “JVM Susceptibility to Memory Errors“, In Proceedings of the 2001 Java Machine Research and Technology Symposium(JVM), pp. 67–87, 2001. [bibtex]
[3]Alan Messer, Philippe Bernadat, Guangrui Fu, Deqing Chen, Zoran Dimitrijevic, David Lie, Durga Devi Mannaru, Alma Riska and Dejan Milojicic, “Susceptibility of Modern Systems and Software to Soft Errors“, Technical report, Hewlett Packard Laboratories HPL-2001-43, pp. 11, 2001. [bibtex]
2000
[2]David Lie, Chandramohan A. Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and Mark A. Horowitz, “Architectural Support for Copy and Tamper Resistant Software“, In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 168–177, 2000. [bibtex] [citations]
[1]Dan Boneh, David Lie, Patrick Lincoln, John Mitchell and Mark Mitchell, “Hardware Support for Tamper-Resistant and Copy-Resistant Software“, Technical report, Department of Computer Science, Stanford University CS-TN-00-97, pp. 10, 2000. [bibtex]