头像

姓名:王楚涵

职称:副研究员

电话:

办公室:

个人主页:https://wangchuhan.cn

邮箱:wangchuhan [AT] seu.edu.cn

教育背景

清华大学,网络空间安全,博士

伊利诺伊大学香槟分校,访问学者

北京交通大学,计算机科学与技术,学士

学术兼职

研究领域

  • 网络协议安全:研究网络协议的安全性,重点关注协议设计缺陷、实现不一致性以及新型攻击方法。

  • Web安全研究Web应用及其基础设施中的安全问题,探索系统性的检测方法与新型攻击与防御技术。


研究概况

研究方向包括 网络协议安全、Web安全,致力于揭示和解决网络空间中的关键安全问题。研究工作聚焦于协议设计缺陷、实现不一致性以及Web应用与基础设施中的系统性安全风险,并提出新型攻击模型与防御方案。近年来在网络安全领域的国际顶级学术会议(IEEE S&P、USENIX Security、CCS、NDSS等)发表多篇高水平论文,研究成果已帮助 Google、Apple、Yandex、腾讯、Shopee 等多家国际知名企业修复安全漏洞。

详情请访问个人主页:https://wangchuhan.cn/

招生计划

目前计划招收 2026年秋季入学的硕士研究生 以及 本科实习生。欢迎对网络安全、Web安全、协议安全等相关方向感兴趣,并希望投身前沿安全研究的同学加入。欢迎积极主动、具有自驱力和科研热情的同学,同时鼓励具备 CTF 竞赛经验的同学参与。研究组愿意尊重学生研究兴趣并助力学生成长,并可推荐优秀学生赴国内外知名高校交流或深造。

有意向的同学请通过邮件与我联系,并附上个人简历、成绩单及其他证明材料。

请注意保研学生需要参加八月底的夏令营面试,并获得录取资格。


最近动态

研究课题

奖励与荣誉

课程信息

学术成果

会议论文:

[1]  [USENIX Security '25] Chuhan Wang, Chenkai Wang, Songyi Yang, Sophia Liu, Jianjun Chen, Haixin Duan, Gang Wang. Email Spoofing with SMTP Smuggling: How the Shared Email Infrastructures Magnify this Vulnerability. In Proceedings of the 34th USENIX Security Symposium (USENIX Security), Seattle, WA, August 13–15, 2025.(网络安全领域国际顶级学术会议,CCF-A)    

[2]  [NDSS '24] Chuhan Wang, Yasuhiro Kuranaga, Yihang Wang, Mingming Zhang, Linkai Zheng, Xiang Li, Jianjun Chen, Haixin Duan, Yanzhong Lin, and Qingfeng Pan. BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In Proceedings of the 31st Annual Network and Distributed System Security Symposium. San Diego, California, 26 February – 1 March, 2024.(网络安全领域国际顶级学术会议,CCF-A)      

[3]  [USENIX Security '22] Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan. A Large-scale and Longitudinal Measurement Study of DKIM Deployment. In Proceedings of the 31th USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 10-12, 2022.(网络安全领域国际顶级学术会议,CCF-A)     

[4]  [USENIX Security '21] Kaiwen Shen, Chuhan Wang(共同一作), Minglei Guo, Xiaofeng Zheng, Chaoyi Lu, Baojun Liu, Yuxuan Zhao, Shuang Hao, Haixin Duan, Qinfeng Pan, Min Yang. Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks. In Proceedings of the 30th USENIX Security Symposium (USENIX Security), Virtual event, August 2021. (网络安全领域国际顶级学术会议,CCF-A)      

[5]  [NDSS '24] Linkai Zheng, Xiang Li, Chuhan Wang, Run Guo, Haixin Duan, Jianjun Chen, Chao Zhang, and Kaiwen Shen. ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing. In Proceedings of the 31st Annual Network and Distributed System Security Symposium. San Diego, California, 26 February – 1 March, 2024.(网络安全领域国际顶级学术会议,CCF-A)      

[6]  [IEEE S&P '24] Enze Wang, Jianjun Chen, Wei Xie, Chuhan Wang, Yifei Gao, Zhenhua Wang, Haixin Duan, Yang Liu, Baosheng Wang. Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web Applications. In Proceedings of 2024 IEEE Symposium on Security and Privacy. San Francisco, California, May 20–23, 2024.(网络安全领域国际顶级学术会议,CCF-A)      

[7]  [CCS '24] Jiahe Zhang, Jianjun Chen, Qi Wang, Hangyu Zhang, Chuhan Wang, Jianwei Zhuge, Haixin Duan. Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Salt Lake City, Utah, USA, October 14-18, 2024.(网络安全领域国际顶级学术会议,CCF-A)      

[8]  [IEEE S&P '24] Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, and Qi Li. TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Proceedings of 2024 IEEE Symposium on Security and Privacy. San Francisco, California, May 20–23, 2024.(网络安全领域国际顶级学术会议,CCF-A)     

[9]  [CCS '23] Zhenrui Zhang, Geng Hong, Xiang Li, Zhuoqun Fu, Jia Zhang, Mingxuan Liu, Chuhan Wang, Jianjun Chen, Baojun Liu, Haixin Duan, Chao Zhang, and Min Yang. Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. Copenhagen, Denmark, November 26–30, 2023.(网络安全领域国际顶级学术会议,CCF-A)    

[10] [WiSec '24] Yaru Yang, Yiming Zhang, Tao Wan, Chuhan Wang, Haixin Duan, Jianjun Chen, Yishen Li. Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging Services. In Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks. Seoul, Korea, May 27-30, 2024.(网络安全领域国际重要学术会议,CCF-C)

其他