Office: Winston Chung Hall 334
Phone number: 951-827-6438
|Zhiyun Qian is an assistant professor
in Computer Science and Engineering
department at University of California
Riverside. He is a recipient of the NSF CAREER Award for 2017.
His research focuses on various topics in cyber-security such as system/network security, vulnerability discovery, side channel attacks and defenses, program analysis, and building tools/systems to support security analysis. Problems that interest him include, but not limited to, TCP/IP security, Android security, infrastructure security (e.g., cellular networks), security of network middleboxes such as firewalls. He also enjoys hacking and breaking things.
Current and past research:
Android side channel attacks that reveal foreground app state (allow hijacking and other attacks). [Video]
My research is currently supported by 8 NSF grants (including the NSF CAREER), a Cyber Security (CS) Collaborative Research Alliance (CRA) from Army Research Lab, and 2 gifts from industry.
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems
Seyed Mohammadjavad Seyed Talebi and Hamid Tavakoli, Hang Zhang and Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian
In Proceedings of USENIX Security 2018, Baltimore, MD.
Static Evaluation of Noninterference using Approximate Model Counting
Ziqiao Zhou, Zhiyun Qian, Michael K. Reiter, Yinqian Zhang
In Proceedings of IEEE Security and Privacy (Oakland) 2018, San Francisco, CA.
Measuring and Disrupting Anti-Adblockers Using Differential Execution
Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq, Heng Yin
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2018, San Diego, CA.
Media coverage: [Techcrunch] [Ars Technica] [Hacker News]
Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship
Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy
In ACM Internet Measurement Conference (IMC) 2017, London, UK.
Multipath TCP Traffic Diversion Attacks and Countermeasures
[IETF discussion & patch]
Ali Munir, Zhiyun Qian, Zubair Shafiq, Alex Liu, Franck Le
In IEEE International Conference on Network Protocols (ICNP) 2017, Toronto, Canada.
Detecting Android Root Exploits by Learning from Root Providers [PDF]
Ioannis Gasparis, Zhiyun Qian, Chengyu Song, and Srikanth V. Krishnamurthy
In Proceedings of USENIX Security 2017, Vancouver, Canada.
Investigation of the 2016 Linux TCP Stack Vulnerability at Scale [PDF]
Alan Quach*, Zhongjie Wang*, and Zhiyun Qian
Both authors contributed equally.
In Proceedings of ACM SIGMETRICS 2017, Urbana-Champaign, IL.
Android ION Hazard: the Curse of Customizable Memory Management System [PDF]
Hang Zhang, Dongdong She, Zhiyun Qian
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2016, Vienna, Austria.
[CVE-2015-8950] [CVE-2016-8756] [CVE-2016-8757] [CVE-2016-8758] [CVE-2017-8164] [CVE-2017-8165]
Off-Path TCP Exploits: Global Rate Limit Considered Dangerous
Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel
In Proceedings of USENIX SECURITY 2016, Austin, TX.
[GeekPwn Award] [Internet Defense Prize Runner-up]
Media coverage: [LWN.net] [ARS Technica] [Slashdot] [The Register] [ZDNET] [FreeBuf(Chinese)中文] ...
Selected professional activities: