Publications at Top-tier Security & System Conferences

A complete list may be found at publications.

  1. [DAC'25] Zion: A Practical Confidential Virtual Machine Architecture on Commodity RISC-V Processors
    2. Jie Wang, Juan Wang, Yinqian Zhang
    Design Automation Conference, San Francisco, CA, U.S.A., Jun. 23-25, 2025.
  2. [DAC'25] ZenLeak: Practical Last-Level Cache Side-Channel Attacks on AMD Zen Processors
    3. Han Wang, Ming Tang, Quancheng Wang, Ke Xu, Yinqian Zhang
    ACM International Conference on the Foundations of Software Engineering, San Francisco, CA, U.S.A., Jun. 23-25, 2025.
  3. [FSE'25] Detecting Smart Contract State-Inconsistency Bugs via Flow Divergence and Multiplex Symbolic Execution
    4. Yinxi Liu, Wei Meng, Yinqian Zhang
    ACM International Conference on the Foundations of Software Engineering, Trondheim, Norway, Jun. 2025.
  4. [S&P'25] CipherSteal: Stealing Input Data from TEE-Shielded Neural Networks with Ciphertext Side Channels
    5. Yuanyuan Yuan, Zhibo Liu, Sen Deng, Shuai Wang, Yinqian Zhang, Zhendong Su
    IEEE Symposium on Security and Privacy, San Francisco, CA, May. 12-14, 2025.
    [Pdf] | [Bib]
  5. [NDSS'25] I Know What You Asked: Prompt Leakage via KV-Cache Sharing in Multi-Tenant LLM Serving
    6. Guanlong Wu, Zheng Zhang, Jianyu Niu, Weili Wang, Yao Zhang, Ye Wu, Yinqian Zhang
    Network and Distributed System Security Symposium, San Diego, CA,U.S.A., Feb. 24-28, 2025.
    [Pdf] | [Bib]
  6. [NDSS'25] WAVEN: WebAssembly Memory Virtualization for Enclaves
    7. Weili Wang, Honghan Ji, Peixuan He, Yao Zhang, Ye Wu, Yinqian Zhang
    Network and Distributed System Security Symposium, San Diego, CA,U.S.A., Feb. 24-28, 2025.
    [Pdf] | [Bib]
  7. [EuroSys'25] Achilles: Efficient TEE-Assisted BFT Consensus via Rollback Resilient Recovery
    8. Jianyu Niu, Guanlong Wu, Shengqi Liu, Xiaoqing Wen, Jiangshan Yu, Yinqian Zhang
    European Conference on Computer Systems, Rotterdam, The Netherlands, Mar. 30 - Apr. 3, 2025.
  8. [EuroSys'25] Ladon: High-Performance Multi-BFT Consensus via Dynamic Global Ordering
    9. Hanzheng Lyu, Shaokang Xie, Jianyu Niu, Chen Feng, Yinqian Zhang, Ivan Beschastnikh
    European Conference on Computer Systems, Rotterdam, The Netherlands, Mar. 30 - Apr. 3, 2025.
    [Pdf]
  9. [CCS'24] DoubleUp Roll: Double-spending in Arbitrum by Rolling It Back
    10. Zhiyuan Sun, Zihao Li, Xinghao Peng, Xiapu Luo, Muhui Jiang, Hao Zhou, Yinqian Zhang
    ACM Conference on Computer and Communications Security, Salt Lake City, U.S.A., Oct. 14-18, 2024.
    [Pdf] | [Bib]
    Distinguished Paper Award
  10. [CCS'24] HyperTheft: Thieving Model Weights from TEE-Shielded Neural Networks via Ciphertext Side Channels
    11. Yuanyuan Yuan, Zhibo Liu, Sen Deng, Yanzuo Chen, Shuai Wang, Yinqian Zhang, Zhendong Su
    ACM Conference on Computer and Communications Security, Salt Lake City, U.S.A., Oct. 14-18, 2024.
    [Pdf] | [Bib]
  11. [Security'24] π-Jack: Physical-World Adversarial Attack on Monocular Depth Estimation with Perspective Hijacking
    12. Tianyue Zheng, Jingzhi Hu, Rui Tan, Yinqian Zhang, Ying He, Jun Luo
    USENIX Security Symposium, Philadelphia, PA, USA, Aug. 14-16, 2024.
    [Pdf] | [Bib]
  12. [Security'24] HIVE: A Hardware-assisted Isolated Execution Environment for eBPF on AArch64
    13. Peihua Zhang, Chenggang Wu, Xiangyu Meng, Yinqian Zhang, Mingfan Peng, Shiyang Zhang, Bing Hu, Mengyao Xie, Yuanming Lai, Yan Kang, Zhe Wang
    USENIX Security Symposium, Philadelphia, PA, USA, Aug. 14-16, 2024.
    [Pdf] | [Bib]
  13. [HPCA'24] Uncovering and Exploiting AMD Speculative Memory Access Predictors for Fun and Profit
    14. Chang Liu, Dongsheng Wang, Yongqiang Lyu, Pengfei Qiu, Yu Jin, Zhuoyuan Lu, Yinqian Zhang, Gang Qu
    IEEE International Symposium on High-Performance Computer Architecture, Edinburgh, Scotland, UK, Mar. 2-6, 2024.
    [Pdf] | [Bib]
  14. [CCS'23] PANIC: PAN-assisted Intra-process Memory Isolation on ARM
    15. Jiali Xu, Mengyao Xie, Chenggang Wu, Yinqian Zhang, Qijing Li, Xuan Huang, Yuanming Lai, Yan Kang, Wei Wang, Qiang Wei, Zhe Wang
    ACM Conference on Computer and Communications SecurityCopenhagen, Denmark, 26-30 Nov., 2023.
    Distinguished Paper Award
    [Pdf] | [bib]
  15. [Security'23] Reusable Enclaves for Confidential Serverless Computing
    16. Shixuan Zhao, Pinshen Xu, Guoxing Chen, Mengya Zhang, Yinqian Zhang, Zhiqiang Lin
    USENIX Security Symposium, Anaheim, CA, USA, August 9–11, 2023.
    [Pdf] | [bib]
  16. [ISCA'23] TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution Environments
    17. Moein Ghaniyoun, Kristin Barber, Yuan Xiao, Yinqian Zhang, Radu Teodorescu
    International Symposium on Computer Architecture, Orlando, FL, USA, June 17–21, 2023.
    [Pdf] | [bib]
  17. [Security'23] Panda: Security Analysis of Algorand Smart Contracts
    18. Zhiyuan Sun, Xiapu Luo, Yinqian Zhang
    USENIX Security Symposium, Anaheim, CA, USA, August 9–11, 2023.
    [Pdf] | [bib]
  18. [Security'23] Controlled Data Races in Enclaves: Attacks and Detection
    19. Sanchuan Chen, Zhiqiang Lin, Yinqian Zhang
    USENIX Security Symposium, Anaheim, CA, USA, August 9–11, 2023.
    [Pdf] | [bib]
  19. [Security'23] CipherH: Automated Detection of Ciphertext Side-channel Vulnerabilities in Cryptographic Implementations
    20. Sen Deng, Mengyuan Li, Yining Tang, Shuai Wang, Shoumeng Yan, Yinqian Zhang
    USENIX Security Symposium, Anaheim, CA, USA, August 9–11, 2023.
    [Pdf] | [bib]
  20. [CCS'22] Narrator: Secure and Practical State Continuity for Trusted Execution in the Cloud
    21. Jianyu Niu, Wei Peng, Xiaokuan Zhang, Yinqian Zhang
    ACM Conference on Computer and Communications Security (CCS) , Los Angeles, USA, Nov. 2022.
    [Pdf] | [Bib]
  21. [CCS'22] ENGRAFT: Enclave-guarded Raft on Byzantine Faulty Nodes
    22. Weili Wang, Sen Deng, Jianyu Niu, Michael K. Reiter, Yinqian Zhang
    ACM Conference on Computer and Communications Security (CCS) , Los Angeles, USA, Nov. 2022.
    [Pdf] | [Bib]
  22. [CCS'22] CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation
    23. Mengyao Xie, Chenggang Wu, Zhe Wang, Yinqian Zhang, Jiali Xu, Yuanming Lai, Yan Kang, Wei Wang
    ACM Conference on Computer and Communications Security (CCS) , Los Angeles, USA, Nov. 2022.
    Best Paper Award Honorable Mention
    [Pdf] | [Bib]
  23. [S&P'22] A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP
    24. Mengyuan Li, Luca Wilke, Jan Wichelmann, Thomas Eisenbarth, Radu Teodorescu and Yinqian Zhang
    IEEE Symposium on Security and Privacy, San California, May 2022.
    Top 10 Finalists of CSAW Best Applied Research Paper Award
    [Pdf] | [Bib]
  24. [S&P'22] vSGX: Virtualizing SGX Enclaves on AMD SEV
    25. Shixuan Zhao, Mengyuan Li, Yinqian Zhang, Zhiqiang Lin
    IEEE Symposium on Security and Privacy, Virtual, May 2022.
    [Pdf] | [Bib] | [Source Code]
  25. [NDSS'22] Multi-Certificate Attacks against Proof-of-Elapsed-Time And Their Countermeasures
    26. Huibo Wang, Guoxing Chen, Yinqian Zhang, Zhiqiang Lin
    Network and Distributed System Security Symposium, 2022.
    [Pdf]
  26. [Security'22] MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties
    27. Guoxing Chen, Yinqian Zhang
    USENIX Security Symposium, BOSTON, MA, USA, 2022.
    [Pdf] | [Source Code]
  27. [Security'21] Towards Formal Verification of State Continuity for Enclave Programs
    28. Mohit Kumar Jangid, Guoxing Chen, Yinqian Zhang, Zhiqiang Lin
    USENIX Security Symposium, Virtual, Aug. 2021.
    [Pdf] | [Slides]
  28. [Security'21] CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel
    29. Mengyuan Li Yinqian Zhang, Huibo Wang, Kang Li, Yueqiang Cheng
    USENIX Security Symposium, Virtual, Aug. 2021.
    [Pdf] | [Bib] | [Project Homepage]
  29. [Security'21] SelectiveTaint: Efficient Data Flow Tracking With Static Binary Rewriting
    30. Sanchuan Chen, Zhiqiang Lin, Yinqian Zhang
    USENIX Security Symposium, Virtual, Aug. 2021.
    [Pdf] | [Slides] | [Source Code]
  30. [ISCA'21] INTROSPECTRE: A Pre-Silicon Framework for Discovery and Analysis of Transient ExecutionVulnerabilities
    31. Moein Ghaniyoun, Kristin Barber, Yinqian Zhang, Radu Teodorescu
    International Symposium on Computer Architecture, Virtual, Jun. 2021.
    [Pdf] | [Bib]
  31. [CCS'21] CROSSLINE: Breaking "Security-by-Crash" based Memory Isolation in AMD SEV
    32. Mengyuan Li, Yinqian Zhang, Zhiqiang Lin
    ACM Conference on Computer and Communications Security, Virtual, Nov. 2021.
    Best Paper Award Runner-up
    [Pdf] | [Bib]
  32. [CCS'20] FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware
    33. Haohuang Wen, Zhiqiang Lin, Yinqian Zhang
    ACM Conference on Computer and Communications Security, Nov. 2020.
    [Pdf] | [Bib]
  33. [Security'20] TXSPECTOR: Uncovering Attacks in Ethereum from Transactions
    34. Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, Zhiqiang Lin
    USENIX Security Symposium, Aug. 2020.
    [Pdf] | [Bib]
  34. [S&P'20] SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation
    35. Zhe Wang, Chenggang Wu, Mengyao Xie, Yinqian Zhang, Kangjie Lu, Xiaofeng Zhang, Yuanming Lai, Yang Kang, Min Yang
    IEEE Symposium on Security and Privacy, May 2020.
    [Pdf] | [Bib]
  35. [NDSS'20] SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities
    36. Yuan Xiao, Yinqian Zhang, Mircea-Radu Teodorescu
    Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2020.
    [Pdf] | [Bib]
  36. [CCS'19] OPERA: Open Remote Attestation for Intel’s Secure Enclaves
    37. Guoxing Chen, Yinqian Zhang, Ten-Hwang Lai
    ACM Conference on Computer and Communications Security, London, UK, Nov. 2019.
    [Pdf] | [Bib]
  37. [CCS'19] Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps
    38. Chaoshun Zuo, Haohuang Wen, Zhiqiang Lin, Yinqian Zhang
    ACM Conference on Computer and Communications Security, London, UK, Nov. 2019.
    [Pdf] | [Bib]
  38. [Security'19] Exploiting Unprotected I/O Operations in AMD’s Secure Encrypted Virtualization
    39. Mengyuan Li, Yinqian Zhang, Zhiqiang Lin, Yan Solihin
    USENIX Security Symposium, Santa Clara, CA, Aug. 2019.
    [Pdf] | [Bib] | [Presentation]
  39. [Security'19] SafeHidden: An Efficient and Secure Information Hiding Technique Using Re-randomization
    40. Zhe Wang, Chenggang Wu, Yinqian Zhang, Bowen Tang, Pen-Chung Yew, Mengyao Xie, Yuanming Lai, Yan Kang, Yueqiang Cheng, and Zhiping Shi
    USENIX Security Symposium, Santa Clara, CA, Aug. 2019.
    [Pdf] | [Bib] | [Slides]
  40. [NDSS'19] Statistical Privacy for Streaming Traffic
    41. Xiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang
    Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2019.
    [Pdf] | [Bib]
  41. [NDSS'19] OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX
    42. Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Insik Shin, and Byoungyoung Lee
    Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2019.
    [Pdf] | [Bib]
  42. [S&P'19] Why Does Your Data Leak? Uncovering the Data Leakage in Cloud From Mobile Apps
    43. Chaoshun Zuo, Zhiqiang Lin, and Yinqian Zhang.
    IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May. 2019.
    [Pdf] | [Bib] | [Slides]
  43. [CCS'18] HoMonit: Monitoring Smart Home Apps from Encrypted Traffic
    44. Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, Haojin Zhu
    ACM Conference on Computer and Communications Security, Toronto, Canada, Oct. 2018.
    [Pdf] | [Bib]
  44. [S&P'18] Static Evaluation of Noninterference Using Approximate Model Counting
    45. Ziqiao Zhou, Zhiyun Qian, Michael K. Reiter, Yinqian Zhang
    IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May. 2018.
    [Pdf] | [Bib]
  45. [S&P'18] Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races
    46. Guoxing Chen*, Wenhao Wang*, Tianyu Chen, Sanchuan Chen, Yinqian Zhang, XiaoFeng Wang, Ten-Hwang Lai, Dongdai Lin
    IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May. 2018. (* co-first authors)
    [Pdf] | [Bib]
  46. [NDSS'18] OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS
    47. Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, Xiaofeng Wang
    Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2018.
    Top 10 Finalists of CSAW Best Applied Research Paper Award
    [Pdf] | [Bib] | [Video]
  47. [NDSS'18] Face Flashing: A Secure Liveness Detection Protocol based on Light Reflections
    48. Di Tang, Zhe Zhou, Yinqian Zhang, Kehuan Zhang
    Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2018.
    [Pdf] | [Bib]
  48. [INFOCOM'18] Differentially Private Access Patterns for Searchable Symmetric Encryption
    49. Guoxing Chen, Ten H. Lai, Michael Reiter, Yinqian Zhang
    IEEE International Conference on Computer Communications, Honolulu, HI, USA, Apr. 2018.
    [Pdf] | [Bib]| [Source code]
  49. [ATC'18] Peeking Behind the Curtains of Serverless Platforms
    50. Liang Wang, Mengyuan Li, Yinqian Zhang, Thomas Ristenpart, Michael Swift
    Usenix Annual Technical Conference, Boston, MA, USA, Jul. 2018.
    [Pdf] | [Bib]
  50. [CCS'17] Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
    51. Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
    ACM Conference on Computer and Communications Security, Dallas, Texas, USA, Oct. 2017.
    (The CCS version of this paper supersedes arxiv 1707.03473.)
    [Pdf] | [Bib] | [Slides] | [Project Homepage]
  51. [CCS'17] Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
    52. Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter
    ACM Conference on Computer and Communications Security, Dallas, Texas, USA, Oct. 2017.
    (The CCS version of this paper supersedes arxiv 1705.07289.)
    [Pdf] | [Bib]
  52. [CCS'16] Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
    53. Xiaokuan Zhang, Yuan Xiao, Yinqian Zhang
    ACM Conference on Computer and Communications Security, Vienna, Austria, Oct. 2016.
    [Pdf] | [Bib] | [Slides]
  53. [CCS'16] A Software Approach to Defeating Side Channels in Last-Level Caches
    54. Ziqiao Zhou, Michael K. Reiter, Yinqian Zhang
    ACM Conference on Computer and Communications Security, Vienna, Austria, Oct. 2016.
    (The CCS version of this paper supersedes arxiv 1603.05615.)
    [Pdf] | [Bib]
  54. [Security'16] One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation
    55. Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Mircea-Radu Teodorescu
    USENIX Security Symposium, Austin, TX, Aug. 2016.
    Top 10 Finalists of CSAW Best Applied Research Paper Award
    [Pdf] | [Bib] | [Slides]
  55. [CCS'15] Mitigating Storage Side Channels Using Statistical Privacy Mechanisms
    56. Qiuyu Xiao, Michael K. Reiter, Yinqian Zhang
    ACM Conference on Computer and Communications Security, Denver, Colorado, Oct. 2015.
    [Pdf] | [Bib]
  56. [Security'15] A Placement Vulnerability Study in Multi-Tenant Public Clouds
    57. Venkatanathan Varadarajan, Yinqian Zhang, Thomas Ristenpart and Michael Swift
    USENIX Security Symposium, Washington, D.C., Aug. 2015.
    [Pdf] | [Bib]
  57. [CCS'14] Cross-Tenant Side-Channel Attacks in PaaS Clouds
    58. Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart
    ACM Conference on Computer and Communications Security, Scottsdale, AZ, Nov. 2014.
    [Pdf] | [Bib]
  58. [CCS'13] Düppel: Retrofitting Commodity Operating Systems to Mitigate Cache Side Channels in the Cloud
    59. Yinqian Zhang, Michael K. Reiter
    ACM Conference on Computer and Communications Security, Berlin, Germany, Nov. 2013.
    [Pdf] | [Bib]
  59. [CCS'12] Cross-VM Side Channels and Their Use to Extract Private Keys
    60. Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart
    ACM Conference on Computer and Communications Security, Raleigh, NC, Oct. 2012.
    ACM CCS Test-of-Time Award
    [Pdf] | [Bib] | [Slides]
  60. [S&P'11] HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis
    61. Yinqian Zhang, Ari Juels, Alina Oprea, Michael K. Reiter
    IEEE Symposium on Security and Privacy, Oakland, CA, May 2011.
    [Pdf] | [Bib]
  61. [CCS'10] The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis
    62. Yinqian Zhang, Fabian Monrose, Michael K. Reiter
    ACM Conference on Computer and Communications Security, Chicago, IL, Oct. 2010.
    [Pdf] | [Bib]