I am a Professor in the School of Computer Science of Fudan University. I co-direct the System Software and Security Laboratory of Fudan University. I am also the co-founder and the coach of a great CTF Team in Fudan University, named Whitzard. We took part in many great world-wide CTF competitions and won good places.
I aim to do relevant and reasonable system research. My research interests span all areas in system security especially on widely-deployed and critical targets, while currently focusing on open-source software, kernels, Android/Web platforms, firmware, LLM-based agents and ADS.
My research covers a wide range of topics, including vulnerability discovery/exploitation/mitigation, malware/attack detection, privacy protection. To address these problems, we usually use multi-disciplined techniques such as Program Analysis, LLM, Machine/Deep Learning.
To prospective students/post-doctors: If you are interested in our research, please feel free to reach out.
Email: yuanxzhang [AT] fudan.edu.cn
Office (Jiangwan Campus): Room D6011, NO.2 Interdisciplinary Building, NO.2005 Songhu Road, Yangpu District, Shanghai
News
- [Oct, 2024] I will join the TPC of ACM CODASPY 2025. Welcome to submit!
- [Oct, 2024] I will join the TPC of ACM CCS 2025. Welcome to submit!
- [Oct, 2024] I will join the TPC of WWW 2025 (Security and privacy track). Welcome to submit!
- [Sept, 2024] Two papers accepted by IEEE S&P 2025. Congrats Fengyu & Yue!
- [Aug, 2024] One paper accepted by NDSS 2025. Congrats Zhibo!
- [Aug, 2024] One paper accepted by ASE 2024 (Industry). Congrats Shiyan!
- [July, 2024] Invited to join the TPC of USENIX ATC 2025. Welcome to submit!
- [July, 2024] Invited to join the TPC of USENIX Security 2025. Welcome to submit!
- [July, 2024] One paper accepted by ISSTA 2024. Congrats Zhongrui!
- [June, 2024] Our FSE paper on Android Component Security received the ACM SIGSOFT Distinguished Paper Award! Congrats Keke!
- [June, 2024] One paper accepted by ICSME 2024. Congrats Lin!
- [May, 2024] One paper accepted by CCS 2024. Congrats Haoyu!
- [May, 2024] Invited to join the Editorial Board of Cybersecurity. Welcome to submit!
- [April, 2024] Invited to join the Editorial Board of ACM Transactions on Security and Privacy (TOPS). Welcome to submit!
- [April, 2024] One paper accepted by FSE 2024 (Industry). Congrats Kangzheng!
- [Jan, 2024] Two papers accepted by WWW 2024. Congrats Guoyi & Youkun!
- [Jan, 2024] One paper accepted by FSE 2024. Congrats Keke!
- [Dec, 2023] I will join the TPC of ACM CCS 2024. Welcome to submit!
- [Dec, 2023] One paper accepted by IEEE S&P 2024. Congrats Bofei!
- [Dec, 2023] One paper accepted by INFOCOMM 2024. Congrats Kaizheng!
Background
- 2022.12~now, Fudan University, School of Computer Science, Professor
- 2017.12~2022.11, Fudan University, School of Computer Science, Associate Professor
- 2014.07~2017.11, Fudan University, School of Computer Science, Assistant Professor
- 2009.09~2014.06, Fudan University, School of Computer Science, Ph.D
- 2005.09~2009.06, Nanjing University, Software Institute, B.Eng
Publications
-
MOCGuard: Automatically Detecting Missing-Owner-Check Vulnerabilities in Java Web Applications.In Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, May 12-15, 2025 [Paper]
-
EPScan: Automated Detection of Excessive RBAC Permissions in Kubernetes Applications.In Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, May 12-15, 2025 [Paper]
-
Misdirection of Trust: Demystifying the Abuse of Dedicated URL Shortening Service.In Proceedings of the 32nd Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, Feb 23-28, 2025 [Paper]
-
Accurate and Efficient Recurring Vulnerability Detection for IoT Firmware.In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS), Salt Lake City, USA, October 14-18, 2024. [Full Version] [Paper]
-
Applying Fuzz Driver Generation to Native C/C++ Libraries of OEM Android Framework: Obstacles and Solutions.In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE Industry Track), Sacramento, CA, USA, Oct 27-Nov 1, 2024 [Paper]
-
New PHP Language Features Make Your Static Code Analysis Tools Miss Vulnerabilities.In Proceedings of 40th International Conference on Software Maintenance and Evolution (ICSME), Flagstaff, AZ, USA, October 6-11, 2024 [Paper]
-
VioHawk: Detecting Traffic Violations of Autonomous Driving Systems through Criticality-guided Simulation Testing.In Proceedings of ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Vienna, Austria, September 16-20, 2024. [Paper]
-
Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications.In Proceedings of ACM International Conference on the Foundations of Software Engineering (FSE), Brazil, Brazil, July 15-19, 2024. [ACM SIGSOFT Distinguished Paper Award] [Paper]
-
How Well Industry-Level Cause Bisection Works in Real-World: A Study on Linux Kernel.In Proceedings of ACM International Conference on the Foundations of Software Engineering (FSE) Industry Track, Brazil, Brazil, July 15-19, 2024. [Paper]
-
Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction.In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 20-23, 2024. [Paper]
-
SAMBA: Detecting SSL/TLS API Misuses in IoT Binary Applications.In Proceedings of 43rd IEEE International Conference on Computer Communications (INFOCOM), Vancouver, Canada, May 20-23, 2024. [Paper]
-
RecurScan: Detecting Recurring Vulnerabilities in PHP Web Applications.In Proceedings of the 33rd ACM Web Conference (WWW), Singapore, May 13–17, 2024. [Paper]
-
Interface Illusions: Uncovering the Rise of Visual Scams in Cryptocurrency Wallets.In Proceedings of the 33rd ACM Web Conference (WWW), Singapore, May 13–17, 2024. [Paper]
-
SCTrans: Constructing a Large Public Scenario Dataset for Simulation Testing of Autonomous Driving Systems.In Proceedings of the 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, April 14-20, 2024. [Paper]
-
SyzDirect: Directed Greybox Fuzzing for Linux Kernel.In Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, November 26-30, 2023. [Paper]
-
NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic.In Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, November 26-30, 2023. [Paper]
-
TrustedDomain Compromise Attack in App-in-app Ecosystems.In Proceedings of the 1st ACM Workshop on Secure and Trustworthy Superapps (SaTS), co-located with ACM CCS, Copenhagen, Denmark, November 26, 2023. [Paper]
-
Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs.In Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023. [AE Badges: Artifacts Functional; Results Reproduced; Artifacts Available] [Tech. Report] [Paper] [Source Code]
-
Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective.In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2023. [Paper]
-
AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities.In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2023. [Paper]
-
Precise (Un)Affected Version Analysis for Web Vulnerabilities.In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), Ann Arbor, Michigan, United States, October 10-14, 2022. [Paper]
-
Identity Confusion in WebView-based Mobile App-in-app Ecosystems.In Proceedings of the 31st USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 10-12, 2022. [Distinguished Paper Award] [Paper]
-
Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches.In Proceedings of the 31st USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 10-12, 2022. [Paper]
-
Exploit The Last Straw that Breaks Android System.In Proceedings of the 43rd IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2022. [Paper]
-
Understanding the Practice of Security Patch Management across Multiple Branches in OSS Projects.In Proceedings of the 31st ACM Web Conference (WWW), Lyon, France, April 25–29, 2022. [Paper]
-
Slowing Down the Aging of Learning-based Malware Detectors with API Knowledge.In Transactions on Dependable and Secure Computing (TDSC), 2022. [Online]
-
Refcount Field Identification for Linux Kernel Based on Deep Learning.In the International Journal of Software & Informatics (IJSI). 2022, Vol. 12 Issue 3, p309-329.
-
Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking.In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [Paper]
-
Facilitating Vulnerability Assessment through PoC Migration.In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [Paper]
-
Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking.In Proceedings of the 30th USENIX Security Symposium (USENIX Security), Vancouver, Canada, August 11-13, 2021. [Paper]
-
Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware.In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [Distinguished Paper Award Nomination] [Paper]
-
PDiff: Semantic-based Patch Presence Testing for Downstream Kernels.In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [Paper]
-
BScout: Direct Whole Patch Presence Test for Java Executables.In Proceedings of the 29th USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 12-14, 2020. [Paper]
-
An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum Ecosystem.In Proceedings of the 29th USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 12-14, 2020. [Paper]
-
How Android Developers Handle Evolution-induced API Compatibility Issues: A Large-scale Study.In Proceedings of the 42nd International Conference on Software Engineering (ICSE), Seoul, South Korea, May 23-29, 2020. [Paper]
-
TextExerciser: Feedback-driven Text Input Exercising for Android Applications.In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 18-20, 2020. [Paper]
-
Hybrid Malware Detection Approach with Feedback-directed Machine Learning.In SCIENCE CHINA Information Sciences, Volume 63, Issue 3: 139103 (2020)
-
App in the Middle : Demystify Application Virtualization in Android and its Security Threats to over 100 Million Users.In Proceedings of ACM SIGMETRICS / IFIP Performance, Phoenix, Arizona, USA, 2019. [Paper]
-
How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World.In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 15-19, 2018. [Paper]
-
Invetter: Locating Insecure Input Validations in Android Services.In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 15-19, 2018. [Paper]
-
An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications.
-
Detecting Third-Party Libraries in Android Applications with High Precision and Recall.In Proceedings of IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Campobasso, Italy, March 20-23, 2018. [Paper] [Source Code]
-
Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps.In Proceedings of Network and Distributed System Security Symposium (NDSS), San Diego, Feb 18-21, 2018. [Paper]
-
Identifying User-Input Privacy in Mobile Applications at a Large Scale.In IEEE Transactions on Information Forensics and Security (TIFS), 2017, 12(3), 647-661. [Paper]
-
Rethinking Permission Enforcement Mechanism on Mobile Systems.In IEEE Transactions on Information Forensics and Security (TIFS), 2016, 9(11), 1828-1842. [Paper]
-
FineDroid: Enforcing Permissions with System-wide Application Execution Context.In Proceedings of the 11th EAI International Conference on Security and Privacy in Communication Networks (SecureComm), Dallas, TX, October 26-29, 2015. [Paper]
-
AppCracker: Widespread Vulnerabilities in User and Session Authentication in Mobile Apps.In Proceedings of 4th IEEE Mobile Security Technologies (MoST), co-located with IEEE S&P, San Jose, CA, May 21, 2015. [Paper]
-
Permission Use Analysis for Vetting Undesirable Behaviors in Android Apps.In IEEE Transactions on Information Forensics and Security (TIFS), 2014, 9(11), 1828-1842. [Paper]
-
AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection.In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 4-8, 2013. [Paper]
-
Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis.In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 4-8, 2013. [Paper]
-
Swift: A Register-based JIT Compiler for Embedded JVMs.In Proceedings of the 8th International Conference on Virtual Execution Environments (VEE), London, UK, March 3-4, 2012. [Paper]
Teaching
- Principles of Reverse Engineering (in School of Computer Science)
- Spring 2024, Spring 2023, Spring 2022, Spring 2021, Spring 2020, Spring 2019, Spring 2018
- System Security: Attacks & Defenses (in School of Software)
- Fall 2024, Fall 2023, Fall 2022, Fall 2021, Fall 2020, Fall 2019, Fall 2018, Fall 2017, Fall 2016,
- Compiler Principles (in School of Software)
- Fall 2017
- Emerging Attack & Defense Techniques (in School of Software)
- Spring 2024, Spring 2023, Spring 2022, Spring 2021, Spring 2020, Spring 2019
- Computer Network Security (in School of Software)
- Spring 2018, Spring 2017, Spring 2016
Services
- Session Chair for Inscrypt 2021
- Session Chair for AsiaCCS 2021
- Session Chair for NDSS 2021 (AP Replay Session)
- Organization/Technical Commitee Member of InForSec
- ACM Transactions on Security and Privacy (TOPS), 2024-now
- Cybersecurity, 2024-now
- Empirical Software Engineering (EMSE), 2021-now
- Journal of Software (Special Issue: System Software Security Track, in Chinese), 2021
- the 15th ACM Conference on Data and Application Security and Privacy (CODASPY 2025)
- the 32nd ACM Conference on Computer and Communications Security (ACM CCS 2025)
- the 34th International World Wide Web Conference (WWW 2025)
- the 34th USENIX Security Symposium (USENIX Security 2025)
- the 2025 USENIX Annual Technical Conference (USENIX ATC 2025)
- the 31st ACM Conference on Computer and Communications Security (ACM CCS 2024)
- the 33rd USENIX Security Symposium (USENIX Security 2024)
- the 2024 Network and Distributed System Security Symposium (NDSS 2024)
- the 14th ACM Conference on Data and Application Security and Privacy (CODASPY 2024)
- ACM Workshop on Secure and Trustworthy Superapps (SaTS 2023)
- the 25th International Conference on Information and Communications Security (ICICS 2023)
- the 2023 International Conference on Metaverse Computing, Networking and Applications (MetaCom 2023)
- the 44th IEEE Symposium on Security and Privacy (S&P 2023)
- the 32nd USENIX Security Symposium (USENIX Security 2023)
- the 2023 USENIX Annual Technical Conference (USENIX ATC 2023)
- the 27th European Symposium on Research in Computer Security (ESORICS 2022)
- the 43rd IEEE Symposium on Security and Privacy (S&P 2022)
- the 31st USENIX Security Symposium (USENIX Security 2022)
- the 31st International World Wide Web Conference (WWW 2022)
- the 17th ACM ASIA Conference on Computer and Communications Security (AsiaCCS 2022)
- the 24th International Conference on Information and Communications Security (ICICS 2022)
- the 26th European Symposium on Research in Computer Security (ESORICS 2021)
- the 6th IEEE European Symposium on Security and Privacy (EuroS&P 2021)
- the 11th ACM Conference on Data and Application Security and Privacy (CODASPY 2021)
- the 16th ACM ASIA Conference on Computer and Communications Security (AsiaCCS 2021)
- the 23rd International Conference on Information and Communications Security (ICICS 2021)
- the 16th EAI Conference on Security and Privacy in Communication Networks (SecureComm 2020)
- the 25th European Symposium on Research in Computer Security (ESORICS 2020)