Yuan Tian  田园​

 Yuan (pronounced similar to you-en )

Assistant Professor

Computer Science 

University of Virginia

Email: yuant@virginia.edu


I'm an Assistant Professor at University of Virginia. My research focuses on developing novel technologies for the security, privacy, and safety of modern and emerging systems. I analyze and model systems, drawing on program analysis, protocol analysis, machine learning, and human factors to understand the risks and develop systems that are secure and privacy-preserving.
My work has been published in top-tier security conferences (such as Oakland, CCS, Usenix Security, and NDSS), and my work has generated real-world impact as countermeasures and design changes directly resulting from my research have been integrated into platforms (such as Android, Chrome, Firefox, and iOS).
Before joining UVa, I was a Ph.D. student at Carnegie Mellon University. I am fortunate to be advised by Professor Patrick Tague. I interned at Microsoft Research (with Dr. Cormac Herley and Dr. Stuart Schechter), Facebook (with Security Infrastructure team), and Samsung Research (with Dr. Peng Ning).
Looking for motivated students! Please don't hesitate to email me if you are interested in my research. I'm looking for passionate and smart students to drive my projects. 


  • Our paper "MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols" is accepted to appear in Usenix Security 2021
  • Our papers "Understanding and Mitigating Accuracy Disparity in Regression" and "Model-Targeted Poisoning Attacks with Provable Convergence" are accepted to appear in ICML 2021
  • Our paper "Intent Classification and Slot Filling for Privacy Policies"  is accepted to appear in ACL 2021
  • We are excited to receive a Google Research Scholar Award on "Exploit Generation Using Reinforcement Learning" with Yu Feng!
  • Our paper "CRYPTGPU: Fast Privacy-Preserving Machine Learning on the GPU" is accepted to appear in Oakland 2021. 
  • Our paper "VerHealth: Vetting Medical Voice Applications through Policy Enforcement" is accepted to appear in the Proceedings of The ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT/UbiComp) 2021.
  • Our paper “Curse or Redemption? How Data Heterogeneity Affects the Robustness of Federated Learning”, is accepted to appear in the Thirty-Fifth AAAI Conference on Artificial Intelligence (AAAI) 2021.
  • Congratulations to Chenghan for winning the honorable mention for CRA Outstanding Undergraduate Researcher Award!
  • I'm serving as the shadow PC chair for Oakland 2021. Please apply to participate if you are interested. 
  • I'm serving as the co-chair for SafeThings 2021. Please submit your great work!
  • Congratulations to Faysal for winning the Linklab Outstanding Graduate Researcher Award!
  • Our paper "Trade-offs and Guarantees on Adversarial Representation Learning for Information Obfuscation" is accepted to appear in NeurIPS 2020
  • Our paper "PolicyQA: A Reading Comprehension Dataset for Privacy Policies" is accepted to appear in Findings of EMNLP 2020
  • NSF has chosen to fund our grant on Private Data Analytics, Synthesis, and Sharing for Large-Scale Multi-Modal Smart City Mobility Research, which is in collaboration with Desheng Zhang, and Dimitris Metaxas
  • I've received an NSF CAREER Award on CAREER: Secure Voice-Controlled Platforms
  • Our paper "iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Apps" is accepted to appear in Usenix Security 2020
  • Our paper "Read Between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant Systems" is accepted to appear in the Web conference 2020. 
  • Our paper "SPEAKER-RADAR: a Sonar-based Liveness Detection System for Protecting Smart Speakers Against Remote Attackers" is accepted to appear in Ubicomp 2020. 
  • Our paper “TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications”, is accepted to appear in the NDSS Symposium 2020. See you in San Diego!
  • Our paper "Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems" got 3rd place for CSAW Best Security Paper Award. 
  • Jianfeng will present our paper "Privacy Guarantees for Adversarial Task-Specific Privacy Preservation" at NeurIPS 2019 Workshop on ML with Guarantees. 
  • I'm serving on the program committee of Usenix Security 2020, NDSS 2020, Oakland 2020, and Euro S&P 2020, please submit your great work!
  • Our paper "OAuthLint: An Empirical Study on OAuth Bugs in Android Applications" is accepted to appear in ASE 2019. 
  • We receive an NSF grant "Enforcing Security and Privacy Policies to Protect Research Data" with Kai-Wei Chang, Yanyan Zhuang, and Byoung-Do Kim.
  • Our paper "Improving Black-box Attacks on Classifiers by Combining Transfer and Gradient Attacks" is accepted to appear in Usenix Security 2020. See you in Boston! 
  • Our paper "Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users" is accepted by Usenix Security 2019. See you in Santa Clara!
  • I got an NSF CRII Award for mobile security and privacy. 
  • Our paper "StopGuessing: Using Guessed Passwords to Thwart Online Guessing" is accepted by EuroS&P 2019. Check out our open-source implementation on Github
  • Students in our mobile and IoT security course produced interesting research results. Sihang, Yizhou, and Jianfeng's paper on the GPU side channel will appear at SafeThings 19 (co-located with Oakland). Zoya will present her course project on automobile app security at Bar 2019 (co-located with NDSS).
  • I got an Amazon Research Award for data-driving security. Thanks, Amazon!
  • I'm serving on the program committee of  CCS 2019, AsiaCCS 2019 and Oakland 2020, please submit your great work!
  • Our paper "Demystifying Hidden Privacy Settings in Mobile Apps" is accepted by Oakland 2019
  • Our paper "Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems" is accepted by Oakland 2019, see you in San Francisco
  • Our proposal "CRI:II-New: The Living Link Lab: Infrastructure for Enhancing Occupant Experience and Building Operations" is funded. Thanks, NSF!
  • I'm co-organizing Safethings 2018 (co-located with Sensys 2018), see you in Shenzhen!
  • I'm serving on the program committee of NDSS 2019 and AAAI 2019, please submit your work!
  • Jack will present at HotSec 2018 about "Smartcity Security" and he will also present a poster at Usenix Security 2018 about "How is GDPR Affecting Privacy Policies?"
  • I received two Research Innovation Awards from UVa School of Engineering and Applied Science
  • I'm serving on the program committee of Usenix Security 2018, CCS 2018, and RESEC 2018, submit your awesome work!
  • I'm serving as the poster chair at Usenix Security 2018, please submit your interesting work!
  • Suya will present our poster "Adversaries Don’t Care About Averages: Batch Attacks on Black-Box Classifiers" at Oakland 2018
  • Our paper "Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps" is accepted by Hotmobile 2018
  • Suya will present our paper "Black-box Attacks on Machine Learning Classifier" at NIPS 2017 workshop MLSec 
  • Our paper "EchoSafe: Sonar-based Verifiable Interaction with Intelligent Digital Agents" is accepted by SafeThings 2017, co-located with Sensys 
  • Our paper "SmartAuth: User-Centered Authorization for the Internet of Things" is accepted by Usenix Security 2017, see you in Vancouver!
  • Our paper "IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks" is accepted by Oakland 2017
  • CMU Engineering home page story about our project in mobile security, 2017.01
  • I gave a talk at Chinese Academy of Science, 2017.01
  • I gave a talk at Tsinghua University, 2016.12
  • I gave a talk at UCLA, 2016.12
  • I gave a talk at the ACSAC conference about mobile gaming security and defense, 2016.12
  • I was invited to attend the Rising Star in EECS workshop, 2016.11
  • Media coverage about our talk at Blackhat USA about Mobile OAuth, 2016.08