Wenrui Diao 刁文瑞Ph.D., The Chinese University of Hong Kong, 2017 Taishan Young Scholar (山东省泰山学者青年专家) Qilu Young Professor (山东大学“齐鲁青年学者”特聘教授) School of Cyber Science and Technology, Shandong University 山东大学 网络空间安全学院 Qingdao, China Email: diaowenrui [AT] link.cuhk.edu.hk [Google Scholar] [DBLP] [Faculty Page] |
News:
>>> Mar 2024: I will serve as TPC Member for ARES 2024.
>>> Jan 2024: One paper accepted by WWW 2024.
>>> Dec 2023: I will serve as TPC Member for CCS 2024.
>>> Dec 2023: One paper accepted by SANER 2024.
>>> Dec 2023: I was awarded 山东大学首届“小米青年学者”.
>>> Nov 2023: Our team ranked 2023 DataCon大数据安全分析竞赛-互联网威胁溯源赛道 第3名.
>>> Nov 2023: Our team ranked 2023 DataCon大数据安全分析竞赛-软件安全赛道 第3名.
>>> Sep 2023: I will serve as TPC Member for CODASPY 2024.
>>> Sep 2023: I will serve as TPC Member (Tools Demo Track) for SANER 2024.
>>> Aug 2023: One papers accepted by ICSE 2024.
>>> Aug 2023: I will serve as TPC Member for IEEE EuroS&P 2024.
>>> Jul 2023: I will serve as TPC Member for Inscrypt 2023.
>>> Jun 2023: I will serve as TPC Member for CCF ChinaSoft 2023.
>>> Jun 2023: One paper accepted by USENIX Security 2023.
>>> May 2023: One paper accepted by IEEE TSE.
>>> Jan 2023: One paper accepted by WWW 2023.
>>> Oct 2022: I was awarded 山东省泰山学者青年专家.
>>> Jul 2022: I will serve as TPC Member for Inscrypt 2022.
>>> Jun 2022: I will serve as TPC Member for NSS 2022.
在网络空间安全专业(网络与系统安全方向)招收博士、硕士研究生,将主要开展国际水准的移动安全与物联网安全方向研究。研究项目获得国家自然科学基金、山东省泰山学者工程、山东省自然科学基金、山东大学高层次人才学科建设经费等支持。研究成果发表于IEEE S&P、USENIX-Sec、CCS、NDSS、ICSE、WWW等多个系统安全&软件工程领域顶级/知名国际会议。欢迎对于系统安全研究具有浓厚兴趣,具备良好编程动手能力及系统软硬件知识的同学报考。
课题组为科研表现优异的研究生提供多种形式的国内/海外学术交流访问机会,为优秀硕士生提供硕转博衔接培养机会,为优秀博士生提供海外顶级系统安全实验室访问机会(已出访学校包括:新加坡国立大学、乔治梅森大学、香港中文大学)。
有意报考同学请通过电子邮件同我取得联系,标明推免报考类型(专硕/学硕)。按照学院要求,不可在正式录取前确认学生,推免同学可在【我院推免录取名单公示后】同我联系,考研同学可在【通过我院研招复试后】同我联系。我院博士招生采用申请-考核制,一般在12月(来年4/5月可能有少量名额的第二批招生)开展招生工作,可随时联系,但预计在11月名额才会较为确定。
报考硕士研究生的同学需具备信息安全、计算机、软件工程等电子信息类本科专业背景,通过英语六级,请提供【简历】+【本科成绩单】,CTF等安全竞赛经历为加分项。申请博士研究生的同学需具备计算机安全或相关领域(如软件工程、操作系统、编程语言等)研究基础及论文发表经历,请提供【简历】+【论文代表作】。如未提供有效材料,恕无法回复邮件。
再次强调一下,本组研究方向关注现实安全问题,为非理论性研究,学生需具备【良好的编程与系统搭建能力】,以便开展科研。P.S., 本组的专业型硕士研究生(专硕)亦采用科研导向的培养模式,毕业标准参照学术型硕士研究生(学硕)。
P.S., 山东大学为中央网信办和教育部一流网络安全学院建设示范项目高校。网络空间安全学院位于山东大学青岛校区,地处青岛市“蓝色硅谷”核心区,依山傍海,空气清新,景色宜人,校园距离海边直线距离不足500米。
应已选修『软件安全』与『逆向工程』两门课程(体现一下你对软件与系统安全方向的兴趣)。
鼓励已保研至本组的本院学生在大四阶段参与科研实践,以尽早获得科研产出。
I am a Qilu Young Professor (“齐鲁青年学者”特聘教授) in School of Cyber Science and Technology at Shandong University. Before joining SDU, I obtained my Ph.D. degree from The Chinese University of Hong Kong, under the supervision of Prof. Kehuan Zhang. Also, I ever visited / worked / interned at Jinan University, Indiana University Bloomington, City University of Hong Kong, Syniverse Technologies, and EMC Labs China. My research focuses on system security, especially mobile security and IoT security. Currently, I work closely with Prof. Shanqing Guo, Prof. Kehuan Zhang, Prof. Zhou Li, Prof. Haixin Duan, and Prof. XiaoFeng Wang. I was a founding member of System Security Lab of CUHK.
Aug 2013 - Aug 2017: Ph.D. in Information Engineering, supervised by Prof. Kehuan Zhang, The Chinese University of Hong Kong, Hong Kong.
Sep 2016 - Jan 2017: Visiting Ph.D. Student, supervised by Prof. XiaoFeng Wang, Indiana University, Bloomington, IN, USA.
Sep 2010 - Jun 2011: M.Sc. in Information Engineering, The Chinese University of Hong Kong, Hong Kong.
Sep 2006 - Jun 2010: B.Sc. in Information Security, Shandong University, Jinan, China.
Jun 2019 - Present: Professor, Shandong University, Qingdao, China.
Sep 2017 - Jun 2019: Associate Professor, Jinan University, Guangzhou, China.
Feb 2013 - Jul 2013: Research Assistant, supervised by Prof. Cong Wang, City University of Hong Kong, Hong Kong.
Nov 2011 - Jan 2013: System Application Engineer, Syniverse Technologies AP, Hong Kong.
Jun 2011 - Sep 2011: Software Engineer Intern, EMC Labs China, Shanghai, China.
Publications at top-tier venues (14 papers): IEEE S&P (’21, ’16), USENIX-Sec (’23), CCS (’21, ’15, ’14), NDSS (’19, ’18), ICSE (’24, ’22 × 3), WWW (’24, ’23)
Publications Ranking Statistics: CCF A: 16 papers, CCF B: 9 papers, CCF C: 10 papers
Author with (✉️): Corresponding Author - 通讯作者,即相关论文由本组所主导完成
See: Full Publications
[WWW’24] Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying (✉️), Wenrui Diao (✉️), Yanan Li, Shanqing Guo, and Haixin Duan. From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps. The 33rd ACM Web Conference, Singapore. May 13-17, 2024. [Top] [CCF A]
[ICSE’24] Pengcheng Ren, Chaoshun Zuo, Xiaofeng Liu, Wenrui Diao, Qingchuan Zhao, and Shanqing Guo. DEMISTIFY: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps. The 46th IEEE/ACM International Conference on Software Engineering, Lisbon, Portugal. April 14-20, 2024. [Top] [CCF A]
[SANER’24] Shuang Li, Rui Li, Yifan Yu, Kailun Yan, Shishuai Yang, and Wenrui Diao (✉️). Understanding Android OS Forward Compatibility Support for Legacy Apps: A Data-Driven Analysis. The 31st IEEE International Conference on Software Analysis, Evolution, and Reengineering, Rovaniemi, Finland. March 12-15, 2024. [CCF B]
[USENIX-Sec’23] Rui Li, Wenrui Diao (✉️), Shishuai Yang, Xiangyu Liu, Shanqing Guo, and Kehuan Zhang. Lost in Conversion: Exploit Data Structure Conversion with Attribute Loss to Break Android Systems. The 32nd USENIX Security Symposium, Anaheim, CA, USA. August 9-11, 2023. [Top] [CCF A] [PDF] [Demo] [CVE-2021-39695, CVE-2022-20392, CVE-2023-20971]
[IEEE TSE] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Chenglin Mao, Lingyun Ying, Song Liu, Xiaofeng Liu, Yuanzhi Li, Shanqing Guo, Meining Nie, and Haixin Duan. Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem. IEEE Transactions on Software Engineering, 49(7): 3901-3921, 2023. [CCF A] [Link] [Code]
[WWW’23] Kailun Yan, Jilian Zhang, Xiangyu Liu, Wenrui Diao (✉️), and Shanqing Guo. Bad Apples: Understanding the Centralized Security Risks in Decentralized Ecosystems. The 32nd ACM Web Conference, Austin, Texas, USA. April 30 - May 4, 2023. [Top] [CCF A] [PDF] [Code] [Media Coverage: 山大视点]
[ICSE’22] Xing Zhang, Jiongyi Chen, Chao Feng, Ruilin Li, Wenrui Diao, Kehuan Zhang, Jing Lei, and Chaojing Tang. DeFault: Mutual Information-based Crash Triage for Massive Crashes. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF]
[ICSE’22] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, and Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF] [Code]
[ICSE’22] Shishuai Yang, Rui Li, Jiongyi Chen, Wenrui Diao (✉️), and Shanqing Guo. Demystifying Android Non-SDK APIs: Measurement and Understanding. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF]
[IEEE TSE] Rui Li, Wenrui Diao (✉️), Zhou Li, Shishuai Yang, Shuang Li, and Shanqing Guo. Android Custom Permissions Demystified: A Comprehensive Security Evaluation. IEEE Transactions on Software Engineering, 48(11): 4465-4484, 2022. [CCF A] [Link] [Code]
[CCS’21] Fenghao Xu, Siyu Shen, Wenrui Diao, Zhou Li, Yi Chen, Rui Li, and Kehuan Zhang. Android on PC: On the Security of End-user Android Emulators. The 28th ACM Conference on Computer and Communications Security, Seoul, South Korea. November 15-19, 2021. [Top] [CCF A] [PDF] [Demo]
[IEEE S&P’21] Rui Li, Wenrui Diao (✉️), Zhou Li, Jianqi Du, and Shanqing Guo. Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings. The 42nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA. May 23-27, 2021. [Top] [CCF A] [PDF] [Code] [Demo] [CVE-2020-0418, CVE-2021-0306, CVE-2021-0307, CVE-2021-0317]
[RAID’19] Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang, and XiaoFeng Wang. Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [CCF B] [PDF] [Demo]
[RAID’19] Li Zhang, Jiongyi Chen, Wenrui Diao (✉️), Shanqing Guo, Jian Weng, and Kehuan Zhang. CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [CCF B] [PDF] [Code]
[DSN’19] Jiongyi Chen, Chaoshun Zuo, Wenrui Diao, Shuaike Dong, Qingchuan Zhao, Menghan Sun, Zhiqiang Lin, Yinqian Zhang, and Kehuan Zhang. Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users. The 49th IEEE/IFIP International Conference on Dependable Systems and Networks, Portland, OR, USA. June 24-27, 2019. [CCF B] [PDF]
[NDSS’19] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. The 26th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 24-27, 2019. [Top] [CCF A] [PDF] [Demo] [CVE-2019-2225]
[ICSME’18] Chao Chen, Wenrui Diao (✉️), Yingpei Zeng, Shanqing Guo (✉️), and Chengyu Hu. DRLgencert: Deep Learning-based Automated Testing of Certificate Verification in SSL/TLS Implementations. The 34th IEEE International Conference on Software Maintenance and Evolution, Madrid, Spain. September 23-29, 2018. [CCF B] [PDF]
[DSN’18] Jia Chen, Ge Han, Shanqing Guo, and Wenrui Diao. FragDroid: Automated User Interface Interaction with Activity and Fragment Analysis in Android Applications. The 48th IEEE/IFIP International Conference on Dependable Systems and Networks, Luxembourg City, Luxembourg. June 23-28, 2018. [CCF B] [PDF]
[NDSS’18] Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. The 25th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 18-21, 2018. [Top] [CCF A] [PDF]
ACM Conference on Computer and Communications Security (CCS): 2024, 2019, 2018
ACM Conference on Data and Application Security and Privacy (CODASPY): 2024
IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER): 2024
IEEE European Symposium on Security and Privacy (IEEE EuroS&P): 2024
International Conference on Availability, Reliability and Security (ARES): 2024
International Conference on Information Security and Cryptology (Inscrypt): 2023, 2022
International Conference on Network and System Security (NSS): 2022
International Conference on Information and Communications Security (ICICS): 2022, 2021
European Symposium on Research in Computer Security (ESORICS): 2022, 2021
International Conference on Information Systems Security and Privacy (ICISSP): 2021, 2020
ACNS Workshop on Security in Machine Learning and its Applications (SiMLA): 2021,2020
IEEE International Conference on Mobile Ad-Hoc and Smart Systems (MASS): 2020
CCF ChinaSoft / 中国软件大会: 2023
ACM Transactions on Software Engineering and Methodology
IEEE Transactions on Mobile Computing
IEEE Transactions on Dependable and Secure Computing
IEEE Transactions on Information Forensics and Security
IEEE Security and Privacy Magazine
Information and Software Technology (Elsevier)
Journal of Network and Computer Applications (Elsevier)
Applied Computing and Informatics (Elsevier)
The Computer Journal (Oxford)
Cybersecurity (Springer)
《通讯学报》
《信息安全学报》
《网络与信息安全学报》
Security Research and Measurement for Android Ecosystem
Aug 2023: 2023年InForSec“网络空间安全”大学生夏令营“导师面对面”专题交流活动
Large-scale Security Measurement for Android Ecosystem
Apr 2023: InForSec 2023年网络空间安全国际学术研究成果分享及青年学者论坛
Android Custom Permissions Demystified
Dec 2021: 之江实验室可信计算前沿学术研讨会
Jul 2021: SIGSAC@ACM Turing Award Celebration Conference - China
BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals
Security Threats to Android System: Exploration, Understanding, and Defense
May 2017: Shandong University, Jinan, China
Apr 2017: Shanghai Jiao Tong University, Shanghai, China
Instructor@SDU:
04630210 - Reverse Engineering (逆向工程): 2024 Spring, 2023 Spring, 2022 Spring
04630130 - Software Security (软件安全): 2023 Fall, 2022 Fall, 2021 Fall, 2020 Fall
04630080 - Computer Networks (计算机网络): 2021 Spring, 2020 Spring
0740003 - Computing System Security (计算系统安全): 2021 Fall, 2020 Fall, 2019 Fall
Instructor@JNU:
08066002 - Secure Programming (安全编程): 2018 Fall
08066003 - Secure Programming Lab (安全编程实验): 2018 Fall
Part-time Instructor@CUHK:
IEMS 5710 - Cryptography, Information Security & Privacy: 2015 Spring
Teaching Assistant@CUHK:
IERG 4090 - Networking Protocols and Systems: 2016 Spring, 2017 Spring
IERG 4831 - Networking Laboratory I: 2016 Spring, 2017 Spring
IERG 3921 - Information Engineering Lab: 2015 Fall
IERG 4210 - Web Programming and Security: 2015 Spring
IERG 3310 - Computer Networks: 2014 Fall
2023: Xiaomi Young Scholar, Shandong University (山东大学小米青年学者)
2022: Taishan Young Scholar, Shandong Province (山东省泰山学者青年专家)
2021: 第十四届全国大学生信息安全竞赛-作品赛 优秀指导教师
2020: ACM SIGSAC China Rising Star Award (ACM SIGSAC China新星奖), 2019
2019: Qilu Young Scholar, Shandong University (山东大学“齐鲁青年学者”)
2017: PETS 2017 Stipends, The 17th Privacy Enhancing Technologies Symposium
2017: Reaching Out Award 2016/17, HKSAR Government Scholarship Fund
2016: IEEE S&P 2016 Student Travel Grants, The 37th IEEE Symposium on Security and Privacy
2012: Dean’s List 2010-2011, Faculty of Engineering, CUHK
研究生: 第七届“强网杯”全国网络安全挑战赛“强网先锋” (2024), DataCon大数据安全分析竞赛-软件安全赛道 第3名 (2023), DataCon大数据安全分析竞赛-互联网威胁溯源赛道 第3名 (2023), 博士研究生国家奖学金 (2023), 山东大学优秀毕业生 (2023), ACM WiSec Student Travel Grants (2022), DataCon大数据安全分析竞赛-邮件安全赛道 第8名 (2021), 硕士研究生国家奖学金 (2021), 山东大学研究生优秀学术成果奖二等奖 (2021), 山东大学第十二届学生“五•四”青年科学奖优秀成果奖 (2021), IEEE S&P Student Registration Grants (2021), 硕士研究生国家奖学金 (2020)
本科生: 第十四届全国大学生信息安全竞赛-作品赛一等奖 (2021)
Rui Li (MS-Ph.D. Student, 2019 - )
Shishuai Yang (MS-Ph.D. Student, 2020 - )
Jianqi Du (Ph.D. Student, 2020 - )
Kailun Yan (Ph.D. Student, 2021 - )
Shuang Li (MS-Ph.D. Student, 2021 - )
Zidong Zhang (MS Student, 2021 - )
Xiaoyin Liu (MS Student, 2021 - )
Jialong Guo (MS Student, 2022 - )
Wenzhi Li (MS Student, 2022 - )
Yifan Yu (MS Student, 2022 - )
Zhentao Xie (MS Student, 2023 - )
Ming Chen (MS Student, 2023 - )
Ruoyan Lin (MS Student, 2023 - )
Huixin Wang (MS Student, 2023 - )
Guangwei Tian (MS Student at Shandong University, Graduated in 2023)
Publications (first author): IEEE QRS 2022
Awards: 山东大学优秀毕业生
First Job: 山东省东营市选调生
Chennan Zhang (MS Student at Shandong University, Graduated in 2023)
Publications (first author): ACM WiSec 2022
Awards: ACM WiSec Student Travel Grants
First Job: Researcher at OPPO子午实验室
Jin Zhang (MS Student at Shandong University, Graduated in 2022)
Publications (first author): ICPADS 2021
Awards: 硕士研究生国家奖学金
First Job: Engineer at TP-Link
Li Zhang (Co-supervised MS Student at Jinan University, Graduated in 2019)
Publications (first author): RAID 2019
Awards: RAID 2019 Student Travel Grants
First Job: Engineer at MingLead Gene