- Shangcheng Shi*, Xianbo Wang*, Wing Cheong Lau, "MoSSOT: An Automated Blackbox Tester for Single Sign-On Vulnerabilities in Mobile Applications," ACM AsiaCCS, July 2019.
- Xianbo Wang*, Wing Cheong Lau, Shangcheng Shi*, Ronghai Yang*, "Make Redirection Evil Again -- URL Parser Issues in OAuth," BlackHat Asia, Mar 2019.
- Ronghai Yang*, Wing Cheong Lau, Jiongyi Chen*, Kehuan Zhang, "Vetting Single-Sign-On SDK Implementations via Symbolic Reasoning," in the 27th USENIX Security Symposium, Aug 2018. This work received the 2018 Internet Defense Prize (2nd Runner-up) from USENIX and Facebook.
- Jiongyi Chen*, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang* and Kehuan Zhang, "IoTFuzzer: Discovering Memory Corruptions in IoT through App-based Fuzzing," in the Network and Distributed System Security Symposium (NDSS), Feb 2018.
- Ronghai Yang*, Wing Cheong Lau, and Shangcheng Shi. "Breaking and fixing mobile app authentication with OAuth2. 0-based protocols." In International Conference on Applied Cryptography and Network Security, pp. 313-335. Springer, Cham, 2017.
- Ronghai Yang*, Guanchen Li*, Wing Cheong Lau, Kehuan Zhang, and Pili Hu. "Model-based security Testing: An empirical study on OAuth 2.0 implementations." In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 651-662. ACM, 2016.
- Ronghai Yang*, Wing Cheong Lau, and Tianyu Liu*. "Signing into one billion mobile app accounts effortlessly with oauth2. 0." blackhat Europe (2016).