Zhiyun Qian |
Email: zhiyunq Office: Winston Chung Hall 334 Phone number: 951-827-6438 |
|
![]() |
Zhiyun Qian is the
Everett and Imogene Ross associate professor
in Computer Science and Engineering
department at University of California
Riverside. He is a recipient of the NSF CAREER Award for 2017.
He has a broad interest in system/network security, with the general theme of vulnerability discovery and analysis, system building, and measurement. He has a well-rounded understanding of the computer systems including operating systems, software, network protocols, architecture, and their interactions. The techniques he applies include program analysis, reverse engineering, fuzzing, model checking, and machine learning. Problem domains that he has worked on include, but not limited to, protocol security, operating system security, Android security, network infrastructure security, censorship evasion, and web privacy. More recently he is passionate about building systems and tools that will result in long-lasting real-world impact. |
Selected research threads:
• Network security |
Keywords: discovering and modeling novel threats, cross-layer analysis, applied formal methods - TCP side channels, allowing the hijack of arbitrary connections on the Internet: CVE-2016-5696, GeekPwn 2016 most creative idea award, Geekpwn 2017 winner award (unfixable flaw), applied networking research prize - Multi-Path TCP flaws: [Safer than TCP?] [IETF discussion & patch] - Firewall Testing and Evasion: [Reverse Engineering Firewall Behaviors] [Automated Evasion Attemp Generation] - Reviving DNS cache poisoning attacks [Against DNS forwarders] [Against DNS resolvers and others] |
• System security |
Keywords: bridging the gap between the hacking community and academia, automation, applied formal methods - Automated cyber attacks and defenses: [Exploitability analysis of kernel heap OOB write bugs] - Systems/Tools for better security analysis: [Automatic patch presence test in binaries] [Dynamic analysis support of Android device drivers] - Vulnerability discovery and analysis across Android software stack: [Android root] [ION driver] [Permission inconsistency] [Inherited IPC interface from Linux] [Input validation flaws] |
Selected publications:
CCS 20 |
DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels
[PDF]
[Slides]
Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2020. [Distinguished Paper Award] [CVE-2020-25705] Media coverage: [Ars Technica] [ZDNet] [TechRepublic] [The Hacker News] |
FSE 20 |
UBITect: A Precise and Scalable Method to Detect Use-Before-Initialization bugs in Linux Kernel
[PDF]
[Source] Yizhuo Zhai, Yu Hao, Hang Zhang, Daimeng Wang, Chengyu Song, Zhiyun Qian, Mohsen Lesani, Srikanth V. Krishnamurthy, Paul Yu In Proceedings of the 2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE'20), Sacramento, CA. |
USENIX Security 20 |
Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices
[PDF]
Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, Zhiyun Qian In Proceedings of USENIX Security 2020, Boston MA. |
USENIX Security 20 |
KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
[PDF]
[Source]
Weiteng Chen, Xiaochen Zou, Guoren Li, Zhiyun Qian In Proceedings of USENIX Security 2020, Boston MA. |
Eurosys 20 |
Experiences of Landing Machine Learning onto Market-Scale Mobile Malware Detection
[PDF]
Liangyi Gong, Zhenhua Li, Feng Qian, Zifan Zhang, Qi Alfred Chen, Zhiyun Qian, Hao Lin, Yunhao Liu In Proceedings of Eurosys 2020, Dresden, Germany. |
Sigmetrics 20 |
Characterizing Transnational Internet Performanceand the Great Bottleneck of China
[PDF]
Pengxiong Zhu, Keyu Man, Zhongjie Wang, Zhiyun Qian, Roya Ensafi, J. Alex Halderman, Haixin Duan In Proceedings of ACM SIGMETRICS 2020, Boston, MA. |
NDSS 20 |
SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery
[PDF]
[Source]
Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth Krishnamurthy, Tracy D. Braun, Kevin S. Chan In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2020, San Diego, CA. |
S&P 20 |
AdGraph: A Graph-Based Approach to Ad and Tracker Blocking
[PDF]
Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian, Zubair Shafiq In Proceedings of IEEE Symposium on Security & Privacy (Oakland), 2020, San Francisco CA. |
Selected professional activities: