My name is Yajin Zhou (周亚金). I am a ZJU100 Young Professor (since 2018), with both the College of Computer Science and Technology and the School of Cyber Space and Technology at Zhejiang University, China. I earned my Ph.D. (2015) in Computer Science from North Carolina State University (Advisor: Prof. Xuxian Jiang), and then worked as a senior security researcher at Qihoo 360. I was working at Realtek (Suzhou) and MIPS (Shanghai) between 2007 and 2010, focusing on low-level system programing.

I have published more than 30 papers, with 6500+ citations (Google Scholar). Two of my papers have been selected to the list of normalized Top-100 security papers since 1981. I was recognized as the Most Influential Scholar Award Honorable Mention for my contributions to the field of Security and Privacy between 2009 and 2019 by AMiner (Rank 48) among 11,439 world's researchers.

My current focus is on identifying real-world threats (how to hack) and building practical solutions (how to defend), in the context of embedded, mobile and IoT systems. I am also interested in emerging threats, e.g., security of smart contracts, and hardware-assisted security, e.g., new security primitives for RISC-V. I usually leverage the knowledge from other areas, including program/binary analysis, operating systems, computer architecture. My Research has been supported by National Natural Science Foundation of China (NSFC), Huawei, and Alibaba Group.

I am serving the program committee and/or organizing for the following conferences. Please consider submitting your paper and/or attending the conference.

IEEE EURO S&P 2020 | IEEE S&P 2021

I was (and am) teaching Operating Systems (2018, 2019) and Software Security (2019, 2020) for undergraduate students. Please enroll in the courses if you are interested in my research.

I'm always looking for motivated Ph.D./master/undergraduate students, postdocs and (visiting) research students who have a solid background in systems and/or security. If you enjoy building and/or hacking systems, we should talk.

To prospective students: If you are interested in our research, please register a gitee account and try to solve the challenges under this link. Send your answer with email :).


Publications

2020

[19] PackerGrind: An Adaptive Unpacking System for Android Apps [Paper]
Lei Xue, Hao Zhou, Xiapu Luo, Le Yu, Dinghao Wu, Yajin Zhou, Xiaobo Ma
IEEE Transactions on Software Engineering (TSE)

[18] JNI Global References Are Still Vulnerable: Attacks and Defenses [Paper]
Yi He, Yuan Zhou, Yajin Zhou*, Qi Li*, Kun Sun, Yacong Gu, Yong Jiang
IEEE Transactions on Dependable and Secure Computing (TDSC)

[17] An Empirical Study on ARM Disassembly Tools [Paper]
Muhui Jiang, Yajin Zhou*, Xiapu Luo, Ruoyu Wang, Yang Liu, Kui Ren
Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2020)

[16] HybrIDX: New Hybrid Index for Volume-hiding Range Queries in Data Outsourcing Services [Paper]
Kui Ren, Yu Guo, Jiaqi Li, Xiaohua Jia, Cong Wang, Yajin Zhou, Sheng Wang, Ning Cao, Feifei Li
Proceedings of the 40th IEEE International Conference on Distributed Computing Systems (ICDCS 2020)

[15] PESC: A Per System-Call Stack Canary Design for Linux Kernel [Paper]
Jiadong Sun, Xia Zhou, Wenbo Shen, Yajin Zhou, Kui Ren
Proceedings of the 10th ACM Conference on Data and Application Security and Privacy (CODASPY 2020)

2019

[14] 物联网设备软件安全综述 [Paper]
任 奎, 王丁玎, 周亚金
广州大学学报(自然科学版), Volume: 18, Issue: 3, pp. 11 - 16, 2019

[13] A Systematic Evaluation of Wavelet-based Attack Framework on Random Delay Countermeasures [Paper]
Fan Zhang, Xiaofei Dong, Bolin Yang, Yajin Zhou*, Kui Ren
IEEE Transactions on Information Forensics & Security (TIFS)

[12] Demystifying Application Performance Management Libraries for Android [Paper]
Yutian Tang, Zhan Xian, Hao Zhou, Xiapu Luo, Zhou Xu, Yajin Zhou, Qiben Yan
Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE 2019)

[11] PPSB: An Open and Flexible Platform for Privacy-Preserving Safe Browsing [Paper | Website]
Helei Cui, Yajin Zhou*, Cong Wang, Xinyu Wang, Yuefeng Du, Qian Wang
IEEE Transactions on Dependable and Secure Computing (TDSC)
We have released a Chrome extension that provides privacy-preserving safe browsing to users.

[10] Different is Good: Detecting the Use of Uninitialized Variables through Differential Replay [Paper]
Mengchen Cao, Xiantong Hou, Tao Wang, Hunter Qu, Yajin Zhou*, Xiaolong Bai, Fuwei Wang
Proceedings of the 26th ACM Conference on Computer and Communications (ACM CCS 2019)

[9] LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed [Paper]
Huayi Duan, Cong Wang, Xingliang Yuan, Yajin Zhou, Qian Wang, Kui Ren
Proceedings of the 26th ACM Conference on Computer and Communications (ACM CCS 2019)

[8] Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum [Paper | Data Set]
Zhen Cheng^, Xinrui Hou^, Runhuai Li, Yajin Zhou*, Xiapu Luo, Jinku Li, Kui Ren
Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)
(^The names of the first two authors are in alphabetical order)
(Our dataset of captured attacks is released at https://github.com/zjuicsr/eth-honey)

[7] SPEED: Accelerating Enclave Applications via Secure Deduplication [Paper]
Helei Cui, Huayi Duan, Zhan Qin, Cong Wang, Yajin Zhou
Proceedings of the 39th IEEE International Conference on Distributed Computing Systems (IEEE ICDCS 2019)

[6] Dating with Scambots: Understanding the Ecosystem of Fraudulent Dating Applications [Paper]
Yangyu Hu, Haoyu Wang*, Yajin Zhou*, Yao Guo, Li Li, Bingxuan Luo, Fangren Xu
IEEE Transactions on Dependable and Secure Computing (TDSC)

[5] Adaptive Call-site Sensitive Control Flow Integrity (Best Paper Award) [Paper | Code]
Mustakimur Khandaker, Abu Naser, Wenqing Liu, Zhi Wang, Yajin Zhou, Yueqiang Cheng
Proceedings of the 4th IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2019)

[4] NDroid: Towards Tracking Information Flows Across Multiple Android Contexts [Paper]
Lei Xue, Chenxiong Qian, Hao Zhou, Xiapu Luo, Yajin Zhou, Yuru Shao and Alvin T.S. Chan
IEEE Transactions on Information Forensics & Security (TIFS), Volume: 14, Issue: 3, pp. 814–828, March 2019

2018

[3] 移动应用安全:回顾与展望 [Paper]
周亚金, 任奎
中国计算机学会通讯 (2018年第三期)

[2] Towards Privacy-Preserving Malware Detection Systems for Android (Best Paper Award) [Paper]
Helei Cui, Yajin Zhou, Cong Wang, Qi Li, Kui Ren
Proceedings of the 24th International Conference on Parallel and Distributed Systems (IEEE ICPADS 2018)

[1] AdCapsule: Practical Confinement of Advertisements in Android Applications [Paper]
Xiaonan Zhu, Jinku Li, Yajin Zhou, Jianfeng Ma
IEEE Transactions on Dependable and Secure Computing (TDSC)


Before 2018


2017

[21] When Program Analysis Meets Mobile Security: An Industrial Study of Misusing Android Internet Sockets [Paper]
Wenqi Bu, Minhui Xue, Lihua Xu, Yajin Zhou, Zhushou Tang, Tao Xie
Proceedings of the 11th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2017)

[20] Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART [Paper]
Lei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, Guofei Gu
Proceedings of the 26th USENIX Security Symposium (USENIX Security 2017)

[19] Design and Implementation of SecPod, A Framework for Virtualization-based Security Systems [Paper]
Xiaoguang Wang, Yong Qi, Zhi Wang, Yue Chen, Yajin Zhou
IEEE Transactions on Dependable and Secure Computing (TDSC)

2016

[18] Blender: Self-randomizing Address Space Layout for Android Apps [Paper]
Mingshen Sun, John C.S. Lui, Yajin Zhou
Proceedings of the the 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2016)

[17] AppShell: Making Data Protection Practical for Lost or Stolen Android Devices [Paper]
Yajin Zhou, Kapil Singh, Xuxian Jiang
Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2016)

2015

[16] SecPod: a Framework for Virtualization-based Security Systems [Paper]
Xiaoguang Wang, Yue Chen, Zhi Wang, Yong Qi, Yajin Zhou
Proceedings of the 2015 USENIX Annual Technical Conference (USENIX ATC 2015)

[15] Harvesting Developer Credentials in Android Apps [Paper]
Yajin Zhou, Lei Wu, Zhi Wang, Xuxian Jiang
Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2015)

[14] Hybrid User-level Sandboxing of Third-party Android Apps [Paper]
Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, Xuxian Jiang
Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015)

2014

[13] ARMlock: Hardware-based Fault Isolation for ARM [Paper | Slides]
Yajin Zhou, Xiaoguang Wang, Yue Chen, Zhi Wang
Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014)

[12] Owner-centric Protection of Unstructured Data on Smartphones [Paper]
Yajin Zhou, Kapil Singh, Xuxian Jiang
Proceedings of the 7th International Conference on Trust and Trustworthy Computing (TRUST 2014)

[11] AirBag: Boosting Smartphone Resistance to Malware Infection [Paper]
Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, Xuxian Jiang
Proceedings of the 21st Network and Distributed System Security Symposium (NDSS 2014)

[10] DIVILAR: Diversifying Intermediate Language for Anti-Repackaging on Android Platform [Paper]
Wu Zhou, Zhi Wang, Yajin Zhou, Xuxian Jiang
Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY 2014)

2013

[9] The Impact of Vendor Customizations on Android Security [Paper]
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang
Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS 2013)

[8] Fast, Scalable Detection of "Piggybacked" Mobile Applications (Best Paper Award) [Paper]
Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, Shihong Zou
Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY 2013)

[7] Detecting Passive Content Leaks and Pollution in Android Applications [Paper | Slides]
Yajin Zhou, Xuxian Jiang
Proceedings of the 20th Network and Distributed System Security Symposium (NDSS 2013)

2012

[6] RiskRanker: Scalable and Accurate Zero-day Android Malware Detection [Paper]
Michael Grace*, Yajin Zhou*, Qiang Zhang, Shihong Zou, Xuxian Jiang
Proceedings of the 10th International Conference on Mobile Systems, Applications and Services (MobiSys 2012)
(*The names of the first two authors are in alphabetical order)

[5] Dissecting Android Malware: Characterization and Evolution [Paper]
Yajin Zhou, Xuxian Jiang
Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland 2012)
(Our dataset is released at Android Malware Genome Project)

[4] DroidMOSS: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces (Best Paper Award) [Paper]
Wu Zhou, Yajin Zhou, Xuxian Jiang, Peng Ning
Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (CODASPY 2012)

[3] Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets [Paper]
Yajin Zhou, Zhi Wang, Wu Zhou and Xuxian Jiang
Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012)

[2] Systematic Detection of Capability Leaks in Stock Android Smartphones [Paper | Demo Video]
Michael Grace, Yajin Zhou, Zhi Wang and Xuxian Jiang
Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012)

2011

[1] Taming Information-Stealing Smartphone Applications (on Android) [Paper]
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vince W. Freeh
Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST 2011)