個(gè)人簡介:

南雨宏,副教授,碩士生導(dǎo)師。必贏3003no1線路檢測中心百人計(jì)劃青年學(xué)術(shù)骨干,校青年拔尖人才。曾任美國普渡大學(xué)(Purdue University)計(jì)算機(jī)系博士后研究員,普渡CERIAS訪問學(xué)者。博士畢業(yè)于復(fù)旦大學(xué)。博士期間曾獲國家留學(xué)基金委資助,于美國印第安納大學(xué)布盧明頓分校(Indiana University Bloomington)進(jìn)行聯(lián)合培養(yǎng)。

主要研究方向?yàn)?strong>系統(tǒng)軟件安全及隱私保護(hù)。包括面向大模型、移動(dòng)互聯(lián)網(wǎng)生態(tài)、智能合約等平臺(tái)的研究。研究成果發(fā)表于USENIX Security、ACM CCS,NDSS, ICSE, FSE,ASE, ISSTA等系統(tǒng)安全及軟件工程領(lǐng)域頂級(jí)會(huì)議。主持國家自然科學(xué)基金、廣東省新一代電子信息(半導(dǎo)體)重點(diǎn)領(lǐng)域?qū)m?xiàng)、廣東省自然科學(xué)基金(面上項(xiàng)目)等省部級(jí)項(xiàng)目,曾作為科研骨干參與國家 973 計(jì)劃、美國政府及企業(yè)資助的多項(xiàng)研究。目前擔(dān)任廣東省區(qū)塊鏈工程技術(shù)研究中心智能合約安全研發(fā)負(fù)責(zé)人,CCF珠海委員。擔(dān)任ACM CCS 2024, ACM/IEEE ASE 2024, ASIACCS 2021, 2022, ICICS 2021, 2022等國際會(huì)議程序委員會(huì)委員。擔(dān)任IEEE TIFS, TDSC, TOPS,TMC, TSE,EMSE等期刊審稿人。研究發(fā)現(xiàn)的安全及隱私問題多次獲得來自Google、Meta (Facebook)、X (Twitter)、Slack、國內(nèi)三大電信運(yùn)營商(移動(dòng)、聯(lián)通、電信)等廠商的官方確認(rèn)及致謝。

 

郵箱:

nanyh AT sysu.edu.cn

 

研究內(nèi)容:

系統(tǒng)軟件安全攻防

  • 大模型輔助安全攻防
  • 移動(dòng)互聯(lián)網(wǎng)生態(tài)安全(欺詐模式挖掘、誤導(dǎo)交互模式檢測)
  • 區(qū)塊鏈平臺(tái)安全(跨合約、跨鏈漏洞檢測)
  • 協(xié)議安全(登錄認(rèn)證協(xié)議、通訊應(yīng)用安全)

 

終端用戶隱私保護(hù)

  • 大模型應(yīng)用隱私保護(hù)
  • 數(shù)據(jù)脫敏
  • 隱私合規(guī)檢測
  • 隱私泄露模式分析

 

招生:

每年招收2-3名碩士研究生;長期招收校內(nèi)外本科生參與課題/項(xiàng)目實(shí)習(xí)。

課題組為科研表現(xiàn)優(yōu)異的同學(xué)提供多種形式的國內(nèi)/海外學(xué)術(shù)交流訪問機(jī)會(huì),為優(yōu)秀碩士生提供碩轉(zhuǎn)博銜接培養(yǎng)機(jī)會(huì)。歡迎具有推免資格及考研的同學(xué)通過郵件與我取得聯(lián)系。

 

科研項(xiàng)目:

  • 2022 - 2023:廣東省新一代電子信息(半導(dǎo)體)重點(diǎn)領(lǐng)域?qū)m?xiàng),主持
  • 2023 - 2025:國家自然科學(xué)基金青年科學(xué)基金項(xiàng)目,主持
  • 2023 - 2025:廣東省自然科學(xué)基金(面上項(xiàng)目),主持
  • 2022 - 2023:必贏3003no1線路檢測中心青年拔尖科研人才培育項(xiàng)目 ,主持
  • 2022 - 2023:阿里巴巴AIR創(chuàng)新基金,主持
  • 2021 - 2022:必贏3003no1線路檢測中心青年教師團(tuán)隊(duì)培育項(xiàng)目,參與

 

指導(dǎo)學(xué)生獲獎(jiǎng)情況:

  • 2023 第十六屆全國大學(xué)生信息安全競賽 作品賽 一等獎(jiǎng),三等獎(jiǎng),最具創(chuàng)新創(chuàng)業(yè)價(jià)值獎(jiǎng)

  • 2023 中國網(wǎng)絡(luò)安全產(chǎn)業(yè)聯(lián)盟 網(wǎng)絡(luò)安全優(yōu)秀創(chuàng)新成果大賽 總決賽提名獎(jiǎng)

  • 2023 粵港澳大灣區(qū)IT應(yīng)用系統(tǒng)開發(fā)大賽 二等獎(jiǎng)

  • 2023 廣東省網(wǎng)絡(luò)空間安全優(yōu)秀論文 三等獎(jiǎng)

  • 2023 美國大學(xué)生數(shù)學(xué)建模競賽 特等獎(jiǎng) (前0.17%)

  • 2022 全國大學(xué)生數(shù)學(xué)建模競賽 廣東省賽區(qū) 二等獎(jiǎng)

  • 2022 國家信息安全漏洞共享平臺(tái) CNVD高危漏洞確認(rèn) (共15項(xiàng))

  • 2022 DataCon 大數(shù)據(jù)安全分析競賽,軟件安全賽道 優(yōu)勝獎(jiǎng) (8/135)

 

講授課程:

  • 2021 - 2024:SSE206/208 計(jì)算機(jī)網(wǎng)絡(luò) (本科)

  • 2021 - 2024:SSE5104 軟件安全(研究生,本研貫通課程)

 

學(xué)術(shù)兼職:

 

程序委員會(huì)委員:

  • The ACM Conference on Computer and Communications Security (CCS) 2024,2025
  • The IEEE/ACM International Conference on Automated Software Engineering (ASE) 2024
  • ACM Asia Conference on Computer and Communications Security (ASIACCS) 2021, 2022
  • International Conference on Information and Communications Security (ICICS) 2021, 2022

 

期刊審稿人:

  • IEEE Transactions on Dependable and Secure Computing (TDSC).(CCF-A)
  • IEEE Transactions on Information Forensics and Security (TIFS). (CCF-A)
  • IEEE Transactions on Software Engineering (TSE).(CCF-A)
  • IEEE Transactions on Mobile Computing (TMC).(CCF-A)

 

 

榮譽(yù)獎(jiǎng)項(xiàng):

  • 2023 浦江創(chuàng)新論壇 “青年先鋒”稱號(hào)(全國10人)
  • 2020 CSAW Applied Security Research Competition Top-10 Finalist,CSAW, 北美
  • 2020 USENIX WOOT 最佳論文獎(jiǎng)
  • 2018 ACM SIGSAC China 優(yōu)秀博士論文獎(jiǎng)
  • 2018 復(fù)旦大學(xué)優(yōu)秀博士畢業(yè)生
  • 2015 百度獎(jiǎng)學(xué)金(20萬元,全球10人), 百度在線網(wǎng)絡(luò)技術(shù)有限公司

 

近五年代表性論文(四大安全會(huì)議*12)

  • [CCS 24] Understanding Cross-Platform Referral Traffic for Illicit Drug Promotion. Mingming Zha, Zilong Lin, Siyuan Tang, Xiaojing Liao, Yuhong Nan, XiaoFeng Wang. In Proceedings of the 31st ACM Conference on Computer and Communications Security, CCS’24. [Top] [CCF-A].
  • [CCS 24] Are We Getting Well-informed? An In-depth Study of Runtime Privacy Notice Practice in Mobile Apps. Shuai Li, Zhemin Yang, Yuhong Nan, Shutian Yu, Qirui Zhu, Min Yang. In Proceedings of the 31st ACM Conference on Computer and Communications Security, CCS’24. [Top] [CCF-A].
  • [IOTJ 24] Understanding Privacy Risks of Intelligent Connected Vehicles Through Their Companion Mobile Apps. Peifu Yang, Yuhong Nan, Lei Xue, Yuliang Zhang, Juan Zhai, Zibin Zheng. IEEE Internet Things Journal. 11(20): 33683-33695 (2024). [JCR-Q1]
  • [FSE 24] SmartAxe: Detecting Cross-Chain Vulnerabilities in Bridge Smart Contracts via Fine-Grained Static Analysis. Zeqin Liao, Yuhong Nan, Henglong Liang, Sicheng Hao, Juan Zhai, Jiajing Wu, Zibin Zheng. Proc. ACM Softw. Eng. 1(FSE): 249-270 (2024). [Top] [CCF-A].
  • [ISSTA 24] Midas: Mining Profitable Exploits in On-Chain Smart Contracts via Feedback-Driven Fuzzing and Differential Analysis. Mingxi Ye, Xingwei Lin, Yuhong Nan, Jiajing Wu, Zibin Zheng. ISSTA 2024: 794-805. [Top] [CCF-A].
  • [Security 24] MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning. Zian Jia, Yun Xiong, Yuhong Nan, Yao Zhang, Jinjing Zhao, Mi Wen. In Proceedings of the 33th USENIX Security Symposium (USENIX Security’24) [Top] [CCF-A].
  • [Security 24] Navigating the Privacy Compliance Maze: Understanding Risks with Privacy-Configurable Mobile SDKs. Yifan Zhang, Zhaojie Hu, Xueqiang Wang, Yuhui Hong, Yuhong Nan, XiaoFeng Wang, Jiatao Cheng, Luyi Xing. In Proceedings of the 33th USENIX Security Symposium (USENIX Security’24) [Top] [CCF-A].
  • [NDSS 24] Leaking the Privacy of Groups and More: Understanding Privacy Risks of Cross-App Content Sharing in Mobile Ecosystem. Jiangrong Wu, Yuhong Nan, Luyi Xing, Jiatao Cheng, Zimin Lin, Zibin Zheng, Min Yang. In proceedings of the 31th Network and Distributed System Security Symposium [Top] [CCF-A].
  • [ICSE 24] PrettySmart: Detecting Permission Re-delegation Vulnerability for Token Behaviors in Smart Contracts. Zhijie Zhong, Hong-Ning Dai, Zibin Zheng, Qing Xue, Junjia Chen, Yuhong Nan. In Proceedings of the 46th ACM/IEEE International Conference on Software Engineering [Top] [CCF-A].
  • [ASE 23] SmartCoco: Checking Comment-code Inconsistency in Smart Contracts via Constraint Propagation and Binding. Sicheng Hao, Yuhong Nan, Zibin Zheng, Xiaohui Liu. In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering [Top] [CCF-A].
  • [Security 23] AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts. Hailun Ding, Juan Zhai, Yuhong Nan and Shiqing Ma. In Proceedings of the 32th USENIX Security Symposium (USENIX Security’23) [Top] [CCF-A].
  • [Security 23] Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps. Yuhong Nan, Xueqiang Wang, Luyi Xing, Xiaojing Liao, Ruoyu Wu, Jianliang Wu, Yifan Zhang, and XiaoFeng Wang. In Proceedings of the 32th USENIX Security Symposium [Top] [CCF-A].
  • [ISSTA 22] SmartDagger: A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability. Zeqin Liao, Zibin Zheng, Xiao Chen and Yuhong Nan. In Proceedings of the 31th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22) [Top] [CCF A].
  • [Security 22] ProFactory: Improving IoT Security via Formalized Protocol Customization. Fei Wang, Jianliang Wu, Yuhong Nan, Yousra Aafer, Xiangyu Zhang, Dongyan Xu, and Mathias Payer. In Proceedings of the 31th USENIX Security Symposium (USENIX Security’22) [Top] [CCF A].
  • [NDSS 22] Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat Systems. Mingming Zha, Jice Wang, Yuhong Nan, XiaoFeng Wang, Yuqing Zhang, and Weidong Jing. In Proceedings of the 29th Network and Distributed System Security Symposium (NDSS’22) [Top] [CCF A].
  • [DSN 22] SIMulation: Demystifying (Insecure) Cellular Network-based One-Tap Authentication Services. Ziyi Zhou, Xing Han, Zeyuan Chen, Yuhong Nan, Juanru Li, Dawu Gu. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2022 [CCF B].
  • [NDSS 21] On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices. Zeyu Lei, Yuhong Nan, Yanick Fratantonio and Antonio Bianchi. In Proceedings of the 28th Network and Distributed System Security Symposium (Acceptance ratio 15.2%), [Top] [CCF A].
  • [Security 21] Understanding Malicious Cross-library Data Harvesting on Android. Jice Wang, Yue Xiao, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, Jinwei Dong, Nicolas Serrano, Haoran Lu, Xiaofeng Wang, and Yuqing Zhang. In Proceedings of the 30th USENIX Security Symposium [Top] [CCF-A].
  • [Security 21] ATLAS: A Sequence-based Learning Approach for Attack Investigation. Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Berkay Celik, Xiangyu Zhang and Dongyan Xu. In proceedings of the 30th USENIX Security Symposium [Top] [CCF-A]
  • [RAID 20] BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy (BLE) Networks. Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Mathias Payer, and Dongyan Xu. In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses. (Acceptance ratio 25.6%=21/121) [CCF-B]
  • [WOOT 20] BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy. Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, and Dongyan Xu. In Proceedings of the 14th USENIX Workshop on Offensive Technologies.