Welcome to Yuhong Nan's Homepage

I am now an Associate professor in School of Software Engineering, Sun Yat-sen (Zhongshan) University. Previously, I was a Post-doctoral Research Associate at Purdue University, Department of Computer Science, working with Prof. Dongyan Xu. I obtained my PhD from Fudan University under the supervision of Prof. Min Yang in 2018. I am among active top authors in terms of publishing at leading security venues [1] [2].

My research interests broadly fall within the areas of software security and privacy leakage analysis, with a primary focus on analyzing and improving the security and privacy of IoT, mobile, blockchain, and other emerging platforms. My research generally involves building pratical systems and tools to detect/address various security and privacy threats.

I am always looking for self-motivated students to work with me at Sun Yat-sen University. Please check my publications below for more detailed inforamtion about my on-going projects. If you are interested in joining my group, don't hestitate to email me your CV :)

Publications

Top-tier security venues (15 papers): USENIX-Security *8 , CCS *3 , NDSS *4

• [CCS’24] Shuai Li, Zhemin Yang, Yuhong Nan, Shutian Yu, Qirui Zhu, Min Yang. “Are We Getting Well-informed? An In-depth Study of Runtime Privacy Notice Practice in Mobile Apps”. In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS’24). [Top] [CCF A].
• [CCS’24] Mingming Zha, Zilong Lin, Siyuan Tang, Xiaojing Liao, Yuhong Nan, XiaoFeng Wang. “Understanding Cross-Platform Referral Traffic for Illicit Drug Promotion”. In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS’24). [Top] [CCF A].
• [IOTJ’24] Peifu Yang, Yuhong Nan, Lei Xue, Yuliang Zhang, Juan Zhai, Zibin Zheng. “Understanding Privacy Risks of Intelligent Connected Vehicles Through Their Companion Mobile Apps”. In IEEE Internet Things Journal, 11(20): 33683-33695 (2024).
• [FSE’24] Zeqin Liao, Yuhong Nan, Henglong Liang, Sicheng Hao, Juan Zhai, Jiajing Wu, Zibin Zheng. “SmartAxe: Detecting Cross-Chain Vulnerabilities in Bridge Smart Contracts via Fine-Grained Static Analysis”. In Proceedings of the ACM on Software Engineering, Volume 1, Issue FSE (FSE’24). [Top] [CCF A].
• [ISSTA’24] Mingxi Ye, Xingwei Lin, Yuhong Nan, Jiajing Wu, Zibin Zheng. “Midas: Mining Profitable Exploits in On-Chain Smart Contracts via Feedback-Driven Fuzzing and Differential Analysis”. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’24). [Top] [CCF A].
• [Security'24] Yifan Zhang, Zhaojie Hu, Xueqiang Wang, Yuhui Hong, Yuhong Nan, XiaoFeng Wang, Jiatao Cheng, Luyi Xing. "Navigating the Privacy Compliance Maze: Understanding Risks with Privacy-Configurable Mobile SDKs." In Proceedings of the 33th USENIX Security Symposium (USENIX Security'24). [Top] [CCF-A].
• [NDSS'24] Jiangrong Wu, Yuhong Nan, Luyi Xing, Jiatao Cheng, Zimin Lin, Zibin Zheng, Min Yang. "Leaking the Privacy of Groups and More:Understanding Privacy Risks of Cross-App Content Sharing in Mobile Ecosystem." In proceedings of the 31th Network and Distributed System Security Symposium. [Top] [CCF-A].
• [Security'24] Zian Jia, Yun Xiong, Yuhong Nan, Yao Zhang, Jinjing Zhao, Mi Wen. "MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning." In Proceedings of the 33th USENIX Security Symposium (USENIX Security'24). [Top] [CCF-A].
• [ICSE'24] Zhijie Zhong, Hong-Ning Dai, Zibin Zheng, Qing Xue, Junjia Chen, Yuhong Nan. "PrettySmart: Detecting Permission Re-delegation Vulnerability for Token Behaviors in Smart Contracts." In Proceedings of the 46th ACM/IEEE International Conference on Software Engineering. [Top] [CCF-A].
• [ASE'23] Sicheng Hao, Yuhong Nan, Zibin Zheng, Xiaohui Liu. "SmartCoco: Checking Comment-code Inconsistency in Smart Contracts via Constraint Propagation and Binding." In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering. [Top] [CCF-A].
• [Security'23] Hailun Ding, Juan Zhai, Yuhong Nan and Shiqing Ma. "AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts." In Proceedings of the 32th USENIX Security Symposium (USENIX Security'23). [Top] [CCF-A].
• [Security'23] Yuhong Nan*, Xueqiang Wang*, Luyi Xing, Xiaojing Liao, Ruoyu Wu, Jianliang Wu, Yifan Zhang, and XiaoFeng Wang. "Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps". In Proceedings of the 32th USENIX Security Symposium. [Top] [CCF-A].
• [DSN'23] Zhaoxin Cai, Yuhong Nan, Xueqiang Wang, Mengyi Long, Qihua Ou, Zibin Zheng, and Min Yang. "DARPA: Combating Asymmetric Dark UI Patterns on Android with Run-time View Decorator." IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2023. [CCF-B].
• [ISSTA'23] Zeqin Liao, Sicheng Hao, Yuhong Nan, and Zibin Zheng. "SmartState : Detecting State-reverting Vulnerabilities in Smart Contracts via Fine-grained State-dependency Analysis." In proceedings of the 32th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'23). [Top] [CCF-A].
• [ISSTA'23] Mingxi Ye, Yuhong Nan, Zibin Zheng, Dongpeng Wu and Huizhong Li. "Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing". In proceedings of the 32th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'23). [Top] [CCF-A].
• [ISSTA'22] Zeqin Liao, Zibin Zheng, Xiao Chen and Yuhong Nan. "SmartDagger: A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability." In proceedings of the 31th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'22). [Top] [CCF-A].
• [Security'22] Fei Wang, Jianliang Wu, Yuhong Nan, Yousra Aafer, Xiangyu Zhang, Dongyan Xu, and Mathias Payer. "ProFactory: Improving IoT Security via Formalized Protocol Customization." In proceedings of the 31th USENIX Security Symposium (USENIX Security'22). [Top] [CCF-A].
• [NDSS'22] Mingming Zha, Jice Wang, Yuhong Nan, XiaoFeng Wang, Yuqing Zhang, and Weidong Jing. "Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat Systems." In proceedings of the 29th Network and Distributed System Security Symposium (NDSS'22). [Top] [CCF-A].
• [DSN'22] Ziyi Zhou, Xing Han, Zeyuan Chen, Yuhong Nan, Juanru Li, Dawu Gu, "SIMulation: Demystifying (Insecure) Cellular Network-based One-Tap Authentication Services." IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2022. [CCF-B].
• [NDSS'21] Zeyu Lei, Yuhong Nan, Yanick Fratantonio and Antonio Bianchi. "On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices." In proceedings of the 28th Network and Distributed System Security Symposium. [Top] [CCF-A].
• [Security'21] Jice Wang, Yue Xiao, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, Jinwei Dong, Nicolas Serrano, Haoran Lu, Xiaofeng Wang, and Yuqing Zhang. "Understanding Malicious Cross-library Data Harvesting on Android." In proceedings of the 30th USENIX Security Symposium. [Top] [CCF-A].
• [Security'21] Abdulellah Alsaheel*, Yuhong Nan*, Shiqing Ma, Le Yu, Gregory Walkup, Berkay Celik, Xiangyu Zhang and Dongyan Xu."ATLAS: A Sequence-based Learning Approach for Attack Investigation." In proceedings of the 30th USENIX Security Symposium. [Top] [CCF-A]
• [RAID'20] Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Mathias Payer, and Dongyan Xu."BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy (BLE) Networks." In proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses. [CCF-B]
• [WOOT'20] Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, and Dongyan Xu. "BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy." In proceedings of the 14th USENIX Workshop on Offensive Technologies.
• [CCS'18] Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, Haixin Duan. "How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World." In proceedings of the 25th ACM Conference on Computer and Communications Security (CCS'18). [Top] [CCF-A].
• [NDSS'18] Yuhong Nan, Zhemin Yang, Xiaofeng Wang, Yuan Zhang, Donglai Zhu and Min Yang. "Finding Clues For Your Secrets: Semantics Driven, Learning Based Privacy Discovery in Mobile Apps." In proceedings of the 25th Network and Distributed System Security Symposium. [Top] [CCF-A].
• [TIFS'17] Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, and Limin Sun. "Identifying User-Input Privacy in Mobile Applications at a Large Scale." IEEE Transactions on Information Forensics and Security 12, no. 3 (2017): 647-661. [Top] [CCF-A].
• [Security'15] Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, and Limin Sun. "UIPicker: User-Input Privacy Identification in Mobile Applications." In proceedings of the 24th USENIX Security Symposium. [Top] [CCF-A]. 

Students

Master Students

• 2024 Mengyi Long, Yiming Zhang
• 2023 Xun Zhu, Zhefan Chen, Shaojiang Wang
• 2022 Jiatao Chen, Jiayin Huang, Dongpeng Wu
• 2021 Zhaoxin Cai (Tencent), Peifu Yang (Tencent)

PhDs (co-advised with Prof. Zibin Zheng)

• 2023 Jiangrong Wu, Jingwen Zhang, Bowei Su
• 2022 Mingxi Ye, Sicheng Hao, Wei Li
• 2021 Zeqin Liao

Academic Services

• IEEE Transactions on Dependable and Secure Computing (TDSC), Reviewer
• IEEE Transactions on Mobile Computing (TMC), Reviewer
• Elsevier Computers & Security, Reviewer
• ACM Transactions on Privacy and Security (TOPS), Reviewer
• ACM Asia Conference on Computer and Communications Security (ASIACCS) 2021, 2022, PC Member
• International Conference on Information and Communications Security (ICICS) 2021, 2022, PC Member