Publications
A collection of my research work.
# Co-first author* Corresponding author
Hey, Your Secrets Leaked! Detecting and Characterizing Secret Leakage in the Wild
Jiawei Zhou#, Zidong Zhang#, Lingyun Ying*, Huajun Chai, Jiuxin Cao*, Haixin Duan
Introduces KEYSENTINEL for detecting structured and unstructured secrets, plus a large-scale study of leakage across GitHub, PyPI, and WeChat.
MiniBLE: Exploring Insecure BLE API Usages in Mini-Programs
Zidong Zhang, Jianqi Du, Wenrui Diao*, Jianliang Wu*
Studies insecure BLE pairing in IoT-oriented mini-programs and introduces MiniBLE, a static taint analysis tool evaluated on 41,276 real-world samples.
MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs
Zidong Zhang, Qinsheng Hou, Lingyun Ying*, Wenrui Diao*, Yacong Gu, Rui Li, Shanqing Guo, Haixin Duan
Identifies MiniCPRF in mini-programs and presents MiniCAT, which found 13,349 potentially vulnerable samples among 41,726 analyzable mini-programs.
Living in the Past: Analyzing BLE IoT Devices Based on Mobile Companion Apps in Old Versions
Jianqi Du, Zidong Zhang, Fenghao Xu*, Wenrui Diao*
Shows that old BLE companion apps can still expose device vulnerabilities, since many IoT devices cannot receive meaningful firmware fixes.
Identifying the BLE Misconfigurations of IoT Devices through Companion Mobile Apps
Jianqi Du, Fenghao Xu*, Chennan Zhang, Zidong Zhang, Xiaoyin Liu, Pengcheng Ren, Wenrui Diao*, Shanqing Guo, Kehuan Zhang
Detects BLE misconfigurations through companion app analysis and applies BSC-Checker to 4,589 apps across multiple markets.