香港中文大学，信息工程，博士

加州大学尔湾分校，访问学者（博士期间）

四川大学，电子信息工程，学士

网络与系统安全方向，特别是移动系统安全，物联网安全，软件安全，漏洞挖掘与利用等。

【招生信息】

正招收2024秋季入学研究生（无锡校区已满，南京尚有名额），欢迎对相关方向感兴趣的推免/考研同学与我邮件联系！

同时也长期欢迎学有余力，对科研感兴趣的本科生提前参与科研实践，或参加学科竞赛等！

课题组致力于做有一定影响力的系统安全研究，希望学生具备相关专业背景，一定的编程与系统搭建能力。本人会尊重学生的兴趣想法，结合学生发展规划和课题组情况，讨论制定合适的科研课题、培养计划，力所能及的进行指导。同时，可以为优秀学生提供国内/海外实验室交流访问以及未来深造机会。

(*为通讯作者)

[1] [MSN'23] Jianqi Du, Zidong Zhang, Fenghao Xu*, and Wenrui Diao*. Living in the Past: Analyzing BLE IoT Devices Based on Mobile Companion Apps in Old Versions. The 19th International Conference on Mobility, Sensing and Networking, Nanjing, China. December 14-16, 2023. [CCF C]

• [2] [SECON'22] Jianqi Du, Fenghao Xu*, Chennan Zhang, Zidong Zhang, Xiaoyin Liu, Pengcheng Ren, Wenrui Diao*, Shanqing Guo, and Kehuan Zhang. Identifying the BLE Misconfigurations of IoT Devices through Companion Mobile Apps. The 19th Annual IEEE International Conference on Sensing, Communication, and Networking, Virtual. September 20-23, 2022. [CCF B]




• [3] [IET-IFS'22] Jiongyi Chen, Fenghao Xu, Shuaike Dong, Wei Sun, and Kehuan Zhang. Authorisation Inconsistency in IoT Third-Party Integration. IET Information Security, 16(2), 133-143. March 2022. [CCF C]




• [4] [CCS'21] Fenghao Xu, Siyu Shen, Wenrui Diao, Zhou Li, Yi Chen, Rui Li, and Kehuan Zhang. Android On PC: On the Security of End-user Android Emulators. The 28th ACM Conference on Computer and Communications Security, Virtual, South Korea. November 15-19, 2021. [CCF A,安全四大顶会]




• [5] [NDSS'19] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. The 26th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 24-27, 2019. [CCF A,安全四大顶会]




• [6] [RAID'19] Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang, and XiaoFeng Wang. Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [CCF B]




• [7] [SecureComm'18] Shuaike Dong, Menghao Li, Wenrui Diao, Xiangyu Liu, Jian Liu, Zhou Li, Fenghao Xu, Kai Chen, Xiaofeng Wang, and Kehuan Zhang. Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild. The 14th EAI International Conference on Security and Privacy in Communication Networks, Singapore, Singapore. August 8-10, 2018. [CCF C]