Hi, I am a 5th year computer science Ph.D candidate in Virginia Tech. My advisor is Danfeng (Daphne) Yao. I earned my bachelor and master degree in Beijing University of Posts and Telecommunications (BUPT) in China. My research lies in deep learning applications in programming language, software security, and cryptography, including code embedding, learning-based automatic vulnerabilities detection and repair, neural cryptanalysis.
Professor, Elizabeth and James E. Turner Jr. '56 Faculty Fellow and CACI Faculty Fellow, Virginia Tech
Professor, Thomas L. Phillips Professor of Engineering, Virginia Tech
Assistant Professor, Virginia Tech
Researcher, Microsoft Research
Professor, William L. Weiss Professor of Information and Communications Technology, PSU;
We design and comprehensively compare the neural-network-based methodologies to model Java security API usage. We design the program-analysis-guided embedding strategies to produce the dependence-aware code embedding. We develop a learning based code suggestion engine to suggest the correct API usage based on multiple data dependence paths extracted by program analysis.
Paper: Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP. Salman Ahmed, Ya Xiao, Kevin Snow, Gang Tan, Fabian Monrose, Danfeng (Daphne) Yao. The 27th ACM Conference on Computer and Communications Security (CCS '20) PDF
Paper: Neural Cryptanalysis: Metrics, Methodology, and Applications in CPS Ciphers. Ya Xiao, Qingying Hao, Danfeng (Daphne) Yao. The 2019 IEEE Conference on Dependable and Secure Computing (IDSC'19) PDF
Paper: CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects. Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz1, Murat Kantarcioglu and Danfeng (Daphne) Yao. The 26th ACM Conference on Computer and Communications Security (CCS '19) PDF
Poster: Deployment-quality and Accessible Solutions for Cryptography Code Development. : Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Ke Tian, Miles Frantz, Danfeng (Daphne) Yao, Na Meng, Barton P. Miller, Fahad Shaon, Murat Kantarcioglu. 2019 IEEE Symposium on Security and Privacy (S&P'19)
Paper: Comparative Measurement of Cache Configurations Impacts on Cache Timing Side-Channel Attacks. Xiaodong Yu, Ya Xiao, Danfeng (Daphne) Yao and Kirk Cameron. The 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET'19). PDF
[06/2019-08/2019] Research Intern, Oracle Labs, Brisbane, Australia
Working with Dr. Cristina Cifuentes (Senior Director of Research & Development in Oracle Labs Australia), and Paddy Krishnan (Director, Research at Oracle Labs Australia
We successfully developed a new functionality, finding cryptographic vulnerabilities, in Oracle’s static code analysis tool Parfait. The detection achieves high precision with good scalability for large codebase.