Yuan Tian  田园​

 Yuan (pronounced similar to you-en )

Assistant Professor

Computer Science 

University of Virginia

Email: yuant@virginia.edu




I'm an Assistant Professor at University of Virginia. My research focuses on developing novel technologies for the security, privacy, and safety of modern and emerging systems. I analyze and model systems, drawing on program analysis, protocol analysis, machine learning, and human factors to understand the risks and develop systems that are secure and privacy-preserving.
My work has been published in top-tier security conferences (such as Oakland, CCS, Usenix Security, and NDSS), and my work has generated real-world impact as countermeasures and design changes directly resulting from my research have been integrated into platforms (such as Android, Chrome, Firefox, and iOS).
Before joining UVa, I was a Ph.D. student at Carnegie Mellon University. I am fortunate to be advised by Professor Patrick Tague. I interned at Microsoft Research (with Dr. Cormac Herley and Dr. Stuart Schechter), Facebook (with Security Infrastructure team), and Samsung Research (with Dr. Peng Ning).
Looking for motivated students! Please don't hesitate to email me if you are interested in my research. I'm looking for passionate and smart students to drive my projects. 


  • Our paper "Read Between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant Systems" is accepted to appear in the Web conference 2020. 
  • Our paper "SPEAKER-RADAR: a Sonar-based Liveness Detection System for Protecting Smart Speakers Against Remote Attackers" is accepted to appear in Ubicomp 2020. 
  • Our paper “TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications”, is accepted to appear in the NDSS Symposium 2020. See you in San Diego! 
  • Jianfeng will present our paper "Privacy Guarantees for Adversarial Task-Specific Privacy Preservation" at NeurIPS 2019 Workshop on ML with Guarantees. 
  • I'm serving on the program committee of Usenix Security 2020, NDSS 2020, Oakland 2020, and Euro S&P 2020, please submit your great work!
  • Our paper "OAuthLint: An Empirical Study on OAuth Bugs in Android Applications" is accepted to appear in ASE 2019. 
  • We receive an NSF grant "Enforcing Security and Privacy Policies to Protect Research Data" with Kai-Wei Chang, Yanyan Zhuang, and Byoung-Do Kim.
  • Our paper "Improving Black-box Attacks on Classifiers by Combining Transfer and Gradient Attacks" is accepted to appear in Usenix Security 2020. See you in Boston! 
  • Our paper "Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users" is accepted by Usenix Security 2019. See you in Santa Clara!
  • I got an NSF CRII Award for mobile security and privacy. 
  • Our paper "StopGuessing: Using Guessed Passwords to Thwart Online Guessing" is accepted by EuroS&P 2019. Check out our open-source implementation on Github
  • Students in our mobile and IoT security course produced interesting research results. Sihang, Yizhou, and Jianfeng's paper on the GPU side channel will appear at SafeThings 19 (co-located with Oakland). Zoya will present her course project on automobile app security at Bar 2019 (co-located with NDSS).
  • I got an Amazon Research Award for data-driving security. Thanks, Amazon!
  • I'm serving on the program committee of  CCS 2019, AsiaCCS 2019 and Oakland 2020, please submit your great work!
  • Our paper "Demystifying Hidden Privacy Settings in Mobile Apps" is accepted by Oakland 2019
  • Our paper "Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems" is accepted by Oakland 2019, see you in San Francisco
  • Our proposal "CRI:II-New: The Living Link Lab: Infrastructure for Enhancing Occupant Experience and Building Operations" is funded. Thanks, NSF!
  • I'm co-organizing Safethings 2018 (co-located with Sensys 2018), see you in Shenzhen!
  • I'm serving on the program committee of NDSS 2019 and AAAI 2019, please submit your work!
  • Jack will present at HotSec 2018 about "Smartcity Security" and he will also present a poster at Usenix Security 2018 about "How is GDPR Affecting Privacy Policies?"
  • I received two Research Innovation Awards from UVa School of Engineering and Applied Science
  • I'm serving on the program committee of Usenix Security 2018, CCS 2018, and RESEC 2018, submit your awesome work!
  • I'm serving as the poster chair at Usenix Security 2018, please submit your interesting work!
  • Suya will present our poster "Adversaries Don’t Care About Averages: Batch Attacks on Black-Box Classifiers" at Oakland 2018
  • Our paper "Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps" is accepted by Hotmobile 2018
  • Suya will present our paper "Black-box Attacks on Machine Learning Classifier" at NIPS 2017 workshop MLSec 
  • Our paper "EchoSafe: Sonar-based Verifiable Interaction with Intelligent Digital Agents" is accepted by SafeThings 2017, co-located with Sensys 
  • Our paper "SmartAuth: User-Centered Authorization for the Internet of Things" is accepted by Usenix Security 2017, see you in Vancouver!
  • Our paper "IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks" is accepted by Oakland 2017
  • CMU Engineering home page story about our project in mobile security, 2017.01
  • I gave a talk at Chinese Academy of Science, 2017.01
  • I gave a talk at Tsinghua University, 2016.12
  • I gave a talk at UCLA, 2016.12
  • I gave a talk at the ACSAC conference about mobile gaming security and defense, 2016.12
  • I was invited to attend the Rising Star in EECS workshop, 2016.11
  • Media coverage about our talk at Blackhat USA about Mobile OAuth, 2016.08