top of page

Welcome!

Yuan Tian  ç”°å›­â€‹

Yuan (pronounced similar to you-en )

Associate Professor

Electrical and Computer Engineering

Computer Science 

Institute for Technology, Law & Policy

University of California, Los Angeles

Email: yuant@ucla.edu

​

I'm an Associate Professor at the University of California, Los Angeles. My research focuses on developing novel technologies for the security, privacy, and safety of modern and emerging systems. I analyze and model systems, drawing on program analysis, protocol analysis, machine learning, and human factors to understand the risks and develop systems that are secure and privacy-preserving.
 
My work has been published in top-tier security conferences (such as Oakland, CCS, Usenix Security, and NDSS), and top-tier machine learning conferences (such as ICML, NeurIPS, and ACL). My work has generated real-world impact as countermeasures and design changes directly resulting from my research have been integrated into platforms (such as Android, Chrome, Firefox, and iOS), and also impacted the security recommendations of standard organizations such as Internet Engineering Task Force (IETF). I'm fortunate to have received a couple of awards for my research, such as the Google Research Scholar Award, Okawa Foundation Award, NSF CAREER Award, NSF CRII award, Facebook Research Award, and Amazon AI Faculty Fellowship.
 
Before joining UCLA, I was an Assistant Professor at the University of Virginia. I received my PhD at Carnegie Mellon University in 2017. I am fortunate to be advised by Professor Patrick Tague. I interned at Microsoft Research (with Dr. Cormac Herley and Dr. Stuart Schechter), Facebook (with the Security Infrastructure team), and Samsung Research (with Dr. Peng Ning).
 
We are looking for motivated students! Please don't hesitate to email me if you are interested in my research. I'm looking for passionate and smart students to drive my projects. In particular, I'm looking for multiple PhD students for Fall 2025 in systems security, machine learning security, and applied crypto. We also seek undergraduate/master research assistants and research interns for these topics. 

News

​​
  • Our paper "BadMerging: Backdoor Attacks Against Model Merging" is accepted to appear at CCS 2024 
  • Thanks, Cisco, for supporting our research on LLM for security analysis!
  • Thanks, NSF, for supporting our research on privacy-preserving mobility data generation!
  • Our paper  "AuthSaber: Automated Safety Verification of OpenID Connect Programs" is accepted to appear at CCS 2024 
  • Our paper "Remote Keylogging Attacks in Multi-user VR Applications" is accepted to appear in Usenix Security 2024
  • I'm serving as CCS 2024 Software Security PC chair; please submit your interesting papers!
  • Delighted to receive the CCS 2023 Top Reviewer Award!
  • Our paper "Alexa, is the skill always safe? Uncover Lenient Skill Vetting Process and Protect User Privacy at Run Time" is accepted to appear at ICSE 2024
  • Our paper “Towards Real-time Voice Interaction Data Collection Monitoring and Ambient Light Privacy Notification for Voice-controlled Services” has been accepted to appear at Symposium on Usable Security and Privacy (USEC)
  • Our paper "Towards Detection-Recovery Strategy for Robust Decentralized Matrix Factorization" is accepted to appear at ESORICS 2024
  • Our paper "Anomaly Transmitter Recognition and Tracking" is accepted to appear at DySPAN 2024
  • I'm serving as Oakland 2024 associate PC chair; please submit your interesting papers!
  • Thanks, NSF, for supporting our project "Assessing the Relationship Between Privacy Regulations and Software Development to Improve Rulemaking and Compliance."
  • Our paper "When Can Linear Learners be Robust to Indiscriminate Poisoning Attacks?" is accepted to appear at NeurIPS 2023
  • Our paper "SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices" is accepted to appear at Oakland 2024
  • Congratulations to Dr. Suya, Dr. Faysal Hossain Shezan, and Dr. Tu Le for successfully passing their Ph.D. Defenses!
  • Thanks, Keysight, for the award on device security!
  • Our paper "MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency" is accepted to appear at NDSS 2024
  • Our paper “Exploring Smart Commercial Building Occupants' Perceptions and Notification Preferences of IoT Data Collection,”  is accepted to appear at IEEE European Symposium on Security and Privacy (EuroS&P), 2023
  • Our papers "Privacy-preserving Liveness Detection for Securing Smart Voice Interfaces", and “One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware" are accepted to appear in TDSC 2023 
  • Our paper "Towards Usable Security Analysis Tools for Trigger-Action Programming" is accepted to appear at SOUPS 2023
  • Our paper "PLUE: Language Understanding Evaluation Benchmark for Privacy Policies in English" is accepted to appear at ACL 2023
  • Our paper "UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware" is accepted to appear in Usenix Security 2023
  • Thanks, Okawa Foundation, for the Award on Trustworthy Human-AI Collaborations!
  • Our paper "Retrieval Enhanced Data Augmentation for Question Answering on Privacy Policies" is accepted to appear in EACL 2023
  • Our paper "ML-FEED: Machine Learning Framework for Efficient Exploit Detection" received the best paper award at IEEE TPS 2022!
  • We published two papers on enforcing privacy regulations. CHKPLUG: Checking GDPR Compliance of WordPress Plugins via Cross-language Code Property Graph at NDSS 2023, and Is Your Policy Compliant? A Deep Learning-based Empirical Study of Privacy Policies' Compliance with GDPR at WEPS 2022.
  • Our paper "Cerberus: Query-driven Scalable Security Checking for OAuth Service Provider Implementations" is accepted to appear in CCS 2022
  • Our paper "A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-party Components in IoT Firmware" is accepted to appear in ISSTA 2022
  • Our paper "TransRisk: Mobility Privacy Risk Prediction based on Transferred Knowledge" is accepted to appear in Ubicomp 2022
  • Our paper "SkillBot: Identifying Risky Content for Children in Alexa Skills" is accepted to appear in ACM TOIT 2022
  • Our paper "Towards Return Parity in Markov Decision Processes" is accepted to appear in AISTATS 2022
  • I'll join 2022 CRA Career Mentoring Workshop as a panelist
  • Our paper "Your Microphone Array Retains Your Identity: A Robust Voice Liveness Detection System for Smart Speakers" is accepted to appear in Usenix Security 2022
  • We are excited to receive a Facebook Research Award on Perception Integrity in Virtual Reality, in collaboration with Seongkook Heo
  • NSF has chosen to fund our grant "Toward safe, private, and secure home automation: from formal modeling to user evaluation", which is in collaboration with Lujo Bauer, and Limin Jia from Carnegie Mellon University
  • Our paper "MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols" is accepted to appear in Usenix Security 2021
  • Our papers "Understanding and Mitigating Accuracy Disparity in Regression" and "Model-Targeted Poisoning Attacks with Provable Convergence" are accepted to appear in ICML 2021
  • Our paper "Intent Classification and Slot Filling for Privacy Policies"  is accepted to appear in ACL 2021
  • We are excited to receive a Google Research Scholar Award on "Exploit Generation Using Reinforcement Learning" with Yu Feng!
  • Our paper "CRYPTGPU: Fast Privacy-Preserving Machine Learning on the GPU" is accepted to appear in Oakland 2021. 
  • Our paper "VerHealth: Vetting Medical Voice Applications through Policy Enforcement" is accepted to appear in the Proceedings of The ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT/UbiComp) 2021.
  • Our paper “Curse or Redemption? How Data Heterogeneity Affects the Robustness of Federated Learning”, is accepted to appear in the Thirty-Fifth AAAI Conference on Artificial Intelligence (AAAI) 2021.
  • Congratulations to Chenghan for winning the honorable mention for CRA Outstanding Undergraduate Researcher Award!
  • I'm serving as the shadow PC chair for Oakland 2021. Please apply to participate if you are interested. 
  • I'm serving as the co-chair for SafeThings 2021. Please submit your great work!
  • Congratulations to Faysal for winning the Linklab Outstanding Graduate Researcher Award!
  • Our paper "Trade-offs and Guarantees on Adversarial Representation Learning for Information Obfuscation" is accepted to appear in NeurIPS 2020
  • Our paper "PolicyQA: A Reading Comprehension Dataset for Privacy Policies" is accepted to appear in Findings of EMNLP 2020
  • NSF has chosen to fund our grant on Private Data Analytics, Synthesis, and Sharing for Large-Scale Multi-Modal Smart City Mobility Research, which is in collaboration with Desheng Zhang, and Dimitris Metaxas
  • I've received an NSF CAREER Award on CAREER: Secure Voice-Controlled Platforms
  • Our paper "iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Apps" is accepted to appear in Usenix Security 2020
  • Our paper "Read Between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant Systems" is accepted to appear in the Web conference 2020. 
  • Our paper "SPEAKER-RADAR: a Sonar-based Liveness Detection System for Protecting Smart Speakers Against Remote Attackers" is accepted to appear in Ubicomp 2020. 
  • Our paper “TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications”, is accepted to appear in the NDSS Symposium 2020. See you in San Diego!
  • Our paper "Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems" got 3rd place for CSAW Best Security Paper Award. 
  • Jianfeng will present our paper "Privacy Guarantees for Adversarial Task-Specific Privacy Preservation" at NeurIPS 2019 Workshop on ML with Guarantees. 
  • I'm serving on the program committee of Usenix Security 2020, NDSS 2020, Oakland 2020, and Euro S&P 2020, please submit your great work!
  • Our paper "OAuthLint: An Empirical Study on OAuth Bugs in Android Applications" is accepted to appear in ASE 2019. 
  • We receive an NSF grant "Enforcing Security and Privacy Policies to Protect Research Data" with Kai-Wei Chang, Yanyan Zhuang, and Byoung-Do Kim.
  • Our paper "Improving Black-box Attacks on Classifiers by Combining Transfer and Gradient Attacks" is accepted to appear in Usenix Security 2020. See you in Boston! 
  • Our paper "Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users" is accepted by Usenix Security 2019. See you in Santa Clara!
  • I got an NSF CRII Award for mobile security and privacy. 
  • Our paper "StopGuessing: Using Guessed Passwords to Thwart Online Guessing" is accepted by EuroS&P 2019. Check out our open-source implementation on Github
  • Students in our mobile and IoT security course produced interesting research results. Sihang, Yizhou, and Jianfeng's paper on the GPU side channel will appear at SafeThings 19 (co-located with Oakland). Zoya will present her course project on automobile app security at Bar 2019 (co-located with NDSS).
  • I got an Amazon Research Award for data-driving security. Thanks, Amazon!
  • I'm serving on the program committee of  CCS 2019, AsiaCCS 2019 and Oakland 2020, please submit your great work!
  • Our paper "Demystifying Hidden Privacy Settings in Mobile Apps" is accepted by Oakland 2019
  • Our paper "Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems" is accepted by Oakland 2019, see you in San Francisco
  • Our proposal "CRI:II-New: The Living Link Lab: Infrastructure for Enhancing Occupant Experience and Building Operations" is funded. Thanks, NSF!
  • I'm co-organizing Safethings 2018 (co-located with Sensys 2018), see you in Shenzhen!
  • I'm serving on the program committee of NDSS 2019 and AAAI 2019, please submit your work!
  • Jack will present at HotSec 2018 about "Smartcity Security" and he will also present a poster at Usenix Security 2018 about "How is GDPR Affecting Privacy Policies?"
  • I received two Research Innovation Awards from UVa School of Engineering and Applied Science
  • I'm serving on the program committee of Usenix Security 2018, CCS 2018, and RESEC 2018, submit your awesome work!
  • I'm serving as the poster chair at Usenix Security 2018, please submit your interesting work!
  • Suya will present our poster "Adversaries Don’t Care About Averages: Batch Attacks on Black-Box Classifiers" at Oakland 2018
  • Our paper "Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps" is accepted by Hotmobile 2018
  • Suya will present our paper "Black-box Attacks on Machine Learning Classifier" at NIPS 2017 workshop MLSec 
  • Our paper "EchoSafe: Sonar-based Verifiable Interaction with Intelligent Digital Agents" is accepted by SafeThings 2017, co-located with Sensys 
  • Our paper "SmartAuth: User-Centered Authorization for the Internet of Things" is accepted by Usenix Security 2017, see you in Vancouver!
  • Our paper "IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks" is accepted by Oakland 2017
  • CMU Engineering home page story about our project in mobile security, 2017.01
  • I gave a talk at Chinese Academy of Science, 2017.01
  • I gave a talk at Tsinghua University, 2016.12
  • I gave a talk at UCLA, 2016.12
  • I gave a talk at the ACSAC conference about mobile gaming security and defense, 2016.12
  • I was invited to attend the Rising Star in EECS workshop, 2016.11
  • Media coverage about our talk at Blackhat USA about Mobile OAuth, 2016.08
bottom of page