周亞金

周亞金

周亞金,BlockSec聯合創始人,於美國北卡州⽴⼤學取得博⼠學位,曾擔任奇⻁360⾼級安全研究員。研究方向包括智慧型手機套用安全漏洞挖掘, 安卓惡意軟體檢測, 以及開發相應的解決方案去保護智慧型手機用戶的安全。

2021年,創立區塊鏈安全公司BlockSec。

基本介紹

  • 中文名:周亞金
  • 外文名:Yajin(Andy) Zhou
  • 國籍中國
  • 畢業院校:北卡羅萊納州立大學
  • 職業:教育科研工作者;創始人兼CEO
  • 性別:男
所獲榮譽,人物經歷,發表作品,

所獲榮譽

2022, IEEE S&P | USENIX Security | ACNS | ASIACCS
2021,IEEE S&P | ACM CCS | ACM ASIACCS | ACM CODASPY | IEEE MASS| ICICS | MSN
2020,ACM ASIACCS | ACM CODASPY | IEEE EURO S&P | ICICS | EAI Qshine
2019,ACM CODASPY | ACM ASIACCS | IEEE EuroS&P | IEEE ICDCS | ACM CCS | ISC
2018, ICCCN | SECRYPT | NSS
2017, ACM ASIACCS (Shadow) | IEEE MOST
2016,IEEE MOST | ACM SPSM

人物經歷

2015年,獲得美國北卡羅萊納州立符仔大學博士學位;
2015-2018年,就職於奇虎360,帶領禁歸凝某款移動安全產品研發團隊,其產品獲得應愉估超過1億日活用戶;
2018年,加入浙江大學任教,任百人計畫研究員(100-Young professor)、博士生導師;
2021年5月,良翻糠創立區塊鏈安全公司BlockSec;
2021年10月,BlockSec上線閃電貸和AML監控系統;
2022年4月,BlockSec成功搶跑並攔截了黑客對Saddle Finance的攻擊,挽回約380萬美元的雄良局滲數字資產旬店蘭;
2022年9月,Phalcon Explorer上線;
2022年11月,面向C端用戶的區塊鏈瀏覽器增強外掛程式MetaDock正式上線;
2023年付淋提辯1月,加密資產資金流分析平台MetaSleuth正式上線;
2023年3月,BlockSec成功搶跑並攔截了黑客對Paraspace的攻擊,挽回約500萬美元的數字資產;
2023年4月,面向區塊鏈開發者和安全研究員的開發測試平台Phalcon Beta版本上線。

發表作品

2023
[50]TSE Demystifying Random Number in Ethereum Smart Contract: Taxonomy, Vulnerability Identification, and Attack Detection [Paper]
Peng Qian, Jianting He, Lingling Lu, Siwei Wu, Zhipeng Lu, Lei Wu, Yajin Zhou*, Qinming He
IEEE Transactions on Software Engineering (IEEE TSE)
[49]ISSTA Detecting Underground Economy Apps Based on UTG Similarity [Paper]
Zhuo Chen, Jie Liu, Yubo Hu, Lei Wu, Yajin Zhou, Yiling He, Xianhao Liao, Ke Wang, Jinku Li, Zhan Qin
Proceedings of the 2023 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023)
[48]S&P VIDEZZO: Dependency-aware Virtual Device Fuzzing [Paper]
Qiang Liu, Flavio Toffalini, Yajin Zhou*, Mathias Payer
Proceedings of the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023)
[47]DAC DriverJar: Lightweight Device Driver Isolation for ARM [Paper]
Huamao Wu, Yuan Chen, Yajin Zhou*, Yifei Wang, Lubo Zhang
Proceedings of the 60th Design Automation Conference 2023 (DAC 2023)
[46]USENIX Security MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation [Paper]
Jinyan Xu, Yiyuan Liu, Sirui He, Haoran Lin, Yajin Zhou*, Cong Wang
Proceedings of the 32nd USENIX Security Symposium (USENIX Security 2023)
[45]S&P When Top-down Meets Bottom-up: Detecting and Exploiting Use-After-Cleanup Bugs in Linux Kernel [Paper]
Lin Ma, Duoming Zhou, Hanjie Wu, Yajin Zhou*, Rui Chang, Hao Xiong, Lei Wu, Kui Ren
Proceedings of the IEEE Symposium on Security and Privacy 2023 (IEEE S&P 2023)
[44]ASPLOS VDom: Fast and Unlimited Virtual Domains on Multiple Architectures [Paper]
Ziqi Yuan, Siyu Hong, Rui Chang, Yajin Zhou, Wenbo Shen, Kui Ren
Proceedings of the Architectural Support for Programming Languages and Operating Systems (ASPLOS 2023)。
[9] Different is Good: Detecting the Use of Uninitialized Variables through Differential Replay [Paper]
Mengchen Cao, Xiantong Hou, Tao Wang, Hunter Qu, Yajin Zhou, Xiaolong Bai, Fuwei Wang
Proceedings of the 26th ACM Conference on Computer and Communications (ACM CCS 2019)
[8] LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed [Paper]
Huayi Duan, Cong Wang, Xingliang Yuan, Yajin Zhou, Qian Wang, Kui Ren
Proceedings of the 26th ACM Conference on Computer and Communications (ACM CCS 2019)
[7] Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum [Paper]
Zhen Cheng*, Xinrui Hou*, Runhuai Li, Yajin Zhou, Xiapu Luo, Jinku Li, Kui Ren
Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)
(*The names of the first two authors are in alphabetical order)
[6] SPEED: Accelerating Enclave Applications via Secure Deduplication [Paper]
Helei Cui, Huayi Duan, Zhan Qin, Cong Wang, Yajin Zhou
Proceedings of the 39th IEEE International Conference on Distributed Computing Systems (IEEE ICDCS 2019)
[5] Dating with Scambots: Understanding the Ecosystem of Fraudulent Dating Applications [Paper]
Yangyu Hu, Haoyu Wang, Yajin Zhou, Yao Guo, Li Li, Bingxuan Luo, Fangren Xu
IEEE Transactions on Dependable and Secure Computing (TDSC)
[4] Adaptive Call-site Sensitive Control Flow Integrity (Best Paper Award) [Paper | Code]
Mustakimur Khandaker, Abu Naser, Wenqing Liu, Zhi Wang, Yajin Zhou, Yueqiang Cheng
Proceedings of the 4th IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2019)
[3] NDroid: Towards Tracking Information Flows Across Multiple Android Contexts [Paper]
Lei Xue, Chenxiong Qian, Hao Zhou, Xiapu Luo, Yajin Zhou, Yuru Shao and Alvin T.S. Chan
IEEE Transactions on Information Forensics & Security (TIFS), Volume: 14, Issue: 3, pp. 814–828, March 2019
2018
[2] Towards Privacy-Preserving Malware Detection Systems for Android (Best Paper Award) [Paper]
Helei Cui, Yajin Zhou, Cong Wang, Qi Li, Kui Ren
Proceedings of the 24th International Conference on Parallel and Distributed Systems (IEEE ICPADS 2018)
[1] AdCapsule: Practical Confinement of Advertisements in Android Applications [Paper]
Xiaonan Zhu, Jinku Li, Yajin Zhou, Jianfeng Ma
IEEE Transactions on Dependable and Secure Computing (TDSC)
Before 2018
2017
[21] When Program Analysis Meets Mobile Security: An Industrial Study of Misusing Android Internet Sockets [Paper]
Wenqi Bu, Minhui Xue, Lihua Xu, Yajin Zhou, Zhushou Tang, Tao Xie
Proceedings of the 11th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2017)
[20] Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART [Paper]
Lei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, Guofei Gu
Proceedings of the 26th USENIX Security Symposium (USENIX Security 2017)
[19] Design and Implementation of SecPod, A Framework for Virtualization-based Security Systems [Paper]
Xiaoguang Wang, Yong Qi, Zhi Wang, Yue Chen, Yajin Zhou
IEEE Transactions on Dependable and Secure Computing (TDSC)
2016
[18] Blender: Self-randomizing Address Space Layout for Android Apps [Paper]
Mingshen Sun, John C.S. Lui, Yajin Zhou
Proceedings of the the 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2016)
[17] AppShell: Making Data Protection Practical for Lost or Stolen Android Devices [Paper]
Yajin Zhou, Kapil Singh, Xuxian Jiang
Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2016)
2015
[16] SecPod: a Framework for Virtualization-based Security Systems [Paper]
Xiaoguang Wang, Yue Chen, Zhi Wang, Yong Qi, Yajin Zhou
Proceedings of the 2015 USENIX Annual Technical Conference (USENIX ATC 2015)
[15] Harvesting Developer Credentials in Android Apps [Paper]
Yajin Zhou, Lei Wu, Zhi Wang, Xuxian Jiang
Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2015)
[14] Hybrid User-level Sandboxing of Third-party Android Apps [Paper]
Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, Xuxian Jiang
Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015)
2014
[13] ARMlock: Hardware-based Fault Isolation for ARM [Paper | Slides]
Yajin Zhou, Xiaoguang Wang, Yue Chen, Zhi Wang
Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014)
[12] Owner-centric Protection of Unstructured Data on Smartphones [Paper]
Yajin Zhou, Kapil Singh, Xuxian Jiang
Proceedings of the 7th International Conference on Trust and Trustworthy Computing (TRUST 2014)
[11] AirBag: Boosting Smartphone Resistance to Malware Infection [Paper]
Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, Xuxian Jiang
Proceedings of the 21st Network and Distributed System Security Symposium (NDSS 2014)
[10] DIVILAR: Diversifying Intermediate Language for Anti-Repackaging on Android Platform [Paper]
Wu Zhou, Zhi Wang, Yajin Zhou, Xuxian Jiang
Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY 2014)
2013
[9] The Impact of Vendor Customizations on Android Security [Paper]
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang
Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS 2013)
[8] Fast, Scalable Detection of "Piggybacked" Mobile Applications (Best Paper Award) [Paper]
Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, Shihong Zou
Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY 2013)
[7] Detecting Passive Content Leaks and Pollution in Android Applications [Paper | Slides]
Yajin Zhou, Xuxian Jiang
Proceedings of the 20th Network and Distributed System Security Symposium (NDSS 2013)
2012
[6] RiskRanker: Scalable and Accurate Zero-day Android Malware Detection [Paper]
Michael Grace*, Yajin Zhou*, Qiang Zhang, Shihong Zou, Xuxian Jiang
Proceedings of the 10th International Conference on Mobile Systems, Applications and Services (MobiSys 2012)
(*The names of the first two authors are in alphabetical order)
[5] Dissecting Android Malware: Characterization and Evolution [Paper]
Yajin Zhou, Xuxian Jiang
Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland 2012)
(Our dataset is released at Android Malware Genome Project)
[4] DroidMOSS: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces (Best Paper Award) [Paper]
Wu Zhou, Yajin Zhou, Xuxian Jiang, Peng Ning
Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (CODASPY 2012)
[3] Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets [Paper]
Yajin Zhou, Zhi Wang, Wu Zhou and Xuxian Jiang
Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012)
[2] Systematic Detection of Capability Leaks in Stock Android Smartphones [Paper | Demo Video]
Michael Grace, Yajin Zhou, Zhi Wang and Xuxian Jiang
Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012)
2011
[1] Taming Information-Stealing Smartphone Applications (on Android) [Paper]
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vince W. Freeh
Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST 2011)
IEEE Transactions on Software Engineering (IEEE TSE)
[49]ISSTA Detecting Underground Economy Apps Based on UTG Similarity [Paper]
Zhuo Chen, Jie Liu, Yubo Hu, Lei Wu, Yajin Zhou, Yiling He, Xianhao Liao, Ke Wang, Jinku Li, Zhan Qin
Proceedings of the 2023 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023)
[48]S&P VIDEZZO: Dependency-aware Virtual Device Fuzzing [Paper]
Qiang Liu, Flavio Toffalini, Yajin Zhou*, Mathias Payer
Proceedings of the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023)
[47]DAC DriverJar: Lightweight Device Driver Isolation for ARM [Paper]
Huamao Wu, Yuan Chen, Yajin Zhou*, Yifei Wang, Lubo Zhang
Proceedings of the 60th Design Automation Conference 2023 (DAC 2023)
[46]USENIX Security MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation [Paper]
Jinyan Xu, Yiyuan Liu, Sirui He, Haoran Lin, Yajin Zhou*, Cong Wang
Proceedings of the 32nd USENIX Security Symposium (USENIX Security 2023)
[45]S&P When Top-down Meets Bottom-up: Detecting and Exploiting Use-After-Cleanup Bugs in Linux Kernel [Paper]
Lin Ma, Duoming Zhou, Hanjie Wu, Yajin Zhou*, Rui Chang, Hao Xiong, Lei Wu, Kui Ren
Proceedings of the IEEE Symposium on Security and Privacy 2023 (IEEE S&P 2023)
[44]ASPLOS VDom: Fast and Unlimited Virtual Domains on Multiple Architectures [Paper]
Ziqi Yuan, Siyu Hong, Rui Chang, Yajin Zhou, Wenbo Shen, Kui Ren
Proceedings of the Architectural Support for Programming Languages and Operating Systems (ASPLOS 2023)。
[9] Different is Good: Detecting the Use of Uninitialized Variables through Differential Replay [Paper]
Mengchen Cao, Xiantong Hou, Tao Wang, Hunter Qu, Yajin Zhou, Xiaolong Bai, Fuwei Wang
Proceedings of the 26th ACM Conference on Computer and Communications (ACM CCS 2019)
[8] LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed [Paper]
Huayi Duan, Cong Wang, Xingliang Yuan, Yajin Zhou, Qian Wang, Kui Ren
Proceedings of the 26th ACM Conference on Computer and Communications (ACM CCS 2019)
[7] Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum [Paper]
Zhen Cheng*, Xinrui Hou*, Runhuai Li, Yajin Zhou, Xiapu Luo, Jinku Li, Kui Ren
Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)
(*The names of the first two authors are in alphabetical order)
[6] SPEED: Accelerating Enclave Applications via Secure Deduplication [Paper]
Helei Cui, Huayi Duan, Zhan Qin, Cong Wang, Yajin Zhou
Proceedings of the 39th IEEE International Conference on Distributed Computing Systems (IEEE ICDCS 2019)
[5] Dating with Scambots: Understanding the Ecosystem of Fraudulent Dating Applications [Paper]
Yangyu Hu, Haoyu Wang, Yajin Zhou, Yao Guo, Li Li, Bingxuan Luo, Fangren Xu
IEEE Transactions on Dependable and Secure Computing (TDSC)
[4] Adaptive Call-site Sensitive Control Flow Integrity (Best Paper Award) [Paper | Code]
Mustakimur Khandaker, Abu Naser, Wenqing Liu, Zhi Wang, Yajin Zhou, Yueqiang Cheng
Proceedings of the 4th IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2019)
[3] NDroid: Towards Tracking Information Flows Across Multiple Android Contexts [Paper]
Lei Xue, Chenxiong Qian, Hao Zhou, Xiapu Luo, Yajin Zhou, Yuru Shao and Alvin T.S. Chan
IEEE Transactions on Information Forensics & Security (TIFS), Volume: 14, Issue: 3, pp. 814–828, March 2019
2018
[2] Towards Privacy-Preserving Malware Detection Systems for Android (Best Paper Award) [Paper]
Helei Cui, Yajin Zhou, Cong Wang, Qi Li, Kui Ren
Proceedings of the 24th International Conference on Parallel and Distributed Systems (IEEE ICPADS 2018)
[1] AdCapsule: Practical Confinement of Advertisements in Android Applications [Paper]
Xiaonan Zhu, Jinku Li, Yajin Zhou, Jianfeng Ma
IEEE Transactions on Dependable and Secure Computing (TDSC)
Before 2018
2017
[21] When Program Analysis Meets Mobile Security: An Industrial Study of Misusing Android Internet Sockets [Paper]
Wenqi Bu, Minhui Xue, Lihua Xu, Yajin Zhou, Zhushou Tang, Tao Xie
Proceedings of the 11th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2017)
[20] Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART [Paper]
Lei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, Guofei Gu
Proceedings of the 26th USENIX Security Symposium (USENIX Security 2017)
[19] Design and Implementation of SecPod, A Framework for Virtualization-based Security Systems [Paper]
Xiaoguang Wang, Yong Qi, Zhi Wang, Yue Chen, Yajin Zhou
IEEE Transactions on Dependable and Secure Computing (TDSC)
2016
[18] Blender: Self-randomizing Address Space Layout for Android Apps [Paper]
Mingshen Sun, John C.S. Lui, Yajin Zhou
Proceedings of the the 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2016)
[17] AppShell: Making Data Protection Practical for Lost or Stolen Android Devices [Paper]
Yajin Zhou, Kapil Singh, Xuxian Jiang
Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2016)
2015
[16] SecPod: a Framework for Virtualization-based Security Systems [Paper]
Xiaoguang Wang, Yue Chen, Zhi Wang, Yong Qi, Yajin Zhou
Proceedings of the 2015 USENIX Annual Technical Conference (USENIX ATC 2015)
[15] Harvesting Developer Credentials in Android Apps [Paper]
Yajin Zhou, Lei Wu, Zhi Wang, Xuxian Jiang
Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2015)
[14] Hybrid User-level Sandboxing of Third-party Android Apps [Paper]
Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, Xuxian Jiang
Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015)
2014
[13] ARMlock: Hardware-based Fault Isolation for ARM [Paper | Slides]
Yajin Zhou, Xiaoguang Wang, Yue Chen, Zhi Wang
Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014)
[12] Owner-centric Protection of Unstructured Data on Smartphones [Paper]
Yajin Zhou, Kapil Singh, Xuxian Jiang
Proceedings of the 7th International Conference on Trust and Trustworthy Computing (TRUST 2014)
[11] AirBag: Boosting Smartphone Resistance to Malware Infection [Paper]
Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, Xuxian Jiang
Proceedings of the 21st Network and Distributed System Security Symposium (NDSS 2014)
[10] DIVILAR: Diversifying Intermediate Language for Anti-Repackaging on Android Platform [Paper]
Wu Zhou, Zhi Wang, Yajin Zhou, Xuxian Jiang
Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY 2014)
2013
[9] The Impact of Vendor Customizations on Android Security [Paper]
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang
Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS 2013)
[8] Fast, Scalable Detection of "Piggybacked" Mobile Applications (Best Paper Award) [Paper]
Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, Shihong Zou
Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY 2013)
[7] Detecting Passive Content Leaks and Pollution in Android Applications [Paper | Slides]
Yajin Zhou, Xuxian Jiang
Proceedings of the 20th Network and Distributed System Security Symposium (NDSS 2013)
2012
[6] RiskRanker: Scalable and Accurate Zero-day Android Malware Detection [Paper]
Michael Grace*, Yajin Zhou*, Qiang Zhang, Shihong Zou, Xuxian Jiang
Proceedings of the 10th International Conference on Mobile Systems, Applications and Services (MobiSys 2012)
(*The names of the first two authors are in alphabetical order)
[5] Dissecting Android Malware: Characterization and Evolution [Paper]
Yajin Zhou, Xuxian Jiang
Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland 2012)
(Our dataset is released at Android Malware Genome Project)
[4] DroidMOSS: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces (Best Paper Award) [Paper]
Wu Zhou, Yajin Zhou, Xuxian Jiang, Peng Ning
Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (CODASPY 2012)
[3] Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets [Paper]
Yajin Zhou, Zhi Wang, Wu Zhou and Xuxian Jiang
Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012)
[2] Systematic Detection of Capability Leaks in Stock Android Smartphones [Paper | Demo Video]
Michael Grace, Yajin Zhou, Zhi Wang and Xuxian Jiang
Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012)
2011
[1] Taming Information-Stealing Smartphone Applications (on Android) [Paper]
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vince W. Freeh
Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST 2011)

相關詞條

熱門詞條

聯絡我們