E-MAIL:    yyjess@sjtu.edu.cn
OFFICE:    3-530, SEIEE, Minhang Campus
    SJTU, Shanghai, China

Yuanyuan Zhang, Ph.D.

Associate Professor in Computer System Security


I am an Associate Professor in CS Department at Shanghai Jiao Tong University, the team lead of GoSec@CS.SJTU. The research field is computer software and system security. My current interest covers enclave program security, secure compilation, SDLC security, IoT security, and etc.

GoSec@CS.SJTU are currently in search of new talents to involve in our challenging practices, including firmware vulnerability discovery, secure compilation, IoT security, enclave bianry fuzzing, and etc. We are also recruiting postdocs and interns all year long. If you are interested in our work, feel free to throw your CV to Email: gossip@sjtu.edu.cn .

Research Projects

  • National Natural Science Foundation of China (Grant No.61872237): “Proprietary crypto-system positioning and analysis in executables”, 2019.1-2022.12.
  • Major program of Shanghai Science and Technology Commission (Grant No.15511103002): “Research on Mobile Smart Device Application Security Testing and Evaluating”, 2015.6.30-2017.6.30.
  • National Natural Science Foundation of China (Grant No.61103040): “Memory encryption and authentication based on address sequence abstraction”, 2012.1-2014.12.


Recent Papers

  • [ICSE 2022]Automated Detection of Password Leakage from Public GitHub Repositories
  • [RAID 2019] NLP-EYE:Detecting Memory Corruptions via Semantic-Aware Memory Operation Function Identification
  • [IEEE TSE 2019] A Semantics-Based Hybrid Approach on Binary Code Similarity Comparison
  • [SANER 2019] AppCommune: Automated Third-party Libraries De-duplicating and Updating for Android Apps
  • [CCS 2018] K-Hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces


  • 2020 上海交大“谷歌杯”学生创业计划大赛《蜚语代码安全增强平台》 唯一金奖
  • 2020 OPPO安全最佳合作伙伴奖
  • 2019 首届SGX应用创新大赛《面向SGX的程序自动化移植框架》 二等奖
  • 2018 上海市科技进步奖一等奖《互联网软件的安全分析与防护》 第四完成人
  • 2017 上海市计算机学会信息安全最佳论文奖
    [CCS'15] From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel