Yuan Xiao

Department of Computer Science and Engineering
The Ohio State University

Office: 439 Baker Systems Engeering Bldg

Email: xiao (dot) 465 (at) osu (dot) edu


I am a Ph.D. candidate in the Department of Computer Science and Engineering at OSU advised by Yinqian Zhang since August 2015. I work in system security, specializing in side-channel attacks. Recently I am working on Meltdown/Spectre-type attacks as well as IoT and cloud security. My previous work was a tool framework called Stacco to detect side-channel vulnerabilities in SSL/TLS libraries running inside SGX enclave.

I completed my bachelor's in School of Information Security at Shanghai Jiao Tong University in 2015.

Big fan of all kinds of sports (basketball, football, soccer, squash...) and video games (Overwatch is dominating presently but I also play all kinds of games on all platforms!). Also a crazy movie lover, the type that goes to movie theatre 3 times per week.

 

Publication


SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities
Yuan Xiao, Yinqian Zhang, Radu Teodorescu
NDSS, 2020. To appear.

SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution
Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, Ten H. Lai
EuroS&P, 2019. PDF Github

OBFSCURO: A Commodity Obfuscation Engine on Intel SGX
Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Insik Shin, Byoungyoung Lee
NDSS, 2019. PDF

Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
CCS, 2017. PDF slides arxiv Github

Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
Xiaokuan Zhang, Yuan Xiao, Yinqian Zhang
CCS, 2016. PDF slides

One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation
Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Mircea-Radu Teodorescu
USENIX Security, 2016. PDF slides
Awarded: CSAW'16 Practical Research Final-list

Research Interests


System security, side-channel attacks, shielded execution (SGX), cloud security, networking, SSL/TLS.

Work Experience


Intern: Microsoft Research 2019.5 - 2019.8      

Intern: Intel Labs 2018.5 - 2018.8      

Graduate Research Associate 2015.8 - Present      

Graduate Teaching Associate (CSE 5473: Network Security) 2016.1 - 2016.5       

Graduate Teaching Associate (CSE 3461/5461: Computer Networking and Internet Technologies) 2015.8 - 2015.12     

Useful Links


The lightning video of my presentation on USENIX Security, August 2016, Austin TX. (QuickTime Player on mac may have no-audio issue opening it.)

My CV could be downloaded here.

And meet my cat :)