I am an Assistant Researcher at Zhongguancun Laboratory, Beijing. I received my Ph.D. from Network and Information Security Lab (NISL) at Tsinghua University (advised by Prof. Haixin Duan) in 2023.

My research focuses on measuring and enhancing the security of Internet infrastructure (DNS, Web PKI, CDN, etc.), uncovering significant vulnerabilities in core protocols (DNS, HTTP, TLS, DKIM, SPF, etc.), and understanding emerging cyberspace security threats.

News:

  • [Aug. 2024] Paper about bypass Same-Origin Policy (SOP) accepted to NDSS 2025. Congrats to Pinji!

  • [Jun. 2024] Paper about shared domain authoritative nameserver and domain hijacking accepted to Usenix Security 2024.

  • [Aug. 2023] Two papers accepted to NDSS 2024 and S&P 2024. Congrats to Chuhan and Xiang!

Interests

  • Network Security
  • Protocol Security
  • Web PKI
  • DNS

Education

  • Ph.D. in Network Security, 2023

    Tsinghua University

  • B.E. in Information Security / LL.B. (Double Major), 2018

    Nankai University

Publications

Posters & Publications

(2024). Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange. In NDSS 2025. San Diego, California, 24 February – 28 February, 2025. To appear.

(2024). Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure. In Usenix Security ‘23. Philadelphia, PA, USA, August 14-16, 2024. (Acceptance rate: 417/2276=18.32%).
* Presented in OARC 43 by Yunyi Zhang.

PDF Slides

(2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P 2024. San Francisco, California, May 20–23, 2024. (Acceptance rate: 261/1,466=17.8%).

PDF Poster Slides Source Document

(2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

(2023). Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In NDSS ‘23. San Diego, California, 27 February – 3 March, 2023. (Acceptance rate: 94/581=16.2%).
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.

PDF Code Project Slides DOI

(2022). Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. In SIGMETRICS ‘23. Orlando, Florida, June 19-23, 2023. (Acceptance rate: 55/342=16.1%, Acceptance rate in summer: 17/93=18.3%, Acceptance rate in fall: 26/119=21.9%, Acceptance rate in winter: 12/130=9.2%).
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.

PDF Code Project Slides

(2022). A Large-scale and Longitudinal Measurement Study of DKIM Deployment. In Usenix Security 2022.

PDF

(2022). Ethics in Security Research: Visions, Reality, and Paths Forward. In EthiCS 2022.

PDF

(2022). HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations. In DSN 2022.

PDF

(2020). Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks. In CCS 2020.

PDF Slides

(2020). An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?. In IMC 2019.
* IRTF Applied Networking Research Prize (ANRP) 2020 Award Winner..

PDF Slides Video

(2020). Measuring Privacy Threats in China-Wide Mobile Networks. In FOCI 2018.

PDF Slides

Misc

🏅 Honors & Awards

Academia & Community

  • EthiCS'22 Best Student Paper, 2022
  • DSN'22 Best Paper Runner-up, 2022
  • IRTF Applied Networking Research Prize, 2020
  • ACM IMC Nominee of Distinguished Paper Award & Community Contribution Award, 2019

Education & Scholarship

  • Doctoral Dissertation Award of Tsinghua University, 2023
  • Qihang Award of Tsinghua University for Graduate Students, 2023
  • LongFor Academic Scholarship. 2023
  • 2st-Class Scholarship of Tsinghua University for Graduate Students, 2020
  • Cyberspace Scholarship of China Internet Development Foundation, 2018
  • China National Scholarship, 2017

Competition

  • The 1st Prize in GeekPWN 2019

🔖 Patents

👩‍💻 Academic Services

Conference TPC member

  • 2023: EAI SecureComm

External Reviewer

  • 2022: NDSS, EthiCS
  • 2021: NDSS, ACSAC
  • 2020: ESORICS
  • 2019: CCS

Contact