About

I received my Ph.D. degree from Tsinghua University in June 2024, advised by Prof. Qi Li and Prof. Kun Sun. Before that, I worked as a senior engineer at NetEase Games.

I am a system (e.g., Android, IoT, and Cloud) security researcher. Previously, I worked on IoT access control and eBPF-based system security. In the future, I will focus on identifying vulnerabilities in embedded systems (such as satellite and EV) through static analysis, dynamic analysis, and fuzzing tests. Additionally, I am engaged in developing practicable defense mechanisms to protect embedded systems.

I am recruiting Master/PhD students who aspire to become outstanding engineers or excellent researchers.

Publications

2024

• Yi He, Yunchao Guan, Ruoyu Lun, Shangru Song, Zhihao Guo, Jianwei Zhuge, Jianjun Chen, Qiang Wei , Zehui Wu , Miao Yu , Shi Hetian, Qi Li. Demystifying the Security Implications in IoT Device Rental Services. In Proceedings of USENIX Security Symposium, 2024.
  [ paper | code | bibtex ]
• Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, Ning Zhang. Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities. In Proceedings of USENIX Security Symposium, 2024.
  [ paper | code | bibtex ]
• Xijia Che, Yi He, Xuewei Feng, Kun Sun, Ke Xu, Qi Li. BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS), 2024.
  [ paper | bibtex ]
• Yue Xiao, Yi He, Xiaoli Zhang, Qian Wang, Renjie Xie, Kun Sun, Ke Xu, Qi Li. From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices. In Proceedings of Network and Distributed System Security (NDSS) Symposium, 2024.
  [ paper | code | bibtex ]
• Hetian Shi, Yi He, Qing Wang, Jianwei Zhuge, Qi Li, Xin Liu. Laser-Based Command Injection Attacks on Voice-Controlled Microphone Arrays. In Proceedings of The annual Conference on Cryptographic Hardware and Embedded Systems (CHES), 2024.
  [ paper | code | bibtex ]
• Han Zhang, Qian Wang, Xiaoli Zhang, Yi He, Bo Tang, Qi Li. Toward Zero-Trust IoT Networks via Per-Packet Authorization. In IEEE Communications Magazine, 2024.
  [ bibtex ]

2023

• Yi He, Roland Guo,Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, Qi Li. Cross Container Attacks: The Bewildered eBPF on Clouds. In Proceedings of USENIX Security Symposium, 2023.
  [ paper | code | bibtex ]
• Yi He, Yacong Gu, Purui Su, Kun Sun, Yajin Zhou, Zhi Wang, Qi Li. A Systematic Study of Android Non-SDK (Hidden) Service API Security. In IEEE Transactions on Dependable and Secure Computing, 2023.
  [ paper | code | bibtex ]

2022

• Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, Qi Li. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In Proceedings of USENIX Security Symposium. August, 2022.
  [ paper | code | bibtex ]
• Yi He, Yuan Zhou, Yajin Zhou, Qi Li, Kun Sun, Yacong Gu, Yong Jiang. JNI Global References Are Still Vulnerable: Attacks and Defenses. In IEEE Transactions on Dependable and Secure Computing, 2022.
  [ paper | code | bibtex ]

2021 and before

• Jingwen Fan, Yi He, Bo Tang, Qi Li, Ravi Sandhu. Ruledger: Ensuring Execution Integrity in Trigger-Action IoT Platforms. In Proceedings of IEEE International Conference on Computer Communications (Infocom), 2021.
  [ paper | bibtex ]
• Huan Chang, Lingguang Lei, Kun Sun, Jiwu Jing, Yi He, Pingjian Wang. Vulnerable Service Invocation And Countermeasures. In IEEE Transactions on Dependable and Secure Computing, 2019.
  [ bibtex ]
• Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS), 2017.
  [ paper | bibtex ]
• Yi He, Qi Li, Kun Sun. LinkFlow: Efficient Large-Scale Inter-App Privacy Leakage Detection. In Proceedings of International Conference on Security and Privacy in Communication Systems (SecureComm), 2017.
  [ bibtex ]
• Yi He, Qi Li. Detecting and defending against inter-app permission leaks in android apps. In Proceedings of International Performance Computing and Communications Conference (IPCCC), 2016.
  [ bibtex ]

Contact

Please feel free to send me an eamil: clangllvm@163.com