This is Xin'an Emmanuel Zhou's permanent homepage. The homepage address is https://xinanzhou.com/

Google Scholar Mastodon Twitter

He is currently a fourth-year Computer Security PhD candidate at the University of California, Riverside.

He is co-advised by Prof. Zhiyun Qian and Prof. Srikanth V. Krishnamurthy.

Email: xinan.zhou at email.ucr.edu

Before that, he obtained his bachelor's degree in Software Engineering from Fudan University.

His undergraduate advisors were Prof. Zhemin Yang, Prof. Min Yang, and Prof. Yuan Zhang.

News

(7/14/2023) Nominated for The Pwnie Awards 2023 "Pwnie for Most Under-Hyped Research", for the research "Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT".

(7/11/2023) I am thankful for the USENIX Security '23 Diversity Grant.

(6/13/2023) I am thankful for the GREPSEC VI Workshop invitation and sponsorship.

(3/1/2023) Our work on Mobile-as-a-Gateway IoT has been accepted by Blackhat Asia 2023!

(11/7/2022) I attended ACM CCS '22 in person. Thank you my friends for the unforgettable memories together!

(10/9/2022) I'm joining the Artifact Evaluation Committee of Usenix Security '23. Welcome to submit your artifact!

(9/14/2022) Our SADDNS team got one in-person poster accepted by ACM CCS 2022!

(8/31/2022) I advanced to candidacy for PhD!

(8/26/2022) I got one paper on IoT Security accepted by ACM CCS 2022!

(6/10/2022) I obtained my Master's degree in Computer Science with 4.0 GPA.

(5/26/2022) I attended IEEE S&P '22 in person and delivered a short talk How to Own Website Accounts Using Weibo Single Sign-On Vulnerabilities.

Publications

[4] Dilemma in IoT Access Control: Revealing Novel Attacks and Design Challenges in Mobile-as-a-Gateway IoT [Link] [PDF]
Luyi Xing, Xin'an Zhou, Jiale Guan, Zhiyun Qian
Black Hat Asia 2023

[3] (An anonymous workshop paper)

[2] Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT [PDF] [Site]
Xin'an Zhou, Jiale Guan, Luyi Xing, Zhiyun Qian
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.
Pwnie Award Nomination for Most Under-hyped Research

[1] DNS Cache Poisoning Attack: Resurrections with Side Channels [PDF] [Site]
Keyu Man, Xin'an Zhou, and Zhiyun Qian
Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.
Key Insight: Using ICMP as a side-channel to perform DNS Cache Poisoning Attacks.

Professional Services

Reviewer: USENIX Security '23 AEC

Sub-reviewer: USENIX Security '21, IEEE S&P '21, IEEE S&P '24

Organizer: LGBTQIA+ and Allies Happy Hour at IEEE S&P '22, Queer in Security and Privacy Social Hour at ACM CCS '22

Volunteer: IEEE S&P '22

Credits

CVE-2021-34977

CVE-2021-20322

CVE-2022-27645

CVE-2022-23776

CVE-2022-37193

Selected Awards

• GREPSEC VI Workshop Travel Grant
• USENIX Security '23 Diversity Grant
• IEEE Symposium on Security and Privacy 2022 Student Travel Grant
• Full Win in Routers category at Pwn2Own Austin 2021 [Video] [Live Results]
• Xiang Qian Overseas Exchange Scholarship, 2016, Fudan University
• Joel & Ruth Spira Scholarship, 2016, Fudan University (1%, by Lutron Electronics)
• Dell EMC Excellent Undergraduate Scholarship, 2016, Fudan University
• iSURE Scholarship, 2016, University of Notre Dame
• China National Scholarship, 2016 (The highest undergrad honor in China)
• China National Scholarship, 2015 (The highest undergrad honor in China)
• Tung OOCL Scholarship, 2014, Fudan University (The First Prize Undergraduate Scholarship)

Links

ETenal  Haobin Hiroki Chen  Zero Pwned  Blaine Hoak

Notes

"Was aus Liebe getan wird, geschieht immer jenseits von Gut und Böse. (What is done out of love always takes place beyond good and evil.)"

--Friedrich Nietzsche