Zhiyun Qian

Email: zhiyunq(a_t)cs.ucr.edu
Office: Winston Chung Hall 334
Phone number: 951-827-6438

University of California Riverside

Computer Science and Engineering

  • Home
  • Publications
  • Teaching
2025
S&P 25 Redefining Indirect Call Analysis with KallGraph [PDF]
Guoren Li, Manu Sridharan, Zhiyun Qian
In Proceedings of IEEE Security and Privacy (Oakland) 2025 (accepted in the 2nd cycle), San Francisco, CA.
S&P 25 Beyond the Horizon: Uncovering Hosts and Services behind Misconfigured Firewalls [PDF]
Qing Deng, Juefei Pu, Zhaowei Tan, Zhiyun Qian, Srikanth V. Krishnamurthy
In Proceedings of IEEE Security and Privacy (Oakland) 2025 (accepted in the 2nd cycle), San Francisco, CA.
S&P 25 SoK: Challenges and Paths Toward Memory Safety for eBPF [PDF]
Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger
In Proceedings of IEEE Security and Privacy (Oakland) 2025 (accepted in the 2nd cycle), San Francisco, CA.
S&P 25 SCAD: Towards a Universal and Automated Network Side-Channel Vulnerability Detection [PDF]
Keyu Man, Zhongjie Wang, Yue Cao, Shenghan Zheng, Xin'an Zhou, Zhiyun Qian
In Proceedings of IEEE Security and Privacy (Oakland) 2025 (accepted in the 1st cycle), San Francisco, CA.
NDSS 25 Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel [PDF]
Hang Zhang, Jangha Kim, Chuhong Yuan, Zhiyun Qian, Taesoo Kim
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2025, San Diego, CA.
2024
MobiCom 24 M2HO: Mitigating the Adverse Effects of 5G Handovers on TCP [PDF]
Zhutian Liu, Qing Deng, Zhaowei Tan, Zhiyun Qian, Xinyu Zhang, Ananthram Swami, Srikanth V. Krishnamurthy
In Proceedings of the ACM MobiCom 2024, Washington D.C.
ACM CCS 24 Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects [PDF]
Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger
In Proceedings of the ACM CCS 2024 (accepted in the second cycle), Salt Lake City, UT.
ACM CCS 24 Untangling the Knot: Breaking Access Control in Home Wireless Mesh Networks [PDF] [Source]
Xin'an Zhou, Qing Deng, Juefei Pu, Keyu Man, Zhiyun Qian, Srikanth V. Krishnamurthy
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2024 (accepted in the first cycle), Salt Lake City, UT.
USENIX Security 24 SymBisect: Accurate Bisection for Fuzzer-Exposed Vulnerabilities [PDF] [Source]
Zheng Zhang, Yu Hao, Weiteng Chen, Xiaochen Zou, Xingyu Li, Haonan Li, Yizhuo Zhai, Zhiyun Qian, Billy Lau
In Proceedings of the USENIX Security 2024 (accepted in Winter 2024), Philadelphia, PA.
USENIX Security 24 OPTISAN: Using Multiple Spatial Error Defenses to Optimize Stack Memory Protection within a Budget [PDF]
Rahul George, Mingming Chen, Kaiming Huang, Zhiyun Qian, Thomas La Porta, Trent Jaeger
In Proceedings of the USENIX Security 2024 (accepted in Winter 2024), Philadelphia, PA.
OOPSLA 24 Enhancing Static Analysis For Practical Bug Detection: An LLM-Integrated Approach [PDF] [Source]
Haonan Li, Yu Hao, Yizhuo Zhai, and Zhiyun Qian
In Proceedings of the ACM on Programming Languages (PACMPL), Issue OOPSLA, 2024 (accepted in R1), Pasadena, CA.
Euro S&P 24 DNS Exfiltration Guided by Generative Adversarial Networks [PDF]
Abdulrahman Fahim, Shitong Zhu, Zhiyun Qian, Chengyu Song, Vagelis Papalexakis, Supriyo Chakraborty, Kevin Chan, Paul Yu, Trent Jaeger, and Srikanth V. Krishnamurthy
In Proceedings of IEEE European Symposium on Security and Privacy 2024, Vienna, Austria.
USENIX Security 24 Don't Waste My Efforts: Pruning Redundant Sanitizer Checks of Developer-Implemented Type Checks [PDF] [Source]
Yizhuo Zhai, Zhiyun Qian, Chengyu Song, Manu Sridharan, Trent Jaeger, Paul Yu, and Srikanth V. Krishnamurthy
In Proceedings of USENIX Security 2024 (accepted in Fall 2023), Philadelphia, PA.
MSR 24 An Investigation of Patch Porting Practices of the Linux Kernel Ecosystem [PDF]
Xingyu Li, Zheng Zhang, Zhiyun Qian, Trent Jaeger, and Chengyu Song
In Proceedings of the Mining Software Repositories (MSR) 2024, Lisbon, Portugal.
NDSS 24 SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem [PDF] [Source]
Xiaochen Zou, Yu Hao, Zheng Zhang, Juefei Pu, Weiteng Chen, and Zhiyun Qian
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2024, San Diego, CA.
NDSS 24 K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel [PDF] [Source]
Zhengchuan Liang, Xiaochen Zou, Chengyu Song, and Zhiyun Qian
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2024, San Diego, CA.
S&P 24 SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing [PDF] [Source]
Weiteng Chen, Yu Hao, Zheng Zhang, Xiaochen Zou, Dhilung Kirat, Shachee Mishra, Douglas Schales, Jiyong Jang, and Zhiyun Qian
In Proceedings of IEEE Security and Privacy (Oakland) 2024, San Francisco, CA.
Black Hat 24 (industry) PageJack: A Powerful Exploit Technique With Page-Level UAF [Link]
Zhiyun Qian, Jiayi Hu, Jinmeng Zhou, Qi Tang, and Wenbo Shen
In Black Hat USA, 2024, Las Vegas, NV.
Black Hat 24 (Industry) Fallen Tower of Babel: Rooting Wireless Mesh Networks by Abusing Heterogeneous Control Protocols [Link]
Xin'an Zhou, Zhiyun Qian, Juefei Pu, Qing Deng, Srikanth V. Krishnamurthy, and Keyu Man
In Black Hat USA, 2024, Las Vegas, NV.
SP 24 (Magazine) Comprehensive Memory Safety Validation: An Alternative Approach to Memory Safety [PDF]
Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger
IEEE Security and Privacy Magazine, 2024
2023
USENIX Security 23 A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel [PDF] [Source]
Guoren Li, Hang Zhang, Jinmeng Zhou, Wenbo Shen, Yulei Sui, and Zhiyun Qian
In Proceedings of USENIX Security 2023 (accepted in Winter 2023), Anaheim, MA.
FSE-IVR 23 Assisting Static Analysis with Large Language Models: A ChatGPT Experiment [PDF]
Haonan Li, Yu Hao, Yizhuo Zhai, and Zhiyun Qian
In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023): Idea, Vision, and Reflection Track.
[Poster in S&P 2023]
S&P 23 SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers [PDF] [Source]
Yu Hao, Guoren Li, Xiaochen Zou, Weiteng Chen, Shitong Zhu, Zhiyun Qian, and Ardalan Amiri Sani
In Proceedings of IEEE Security and Privacy (Oakland) 2023, San Francisco, CA.
[Linux Security Summit 2023] [Qualcomm Security Summit 2023]
Selected syzkaller patches: [Patch1] [Patch2] [Patch3]
FAST 23 Unsafe at Any Copy: Name Collisions from Mixing Case Sensitivities [PDF] [Source]
Aditya Basu, John Sampson, Zhiyun Qian, and Trent Jaeger
In Proceedings of USENIX Conference on File and Storage Technologies (FAST) 2023, Santa Clara, CA.
Black Hat 23 (Industry) Dilemma in IoT Access Control: Revealing Novel Attacks and Design Challenges in Mobile-as-a-Gateway IoT [Link]
Luyi Xing, Xin'an Zhou, Jiale Guan, and Zhiyun Qian
In Black Hat (Asia) 2023, Singapore.
TDSC 23 (Journal) PolyScope: Multi-policy Access Control Analysis to Triage Android Scoped Storage [PDF]
Yu-Tsung Lee, Haining Chen, William Enck, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Giuseppe Petracca, and Trent Jaeger
IEEE Transactions on Dependable and Secure Computing, 2023
2022
ACM CCS 22 Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT [PDF]
Xin’an Zhou, Jiale Guan, Luyi Xing, and Zhiyun Qian
In Proceedings of the ACM CCS 2022, Los Angeles, CA.
[CVE-2022-23776] [CVE-2022-36268] [CVE-2022-26262] [CVE-2022-37192] [CVE-2022-37193]
ICSE 22 Demystifying the Dependency Challenge in Kernel Fuzzing [PDF] [Source]
Yu Hao, Hang Zhang, Guoren Li, Xingyun Du, Zhiyun Qian, Ardalan Amiri Sani
In Proceedings of IEEE/ACM International Conference on Software Engineering (ICSE) 2022, Pittsburgh, PA. [Google Research Paper Reward]
USENIX Security 22 Off-Path Network Traffic Manipulation via Revitalized ICMP Redirect Attacks [PDF]
Xuewei Feng, Qi Li, Kun Sun, Zhiyun Qian, Gang Zhao, Xiaohui Kuang, Chuanpu Fu, and Ke Xu
In Proceedings of USENIX Security 2022 (accepted in Winter 2022), Boston, MA.
USENIX Security 22 SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs [PDF] [Source]
Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, and Zhiyun Qian
In Proceedings of USENIX Security 2022 (accepted in Summer 2021), Boston, MA.
[Linux Security Summit 2021] [Google Research Paper Reward]
[CVE-2021-33034] [CVE-2021-33033] [CVE-2020-36387] [CVE-2020-36386] [CVE-2020-36385] [CVE-2020-36387] [CVE-2019-25044] [CVE-2018-25015] [CVE-2019-25045]
USENIX Security 22 LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution [PDF]
Jian Liu, Lin Yi, Weiteng Chen, Chengyu Song, Zhiyun Qian, and Qiuping Yi
In Proceedings of USENIX Security 2022 (accepted in Summer 2021), Boston, MA.
NDSS 22 Progressive Scrutiny: Incremental Detection of UBI bugs in the Linux Kernel [PDF] [Source]
Yizhuo Zhai, Yu Hao, Zheng Zhang, Weiteng Chen, Guoren Li, Zhiyun Qian, Chengyu Song, Manu Sridharan, Srikanth V. Krishnamurthy, Trent Jaeger, Paul Yu
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2022, San Diego, CA.
Selected patches: [Patch1] [Patch2] [Patch3]
NDSS 22 PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP [PDF]
Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, Zhiyun Qian
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2022, San Diego, CA.
NDSS 22 The Taming of the Stack: Isolating Stack Data from Memory Errors [PDF]
Kaiming Huang, Yongzhe Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, and Trent Jaeger
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2022, San Diego, CA.
S&P 22 Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK [PDF] [Source]
Xuancheng Jin, Xuangan Xiao, Songlin Jia, Wang Gao, Hang Zhang, Dawu Gu, Siqi Ma, Zhiyun Qian, and Juanru Li
In Proceedings of IEEE Security and Privacy (Oakland) 2022, San Francisco, CA.
TDSC 22
[Journal]
DNS Poisoning of Operating System Caches: Attacks and Mitigations
Fatemah Alharbi, Jie Chang, Yuchen Zhou, Feng Qian, Zhiyun Qian, Nael Abu-Ghazaleh
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2022.
2021
ACSAC 21 Eluding ML-based Adblockers With Actionable Adversarial Examples [PDF] [Source]
Shitong Zhu, Zhongjie Wang, Xun Chen, Shasha Li, Keyu Man, Umar Iqbal, Zhiyun Qian, Kevin S. Chan, Srikanth V. Krishnamurthy, Zubair Shafiq, Yu Hao, Guoren Li, Zheng Zhang, Xiaochen Zou
In Proceedings of Annual Computer Security Applications Conference (ACSAC) 2021.
ACM CCS 21 DNS Cache Poisoning Attack: Resurrections with Side Channels [PDF] [CVE-2021-20322]
Keyu Man, Xinan Zhou, and Zhiyun Qian
In Proceedings of the ACM CCS 2021.
Media coverage: [Ars Technica] [TechTarget] [The Hacker News]
ACM CCS 21 Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels [PDF] [Source]
Hang Zhang, Weiteng Chen, Yu Hao, Guoren Li, Yizhuo Zhai, Xiaochen Zou, and Zhiyun Qian
In Proceedings of the ACM CCS 2021.
ACM CCS 21 Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison [PDF] [Source]
Zhongjie Wang, Shitong Zhu, Keyu Man, Pengxiong Zhu, Yu Hao, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, and Michael J. De Lucia
In Proceedings of the ACM CCS 2021.
ACM CCS 21 SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers [PDF] [Source]
Weiteng Chen, Yu Wang, Zheng Zhang, and Zhiyun Qian
In Proceedings of ACM CCS 2021.
[CVE-2020-9929] [CVE-2020-9928] [CVE-2021-30899] [CVE-2021-30982] [CVE-2021-30931]
USENIX Security 21 SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning [PDF] [Source]
Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, and Nael Abu-Ghazaleh
In Proceedings of USENIX Security 2021.
USENIX Security 21 PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems [PDF]
Yu-Tsung Lee, William Enck, Haining Chen, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Daimeng Wang, Giuseppe Petracca, and Trent Jaeger
In Proceedings of USENIX Security 2021.
USENIX Security 21 Undo Workarounds for Kernel Bugs [PDF] [Source]
Seyed Mohammadjavad Seyed Talebi, Zhihao Yao, Ardalan Amiri Sani, Zhiyun Qian, and Daniel Austin
In Proceedings of USENIX Security 2021.
USENIX Security 21 An Investigation of the Android Kernel Patch Ecosystem [PDF] [Source]
Zheng Zhang, Hang Zhang, Zhiyun Qian, and Billy Lau
In Proceedings of USENIX Security 2021.
MobiCom 21 A Nationwide Census on WiFi Security Threats: Prevalence, Riskiness, and the Economics Behind [PDF]
Di Gao, Hao Lin, Zhenhua Li, Feng Qian, Qi Alfred Chen, Zhiyun Qian, Wei Liu, Liangyi Gong, and Yunhao Liu
In Proceedings of ACM MobiCom 2021.
TDSC 21
[Journal]
Who Moves My App Promotion Investment? A Systematic Study about App Distribution Fraud
Shaoyong Du, Minrui Zhao, Jingyu Hua, Hang Zhang, Xiaoyu Chen, Zhiyun Qian, and Sheng Zhong
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2021.
IEEE Design & Test 21
[Journal]
Beyond the CPU: Side Channel Attacks on GPUs
Hoda Naghibijouybari, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh
In IEEE Design & Test 2021.
Elsevier HCC 21
[Journal]
A Model Checking-Based Security Analysis Framework for IoT Systems
Zheng Fanga, Hao Fu, Tianbo Gub, Zhiyun Qian, Trent Jaeger, Pengfei Hu, Prasant Mohapatra
In Elsevier High-Confidence Computing 2021.
2020
CoNEXT 20 You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning [PDF] [Ethics]
Shitong Zhu, Shasha Li, Zhongjie Wang, Xun Chen, Zhiyun Qian, Srikanth V. Krishnamurthy, Kevin S. Chan, and Ananthram Swami
In Proceedings of ACM Conference on emerging Networking EXperiments and Technologies (CoNEXT) 2020.
CCS 20 DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels [PDF] [Slides]
Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, and Haixin Duan
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2020.
[Distinguished Paper Award] [CVE-2020-25705]
Media coverage: [Ars Technica] [ZDNet] [TechRepublic] [The Hacker News]
FSE 20 UBITect: A Precise and Scalable Method to Detect Use-Before-Initialization bugs in Linux Kernel [PDF] [Source]
Yizhuo Zhai, Yu Hao, Hang Zhang, Daimeng Wang, Chengyu Song, Zhiyun Qian, Mohsen Lesani, Srikanth V. Krishnamurthy, Paul Yu
In Proceedings of the 2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE'20), Sacramento, CA.
Selected patches: [Patch1] [Patch2] [Patch3]
USENIX Security 20 Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices [PDF]
Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, Zhiyun Qian
In Proceedings of USENIX Security 2020 (accepted in Winter 2020), Boston MA.
USENIX Security 20 KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities [PDF] [Source]
Weiteng Chen, Xiaochen Zou, Guoren Li, Zhiyun Qian
In Proceedings of USENIX Security 2020 (accepted in Summer 2019), Boston MA.
[Linux Security Summit 2021]
Eurosys 20 Experiences of Landing Machine Learning onto Market-Scale Mobile Malware Detection [PDF]
Liangyi Gong, Zhenhua Li, Feng Qian, Zifan Zhang, Qi Alfred Chen, Zhiyun Qian, Hao Lin, Yunhao Liu
In Proceedings of Eurosys 2020, Dresden, Germany.
Sigmetrics 20 Characterizing Transnational Internet Performance and the Great Bottleneck of China [PDF]
Pengxiong Zhu, Keyu Man, Zhongjie Wang, Zhiyun Qian, Roya Ensafi, J. Alex Halderman, Haixin Duan
In Proceedings of ACM SIGMETRICS 2020, Boston, MA.
NDSS 20 SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery [PDF] [Source]
Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth Krishnamurthy, Tracy D. Braun, Kevin S. Chan
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2020, San Diego, CA.
S&P 20 AdGraph: A Graph-Based Approach to Ad and Tracker Blocking [PDF]
Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian, Zubair Shafiq
In Proceedings of IEEE Symposium on Security & Privacy (Oakland), 2020, San Francisco CA.
ToN 20
[Journal]
Packet Header Obfuscation Using MIMO
Yue Cao, Ahmed Fathy Atya, Shailendra Singh, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, Prashant Krishnamurthy, Lisa Marvel
In IEEE/ACM Transactions on Networking (TON) 2020.
2019
CCS 19 Principled Unearthing of TCP Side Channel Vulnerabilities [PDF] [Source]
Yue Cao, Zhongjie Wang, Zhiyun Qian, Chengyu Song, Srikanth Krishnamurthy, Paul Yu
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2019, London, UK.
MASS 19 ForeSee: A Cross-layer Vulnerability Detection Framework for the Internet of Things [PDF]
Zheng Fang, Hao Fu, Tianbo Gu, Zhiyun Qian, Trent Jaeger, Prasant Mohapatra
In Proceedings of IEEE International Conference on Mobile Ad hoc and Smart Systems (MASS), Monterey, Canada.
RAID 19 Application level attacks on Connected Vehicle Protocols [PDF]
Ahmed Abdo, Sakib Md Bin Malek, Zhiyun Qian, Qi Zhu, Matthew Barth, Nael Abu-Ghazaleh
In Proceedings of International Symposium on Research in Attacks, Intrusions and Defenses (RAID) 2019, Beijing, China.
NSPW 19 Employing Attack Graphs for Intrusion Detection [PDF]
Frank Capobianco, Rahul George, Kaiming Huang, Trent Jaeger, Mathias Payer, Srikanth Krishnamurthy, Zhiyun Qian, Paul Yu
In Proceedings of New Security Paradigms Workshop (NSPW) 2019, San Carlos, Costa Rica.
ISC 19 When The Attacker Knows A Lot: The GAGA Graph Anonymizer [PDF]
Arash Alavi, Rajiv Gupta, Zhiyun Qian
In Proceedings of Information Security Conference (ISC) 2019, New York.
DAC 19 PAPP: Prefetcher-Aware Prime and Probe Side-channel Attack [PDF] [Source]
Daimeng Wang, Zhiyun Qian, Nael Abu-Ghazaleh, Srikanth V. Krishnamurthy
In Proceedings of Design Automation Conference (DAC) 2019, Las Vegas, NV.
WWW 19 ShadowBlock: A Lightweight and Stealthy Adblocking Browser [PDF] [Source]
Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen
In Proceedings of WWW 2019, San Francisco, CA.
Sigmetrics 19 App in the Middle : Demystify Application Virtualization in Android and its Security Threats [PDF]
Lei Zhang, Zhemin Yang, Yuyu He, Mingqi Li, Sen Yang, Min Yang, Yuan Zhang, Zhiyun Qian
In Proceedings of ACM SIGMETRICS 2019, Phoenix, AZ.
INFOCOM 19 Collaborative Client-Side DNS Cache Poisoning Attack [PDF]
Fatemah Alharbi, Jie Chang, Yuchen Zhou, Feng Qian, Zhiyun Qian, Nael Abu-Ghazaleh
In Proceedings of IEEE International Conference on Computer Communications (INFOCOM), 2019, Paris, France.
[Apple advisory 1] [Apple advisory 2]
INFOCOM 19 Figment: Fine-grained Permission Management for Mobile Apps [PDF]
Ioannis Gasparis, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Rajiv Gupta, and Paul Yu
In Proceedings of IEEE International Conference on Computer Communications (INFOCOM), 2019, Paris, France.
NDSS 19 Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries [PDF] [Source]
Daimeng Wang, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh, Srikanth V. Krishnamurthy, Edward J. M. Colbert, Paul Yu
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2019, San Diego, CA.
ToN 19
[Journal]
Catch Me if You Can: A Closer Look at Malicious Co-Residency on the Cloud [PDF]
Ahmed Osama Fathy Atya, Zhiyun Qian, Srikanth V. Krishnamurthy, Thomas La Porta, Patrick McDaniel, and Lisa Marvel
In IEEE/ACM Transactions on Networking (TON) 2019.
TDSC 19
[Journal]
Resilient User-Side Android Application Repackaging and Tampering Detection Using Cryptographically Obfuscated Logic Bombs
Qiang Zeng, Lannan Luo, Zhiyun Qian, Xiaojiang Du, Zhoujun Li, Chin-Tser Huang, and Csilla Farkas
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2019.
TDSC 19
[Journal]
Side Channel Attacks on GPUs [PDF]
Hoda Naghibijouybari, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2019.
2018
CoNext 18 IoTSan: Fortifying the Safety of IoT Systems [PDF]
Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, Patrick McDaniel
In Proceedings of International Conference on emerging Networking EXperiments and Technologies (CoNext) 2018, Heraklion/Crete, Greece.
CCS 18 Rendered Insecure: GPU Side Channel Attacks are Practical [PDF]
Hoda Naghibijouybari, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2018, Toronto, Canada.
[Top pick in hardware security (ICCAD'19)] [CVE‑2018‑6260] [DarkReading] [TechSpot]
CCS 18 How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World [PDF]
Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, Haixin Duan
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2018, Toronto, Canada.
CCS 18 Invetter: Locating Insecure Input Validations in Android Services [PDF] [Source]
Lei Zhang, Zhemin Yang, Yuyu He, Zhenyu Zhang, Zhiyun Qian, Geng Hong, Yuan Zhang, Min Yang
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2018, Toronto, Canada.
USENIX
Security 18
Precise and Accurate Patch Presence Test for Binaries [PDF] [Source]
Hang Zhang and Zhiyun Qian
In Proceedings of USENIX Security 2018, Baltimore, MD.
USENIX
Security 18
Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secret [PDF] [Demo] [Source]
Weiteng Chen and Zhiyun Qian
In Proceedings of USENIX Security 2018, Baltimore, MD.
[ACM TechNews] [GeekPwn Award] [CSAW 2018 Finalist] [IRTF 2019 Applied Networking Research Prize]
USENIX
Security 18
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems [PDF] [Source]
Seyed Mohammadjavad Seyed Talebi and Hamid Tavakoli, Hang Zhang and Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian
In Proceedings of USENIX Security 2018, Baltimore, MD.
AsiaCCS 18 Droid M+: Developer Support for Imbibing Android’s New Permission Model [PDF]
Ioannis Gasparis, Azeem Aqil, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Rajiv Gupta, and Edward Colbert
In Proceedings of the 13th ACM ASIA Conference on Information, Computer and Communications Security (AsiaCCS) 2018, Incheon, Korea.
S&P 18 Static Evaluation of Noninterference using Approximate Model Counting [PDF]
Ziqiao Zhou, Zhiyun Qian, Michael K. Reiter, Yinqian Zhang
In Proceedings of IEEE Security and Privacy (Oakland) 2018, San Francisco, CA.
INFOCOM 18 A Framework for MIMO-based Packet Header Obfuscation [PDF]
Yue Cao, Ahmed Fathy Atya, Shailendra Singh, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, Prashant Krishnamurthy, Lisa Marvel
In Proceedings of IEEE International Conference on Computer Communications (INFOCOM) 2018, Honolulu, HI.
INFOCOM 18 Accurate and Efficient Wireless Device Fingerprinting Using Channel State Information [PDF]
Jingyu Hua, Hongyi Sun, Zhenyu Shen, Zhiyun Qian, Sheng Zhong
In Proceedings of IEEE International Conference on Computer Communications (INFOCOM) 2018, Honolulu, HI.
PAM 18 RARE: A Systematic Augmented Router Emulation for Malware Analysis [PDF]
Ahmad Darki, Chun-Yu Chuang, Michalis Faloutsos, Zhiyun Qian, and Heng Yin
In Proceedings of Passive and Active Measurement Conference (PAM) 2018, Berlin, Germany.
NDSS 18 Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis [PDF]
Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq, Heng Yin
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2018, San Diego, CA.
Media coverage: [Techcrunch] [Ars Technica] [Hacker News] [DMNews]
CGO 18 Resilient Decentralized Android Application Repackaging Detection [PDF]
Qiang Zeng, Lannan Luo, Zhiyun Qian, Xiaojiang Du, and Zhoujun Li
In International Symposium on Code Generation and Optimization (CGO), 2018, Vösendorf, Austria.
TDSC 18
[Journal]
An Empirical Analysis of Hazardous Uses of Android Shared Storage [PDF]
Shaoyong Du, Pengxiong Zhu, Jingyu Hua, Zhiyun Qian, Zhao Zhang, Xiaoyu Chen, and Sheng Zhong
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2018.
ToN 18
[Journal]
Off-Path TCP Exploits of the Challenge ACK Global Rate Limit [PDF]
Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, and Lisa M. Marvel
In IEEE/ACM Transactions on Networking (TON) 2018.
2017  
IMC 17 Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship [PDF] [Source]
Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy
In ACM Internet Measurement Conference (IMC) 2017, London, UK.
IMC 17 The Ad Wars: Retrospective Measurement and Analysis of Anti-Adblock Filter Lists [PDF]
Umar Iqbal, Zubair Shafiq, Zhiyun Qian
In ACM Internet Measurement Conference (IMC) 2017, London, UK.
ICNP 17 Multipath TCP Traffic Diversion Attacks and Countermeasures [PDF] [IETF discussion & patch]
Ali Munir, Zhiyun Qian, Zubair Shafiq, Alex Liu, Franck Le
In IEEE International Conference on Network Protocols (ICNP) 2017, Toronto, Canada.
ICNP 17 Selective HTTPS Traffic Manipulation at Middleboxes for BYOD Devices [PDF]
Xing Liu, Feng Qian, and Zhiyun Qian
In IEEE International Conference on Network Protocols (ICNP) 2017, Toronto, Canada.
WOOT 17 Stalling Live Migrations on the Cloud [PDF]
Ahmed Atya, Azeem Aqil, Karim Khalil, Zhiyun Qian, Srikanth V. Krishnamurthy, and Thomas F. La Porta
In USENIX Workshop on Offensive Technologies (WOOT) 2017, Vancouver, Canada.
USENIX
Security 17
Detecting Android Root Exploits by Learning from Root Providers [PDF]
Ioannis Gasparis, Zhiyun Qian, Chengyu Song, and Srikanth V. Krishnamurthy
In Proceedings of USENIX Security 2017, Vancouver, Canada.
Sigmetrics 17 Investigation of the 2016 Linux TCP Stack Vulnerability at Scale [PDF]
Alan Quach*, Zhongjie Wang*, and Zhiyun Qian
Both authors contributed equally.
In Proceedings of ACM SIGMETRICS 2017, Urbana-Champaign, IL.
PETS 17 Detecting Anti Ad-blockers in the Wild [PDF]
Muhammad Haris Mughees, Zhiyun Qian, and Zubair Shafiq
In Proceedings of 17th Privacy Enhancing Technologies Symposium (PETS) 2017, Minneapolis, MN.
[Data Transparency Lab Award] [FTC Privacy Con] [MIT Technology Review (tech report version)]
INFOCOM 17 Malicious Co-Residency on the Cloud: Attacks and Defense [PDF]
Ahmed Osama Fathy Atya, Zhiyun Qian, Srikanth V. Krishnamurthy, Thomas La Porta, Patrick McDaniel, and Lisa Marvel
In Proceedings of IEEE International Conference on Computer Communications (INFOCOM) 2017, Atlanta, GA.
PAM 17 Where is the Weakest Link? A Study on Security Discrepancies between Android Apps and Their Website Counterparts [PDF]
Arash Alavi, Alan Quach, Hang Zhang, Bryan Marsh, Farhan Ul Haq, Zhiyun Qian, Long Lu, Rajiv Gupta
In Proceedings of Passive and Active Measurement Conference (PAM) 2017, Sydney, Australia.
2016  
CCS 16 Android ION Hazard: the Curse of Customizable Memory Management System [PDF] [Website]
Hang Zhang, Dongdong She, Zhiyun Qian
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2016, Vienna, Austria.
[CVE-2015-8950] [CVE-2016-8756] [CVE-2016-8757] [CVE-2016-8758] [CVE-2017-8164] [CVE-2017-8165]
CCS 16 The Misuse of Android Unix Domain Socket and Security Implications [PDF]
Yuru Shao, Jason Ott, Yunhan Jack Jia, Zhiyun Qian, Z. Morley Mao
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2016, Vienna, Austria.
[CVE-2016-3360] [CVE-2016-3683] [CVE-2016-3898]
Globecom 16 Optimal Monitor Placement for Detection of Persistent Threats [PDF]
Karim A. Khalil, Zhiyun Qian, Paul Yu, Srikanth V. Krishnamurthy, Ananthram Swami
In Proceedings of IEEE GLOBECOM 2016, Washington, D.C.
USENIX
Security 16
Off-Path TCP Exploits: Global Rate Limit Considered Dangerous [CVE-2016-5696] [PDF]
Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel
In Proceedings of USENIX SECURITY 2016, Austin, TX.
[GeekPwn Award]
[Internet Defense Prize Runner-up]

Media coverage: [LWN.net] [ARS Technica] [Slashdot] [The Register] [ZDNET] [FreeBuf(Chinese) 中文] ...
AsiaCCS 16 revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps [PDF]
Zheran Fang, Weili Han, Dong Li, Zeqing Guo, Danhao Guo, Xiaoyang Sean Wang, Zhiyun Qian, Hao Chen
In Proceedings of the 11th ACM Asia Conference on Computer and Communications Security (ASIACCS) 2016, Xi'an, China.
VLDB 16 Behavior Query Discovery in System-Generated Temporal Graphs [PDF]
Bo Zong, Xusheng Xiao, Zhichun Li, Zhenyu Wu, Zhiyun Qian, Xifeng Yan, Ambuj K. Singh, and Guofei Jiang
In Proceedings of the 42nd International Conference on Very Large Data Bases (VLDB) 2016, New Delhi, India.
NDSS 16 Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework [PDF] [Website]
Yuru Shao, Jason Ott, Qi Alfred Chen, Zhiyun Qian, Z. Morley Mao
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2016, San Diego, CA.
2015  
CCS 15 Android Root and its Providers: A Double-Edged Sword [PDF]
Hang Zhang, Dongdong She, Zhiyun Qian
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2015, Denver, CO.
Media coverage: [ARS Technica] [Trustlook] [Marketwired]
CCS 15 Static Detection of Packet Injection Vulnerabilities: A Case for Identifying Attacker-controlled Implicit Information Leaks [PDF] [Website]
Qi Alfred Chen, Zhiyun Qian, Yunhan Jack Jia, Yuru Shao, Z. Morley Mao
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2015, Denver, CO.
MILCOM 15 Proactive Restart as Cyber Maneuver for Android [PDF]
Zhiyong Shan, Iulian Neamtiu, Zhiyun Qian, Don Torrieri.
In Proceedings of the Military Communications Conference (MILCOM) 2015, Tampa, FL.
ASIACCS 15 Discover and Tame Long-running Idling Processes in Enterprise Systems [PDF]
Jun Wang, Zhiyun Qian, Zhichun Li, Zhenyu Wu, Junghwan Rhee, Xia Ning, Peng Liu, Guofei Jiang
In Proceedings of 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2015, Singapore.
NDSS 15 Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting [PDF]
Kangjie Lu, Zhichun Li, Vasileios Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, Guofei Jiang
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2015, San Diego, CA.
<= 2014  
USENIX
Security 14
Peeking into Your App without Actually Seeing it: UI State Inference and Novel Android Attacks [PDF]
Qi Alfred Chen, Zhiyun Qian, Z. Morley Mao
In Proceedings of USENIX SECURITY 2014, San Diego, CA.
Media coverage: [ARS Technica] [CBS] [Slashdot] [CNET] [ZDNET]  
CODASPY 13 AppProfiler: A Flexible Method of Exposing Privacy-Related Behavior in Android Applications to End Users [PDF]
Sanae Rosen, Zhiyun Qian, Z. Morley Mao
In Proceedings of ACM CODASPY 2013, San Antonio, TX.
CCS 12 Collaborative TCP Sequence Number Inference Attack -- How to Crack Sequence Number Under A Second [PDF]
Zhiyun Qian, Z. Morley Mao, Yinglian Xie
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2012, Raleigh, NC.
Impact on Linux: [LWN.net] [Linux patch] [Apple advisory 1 (CVE-2017-13810 )] [Apple advisory 2]
S&P 12 Off-Path TCP Sequence Number Inference Attack -- How Firewall Middleboxes Reduce Security [PDF] [Webiste]
Zhiyun Qian, Z. Morley Mao 
In Proceedings of IEEE Security and Privacy (Oakland) 2012, San Francisco, CA.
Media coverage: [Check Point response] [Cisco response] [ARS Technica] [Engadget] [The Register] [Silicon India News] [Science Daily] ...
NDSS 12 You Can Run, but You Can't Hide: Exposing Network Location for Targeted DoS Attacks in Cellular Networks [PDF]
Zhiyun Qian, Zhaoguang Wang, Qiang Xu, Z. Morley Mao, Ming Zhang and Yi-Min Wang 
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2012, San Diego, CA.
SecureComm 11 Designing Scalable and Effective Decision Support for Mitigating Attacks in Large Enterprise Network [PDF]
Zhiyun Qian, Z. Morley Mao, Ammar Rayes, and David Jaffe
In Proceedings of SecureComm 2011, London, UK.
Sigcomm 11 An Untold Story of Middleboxes in Cellular Networks [PDF]
Zhaoguang Wang, Zhiyun Qian, Qiang Xu, Zhuoqing Morley Mao, and Ming Zhang
In Proceedings of ACM SIGCOMM 2011, Toronto, Canada.
Media coverage: [MIT Technology Review] [Slashdot] [CNET]
CODES/
ISSS 10
Accurate online power estimation and automatic battery behavior based power model generation for smartphones [PDF]
Lide Zhang, Birjodh Tiwana, Zhiyun Qian, Zhaoguang Wang, Robert P. Dick, Z. Morley Mao, and Lei Yang
In Proceedings of the eighth IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis (CODES/ISSS) 2010, Scottsdale, AZ.
S&P 10 Investigation of Triangular Spamming: a Stealthy and Efficient Spamming Technique [PDF]
Zhiyun Qian, Z. Morley Mao, Yinglian Xie, and Fang Yu
In Proceedings of IEEE Security and Privacy (Oakland) 2010, Berkeley, CA.
NDSS 10 On Network-level Clusters for Spam Detection [PDF]
Zhiyun Qian, Z. Morley Mao, Yinglian Xie, and Fang Yu
In Proceedings of the Network & Distributed System Security Symposium (NDSS) 2010, San Diego, CA.
SecureComm
09
Ensemble: Community-based Anomaly Detection for Popular Applications [PDF]
Feng Qian, Zhiyun Qian, Z. Morley Mao, and Atul Prakash
In Proceedings of SecureComm 2009, Athens, Greece.