- Xiaolong Bai, Zhe Zhou, XiaoFeng Wang, Zhou Li, Xianghang Mi, Nan Zhang, Tongxin Li, Shi-Min Hu, Kehuan Zhang. Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment. Accepted by 26th USENIX Security Symposium (Usenix Security 17).
- Xiaolong Bai, Luyi Xing, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, and Shi-Min Hu. Staying secure and unprepared: Understanding and mitigating the security risks of apple zeroconf. 2016 IEEE Symposium on Security and Privacy (S&P). 2016: 655-674.
- Xiaolong Bai, Luyi Xing, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, and Shi-Min Hu. Apple ZeroConf Holes: How Hackers Can Steal iPhone Photos. IEEE SECURITY & PRIVACY. 2017, 15(2): 42-49.
- Xiaolong Bai, Jie Yin, Yu-Ping Wang. Sensor Guardian: Prevent Privacy Inference on Android Sensors. Accepted by EURASIP Journal on Information Security.
- Zhang, Xiaokuan., Wang, Xueqiang., Bai, Xiaolong., Zhang, Yinqian., Wang, Xiaofeng. OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS. (In NDSS'18)
- Li, Tongxin and Wang, Xueqiang and Zha, Mingming and Chen, Kai and Wang, XiaoFeng and Xing, Luyi and Bai, Xiaolong and Zhang, Nan and Han, Xinhui (2017). Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews. (In CCS’17).
- Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-Min Hu, and Xinhui Han. Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15), 2015: 31-43.
- Jie Yin, Gang Tan, XiaoLong Bai, Shi-Min Hu. WebC: toward a portable framework for deploying legacy code in web browsers. SCIENCE CHINA-Information Sciences, 2015, 58(7):1-5.
- 白小龙. Android 应用程序权限自动裁剪系统. 计算机工程与科学, 2014, 36(11): 2074-2086.