Ya Xiao

Hi, I am a 5th year computer science Ph.D candidate in Virginia Tech. My advisor is Danfeng (Daphne) Yao. I earned my bachelor and master degree in Beijing University of Posts and Telecommunications (BUPT) in China. My research lies in deep learning applications in programming language, software security, and cryptography, including code embedding, learning-based automatic vulnerabilities detection and repair, neural cryptanalysis.

• [06/22/2021] My research proposal is accepted by the Doctoral Symposium of ESEC/FSE'21
• [02/18/2021] Excited that I am on the news!
• [12/08/2020] I am awarded the Dennis G. Kafura Fellowship for 2021.
• [06/26/2020] I will give a tutorial "Principles and Practices of Secure Crypto Codeing in Java" in SecDev'20
• [03/30/2020] Our paper about randomization measurement under JIT-ROP is accepted by CCS 2020.

• Danfeng (Daphne) Yao (Committee Chair)

Professor, Elizabeth and James E. Turner Jr. '56 Faculty Fellow and CACI Faculty Fellow, Virginia Tech

• Naren Ramakrishnan

Professor, Thomas L. Phillips Professor of Engineering, Virginia Tech

• Matthew Hicks

Assistant Professor, Virginia Tech

• Xinyang Ge

Researcher, Microsoft Research

• Patrick Drew McDaniel

Professor, William L. Weiss Professor of Information and Communications Technology, PSU;

• Neural Network Based Code Repair Guided by Program Analysis Insights. [Ongoing]

  We design and comprehensively compare the neural-network-based methodologies to model Java security API usage. We design the program-analysis-guided embedding strategies to produce the dependence-aware code embedding. We develop a learning based code suggestion engine to suggest the correct API usage based on multiple data dependence paths extracted by program analysis.

• Measurement for Security (Re)Randomization under JIT-ROP

  Paper: Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP. Salman Ahmed, Ya Xiao, Kevin Snow, Gang Tan, Fabian Monrose, Danfeng (Daphne) Yao. The 27th ACM Conference on Computer and Communications Security (CCS '20) PDF

• Neural Cryptanalysis for Cipher Strength Evaluation in Black-box Manner

  Paper: Neural Cryptanalysis: Metrics, Methodology, and Applications in CPS Ciphers. Ya Xiao, Qingying Hao, Danfeng (Daphne) Yao. The 2019 IEEE Conference on Dependable and Secure Computing (IDSC'19) PDF

• CryptoGuard for Secure Cryptography Implementation

  Paper: CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects. Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz1, Murat Kantarcioglu and Danfeng (Daphne) Yao. The 26th ACM Conference on Computer and Communications Security (CCS '19) PDF

  Poster: Deployment-quality and Accessible Solutions for Cryptography Code Development. : Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Ke Tian, Miles Frantz, Danfeng (Daphne) Yao, Na Meng, Barton P. Miller, Fahad Shaon, Murat Kantarcioglu. 2019 IEEE Symposium on Security and Privacy (S&P'19)

• Cache Impact Measurement for Side Channel Attack

  Paper: Comparative Measurement of Cache Configurations Impacts on Cache Timing Side-Channel Attacks. Xiaodong Yu, Ya Xiao, Danfeng (Daphne) Yao and Kirk Cameron. The 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET'19). PDF

[06/2019-08/2019] Research Intern, Oracle Labs, Brisbane, Australia

Working with Dr. Cristina Cifuentes (Senior Director of Research & Development in Oracle Labs Australia), and Paddy Krishnan (Director, Research at Oracle Labs Australia

We successfully developed a new functionality, finding cryptographic vulnerabilities, in Oracle’s static code analysis tool Parfait. The detection achieves high precision with good scalability for large codebase.

• Member of Association of Women in Computing (AWC) at Virginia Tech. August 2018 - Present
• Volunteer for the weekly event Coding with the Elderly in Blacksburg. August 2018 - Present
• External reviewer of IEEE Transactions on Dependable and Secure Computing (TDSC)