Zhiyun Qian

 Email: zhiyunq(a_t)cs.ucr.edu
Office: Winston Chung Hall 334
Phone number: 951-827-6438

University of California Riverside

Computer Science and Engineering
  • Home
  • Publications
  • Teaching
Photo Zhiyun Qian is an associate professor in Computer Science and Engineering department at University of California Riverside. He is a recipient of the NSF CAREER Award for 2017.

He has a broad interest in system/network security, with the general theme of vulnerability discovery and analysis, system building, and measurement. He has a well-rounded understanding of the computer systems in general (both design and implementation) including architecture, operating systems, software, network protocols, and their interactions. The techniques he applies include program analysis (static and dynamic), reverse engineering, fuzzing, model checking, and machine learning. Problem domains that he has worked on include, but not limited to, protocol security, operating system security, Android security, binary analysis, network infrastructure security, censorship evasion, and web privacy. More recently he is passionate about building systems that will result in long-lasting real-world impact. For instance, one open source tool developed in the group has received 2700+ stars on github.

To prospective students:  I'm looking for students who have strong interests in computer systems, security, or networking, especially the ones with hacking skills or desires. If you are interested, feel free to drop me an email and introduce yourself!

Current and past research:

•

TCP side channels: Linux kernel and patch1, patch2 (CVE-2016-5696), apple advisory (CVE-2017-13810), GeekPwn 2016 most creative idea award, Geekpwn 2017 winner award (unfixable bug), and Check Point security advisory.  [Video1] [Video2] [Video3]

•

Vulnerability discovery in Android kernel, framework, apps. [ION driver] [Perm. inconsistency] [Inherited IPC] [Input validation flaws]
•

Systems/Tools for better security analysis (open source) [FIBER] [Charm]
•

Android root ecosystem analysis and defenses [One-click root app analysis] [Detecting root exploits]
•

Arms race between Adblocker and Anti-adblockers [Visible anti-adblockers] [Historical analysis] [An invisible adblocker]

•

Android side channel attacks that reveal foreground app state (allow hijacking and other attacks). [Video]

•

Cellular network studies that reveal security flaws and reasons for slow downloads and battery drains. [MIT Technology Review]  [Slashdot]  [CNET]

Funding:

    My research is currently supported by 8 NSF grants (including the NSF CAREER), a Cyber Security (CS) Collaborative Research Alliance (CRA) from Army Research Lab, and 2 gifts from industry.

Selected publications:

  • Rendered Insecure: GPU Side Channel Attacks are Practical [PDF]
    Hoda Naghibijouybari, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh
    In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2018, Toronto, Canada.
    [CVE‑2018‑6260] [DarkReading] [TechSpot]

  • How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World [PDF]
    Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, Haixin Duan
    In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2018, Toronto, Canada.

  • Invetter: Locating Insecure Input Validations in Android Services [PDF] [Source]
    Lei Zhang, Zhemin Yang, Yuyu He, Zhenyu Zhang, Zhiyun Qian, Geng Hong, Yuan Zhang, Min Yang
    In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2018, Toronto, Canada.

  • Precise and Accurate Patch Presence Test for Binaries [PDF] [Source]
    Hang Zhang and Zhiyun Qian
    In Proceedings of USENIX Security 2018, Baltimore, MD.

  • Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secret [PDF] [Demo] [Source]
    Weiteng Chen and Zhiyun Qian
    In Proceedings of USENIX Security 2018, Baltimore, MD.
    [ACM TechNews]     [GeekPwn Award] [CSAW 2018 Finalist] [IRTF 2019 Applied Networking Research Prize]

  • Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems [PDF] [Source]
    Seyed Mohammadjavad Seyed Talebi and Hamid Tavakoli, Hang Zhang and Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian
    In Proceedings of USENIX Security 2018, Baltimore, MD.

  • Static Evaluation of Noninterference using Approximate Model Counting [PDF]
    Ziqiao Zhou, Zhiyun Qian, Michael K. Reiter, Yinqian Zhang
    In Proceedings of IEEE Security and Privacy (Oakland) 2018, San Francisco, CA.

  • Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis [PDF]
    Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq, Heng Yin
    In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2018, San Diego, CA.
    Media coverage: [Techcrunch] [Ars Technica] [Hacker News] [DMNews]

Selected professional activities:

  • Program Committee, IEEE Security and Privacy (Oakland) 2020, 2019
  • Program Committee, ACM Conference on Computer and Communications Security (CCS) 2019, 2018, 2017, 2016, 2014
  • Program Committee, Network & Distributed System Security (NDSS) 2019, 2013
  • Program Committee, ACM Internet Measurement Conference (IMC) 2018, 2017
  • Program Committee, AsiaCCS 2016, 2014
  • Program Committee, Mobisys 2014