Zidong Zhang's Homepage

Zidong 'kee1ongz’ Zhang (aka Zander Zhang)

PhD Student & Security Researcher, Simon Fraser University

Burnaby, Canada

Email: kee1ongzz [AT] gmail.com / zza323 [AT] sfu.ca

[Google Scholar] [Github] [CV]

News:

>>> Aug 2024: One paper accepted by SaTS 2024 (Co-located with ACM CCS 2024). See you in Salt Lake x2!

>>> May 2024: One paper accepted by ACM CCS 2024. My 1st First-Author Paper in Big4!🎉 See you in Salt Lake!

>>> Nov 2023: Our team ranked 2023 DataCon Security Analysis Competition, Vulnerability Analysis Track, 3rd Place.

>>> Oct 2023: One paper accepted by MSN 2023.

>>> Jul 2022: One paper accepted by IEEE SECON 2022.

Biography

I am an upcoming PhD student in School of Computing Science at Simon Fraser University, under the supervision of Prof. Jianliang Wu. Before joining SFU, I obtained my M.S. degree from Shandong University, under the supervision of Prof. Wenrui Diao. I also interned at QI-ANXIN Research Institute, where I worked closely with Dr.Qinsheng Hou, Dr.Yacong Gu and Dr.Lingyun Ying. My research focuses on Web/mobile security.

Research Interests

I am interested in all security issues originating from real-world scenarios in web and mobile systems. I aim to find new security issues and measure their impact through large-scale automatic program analysis. Currently, my primary focus is on security issues in emerging mobile applications (e.g., mini-programs and super apps) and companion applications for IoT devices, particularly those utilizing Bluetooth Low Energy (BLE). My favorite static code analysis tool is CodeQL, while I also prefer to use Firda/Xposed to analyze Andriod Apps dynamically.

Education

Sep 2024 - Jun 2028 (Expected): Ph.D. Student in Computer Science, supervised by Prof. Jianliang Wu, Simon Fraser University, Burnaby, BC, Canada.
Sep 2021 - Jun 2024: M.Sc. in Network and Information Security, supervised by Prof. Wenrui Diao, Shandong University, Qingdao, China.
Sep 2017 - Jun 2021: B.Sc. in Information Security, Hebei University, Baoding, China.

Experience

Oct 2022 - Aug 2024 (Expected): Security Researcher Intern, supervised by Dr.Lingyun Ying and Dr.Yacong Gu, QI-ANXIN Research Institute, Beijing, China.

Publications

Author with (✉️): Corresponding Author.

Author with * : Co-Author.

[SaTS’24] Zidong Zhang, Jianqi Du, Wenrui Diao (✉️), and Jianliang Wu (✉️). MiniBLE: Exploring Insecure BLE API Usages in Mini-Programs. The 2nd ACM Workshop on Secure and Trustworthy Superapps, Salt Lake City, UT, USA. October 14, 2024. [PDF]
[CCS’24] Zidong Zhang, Qinsheng Hou, Lingyun Ying (✉️), Wenrui Diao (✉️), Yacong Gu, Rui Li, Shanqing Guo, and Haixin Duan. MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs. The 31st ACM Conference on Computer and Communications Security, Salt Lake City, UT, USA. October 14-18, 2024. [Top] [PDF] [Code]
[MSN’23] Jianqi Du, Zidong Zhang, Fenghao Xu (✉️), and Wenrui Diao (✉️). Living in the Past: Analyzing BLE IoT Devices Based on Mobile Companion Apps in Old Versions. The 19th International Conference on Mobility, Sensing and Networking, Nanjing, China. December 14-16, 2023. [PDF]
[SECON’22] Jianqi Du, Fenghao Xu (✉️), Chennan Zhang, Zidong Zhang, Xiaoyin Liu, Pengcheng Ren, Wenrui Diao (✉️), Shanqing Guo, and Kehuan Zhang. Identifying the BLE Misconfigurations of IoT Devices through Companion Mobile Apps. The 19th Annual IEEE International Conference on Sensing, Communication, and Networking, Virtual Conference. September 20-23, 2022. [PDF]

Professional Activities

External Reviewer / Subreviewer:

ACM Conference on Computer and Communications Security (ACM CCS): 2024
IEEE European Symposium on Security and Privacy (IEEE EuroS&P): 2024
European Symposium on Research in Computer Security (ESORICS): 2022
International Conference on Information and Communications Security (ICICS): 2022
International Conference on Information Security and Cryptology (Inscrypt): 2023
CCF Chinasoft: 2023

Teaching

Teaching Assistant@SDU:

04630210 - Reverse Engineering: 2023 Spring
04630130 - Software Security: 2021 Fall

Awards

2023: DataCon Security Analysis Competition, Vulnerability Analysis Track, Third Place (3/689 teams)
2020: The Mathematical Contest in Modeling (MCM), Meritorious Winner
2020: National College Student Information Security Contest (CISCN), First Prize of North China Region
2019: National College Student Information Security Contest (CISCN), Second Prize of North China Region
2019: College Student Information Security Contest in Hebei Province, First Prize

Useful Links

Misc

In my free time, I am an avid video game enthusiast, particularly fond of MMORPGs. I have been playing World of Warcraft since 2010, with a keen interest in Mythic+ dungeons (M+) and addon development.

If you share similar interests, feel free to contact with my Discord invite link / or add me via this username: kee1ongz ;)