Yi He

Assistant Professor
Institude for Math & AI
Wuhan University
Office: A919, Lei Jun Building
Interests: Hardware, firmware, and protocol security of embedded devices.
[ NIS&P | WHUES ]

About

I am tenure-track assistant professor at Institude for Math & AI, Wuhan at Wuhan University.

I received my Ph.D. degree from Tsinghua University in June 2024, advised by Prof. Qi Li and Prof. Kun Sun. Before that, I worked as a senior engineer at NetEase Games.

I am a system (e.g., Android, IoT, and Cloud) security researcher. Previously, I worked on IoT access control and eBPF-based system security. Now, I focus on identifying vulnerabilities in embedded systems (such as satellite and EV) through static analysis, dynamic analysis, and fuzzing tests. Additionally, I am engaged in developing practicable defense mechanisms to protect embedded systems.

I am recruiting Master/PhD students who aspire to become outstanding engineers or excellent researchers.

Publications

2025
  • Zhenhao Tian, Yi He, Nuo Zhang, Qixiao Lin, Hetian Shi, Jianwei Zhuge, Jian Mao, Deliang Chang. BLMProbe: Enhancing Internet-connected Device Discovery by Automated Device Labeling and Label Migration. In IEEE Transactions on Information Forensics and Security, 2025.
    [ bibtex ]
  • Qian Zhang, Yi He, Yue Xiao, Xiaoli Zhang, Chunhua Song. OTA-Key: Over-the-Air Key Management for Flexible and Reliable IoT Device Provision. In IEEE Transactions on Network and Service Management, 2025.
    [ paper | bibtex ]
2024
  • Yi He, Yunchao Guan, Ruoyu Lun, Shangru Song, Zhihao Guo, Jianwei Zhuge, Jianjun Chen, Qiang Wei , Zehui Wu , Miao Yu , Shi Hetian, Qi Li. Demystifying the Security Implications in IoT Device Rental Services. In Proceedings of USENIX Security Symposium, 2024.
    [ paper | code | bibtex ]
  • Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, Ning Zhang. Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities. In Proceedings of USENIX Security Symposium, 2024.
    [ paper | code | bibtex ]
  • Xijia Che, Yi He, Xuewei Feng, Kun Sun, Ke Xu, Qi Li. BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS), 2024.
    [ paper | bibtex ]
  • Yue Xiao, Yi He, Xiaoli Zhang, Qian Wang, Renjie Xie, Kun Sun, Ke Xu, Qi Li. From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices. In Proceedings of Network and Distributed System Security (NDSS) Symposium, 2024.
    [ paper | code | bibtex ]
  • Hetian Shi, Yi He, Qing Wang, Jianwei Zhuge, Qi Li, Xin Liu. Laser-Based Command Injection Attacks on Voice-Controlled Microphone Arrays. In Proceedings of The annual Conference on Cryptographic Hardware and Embedded Systems (CHES), 2024.
    [ pdf | code | bibtex ]
  • Han Zhang, Qian Wang, Xiaoli Zhang, Yi He, Bo Tang, Qi Li. Toward Zero-Trust IoT Networks via Per-Packet Authorization. In IEEE Communications Magazine, 2024.
    [ bibtex ]
  • Renjie Xie, Jiahao Cao, Yuxi Zhu, Yixiang Zhang, Yi He, Hanyi Peng, Yixiao Wang, Mingwei Xu, Kun Sun, Enhuan Dong, Qi Li, Menghao Zhang, Jiang Li. Cactus: Obfuscating Bidirectional Encrypted TCP Traffic at Client Side. In IEEE Transactions on Information Forensics and Security, 2024.
    [ code | bibtex ]
2023
  • Yi He, Roland Guo,Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, Qi Li. Cross Container Attacks: The Bewildered eBPF on Clouds. In Proceedings of USENIX Security Symposium, 2023.
    [ paper | code | bibtex ]
  • Yi He, Yacong Gu, Purui Su, Kun Sun, Yajin Zhou, Zhi Wang, Qi Li. A Systematic Study of Android Non-SDK (Hidden) Service API Security. In IEEE Transactions on Dependable and Secure Computing, 2023.
    [ paper | code | bibtex ]
2022
  • Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, Qi Li. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In Proceedings of USENIX Security Symposium, 2022.
    [ paper | code | bibtex ]
  • Yi He, Yuan Zhou, Yajin Zhou, Qi Li, Kun Sun, Yacong Gu, Yong Jiang. JNI Global References Are Still Vulnerable: Attacks and Defenses. In IEEE Transactions on Dependable and Secure Computing, 2022.
    [ paper | code | bibtex ]
2021 and before
  • Jingwen Fan, Yi He, Bo Tang, Qi Li, Ravi Sandhu. Ruledger: Ensuring Execution Integrity in Trigger-Action IoT Platforms. In Proceedings of IEEE International Conference on Computer Communications (Infocom), 2021.
    [ paper | bibtex ]
  • Huan Chang, Lingguang Lei, Kun Sun, Jiwu Jing, Yi He, Pingjian Wang. Vulnerable Service Invocation And Countermeasures. In IEEE Transactions on Dependable and Secure Computing, 2019.
    [ bibtex ]
  • Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS), 2017.
    [ pdf | bibtex ]
  • Yi He, Qi Li, Kun Sun. LinkFlow: Efficient Large-Scale Inter-App Privacy Leakage Detection. In Proceedings of International Conference on Security and Privacy in Communication Systems (SecureComm), 2017.
    [ bibtex ]
  • Yi He, Qi Li. Detecting and Defending Against Inter-app Permission Leaks in Android Apps. In Proceedings of International Performance Computing and Communications Conference (IPCCC), 2016.
    [ bibtex ]

Contact

Please feel free to send me an email: clangllvm@163.com