Zidong Zhang's Homepage

alt text 

Zidong 'kee1ongz’ Zhang (aka Zander Zhang)

PhD Student & Security Researcher, Simon Fraser University

Burnaby, Canada

Email: kee1ongzz [AT] gmail.com / zza323 [AT] sfu.ca

[Google Scholar] [Github] [CV]

News:

>>> Mar 2025: One paper accepted by IEEE S&P 2025. 2nd (co-) First-Author Paper in Big4!🎉Congrats Jiawei and See you in San Francisco !😊

>>> Nov 2024: I will serve as AEC Member for USENIX Security 2025.

>>> Aug 2024: One paper accepted by SaTS 2024 (Co-located with ACM CCS 2024). See you in Salt Lake x2!

>>> May 2024: One paper accepted by ACM CCS 2024. 1st First-Author Paper in Big4!🎉 See you in Salt Lake! 😊

>>> Nov 2023: Our team ranked 2023 DataCon Security Analysis Competition, Vulnerability Analysis Track, 3rd Place.

>>> Oct 2023: One paper accepted by MSN 2023.

>>> Jul 2022: One paper accepted by IEEE SECON 2022.

Biography

I am an upcoming PhD student in School of Computing Science at Simon Fraser University, under the supervision of Prof. Jianliang Wu. Before joining SFU, I obtained my M.S. degree from Shandong University, under the supervision of Prof. Wenrui Diao. I also interned at QI-ANXIN Research Institute, where I worked closely with Dr.Qinsheng Hou, Dr.Yacong Gu and Dr.Lingyun Ying. My research focuses on Web/mobile security.

Research Interests

My research focuses on uncovering security vulnerabilities that emerge from real-world scenarios in web and mobile ecosystems. I aim to push the boundaries of security analysis by identifying novel attack surfaces and quantifying their impact through large-scale automated program analysis. My current work emphasizes security risks in next-generation mobile applications—such as mini-programs, super apps, and companion applications for IoT devices, particularly those leveraging Bluetooth Low Energy (BLE). Also, I used to play CTFs, specializing in web security.

Education

Experience

Publications

Author with (✉️): Corresponding Author.

Author with * : Co-First Author.

  1. [S&P’25] Jiawei Zhou*, Zidong Zhang*, Lingyun Ying (✉️), Huajun Chai, Jiuxin Cao (✉️), and Haixin Duan. Hey, Your Secrets Leaked! Detecting and Characterizing Secret Leakage in the Wild. The 46th IEEE Symposium on Security and Privacy, San Francisco, CA, USA. May 12-15, 2025. [Top]

  2. [SaTS’24] Zidong Zhang, Jianqi Du, Wenrui Diao (✉️), and Jianliang Wu (✉️). MiniBLE: Exploring Insecure BLE API Usages in Mini-Programs. The 2nd ACM Workshop on Secure and Trustworthy Superapps, Salt Lake City, UT, USA. October 14, 2024. [PDF]

  3. [CCS’24] Zidong Zhang, Qinsheng Hou, Lingyun Ying (✉️), Wenrui Diao (✉️), Yacong Gu, Rui Li, Shanqing Guo, and Haixin Duan. MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs. The 31st ACM Conference on Computer and Communications Security, Salt Lake City, UT, USA. October 14-18, 2024. [Top] [PDF] [Code] [Slides]

  4. [MSN’23] Jianqi Du, Zidong Zhang, Fenghao Xu (✉️), and Wenrui Diao (✉️). Living in the Past: Analyzing BLE IoT Devices Based on Mobile Companion Apps in Old Versions. The 19th International Conference on Mobility, Sensing and Networking, Nanjing, China. December 14-16, 2023. [PDF]

  5. [SECON’22] Jianqi Du, Fenghao Xu (✉️), Chennan Zhang, Zidong Zhang, Xiaoyin Liu, Pengcheng Ren, Wenrui Diao (✉️), Shanqing Guo, and Kehuan Zhang. Identifying the BLE Misconfigurations of IoT Devices through Companion Mobile Apps. The 19th Annual IEEE International Conference on Sensing, Communication, and Networking, Virtual Conference. September 20-23, 2022. [PDF]

Professional Activities

Artifact Evaluation Committee

External Reviewer / Subreviewer:

Teaching

Teaching Assistant@SDU:

Awards

Useful Links

Misc

In my free time, I am an avid video game enthusiast, particularly fond of MMORPGs. I have been playing World of Warcraft since 2010, with a keen interest in Mythic+ dungeons (M+) and addon development.

My favorite and most proficient spec is Outlaw Rogue IconOutlaw Rogue.