Wenrui Diao 刁文瑞Ph.D., The Chinese University of Hong Kong, 2017 Taishan Young Scholar (山东省泰山学者青年专家) Xiaomi Young Scholar (小米青年学者) Qilu Young Scholar (山东大学齐鲁青年学者) Professor 教授、博士生导师 School of Cyber Science and Technology, Shandong University 山东大学 网络空间安全学院 Qingdao, China Email: diaowenrui [AT] link.cuhk.edu.hk [Google Scholar] [DBLP] [Faculty Page] |
News:
>>> Oct 2024: I will serve as TPC Member for ACM CCS 2025.
>>> Oct 2024: One paper accepted by Empirical Software Engineering.
>>> Oct 2024: I will serve as TPC Member for CODASPY 2025.
>>> Oct 2024: Our Web3 Security Paper received ACM CCS 2024 Distinguished Paper Award(杰出论文奖)!
>>> Jul 2024: I will serve as TPC Member for USENIX Security 2025.
>>> Jul 2024: Two papers accepted by ISSRE 2024.
>>> Jul 2024: One paper accepted by RAID 2024.
>>> Jun 2024: I will serve as TPC Member for IEEE EuroS&P 2025.
>>> May 2024: Two papers accepted by ACM CCS 2024.
>>> Mar 2024: I will serve as TPC Member for ARES 2024.
>>> Jan 2024: 闫凯伦同学获山东大学研究生境外留学基金和课题组资助,将前往美国乔治梅森大学开展博士生联合培养.
>>> Jan 2024: 杨士帅同学获国家留学基金委(CSC)和课题组资助,将前往新加坡国立大学开展博士生联合培养.
>>> Jan 2024: One paper accepted by WWW 2024.
>>> Dec 2023: I will serve as TPC Member for ACM CCS 2024.
>>> Dec 2023: One paper accepted by SANER 2024.
>>> Dec 2023: I was awarded 山东大学首届“小米青年学者”.
>>> Nov 2023: Our team ranked 2023 DataCon大数据安全分析竞赛-互联网威胁溯源赛道 第3名.
>>> Nov 2023: Our team ranked 2023 DataCon大数据安全分析竞赛-软件安全赛道 第3名.
>>> Sep 2023: I will serve as TPC Member for CODASPY 2024.
>>> Sep 2023: I will serve as TPC Member (Tools Demo Track) for SANER 2024.
>>> Aug 2023: One papers accepted by ICSE 2024.
>>> Aug 2023: I will serve as TPC Member for IEEE EuroS&P 2024.
>>> Jul 2023: I will serve as TPC Member for Inscrypt 2023.
>>> Jun 2023: I will serve as TPC Member for CCF ChinaSoft 2023.
>>> Jun 2023: One paper accepted by USENIX Security 2023.
>>> May 2023: One paper accepted by IEEE Transactions on Software Engineering.
>>> Jan 2023: One paper accepted by WWW 2023.
>>> Jan 2023: 李蕊同学获山东大学研究生境外留学基金和课题组资助,将前往香港中文大学开展博士生联合培养.
在网络空间安全专业(网络与系统安全方向)招收博士、硕士研究生,将主要开展国际水准的移动安全与物联网安全方向研究。研究项目获得国家自然科学基金、山东省泰山学者工程、山东省自然科学基金、山东大学高层次人才学科建设经费、小米公益基金会等支持。研究成果发表于IEEE S&P、USENIX Security、ACM CCS、NDSS、ICSE、WWW等多个系统安全&软件工程领域顶级/知名国际会议。欢迎对于系统安全研究具有浓厚兴趣,具备良好编程动手能力及系统软硬件知识的同学报考。
课题组为科研表现优异的研究生提供多种形式的国内/海外学术交流访问机会,为优秀硕士生提供硕转博衔接培养机会,为优秀博士生提供赴海外顶级系统安全实验室访问机会(已出访学校包括:新加坡国立大学、乔治梅森大学、香港中文大学)。
有意报考同学请通过电子邮件同我取得联系(2025年秋季入学硕士研究生招生名额剩余:1),标明推免报考类型(专硕/学硕)。按照学院要求,不可在正式录取前确认学生,推免同学建议在【我院推免录取名单公示后】同我联系,考研同学建议在【通过我院研招复试后】同我联系。我院博士招生采用申请-考核制,一般在12月(来年4/5月可能有少量名额的第二批招生)开展招生工作,可随时联系,但预计在11月名额才会较为确定。
报考硕士研究生的同学需具备信息安全、计算机、软件工程等电子信息类本科专业背景,通过英语六级,请提供【简历】+【本科成绩单(含英语六级成绩)】,CTF等信息安全类竞赛科研经历为加分项。申请博士研究生的同学需具备计算机安全或相关领域(如软件工程、操作系统等)研究基础及论文发表经历,请提供【简历】+【论文代表作(即第一作者论文)】。如未提供有效材料,恕无法回复邮件。
再次强调一下,本组研究方向关注现实安全问题,为非理论性研究,学生需具备【软件安全基础、良好的编程与系统搭建能力】,以便开展科研。P.S., 本组的专业型硕士研究生(专硕)亦采用科研导向的培养模式,毕业标准参照学术型硕士研究生(学硕)。
P.S., 山东大学为中央网信办和教育部一流网络安全学院建设示范项目高校。网络空间安全学院位于山东大学青岛校区,地处青岛市“蓝色硅谷”核心区,依山傍海,空气清新,景色宜人,校园距离海边直线距离不足500米。
应已选修『软件安全』与『逆向工程』两门课程(体现一下你对软件与系统安全方向的兴趣)。
联系前请明确在本校继续读研的意愿和优先级(而非用学院保底)。
已保研至本组的本院学生会在大四阶段参与科研实践,以尽早获得科研产出。
I am a Professor in School of Cyber Science and Technology at Shandong University. Before joining SDU, I obtained my Ph.D. degree from The Chinese University of Hong Kong, under the supervision of Prof. Kehuan Zhang. Also, I ever visited / worked / interned at Jinan University, Indiana University Bloomington, City University of Hong Kong, Syniverse Technologies, and EMC Labs China. My research focuses on system security, especially mobile security and IoT security. I was a founding member of System Security Lab of CUHK.
Aug 2013 - Aug 2017: Ph.D. in Information Engineering, supervised by Prof. Kehuan Zhang, The Chinese University of Hong Kong, Hong Kong.
Sep 2016 - Jan 2017: Visiting Ph.D. Student, supervised by Prof. XiaoFeng Wang, Indiana University, Bloomington, IN, USA.
Sep 2010 - Jun 2011: M.Sc. in Information Engineering, The Chinese University of Hong Kong, Hong Kong.
Sep 2006 - Jun 2010: B.Sc. in Information Security, Shandong University, Jinan, China.
Jun 2019 - Present: Professor, Shandong University, Qingdao, China.
Sep 2017 - Jun 2019: Associate Professor, Jinan University, Guangzhou, China.
Feb 2013 - Jul 2013: Research Assistant, supervised by Prof. Cong Wang, City University of Hong Kong, Hong Kong.
Nov 2011 - Jan 2013: System Application Engineer, Syniverse Technologies AP, Hong Kong.
Jun 2011 - Sep 2011: Software Engineer Intern, EMC Labs China, Shanghai, China.
Publications at Top-tier Venues (16 papers): IEEE S&P (’21, ’16), USENIX Security (’23), ACM CCS (’24 x 2, ’21, ’15, ’14), NDSS (’19, ’18), ICSE (’24, ’22 × 3), WWW (’24, ’23)
Publications Ranking Statistics: CCF A: 18 papers, CCF B: 13 papers, CCF C: 12 papers
Author with (✉️): Corresponding Author - 通讯作者,即相关论文由本组所主导完成
See: Full Publications
[EMSE] Shishuai Yang, Qinsheng Hou, Shuang Li, Fenghao Xu, and Wenrui Diao (✉️). From Guidelines to Practice: Assessing Android App Developer Compliance with Google’s Security Recommendations. Empirical Software Engineering, 30 (11): 1-33, 2025. [CCF B] [Link]
[ISSRE’24] Shuang Li, Rui Li, Shishuai Yang, and Wenrui Diao (✉️). Android's Cat-and-Mouse Game: Understanding Evasion Techniques against Dynamic Analysis. The 35th IEEE International Symposium on Software Reliability Engineering, Tsukuba, Japan. October 28th - 31st, 2024. [CCF B] [PDF]
[ISSRE’24] Shishuai Yang, Guangdong Bai (✉️), Ruoyan Lin, Jialong Guo, and Wenrui Diao (✉️). Beyond the Horizon: Exploring Cross-Market Security Discrepancies in Parallel Android Apps. The 35th IEEE International Symposium on Software Reliability Engineering, Tsukuba, Japan. October 28th - 31st, 2024. [CCF B]
[CCS’24] Kailun Yan, Xiaokuan Zhang (✉️), and Wenrui Diao (✉️). Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication. The 31st ACM Conference on Computer and Communications Security, Salt Lake City, UT, USA. October 14-18, 2024. [Top] [CCF A] [Distinguished Paper Award] [PDF] [Demo] [Code] [CVE-2023-50053, CVE-2023-50059]
[CCS’24] Zidong Zhang, Qinsheng Hou, Lingyun Ying (✉️), Wenrui Diao (✉️), Yacong Gu, Rui Li, Shanqing Guo, Haixin Duan. MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs. The 31st ACM Conference on Computer and Communications Security, Salt Lake City, UT, USA. October 14-18, 2024. [Top] [CCF A] [PDF] [Code] [CNVD-2024-05527, CNVD-2023-75836, CNVD-2023-75837]
[RAID’24] Jianing Wang, Shanqing Guo, Wenrui Diao, Yue Liu, Haixin Duan, Yichen Liu, and Zhenkai Liang. CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning. The 27th International Symposium on Research in Attacks, Intrusions and Defenses, Padua, Italy. September 30 - October 2, 2024. [CCF B]
[WWW’24] Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying (✉️), Wenrui Diao (✉️), Yanan Li, Shanqing Guo, and Haixin Duan. From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps. The 33rd ACM Web Conference, Singapore. May 13-17, 2024. [Top] [CCF A] [PDF]
[ICSE’24] Pengcheng Ren, Chaoshun Zuo, Xiaofeng Liu, Wenrui Diao, Qingchuan Zhao, and Shanqing Guo. DEMISTIFY: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps. The 46th IEEE/ACM International Conference on Software Engineering, Lisbon, Portugal. April 14-20, 2024. [Top] [CCF A] [PDF]
[SANER’24] Shuang Li, Rui Li, Yifan Yu, Kailun Yan, Shishuai Yang, and Wenrui Diao (✉️). Understanding Android OS Forward Compatibility Support for Legacy Apps: A Data-Driven Analysis. The 31st IEEE International Conference on Software Analysis, Evolution, and Reengineering, Rovaniemi, Finland. March 12-15, 2024. [CCF B] [PDF]
[Security’23] Rui Li, Wenrui Diao (✉️), Shishuai Yang, Xiangyu Liu, Shanqing Guo, and Kehuan Zhang. Lost in Conversion: Exploit Data Structure Conversion with Attribute Loss to Break Android Systems. The 32nd USENIX Security Symposium, Anaheim, CA, USA. August 9-11, 2023. [Top] [CCF A] [PDF] [Demo] [CVE-2021-39695, CVE-2022-20392, CVE-2023-20971]
[IEEE TSE] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Chenglin Mao, Lingyun Ying, Song Liu, Xiaofeng Liu, Yuanzhi Li, Shanqing Guo, Meining Nie, and Haixin Duan. Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem. IEEE Transactions on Software Engineering, 49(7): 3901-3921, 2023. [CCF A] [Link] [Code]
[WWW’23] Kailun Yan, Jilian Zhang, Xiangyu Liu, Wenrui Diao (✉️), and Shanqing Guo. Bad Apples: Understanding the Centralized Security Risks in Decentralized Ecosystems. The 32nd ACM Web Conference, Austin, Texas, USA. April 30 - May 4, 2023. [Top] [CCF A] [PDF] [Code] [Media Coverage: 山大视点]
[ICSE’22] Xing Zhang, Jiongyi Chen, Chao Feng, Ruilin Li, Wenrui Diao, Kehuan Zhang, Jing Lei, and Chaojing Tang. DeFault: Mutual Information-based Crash Triage for Massive Crashes. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF]
[ICSE’22] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, and Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF] [Code]
[ICSE’22] Shishuai Yang, Rui Li, Jiongyi Chen, Wenrui Diao (✉️), and Shanqing Guo. Demystifying Android Non-SDK APIs: Measurement and Understanding. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF]
[IEEE TSE] Rui Li, Wenrui Diao (✉️), Zhou Li, Shishuai Yang, Shuang Li, and Shanqing Guo. Android Custom Permissions Demystified: A Comprehensive Security Evaluation. IEEE Transactions on Software Engineering, 48(11): 4465-4484, 2022. [CCF A] [Link] [Code]
[CCS’21] Fenghao Xu, Siyu Shen, Wenrui Diao, Zhou Li, Yi Chen, Rui Li, and Kehuan Zhang. Android on PC: On the Security of End-user Android Emulators. The 28th ACM Conference on Computer and Communications Security, Seoul, South Korea. November 15-19, 2021. [Top] [CCF A] [PDF] [Demo]
[IEEE S&P’21] Rui Li, Wenrui Diao (✉️), Zhou Li, Jianqi Du, and Shanqing Guo. Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings. The 42nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA. May 23-27, 2021. [Top] [CCF A] [PDF] [Code] [Demo] [CVE-2020-0418, CVE-2021-0306, CVE-2021-0307, CVE-2021-0317]
[RAID’19] Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang, and XiaoFeng Wang. Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [CCF B] [PDF] [Demo]
[RAID’19] Li Zhang, Jiongyi Chen, Wenrui Diao (✉️), Shanqing Guo, Jian Weng, and Kehuan Zhang. CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [CCF B] [PDF] [Code]
[DSN’19] Jiongyi Chen, Chaoshun Zuo, Wenrui Diao, Shuaike Dong, Qingchuan Zhao, Menghan Sun, Zhiqiang Lin, Yinqian Zhang, and Kehuan Zhang. Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users. The 49th IEEE/IFIP International Conference on Dependable Systems and Networks, Portland, OR, USA. June 24-27, 2019. [CCF B] [PDF]
[NDSS’19] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. The 26th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 24-27, 2019. [Top] [CCF A] [PDF] [Demo] [CVE-2019-2225]
USENIX Security Symposium (USENIX Security): 2025
IEEE European Symposium on Security and Privacy (IEEE EuroS&P): 2025, 2024
ACM Conference on Data and Application Security and Privacy (CODASPY): 2025, 2024
ACM Conference on Computer and Communications Security (CCS): 2025, 2024, 2019, 2018
IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER): 2024
European Symposium on Research in Computer Security (ESORICS): 2022, 2021
ACM Transactions on Software Engineering and Methodology
ACM Transactions on Privacy and Security
IEEE Transactions on Mobile Computing
IEEE Transactions on Dependable and Secure Computing
IEEE Transactions on Information Forensics and Security
Security Research and Measurement for Android Ecosystem
Aug 2023: 2023年InForSec“网络空间安全”大学生夏令营“导师面对面”专题交流活动
Large-scale Security Measurement for Android Ecosystem
Apr 2023: InForSec 2023年网络空间安全国际学术研究成果分享及青年学者论坛
Android Custom Permissions Demystified
Dec 2021: 之江实验室可信计算前沿学术研讨会
Jul 2021: SIGSAC@ACM Turing Award Celebration Conference - China
BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals
Security Threats to Android System: Exploration, Understanding, and Defense
May 2017: Shandong University, Jinan, China
Apr 2017: Shanghai Jiao Tong University, Shanghai, China
Instructor@SDU:
04630210 - Reverse Engineering (逆向工程): 2024 Spring, 2023 Spring, 2022 Spring
04630130 - Software Security (软件安全): 2024 Fall, 2023 Fall, 2022 Fall, 2021 Fall, 2020 Fall
04630080 - Computer Networks (计算机网络): 2021 Spring, 2020 Spring
0740003 - Computing System Security (计算系统安全): 2021 Fall, 2020 Fall, 2019 Fall
Instructor@JNU:
08066002 - Secure Programming (安全编程): 2018 Fall
08066003 - Secure Programming Lab (安全编程实验): 2018 Fall
Part-time Instructor@CUHK:
IEMS 5710 - Cryptography, Information Security & Privacy: 2015 Spring
Teaching Assistant@CUHK:
IERG 4090 - Networking Protocols and Systems: 2016 Spring, 2017 Spring
IERG 4831 - Networking Laboratory I: 2016 Spring, 2017 Spring
IERG 3921 - Information Engineering Lab: 2015 Fall
IERG 4210 - Web Programming and Security: 2015 Spring
IERG 3310 - Computer Networks: 2014 Fall
2023: Xiaomi Young Scholar, Shandong University and Xiaomi Foundation (山东大学-小米公益基金会 小米青年学者)
2022: Taishan Young Scholar, Shandong Province (山东省泰山学者青年专家)
2021: 第十四届全国大学生信息安全竞赛-作品赛 优秀指导教师
2020: ACM SIGSAC China Rising Star Award (ACM SIGSAC China新星奖), 2019
2019: Qilu Young Scholar, Shandong University (山东大学齐鲁青年学者)
2017: Student Travel Grants, PETS 2017
2017: Reaching Out Award 2016/17, HKSAR Government Scholarship Fund
2016: Student Travel Grants, IEEE S&P 2016
2012: Dean’s List 2010-2011, Faculty of Engineering, CUHK
研究生: ACM CCS 2024 Distinguished Paper Award (2024), ACM CCS 2024 Student Travel Grants (2024), 山东省优秀毕业生(2024), 山东大学优秀毕业生(2024), 网络安全学院学生创新资助计划(2024), 第七届“强网杯”全国网络安全挑战赛“强网先锋” (2024), DataCon大数据安全分析竞赛-软件安全赛道 第3名 (2023), DataCon大数据安全分析竞赛-互联网威胁溯源赛道 第3名 (2023), 博士研究生国家奖学金 (2023), 山东大学优秀毕业生 (2023), ACM WiSec Student Travel Grants (2022), DataCon大数据安全分析竞赛-邮件安全赛道 第8名 (2021), 硕士研究生国家奖学金 (2021), 山东大学研究生优秀学术成果奖二等奖 (2021), 山东大学第十二届学生“五•四”青年科学奖优秀成果奖 (2021), IEEE S&P Student Registration Grants (2021), 硕士研究生国家奖学金 (2020)
本科生: 山东大学优秀本科毕业论文(2024), 网络安全学院学生创新资助计划(2024), 第十四届全国大学生信息安全竞赛-作品赛一等奖 (2021)
Shishuai Yang (MS-Ph.D. Student, 2020 - )
Kailun Yan (Ph.D. Student, 2021 - )
Shuang Li (MS-Ph.D. Student, 2021 - )
Jialong Guo (MS-Ph.D. Student, 2022 - )
Wenzhi Li (MS Student, 2022 - )
Yifan Yu (MS Student, 2022 - )
Zhentao Xie (MS Student, 2023 - )
Ming Chen (MS Student, 2023 - )
Ruoyan Lin (MS Student, 2023 - )
Huixin Wang (MS Student, 2023 - )
Yujie Xing (MS Student, 2024 - )
Mingyang Chen (MS Student, 2024 - )
Rui Li (MS-Ph.D. Student at Shandong University, Graduated in 2024)
Publications (first author): USENIX Security 2023 (CCF A), IEEE S&P 2021 (CCF A), IEEE TSE (CCF A)
Awards & Honors: 山东省优秀毕业生, 山东大学优秀毕业生, 博士研究生国家奖学金, 硕士研究生国家奖学金, 山东大学研究生优秀学术成果奖, 山东大学学生“五•四”青年科学奖, 网络安全学院学生创新资助计划, IEEE S&P 2021 Student Registration Grants …
Oversea Visiting Experience: The Chinese University of Hong Kong (2023.01 - 2023.07)
First Job: Research Scientist at Singapore Management University
Jianqi Du (Ph.D. Student at Shandong University, Graduated in 2024)
Publications (first author): SECON 2022 (CCF B), MSN 2023 (CCF C)
First Job: Researcher at China Unicom Digital Technology Co., Ltd.
Zidong Zhang (MS Student at Shandong University, Graduated in 2024)
Publications (first author): CCS 2024 (CCF A), SaTS 2024 (Workshop@CCS 2024)
Awards & Honors: ACM CCS 2024 Student Travel Grants
First Job: Ph.D. Student at Simon Fraser University
Xiaoyin Liu (MS Student at Shandong University, Graduated in 2024)
Publications (first author): WWW 2024 (CCF A)
Awards & Honors: 网络安全学院学生创新资助计划
First Job: 某单位某部门
Guangwei Tian (MS Student at Shandong University, Graduated in 2023)
Publications (first author): IEEE QRS 2022 (CCF C)
Awards & Honors: 山东大学优秀毕业生
First Job: 山东省东营市选调生
Chennan Zhang (MS Student at Shandong University, Graduated in 2023)
Publications (first author): ACM WiSec 2022 (CCF C)
Awards & Honors: ACM WiSec 2022 Student Travel Grants
First Job: Researcher at OPPO子午实验室
Jin Zhang (MS Student at Shandong University, Graduated in 2022)
Publications (first author): ICPADS 2021 (CCF C)
Awards & Honors: 硕士研究生国家奖学金
First Job: Engineer at TP-Link
Li Zhang (Co-supervised MS Student at Jinan University, Graduated in 2019)
Publications (first author): RAID 2019 (CCF B)
Awards & Honors: RAID 2019 Student Travel Grants
First Job: Engineer at MingLead Gene
Zhaoyu Qiu, Yanbo Xu, Chong Tian, Yuncheng Wang