About meHi! I am Nan Zhang, a Ph.D student of System Security Lab at Indiana University, Bloomington. I am delighted to work with my advisor Dr. XiaoFeng Wang and my colleagues in the lab. My research interests are system security and mobile security including finding vulnerabilities and designing defenses techniques on Android, iOS and IoT systems.
|
Publication
- Nan Zhang, Xianghang Mi, Xuan Feng, XiaoFeng Wang, Yuan Tian, Feng Qian, "Dangerous Skills: Understanding and mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems", In Proceedings of the IEEE Symposium on Security and Privacy (S&P '19), 2019. [PDF] [Demo][Media Coverage: Forbes] CSAW best paper award in applied cyber security research, 2019 (3/80)
- Yi Chen, Mingming Zha, Nan Zhang, Dandan Xu, Qianqian Zhao, Xuan Feng, Kan Yuan, Fnu Suya, Yuan Tian, Kai Chen, XiaoFeng Wang, Wei Zou, "Demystifying Hidden Privacy Settings in Mobile Apps", In Proceedings of the IEEE Symposium on Security and Privacy (S&P '19), 2019. [PDF]
- Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han, "Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews", In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS '17), 2017. [PDF][Demo]
- Yuan Tian, Nan Zhang, Yueh-Hsun Lin, Xiaofeng Wang, Blase Ur, Xianzheng Guo, Patrick Tague, "SmartAuth: User-Centered Authorization for the Internet of Things", In Proceedings of 26th USENIX Security Symposium (USENIX '17), 2017. [PDF]
- Xiaolong Bai, Zhe Zhou, XiaoFeng Wang, Zhou Li, Xianghang Mi, Nan Zhang, Tongxin Li, Shi-Min Hu, Kehuan Zhang, "Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment", In Proceedings of 26th USENIX Security Symposium (USENIX '17), 2017. [PDF][Demo]
- Soteris Demetriou, Nan Zhang, Yeonjoon Lee, XiaoFeng Wang, Carl Gunter, Xiaoyong Zhou, Michael Grace, "HanGuard: SDN-Driven Protection of Smart Home WiFi Devices from Malicious Mobile Apps", In 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2017. [PDF][Video][Demo]
- Yeonjoon Lee, Tongxin Li, Nan Zhang, Soteris Demetriou, Mingming Zha, XiaoFeng Wang, Kai Chen, Xiaoyong Zhou, Xinhui Han, Michael Grace, "Ghost Installer in the Shadow: Security analysis of App Installation on Android", In 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017. [PDF][Demo]
- Xiaolong Bai, Luyi Xing, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, Shi-Min Hu, "Apple ZeroConf Holes: How Hackers Can Steal iPhone Photos", IEEE Security and Privacy, vol. 15, no. 2 (2017): 42-49. [Link]
- Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian, Carl A Gunter, Kehuan Zhang, Patrick Tague, Yue-Hsun Lin, "Understanding IoT Security Through Data Crystal Ball: Where We Are Now and Where We Are Going to Be", arXiv preprint, arXiv:1703.09809, 2017. [PDF]
- Nan Zhang,"Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization", In Blackhat USA, 2016. [Link]
- Xiaolong Bai, Luyi Xing, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, Shi-Min Hu, "Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf", In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P '16), 2016. [PDF][Demo][Media Coverage: Forbes]
- [Nan Zhang, Yousra Aafer] co-first author, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, Michael Grace, “Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References”, In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS '15), 2015. [PDF][Demo]
- Kai Chen, Peng Wang, Yeonjoon Lee, XiaoFeng Wang, Nan Zhang, Heqing Huang, Wei Zou, Peng Liu, “Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale”, In Proceedings of 24th USENIX Security Symposium (USENIX '15), 2015. [PDF][Demo]
- Nan Zhang, Kan Yuan, Muhammad Naveed, Xiaoyong Zhou, XiaoFeng Wang, “Leave Me Alone: App-level Protection Against Runtime Information Gathering on Android”, In Proceedings of the 36th IEEE Symposium on Security and Privacy (S&P '15), 2015. [PDF][Demo][Media Coverage: ComputerWorld]
- Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed, XiaoFeng Wang, “The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations”, In Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P '14), 2014. [PDF] [Demo][Media Coverage: The Register] CSAW best paper award in applied cyber security research, 2014 (3/80)
- Yu Yao, Nan Zhang, Wenlong Xiang, Ge Yu, Fuxiang Gao, “Modeling and Analysis of Bifurcation in a Delayed Worm Propagation Model”, In Journal of Applied Mathematics, vol. 2013, Article ID 927369, 11 pages, 2013 . [Link]
- Yu Yao, Nan Zhang, Fu-Xiang Gao, Ge Yu, “Bifurcation in a delayed worm propagation model with birth and death rates”, In Systems and Informatics (ICSAI), 2012 International Conference on, pp. 1517-1521, 2012. [Link]
Useful links |
Contact meEmail: nz3_AT_indiana_DOT_edu
|