Ya (Athena) Xiao

Ph.D. Student, Computer Science, Virginia Tech

Download Resume

Research Interests

Software and system security, including automatic vulnerabilities detection and repair in programs, the security of Industrial Control Systems (ICS), patch management; deep learning including Generative Adversarial Networks (GANs), deep reinforcement learning; theoretical cryptography and applied cryptography.


Virginia Polytechnic Institute and State University (Virginia Tech)

Ph.D. Student, Computer Science

Overall GPA: 4/4; Advisor: Danfeng (Daphne) Yao
Thesis committee members: Danfeng (Daphne) Yao, Matthew Hicks, Naren Ramakrishnan, Xinyang Ge(MSR)
Tentative thesis title: ACESO: Automatic Code Repair of Complex Security Vulnerabilities with Generative Adversarial Networks

Beijing University of Posts and Telecommunications (BUPT)

M.S. Information Security

Thesis title: Security Analysis of Lightweight Block Ciphers
Advisor: Lize Gu, Shihui Zheng
Research Topic: Cryptanalysis, Applied Cryptography

Beijing University of Posts and Telecommunications (BUPT)

B.S. Accounting; Minor in Information Security

Thesis title: Research on Risk Management and Control of Internet Financial

Honors and Awards


[1] Sazzadur Rehaman, Ya Xiao, Ke Tian, Fahad Shaon, Murat Kantarcioglu, Danfeng (Daphne) Yao. "RIGORITYJ: Deployment-quality Detection of Java Cryptographic Vulnerabilities" (under review).
[2] Ya Xiao, Danfeng (Daphne) Yao. Automatic Patch Generation for Security Functional Vulnerabilities with GAN" (Poster). 2018 IEEE Seure Development Conference (SecDev’18). Cambridge, MA. September, 2018.
[3] Ya Xiao, Shihui Zheng, Bin Sun. "Trusted GPSR Protocol without Reputation Faking in VANET". The Journal of Chine Universities of Posts and Telecommunications, Vol.22, No.5, pp. 22-55, 2015.


Research Assistant

Aug 2017 - Present

Computer Science Department, Virginia Tech, Blacksburg, VA

Teaching Assitant

August 2017 - December 2017

Computer Science Department, Virginia Tech, Blacksburg, VA

for course Principles of Computer Security taught by Prof. Matthew Hicks, which covers topics about cryptography, App security, network security, web security and forensics.

Research Assitant

Sept 2014 - June 2017

State Key Laboratory of Networking and Switching Technology, BUPT, China

Teaching Assitant

March 2015 - July 2015; March 2016 - July 2016

Computer Science Department, BUPT, Beijing, China

for course Mordern Cryptography taught by Prof. Shihui Zheng, which covers topics about symmetric ciphers, asymmetric ciphers, athuentication, digital signature, key management.


ACESO: Automatic Code Repair of Complex Security Vulnerabilities with Generative Adversarial Networks

This project is ongoing. It focuses on complex security vulnerabilities which can't be handled by existing automatic code repair solutions. The types of vulnerabilities this project targets include improper implementation of cryptography, access control, authentication, secure communication, authorization, and configuration process. I will focus on API misuse level vulnerabilities first due to its prevalence. Then I will proceed to the vulnerabilities in the libraries. I plan achive full automation of the repair process by training a Generative Adversarial Network (GAN) to generate patches for the complex security vulnerabilities.

Patch management of Industrial Control System (ICS)

This project is ongoing. It focuses on the process of applying security patches in ICS. In ICS, the critical infrastructures require the high reliability and stability of their systems and software. Therefore, many software remain vulnerable after the corresponding patches available. This project aims to learn the practice of the patch management process in ICS, and then prosent solutions to promote secure practice of applying patches to address vulnerabilities.

Detection of Cryptographic Vulnerabilities in Java Programs

This project focuses on the vulnerabilities caused by errors and misuses in cryptographic implementation. We developed a tool which can detect these cryptographic vulnerabilities in Java source code.

Inclusive Excellence Activities

Academic Service

Useful Resources