​Research Interests

My research interests involve security, privacy and its interactions with system, machine learning, and human-computer interactions. My current research focuses on developing novel technologies for protecting user privacy, particularly in the areas of Internet of Things and mobile paltforms. I use multiple tools such as program analysis, protocol analysis, machine learning, and user studies to understand security risks and develop systems that are secure and privacy preserving. My work has been published in top-tier security conferences (such as Oakland, CCS, and NDSS), and has also been adopted by platform designers and application developers (such as Chrome, Firefox, and iOS). 

​Publications

 

            Papers

  • F. Suya, J. Chi, D. Evans, Y. Tian, "Improving Black-box Attacks on Classifiers by Combining
    Transfer and Gradient Attacks", to appear in the 29th Usenix Security Symposium (Usenix Security), 2020

  • T. Rahat, Y. Feng, and Y. Tian, “OAuthLint: An Empirical Study on OAuth Bugs in Android
    Applications”, to appear in the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2019

  • D. Wang, P. Wang, D. He, and Y. Tian, “Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users”,  to appear in the 28th Usenix Security Symposium (Usenix Security), 2019 (PDFSlides)

  • Y. Tian, C. Herley, S. Schechter, "StopGuessing: Using Guessed Passwords to Thwart Online Guessing", to appear in 4th IEEE European Symposium on Security and Privacy (EuroS&P), 2019 (PDF, CodeSlides)

 

  • Y. Chen, M. Zha, N. Zhang, D. Xu, Q. Zhao, X. Feng, K. Yuan, F. Suya, Y. Tian, K. Chen, X. Wang, W. Zhou, "Demystifying Hidden Privacy Settings in Mobile Apps", in the 40th IEEE Symposium on Security and Privacy (Oakland), 2019 (PDFTalk Preview)

 

  • N. Zhang, X. Mi, X. Feng, X. Wang, Y. Tian, F. Qian, "Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems", in the 40th IEEE Symposium on Security and Privacy (Oakland), 2019 (PDF, Talk Preview, Website)

  • S. Liu, Y. Wei, J. Chi, F. Shezan and Y. Tian, "Side Channel Attacks in GPU-Virtualization-Based Computation-Offload Systems", in IEEE Workshop on the Internet of Safe Things (SafeThings), co-located with Oakland 2019 (PDF, Slides)

  • T. Le, I. ElSayed-Aly, W. Jin, S. Ryu, G. Verrier, T. Rahat, B. Park, and Y. Tian, "Poster: Attack the Dedicated Short-Range Communication for Connected Vehicles", in the 40th IEEE Symposium on Security and Privacy (Oakland), 2019 (PDF)

  • G. Verrier, Y. Taylor, E. Fernandes, T. Kohno, Y. Tian, "SmartCity Security", 2018 USENIX Summit on Hot Topics in Security (HotSec), 2018

  • G. Verrier, H. Chen, D. Evans, Y. Tian, "Poster: How is GDPR Affecting Privacy Policies? ", the 27th USENIX Security Symposium (Usenix Security), 2018

  • Y. Zhuang, A. Rafetseder, Y. Hu, Y. Tian, J. Cappos, "Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps ", the 19th International Workshop on Mobile Computing Systems and Applications (HotMobile), 2018 (PDF)

​​

  • F Suya, D Evans, Y Tian, "Poster: Adversaries Don’t Care About Averages: Batch Attacks on Black-Box Classifiers ", the 39th IEEE Symposium on Security and Privacy (Oakland), 2018

 

  • Y. Tian, N. Zhang, Y. Lin, X. Wang, X. Guo, P. Tague, “SmartAuth: User-Centered Authorization for the Internet of Things”, 26th Usenix Security Symposium (Usenix Security), 2017. Acceptance rate: 16.3% (PDF)

 

  • P. Marinescu, C. Parry, M. Pomarole, Y. Tian, P. Tague, I. Papagiannis, "IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks ", 38th IEEE Symposium on Security and Privacy (Oakland ), 2017. Acceptance rate: 13.3% (PDF)

 

  • F. Suya, Y. Tian, D. Evans, P. Papotti, “Query-limited Black-box Attacks to Classifiers”, NIPS workshop on machine learning and computer security, 2017

 

  • A. Alanwar, B. Balaji, Y. Tian, S. Yang, and M. Srivastava, "EchoSafe: Sonar-based Verifiable Interaction with Intelligent Digital Agents", to appear in 1st ACM Workshop on the Internet of Safe Things (SafeThings), 2017 (PDF)

 

  • Y. Tian, S. Chen, E. Chen, X. Ma, X. Wang, and P. Tague, "Swords and Shields - A Study of Mobile Game Hacks and Existing Defenses", 2016 Annual Computer Security Applications Conference (ACSAC), 2016.  Acceptance rate: 22.8% (PDF

 

  • Y. Tian, Y. Pei, E. Chen, S. Chen, R. Kotcher, and P. Tauge, "1000 Ways to Die in Mobile OAuth", Black Hat, 2016.

 

  • Y. Tian, E. Chen,  J. Sousa, P. Tague, and H. Wang, "Poster: Privacy-Preserving Context Sharing in Social Platforms", 25th Usenix Security Symposium (Usenix Security), 2016

 

  • L. Bauer, S. Cai, L. Jia, T. Passaro, M. Stroucken, and Y. Tian, "Run-time Monitoring and Formal Analysis of Information Flows in Chromium", Network and Distributed System Security Symposium (NDSS), 2015. Acceptance rate: 16.9% (PDF)

 

  • Y. Tian, B. Liu, W. Dai, B. Ur, P. Tague, and L. Cranor, "Supporting Privacy-Conscious App Update Decisions with User Reviews", to appear in ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2015. Acceptance rate: 38% (PDF)

 

  • H. Wang, A. Moshchuk, M. Gamon, M. Haraty, S. Iqbal, E. Brown, A. Kapoor, C. Meek, E. Chen, Y. Tian, J. Teevan, M. Czerwinski, and S. Dumais, "The Activity Platform", Workshop on Hot Topics in Operating Systems(HotOS), 2015. Acceptance rate: 31.8% (PDF)

 

  • Y. Tian, K. Liu, A. Bhosale, L. Huang, P. Tague, and C. Jackson, “All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing”, 35th IEEE Symposium on Security and Privacy (Oakland ), 2014. Acceptance rate: 13.1% (PDF)

 

  •  E. Chen, S. Chen, Y. Pei, Y. Tian, R. Kotcher, and P. Tague, "OAuth Demystified for Mobile Application Developers", ACM Conference on Computer and Communications Security (CCS), 2014. Acceptance rate: 18.6% (PDF)

 

  • L. Bauer, S. Cai, L. Jia, T. Passaro, and Y. Tian, “Analyzing the Dangers Posed by Chrome Extensions: A Case for Information-Flow-Based Protection”, IEEE Conference on Communications and Network Security(CNS), 2014. Acceptance rate: 29.2% (PDF)

 

  • Y. Kim, Y. Tian, L. Nguyen, and P. Tague, “LAPWiN: Location-Aided Probing for Protecting User Privacy in Wi-Fi Networks”, IEEE Conference on Communications and Network Security(CNS), 2014. Acceptance rate: 29.2% (PDF)

 

  • S. Kywe, C. Landis, Y. Pei, J. Satterfield, Y. Tian, and Patrick Tague, "PrivateDroid: Private Browsing Mode for Android", IEEE International Conference on Trust, Security, and Privacy in Computing and Communications (TrustCom), 2014 (PDF)

 

  • Y. Tian, K. Liu, A. Bhosale, L. Huang, P. Tague, and C. Jackson, “Poster: Attacks Exploiting the HTML5 Screen Sharing”, Women in Cyber Security (WiCys), 2014

 

  • L. Nguyen, Y. Tian, S. Cho, W. Kwak, S. Parab, Y. Kim, P. Tague, and J. Zhang, "UnLocIn: Unauthorized Location Inference on Smartphones without Being Caught", International Conference on Security and Privacy in Mobile Information and Communication Systems (PRISMS), June 2013. (PDF)

 

  • Y.Tian, C. Zheng, A. Desnos, "APKInspector: Static Analysis of Android Applications", Honeynet Workshop, 2013

 

 

      Patents

 

 

    Technical Reports

 

  • Y. Tian, C. Herley, and S. Schechter, "Exploring Mechanisms to Defend Against Online Password

Guessing", Microsoft Technical Report, 2016

 

  • L. Bauer, S. Cai, L. jia, T. Passaro, M. Stroucken, and Y. Tian, "Run-time Monitoring and Formal Analysis of Information Flows in Chromium", CMU Cylab Technical Report, 2015