Yuan Xiao, PhD

Department of Computer Science and Engineering
The Ohio State University

Office: 439 Baker Systems Engeering Bldg

Email: xiao (dot) 465 (at) osu (dot) edu

I have obtained my PhD degree in the Department of Computer Science and Engineering at OSU advised by Yinqian Zhang. I work in system security, specializing in side-channel attacks. My research covers a wide variety of topics including speculative execution vulnerabilitites (Meltdown/Spectre/L1TF/MDS/...), microarchitectural side-channel vulnerabilitites (page/cache/branch/...), rowhammer vulnerabilities, Intel SGX, operating system, cloud security, mobile security, IoT security, etc. My recently published work was a tool framework called SpeechMiner to analyze and measure speculative execution side-channel vulnerabilities in x86 processors. Our latest work is a new type of side-channel attacks which is currently in submission.

I completed my bachelor's in School of Information Security at Shanghai Jiao Tong University in 2015.

Big fan of all kinds of sports (basketball, football, soccer, squash...), music (no preference in genre as long as it is good music) and video games (Overwatch is dominating presently but I also play all types of games on all platforms!). Also a crazy movie lover, the type that goes to movie theatre 3 times per week.



SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities
Yuan Xiao, Yinqian Zhang, Radu Teodorescu
NDSS, 2020. PDF slides video (To be open-sourced)

SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution
Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, Ten H. Lai
EuroS&P, 2019. PDF Github

OBFSCURO: A Commodity Obfuscation Engine on Intel SGX
Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Insik Shin, Byoungyoung Lee
NDSS, 2019. PDF

Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
CCS, 2017. PDF slides arxiv Github

Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
Xiaokuan Zhang, Yuan Xiao, Yinqian Zhang
CCS, 2016. PDF slides

One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation
Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Mircea-Radu Teodorescu
USENIX Security, 2016. PDF slides
Awarded: CSAW'16 Practical Research Final-list

Research Interests

System security, side-channel attacks, shielded execution (SGX), cloud security, networking, SSL/TLS.

Work Experience

Intern: Microsoft Research 2019.5 - 2019.8      

Intern: Intel Labs 2018.5 - 2018.8      

Graduate Research Associate 2015.8 - 2020.7      

Graduate Teaching Associate (CSE 5473: Network Security) 2016.1 - 2016.5       

Graduate Teaching Associate (CSE 3461/5461: Computer Networking and Internet Technologies) 2015.8 - 2015.12     

Useful Links

The lightning video of my presentation on USENIX Security, August 2016, Austin TX. (QuickTime Player on mac may have no-audio issue opening it.)

My CV could be downloaded here.

And meet my cat :)