Department of Information Engineering
Chinese University of Hong Kong (CUHK)
Email: dywu [at] ie.cuhk.edu.hk
Gmail: daoyuan0x
DBLP |
Google Scholar
I am a Research Assistant Professor in Information Engineering at The Chinese University of Hong Kong (CUHK) since August 2019. Prior to CUHK, I earned my PhD degree in 2019 from Singapore Management University (SMU) in the School of Information Systems. My PhD study was generously supported by SMU's Secure Mobile Center (SMC) PhD Scholarship (the only awardee). Before pursuing my PhD in Singapore, I received the M.Phil. in Computing from The Hong Kong Polytechnic University in 2015, and B.E. from Nanjing University of Posts and Telecommunications in 2011.
I am broadly interested in system and network security, with a focus on the vulnerability and privacy research. My major research methodology includes program analysis, network measurement, and data mining or analytics. In particular, I am one of the pioneers in using on-device app crowdsourcing (see our
NetMon and
MopEye apps) for security and networking research. I am also an expert in developing practical Android static analysis, for which I am leading a long-term project on using search-based static analysis for Android security. Besides publishing papers in top-tier venues (NDSS, USENIX ATC, CoNEXT, and INFOCOM), I have reported many app vulnerabilities on both Android and iOS (over 60 CVEs), as well as one system issue in Android (CVE-2014-7224) and one in iOS (CVE-2015-5921).
I am leading the Vulnerability and Privacy Research (VPR) Group, which is affiliated with Prof. Kehuan Zhang's LASR.
Positions available: Oversea PhD Students in CUHK; and Research Engineers and Postdoctoral Fellows in SMU.
Static Mobile Security Analysis: XXX Tool (soon), OPTool [NDSS'19], DSDK Inconsistency [WASA'17], Native Code Stack [ICISC'15], and ECVDetector [arXiv'14].
Dynamic Mobile Security Analysis: Insecure Open Ports [NDSS'19], Remote Webview Attacks [MoST'15], Local Webview File:// Attack [ISC'14], SCLib [CODASPY'18], and UpDroid [WiSec'18].
Mobile Network Measurement: MopEye [ATC'17], NetMon [NDSS'19], MopEye Dataset [IWQoS'19], Speedtest Inaccuracy [INFOCOM'15, TMC'17], and AcuteMon [CoNEXT'16].
Network Component Auditing: VoIP Fuzzing (technical report).
Mining or Learning for Security: Android Vuln. Reports [AsiaCCS'19].
Blockchain and Smart Contract: Under research (stay tuned).
| C12 |
Towards Understanding Android System Vulnerabilities: Techniques and Insights AsiaCCS '19 |
| C11 |
An Empirical Study of Mobile Network Behavior and Application Performance in the Wild IWQoS '19 |
| C10 |
Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment NDSS '19 |
| C9 |
Towards Dynamically Monitoring Android Applications on Non-rooted Devices in the Wild WiSec '18 |
| C8 |
SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications CODASPY '18 |
| C7 |
MopEye: Opportunistic Monitoring of Per-app Mobile Network Performance USENIX ATC '17 |
| C6 |
Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps WASA '17 |
| C5 |
Demystifying and Puncturing the Inflated Delay in Smartphone-based WiFi Network Measurement CoNEXT '16 |
| C4 |
Stack Layout Randomization with Minimal Rewriting of Android Binaries ICISC '15 |
| C3 |
On the Accuracy of Smartphone-based Mobile Network Measurement INFOCOM '15 |
| C2 |
Indirect File Leaks in Mobile Applications MoST '15 |
| C1 |
Analyzing Android Browser Apps for file:// Vulnerabilities ISC '14 |
| J1 |
Toward Accurate Network Delay Measurement on Android Phones TMC '17 |
| R4 |
Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls arXiv '19 |
| R3 |
Understanding Android VoIP Security: A System-level Vulnerability Assessment TR'19 |
| R2 |
MopEye: Monitoring Per-app Network Performance with Zero Measurement Traffic CoNEXT '15 Poster |
| R1 |
A Sink-driven Approach to Detecting Exposed Component Vulnerabilities in Android Apps arXiv '14 |
| T4 |
Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis CUHK Seminar '19 |
| T3 |
On-device Crowdsourcing and Bytecode Search for Advancing Android App Analysis HKBU Seminar '19 |
| T2 |
Cross-Platform Analysis of Indirect File Leaks in Android and iOS Applications HitCon Pacific '17 |
| T1 |
On the Feasibility of Automatically Generating Android Component Hijacking Exploits HitCon '14 |
2019 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (only in CUHK) and mirror website (public).
PhD Students: Xiao Yi (at CUHK from 2019 to present).
MSc Students at CUHK (19-20): CHEN Mengjie, FANG Ming, LI Lixiang, and XIONG Weiyan.
Master Students: Lingzhi Qiu (at NUPT in 2014 for ICC'15) and Huiya Zhu (at PKUSZ in 2011/12 for ICCET'12).
Undergraduate Students: Shiwei Zhang (at SUSTech in 2018 for IWQoS'19) and Zixiong Zhang (at NUPT in 2014 for ICC'15).
CUHK: Kehuan Zhang and Guoliang Xing.
SMU: Debin Gao (my PhD advisor), Robert H. Deng (my PhD co-advisor), Yingjiu Li, David Lo, and Lingxiao Jiang.
PolyU: Rocky K. C. Chang (my MPhil advisor), Eric K. T. Cheng, and Xiapu Luo (the advisor with whom I did RA in 2011/12).
Others: En He (at OPPO), Weichao Li (at SUSTech), Haoyu Ma (at Xidian), Haoyu Wang (at BUPT), Ricky K. P. Mok (at UCSD), Fengwei Zhang (at SUSTech), and Yao Cheng (at Huawei).
I am maintaining a list of interesting computer security papers and a list of mobile app related software engineering papers.
Security Journals: TIFS (special issues), TDSC (special issues), Computers & Security (special issues), TISSEC and JCS.
Storytelling 101: Writing Tips for Academics (by Nick Feamster)
Computer Security Conference Ranking and Statistic (by Guofei Gu)
Top Crypto and Security Conferences Ranking (by Jianying Zhou)
Top Publication Venues in Computer Science (by Andrew Myers)
ArnetMiner CS Rank: conference rank and organization rank.
CCF Conference and Journal Rankings: Security, Networking, System, and Software Engineering.
Google Scholar Metrics in Computer Security, Computing Systems, Computer Networks, and Software Systems.
Industry Cybersecurity Conference Directory, SKKU seclab | Upcoming Events, and Cipher Call-for-papers.