Introduction

I am now a postdoctoral research associate at Purdue University, working with Prof. Dongyan Xu. I am also affilated with the Center for Education and Research in Information Assurance and Security CERIAS at Purdue, as a visiting scholar. I obtained my PhD from Fudan University under the supervision of Prof. Min Yang. Part of my work was also supervised by Prof. Guofei Gu from Texas A&M University, and Prof. Xiaofeng Wang from Indiana University at Bloomington.

My research interests broadly fall within the areas of systems security and privacy, with a primary focus on analyzing and improving the security and privacy of mobile and IoT platforms. My research generally involves building real systems and tools to address or perform large-scale measurements of security and privacy risks.

Publication

• Zeyu Lei, Yuhong Nan, Yanick Fratantonio and Antonio Bianchi. "On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices." In proceedings of the 28th Network and Distributed System Security Symposium (NDSS'21).

• Jice Wang, Yue Xiao, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, Jinwei Dong, Nicolas Serrano, Xiaofeng Wang, Yuqing Zhang and Haoran Lu."Roommate Theft: Understanding Illicit Cross-library Data Harvesting." In proceedings of the 30th USENIX Security Symposium (USENIX Security'21)

• Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Berkay Celik, Xiangyu Zhang and Dongyan Xu."ATLAS: A Sequence-based Learning Approach for Attack Investigation." In proceedings of the 30th USENIX Security Symposium (USENIX Security'21)

• Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Mathias Payer, and Dongyan Xu."BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy (BLE) Networks." In proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID'20).

• Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, and Dongyan Xu. "BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy." In proceedings of the 14th USENIX Workshop on Offensive Technologies (WOOT'20).

• Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, Haixin Duan. "How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World." In proceedings of the 25th ACM Conference on Computer and Communications Security (CCS'18) , Toronto, Canada, October 2018. [pdf]

• Yuhong Nan, Zhemin Yang, Xiaofeng Wang, Yuan Zhang, Donglai Zhu and Min Yang. "Finding Clues For Your Secrets: Semantics Driven, Learning Based Privacy Discovery in Mobile Apps." In proceedings of the 25th Network and Distributed System Security Symposium (NDSS’18). (Acceptance ratio 21.5%=71/331) [slides] [pdf]

• Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, and Limin Sun. "Identifying User-Input Privacy in Mobile Applications at a Large Scale.." IEEE Transactions on Information Forensics and Security 12, no. 3 (2017): 647-661. [pdf]

• Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, and Limin Sun. "UIPicker: User-Input Privacy Identification in Mobile Applications." In proceedings of the 24th USENIX Security Symposium (USENIX Security'15), Washington DC, August 2015. (Acceptance ratio 15.7%=67/426) [slides] [pdf]

Invited Talks

• "Semantics Driven, Learning Based Privacy Discovery in Mobile Apps", CERIAS Seminar. The Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University, West Lafayette, Feb 26, 2019.
• "Semantics Driven, Learning Based Privacy Discovery in Mobile Apps", Tsinghua University, Beijing, China, Jan 13, 2018.
• "My Ph.D. Journey", InforSec Summer Campus Opening, Tsinghua University, Beijing, China, July 11, 2017.
• "UIPicker: User-Input Privacy Identification in Mobile Applications", 24th USENIX Security Symposium, Washington, D.C., U.S., August 14, 2015.
• "Persistent Storage Privacy Leakage in Android Applications", Cheetah Mobile Inc (NYSE:CMCM), Beijing, China, June 26, 2014.

Academic Services

• IEEE Transactions on Dependable and Secure Computing (TDSC), Reviewer
• Elsevier Computers & Security, Reviewer
• ACM Transactions on Privacy and Security (TOPS), Reviewer
• Journal of Software: Practice and Experience, Reviewer
• ACM Conference on Computer and Communications Security (CCS), 2016, 2018, 2019, Sub-reviewer
• Network and Distributed System Security Symposium (NDSS), 2017, 2020, 2021 Sub-reviewer
• International Conference on Security and Privacy in Communication Networks (SecureComm), 2015, Sub-reviewer
• ACM Asia Conference on Computer and Communications Security (ASIACCS), 2016, Sub-reviewer
• IEEE Transactions on Information Forensics and Security (TIFS), Sub-reviewer
• SCIENCE CHINA Information Sciences, Sub-reviewer
• Journal of Software (in Chinese), Sub-reviewer

Selected Awards

• ACM SIGSAC China Doctoral Dissertation Award, ACM SIGSAC China, two recipients annually (2019.06)
• Model Outstanding Ph.D. Graduate Student, Fudan University (2018.06)
• IBM-CSC Scholarship (3 postgraduate students from Fudan University selected), China Scholarship Council (CSC) (2017.10)
• Chinese Government Scholarship (Visiting scholar at Indiana University Bloomington), China Scholarship Council (2016.05)
• Baidu Research Scholarship, 10 global recipients annually with 200K RMB, Baidu Inc. (2015.11)
• First-class Academic Scholarship, CS dept., Fudan University (2015.10)
• USENIX Security Student Travel Grant, USENIX Association (2015.08)
• Second-class Academic Scholarship, CS dept., Fudan University (2013-2014)
• Outstanding Bachelor’s Degree Thesis in Hainan University (2012)
• Model Outstanding Graduate Student (top 0.3% of univ.), Hainan University (2011)
• National Scholarship (top 1% of univ.), Twice, Ministry of Education of China (2010-11)