Xiaokuan Zhang


Assistant Professor
Department of Computer Science
College of Engineering and Computing
George Mason University

Office: Research Hall 357
Email: xiaokuan AT gmu DOT edu
[Google Scholar] [C.V.] [Github]

About Me

I am a tenure-track assistant professor in the Department of Computer Science at George Mason University (GMU). Before joining GMU in Fall 2022, I spent one year as a postdoc researcher at Georgia Tech, working with Prof. Taesoo Kim. I graduated from The Ohio State University (OSU) with a Ph.D. in Computer Science and Engineering in 2021, advised by Prof. Yinqian Zhang. Before coming to OSU, I graduated from Shanghai Jiao Tong University (SJTU) with a Bachelor's degree in Computer Science in 2015. I am interested in different areas of system security and privacy. My papers were selected as the top 10 finalists of NYU Cyber Security Awareness Week (CSAW) best applied security paper in 2016, 2018 and 2022, respectively, and an ACM SIGSOFT Distinguished Paper Award in 2024. I received Ethereum Foundation Academic Grants in 2023 and 2024, respectively, and the NortonLifeLock Research Group Graduate Fellowship in 2020. Current (main) interests: XR Security, Web3 Security, and Side Channels. I am also working on projects related to confidential computing (TEEs) and mobile security.

I am looking for motivated students to work on cutting-edge security problems with me. If you are interested in working with me at GMU as my Ph.D. student, please read this [advice] and this [note] (Chinese version here). If you are already enrolled in the GMU-CS program (undergrad or MS) and want to do research in my lab, please feel free to reach out as well.

Why GMU?
As of 2024: GMU is 32 (Security: 27) in CSRankings (Top in Virginia)

News

  • (05/2024)[Award] I received a 4VA Collaborative Research Grant (with Dr. Wenjie Xiong @VT)! Thank you for supporting our VR security research!
  • (04/2024)[Service] I am invited to serve on the best paper selection committee of AsiaCCS 2024.
  • (04/2024)[Service] I am invited to serve on the program committee of NDSS 2025.
  • (04/2024)[Paper] Two papers (one on web3 authentication, one on Android ad fraud) have been conditionally accepted to appear in ACM CCS 2024! Congrats to Kailun and Tong!
  • (03/2024)[Service] I am invited to serve on the program committee of IEEE Global Blockchain Conference (GBC) 2024.
  • (03/2024)[Paper] One paper on SGX state continuity has been accepted by IEEE Transactions on Dependable and Secure Computing (TDSC)! Congrats to Wei!
  • (03/2024)[Activity] I participated in the first DMV security workshop.
  • (02/2024)[Award] Our ICSE'24 paper on Android clipboard security has received the ACM SIGSOFT Distinguished Paper Award!!!
  • (02/2024)[Service] I am invited to serve as the Web Chair of Information Security Conference (ISC) 2024. It will be held in the DC area. Consider submitting your best work!
  • (02/2024)[Activity] I participated in the Hackfax Hackathon (organized by the GMU CS Club) as a judge.
  • (02/2024)[Service] I am invited to serve on the program committee of ACSAC 2024.
  • (01/2024)[Activity] I participated in the Thomas Jefferson High School for Science and Technology (TJHSST) Science and Engineering Fair as a judge.
  • (01/2024)[Paper] One paper on VR privacy issues has been accepted to appear in USENIX Security 2024! Congrats to Anh!
  • (12/2023)[Award] I received a grant from the Commonwealth Cyber Initiative (CCI) (with Dr. Ziyu Yao)! Thank you for supporting our research!
  • (12/2023)[Service] I am invited to serve on the program committee of ACM CCS 2024.
  • (11/2023)[Paper] One paper on SGX side-channel defenses has been accepted to appear in NDSS 2024! Congrats to Fan!
  • (09/2023)[Paper] One paper on EM side-channel attacks has been accepted to appear in ACM CCS 2023! Congrats to Tao!
  • (08/2023)[Paper] One paper on Confidential Virtual Machines has been accepted to appear in ASPLOS 2024! Congrats to Adil!
  • (08/2023)[Paper] One paper on Android clipboard security has been accepted to appear in ICSE 2024! Congrats to Yongliang!
  • (08/2023)[Award] I received a seed grant from the CAHMP center at GMU! Thank you for supporting my XR security research!
  • (08/2023)[Service] I am invited to serve on the program committee of the 2023 ACM Cloud Computing Security Workshop (CCSW).
  • (06/2023)[Paper] One paper has been conditionally accepted to appear in ACM Mobicom 2023! Congrats to Tao!
  • (05/2023)[Service] I am invited to serve on the program committee of USENIX Security 2024.
  • (05/2023)[Award] I received two Academic Grants from the Ethereum Foundation! Thank you for supporting our smart contract research!
  • (05/2023)[Service] I am invited to serve on the program committee of the 2024 ASIA Conference on Computer and Communications Security (AsiaCCS).
  • (05/2023)[Activity] I attended the 2023 NSF SaTC Aspiring PI Workshop; glad to meet old and new friends there!
  • (03/2023)[Paper] One paper has been accepted by IEEE Transactions on Dependable and Secure Computing (TDSC)!
  • (02/2023)[Service] I am invited to serve on the program committee of the 2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).
  • (01/2023)[Service] I am invited to serve on the program committee of the 2023 EAI International Conference on Security and Privacy in Communication Networks (SecureComm).
  • (12/2022)[Paper] Our paper, "Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels", has been accepted to appear in IEEE Security & Privacy (Oakland) 2023! Congrats to Tao from City University of Hong Kong, and my collaborators!
  • (10/2022)[Paper] Our paper, "POLICYCOMP: Counterpart Comparison of Privacy Policies Uncovers Overbroad Personal Data Collection Practices", has been accepted to appear in USENIX Security 2023! Congrats to Lu from SJTU, and my collaborators!
  • (08/2022)[Paper] Our paper, "Narrator: Secure and Practical State Continuity for Trusted Execution in the Cloud", has been accepted to appear in ACM CCS 2022! Congrats to Jianyu from SusTech, and my collaborators!
  • (08/2022)[Activity] I officially joined George Mason as an Assistant Professor.
  • (07/2022)[Service] I am invited to serve on the program committee of the 2023 International Conference on Applied Cryptography and Network Security (ACNS).
  • (06/2022)[Service] I am invited to serve on the program committee of the 2022 ACM Cloud Computing Security Workshop (CCSW).
  • (04/2022)[Paper] Our paper, "PRIDWEN: Universally Hardening SGX Programs via Load-Time Synthesis", has been accepted to appear in USENIX ATC 2022! Congrats to Fan from Gatech, and my collaborators!
  • (12/2021)[Service] I am invited to serve on the program committee of the 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022).
  • (11/2021)[Service] I am invited to serve on the program committee of the 15th International Conference on Knowledge Science, Engineering and Management (KSEM 2022).
  • (11/2021)[Paper] Our paper, "Defeating Traffic Analysis via Differential Privacy: A Case Study on Streaming Traffic", has been accepted by International Journal of Information Security (IJIS)! A big THANK YOU to my advisor Yinqian, and my collaborators Jihun and Mike for their continuous support on this paper!
  • (08/2021)[Activity] I have successfully defended my Ph.D. and graduated from OSU. I will first join the group of Prof. Taesoo Kim at Gatech as a Postdoc, then join George Mason University as an assistant professor in Aug. 2022.
  • (07/2021)[Service] I am invited to be a Qualification Round program committee member for NYU’s CSAW’21 Cyber Security Applied Research Paper Competition.
  • (05/2021)[Service] I am invited to serve on the program committee of the 2021 ACM Cloud Computing Security Workshop (CCSW).
  • (05/2021)[Paper] Our paper, "Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic", has been accepted to appear in ACM CCS 2021! Congrats to Suibin/Le from SJTU, and my collaborators!
  • (04/2021)[Paper] Our paper, "Dissecting Click Fraud Autonomy in the Wild", has been accepted to appear in ACM CCS 2021! Congrats to Tong/Yan from SJTU, and my collaborators!
  • (09/2020)[Service] I am invited to be a Qualification Round program committee member for NYU’s CSAW’20 Cyber Security Applied Research Paper Competition.
  • (07/2020)[Paper] Our paper, "SurfaceFleet: Exploring Distributed Interactions Unbounded from Device, Application, User, and Time", has been accepted to appear in ACM UIST 2020! Congrats to my colleagues in the EPIC group at MSR!
  • (06/2020)[Paper] Our paper, "TXSPECTOR: Uncovering Attacks in Ethereum from Transactions", has been accepted to appear in USENIX Security 2020!
  • (05/2020)[Service] I am invited to serve on the program committee of the 2020 ACM Cloud Computing Security Workshop (CCSW).
  • (04/2020)[Award] I am honored to receive the Graduate Research Award from our CSE department!
  • (03/2020)[Award] I am thrilled to be one of three students worldwide to receive the NortonLifeLock Research Group Graduate Fellowship!
  • (03/2020)[Service] I am invited to serve on the program committee of the 2020 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).

Awards & Honors

  • ACM SIGSOFT Distinguished Paper Award 2024
  • Ethereum Foundation Academic Grant 2023(x2), 2024
  • Top 10 Finalists of NYU CSAW Applied Security Research Competition2016, 2018, 2022
  • NortonLifeLock Research Group (Symantec Research Labs) Graduate Fellowship (three awardees worldwide) 2020
  • Graduate Research Award, CSE Department, Ohio State University 2020
  • Nomination for Google Ph.D. Fellowship, CSE Department, Ohio State University 2019
  • Academic Excellence Scholarship of Shanghai Jiao Tong University2014
  • Excellent Student Cadre of Shanghai Jiao Tong University2013
  • Academic Excellence Scholarship of Shanghai Jiao Tong University2012
  • National Olympiad in Informatics in Provinces (NOIP), First Prize in Fujian Province2010

Publications

2024
  • Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication
    Kailun Yan, Xiaokuan Zhang, Wenrui Diao
    CCS'24, Salt Lake City, UT, USA, Oct. 2024.

  • Unveiling Collusion-Based Ad Attribution Laundering Fraud: Detection, Analysis, and Security Implications
    Tong Zhu, Chaofan Shou, Zhen Huang, Guoxing Chen, Xiaokuan Zhang, Yan Meng, Shuang Hao, Haojin Zhu
    CCS'24, Salt Lake City, UT, USA, Oct. 2024.

  • Penetration Vision through Virtual Reality Headsets: Identifying 360-degree Videos from Head Movements [pdf]
    Anh Nguyen, Xiaokuan Zhang, Zhisheng Yan
    Security'24, Philadelphia, PA, USA, Aug. 2024.

  • Veil: A Protected Services Framework for Confidential Virtual Machines [pdf]
    Adil Ahmad, Botong Ou, Congyu Liu, Xiaokuan Zhang, Pedro Fonseca
    ASPLOS'24, San Diego, CA, USA, Apr. 2024. (Acceptance rate: 193/922=20.9%)

  • Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps [pdf]
    Yongliang Chen, Ruoqin Tang, Chaoshun Zuo, Xiaokuan Zhang, Lei Xue, Xiapu Luo, Qingchuan Zhao
    ICSE'24, Lisbon, Portugal, Apr. 2024. (Acceptance rate: 234/1051=22.3%)
    ACM SIGSOFT Distinguished Paper Award

  • SENSE: Enhancing Microarchitectural Awareness for TEEs via Subscription-Based Notification [pdf]
    Fan Sang, Jaehyuk Lee, Xiaokuan Zhang, Meng Xu, Scott Constable, Yuan Xiao, Michael Steiner, Mona Vij, Taesoo Kim
    NDSS'24, San Diego, CA, USA, Feb. 2024. (Acceptance rate: 104/694=15.0%)

  • Ensuring State Continuity for Confidential Computing: A Blockchain-based Approach [link]
    Wei Peng, Xiang Li, Jianyu Niu, Xiaokuan Zhang, Yinqian Zhang
    TDSC'24. (journal paper)
2023
  • Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel [pdf]
    Tao Ni, Xiaokuan Zhang, Qingchuan Zhao
    CCS'23, Copenhagen, Denmark, Nov. 2023. (Acceptance rate: 235/1222=19.2%)

  • Exploiting Contactless Side Channels in Wireless Charging Power Banks for User Privacy Inference via Few-shot Learning [pdf]
    Tao Ni, Jianfeng Li, Xiaokuan Zhang, Chaoshun Zuo, Wubing Wang, Weitao Xu, Xiapu Luo, Qingchuan Zhao
    Mobicom'23, Madrid, Spain, Oct. 2023. (Acceptance rate: 92/377=24.4%)

  • POLICYCOMP: Counterpart Comparison of Privacy Policies Uncovers Overbroad Personal Data Collection Practices [pdf]
    Lu Zhou, Chengyongxiao Wei, Tong Zhu, Guoxing Chen, Xiaokuan Zhang, Suguo Du, Hui Cao, Haojin Zhu
    Security'23, Anaheim, CA, USA, Aug. 2023. (Acceptance rate: 422/1444=29.2%)

  • Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels [pdf]
    Tao Ni, Xiaokuan Zhang, Chaoshun Zuo, Jianfeng Li, Zhenyu Yan, Wubing Wang, Weitao Xu, Xiapu Luo, Qingchuan Zhao
    S&P'23 (Oakland), San Francisco, CA, USA, May 2023. (Acceptance rate: 195/1147=17.0%)

  • VERITRAIN: Validating MLaaS Training Efforts via Anomaly Detection [link]
    Xiaokuan Zhang, Yang Zhang, Yinqian Zhang
    TDSC'23. (journal paper)
2022
  • An Empirical Study on Ethereum Private Transactions and the Security Implications [pdf]
    Xingyu Lyu, Mengya Zhang, Xiaokuan Zhang, Jianyu Niu, Yinqian Zhang, Zhiqiang Lin
    arXiv preprint arXiv:2208.02858

  • Narrator: Secure and Practical State Continuity for Trusted Execution in the Cloud [pdf]
    Jianyu Niu, Wei Peng, Xiaokuan Zhang, Yinqian Zhang
    CCS'22, Los Angeles, CA, USA, Nov. 2022. (Acceptance rate: 218/971=22.5%)

  • PRIDWEN: Universally Hardening SGX Programs via Load-Time Synthesis [pdf]
    Fan Sang, Ming-Wei Shih, Sangho Lee, Xiaokuan Zhang, Michael Steiner, Mona Vij, Taesoo Kim
    ATC'22, Carlsbad, CA, USA, July 2022. (Acceptance rate: 64/393=16.3%)

  • Defeating Traffic Analysis via Differential Privacy: A Case Study on Streaming Traffic [link]
    Xiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang
    IJIS'22. (journal paper)
2021 and before
  • SoK: On the Analysis of Web Browser Security [pdf]
    Jungwon Lim, Yonghwi Jin, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang, Taesoo Kim
    arXiv preprint arXiv:2112.15561

  • Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic [pdf]
    Suibin Sun, Le Yu, Xiaokuan Zhang, Minhui Xue, Ren Zhou, Haojin Zhu, Shuang Hao, Xiaodong Lin
    CCS'21, Virtual Event, Nov. 2021. (Acceptance rate: 196/879=22.3%)
    Top 10 Finalists of NYU CSAW'22 Applied Research Competition

  • Dissecting Click Fraud Autonomy in the Wild [pdf]
    Tong Zhu, Yan Meng, Haotian Hu, Xiaokuan Zhang, Minhui Xue, Haojin Zhu
    CCS'21, Virtual Event, Nov. 2021. (Acceptance rate: 196/879=22.3%)

  • SurfaceFleet: Exploring Distributed Interactions Unbounded from Device, Application, User, and Time [pdf] [link]
    Frederik Brudy, David Ledo, Michel Pahud, Nathalie Henry Riche, Christian Holz, Anand Waghmare, Hemant Surale, Marcus Peinado, Xiaokuan Zhang, Shannon Joyner, Badrish Chandramouli, Umar Farooq Minhas, Jonathan Goldstein, Bill Buxton, Ken Hinckley
    UIST'20, Virtual Event, Oct. 2020. (Acceptance rate: 97/450=21.5%)

  • TXSPECTOR: Uncovering Attacks in Ethereum from Transactions [pdf]
    Mengya Zhang*, Xiaokuan Zhang*, Yinqian Zhang, Zhiqiang Lin (*equal contribution)
    Security'20, Virtual Event, Aug. 2020. (Acceptance rate: 157/977=16.1%)

  • Statistical Privacy for Streaming Traffic [pdf] [slides]
    Xiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang
    NDSS'19, San Diego, CA, USA, Feb. 2019. (Acceptance rate: 89/521=17.1%)

  • A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites [pdf] [slides]
    Bo Lu*, Xiaokuan Zhang*, Ziman Ling, Yinqian Zhang, Zhiqiang Lin (*equal contribution)
    ACSAC'18, San Juan, Puerto Rico, USA, Dec. 2018. (Acceptance rate: 60/299=20.1%)

  • HoMonit: Monitoring Smart Home Apps from Encrypted Traffic [pdf]
    Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, Haojin Zhu
    CCS'18, Toronto, Canada, Oct. 2018. (Acceptance rate: 134/809=16.6%)

  • OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS [pdf] [slides]
    Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, XiaoFeng Wang
    NDSS'18, San Diego, CA, USA, Feb. 2018. (Acceptance rate: 71/331=21.5%)
    The issues identified in the paper have been acknowledged by Apple in CVE-2017-13852, CVE-2017-13873, CVE-2017-13877.
    Our proposed solutions have been integrated in recent versions of iOS/MacOS/watchOS/tvOS.
    Top 10 Finalists of NYU CSAW'18 Applied Research Competition

  • Detecting Privileged Side-Channel Attacks in Shielded Execution with DEJA VU [pdf]
    Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, Yinqian Zhang
    AsiaCCS'17, Abu Dhabi, UAE, Apr. 2017. (Acceptance rate: 73/359=20.3%)

  • Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices [pdf] [slides]
    Xiaokuan Zhang, Yuan Xiao, Yinqian Zhang
    CCS'16, Vienna, Austria, Oct. 2016. (Acceptance rate: 137/831=16.5%)

  • One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation [pdf] [slides]
    Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Mircea-Radu Teodorescu
    Security'16, Austin, TX, USA, Aug. 2016. (Acceptance rate: 72/463=15.6%)
    Top 10 Finalists of NYU CSAW'16 Applied Research Competition

Professional Services

Organizing Committee
  • Web Chair, Information Security Conference (ISC) 2024
Program Committee
  • ISOC Network and Distributed System Security Symposium (NDSS) 2025
  • Annual Computer Security Applications Conference (ACSAC) 2024
  • ACM Conference on Computer and Communications Security (CCS) 2024
  • USENIX Security Symposium (Security) 2024
  • ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2024
  • International Conference on Applied Cryptography and Network Security (ACNS) 2023
  • EAI International Conference on Security and Privacy in Communication Networks (SecureComm) 2022, 2023
  • International Conference on Knowledge Science, Engineering and Management (KSEM) 2022
  • ACM Cloud Computing Security Workshop (CCSW) 2020 - 2023
  • NYU CSAW Cyber Security Applied Research Paper Competition 2020, 2021
  • IEEE International Conference on Cloud Computing Technology and Science (CloudCom) 2020, 2023
Reviewer
  • IEEE Transactions on Dependable and Secure Computing (TDSC) 2019, 2022 - 2024
  • IEEE Transactions on Mobile Computing (TMC) 2021, 2022
External Reviewer
  • IEEE Symposium on Security and Privacy (Oakland) 2016 - 2018, 2020, 2022
  • ACM Conference on Computer and Communications Security (CCS) 2016 - 2020
  • USENIX Security Symposium (Security) 2017, 2022
  • ISOC Network and Distributed System Security Symposium (NDSS) 2018, 2020
  • ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2018, 2020

Teaching Experience

  • (GMU) Instructor for CS 499: Foundations and Advances of Cybersecurity Fall 2024
  • (GMU) Instructor for CS 692: Linux Kernel Internals Spring 2024
  • (GMU) Instructor for CS 795: Security Issues in Emerging Computer Systems Fall 2023
  • (GMU) Instructor for CS 471: Operating Systems Fall 2022, Spring 2023
  • (OSU) Graduate Teaching Assistant for CSE 3341: Principles of Programming Languages Spring 2016
  • (OSU) Graduate Teaching Assistant for CSE 5461: Computer Networking and Internet TechnologiesFall 2015

Misc.

In my spare time, I like to watch basketball and soccer games. I witnessed Game 2 of the 2018 NBA Finals in the Oracle Arena. I also enjoy playing badminton and ping-pong with friends.