Profile at Google Scholar

Publications

  1. Fengyu Liu, Youkun Shi, Yuan Zhang, Guangliang Yang, Enhao Li, Min Yang. MOCGuard: Accurately Detecting Missing-Owner-Check Vulnerabilities in Java Web Applications. S&P 2025.

  2. Yizhe Shi, Zhemin Yang, Kangwei Zhong, Guangliang Yang, Yifan Yang, Xiaohan Zhang, Min Yang. The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps. NDSS 2025.

  3. Zhibo Zhang, Lei Zhang, Guangliang Yang, Yanjun Chen, Jiahao Xu, Min Yang. The Dark Forest: Understanding Security Risks of Cross-Party Delegated Resources in Mobile App-in-App Ecosystems. IEEE Transactions on Information Forensics and Security (TIFS) 2024.

  4. Keke Lian, Lei Zhang, Guangliang Yang, Shuo Mao, Xinjie Wang, Yuan Zhang, Min Yang. Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications. FSE 2024.
    ACM SIGSOFT Distinguished Paper award

  5. Feng Xiao, Zhongfu Su, Guangliang Yang, and Wenke Lee. JASMINE: Scale up JavaScript Static Security Analysis with Computation-based Semantic Explanation. IEEE S&P 2024.

  6. Peng Deng, Zhemin Yang, Lei Zhang, Guangliang Yang, Wenzheng Hong, Yuan Zhang, and Min Yang. NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic. ACM CCS 2023.

  7. Shuai li, Zhemin Yang, Guangliang Yang, Hange Zhang, Nan Hua, Yurui Huang, and Min Yang. Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps. USENIX Security 2023.

  8. Feng Xiao, Zheng Yang, Joey Allen, Guangliang Yang, Grant Williams, and Wenke Lee. Understanding and Mitigating Remote Code Execution Vulnerabilities in Cross-Platform Ecosystem. ACM CCS 2022.

  9. Shuai Li, Zhemin Yang, Nan Hua, Peng Liu, Xiaohan Zhang, Guangliang Yang, and Min Yang. Collect Responsibly But Deliver Arbitrarily? A Study on Cross-User Privacy Leakage in Mobile Apps. ACM CCS 2022.

  10. Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, and Min Yang. Identity Confusion in WebView-based Mobile App-in-app Ecosystems. Usenix Security 2022.
    Distinguished Paper Award

  11. Phakpoom Chinprutthiwong, Raj Vardhan, Guangliang Yang, Yangyong Zhang, and Guofei Gu. The Service Worker Hiding in Your Browser: The Next Web Attack Target? RAID 2021.

  12. Feng Xiao, Jianwei Huang, Yichang Xiong, Guangliang Yang, Hong Hu, Guofei Gu, and Wenke Lee. Abusing Hidden Properties to Attack the Node.js Ecosystem. Usenix Security 2021.

  13. Dongsong Yu, Guangliang Yang, Guozhu Meng, Xiaorui Gong, Xiu Zhang, Xiaobo Xiang, Xiaoyu Wang, Yue Jiang, Kai Chen, Wei Zou, Wenke Lee, and Wenchang Shi. SEPAL: Towards a Large-scale Analysis of SEAndroid Policy Customization. WWW 2021.

  14. Phakpoom Chinprutthiwong, Raj Vardhan, Guangliang Yang, and Guofei Gu. Security Study of Service Worker Cross-Site Scripting. ACSAC 2020.

  15. Guangliang Yang, Jeff Huang, and Guofei Gu. Iframes/Popups Are Dangerous in Mobile WebView: Studying and Mitigating Differential Context Vulnerabilities. Usenix Security 2019.

  16. Yangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, and Guofei Gu. Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications. NDSS 2019.

  17. Haopei Wang, Guangliang Yang, Phakpoom Chinprutthiwong, Lei Xu, Yangyong Zhang, and Guofei Gu. Towards Fine-grained Network Security Forensics and Diagnosis in the SDN Era. ACM CCS 2018.

  18. Guangliang Yang, Jeff Huang, Guofei Gu, and Abner Mendoza. Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications. IEEE S&P 2018.

  19. Guangliang Yang, Jeff Huang, and Guofei Gu. Automated Generation of Event-Oriented Exploits in Android Hybrid Apps. NDSS 2018.

  20. Guangliang Yang, Abner Mendoza, Jialong Zhang, and Guofei Gu. Precisely and Scalably Vetting JavaScript Bridge In Android Hybrid Apps. RAID 2017.

  21. Chao Yang, Guangliang Yang, Ashish Gehani, and Guofei Gu. Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps. International Conference on Security and Privacy in Communication Systems 2015.

  22. Zhaoyan Xu, Antonio Nappa, Robert Baykov, Guangliang Yang, Juan Caballero, and Guofei Gu. AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis. ACM CCS 2014
    Finalist for CSAW Best Applied Security Paper Award 2015