Xiaokuan Zhang


Postdoctoral Researcher
School of Cybersecurity and Privacy
College of Computing
Georgia Institute of Technology

Email: xiaokuan.zhang.cs AT gmail DOT com [Google Scholar] [C.V.] [Github]

About Me

I am currently a postdoc researcher at Georgia Tech, working with Prof. Taesoo Kim. I have graduated from The Ohio State University (OSU) with a Ph.D. in Computer Science and Engineering in Aug. 2021. My advisor at OSU is Prof. Yinqian Zhang. Before coming to OSU, I graduated from Shanghai Jiao Tong University (SJTU) with a Bachelor's degree in Computer Science in 2015.

I am interested in different areas of security & privacy, including system security, side-channel security, mobile security, IoT security, etc. I am one of the recipients of the NortonLifeLock Research Group Graduate Fellowship in 2020. I have interned at Google and Microsoft Research.

I will join George Mason University as an assistant professor in Aug. 2022. If you are interested in working with me at GMU, please read this [note]. You may also find the Chinese version here.

News

  • (08/2021)[Ph.D. Defense] I have successfully defended my Ph.D. and graduated from OSU. I will first join the group of Prof. Taesoo Kim at Gatech as a Postdoc, then join George Mason University as an assistant professor in Aug. 2022.
  • (07/2021)[Committee]I am invited to be a Qualification Round program committee member for NYU’s CSAW’21 Cyber Security Applied Research Paper Competition.
  • (05/2021)[Committee] I am invited to serve on the program committee of the 2021 ACM Cloud Computing Security Workshop (CCSW).
  • (05/2021)[Paper] Our paper, "Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic", has been accepted to appear in ACM CCS 2021! Congrats to Suibin/Le from SJTU, and my collaborators!
  • (04/2021)[Paper] Our paper, "Dissecting Click Fraud Autonomy in the Wild", has been accepted to appear in ACM CCS 2021! Congrats to Tong/Yan from SJTU, and my collaborators!
  • (09/2020)[Committee]I am invited to be a Qualification Round program committee member for NYU’s CSAW’20 Cyber Security Applied Research Paper Competition.
  • (07/2020)[Paper] Our paper, "SurfaceFleet: Exploring Distributed Interactions Unbounded from Device, Application, User, and Time", has been accepted to appear in ACM UIST 2020! Congrats to my colleagues in the EPIC group at MSR!
  • (06/2020)[Paper] Our paper, "TXSPECTOR: Uncovering Attacks in Ethereum from Transactions", has been accepted to appear in USENIX Security 2020!
  • (05/2020)[Committee] I am invited to serve on the program committee of the 2020 ACM Cloud Computing Security Workshop (CCSW).
  • (04/2020)[Award] I am honored to receive the Graduate Research Award from our CSE department!
  • (03/2020)[Award] I am thrilled to be one of three students worldwide to receive the NortonLifeLock Research Group Graduate Fellowship!
  • (03/2020)[Committee] I am invited to serve on the program committee of the 2020 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).

Awards & Honors

  • NortonLifeLock Research Group (Symantec Research Labs) Graduate Fellowship (1 of 3 students selected worldwide) 2020
  • Graduate Research Award, CSE Department, Ohio State University 2020
  • Nomination for Google Ph.D. Fellowship, CSE Department, Ohio State University 2019
  • Top 10 Finalists of CSAW Applied Security Research Competition2018
  • Top 10 Finalists of CSAW Applied Security Research Competition2016
  • Academic Excellence Scholarship of Shanghai Jiao Tong University2014
  • Excellent Student Cadre of Shanghai Jiao Tong University2013
  • Academic Excellence Scholarship of Shanghai Jiao Tong University2012
  • National Olympiad in Informatics in Provinces (NOIP), First Prize in Fujian Province2010

Publications

  • Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic [pdf]
    Suibin Sun, Le Yu, Xiaokuan Zhang, Minhui Xue, Ren Zhou, Haojin Zhu, Shuang Hao, Xiaodong Lin
    CCS'21, Virtual Event, USA, Nov. 2021. (Acceptance rate: xx%)

  • Dissecting Click Fraud Autonomy in the Wild [pdf]
    Tong Zhu, Yan Meng, Haotian Hu, Xiaokuan Zhang, Minhui Xue, Haojin Zhu
    CCS'21, Virtual Event, USA, Nov. 2021. (Acceptance rate: xx%)

  • SurfaceFleet: Exploring Distributed Interactions Unbounded from Device, Application, User, and Time [pdf] [link]
    Frederik Brudy, David Ledo, Michel Pahud, Nathalie Henry Riche, Christian Holz, Anand Waghmare, Hemant Surale, Marcus Peinado, Xiaokuan Zhang, Shannon Joyner, Badrish Chandramouli, Umar Farooq Minhas, Jonathan Goldstein, Bill Buxton, Ken Hinckley
    UIST'20, Virtual Event, USA, Oct. 2020. (Acceptance rate: 97/450=21.5%)

  • TXSPECTOR: Uncovering Attacks in Ethereum from Transactions [pdf] [slides]
    Mengya Zhang*, Xiaokuan Zhang*, Yinqian Zhang, Zhiqiang Lin (*equal contribution)
    Security'20, Virtual Event, USA, Aug. 2020. (Acceptance rate: 157/977=16.1%)

  • Statistical Privacy for Streaming Traffic [pdf] [slides]
    Xiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang
    NDSS'19, San Diego, CA, USA, Feb. 2019. (Acceptance rate: 89/521=17.1%)

  • A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites [pdf] [slides]
    Bo Lu*, Xiaokuan Zhang*, Ziman Ling, Yinqian Zhang, Zhiqiang Lin (*equal contribution)
    ACSAC'18, San Juan, Puerto Rico, USA, Dec. 2018. (Acceptance rate: 60/299=20.1%)

  • HoMonit: Monitoring Smart Home Apps from Encrypted Traffic [pdf]
    Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, Haojin Zhu
    CCS'18, Toronto, Canada, Oct. 2018. (Acceptance rate: 134/809=16.6%)

  • OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS [pdf] [slides]
    Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, XiaoFeng Wang
    NDSS'18, San Diego, CA, USA, Feb. 2018. (Acceptance rate: 71/331=21.5%)
    The issues identified in the paper have been acknowledged by Apple in CVE-2017-13852, CVE-2017-13873, CVE-2017-13877.
    Our proposed solutions have been integrated in recent versions of iOS/MacOS/watchOS/tvOS.
    Top 10 Finalists of NYU CSAW'18 Applied Research Competition

  • Detecting Privileged Side-Channel Attacks in Shielded Execution with DEJA VU [pdf]
    Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, Yinqian Zhang
    AsiaCCS'17, Abu Dhabi, UAE, Apr. 2017. (Acceptance rate: 73/359=20.3%)

  • Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices [pdf] [slides]
    Xiaokuan Zhang, Yuan Xiao, Yinqian Zhang
    CCS'16, Vienna, Austria, Oct. 2016. (Acceptance rate: 137/831=16.5%)

  • One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation [pdf] [slides]
    Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Mircea-Radu Teodorescu
    Security'16, Austin, TX, USA, Aug. 2016. (Acceptance rate: 72/463=15.6%)
    Top 10 Finalists of NYU CSAW'16 Applied Research Competition

Professional Services

Program Committee
  • ACM Cloud Computing Security Workshop (CCSW) 2020, 2021
  • NYU CSAW Cyber Security Applied Research Paper Competition 2020, 2021
  • IEEE International Conference on Cloud Computing Technology and Science (CloudCom) 2020
Reviewer
  • IEEE Transactions on Mobile Computing (TMC) 2021
  • IEEE Transactions on Dependable and Secure Computing (TDSC) 2019
External Reviewer
  • IEEE Symposium on Security and Privacy (Oakland) 2016 - 2018, 2020, 2022
  • ACM Conference on Computer and Communications Security (CCS) 2016 - 2020
  • USENIX Security Symposium (Security) 2017
  • ISOC Network and Distributed System Security Symposium (NDSS) 2018, 2020
  • ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2018, 2020

Misc.

In my spare time, I like to watch basketball and soccer games. I witnessed Game 2 of the 2018 NBA Finals in the Oracle Arena. I also enjoy playing badminton and ping-pong with friends.