Department of Computer Science and Engineering
The Ohio State University
Office: 439 Baker Systems Engeering Bldg
Email: xiao (dot) 465 (at) osu (dot) edu
I have obtained my PhD degree in the Department of Computer Science and Engineering at OSU advised by Yinqian Zhang. I work in system security, specializing in side-channel attacks. My research covers a wide variety of topics including speculative execution vulnerabilitites (Meltdown/Spectre/L1TF/MDS/...), microarchitectural side-channel vulnerabilitites (page/cache/branch/...), rowhammer vulnerabilities, Intel SGX, operating system, cloud security, mobile security, IoT security, etc. My recently published work was a tool framework called SpeechMiner to analyze and measure speculative execution side-channel vulnerabilities in x86 processors. Our latest work is a new type of side-channel attacks which is currently in submission.
I completed my bachelor's in School of Information Security at Shanghai Jiao Tong University in 2015.
Big fan of all kinds of sports (basketball, football, soccer, squash...), music (no preference in genre as long as it is good music) and video games (Overwatch is dominating presently but I also play all types of games on all platforms!). Also a crazy movie lover, the type that goes to movie theatre 3 times per week.
OBFSCURO: A Commodity Obfuscation Engine on Intel SGX
Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Insik Shin, Byoungyoung Lee
NDSS, 2019. PDF
One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation
Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Mircea-Radu Teodorescu
USENIX Security, 2016. PDF slides
Awarded: CSAW'16 Practical Research Final-list
System security, side-channel attacks, shielded execution (SGX), cloud security, networking, SSL/TLS.
Intern: Microsoft Research 2019.5 - 2019.8
Intern: Intel Labs 2018.5 - 2018.8
Graduate Research Associate 2015.8 - 2020.7
Graduate Teaching Associate (CSE 5473: Network Security) 2016.1 - 2016.5
Graduate Teaching Associate (CSE 3461/5461: Computer Networking and Internet Technologies) 2015.8 - 2015.12