Jianjun Chen
Assistant Professor at Tsinghua University working on Network Security
Office: Room 1-213, FIT building, Tsinghua University, Beijing, China
Email: jianjun [AT] tsinghua.edu.cn
jianjun [AT] icsi.berkeley.edu
cjj [AT] cs.uchicago.edu
Assistant Professor at Tsinghua University working on Network Security
Office: Room 1-213, FIT building, Tsinghua University, Beijing, China
Email: jianjun [AT] tsinghua.edu.cn
jianjun [AT] icsi.berkeley.edu
cjj [AT] cs.uchicago.edu
I am an assistant professor at the Institute for Network Sciences and Cyberspace at Tsinghua University. Before joining Tsinghua, I was a postdoctoral researcher at UC Berkeley (worked with Prof. Vern Paxson) and the University of Chicago (worked with Prof. Nick Feamster). I received my Ph.D. in Computer Science at Tsinghua University in 2018.
My research interest focus on network security, protocol security, and system security. I'm particularly interested in discovering and mitigating new security vulnerabilities in widely-used Internet protocols and systems, such as HTTP protocol, CDN system, email system, web browsers.
My research has won multiple Distinguished Paper Awards on the top-tier security conferences (e.g., NDSS 2016 and USENIX security 2020), and led to many real-world security responses, such as patches in popular HTTP implementations (e.g., Squid, Chrome, Firefox), security advisories by industrial companies (e.g., Akamai, Cloudflare, Apple), web standard change, and a new IETF RFC (RFC 8586).
|
Break the Wall from bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls
2024 IEEE Symposium on Security and Privacy Qi Wang, Jianjun Chen, Zheyu Jiang, Run Guo, Ximeng Liu, Chao Zhang, Haixin Duan To appear |
S&P'24 | |
|
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets
2024 IEEE Symposium on Security and Privacy Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li To appear |
S&P'24 | |
|
BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
Proceedings 2024 Network and Distributed System Security Symposium Chuhan Wang, Yasuhiro Kuranaga, Yihang Wang, Mingming Zhang, Linkai Zheng, Xiang Li, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan To appear |
NDSS'24 | |
|
ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing
Proceedings 2024 Network and Distributed System Security Symposium Linkai Zheng, Xiang Li, Chuhan Wang, Run Guo, Haixin Duan, Jianjun Chen, Kaiwen Shen To appear |
NDSS'24 | |
|
Faster and Better: Detecting Vulnerabilities in Linux-based IoT Firmware with Optimized Reaching Definition Analysis
Proceedings 2024 Network and Distributed System Security Symposium Zicong Gao, Chao Zhang , Hangtian Liu, Wenhou Sun, Zhizhuo Tang, Liehui Jiang, Jianjun Chen, Yong Xie To appear |
NDSS'24 | |
|
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack
32th USENIX Conference on Security Symposium Run Guo, Jianjun Chen, Yihang Wang, Keran Mu, Baojun Liu, Xiang Li, Chao Zhang, Haixin Duan, Jianping Wu paper slides |
USENIX Security'23 | |
|
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers
30th ACM Conference on Computer and Communications Security Wei Xu, Xiang Li, Chaoyi Lu, Baojun Liu, Jia Zhang, Jianjun Chen, Tao Wan, Haixin Duan paper |
CCS'23 | |
|
Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild
30th ACM Conference on Computer and Communications Security Zhenrui Zhang, Geng Hong, Xiang Li, Zhuoqun Fu, Jia Zhang, Mingxuan Liu, Chuhan Wang, Jianjun Chen, Baojun Liu, Haixin Duan, Chao Zhang, Min Yang paper |
CCS'23 | |
|
Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers
30th ACM Conference on Computer and Communications Security Fenglu Zhang, Baojun Liu, Eihal Alowaisheq, Jianjun Chen, Chaoyi Lu, Linjian Song, Yong Ma, Ying Liu, Haixin Duan, Min Yang paper |
CCS'23 Distinguished Paper Award |
|
|
1dFuzz: Reproduce 1-day Vulnerabilities with Directed Differential Fuzzing
32nd ACM SIGSOFT International Symposium on Software Testing and Analysis Songtao Yang, Yubo He, Kaixiang Chen, Zheyu Ma, Xiapu Luo, Yong Xie, Jianjun Chen, Chao Zhang paper |
ISSTA'23 | |
|
DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains
ACM SIGMETRICS 2023 Mingming Zhang, Xiang Li, Baojun Liu, Jianyu Lu, Jianjun Chen, Yiming Zhang, Xiaofeng Zheng, Haixin Duan, Shuang Hao paper |
SIGMETRICS'23 | |
|
A Security Study about Electron Applications and a Programming Methodology to Tame DOM Functionalities
Proceedings 2023 Network and Distributed System Security Symposium Zihao Jin, Shuo Chen, Yang Chen, Haixin Duan, Jianjun Chen, Jianping Wu paper |
NDSS'23 | |
|
Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive Learning
2023 IEEE Symposium on Security and Privacy Wenyu Zhu, Zhiyao Feng, Zihan Zhang, Jianjun Chen, Zhijian Ou, Min Yang, Chao Zhang paper |
S&P’23 | |
|
A Large-scale and Longitudinal Measurement Study of DKIM Deployment
31th USENIX Conference on Security Symposium Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan paper |
USENIX Security'22 | |
|
HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations
52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Kaiwen Shen, Jianyu Lu, Yaru Yang, Jianjun Chen, Mingming Zhang, Haixin Duan, Jia Zhang, Xiaofeng Zheng paper |
DSN'22 Best Paper Award Runners Up |
|
|
Composition Kills: A Case Study of Email Sender Authentication
29th USENIX Conference on Security Symposium Jianjun Chen,Vern Paxson, Jian Jiang Invited to appear in USENIX ;login:, 2021(Invited Article) Presented at BlackHat USA 2020 (talk abstract) paper slides talk code Coverage: Wired, CSO online, and Dark reading |
USENIX Security'20 Distinguished Paper Award |
|
|
CDN Judo: Breaking the CDN DoS Protection with Itself
Proceedings 2020 Network and Distributed System Security Symposium Run Guo, Weizhong Li, Baojun Liu, Shuang Hao, Jia Zhang, Haixin Duan, Kaiwen Sheng, Jianjun Chen,Ying Liu paper slides |
NDSS'20 | |
|
We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS
27th USENIX Conference on Security Symposium Jianjun Chen, Jian Jiang, Haixin Duan, Tao Wan, Shuo Chen, Vern Paxson, Min Yang Presented at DEFCON China 2018 (talk abstract) paper slides talk code |
USENIX Security'18 | |
|
Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation
IEEE 37th Symposium on Reliable Distributed Systems Run Guo; Jianjun Chen; Baojun Liu; Jia Zhang; Chao Zhang; Haixin Duan; Tao Wan; Jian Jiang; Shuang Hao; Yaoqi Jia; paper |
SRDS’18 | |
|
Forwarding Loop Attacks in Content Delivery Networks
Proceedings 2016 Network and Distributed System Security Symposium Jianjun Chen; Jian Jiang; Xiaofeng Zheng; Haixin Duan; Jinjin Liang; Kang Li; Tao Wan; Vern Paxson; Real-world impact: Cloudflare blog, Fastly blog, CERT/CC, RFC 8586 paper slides |
NDSS'16 Distinguished Paper Award |
|
|
Host of Troubles: Multiple Host Ambiguities in HTTP Implementations
23rd ACM SIGSAC Conference on Computer and Communications Security Jianjun Chen, Jian Jiang, Haixin Duan, Nicholas Weaver, Tao Wan, Vern Paxson paper slides talk website |
CCS'16 Best Paper Nominee |
|
|
Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search
2016 IEEE Symposium on Security and Privacy Xiaojing Liao; Kan Yuan; XiaoFeng Wang; Zhongyu Pei; Hao Yang; Jianjun Chen; Haixin Duan; Kun Du; Eihal Alowaisheq; Sumayah Alrwais; Luyi Xing; Raheem Beyah; paper |
S&P'16 |
| 2023 | |
| 2022 | |
| 2022 | |
| 2020 | |
| 2019 | |
| 2016 |
|
|
2024 |
|
|
2024 |
|
|
2023 |
|
|
2023 |
|
|
2023 |
|
|
Fall 2023 |
|
|
Fall 2022, Fall 2023 |
|
|
Summer 2023 |
|
|
Oct 2021 - Present |
|
|
Apr 2021 - Sep 2021 |
|
|
Aug 2018 - Apr 2021 |