Profile at Google Scholar

Publications

  1. Fengyu Liu, Yuan Zhang, Tian Chen, Youkun Shi, Guangliang Yang, Zihan Lin, Min Yang, Junyao He, Qi Li. Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications. IEEE S&P, 2025.

  2. Zihan Lin, Yuan Zhang, Jiarun Dai, Xinyou Huang, Bocheng Xiang, Guangliang Yang, Letian Yuan, Lei Zhang, Fengyu Liu, Tian Chen, Min Yang. Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection. USENIX Security, 2025.

  3. Fengyu Liu, Youkun Shi, Yuan Zhang, Guangliang Yang, Enhao Li, Min Yang. MOCGuard: Accurately Detecting Missing-Owner-Check Vulnerabilities in Java Web Applications. IEEE S&P, 2025.

  4. Yizhe Shi, Zhemin Yang, Kangwei Zhong, Guangliang Yang, Yifan Yang, Xiaohan Zhang, Min Yang. The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps. NDSS, 2025.

  5. Zhibo Zhang, Lei Zhang, Guangliang Yang, Yanjun Chen, Jiahao Xu, Min Yang. The Dark Forest: Understanding Security Risks of Cross-Party Delegated Resources in Mobile App-in-App Ecosystems. IEEE Transactions on Information Forensics and Security (TIFS), 2024.

  6. Keke Lian, Lei Zhang, Guangliang Yang, Shuo Mao, Xinjie Wang, Yuan Zhang, Min Yang. Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications. FSE, 2024.
    ACM SIGSOFT Distinguished Paper award

  7. Feng Xiao, Zhongfu Su, Guangliang Yang, and Wenke Lee. JASMINE: Scale up JavaScript Static Security Analysis with Computation-based Semantic Explanation. IEEE S&P, 2024.

  8. Peng Deng, Zhemin Yang, Lei Zhang, Guangliang Yang, Wenzheng Hong, Yuan Zhang, and Min Yang. NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic. ACM CCS, 2023.

  9. Shuai li, Zhemin Yang, Guangliang Yang, Hange Zhang, Nan Hua, Yurui Huang, and Min Yang. Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps. USENIX Security, 2023.

  10. Feng Xiao, Zheng Yang, Joey Allen, Guangliang Yang, Grant Williams, and Wenke Lee. Understanding and Mitigating Remote Code Execution Vulnerabilities in Cross-Platform Ecosystem. ACM CCS, 2022.

  11. Shuai Li, Zhemin Yang, Nan Hua, Peng Liu, Xiaohan Zhang, Guangliang Yang, and Min Yang. Collect Responsibly But Deliver Arbitrarily? A Study on Cross-User Privacy Leakage in Mobile Apps. ACM CCS, 2022.

  12. Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, and Min Yang. Identity Confusion in WebView-based Mobile App-in-app Ecosystems. Usenix Security, 2022.
    Distinguished Paper Award

  13. Phakpoom Chinprutthiwong, Raj Vardhan, Guangliang Yang, Yangyong Zhang, and Guofei Gu. The Service Worker Hiding in Your Browser: The Next Web Attack Target? RAID, 2021.

  14. Feng Xiao, Jianwei Huang, Yichang Xiong, Guangliang Yang, Hong Hu, Guofei Gu, and Wenke Lee. Abusing Hidden Properties to Attack the Node.js Ecosystem. Usenix Security, 2021.

  15. Dongsong Yu, Guangliang Yang, Guozhu Meng, Xiaorui Gong, Xiu Zhang, Xiaobo Xiang, Xiaoyu Wang, Yue Jiang, Kai Chen, Wei Zou, Wenke Lee, and Wenchang Shi. SEPAL: Towards a Large-scale Analysis of SEAndroid Policy Customization. WWW, 2021.

  16. Phakpoom Chinprutthiwong, Raj Vardhan, Guangliang Yang, and Guofei Gu. Security Study of Service Worker Cross-Site Scripting. ACSAC, 2020.

  17. Guangliang Yang, Jeff Huang, and Guofei Gu. Iframes/Popups Are Dangerous in Mobile WebView: Studying and Mitigating Differential Context Vulnerabilities. Usenix Security, 2019.

  18. Yangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, and Guofei Gu. Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications. NDSS, 2019.

  19. Haopei Wang, Guangliang Yang, Phakpoom Chinprutthiwong, Lei Xu, Yangyong Zhang, and Guofei Gu. Towards Fine-grained Network Security Forensics and Diagnosis in the SDN Era. ACM CCS, 2018.

  20. Guangliang Yang, Jeff Huang, Guofei Gu, and Abner Mendoza. Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications. IEEE S&P, 2018.

  21. Guangliang Yang, Jeff Huang, and Guofei Gu. Automated Generation of Event-Oriented Exploits in Android Hybrid Apps. NDSS, 2018.

  22. Guangliang Yang, Abner Mendoza, Jialong Zhang, and Guofei Gu. Precisely and Scalably Vetting JavaScript Bridge In Android Hybrid Apps. RAID, 2017.

  23. Chao Yang, Guangliang Yang, Ashish Gehani, and Guofei Gu. Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps. International Conference on Security and Privacy in Communication Systems, 2015.

  24. Zhaoyan Xu, Antonio Nappa, Robert Baykov, Guangliang Yang, Juan Caballero, and Guofei Gu. AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis. ACM CCS, 2014
    Finalist for CSAW Best Applied Security Paper Award 2015