About Me

Hi, I am a 3rd year computer science Ph.D student in Virginia Tech. My advisor is Danfeng (Daphne) Yao. I earned my bachelor and master degree in Beijing University of Posts and Telecommunications (BUPT) in China. My research lies in deep learning applications in programming language, software security, and cryptography, including code embedding, learning-based automatic vulnerabilities detection and repair, neural cryptanalysis.

Recent News

  • [06/26/2020] I will give a tutorial "Principles and Practices of Secure Crypto Codeing in Java" in SecDev'20
  • [03/30/2020] Our paper about randomization measurement under JIT-ROP is accepted by CCS 2020.

Thesis Committee

Research Projects

  • Neuron Network Based Code Repair Guided by Program Analysis Insights. [Ongoing]

    We design and comprehensively compare the neural-network-based methodologies to model Java security API usage. We design the program-analysis-guided embedding strategies to produce the dependence-aware code embedding. We develop a learning based code suggestion engine to suggest the correct API usage based on multiple data dependence paths extracted by program analysis.

  • Measurement for Security (Re)Randomization under JIT-ROP

    Paper: Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP. Salman Ahmed, Ya Xiao, Kevin Snow, Gang Tan, Fabian Monrose, Danfeng (Daphne) Yao. The 27th ACM Conference on Computer and Communications Security (CCS '20) PDF

  • Neural Cryptanalysis for Cipher Strength Evaluation in Black-box Manner

    Paper: Neural Cryptanalysis: Metrics, Methodology, and Applications in CPS Ciphers. Ya Xiao, Qingying Hao, Danfeng (Daphne) Yao. The 2019 IEEE Conference on Dependable and Secure Computing (IDSC'19) PDF

  • CryptoGuard for Secure Cryptography Implementation

    Paper: CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects. Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz1, Murat Kantarcioglu and Danfeng (Daphne) Yao. The 26th ACM Conference on Computer and Communications Security (CCS '19) PDF

    Poster: Deployment-quality and Accessible Solutions for Cryptography Code Development. : Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Ke Tian, Miles Frantz, Danfeng (Daphne) Yao, Na Meng, Barton P. Miller, Fahad Shaon, Murat Kantarcioglu. 2019 IEEE Symposium on Security and Privacy (S&P'19)

  • Cache Impact Measurement for Side Channel Attack

    Paper: Comparative Measurement of Cache Configurations Impacts on Cache Timing Side-Channel Attacks. Xiaodong Yu, Ya Xiao, Danfeng (Daphne) Yao and Kirk Cameron. The 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET'19). PDF

Internship Experience

[06/2019-08/2019] Research Intern, Oracle Labs, Brisbane, Australia

Working with Dr. Cristina Cifuentes (Senior Director of Research & Development in Oracle Labs Australia), and Paddy Krishnan (Director, Research at Oracle Labs Australia

We successfully developed a new functionality, finding cryptographic vulnerabilities, in Oracle’s static code analysis tool Parfait. The detection achieves high precision with good scalability for large codebase.

Other Activities