Xiaokuan Zhang


Ph.D. Candidate
Computer Science and Engineering
Ohio State University

Office: 439 Baker Systems
Email: zhang DOT 5840 AT osu DOT edu [Google Scholar] [C.V.] [Github]

About Me

I'm a Ph.D. candidate at The Ohio State University (OSU). My advisor is Prof. Yinqian Zhang. Before coming to OSU, I graduated from Shanghai Jiao Tong University (SJTU) with the Bachelor's degree in Computer Science in 2015.

I am interested in different areas of security & privacy, including system security, side-channel security, mobile security, IoT security, etc. I am one of the recipients of the NortonLifeLock Research Group Graduate Fellowship in 2020.

News

  • (07/2020)[Paper] Our paper, "SurfaceFleet: Exploring Distributed Interactions Unbounded from Device, Application, User, and Time", has been accepted to appear in ACM UIST 2020! Congrats to my colleagues in the EPIC group at MSR!
  • (06/2020)[Paper] Our paper, "TXSPECTOR: Uncovering Attacks in Ethereum from Transactions", has been accepted to appear in USENIX Security 2020!
  • (05/2020)[Committee] I am invited to serve on the program committee of the 2020 ACM Cloud Computing Security Workshop (CCSW).
  • (04/2020)[Award] I am honored to receive the Graduate Research Award from our CSE department!
  • (03/2020)[Award] I am thrilled to be one of three students worldwide to receive the NortonLifeLock Research Group Graduate Fellowship!
  • (03/2020)[Committee] I am invited to serve on the program committee of the 2020 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).

Awards & Honors

  • NortonLifeLock Research Group (Symantec Research Labs) Graduate Fellowship (1 of 3 students selected worldwide) 2020
  • Graduate Research Award, CSE Department, Ohio State University 2020
  • Nomination for Google Ph.D. Fellowship, CSE Department, Ohio State University 2019
  • Top 10 Finalists of CSAW Applied Security Research Competition2018
  • Top 10 Finalists of CSAW Applied Security Research Competition2016
  • Academic Excellence Scholarship of Shanghai Jiao Tong University2014
  • Excellent Student Cadre of Shanghai Jiao Tong University2013
  • Academic Excellence Scholarship of Shanghai Jiao Tong University2012
  • National Olympiad in Informatics in Provinces (NOIP), First Prize in Fujian Province2010

Publications

  • SurfaceFleet: Exploring Distributed Interactions Unbounded from Device, Application, User, and Time [pdf] [link]
    Frederik Brudy, David Ledo, Michel Pahud, Nathalie Henry Riche, Christian Holz, Anand Waghmare, Hemant Surale, Marcus Peinado, Xiaokuan Zhang, Shannon Joyner, Badrish Chandramouli, Umar Farooq Minhas, Jonathan Goldstein, Bill Buxton, Ken Hinckley
    UIST'20, Virtual Event, USA, Oct. 2020. (Acceptance rate: 97/450=21.5%)

  • TXSPECTOR: Uncovering Attacks in Ethereum from Transactions [pdf]
    Mengya Zhang*, Xiaokuan Zhang*, Yinqian Zhang, Zhiqiang Lin (*equal contribution)
    Security'20, Virtual Event, USA, Aug. 2020. (Acceptance rate: 157/977=16.1%)

  • Statistical Privacy for Streaming Traffic [pdf] [slides]
    Xiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang
    NDSS'19, San Diego, CA, USA, Feb. 2019. (Acceptance rate: 89/521=17.1%)

  • A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites [pdf] [slides]
    Bo Lu*, Xiaokuan Zhang*, Ziman Ling, Yinqian Zhang, Zhiqiang Lin (*equal contribution)
    ACSAC'18, San Juan, Puerto Rico, USA, Dec. 2018. (Acceptance rate: 60/299=20.1%)

  • HoMonit: Monitoring Smart Home Apps from Encrypted Traffic [pdf]
    Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, Haojin Zhu
    CCS'18, Toronto, Canada, Oct. 2018. (Acceptance rate: 134/809=16.6%)

  • OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS [pdf] [slides]
    Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, XiaoFeng Wang
    NDSS'18, San Diego, CA, USA, Feb. 2018. (Acceptance rate: 71/331=21.5%)
    The issues identified in the paper have been acknowledged by Apple in CVE-2017-13852, CVE-2017-13873, CVE-2017-13877.
    Our proposed solutions have been integrated in recent versions of iOS/MacOS/watchOS/tvOS.
    Top 10 Finalists of NYU CSAW'18 Applied Research Competition

  • Detecting Privileged Side-Channel Attacks in Shielded Execution with DEJA VU [pdf]
    Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, Yinqian Zhang
    AsiaCCS'17, Abu Dhabi, UAE, Apr. 2017. (Acceptance rate: 73/359=20.3%)

  • Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices [pdf] [slides]
    Xiaokuan Zhang, Yuan Xiao, Yinqian Zhang
    CCS'16, Vienna, Austria, Oct. 2016. (Acceptance rate: 137/831=16.5%)

  • One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation [pdf] [slides]
    Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Mircea-Radu Teodorescu
    Security'16, Austin, TX, USA, Aug. 2016. (Acceptance rate: 72/463=15.6%)
    Top 10 Finalists of NYU CSAW'16 Applied Research Competition

Professional Services

Program Committee
  • IEEE International Conference on Cloud Computing Technology and Science (CloudCom) 2020
  • ACM Cloud Computing Security Workshop (CCSW) 2020
Reviewer
  • IEEE Transactions on Dependable and Secure Computing (TDSC) 2019
External Reviewer
  • IEEE Symposium on Security and Privacy (Oakland) 2016 - 2018, 2020
  • ACM Conference on Computer and Communications Security (CCS) 2016 - 2020
  • USENIX Security Symposium (Security) 2017
  • ISOC Network and Distributed System Security Symposium (NDSS) 2018, 2020
  • ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2018, 2020

Work Experience

Misc.

In my spare time, I like to watch basketball and soccer games. I witnessed Game 2 of the 2018 NBA Finals in the Oracle Arena. I also enjoy playing badminton and ping-pong with friends.