Yue Zhang (张悦)

Postdoctoral Scholar

Computer Science and Engineering

The Ohio State University

Address:

439 Bake Systems Bldg

Columbus OH, 43210

Email: zyueinfosec AT gmail DOT com or zhang DOT 12047 AT osu DOT edu

You can also find me at [Google Scholar] [DBLP]

⌚ News

------------------------✦------------------------

✯ 2022. Sep- Two papers accepted by The Network and Distributed System Security (NDSS) Symposium 2023 (AR 19.6%) -𝕟𝕖𝕨 !

✯ 2022. Aug- One paper accepted by ACM Conference on Computer and Communications Security (CCS) , 2022 -𝕟𝕖𝕨 !

✯ 2022. Apr - One paper accepted by the International Conference on Distributed Computing Systems (ICDCS), 2022 -𝕟𝕖𝕨 !

✯ 2022. Mar - One paper accepted by ACM Conference on Computer and Communications Security (CCS) , 2022 -𝕟𝕖𝕨 !

✯ 2022. Jan - I will serve as TPC Member for IEEE DSC 2022

✯ 2021. Dec - I will serve as TPC Member for SecureComm 2022 (18th EAI International Conference on Security and Privacy in Communication Networks )

✯2021. Dec - One paper accepted by the IEEE International Conference on Computer Communications (INFOCOM) , 2022

✯ 2021. Oct - One paper accepted by IEEE Transactions on Dependable and Secure Computing - (TDSC)

✯ 2021. Sep - Tencent has confirmed with 4 vulnerabilities, ranked 1 low, 2 medium and 1 high, and awarded us with bug bounties.

✯ 2021. Jun - Tencent has confirmed with 2 vulnerabilities, and awarded us with bug bounties.

✯ 2021. May - One paper accepted by IEEE Transactions on Dependable and Secure Computing - (TDSC)

✯ 2021. Apr - One paper accepted by ACM SIGMETRICS 2021 (Tier 1)

✯ 2021. Mar - One paper accepted by the International Conference on Distributed Computing Systems (ICDCS), 2021

✯ 2021. Feb - One paper won the First Prize of Outstanding Research Paper Award , Guangdong Computer Academy (2021), China

✯ 2021. Jan - Android Security Team confirmed our findings and ranked the flaws as high severity.

✯ 2021. Jan - Bluetooth SIG assigned us a CVE number for the identified Bluetooth flaw.

✯2020. Dec - One paper accepted by the IEEE International Conference on Computer Communications (INFOCOM) , 2021

✯ 2020. Nov - Two journal papers have been accepted (IoT Journal, CMC)

✯ 2020. Oct - I Joined Ohio State University as a Postdoctoral Scholar

✯ 2020. May - One paper has been accepted for publication in the 29th USENIX Security Symposium

✯ 2020. Mar - Apple has credited our contribution based on our vulnerability report and assigned us a CVE number (CVE-2020-9770)

♞ About ME

Biography

I am a postdoc at The Ohio State University (OSU) My advisor is Prof. Zhiqiang Lin. Before coming to OSU, I graduated from Jinan University, under the supervision of Jian Weng. Also, I ever visited / worked at University of Central Florida (UCF) / University of Massachusetts Lowell (UML), under the supervision of Xinwen Fu. My research focuses on system security, especially IoT security.

Research Interests

Bluetooth Security, IoT Security, Mobile Security, Blockchain


✺ Professional Activities

-------------✦-------------

TPC member

  • TPC Member for 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022)

  • TPC Member for IEEE Conference on Dependable and Secure Computing 2022 (IEEE DSC 2022)

Reviewer (Sub-Reviewer):

  • IEEE Transactions on Dependable and Secure Computing - (TDSC) 2019-2022

  • IEEE Transactions on Information Forensics and Security - (TIFS) 2022

  • IEEE Internet of Things Journal (IOT-J) 2018-2022

  • IEEE International Conference on Computer Communications (INFOCOM) 2021

  • IEEE Transactions on Services Computing (TSC) 2019-2022.

  • IEEE Transactions on Mobile Computing (TMC) 2016,2022

  • IEEE Global Communications Conference (GlobalComm) 2016-2020

  • Secure Communication Systems (SecureComm) 2019

  • IEEE International Conference on Communications (ICC) 2017

  • International Conference on Technological Emerging Challenges (ICTEC) 2017

  • IEEE Conference on Communications and Network Security (CNS) 2017

  • IEEE International Conference on Cloud Computing Technology and Science (CloudCom) 2017

  • IEEE Conference on Dependable and Secure Computing (IDSC) 2017

Selected & Invited Talk:

  • BLESS: A BLE Application Security Scanning Framework, in INFOCOM 20.

  • Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks, in USENIX Security 20.

  • Conference on Trusted Computing and Information Security , Changsha, Hunan (11th)

  • CCF YOCSEF, Guangzhou, China (May,15, 2017)

♚ MAJOR HONORS AND AWARDS

-------------✦-------------

Awards:

  • 2021: The First Prize, Outstanding Research Paper Award of Guang Dong Computer Federation ("DeepChain: Auditable and Privacy-Preserving Deep Learning with Blockchain-based Incentive.")

  • 2020: Excellent Graduate Students of Guangdong Province [0.25%]

  • 2019: The First Prize, Outstanding Research Paper Award of Guang Dong Computer Federation ("CrowdBC: A blockchain-based decentralized framework for crowdsourcing.")

  • 2019: Best Paper Award, IEEE International Conference on Industrial Internet

  • 2019: One paper was listed on Essential Science Indicators (ESI) ranking as "Highly Cited Paper" from Web of Science

  • 2018: National scholarship for Ph. D Students in Cyber Security, 50000 RMB

  • 2016: Outstanding Graduates

  • 2015: National scholarship for Master Students, 20000 RMB

  • 2015: Reaching Fund on Android Security, 4000 RMB

  • 2014: The Third Prize, Microsoft ImagineCup for College Students in Shannxi Province,1000RMB

  • 2014: The First Prize, Science and Technology Contest for College Students, Zhongxing Telecommunication Equipment Corporation

  • 2014: The Second Prize , Software Design Competition, Programmable System Inc, Shanghai, China

Selected CVEs & Vulnerabilities :

  • 2021: We discovered two vulnerabilities in Mosquitto version 2.0.7 (CVE-2021-28166 and CVE-2021-34432).

  • 2021: Tencent has confirmed with 6 vulnerabilities, ranked 3 low, 2 medium and 1 high, and awarded us with bug bounties.

  • 2020: We have identified a few Bluetooth vulnerabilities of Apple products. Apple acknowledged our findings and released a patch. Details can be tracked via CVE-2020-9770;

  • 2020: The Google Android Security Team also acknowledged the Bluetooth design flaws and rated the identified Android vulnerabilities as High severity Details can be tracked via Android ID 130833727.

  • 2019: TI's PSIRT has released a patched SDK to "Update authentication parameters when transitioning between authenticated/non-authenticated pairing'' based on the reported vulnerabilities of TI's BLE stack (CVE-2020-16630).

  • 2019: Two CVEs (CVE-2019-18388 and CVE-2019-18389) were assigned to track the bugs identified in QEMU/KVM Virtio Devices.

  • 2018: The accessibility abusing vulnerabilities could be tracked through AndroidID-79268769 and CVE-2018-9376.

  • 2016: I was under the supervision of Prof. Dong Zheng when I was chasing my Master Degree. I worked closely with him and explored the design flaws that severely undermine the security of Cloud Drives. The findings were widely reported by mainstream media in China, including China Central Television (CCTV), Weibo, Sohu and various other presses. [▶ refer to news from CCTV]


✒ Recent Publications (Complete list)

-------------✦-------------

I have published more than 30 papers. My publications appeared in top-tier conferences (e.g., Usenix Security, ACM CCS, SIGMETRICS, Blackhat Asia, INFOCOM), and top-tier journals (e.g., TDSC, TPDS).

✍ BOOK CHAPTERS

  1. Yue Zhang, Jian Weng, Rajib Dey and Xinwen Fu, Bluetooth Low Energy (BLE) Security and Privacy, Encyclopedia of Wireless Networks, Springier Nature Switzerland AG, 2019 [PDF]

✍ JOURNALS

  1. [IoT-J22] - Luo, Lan, Yue Zhang, Clayton White, Brandon Keating, Bryan Pearson, Xinhui Shao, Zhen Ling, Haofei Yu, Cliff Zou, and Xinwen Fu. "On Security of TrustZone-M Based IoT Systems." IEEE Internet of Things Journal (2022).

  2. [TDSC 21] -Shao, Zhijian, Jian Weng, Yue Zhang, Yongdong Wu, Ming Li, Jiasi Weng, Weiqi Luo, and Shui Yu. "Peripheral-free Device Pairing by RandomlySwitching Power." IEEE Transactions on Dependable and Secure Computing, to appear, 2021.[CCF-A]

  3. [TDSC 21] -Hongwei Huang, Weiqi Luo, Guoqiang Zeng, Jian Weng, Yue Zhang, and Anjia Yang, DAMIA: Leveraging Domain Adaptation as a Defense against Membership Inference Attacks, IEEE Transactions on Dependable and Secure Computing, to appear, 2021.[CCF-A]

  4. [IoT-J 21] - Liu, Kaizheng, Ming Yang, Zhen Ling, Huaiyu Yan, Yue Zhang, Xinwen Fu, and Wei Zhao. "On Manually Reverse Engineering Communication Protocols of Linux Based IoT Systems." IEEE Internet of Things Journal .[JCR-Q1]

  5. [TVT 20] - Kang-Di Lu, Guo-Qiang Zeng, Jian Weng, Yue Zhang, Ming Li. "An Adaptive Resilient Load Frequency Controller for Smart Grids with DoS Attacks" IEEE Transactions on Vehicular Technology. [JCR-Q2]

  6. [TDSC 19] - Weng Jia-Si, Jian Weng, Ming Li, Yue Zhang, and Weiqi Luo. "DeepChain: Auditable and Privacy-Preserving Deep Learning with Blockchain-based Incentive.", IEEE Transactions on Dependable and Secure Computing (2019). [CCF-A] [Highly Cited Paper]

  7. [TDSC 19] - Yue Zhang, Jian Weng, Jiasi Weng, Lin Hou, Anjia Yang, Ming Li, Yang Xiang, and Robert Deng. "Looking Back! Using Early Versions of Android Apps as Attack Vectors." IEEE Transactions on Dependable and Secure Computing (2019). [CCF-A]

  8. [TPDS 18] -Li, Ming, Jian Weng, Anjia Yang, Wei Lu, Yue Zhang, Lin Hou, Jia-Nan Liu, Yang Xiang, and Robert H. Deng. "CrowdBC: A blockchain-based decentralized framework for crowdsourcing." IEEE Transactions on Parallel and Distributed Systems ,30, no. 6 (2018): 1251-1266. [CCF-A] [Highly Cited Paper]

  9. [TVT 18]-Weng, Jia-Si, Jian Weng, Yue Zhang, Weiqi Luo, and Weiming Lan. "Benbi: Scalable and dynamic access control on the northbound interface of SDN-based Vanet." IEEE Transactions on Vehicular Technology 68, no. 1 (2018): 822-831.[JCR-Q2]

✍ CONFERENCES

  1. [CCS 22] - Allen Y. Yang, Yue Zhang, Zhiqiang Lin. "Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection". In Proceedings of the 29th ACM Conference on Computer and Communications Security. November 2022. [CCF-A][Tier 1] [BIG4]

  2. [ICDCS 22] - Shan Wang, Zhen Ling, Yue Zhang, Ruizhao Liu, Joshua Kraunelisk, Kang Jia, Bryan Pearson, Xinwen Fu. "Implication of Animation on Android Security", to appear in International Conference on Distributed Computing Systems. [CCF-B]

  3. [CCS 22] - Yue Zhang, Zhiqiang Lin. "When Good Becomes Evil: Tracking Bluetooth Low Energy Devices via Allowlist-based Side Channel and Its Countermeasure". In Proceedings of the 29th ACM Conference on Computer and Communications Security. November 2022. [CCF-A][Tier 1] [BIG4]

  4. [INFOCOM 22] - Pearson Bryan, Yue Zhang, Cliff Zou, and Xinwen Fu. “FUME: Fuzzing Message Queuing Telemetry Transport Brokers.” accepted by IEEE International Conference on Computer Communications, 2022

  5. [SIGMETRICS 21] . Yue Zhang, Bayan Turkistani, Allen Yuqing Yang, Chaoshun Zuo, and Zhiqiang Lin. "A Measurement Study of Wechat Mini-Apps", In Proceedings of the ACM on Measurement and Analysis of Computing Systems (POMACS). June 2021. [Tier 1][AR 12.1%] [CCF-B]

  6. [ICDCS 21] - Shan Wang, Ming Yang, Yue Zhang, Yan Luo, Tingjian Ge, Xinwen Fu, Wei Zhao. "On Private Data Collection of Hyperledger Fabric", to appear in International Conference on Distributed Computing Systems. [CCF-B][AR 19.8 %]

  7. [INFOCOM 21] - Zhen Ling, Ruizhao Liu, Yue Zhang, Kang Jia, Bryan Pearson, Xinwen Fu, Junzhou Luo, "Prison Break of Android Reflection Restriction and Defense", accepted to appear in Proceedings of the 40th IEEE International Conference on Computer Communications, May 10-13, 2021. [CCF-A][AR 19.9%]

  8. [USENIX Security20] -Yue Zhang, Jian Weng, Rajib Dey, Yier Jin, Zhiqiang Lin, and Xinwen Fu. "Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks", To appear in Usenix Security 2020 [CCF-A][Tier 1] [BIG4] [AR 16.1%][PDF][Slides][Talk]

  9. [BlackHat Asia 20] - Zhijian Shao, Jian Weng, Yue Zhang. "3d Red Pill: A Guest-to-Host Escape on QEMU/KVM Virtio Device" , To appear in BlackHat Asia 2020. [PDF][Slides]

  10. [INFOCOM 20]- Yue Zhang, Jian Weng, Zhen Ling, Bryan Pearson, and Xinwen Fu. "BLESS: A BLE Application Security Scanning Framework" accepted by IEEE International Conference on Computer Communications ,2020. [CCF-A][AR 19.8%][PDF][Code]

  11. [GlobalCom 20] Luo, Lan, Yue Zhang, Cliff C. Zou, Xinhui Shao, Zhen Ling, and Xinwen Fu. "On Runtime Software Security of TrustZone-M based IoT Devices", To appear in the IEEE Global Communications Conference. 2020. [CCF-C]

  12. [ICPADS 20] Pearson Bryan, Cliff Zou, Yue Zhang, Zhen Ling, and Xinwen Fu. "SIC 2: Securing Microcontroller Based IoT Devices with Low-cost Crypto Coprocessors." IEEE International Conference on Parallel and Distributed Systems , 2020. [CCF-C]

  13. [RAID 19]-Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang, XiaoFeng Wang. Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android,Accepted by the 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China, September, 2019. [CCF-B][AR 22%]

  14. [ICC 19]-Pearson, Bryan, Lan Luo, Yue Zhang, Rajib Dey, Zhen Ling, Mostafa Bassiouni, and Xinwen Fu. "On Misconception of Hardware and Cost in IoT Security and Privacy."[CCF-C]

  15. [ICII 19]-Gao Chao, Luo Lan,Yue Zhang, Pearson Bryan, Fu Xinwen,"Microcontroller Based IoT System Firmware Security: Case Studies ",IEEE International Conference on Industrial Internet. [Invited paper][Best Paper Award]