Bio

I am an associate professor at Institute of Information Engineering, Chinese Academy of Sciences. My primary research interests include software security, and software supply chain security. Please feel free to contact me by email (xiaoyang[at]iie.ac.cn).

课题组长期招收硕士生、博士生和博士后，欢迎对软件与系统安全感兴趣的同学加入我们团队。

Education and Employment

2022.1 - Present, Institute of Information Engineering, Chinese Academy of Sciences, Associate Professor. (Working with Wei Huo, Feng Li, Yeting Li and Yanyan Zou)
2019.7 - 2020.2, Nanyang Technology University, Visiting student. (Supervised by Yang Liu)
2015.9 - 2022.1, Institute of Information Engineering, Chinese Academy of Sciences, Ph.D. (Supervised by Wei Zou and Wei Huo)
2011.9 - 2015.6, Sun Yat-sen University, Bachelor.

Publications

2024

[USENIX SEC] Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded Systems. Jiaxu Zhao, Yuekang Li, Yanyan Zou, Zhaohui Liang, Yang Xiao, Yeting Li, Bingwei Peng, Nanyu Zhong, Xinyi Wang, Wei Wang, Wei Huo. USENIX Security Symposium. (CCF-A)
[ISSTA] SCALE: Constructing Structured Natural Language Comment Trees for Software Vulnerability Detection. Xincheng Wen, Cuiyun Gao, Shuzheng Gao, Yang Xiao, Michael R Lyu. ACM SIGSOFT International Symposium on Software Testing and Analysis. (CCF-A)
[NDSS] File Hijacking Vulnerability: The Elephant in the Room. Chendong Yu, Yang Xiao(*), Jie Lu, Yuekang Li, Yeting Li, Lian Li, Yifan Dong, Jian Wang, Jingyi Shi, Defang Bo, Wei Huo. Network and Distributed System Security (NDSS) Symposium. (CCF-A)
[ICSE] LibvDiff: Library Version Difference Guided OSS Version Identification in Binaries. Chaopeng Dong, Siyuan Li, Shouguo Yang, Yang Xiao, Yongpan Wang, Hong Li, Zhi Li, Limin Sun. 46th International Conference on Software Engineering. (CCF-A)

2023

[CCS] Enhancing OSS Patch Backporting with Semantics. Su Yang, Yang Xiao, Zhengzi Xu, Chengyi Sun, Chen Ji, Yuqing Zhang. The ACM Conference on Computer and Communications Security. (CCF-A)
[ESEC/FSE] Learning Program Semantics for Vulnerability Detection via Vulnerability-specific Inter-procedural Slicing. Bozhi Wu, Shangqing Liu, Yang Xiao, Zhiming Li, Jun Sun, Shang-Wei Lin. ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. (CCF-A)
[TOSEM] Asteria-Pro: Enhancing Deep-Learning Based Binary Code Similarity Detection by Incorporating Domain Knowledge. Shouguo Yang, Chaopeng Dong, Yang Xiao(*), Yiran Cheng, Zhiqiang Shi, Zhi Li, Limin Sun. ACM Transactions on Software Engineering and Methodology. (CCF-A)
[TOSEM] Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic Analysis. Shouguo Yang, Zhengzi Xu, Yang Xiao(*), Zhe Lang, Wei Tang, Yang Liu, Zhiqiang Shi, Hong Li, Limin Sun. ACM Transactions on Software Engineering and Methodology. (CCF-A)
[USENIX SEC] Detecting API Post-Handling Bugs Using Code and Description in Patches. Miaoqian Lin, Kai Chen, Yang Xiao. USENIX Security Symposium. (CCF-A)
[ISSTA] ACETest: Automated Constraint Extraction for Testing Deep Learning Operators. Jingyi Shi, Yang Xiao(*), Yuekang Li, Yeting Li, Dongsong Yu, Chendong Yu, Hui Su, Yufeng Chen, Wei Huo. ACM SIGSOFT International Symposium on Software Testing and Analysis. (CCF-A)
[S&P] Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation. Xinyi Wang, Cen Zhang, Yeting Li, Zhiwu Xu, Shuailin Huang, Yi Liu, Yican Yao, Yang Xiao, Yanyan Zou, Yang Liu, Wei Huo. 2023 IEEE Symposium on Security and Privacy. (CCF-A)

2022

[Cybersecurity] Unleashing the power of pseudo-code for binary code similarity analysis. Weiwei Zhang, Zhengzi Xu, Yang Xiao, Yinxing Xue. Cybersecurity. (IIE-B)
[ICSME] VERJava: Vulnerable Version Identification for Java OSS with a Two-Stage Analysis. Qing Sun, Lili Xu, Yang Xiao, Feng Li, He Su, Yiming Liu, Hongyun Huang, Wei Huo. 2022 IEEE International Conference on Software Maintenance and Evolution. (CCF-B)
[USENIX SEC] RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix. Yeting Li, Yecheng Sun, Zhiwu Xu, Jialun Cao, Yuekang Li, Rongchen Li, Haiming Chen, Shing-Chi Cheung, Yang Liu, Yang Xiao. USENIX Security Symposium. (CCF-A)

2021

[Cybersecurity] B2SMatcher: fine-Grained version identification of open-Source software in binary files. Gu Ban, Lili Xu, Yang Xiao, Xinhua Li, Zimu Yuan, Wei Huo. Cybersecurity. (IIE-B)
[SANER] VIVA: Binary level vulnerability identification via partial signature. Yang Xiao, Zhengzi Xu, Weiwei Zhang, Chendong Yu, Longquan Liu, Wei Zou, Zimu Yuan, Yang Liu, Aihua Piao, Wei Huo. IEEE International Conference on Software Analysis, Evolution and Reengineering. (CCF-B)

2020

[USENIX SEC] MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures. Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, Wenchang Shi. USENIX Security Symposium. (CCF-A)

2019

[ASE] B2SFinder: Detecting open-source software reuse in COTS software. Zimu Yuan, Muyue Feng, Feng Li, Gu Ban, Yang Xiao, Shiyang Wang, Qian Tang, He Su, Chendong Yu, Jiahuan Xu, Aihua Piao, Jingling Xuey, Wei Huo. IEEE/ACM International Conference on Automated Software Engineering. (CCF-A)
[SANER] Open-source license violations of binary software at large scale. Muyue Feng, Weixuan Mao, Zimu Yuan, Yang Xiao, Gu Ban, Wei Wang, Shiyang Wang, Qian Tang, Jiahuan Xu, He Su, Binghong Liu, Wei Huo. International Conference on Software Analysis, Evolution and Reengineering. (CCF-B)