Xiaokuan Zhang


Assistant Professor
Department of Computer Science
College of Engineering and Computing
George Mason University

Office: Research Hall 357
Email: xiaokuan AT gmu DOT edu
[Google Scholar] [C.V.] [Github]

About Me

I am a tenure-track assistant professor in the Department of Computer Science at George Mason University (GMU). Before joining GMU, I spent one year as a postdoc researcher at Georgia Tech, working with Prof. Taesoo Kim. I graduated from The Ohio State University (OSU) with a Ph.D. in Computer Science and Engineering in 2021, advised by Prof. Yinqian Zhang. Before coming to OSU, I graduated from Shanghai Jiao Tong University (SJTU) with a Bachelor's degree in Computer Science in 2015.

I am interested in different areas of system security and privacy, such as side-channel security, mobile security, blockchain security, etc. I am one of the recipients of the NortonLifeLock Research Group Graduate Fellowship in 2020. I have interned at Google and Microsoft Research.

I am looking for motivated students to work on cutting-edge security problems with me. Current (main) interests: VR Security, Smart Contract Threat Intelligence, and Side Channels. I am also working on projects related to confidential computing (TEEs) and mobile security.

If you are interested in working with me at GMU as my Ph.D. student, please read this [note]. You may also find the Chinese version here. If you are already enrolled in the GMU-CS program (undergrad or MS) and want to do research in my lab, please feel free to reach out as well.

Why GMU?

News

  • (08/2023)[Paper] One paper has been accepted to appear in ICSE 2024! Congrats to Yongliang from City University of Hong Kong, and my collaborators!
  • (08/2023)[Award] I received a seed grant from the CAHMP center at GMU! Thank you for supporting my VR security research!
  • (08/2023)[Service] I am invited to serve on the program committee of the 2023 ACM Cloud Computing Security Workshop (CCSW).
  • (06/2023)[Paper] One paper has been conditionally accepted to appear in ACM Mobicom 2023! Congrats to Tao from City University of Hong Kong, and my collaborators!
  • (05/2023)[Service] I am invited to serve on the program committee of USENIX Security 2024.
  • (05/2023)[Award] I received two Academic Grants from the Ethereum Foundation! Thank you for supporting our smart contract research!
  • (05/2023)[Service] I am invited to serve on the program committee of the 2024 ASIA Conference on Computer and Communications Security (AsiaCCS).
  • (05/2023)[Activity] I attended the 2023 NSF SaTC Aspiring PI Workshop; glad to meet old and new friends there!
  • (03/2023)[Paper] One paper has been accepted by IEEE Transactions on Dependable and Secure Computing (TDSC)!
  • (02/2023)[Service] I am invited to serve on the program committee of the 2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).
  • (01/2023)[Service] I am invited to serve on the program committee of the 2023 EAI International Conference on Security and Privacy in Communication Networks (SecureComm).
  • (12/2022)[Paper] Our paper, "Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels", has been accepted to appear in IEEE Security & Privacy (Oakland) 2023! Congrats to Tao from City University of Hong Kong, and my collaborators!
  • (10/2022)[Paper] Our paper, "POLICYCOMP: Counterpart Comparison of Privacy Policies Uncovers Overbroad Personal Data Collection Practices", has been accepted to appear in USENIX Security 2023! Congrats to Lu from SJTU, and my collaborators!
  • (08/2022)[Paper] Our paper, "Narrator: Secure and Practical State Continuity for Trusted Execution in the Cloud", has been accepted to appear in ACM CCS 2022! Congrats to Jianyu from SusTech, and my collaborators!
  • (08/2022)[Activity] I officially joined George Mason as an Assistant Professor.
  • (07/2022)[Service] I am invited to serve on the program committee of the 2023 International Conference on Applied Cryptography and Network Security (ACNS).
  • (06/2022)[Service] I am invited to serve on the program committee of the 2022 ACM Cloud Computing Security Workshop (CCSW).
  • (04/2022)[Paper] Our paper, "PRIDWEN: Universally Hardening SGX Programs via Load-Time Synthesis", has been accepted to appear in USENIX ATC 2022! Congrats to Fan from Gatech, and my collaborators!
  • (12/2021)[Service] I am invited to serve on the program committee of the 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022).
  • (11/2021)[Service] I am invited to serve on the program committee of the 15th International Conference on Knowledge Science, Engineering and Management (KSEM 2022).
  • (11/2021)[Paper] Our paper, "Defeating Traffic Analysis via Differential Privacy: A Case Study on Streaming Traffic", has been accepted by International Journal of Information Security (IJIS)! A big THANK YOU to my advisor Yinqian, and my collaborators Jihun and Mike for their continuous support on this paper!
  • (08/2021)[Activity] I have successfully defended my Ph.D. and graduated from OSU. I will first join the group of Prof. Taesoo Kim at Gatech as a Postdoc, then join George Mason University as an assistant professor in Aug. 2022.
  • (07/2021)[Service] I am invited to be a Qualification Round program committee member for NYU’s CSAW’21 Cyber Security Applied Research Paper Competition.
  • (05/2021)[Service] I am invited to serve on the program committee of the 2021 ACM Cloud Computing Security Workshop (CCSW).
  • (05/2021)[Paper] Our paper, "Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic", has been accepted to appear in ACM CCS 2021! Congrats to Suibin/Le from SJTU, and my collaborators!
  • (04/2021)[Paper] Our paper, "Dissecting Click Fraud Autonomy in the Wild", has been accepted to appear in ACM CCS 2021! Congrats to Tong/Yan from SJTU, and my collaborators!
  • (09/2020)[Service] I am invited to be a Qualification Round program committee member for NYU’s CSAW’20 Cyber Security Applied Research Paper Competition.
  • (07/2020)[Paper] Our paper, "SurfaceFleet: Exploring Distributed Interactions Unbounded from Device, Application, User, and Time", has been accepted to appear in ACM UIST 2020! Congrats to my colleagues in the EPIC group at MSR!
  • (06/2020)[Paper] Our paper, "TXSPECTOR: Uncovering Attacks in Ethereum from Transactions", has been accepted to appear in USENIX Security 2020!
  • (05/2020)[Service] I am invited to serve on the program committee of the 2020 ACM Cloud Computing Security Workshop (CCSW).
  • (04/2020)[Award] I am honored to receive the Graduate Research Award from our CSE department!
  • (03/2020)[Award] I am thrilled to be one of three students worldwide to receive the NortonLifeLock Research Group Graduate Fellowship!
  • (03/2020)[Service] I am invited to serve on the program committee of the 2020 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).

Awards & Honors

  • Ethereum Foundation Academic Grant (x2) 2023
  • Top 10 Finalists of NYU CSAW Applied Security Research Competition2016, 2018, 2022
  • NortonLifeLock Research Group (Symantec Research Labs) Graduate Fellowship (three awardees worldwide) 2020
  • Graduate Research Award, CSE Department, Ohio State University 2020
  • Nomination for Google Ph.D. Fellowship, CSE Department, Ohio State University 2019
  • Academic Excellence Scholarship of Shanghai Jiao Tong University2014
  • Excellent Student Cadre of Shanghai Jiao Tong University2013
  • Academic Excellence Scholarship of Shanghai Jiao Tong University2012
  • National Olympiad in Informatics in Provinces (NOIP), First Prize in Fujian Province2010

Publications

2024
  • Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps
    Yongliang Chen, Ruoqin Tang, Chaoshun Zuo, Xiaokuan Zhang, Lei Xue, Xiapu Luo, Qingchuan Zhao
    ICSE'24, Lisbon, Portugal, Apr. 2024.
2023
  • Exploiting Contactless Side Channels in Wireless Charging Power Banks for User Privacy Inference via Few-shot Learning
    Tao Ni, Jianfeng Li, Xiaokuan Zhang, Chaoshun Zuo, Wubing Wang, Weitao Xu, Xiapu Luo, Qingchuan Zhao
    Mobicom'23, Madrid, Spain, Oct. 2023.

  • POLICYCOMP: Counterpart Comparison of Privacy Policies Uncovers Overbroad Personal Data Collection Practices [pdf]
    Lu Zhou, Chengyongxiao Wei, Tong Zhu, Guoxing Chen, Xiaokuan Zhang, Suguo Du, Hui Cao, Haojin Zhu
    Security'23, Anaheim, CA, USA, Aug. 2023. (Acceptance rate: 422/1444=29.2%)

  • Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels [pdf]
    Tao Ni, Xiaokuan Zhang, Chaoshun Zuo, Jianfeng Li, Zhenyu Yan, Wubing Wang, Weitao Xu, Xiapu Luo, Qingchuan Zhao
    S&P'23 (Oakland), San Francisco, CA, USA, May 2023. (Acceptance rate: 195/1147=17.0%)

  • VERITRAIN: Validating MLaaS Training Efforts via Anomaly Detection
    Xiaokuan Zhang, Yang Zhang, Yinqian Zhang
    TDSC'23. (journal paper)
2022
  • An Empirical Study on Ethereum Private Transactions and the Security Implications [pdf]
    Xingyu Lyu, Mengya Zhang, Xiaokuan Zhang, Jianyu Niu, Yinqian Zhang, Zhiqiang Lin
    arXiv preprint arXiv:2208.02858

  • Narrator: Secure and Practical State Continuity for Trusted Execution in the Cloud [pdf]
    Jianyu Niu, Wei Peng, Xiaokuan Zhang, Yinqian Zhang
    CCS'22, Los Angeles, CA, USA, Nov. 2022. (Acceptance rate: 218/971=22.5%)

  • PRIDWEN: Universally Hardening SGX Programs via Load-Time Synthesis [pdf]
    Fan Sang, Ming-Wei Shih, Sangho Lee, Xiaokuan Zhang, Michael Steiner, Mona Vij, Taesoo Kim
    ATC'22, Carlsbad, CA, USA, July 2022. (Acceptance rate: 64/393=16.3%)

  • Defeating Traffic Analysis via Differential Privacy: A Case Study on Streaming Traffic [link]
    Xiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang
    IJIS'22. (journal paper)
2021 and before
  • SoK: On the Analysis of Web Browser Security [pdf]
    Jungwon Lim, Yonghwi Jin, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang, Taesoo Kim
    arXiv preprint arXiv:2112.15561

  • Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic [pdf]
    Suibin Sun, Le Yu, Xiaokuan Zhang, Minhui Xue, Ren Zhou, Haojin Zhu, Shuang Hao, Xiaodong Lin
    CCS'21, Virtual Event, Nov. 2021. (Acceptance rate: 196/879=22.3%)
    Top 10 Finalists of NYU CSAW'22 Applied Research Competition

  • Dissecting Click Fraud Autonomy in the Wild [pdf]
    Tong Zhu, Yan Meng, Haotian Hu, Xiaokuan Zhang, Minhui Xue, Haojin Zhu
    CCS'21, Virtual Event, Nov. 2021. (Acceptance rate: 196/879=22.3%)

  • SurfaceFleet: Exploring Distributed Interactions Unbounded from Device, Application, User, and Time [pdf] [link]
    Frederik Brudy, David Ledo, Michel Pahud, Nathalie Henry Riche, Christian Holz, Anand Waghmare, Hemant Surale, Marcus Peinado, Xiaokuan Zhang, Shannon Joyner, Badrish Chandramouli, Umar Farooq Minhas, Jonathan Goldstein, Bill Buxton, Ken Hinckley
    UIST'20, Virtual Event, Oct. 2020. (Acceptance rate: 97/450=21.5%)

  • TXSPECTOR: Uncovering Attacks in Ethereum from Transactions [pdf]
    Mengya Zhang*, Xiaokuan Zhang*, Yinqian Zhang, Zhiqiang Lin (*equal contribution)
    Security'20, Virtual Event, Aug. 2020. (Acceptance rate: 157/977=16.1%)

  • Statistical Privacy for Streaming Traffic [pdf] [slides]
    Xiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang
    NDSS'19, San Diego, CA, USA, Feb. 2019. (Acceptance rate: 89/521=17.1%)

  • A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites [pdf] [slides]
    Bo Lu*, Xiaokuan Zhang*, Ziman Ling, Yinqian Zhang, Zhiqiang Lin (*equal contribution)
    ACSAC'18, San Juan, Puerto Rico, USA, Dec. 2018. (Acceptance rate: 60/299=20.1%)

  • HoMonit: Monitoring Smart Home Apps from Encrypted Traffic [pdf]
    Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, Haojin Zhu
    CCS'18, Toronto, Canada, Oct. 2018. (Acceptance rate: 134/809=16.6%)

  • OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS [pdf] [slides]
    Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, XiaoFeng Wang
    NDSS'18, San Diego, CA, USA, Feb. 2018. (Acceptance rate: 71/331=21.5%)
    The issues identified in the paper have been acknowledged by Apple in CVE-2017-13852, CVE-2017-13873, CVE-2017-13877.
    Our proposed solutions have been integrated in recent versions of iOS/MacOS/watchOS/tvOS.
    Top 10 Finalists of NYU CSAW'18 Applied Research Competition

  • Detecting Privileged Side-Channel Attacks in Shielded Execution with DEJA VU [pdf]
    Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, Yinqian Zhang
    AsiaCCS'17, Abu Dhabi, UAE, Apr. 2017. (Acceptance rate: 73/359=20.3%)

  • Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices [pdf] [slides]
    Xiaokuan Zhang, Yuan Xiao, Yinqian Zhang
    CCS'16, Vienna, Austria, Oct. 2016. (Acceptance rate: 137/831=16.5%)

  • One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation [pdf] [slides]
    Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Mircea-Radu Teodorescu
    Security'16, Austin, TX, USA, Aug. 2016. (Acceptance rate: 72/463=15.6%)
    Top 10 Finalists of NYU CSAW'16 Applied Research Competition

Professional Services

Program Committee
  • USENIX Security Symposium (Security) 2024
  • ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2024
  • International Conference on Applied Cryptography and Network Security (ACNS) 2023
  • EAI International Conference on Security and Privacy in Communication Networks (SecureComm) 2022, 2023
  • International Conference on Knowledge Science, Engineering and Management (KSEM) 2022
  • ACM Cloud Computing Security Workshop (CCSW) 2020 - 2023
  • NYU CSAW Cyber Security Applied Research Paper Competition 2020, 2021
  • IEEE International Conference on Cloud Computing Technology and Science (CloudCom) 2020, 2023
Reviewer
  • IEEE Transactions on Dependable and Secure Computing (TDSC) 2019, 2022, 2023
  • IEEE Transactions on Mobile Computing (TMC) 2021, 2022
External Reviewer
  • IEEE Symposium on Security and Privacy (Oakland) 2016 - 2018, 2020, 2022
  • ACM Conference on Computer and Communications Security (CCS) 2016 - 2020
  • USENIX Security Symposium (Security) 2017, 2022
  • ISOC Network and Distributed System Security Symposium (NDSS) 2018, 2020
  • ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2018, 2020

Teaching Experience

  • (GMU) Instructor for CS 795: Security Issues in Emerging Computer Systems Fall 2023
  • (GMU) Instructor for CS 471: Operating Systems Fall 2022, Spring 2023
  • (OSU) Graduate Teaching Assistant for CSE 3341: Principles of Programming Languages Spring 2016
  • (OSU) Graduate Teaching Assistant for CSE 5461: Computer Networking and Internet TechnologiesFall 2015

Misc.

In my spare time, I like to watch basketball and soccer games. I witnessed Game 2 of the 2018 NBA Finals in the Oracle Arena. I also enjoy playing badminton and ping-pong with friends.