Wenrui Diao's Homepage (刁文瑞教授-山东大学-个人主页)

alt text 

Wenrui Diao 刁文瑞

Ph.D., The Chinese University of Hong Kong, 2017

Taishan Young Scholar (山东省泰山学者青年专家)

Xiaomi Young Scholar (山东大学-小米公益基金会 小米青年学者)

Qilu Young Scholar (山东大学齐鲁青年学者)

Professor 教授、博士生导师

School of Cyber Science and Technology, Shandong University

山东大学 网络空间安全学院

Qingdao, China

Email: diaowenrui [AT] link.cuhk.edu.hk

[Google Scholar] [DBLP] [Faculty Page]

News:

>>> Dec 2024: Our team ranked DataCon 2024大数据安全分析竞赛-AI安全赛道 亚军.

>>> Dec 2024: Our team ranked DataCon 2024大数据安全分析竞赛-软件供应链安全赛道 季军.

>>> Nov 2024: I will serve as TPC Member for ACM CCS 2025.

>>> Oct 2024: I will serve as TPC Member for ACM CODASPY 2025.

>>> Oct 2024: Our Web3 Security Paper was awarded ACM CCS 2024 Distinguished Paper Award (杰出论文奖)

>>> Jul 2024: I will serve as TPC Member for USENIX-SEC 2025.

>>> Jul 2024: Two papers accepted by ISSRE 2024.

>>> Jul 2024: One paper accepted by RAID 2024.

>>> Jun 2024: I will serve as TPC Member for IEEE EuroS&P 2025.

>>> May 2024: Two papers accepted by ACM CCS 2024.

>>> Jan 2024: 闫凯伦同学获山东大学研究生境外留学基金和课题组资助,将前往美国乔治梅森大学开展博士生联合培养.

>>> Jan 2024: 杨士帅同学获国家留学基金委(CSC)和课题组资助,将前往新加坡国立大学开展博士生联合培养.

>>> Jan 2024: One paper accepted by WWW 2024.

>>> Dec 2023: I will serve as TPC Member for ACM CCS 2024.

>>> Dec 2023: One paper accepted by SANER 2024.

>>> Dec 2023: I was awarded 山东大学首届“小米青年学者”.

>>> Nov 2023: Our team ranked DataCon 2023大数据安全分析竞赛-互联网威胁溯源赛道 季军.

>>> Nov 2023: Our team ranked DataCon 2023大数据安全分析竞赛-软件安全赛道 季军.

>>> Sep 2023: I will serve as TPC Member for ACM CODASPY 2024.

>>> Sep 2023: I will serve as TPC Member (Tools Demo Track) for SANER 2024.

>>> Aug 2023: One papers accepted by ICSE 2024.

>>> Aug 2023: I will serve as TPC Member for IEEE EuroS&P 2024.

>>> Jun 2023: One paper accepted by USENIX-SEC 2023.

>>> May 2023: One paper accepted by IEEE TSE.

>>> Jan 2023: One paper accepted by WWW 2023.

>>> Jan 2023: 李蕊同学获山东大学研究生境外留学基金和课题组资助,将前往香港中文大学开展博士生联合培养.

>>> Oct 2022: I was awarded 山东省泰山学者青年专家.

>>> Jan 2022: I will serve as TPC Member for ESORICS 2022.

>>> Dec 2021: Three papers accepted by ICSE 2022.

>>> Oct 2021: One paper accepted by IEEE TSE.

>>> Aug 2021: Our team received 第十四届全国大学生信息安全竞赛-作品赛 一等奖.

>>> Jul 2021: One paper accepted by ACM CCS 2021.

>>> Dec 2020: I will serve as TPC Member for ESORICS 2021.

>>> Nov 2020: One paper accepted by IEEE S&P 2021.

>>> May 2020: I received ACM SIGSAC China Rising Star Award (ACM SIGSAC China新星奖).

招生意向

在网络空间安全专业(网络与系统安全方向)招收博士、硕士研究生,将主要开展国际水准的移动安全与物联网安全方向研究。研究项目获得国家自然科学基金、山东省泰山学者工程、山东省自然科学基金、山东大学高层次人才学科建设经费、小米公益基金会等支持。研究成果发表于IEEE S&P、USENIX Security、ACM CCS、NDSS、ICSE、WWW等多个系统安全&软件工程领域顶级/知名国际会议。欢迎对于系统安全研究具有浓厚兴趣,具备良好编程动手能力及系统软硬件知识的同学报考。

课题组为科研表现优异的研究生提供多种形式的国内/海外学术交流访问机会,为优秀硕士生提供硕转博衔接培养机会,为优秀博士生提供赴海外顶级系统安全实验室访问机会(已出访学校包括:新加坡国立大学、乔治梅森大学、香港中文大学)。

有意报考同学请通过电子邮件同我取得联系(2025年秋季入学硕士研究生招生名额剩余:1),标明推免报考类型(专硕/学硕)。按照学院要求,不可在正式录取前确认学生,推免同学建议在【我院推免录取名单公示后】同我联系,考研同学建议在【通过我院研招复试后】同我联系。我院博士招生采用申请-考核制,一般在12月(来年4/5月可能有少量名额的第二批招生)开展招生工作,可随时联系,但预计在11月名额才会较为确定。

报考硕士研究生的同学需具备信息安全、计算机、软件工程等电子信息类本科专业背景,通过英语六级,请提供【简历】+【本科成绩单(含英语六级成绩)】,CTF等信息安全类竞赛科研经历为加分项。申请博士研究生的同学需具备计算机安全或相关领域(如软件工程、操作系统等)研究基础及论文发表经历,请提供【简历】+【论文代表作(即第一作者论文)】。如未提供有效材料,恕无法回复邮件

再次强调一下,本组研究方向关注现实安全问题,为非理论性研究,学生需具备【软件安全基础、良好的编程与系统搭建能力】,以便开展科研。P.S., 本组的专业型硕士研究生(专硕)亦采用科研导向的培养模式,毕业标准参照学术型硕士研究生(学硕)。

P.S., 山东大学为中央网信办和教育部一流网络安全学院建设示范项目高校。网络空间安全学院位于山东大学青岛校区,地处青岛市“蓝色硅谷”核心区,依山傍海,空气清新,景色宜人,校园距离海边直线距离不足500米。

To 本院学生:

alt text 

Biography

I am a Professor in School of Cyber Science and Technology at Shandong University. Before joining SDU, I obtained my Ph.D. degree from The Chinese University of Hong Kong, under the supervision of Prof. Kehuan Zhang. Also, I ever visited / worked / interned at Jinan University, Indiana University Bloomington, City University of Hong Kong, Syniverse Technologies, and EMC Labs China. My research focuses on system security, especially mobile security and IoT security. I was a founding member of System Security Lab of CUHK.

Education

Experience

Selected Publications

Publications at Top-tier Venues (16 papers): IEEE S&P (’21, ’16), USENIX Security (’23), ACM CCS (’24 x 2, ’21, ’15, ’14), NDSS (’19, ’18), ICSE (’24, ’22 × 3), WWW (’24, ’23)

Publications Ranking Statistics: CCF A: 18 papers, CCF B: 13 papers, CCF C: 12 papers

Author with (✉️): Corresponding Author - 通讯作者,即相关论文由本组所主导完成

See: Full Publications

  1. [EMSE] Shishuai Yang, Qinsheng Hou, Shuang Li, Fenghao Xu, and Wenrui Diao (✉️). From Guidelines to Practice: Assessing Android App Developer Compliance with Google’s Security Recommendations. Empirical Software Engineering, 30 (11): 1-33, 2025. [Q1, CCF B] [Link]

  2. [ISSRE’24] Shuang Li, Rui Li, Shishuai Yang, and Wenrui Diao (✉️). Android's Cat-and-Mouse Game: Understanding Evasion Techniques against Dynamic Analysis. The 35th IEEE International Symposium on Software Reliability Engineering, Tsukuba, Japan. October 28th - 31st, 2024. [Core A, CCF B] [PDF]

  3. [ISSRE’24] Shishuai Yang, Guangdong Bai (✉️), Ruoyan Lin, Jialong Guo, and Wenrui Diao (✉️). Beyond the Horizon: Exploring Cross-Market Security Discrepancies in Parallel Android Apps. The 35th IEEE International Symposium on Software Reliability Engineering, Tsukuba, Japan. October 28th - 31st, 2024. [Core A, CCF B] [PDF]

  4. [CCS’24] Kailun Yan, Xiaokuan Zhang (✉️), and Wenrui Diao (✉️). Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication. The 31st ACM Conference on Computer and Communications Security, Salt Lake City, UT, USA. October 14-18, 2024. [Top] [Core A*, CCF A] [Distinguished Paper Award] [PDF] [Demo] [Code] [CVE-2023-50053, CVE-2023-50059] [Media Coverage: 山大视点]

  5. [CCS’24] Zidong Zhang, Qinsheng Hou, Lingyun Ying (✉️), Wenrui Diao (✉️), Yacong Gu, Rui Li, Shanqing Guo, Haixin Duan. MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs. The 31st ACM Conference on Computer and Communications Security, Salt Lake City, UT, USA. October 14-18, 2024. [Top] [Core A*, CCF A] [PDF] [Code] [CNVD-2024-05527, CNVD-2023-75836, CNVD-2023-75837] [Media Coverage: QI-ANXIN]

  6. [RAID’24] Jianing Wang, Shanqing Guo, Wenrui Diao, Yue Liu, Haixin Duan, Yichen Liu, and Zhenkai Liang. CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning. The 27th International Symposium on Research in Attacks, Intrusions and Defenses, Padua, Italy. September 30 - October 2, 2024. [Core A, CCF B] [PDF]

  7. [WWW’24] Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying (✉️), Wenrui Diao (✉️), Yanan Li, Shanqing Guo, and Haixin Duan. From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps. The 33rd ACM Web Conference, Singapore. May 13-17, 2024. [Top] [Core A*, CCF A] [PDF] [Media Coverage: QI-ANXIN]

  8. [ICSE’24] Pengcheng Ren, Chaoshun Zuo, Xiaofeng Liu, Wenrui Diao, Qingchuan Zhao, and Shanqing Guo. DEMISTIFY: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps. The 46th IEEE/ACM International Conference on Software Engineering, Lisbon, Portugal. April 14-20, 2024. [Top] [Core A*, CCF A] [PDF]

  9. [SANER’24] Shuang Li, Rui Li, Yifan Yu, Kailun Yan, Shishuai Yang, and Wenrui Diao (✉️). Understanding Android OS Forward Compatibility Support for Legacy Apps: A Data-Driven Analysis. The 31st IEEE International Conference on Software Analysis, Evolution, and Reengineering, Rovaniemi, Finland. March 12-15, 2024. [Core A, CCF B] [PDF]

  10. [USENIX-SEC’23] Rui Li, Wenrui Diao (✉️), Shishuai Yang, Xiangyu Liu, Shanqing Guo, and Kehuan Zhang. Lost in Conversion: Exploit Data Structure Conversion with Attribute Loss to Break Android Systems. The 32nd USENIX Security Symposium, Anaheim, CA, USA. August 9-11, 2023. [Top] [Core A*, CCF A] [PDF] [Demo] [CVE-2021-39695, CVE-2022-20392, CVE-2023-20971] [Media Coverage: 山大视点]

  11. [IEEE TSE] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Chenglin Mao, Lingyun Ying, Song Liu, Xiaofeng Liu, Yuanzhi Li, Shanqing Guo, Meining Nie, and Haixin Duan. Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem. IEEE Transactions on Software Engineering, 49(7): 3901-3921, 2023. [Q1, CCF A] [Link] [Code]

  12. [WWW’23] Kailun Yan, Jilian Zhang, Xiangyu Liu, Wenrui Diao (✉️), and Shanqing Guo. Bad Apples: Understanding the Centralized Security Risks in Decentralized Ecosystems. The 32nd ACM Web Conference, Austin, Texas, USA. April 30 - May 4, 2023. [Top] [Core A*, CCF A] [PDF] [Code] [Media Coverage: 山大视点]

  13. [ICSE’22] Xing Zhang, Jiongyi Chen, Chao Feng, Ruilin Li, Wenrui Diao, Kehuan Zhang, Jing Lei, and Chaojing Tang. DeFault: Mutual Information-based Crash Triage for Massive Crashes. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [Core A*, CCF A] [PDF]

  14. [ICSE’22] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, and Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [Core A*, CCF A] [PDF] [Code] [Media Coverage: QI-ANXIN]

  15. [ICSE’22] Shishuai Yang, Rui Li, Jiongyi Chen, Wenrui Diao (✉️), and Shanqing Guo. Demystifying Android Non-SDK APIs: Measurement and Understanding. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [Core A*, CCF A] [PDF]

  16. [IEEE TSE] Rui Li, Wenrui Diao (✉️), Zhou Li, Shishuai Yang, Shuang Li, and Shanqing Guo. Android Custom Permissions Demystified: A Comprehensive Security Evaluation. IEEE Transactions on Software Engineering, 48(11): 4465-4484, 2022. [Q1, CCF A] [PDF] [Code]

  17. [CCS’21] Fenghao Xu, Siyu Shen, Wenrui Diao, Zhou Li, Yi Chen, Rui Li, and Kehuan Zhang. Android on PC: On the Security of End-user Android Emulators. The 28th ACM Conference on Computer and Communications Security, Seoul, South Korea. November 15-19, 2021. [Top] [Core A*, CCF A] [PDF] [Demo]

  18. [IEEE S&P’21] Rui Li, Wenrui Diao (✉️), Zhou Li, Jianqi Du, and Shanqing Guo. Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings. The 42nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA. May 23-27, 2021. [Top] [Core A*, CCF A] [PDF] [Code] [Demo] [CVE-2020-0418, CVE-2021-0306, CVE-2021-0307, CVE-2021-0317]

  19. [RAID’19] Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang, and XiaoFeng Wang. Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [Core A, CCF B] [PDF] [Demo]

  20. [RAID’19] Li Zhang, Jiongyi Chen, Wenrui Diao (✉️), Shanqing Guo, Jian Weng, and Kehuan Zhang. CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [Core A, CCF B] [PDF] [Code]

  21. [DSN’19] Jiongyi Chen, Chaoshun Zuo, Wenrui Diao, Shuaike Dong, Qingchuan Zhao, Menghan Sun, Zhiqiang Lin, Yinqian Zhang, and Kehuan Zhang. Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users. The 49th IEEE/IFIP International Conference on Dependable Systems and Networks, Portland, OR, USA. June 24-27, 2019. [Core A, CCF B] [PDF]

  22. [NDSS’19] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. The 26th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 24-27, 2019. [Top] [Core A*, CCF A] [PDF] [Demo] [CVE-2019-2225]

  23. [ICSME’18] Chao Chen, Wenrui Diao (✉️), Yingpei Zeng, Shanqing Guo (✉️), and Chengyu Hu. DRLgencert: Deep Learning-based Automated Testing of Certificate Verification in SSL/TLS Implementations. The 34th IEEE International Conference on Software Maintenance and Evolution, Madrid, Spain. September 23-29, 2018. [Core A, CCF B] [PDF]

  24. [JCS] Wenrui Diao (✉️), Rui Liu, Xiangyu Liu, Zhe Zhou, Zhou Li, and Kehuan Zhang. Accessing Mobile User’s Privacy Based on IME Personalization: Understanding and Practical Attacks. Journal of Computer Security. vol. 26, no. 3, pp. 283-309, 2018. [Q3, CCF B] [Link]

  25. [DSN’18] Jia Chen, Ge Han, Shanqing Guo, and Wenrui Diao. FragDroid: Automated User Interface Interaction with Activity and Fragment Analysis in Android Applications. The 48th IEEE/IFIP International Conference on Dependable Systems and Networks, Luxembourg City, Luxembourg. June 23-28, 2018. [Core A, CCF B] [PDF]

  26. [NDSS’18] Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. The 25th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 18-21, 2018. [Top] [Core A*, CCF A] [PDF]

  27. [PETS’17] Zhe Zhou, Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang, and Rui Liu. Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU. The 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA. July 19-22, 2017. [Core A, CCF C]

  28. [IEEE S&P’16] Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. The 37th IEEE Symposium on Security and Privacy, San Jose, CA, USA. May 23-25, 2016. [Top] [Core A*, CCF A] [PDF]

  29. [CCS’15] Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. When Good Becomes Evil: Keystroke Inference with Smartwatch. The 22nd ACM Conference on Computer and Communications Security, Denver, CO, USA. October 12-16, 2015. [Top] [Core A*, CCF A] [PDF]

  30. [ESORICS’15] Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang, and Zhou Li. Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections. The 20th European Symposium on Research in Computer Security, Vienna, Austria. September 21-25, 2015. [Core A, CCF B] [PDF] [Demo]

  31. [CCS’14] Zhe Zhou, Wenrui Diao, Xiangyu Liu, and Kehuan Zhang. Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. The 21st ACM Conference on Computer and Communications Security, Scottsdale, AZ, USA. November 3-7, 2014. [Top] [Core A*, CCF A] [PDF]

Professional Activities

TPC Member:

Reviewer:

Invited Talks

Teaching

Instructor@SDU:

Instructor@JNU:

Part-time Instructor@CUHK:

Teaching Assistant@CUHK:

Awards

指导学生获奖 (校级以上奖励):

Students

Alumni:

Previous Undergraduate Research Assistants:

Useful Links