top of page
Research Interests
My research interests involve security and privacy and their interactions with computer systems, machine learning, and human-computer interaction. My current research focuses on developing new computing platforms with strong security and privacy features, particularly in the Internet of Things and machine learning. My work has been published in top-tier security conferences (such as Oakland, CCS, Usenix Security, and NDSS), and has also been adopted by platform designers and application developers (such as Chrome, Firefox, and iOS).
-
Privacy Compliance and Enhancement
-
System Security (IoT Security, Accountable Software)
-
Trustworthy Machine Learning (Data Poisoning Attacks&Defenses, Privacy-Preserving Machine Learning)
Publications
-
J. Zhang, J. Chi, Z. Li, K. Cai, Y. Zhang, Y. Tian. "BadMerging: Backdoor Attacks Against Model Merging." in the 31st ACM Conference on Computer and Communications Security (CCS) 2024. [PDF]
-
T. Rahat, Y. Feng, and Y. Tian, "AuthSaber: Automated Safety Verification of OpenID Connect Programs," to appear in the 31st ACM Conference on Computer and Communications Security (CCS), 2024 [PDF]
-
Z. Su, K. Cai, R. Beeler, L. Dresel, A. Garcia, I. Grishchenko, Y. Tian, C. Kruegel, G. Vigna, “Remote Keylogging Attacks in Multi-user VR Applications”, in the 33rd USENIX Security Symposium (Usenix 2024). [PDF]
-
K Cai, J Zhang, W Shand, Z Hong, G Wang, D Zhang, J Chi, Y Tian, “Where have you been? A Study of Privacy Risk for Point-of-Interest Recommendation”, in the 2024 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. [PDF]
-
Y. Huang, M. Zhang, D. Ding, E. Jiang, Q. Xiao, X. You, Y. Tian, M. Yang, “Towards Detection-Recovery Strategy for Robust Decentralized Matrix Factorization,” to appear in European Symposium on Research in Computer Security (ESORICS) 2024. [PDF]
-
T. Le, D. Zhao, Z. Wang, X. Wang, Y. Tian, "Alexa, is the skill always safe? Uncover Lenient Skill Vetting Process and Protect User Privacy at Run Time", to appear in 46th International Conference on Software Engineering (ICSE 2024) (PDF)
-
T. Zhao, S. Sarkar, Y. Tian, D. Cabric, “Anomaly Transmitter Recognition and Tracking”, to appear in the IEEE International Symposium on Dynamic Spectrum Access Networks (DySPAN), 2024. (PDF)
-
Q. Wang, B. Chang, S. Ji, Y. Tian, X. Zhang, B. Zhao, G. Pan, C. Lyu, M. Payer, W. Wang, R. Beyah, “SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices,” to appear in the IEEE Symposium on Security and Privacy (Oakland), 2024 (PDF)
-
J. Xu, X. Zhang, S. Ji, Y. Tian, B. Zhao, Q. Wang, P. Cheng, J. Chen, “MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency,” to appear in the Network and Distributed System Security Symposium (NDSS), 2024 (PDF)
-
Fnu Suya, Anshuman Suri, Tingwei Zhang, Jingtao Hong, Yuan Tian, David Evans (2024). SoK: Pitfalls in Evaluating Black-Box Attacks. In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML) 2024. (PDF)
-
T. Le, Z. Wang, D. Huang, Y. Yao, Y. Tian, "Towards Real-time Voice Interaction Data Collection Monitoring and Ambient Light Privacy Notification for Voice-controlled Services", to appear in Symposium on Usable Security and Privacy (USEC) 2024 (PDF)
-
F. Suya, X. Zhang, Y. Tian, D. Evans, "What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners?", in Conference on Neural Information Processing Systems (NeurIPS) 2023. (PDF)
-
T. Le, A. Wang, Y. Yao, Y. Feng, A. Heydarian, N. Sadeh, Y. Tian, “Exploring Smart Commercial Building Occupants' Perceptions and Notification Preferences of IoT Data Collection,” to appear in the proceedings of IEEE European Symposium on Security and Privacy (EuroS&P), 2023. (PDF)
-
Y. Meng, J. Li, H. Zhu, Y. Tian, J. Chen, "Privacy-preserving Liveness Detection for Securing Smart Voice Interfaces," in the IEEE Transactions on Dependable and Secure Computing (TDSC), 2023. (PDF)
-
M. McCall, E. Zeng, F. H. Shezan, M. Yang, L. Bauer, A. Bichhawat, C. Cobb, L. Jia, Y. Tian, “Towards Usable Security Analysis Tools for Trigger-Action Programming,” to appear in the nineteenth Symposium on Usable Privacy and Security (SOUPS 2023) (PDF)
-
J. Chi, W. Ahmad, Y. Tian, K. Chang, “PLUE: Language Understanding Evaluation Benchmark for Privacy Policies in English”, to appear in the 61st Annual Meeting of the Association for Computational Linguistics (ACL), 2023 (PDF, CODE)
-
B. Zhao, S. Ji, X. Zhang, Y. Tian, Q. Wang, Y. Pu, C. Lyu, R. Beyah, "UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware", to appear in the 32nd USENIX Security Symposium (USENIX Security), 2023 (PDF)
-
F. Shezan, M. Long, D. Hasani, G. Wang, Y. Tian, “SenRev: Measurement of Personal Information Disclosure in Online Health Communities”, to appear in the proceedings of Privacy Enhancing Technologies Symposium (PoPETs/PETS), 2023 (PDF)
-
F. Shezan, Z. Su, M. Kang, N. Phair, P. Thomas, M. Dam, Y. Cao, and Y. Tian, “CHKPLUG: Checking GDPR Compliance of WordPress Plugins via Cross-language Code Property Graph”, to appear in the proceedings of Network & Distributed System Security Symposium (NDSS), 2023 (PDF, CODE)
-
M. Parvez, J. Chi, W. Ahmad, Y. Tian, K. Chang, “Retrieval Enhanced Data Augmentation for Question Answering on Privacy Policies”, to appear in the 17th Conference of the European Chapter of the Association for Computational Linguistics (EACL), 2023 (PDF)
-
T. Saha, T. Rahat, N. Aaraj, Y. Tian, N. Jha, "ML-FEED: Machine Learning Framework for Efficient Exploit Detection'', in the IEEE International Conference on Trust, Privacy, and Security (TPS), 2022.
-
T. Rahat, Y. Feng, and Y. Tian, "Cerberus: Query-driven Scalable Security Checking for OAuth Service Provider Implementations", to appear in the 29th ACM Conference on Computer and Communications Security (CCS 2022) (PDF)
-
J. Chi, W. Shand, Y. Yu, K. Chang, H. Zhao, Y. Tian, "Conditional Supervised Contrastive Learning for Fair Text Classification", in EMNLP Findings 2022 (PDF, CODE)
-
T. Le, D. Huang, N. Apthorpe, Y. Tian, "SkillBot: Identifying Risky Content for Children in Alexa Skills", to appear in the ACM Transactions on Internet Technology (ACM TOIT), 2022 (PDF)
-
B. Zhao, S. Ji, J. Xu, Y. Tian, Q. Wei, Q. Wang, C. Lyu, X. Zhang, C. Lin, J. Wu, and R. Beyah, "A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-party Components in IoT Firmware", to appear in the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2022) (PDF)
-
X. Xie, Z. Hong, Z. Qin, Z. Fang, Y. Tian, D. Zhang, "TransRisk: Mobility Privacy Risk Prediction based on Transferred Knowledge", to appear in the 2022 ACM International Joint Conference on Pervasive and Ubiquitous Computing (Ubicomp 2022) (PDF)
-
J. Chi, J. Shen, X. Dai, W. Zhang, Y. Tian, and H. Zhao, "Towards Return Parity in Markov Decision Processes", to appear in the 25th International Conference on Artificial Intelligence and Statistics (AISTATS 2022) (PDF, CODE)
-
Y. Meng, J. Li, M. Pillari, A. Deopujari, L. Brennan, H. Shamsie, H. Zhu, Y. Tian, “Your Microphone Array Retains Your Identity: A Robust Voice Liveness Detection System for Smart Speakers”, to appear in the 31st USENIX Security Symposium (Usenix Security 2022) (PDF)
-
Q. Wang, S. Ji, Y. Tian, X. Zhang, B. Zhao, Y. Kan, Z. Lin, C. Lin, S. Deng. A. Liu, R. Beyah, "MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols", to appear in the 30th USENIX Security Symposium (Usenix Security 2021) (PDF, Code)
-
F. Suya, S. Mahloujifar, A. Suri, D. Evans, Y. Tian, "Model-Targeted Poisoning Attacks with Provable Convergence", to appear in the Thirty-eighth International Conference on Machine Learning (ICML 2021) (PDF, Code)
-
J. Chi, Y. Tian, G. Gordon, and H. Zhao, "Understanding and Mitigating Accuracy Disparity in Regression" to appear in the Thirty-eighth International Conference on Machine Learning (ICML 2021) (PDF)
-
W. Ahmad*, J. Chi*, T. Le, T. Norton, Y. Tian, K. Chang, "Intent Classification and Slot Filling for Privacy Policies", to appear in the Joint Conference of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (ACL-IJCNLP 2021) (PDF)
-
S. Tan, B. Knott, Y. Tian, and D. Wu, "CRYPTGPU: Fast Privacy-Preserving Machine Learning on the GPU", to appear in the 42nd IEEE Symposium on Security and Privacy (Oakland), 2021 (PDF, Code)
-
F. Shezan, H. Hu, J. Wang, G. Wang, and Y. Tian, “VerHealth: Vetting Medical Voice Applications through Policy Enforcement”, to appear in the Proceedings of The ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT/UbiComp), 2021 (PDF)
-
S. Zawad, A. Ali, P. Chen, A. Anwar, Y. Zhou, N. Baracaldo, Y. Tian, F. Yan, “Curse or Redemption? How Data Heterogeneity Affects the Robustness of Federated Learning”, to appear in the Thirty-Fifth AAAI Conference on Artificial Intelligence (AAAI-21), 2021 (PDF)
-
H. Zhao, J. Chi, Y. Tian, G. Gordon, "Trade-offs and Guarantees on Adversarial Representation Learning for Information Obfuscation", in Thirty-fourth Conference on Neural Information Processing Systems (NeurIPS), Dec 2020. (PDF)
-
W. Ahmad, J. Chi, Y. Tian, K. Chang, "PolicyQA: A Reading Comprehension Dataset for Privacy Policies", in the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP Findings), Nov 2020. (PDF, Code)
-
F. Suya, J. Chi, D. Evans, Y. Tian, "Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries", to appear in the 29th Usenix Security Symposium (Usenix Security), 2020 (PDF, Slides, Code), Artifact Evaluated
-
Z. Tang, K. Tang, M. Xue, Y. Tian, M. Ikram, T. Wang, H. Zhu, "iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Apps", to appear in the 29th Usenix Security Symposium (Usenix Security), 2020 (PDF, Slides)
-
F. Shezan, H. Hu, J. Wang, G. Wang, and Y. Tian, “Read Between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant Systems”, to appear in the Web Conference (WWW), May 2020. (PDF)
-
Y. Lee, Y. Zhao, J. Zeng, K. Lee, N. Zhang, F. Shezan, Y. Tian, K. Chen, X. Wang, “SPEAKER-RADAR: a Sonar-based Liveness Detection System for Protecting Smart Speakers Against Remote Attackers”, to appear in the ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp), September 2020. (PDF)
-
F. Shezan, K. Cheng, Z. Zhang, Y. Cao, Y. Tian, “TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications”, in the NDSS Symposium 2020 (PDF)
-
J. Chi, H. Zhao, Y. Tian, G. Gordon, “Privacy Guarantees for Adversarial Task-Specific Privacy Preservation”, to appear in NeurIPS 2019 Workshop on ML with Guarantees, December 2019 (PDF)
-
T. Rahat, Y. Feng, and Y. Tian, “OAuthLint: An Empirical Study on OAuth Bugs in Android
Applications”, in the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2019 (PDF)
-
D. Wang, P. Wang, D. He, and Y. Tian, “Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users”, in the 28th Usenix Security Symposium (Usenix Security), 2019 (PDF, Slides)
-
Y. Tian, C. Herley, S. Schechter, "StopGuessing: Using Guessed Passwords to Thwart Online Guessing", in 4th IEEE European Symposium on Security and Privacy (EuroS&P), 2019 (PDF, Code, Slides)
-
Y. Chen, M. Zha, N. Zhang, D. Xu, Q. Zhao, X. Feng, K. Yuan, F. Suya, Y. Tian, K. Chen, X. Wang, W. Zhou, "Demystifying Hidden Privacy Settings in Mobile Apps", in the 40th IEEE Symposium on Security and Privacy (Oakland), 2019 (PDF, Talk Preview)
-
N. Zhang, X. Mi, X. Feng, X. Wang, Y. Tian, F. Qian, "Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems", in the 40th IEEE Symposium on Security and Privacy (Oakland), 2019 (PDF, Talk Preview, Website)
-
S. Liu, Y. Wei, J. Chi, F. Shezan and Y. Tian, "Side Channel Attacks in GPU-Virtualization-Based Computation-Offload Systems", in IEEE Workshop on the Internet of Safe Things (SafeThings), co-located with Oakland 2019 (PDF, Slides)
-
T. Le, I. ElSayed-Aly, W. Jin, S. Ryu, G. Verrier, T. Rahat, B. Park, and Y. Tian, "Poster: Attack the Dedicated Short-Range Communication for Connected Vehicles", in the 40th IEEE Symposium on Security and Privacy (Oakland), 2019 (PDF)
-
G. Verrier, Y. Taylor, E. Fernandes, T. Kohno, Y. Tian, "SmartCity Security", 2018 USENIX Summit on Hot Topics in Security (HotSec), 2018
-
G. Verrier, H. Chen, D. Evans, Y. Tian, "Poster: How is GDPR Affecting Privacy Policies? ", the 27th USENIX Security Symposium (Usenix Security), 2018
-
Y. Zhuang, A. Rafetseder, Y. Hu, Y. Tian, J. Cappos, "Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps ", the 19th International Workshop on Mobile Computing Systems and Applications (HotMobile), 2018 (PDF)
-
F Suya, D Evans, Y Tian, "Poster: Adversaries Don’t Care About Averages: Batch Attacks on Black-Box Classifiers ", the 39th IEEE Symposium on Security and Privacy (Oakland), 2018
-
Y. Tian, N. Zhang, Y. Lin, X. Wang, X. Guo, P. Tague, “SmartAuth: User-Centered Authorization for the Internet of Things”, 26th Usenix Security Symposium (Usenix Security), 2017. Acceptance rate: 16.3% (PDF)
-
P. Marinescu, C. Parry, M. Pomarole, Y. Tian, P. Tague, I. Papagiannis, "IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks ", 38th IEEE Symposium on Security and Privacy (Oakland ), 2017. Acceptance rate: 13.3% (PDF)
-
F. Suya, Y. Tian, D. Evans, P. Papotti, “Query-limited Black-box Attacks to Classifiers”, NIPS workshop on machine learning and computer security, 2017
-
A. Alanwar, B. Balaji, Y. Tian, S. Yang, and M. Srivastava, "EchoSafe: Sonar-based Verifiable Interaction with Intelligent Digital Agents", to appear in 1st ACM Workshop on the Internet of Safe Things (SafeThings), 2017 (PDF)
-
Y. Tian, S. Chen, E. Chen, X. Ma, X. Wang, and P. Tague, "Swords and Shields - A Study of Mobile Game Hacks and Existing Defenses", 2016 Annual Computer Security Applications Conference (ACSAC), 2016. Acceptance rate: 22.8% (PDF)
-
Y. Tian, Y. Pei, E. Chen, S. Chen, R. Kotcher, and P. Tauge, "1000 Ways to Die in Mobile OAuth", Black Hat, 2016.
-
Y. Tian, E. Chen, J. Sousa, P. Tague, and H. Wang, "Poster: Privacy-Preserving Context Sharing in Social Platforms", 25th Usenix Security Symposium (Usenix Security), 2016
-
L. Bauer, S. Cai, L. Jia, T. Passaro, M. Stroucken, and Y. Tian, "Run-time Monitoring and Formal Analysis of Information Flows in Chromium", Network and Distributed System Security Symposium (NDSS), 2015. Acceptance rate: 16.9% (PDF)
-
Y. Tian, B. Liu, W. Dai, B. Ur, P. Tague, and L. Cranor, "Supporting Privacy-Conscious App Update Decisions with User Reviews", to appear in ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2015. Acceptance rate: 38% (PDF)
-
H. Wang, A. Moshchuk, M. Gamon, M. Haraty, S. Iqbal, E. Brown, A. Kapoor, C. Meek, E. Chen, Y. Tian, J. Teevan, M. Czerwinski, and S. Dumais, "The Activity Platform", Workshop on Hot Topics in Operating Systems(HotOS), 2015. Acceptance rate: 31.8% (PDF)
-
Y. Tian, K. Liu, A. Bhosale, L. Huang, P. Tague, and C. Jackson, “All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing”, 35th IEEE Symposium on Security and Privacy (Oakland ), 2014. Acceptance rate: 13.1% (PDF)
-
E. Chen, S. Chen, Y. Pei, Y. Tian, R. Kotcher, and P. Tague, "OAuth Demystified for Mobile Application Developers", ACM Conference on Computer and Communications Security (CCS), 2014. Acceptance rate: 18.6% (PDF)
-
L. Bauer, S. Cai, L. Jia, T. Passaro, and Y. Tian, “Analyzing the Dangers Posed by Chrome Extensions: A Case for Information-Flow-Based Protection”, IEEE Conference on Communications and Network Security(CNS), 2014. Acceptance rate: 29.2% (PDF)
-
Y. Kim, Y. Tian, L. Nguyen, and P. Tague, “LAPWiN: Location-Aided Probing for Protecting User Privacy in Wi-Fi Networks”, IEEE Conference on Communications and Network Security(CNS), 2014. Acceptance rate: 29.2% (PDF)
-
S. Kywe, C. Landis, Y. Pei, J. Satterfield, Y. Tian, and Patrick Tague, "PrivateDroid: Private Browsing Mode for Android", IEEE International Conference on Trust, Security, and Privacy in Computing and Communications (TrustCom), 2014 (PDF)
-
Y. Tian, K. Liu, A. Bhosale, L. Huang, P. Tague, and C. Jackson, “Poster: Attacks Exploiting the HTML5 Screen Sharing”, Women in Cyber Security (WiCys), 2014
-
L. Nguyen, Y. Tian, S. Cho, W. Kwak, S. Parab, Y. Kim, P. Tague, and J. Zhang, "UnLocIn: Unauthorized Location Inference on Smartphones without Being Caught", International Conference on Security and Privacy in Mobile Information and Communication Systems (PRISMS), June 2013. (PDF)
-
Y.Tian, C. Zheng, A. Desnos, "APKInspector: Static Analysis of Android Applications", Honeynet Workshop, 2013
-
A. Athreya, Y. Kim, X. Wang, Y. Tian, and P. Tague, "Poster: Packet Conductance for Statistical Intrusion Detection in Anonymous Networks", 34th IEEE Symposium on Security and Privacy (Oakland 2013), 2013
Patents
-
Y. Kim, L. Nguyen, Y. Tian, and P. Tague, "LAPWiN: Location-Aided Probing in Wi-Fi Networks", pending
Technical Reports
-
Y. Tian, C. Herley, and S. Schechter, "Exploring Mechanisms to Defend Against Online Password
Guessing", Microsoft Technical Report, 2016
-
L. Bauer, S. Cai, L. jia, T. Passaro, M. Stroucken, and Y. Tian, "Run-time Monitoring and Formal Analysis of Information Flows in Chromium", CMU Cylab Technical Report, 2015
bottom of page