Yang Ronghai bio photo

Yang Ronghai

Security Technical Expert @ Sangfor.

Email Twitter Facebook Github

Research Interests:

  • General Cyber Security
  • AI for Security & AI Security
  • Defense Techniques

Publications:

  • Ronghai Yang, Xianbo Wang, Kaixuan Luo, Xin Lei, Ke Li, Jiayuan Xin and Wing Cheong Lau, "SWIDE: A Semantic-aware Detection Engine for Successful Web Injection Attacks". to appear in ACM CCS, 2024.

  • Ronghai Yang, Xin Lei, and Jiayuan Xin, "Beyond Generation: Detecting Zero-Day Web Attacks via Security-GPT". GeekCon 2023 (This work received the Frontier Breakthrough Award).

  • Shangcheng Shi, Xianbo Wang, Kyle Zeng, Ronghai Yang, Wing Cheong Lau, "An Empirical Study on Mobile Payment Credential Leaks and Their Exploits". SecureComm, 2021

  • Ronghai Yang, Xianbo Wang, Cheng Chi, Dawei Wang, Jiawei He, Shiming Pang, and Wing Cheong Lau, “Scalable Detection of Promotional Website Defacements in Black Hat SEO Campaigns,” to appear in USENIX Security Symposium, Aug 2021.

  • Xianbo Wang, Wing Cheong Lau, Yikang Chen, Shangcheng Shi, Ronghai Yang, “Fingerprint-jacking: Practical Fingerprint Authorization Hijacking in Android Apps,” BlackHat Europe Briefings, Dec 2020.

  • Xianbo Wang, Wing Cheong Lau, Shangcheng Shi, Ronghai Yang, “Make Redirection Evil Again – URL Parser Issues in OAuth,” in Black Hat Asia, Mar 2019.

  • Ronghai Yang, Wing Cheong Lau, Jiongyi Chen, Kehuan Zhang, “Vetting Single-Sign-On SDK Implementations via Symbolic Reasoning,” in the 27th USENIX Security Symposium, Aug 2018. (This work received the 2018 Internet Defense Prize (2nd Runner-up) from USENIX and Facebook).

  • Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang and Kehuan Zhang, “IoTFuzzer: Discovering Memory Corruptions in IoT through App-based Fuzzing,” in the Network and Distributed System Security Symposium (NDSS), Feb 2018.

  • Ronghai Yang, Wing Cheong Lau and Shangcheng Shi, “Breaking and Fixing Mobile App Authentication with OAuth2.0-based Protocols”, to appear in 15th International Conference on Applied Cryptography and Network Security (ACNS), 2017.

  • Ronghai Yang, Wing Cheong Lau and Tianyu Liu, “Signing into One Billion Mobile App Accounts Effortlessly with OAuth2.0”, in Black Hat Europe, London, 2016.

  • Ronghai Yang, Guancheng Lee, Wing Cheong Lau and Kehuan Zhang, “Model-based Security Testing: an Empirical Study on OAuth 2.0 Implementations”, in AsiaCCS, Xi’an, 2016. Full paper acceptance rate 20.9%.

  • Huanle Xu*, Ronghai Yang*, Zhibo Yang and Wing Cheong Lau, “Solving Large Graph Problems in MapReduce-Like Frameworks via Optimized Parameter Configuration”, In the 15th International Conference on Algorithms and Architectures for Parallel Processing (ICA3PP) 2015.

  • Pili Hu*, Ronghai Yang*, Yue Li and Wing Cheong Lau, “Application Impersonation: Problems of OAuth and API Design in Online Social Networks”, ACM Conference on Online Social Networks (COSN), Dublin, Oct. 2014. Acceptance rate 15.9%.

  • Ronghai Yang,Pili Hu and Wing Cheong Lau, “Model-based Testing for Security Flaw Detection in OAuth2.0(Poster),” ACM Conference on Online Social Networks (COSN), Dublin, Oct. 2014.

Projects:

  • Principal Investigator of Shenzhen Key Technology Innovation Project: Research and Application of Data Element Security Protection Technology for Big Data Platforms (20 million yuan)作为项目负责人主持深圳市重点科技创新项目: 重202403011 面向大数据平台的数据要素化安全防护技术研发及应用 (2000万元).

    • * These authors contributed equally to this work.