Ph.D. Student (Aug. 2015 - Present)
Computer Science and Engineering
Ohio State University
Office: 439 Baker Systems Bldg
E-mail: zhang DOT 5840 AT osu DOT edu
- Side Channels
- Smartphone Security
- System Security
- Cloud Security
- IoT Security
Statistical Privacy for Streaming Traffic
Xiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang
NDSS'19, San Diego, CA, USA, Feb. 2019.
A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites [pdf]
Bo Lu*, Xiaokuan Zhang*, Ziman Ling, Yinqian Zhang, Zhiqiang Lin (*co-first authors)
ACSAC'18, San Juan, Puerto Rico, USA, Dec. 2018.
HoMonit: Monitoring Smart Home Apps from Encrypted Traffic [pdf]
Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, Haojin Zhu
CCS'18, Toronto, Canada, Oct. 2018.
OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS [pdf]
Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, XiaoFeng Wang
NDSS'18, San Diego, CA, USA, Feb. 2018.
The issues identified in the paper have been acknowledged by Apple in CVE-2017-13852, CVE-2017-13873, CVE-2017-13877.
Our proposed solutions have been integrated in recent versions of iOS/MacOS.
Top 10 Finalists of NYU CSAW'18 Applied Research Competition [link]
Detecting Privileged Side-Channel Attacks in Shielded Execution with DEJA VU [pdf]
Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, Yinqian Zhang
AsiaCCS'17, Abu Dhabi, UAE, Apr. 2017.
Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices [pdf]
Xiaokuan Zhang, Yuan Xiao, Yinqian Zhang
CCS'16, Vienna, Austria, Oct. 2016.
One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation [pdf]
Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Mircea-Radu Teodorescu
Security'16, Austin, TX, USA, Aug. 2016.
Top 10 Finalists of NYU CSAW'16 Applied Research Competition [link]
- Website account rate-limiting mechanisms
- Side-channel attacks/defenses on IoT devices
- Side-channel attacks on iOS devices
- Defense against side-channel attacks inside Intel SGX enclaves
- Side-channel attacks on Android devices
- Double-sided row-hammer attacks in Xen-based VMs
- Graduate Research Assistant 2015.8 - Present
- Software Engineering Intern at Google 2018.5 - 2018.8
- Graduate Teaching Assistant of CSE 3341: Principles of Programming Languages 2016.1 - 2016.5
- Graduate Teaching Assistant of CSE 3461/5461: Computer Networking and Internet Technologies 2015.8 - 2015.12