Wenrui Diao's Homepage (刁文瑞教授-山东大学-个人主页)

alt text 

Wenrui Diao 刁文瑞

Ph.D., The Chinese University of Hong Kong, 2017

Taishan Young Scholar (山东省泰山学者青年专家)

Qilu Young Professor (山东大学“齐鲁青年学者”特聘教授)

School of Cyber Science and Technology, Shandong University

山东大学 网络空间安全学院

Qingdao, China

Email: diaowenrui [AT] link.cuhk.edu.hk

[Google Scholar] [DBLP] [Faculty Page]

News:

>>> Mar 2024: I will serve as TPC Member for ARES 2024.

>>> Jan 2024: One paper accepted by WWW 2024.

>>> Dec 2023: I will serve as TPC Member for CCS 2024.

>>> Dec 2023: One paper accepted by SANER 2024.

>>> Dec 2023: I was awarded 山东大学首届“小米青年学者”.

>>> Nov 2023: Our team ranked 2023 DataCon大数据安全分析竞赛-互联网威胁溯源赛道 第3名.

>>> Nov 2023: Our team ranked 2023 DataCon大数据安全分析竞赛-软件安全赛道 第3名.

>>> Sep 2023: I will serve as TPC Member for CODASPY 2024.

>>> Sep 2023: I will serve as TPC Member (Tools Demo Track) for SANER 2024.

>>> Aug 2023: One papers accepted by ICSE 2024.

>>> Aug 2023: I will serve as TPC Member for IEEE EuroS&P 2024.

>>> Jul 2023: I will serve as TPC Member for Inscrypt 2023.

>>> Jun 2023: I will serve as TPC Member for CCF ChinaSoft 2023.

>>> Jun 2023: One paper accepted by USENIX Security 2023.

>>> May 2023: One paper accepted by IEEE TSE.

>>> Jan 2023: One paper accepted by WWW 2023.

>>> Oct 2022: I was awarded 山东省泰山学者青年专家.

>>> Jul 2022: I will serve as TPC Member for Inscrypt 2022.

>>> Jun 2022: I will serve as TPC Member for NSS 2022.

招生意向

在网络空间安全专业(网络与系统安全方向)招收博士、硕士研究生,将主要开展国际水准的移动安全与物联网安全方向研究。研究项目获得国家自然科学基金、山东省泰山学者工程、山东省自然科学基金、山东大学高层次人才学科建设经费等支持。研究成果发表于IEEE S&P、USENIX-Sec、CCS、NDSS、ICSE、WWW等多个系统安全&软件工程领域顶级/知名国际会议。欢迎对于系统安全研究具有浓厚兴趣,具备良好编程动手能力及系统软硬件知识的同学报考。

课题组为科研表现优异的研究生提供多种形式的国内/海外学术交流访问机会,为优秀硕士生提供硕转博衔接培养机会,为优秀博士生提供海外顶级系统安全实验室访问机会(已出访学校包括:新加坡国立大学、乔治梅森大学、香港中文大学)。

有意报考同学请通过电子邮件同我取得联系,标明推免报考类型(专硕/学硕)。按照学院要求,不可在正式录取前确认学生,推免同学可在【我院推免录取名单公示后】同我联系,考研同学可在【通过我院研招复试后】同我联系。我院博士招生采用申请-考核制,一般在12月(来年4/5月可能有少量名额的第二批招生)开展招生工作,可随时联系,但预计在11月名额才会较为确定。

报考硕士研究生的同学需具备信息安全、计算机、软件工程等电子信息类本科专业背景,通过英语六级,请提供【简历】+【本科成绩单】,CTF等安全竞赛经历为加分项。申请博士研究生的同学需具备计算机安全或相关领域(如软件工程、操作系统、编程语言等)研究基础及论文发表经历,请提供【简历】+【论文代表作】。如未提供有效材料,恕无法回复邮件

再次强调一下,本组研究方向关注现实安全问题,为非理论性研究,学生需具备【良好的编程与系统搭建能力】,以便开展科研。P.S., 本组的专业型硕士研究生(专硕)亦采用科研导向的培养模式,毕业标准参照学术型硕士研究生(学硕)。

P.S., 山东大学为中央网信办和教育部一流网络安全学院建设示范项目高校。网络空间安全学院位于山东大学青岛校区,地处青岛市“蓝色硅谷”核心区,依山傍海,空气清新,景色宜人,校园距离海边直线距离不足500米。

To 本院学生:

alt text 

Biography

I am a Qilu Young Professor (“齐鲁青年学者”特聘教授) in School of Cyber Science and Technology at Shandong University. Before joining SDU, I obtained my Ph.D. degree from The Chinese University of Hong Kong, under the supervision of Prof. Kehuan Zhang. Also, I ever visited / worked / interned at Jinan University, Indiana University Bloomington, City University of Hong Kong, Syniverse Technologies, and EMC Labs China. My research focuses on system security, especially mobile security and IoT security. Currently, I work closely with Prof. Shanqing Guo, Prof. Kehuan Zhang, Prof. Zhou Li, Prof. Haixin Duan, and Prof. XiaoFeng Wang. I was a founding member of System Security Lab of CUHK.

Education

Experience

Selected Recent Publications

Publications at top-tier venues (14 papers): IEEE S&P (’21, ’16), USENIX-Sec (’23), CCS (’21, ’15, ’14), NDSS (’19, ’18), ICSE (’24, ’22 × 3), WWW (’24, ’23)

Publications Ranking Statistics: CCF A: 16 papers, CCF B: 9 papers, CCF C: 10 papers

Author with (✉️): Corresponding Author - 通讯作者,即相关论文由本组所主导完成

See: Full Publications

  1. [WWW’24] Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying (✉️), Wenrui Diao (✉️), Yanan Li, Shanqing Guo, and Haixin Duan. From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps. The 33rd ACM Web Conference, Singapore. May 13-17, 2024. [Top] [CCF A]

  2. [ICSE’24] Pengcheng Ren, Chaoshun Zuo, Xiaofeng Liu, Wenrui Diao, Qingchuan Zhao, and Shanqing Guo. DEMISTIFY: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps. The 46th IEEE/ACM International Conference on Software Engineering, Lisbon, Portugal. April 14-20, 2024. [Top] [CCF A]

  3. [SANER’24] Shuang Li, Rui Li, Yifan Yu, Kailun Yan, Shishuai Yang, and Wenrui Diao (✉️). Understanding Android OS Forward Compatibility Support for Legacy Apps: A Data-Driven Analysis. The 31st IEEE International Conference on Software Analysis, Evolution, and Reengineering, Rovaniemi, Finland. March 12-15, 2024. [CCF B]

  4. [USENIX-Sec’23] Rui Li, Wenrui Diao (✉️), Shishuai Yang, Xiangyu Liu, Shanqing Guo, and Kehuan Zhang. Lost in Conversion: Exploit Data Structure Conversion with Attribute Loss to Break Android Systems. The 32nd USENIX Security Symposium, Anaheim, CA, USA. August 9-11, 2023. [Top] [CCF A] [PDF] [Demo] [CVE-2021-39695, CVE-2022-20392, CVE-2023-20971]

  5. [IEEE TSE] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Chenglin Mao, Lingyun Ying, Song Liu, Xiaofeng Liu, Yuanzhi Li, Shanqing Guo, Meining Nie, and Haixin Duan. Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem. IEEE Transactions on Software Engineering, 49(7): 3901-3921, 2023. [CCF A] [Link] [Code]

  6. [WWW’23] Kailun Yan, Jilian Zhang, Xiangyu Liu, Wenrui Diao (✉️), and Shanqing Guo. Bad Apples: Understanding the Centralized Security Risks in Decentralized Ecosystems. The 32nd ACM Web Conference, Austin, Texas, USA. April 30 - May 4, 2023. [Top] [CCF A] [PDF] [Code] [Media Coverage: 山大视点]

  7. [ICSE’22] Xing Zhang, Jiongyi Chen, Chao Feng, Ruilin Li, Wenrui Diao, Kehuan Zhang, Jing Lei, and Chaojing Tang. DeFault: Mutual Information-based Crash Triage for Massive Crashes. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF]

  8. [ICSE’22] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, and Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF] [Code]

  9. [ICSE’22] Shishuai Yang, Rui Li, Jiongyi Chen, Wenrui Diao (✉️), and Shanqing Guo. Demystifying Android Non-SDK APIs: Measurement and Understanding. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF]

  10. [IEEE TSE] Rui Li, Wenrui Diao (✉️), Zhou Li, Shishuai Yang, Shuang Li, and Shanqing Guo. Android Custom Permissions Demystified: A Comprehensive Security Evaluation. IEEE Transactions on Software Engineering, 48(11): 4465-4484, 2022. [CCF A] [Link] [Code]

  11. [CCS’21] Fenghao Xu, Siyu Shen, Wenrui Diao, Zhou Li, Yi Chen, Rui Li, and Kehuan Zhang. Android on PC: On the Security of End-user Android Emulators. The 28th ACM Conference on Computer and Communications Security, Seoul, South Korea. November 15-19, 2021. [Top] [CCF A] [PDF] [Demo]

  12. [IEEE S&P’21] Rui Li, Wenrui Diao (✉️), Zhou Li, Jianqi Du, and Shanqing Guo. Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings. The 42nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA. May 23-27, 2021. [Top] [CCF A] [PDF] [Code] [Demo] [CVE-2020-0418, CVE-2021-0306, CVE-2021-0307, CVE-2021-0317]

  13. [RAID’19] Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang, and XiaoFeng Wang. Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [CCF B] [PDF] [Demo]

  14. [RAID’19] Li Zhang, Jiongyi Chen, Wenrui Diao (✉️), Shanqing Guo, Jian Weng, and Kehuan Zhang. CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [CCF B] [PDF] [Code]

  15. [DSN’19] Jiongyi Chen, Chaoshun Zuo, Wenrui Diao, Shuaike Dong, Qingchuan Zhao, Menghan Sun, Zhiqiang Lin, Yinqian Zhang, and Kehuan Zhang. Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users. The 49th IEEE/IFIP International Conference on Dependable Systems and Networks, Portland, OR, USA. June 24-27, 2019. [CCF B] [PDF]

  16. [NDSS’19] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. The 26th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 24-27, 2019. [Top] [CCF A] [PDF] [Demo] [CVE-2019-2225]

  17. [ICSME’18] Chao Chen, Wenrui Diao (✉️), Yingpei Zeng, Shanqing Guo (✉️), and Chengyu Hu. DRLgencert: Deep Learning-based Automated Testing of Certificate Verification in SSL/TLS Implementations. The 34th IEEE International Conference on Software Maintenance and Evolution, Madrid, Spain. September 23-29, 2018. [CCF B] [PDF]

  18. [DSN’18] Jia Chen, Ge Han, Shanqing Guo, and Wenrui Diao. FragDroid: Automated User Interface Interaction with Activity and Fragment Analysis in Android Applications. The 48th IEEE/IFIP International Conference on Dependable Systems and Networks, Luxembourg City, Luxembourg. June 23-28, 2018. [CCF B] [PDF]

  19. [NDSS’18] Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. The 25th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 18-21, 2018. [Top] [CCF A] [PDF]

Professional Activities

TPC Member:

Reviewer:

Invited Talks

Teaching

Instructor@SDU:

Instructor@JNU:

Part-time Instructor@CUHK:

Teaching Assistant@CUHK:

Awards

指导学生获奖 (校级以上奖励):

Students

Alumni:

Useful Links