​Research Interests

My research interests involve security, privacy and its interactions with system, machine learning, and human-computer interactions. My current research focuses on developing novel technologies for protecting user privacy, particularly in the areas of Internet of Things and mobile paltforms. I use multiple tools such as program analysis, protocol analysis, machine learning, and user studies to understand security risks and develop systems that are secure and privacy preserving. My work has been published in top-tier security conferences (such as Oakland, CCS, and NDSS), and has also been adopted by platform designers and application developers (such as Chrome, Firefox, and iOS). 

​Publications

 

            Papers

  • H. Zhao, J. Chi, Y. Tian, G. Gordon, "Trade-offs and Guarantees on Adversarial Representation Learning for Information Obfuscation", in Thirty-fourth Conference on Neural Information Processing Systems (NeurIPS), Dec 2020. 

  • W. Ahmad, J. Chi, Y. Tian, K. Chang, "PolicyQA: A Reading Comprehension Dataset for Privacy Policies", in the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP Findings), Nov 2020. 

  • F. Suya, J. Chi, D. Evans, Y. Tian, "Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries", to appear in the 29th Usenix Security Symposium (Usenix Security), 2020 (PDF, Slides, Code), Artifact Evaluated

  • Z. Tang, K. Tang, M. Xue, Y. Tian, M. Ikram, T. Wang, H. Zhu, "iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Apps", to appear in the 29th Usenix Security Symposium (Usenix Security), 2020 (PDF, Slides)

  • F. Shezan, H. Hu, J. Wang, G. Wang, and Y. Tian, “Read Between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant Systems”, to appear in the Web Conference (WWW), May 2020. (PDF)

  • Y. Lee, Y. Zhao, J. Zeng, K. Lee, N. Zhang, F. Shezan, Y. Tian, K. Chen, X. Wang, “SPEAKER-RADAR: a Sonar-based Liveness Detection System for Protecting Smart Speakers Against Remote Attackers”, to appear in the ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp), September 2020. 

  • F. Shezan, K. Cheng, Z. Zhang, Y. Cao, Y. Tian, “TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications”, in the NDSS Symposium 2020 (PDF)

  • J. Chi, H. Zhao, Y. Tian, G. Gordon, “Privacy Guarantees for Adversarial Task-Specific Privacy Preservation”, to appear in NeurIPS 2019 Workshop on ML with Guarantees, December 2019 (PDF)

  • T. Rahat, Y. Feng, and Y. Tian, “OAuthLint: An Empirical Study on OAuth Bugs in Android
    Applications”, in the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2019 (PDF)

  • D. Wang, P. Wang, D. He, and Y. Tian, “Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users”,  in the 28th Usenix Security Symposium (Usenix Security), 2019 (PDFSlides)

  • Y. Tian, C. Herley, S. Schechter, "StopGuessing: Using Guessed Passwords to Thwart Online Guessing", in 4th IEEE European Symposium on Security and Privacy (EuroS&P), 2019 (PDF, CodeSlides)

 

  • Y. Chen, M. Zha, N. Zhang, D. Xu, Q. Zhao, X. Feng, K. Yuan, F. Suya, Y. Tian, K. Chen, X. Wang, W. Zhou, "Demystifying Hidden Privacy Settings in Mobile Apps", in the 40th IEEE Symposium on Security and Privacy (Oakland), 2019 (PDFTalk Preview)

 

  • N. Zhang, X. Mi, X. Feng, X. Wang, Y. Tian, F. Qian, "Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems", in the 40th IEEE Symposium on Security and Privacy (Oakland), 2019 (PDF, Talk Preview, Website)

  • S. Liu, Y. Wei, J. Chi, F. Shezan and Y. Tian, "Side Channel Attacks in GPU-Virtualization-Based Computation-Offload Systems", in IEEE Workshop on the Internet of Safe Things (SafeThings), co-located with Oakland 2019 (PDF, Slides)

  • T. Le, I. ElSayed-Aly, W. Jin, S. Ryu, G. Verrier, T. Rahat, B. Park, and Y. Tian, "Poster: Attack the Dedicated Short-Range Communication for Connected Vehicles", in the 40th IEEE Symposium on Security and Privacy (Oakland), 2019 (PDF)

  • G. Verrier, Y. Taylor, E. Fernandes, T. Kohno, Y. Tian, "SmartCity Security", 2018 USENIX Summit on Hot Topics in Security (HotSec), 2018

  • G. Verrier, H. Chen, D. Evans, Y. Tian, "Poster: How is GDPR Affecting Privacy Policies? ", the 27th USENIX Security Symposium (Usenix Security), 2018

  • Y. Zhuang, A. Rafetseder, Y. Hu, Y. Tian, J. Cappos, "Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps ", the 19th International Workshop on Mobile Computing Systems and Applications (HotMobile), 2018 (PDF)

​​

  • F Suya, D Evans, Y Tian, "Poster: Adversaries Don’t Care About Averages: Batch Attacks on Black-Box Classifiers ", the 39th IEEE Symposium on Security and Privacy (Oakland), 2018

 

  • Y. Tian, N. Zhang, Y. Lin, X. Wang, X. Guo, P. Tague, “SmartAuth: User-Centered Authorization for the Internet of Things”, 26th Usenix Security Symposium (Usenix Security), 2017. Acceptance rate: 16.3% (PDF)

 

  • P. Marinescu, C. Parry, M. Pomarole, Y. Tian, P. Tague, I. Papagiannis, "IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks ", 38th IEEE Symposium on Security and Privacy (Oakland ), 2017. Acceptance rate: 13.3% (PDF)

 

  • F. Suya, Y. Tian, D. Evans, P. Papotti, “Query-limited Black-box Attacks to Classifiers”, NIPS workshop on machine learning and computer security, 2017

 

  • A. Alanwar, B. Balaji, Y. Tian, S. Yang, and M. Srivastava, "EchoSafe: Sonar-based Verifiable Interaction with Intelligent Digital Agents", to appear in 1st ACM Workshop on the Internet of Safe Things (SafeThings), 2017 (PDF)

 

  • Y. Tian, S. Chen, E. Chen, X. Ma, X. Wang, and P. Tague, "Swords and Shields - A Study of Mobile Game Hacks and Existing Defenses", 2016 Annual Computer Security Applications Conference (ACSAC), 2016.  Acceptance rate: 22.8% (PDF

 

  • Y. Tian, Y. Pei, E. Chen, S. Chen, R. Kotcher, and P. Tauge, "1000 Ways to Die in Mobile OAuth", Black Hat, 2016.

 

  • Y. Tian, E. Chen,  J. Sousa, P. Tague, and H. Wang, "Poster: Privacy-Preserving Context Sharing in Social Platforms", 25th Usenix Security Symposium (Usenix Security), 2016

 

  • L. Bauer, S. Cai, L. Jia, T. Passaro, M. Stroucken, and Y. Tian, "Run-time Monitoring and Formal Analysis of Information Flows in Chromium", Network and Distributed System Security Symposium (NDSS), 2015. Acceptance rate: 16.9% (PDF)

 

  • Y. Tian, B. Liu, W. Dai, B. Ur, P. Tague, and L. Cranor, "Supporting Privacy-Conscious App Update Decisions with User Reviews", to appear in ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2015. Acceptance rate: 38% (PDF)

 

  • H. Wang, A. Moshchuk, M. Gamon, M. Haraty, S. Iqbal, E. Brown, A. Kapoor, C. Meek, E. Chen, Y. Tian, J. Teevan, M. Czerwinski, and S. Dumais, "The Activity Platform", Workshop on Hot Topics in Operating Systems(HotOS), 2015. Acceptance rate: 31.8% (PDF)

 

  • Y. Tian, K. Liu, A. Bhosale, L. Huang, P. Tague, and C. Jackson, “All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing”, 35th IEEE Symposium on Security and Privacy (Oakland ), 2014. Acceptance rate: 13.1% (PDF)

 

  •  E. Chen, S. Chen, Y. Pei, Y. Tian, R. Kotcher, and P. Tague, "OAuth Demystified for Mobile Application Developers", ACM Conference on Computer and Communications Security (CCS), 2014. Acceptance rate: 18.6% (PDF)

 

  • L. Bauer, S. Cai, L. Jia, T. Passaro, and Y. Tian, “Analyzing the Dangers Posed by Chrome Extensions: A Case for Information-Flow-Based Protection”, IEEE Conference on Communications and Network Security(CNS), 2014. Acceptance rate: 29.2% (PDF)

 

  • Y. Kim, Y. Tian, L. Nguyen, and P. Tague, “LAPWiN: Location-Aided Probing for Protecting User Privacy in Wi-Fi Networks”, IEEE Conference on Communications and Network Security(CNS), 2014. Acceptance rate: 29.2% (PDF)

 

  • S. Kywe, C. Landis, Y. Pei, J. Satterfield, Y. Tian, and Patrick Tague, "PrivateDroid: Private Browsing Mode for Android", IEEE International Conference on Trust, Security, and Privacy in Computing and Communications (TrustCom), 2014 (PDF)

 

  • Y. Tian, K. Liu, A. Bhosale, L. Huang, P. Tague, and C. Jackson, “Poster: Attacks Exploiting the HTML5 Screen Sharing”, Women in Cyber Security (WiCys), 2014

 

  • L. Nguyen, Y. Tian, S. Cho, W. Kwak, S. Parab, Y. Kim, P. Tague, and J. Zhang, "UnLocIn: Unauthorized Location Inference on Smartphones without Being Caught", International Conference on Security and Privacy in Mobile Information and Communication Systems (PRISMS), June 2013. (PDF)

 

  • Y.Tian, C. Zheng, A. Desnos, "APKInspector: Static Analysis of Android Applications", Honeynet Workshop, 2013

 

 

      Patents

 

 

    Technical Reports

 

  • Y. Tian, C. Herley, and S. Schechter, "Exploring Mechanisms to Defend Against Online Password

Guessing", Microsoft Technical Report, 2016

 

  • L. Bauer, S. Cai, L. jia, T. Passaro, M. Stroucken, and Y. Tian, "Run-time Monitoring and Formal Analysis of Information Flows in Chromium", CMU Cylab Technical Report, 2015