Publications

You can also find my articles on my Google Scholar profile.

ICSE 22
Demystifying the Dependency Challenge in Kernel Fuzzing
Yu Hao, Hang Zhang, Guoren Li, Xingyun Du, Zhiyun Qian, Ardalan Amiri Sani
In Proceedings of IEEE/ACM International Conference on Software Engineering (ICSE) 2022.
USENIX Security 22
SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs
Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, and Zhiyun Qian
In Proceedings of USENIX Security 2022.
S&P 22
Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK
Xuancheng Jin, Xuangan Xiao, Songlin Jia, Wang Gao, Hang Zhang, Dawu Gu, Siqi Ma, Zhiyun Qian, and Juanru Li
In Proceedings of IEEE Security and Privacy (Oakland) 2022.
CCS 21
Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels [paper] [code]
Hang Zhang, Weiteng Chen, Yu Hao, Guoren Li, Yizhuo Zhai, Xiaochen Zou, and Zhiyun Qian
In Proceedings of ACM CCS 2021.
USENIX Security 21
SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning [paper] [code]
Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, and Nael Abu-Ghazaleh
In Proceedings of USENIX Security 2021.
USENIX Security 21
An Investigation of the Android Kernel Patch Ecosystem [paper] [code]
Zheng Zhang, Hang Zhang, Zhiyun Qian, and Billy Lau
In Proceedings of USENIX Security 2021.
TDSC 21 [Journal]
Who Moves My App Promotion Investment? A Systematic Study about App Distribution Fraud
Shaoyong Du, Minrui Zhao, Jingyu Hua, Hang Zhang, Xiaoyu Chen, Zhiyun Qian, and Sheng Zhong
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2021.
FSE 20
UBITect: A Precise and Scalable Method to Detect Use-Before-Initialization bugs in Linux Kernel [paper] [code]
Yizhuo Zhai, Yu Hao, Hang Zhang, Daimeng Wang, Chengyu Song, Zhiyun Qian, Mohsen Lesani, Srikanth V. Krishnamurthy, Paul Yu
In Proceedings of the 2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE 20), Sacramento, CA.
USENIX Security 18
Precise and Accurate Patch Presence Test for Binaries [paper] [code]
Hang Zhang and Zhiyun Qian
In Proceedings of USENIX Security 2018, Baltimore, MD.
USENIX Security 18
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems [paper] [code]
Seyed Mohammadjavad Seyed Talebi and Hamid Tavakoli, Hang Zhang and Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian
In Proceedings of USENIX Security 2018, Baltimore, MD.
PAM 17
Where is the Weakest Link? A Study on Security Discrepancies between Android Apps and Their Website Counterparts [paper]
Arash Alavi, Alan Quach, Hang Zhang, Bryan Marsh, Farhan Ul Haq, Zhiyun Qian, Long Lu, Rajiv Gupta
In Proceedings of Passive and Active Measurement Conference (PAM) 2017, Sydney, Australia.
CCS 16
Android ION Hazard: the Curse of Customizable Memory Management System [paper] [website]
Hang Zhang, Dongdong She, Zhiyun Qian
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2016, Vienna, Austria.
[CVE-2015-8950] [CVE-2016-8756] [CVE-2016-8757] [CVE-2016-8758] [CVE-2017-8164] [CVE-2017-8165]
CCS 15
Android Root and its Providers: A Double-Edged Sword [paper]
Hang Zhang, Dongdong She, Zhiyun Qian
In Proceedings of ACM Conference on Computer and Communications Security (CCS) 2015, Denver, CO.
Media coverage: [ARS Technica] [Trustlook] [Marketwired]
HPCC 13
Protecting Outsourced Data Privacy with Lifelong Policy Carrying [paper]
Xiaoguang Wang, Yong Qi, Yuehua Dai, Jianbao Ren, Hang Zhang
In Proceedings of IEEE International Conference on High Performance Computing and Communications (HPCC) 2013, Zhangjiajie, PRC.
APCID 10
Artificial Immunity based Virus Detection Model for Portable Storage Devices
Hang Zhang, Wei Liu, Jiaxin Li, Xiaobo Gou, Yang Han and Xiaodong Guo
In Proceedings of Asia-Pacific Conference on Information Network and Digital Content Security (APCID) 2010, Beijing, PRC.