Welcome to Yuhong Nan's Homepage

I am now an Associate professor in School of Software Engineering, Sun Yat-sen (Zhongshan) University. Previously, I was a Post-doctoral Research Associate at Purdue University, Department of Computer Science, working with Prof. Dongyan Xu. I obtained my PhD from Fudan University under the supervision of Prof. Min Yang in 2018. I am among active top authors in terms of publishing at leading security venues [1] [2].

My research interests broadly fall within the areas of software security and privacy leakage analysis, with a primary focus on analyzing and improving the security and privacy of IoT, mobile, blockchain, and other emerging platforms. My research generally involves building pratical systems and tools to detect/address various security and privacy threats.

I am always looking for self-motivated students to work with me at Sun Yat-sen University. Please check my publications below for more detailed inforamtion about my on-going projects. If you are interested in joining my group, don't hestitate to email me your CV :)

Publications

• [Security'23] Hailun Ding, Juan Zhai, Yuhong Nan and Shiqing Ma. "AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts." In Proceedings of the 32th USENIX Security Symposium (USENIX Security'23). [Top] [CCF-A].
• [Security'23] Yuhong Nan*, Xueqiang Wang*, Luyi Xing, Xiaojing Liao, Ruoyu Wu, Jianliang Wu, Yifan Zhang, and XiaoFeng Wang. "Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps". In Proceedings of the 32th USENIX Security Symposium (USENIX Security'23). [Top] [CCF-A].
• [DSN'23] Zhaoxin Cai, Yuhong Nan, Xueqiang Wang, Mengyi Long, Qihua Ou, Zibin Zheng, and Min Yang. "DARPA: Combating Asymmetric Dark UI Patterns on Android with Run-time View Decorator." IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2023. [CCF-B].
• [ISSTA'23] Zeqin Liao, Sicheng Hao, Yuhong Nan, and Zibin Zheng. "SmartState : Detecting State-reverting Vulnerabilities in Smart Contracts via Fine-grained State-dependency Analysis." In proceedings of the 32th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'23) (Accepted). [Top] [CCF-A].
• [ISSTA'23] Mingxi Ye, Yuhong Nan, Zibin Zheng, Dongpeng Wu and Huizhong Li. "Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing". In proceedings of the 32th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'23) (Accepted). [Top] [CCF-A].
• [ISSTA'22] Zeqin Liao, Zibin Zheng, Xiao Chen and Yuhong Nan. "SmartDagger: A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability." In proceedings of the 31th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'22). [Top] [CCF-A].
• [Security'22] Fei Wang, Jianliang Wu, Yuhong Nan, Yousra Aafer, Xiangyu Zhang, Dongyan Xu, and Mathias Payer. "ProFactory: Improving IoT Security via Formalized Protocol Customization." In proceedings of the 31th USENIX Security Symposium (USENIX Security'22). [Top] [CCF-A].
• [NDSS'22] Mingming Zha, Jice Wang, Yuhong Nan, XiaoFeng Wang, Yuqing Zhang, and Weidong Jing. "Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat Systems." In proceedings of the 29th Network and Distributed System Security Symposium (NDSS'22). [Top] [CCF-A].
• [DSN'22] Ziyi Zhou, Xing Han, Zeyuan Chen, Yuhong Nan, Juanru Li, Dawu Gu, "SIMulation: Demystifying (Insecure) Cellular Network-based One-Tap Authentication Services." IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2022. [CCF-B].
• [NDSS'21] Zeyu Lei, Yuhong Nan, Yanick Fratantonio and Antonio Bianchi. "On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices." In proceedings of the 28th Network and Distributed System Security Symposium. (Acceptance ratio 15.2%), [Top] [CCF-A].
• [Security'21] Jice Wang, Yue Xiao, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, Jinwei Dong, Nicolas Serrano, Haoran Lu, Xiaofeng Wang, and Yuqing Zhang. "Understanding Malicious Cross-library Data Harvesting on Android." In proceedings of the 30th USENIX Security Symposium. [Top] [CCF-A].
• [Security'21] Abdulellah Alsaheel*, Yuhong Nan*, Shiqing Ma, Le Yu, Gregory Walkup, Berkay Celik, Xiangyu Zhang and Dongyan Xu."ATLAS: A Sequence-based Learning Approach for Attack Investigation." In proceedings of the 30th USENIX Security Symposium. [Top] [CCF-A]
• [RAID'20] Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Mathias Payer, and Dongyan Xu."BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy (BLE) Networks." In proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses. (Acceptance ratio 25.6%=21/121) [CCF-B]
• [WOOT'20] Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, and Dongyan Xu. "BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy." In proceedings of the 14th USENIX Workshop on Offensive Technologies.
• [CCS'18] Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, Haixin Duan. "How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World." In proceedings of the 25th ACM Conference on Computer and Communications Security (CCS'18). (Acceptance ratio 16.6%=134/809), [Top] [CCF-A].
• [NDSS'18] Yuhong Nan, Zhemin Yang, Xiaofeng Wang, Yuan Zhang, Donglai Zhu and Min Yang. "Finding Clues For Your Secrets: Semantics Driven, Learning Based Privacy Discovery in Mobile Apps." In proceedings of the 25th Network and Distributed System Security Symposium. (Acceptance ratio 21.5%=71/331), [Top] [CCF-A].
• [TIFS'17] Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, and Limin Sun. "Identifying User-Input Privacy in Mobile Applications at a Large Scale." IEEE Transactions on Information Forensics and Security 12, no. 3 (2017): 647-661. [Top] [CCF-A].
• [Security'15] Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, and Limin Sun. "UIPicker: User-Input Privacy Identification in Mobile Applications." In proceedings of the 24th USENIX Security Symposium. (Acceptance ratio 15.7%=67/426), [Top] [CCF-A]. 

Students

Master Students (7 in total)

• 2023 Xun Zhu, Zhefan Chen
• 2022 Jiatao Chen, Jiayin Huang, Dongpeng Wu
• 2021 Zhaoxin Cai, Peifu Yang

PhDs (6 in total, co-advised with Prof. Zibin Zheng)

• 2023 Jiangrong Wu, Jingwen Zhang, Bowei Su
• 2022 Mingxi Ye, Sicheng Hao
• 2021 Zeqin Liao

Others (in-collaboration)

• Mingming Zha (PhD, Indiana University Bloomington)
• Hailun Ding (PhD, Rutgers University)
• Shuai Li (PhD, Fudan University)
• Zi'an Jia (Master, Fudan University)
• Ziyi Zhou (PhD, Shanghai Jiaotong University)

Academic Services

• IEEE Transactions on Dependable and Secure Computing (TDSC), Reviewer
• IEEE Transactions on Mobile Computing (TMC), Reviewer
• Elsevier Computers & Security, Reviewer
• ACM Transactions on Privacy and Security (TOPS), Reviewer
• ACM Asia Conference on Computer and Communications Security (ASIACCS) 2021, 2022, PC Member
• International Conference on Information and Communications Security (ICICS) 2021, 2022, PC Member

Selected Awards

• CSAW Best Applied Security Research Competition Top-10 Finalist, 2020
• USENIX WOOT 2020 Best Paper Award, 2020
• ACM SIGSAC China Doctoral Dissertation Award, ACM SIGSAC China, two recipients annually, 2019
• Model Outstanding Ph.D. Graduate Student, Fudan University, 2018
• Chinese Government Scholarship (Visiting scholar at Indiana University Bloomington), China Scholarship Council, 2016
• Baidu Research Scholarship, 10 global recipients annually with 200K RMB, Baidu Inc. 2015
• USENIX Security Student Travel Grant, USENIX Association, 2015