I am a third-year Ph.D. student in the Computer Science Department at Indiana University Bloomington. I'm advised by Dr. Xiaojing Liao and Dr. Luyi Xing. Before joining IU, I earned my master’s degree from W&M.

My research interests lie in the field of mobile security (to identify new attack surfaces and emerging threats in both Android and iOS). I am also interested in Data-driven security and privacy. 

News

• Aug 2019: Opera acknowledged our names on their Security hall of fame.
• June 2019: Apple acknowledged our reported vulnerability on Safari.
• June 2019: Chrome acknowledged our discovered vulnerability with CVE-2019-5767.
• Dec 2019: Google awarded us $2,000 for discovering vulnerability in Chrome.
• October 2018: Tencent acknowledged my name on their Security hall of fame.

Publications

• CCS'20, Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems
  Haoran Lu, Luyi Xing, Yue Xiao, Yifan Zhang, Xiaojing Liao, XiaoFeng Wang, Xueqiang Wang
  to appear in the ACM Conference on Computer and Communications Security, 2020. (Acceptance rate: ??%)
  [attack demo/code/data]
  ​

• Oakland'19, Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion
  Kan Yuan, Di Tang, Xiaojing Liao, XiaoFeng Wang, Xuan Feng, Yi Chen, Menghan Sun, Haoran Lu, Kehuan Zhang
  in Proceeding of IEEE Symposium on Security and Privacy, 2019. (Acceptance rate: 12%)
  [code]
  ​

• Security'18, Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces 
  Kan Yuan, Haoran Lu, Xiaojing Liao, XiaoFeng Wang. 
  in Proceeding of USENIX Security Symposium, 2018. (Acceptance rate: 19%)
  [code/data]