Jianjun Chen

Jianjun Chen


Associate Professor at Tsinghua University

Office: Room 1-213, FIT building, Tsinghua University, Beijing, China

Email: jianjun [AT] tsinghua.edu.cn
jianjun [AT] icsi.berkeley.edu
cjj [AT] cs.uchicago.edu

  I'm looking for highly-motivated Ph.D., master, and undergraduate students to join us! Postdoc positions are also avaliable. Please feel free to email me.

Me and My Research

I am an associate professor at the Institute for Network Sciences and Cyberspace at Tsinghua University. Before joining Tsinghua, I was a postdoctoral researcher at UC Berkeley (worked with Prof. Vern Paxson) and the University of Chicago (worked with Prof. Nick Feamster). I received my Ph.D. in Computer Science at Tsinghua University in 2018.

My research interest focus on network security, protocol security, and system security. I'm particularly interested in discovering and mitigating new security vulnerabilities in widely-used Internet protocols and systems, such as HTTP protocol, CDN system, email system, and web browsers.

My research has won multiple Distinguished Paper Awards on the top-tier security conferences (e.g., NDSS 2016 and USENIX security 2020), and led to many real-world security improvements, such as patches in popular HTTP implementations (e.g., Squid, Chrome, Firefox), security advisories by industrial companies (e.g., Akamai, Cloudflare, Apple), web standard change, and a new IETF RFC (RFC 8586).

Publications

My ZIP isn’t your ZIP: Identifying and Exploiting Semantic Gaps Between ZIP Parsers
34th USENIX Conference on Security Symposium
Yufan You, Jianjun Chen, Qi Wang, Haixin Duan
To appear bibtex
USENIX Security'25
The Silent Danger in HTTP: Identifying HTTP Desync Vulnerabilities with Gray-box Testing
34th USENIX Conference on Security Symposium
Keran Mu, Jianjun Chen, Jianwei Zhuge, Qi Li, Haixin Duan, Nick Feamster
To appear bibtex
USENIX Security'25
Email Spoofing with SMTP Smuggling: How the Shared Email Infrastructures Magnify this Vulnerability
34th USENIX Conference on Security Symposium
Chuhan Wang, Chenkai Wang, Songyi Yang, Sophia Liu, Jianjun Chen, Haixin Duan, Gang Wang
paper bibtex
USENIX Security'25
The Danger of Packet Length Leakage: Off-path TCP/IP Hijacking Attacks Against Wireless and Mobile Networks
2025 IEEE European Symposium on Security and Privacy
Guancheng Li, Minghao Zhang, Jianjun Chen, Ge Dai, Pinji Chen, Huiming Liu, Yang Yu, Haixin Duan, Zhiyun Qian
To appear bibtex
Euro S&P'25
Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange
Proceedings 2025 Network and Distributed System Security Symposium
Pinji Chen, Jianjun Chen, Mingming Zhang, Qi Wang, Yiming Zhang, Mingwei Xu, Haixin Duan
Presented at BlackHat USA 2025 [talk abstract]
paper bibtex
NDSS'25
Invade the Walled Garden: Evaluating GTP Security in Cellular Networks
2025 IEEE Symposium on Security and Privacy
Yiming Zhang, Tao Wan, Yaru Yang, Haixin Duan, Yichen Wang, Jianjun Chen, Zixiang Wei, Xiang Li
paper bibtex
S&P'25
Internet’s Invisible Enemy: Detecting and Measuring Web Cache Poisoning in the Wild
31th ACM Conference on Computer and Communications Security
Yuejia Liang, Jianjun Chen, Run Guo, Kaiwen Shen, Hui Jiang, Man Hou, Yue Yu, Haixin Duan
paper code bibtex
CCS'24
Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors
31th ACM Conference on Computer and Communications Security
Jiahe Zhang, Jianjun Chen, Qi Wang, Hangyu Zhang, Chuhan Wang, Jianwei Zhuge, Haixin Duan
Presented at BlackHat Asia 2025 [talk abstract]
paper code bibtex
CCS'24
Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web Applications
2024 IEEE Symposium on Security and Privacy
Enze Wang, Jianjun Chen, Wei Xie, Chuhan Wang, Yifei Gao, Zhenhua Wang, Haixin Duan, Yang Liu, Baosheng Wang
paper code bibtex
S&P'24
Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls
2024 IEEE Symposium on Security and Privacy
Qi Wang, Jianjun Chen, Zheyu Jiang, Run Guo, Ximeng Liu, Chao Zhang, Haixin Duan
Presented at BlackHat USA 2024 [talk abstract]
paper code bibtex
S&P'24
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets
2024 IEEE Symposium on Security and Privacy
Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li
paper bibtex
S&P'24
Bounce in the Wild: A Deep Dive into Email Delivery Failures from a Large Email Service Provider
Proceedings of the 2024 ACM on Internet Measurement Conference
Ruixuan Li, Shaodong Xiao, Baojun Liu, Yanzhong Lin, Haixin Duan, Qingfeng Pan, Jianjun Chen, Jia Zhang, Ximeng Liu, Xiuqi Lu, Jun Shao
paper bibtex
IMC'24
Demystifying the Security Implications in IoT Device Rental Services
33th USENIX Conference on Security Symposium
Yi He, Ruoyu Lun, Yunchao Guan, Shangru Song, Zhihao Guo, Hetian Shi, Jianwei Zhuge, Jianjun Chen, Qiang We, Zehui Wu, Miao Yu, Qi Li
paper bibtex
USENIX Security'24
CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks
33th USENIX Conference on Security Symposium
Ziyu Lin, Zhiwei Lin, Ximeng Liu, Jianjun Chen, Run Guo, Cheng Chen, Shaodong Xiao
paper bibtex
USENIX Security'24
BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
Proceedings 2024 Network and Distributed System Security Symposium
Chuhan Wang, Yasuhiro Kuranaga, Yihang Wang, Mingming Zhang, Linkai Zheng, Xiang Li, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan
paper bibtex
NDSS'24
ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing
Proceedings 2024 Network and Distributed System Security Symposium
Linkai Zheng, Xiang Li, Chuhan Wang, Run Guo, Haixin Duan, Jianjun Chen, Kaiwen Shen
paper code bibtex
NDSS'24
Faster and Better: Detecting Vulnerabilities in Linux-based IoT Firmware with Optimized Reaching Definition Analysis
Proceedings 2024 Network and Distributed System Security Symposium
Zicong Gao, Chao Zhang , Hangtian Liu, Wenhou Sun, Zhizhuo Tang, Liehui Jiang, Jianjun Chen, Yong Xie
paper bibtex
NDSS'24
Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging Services
17th ACM Conference on Security and Privacy in Wireless and Mobile Networks
Yaru Yang, Yiming Zhang, Tao Wan, Chuhan Wang, Haixin Duan, Jianjun Chen, Yishen Li
paper bibtex
WiSec'24
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack
32th USENIX Conference on Security Symposium
Run Guo, Jianjun Chen, Yihang Wang, Keran Mu, Baojun Liu, Xiang Li, Chao Zhang, Haixin Duan, Jianping Wu
Presented at BlackHat Europe 2023 [talk abstract]
paper slides bibtex
USENIX Security'23
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers
30th ACM Conference on Computer and Communications Security
Wei Xu, Xiang Li, Chaoyi Lu, Baojun Liu, Jia Zhang, Jianjun Chen, Tao Wan, Haixin Duan
paper bibtex
CCS'23
Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild
30th ACM Conference on Computer and Communications Security
Zhenrui Zhang, Geng Hong, Xiang Li, Zhuoqun Fu, Jia Zhang, Mingxuan Liu, Chuhan Wang, Jianjun Chen, Baojun Liu, Haixin Duan, Chao Zhang, Min Yang
paper bibtex
CCS'23
Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers
30th ACM Conference on Computer and Communications Security
Fenglu Zhang, Baojun Liu, Eihal Alowaisheq, Jianjun Chen, Chaoyi Lu, Linjian Song, Yong Ma, Ying Liu, Haixin Duan, Min Yang
paper bibtex
CCS'23
Distinguished Paper Award
1dFuzz: Reproduce 1-day Vulnerabilities with Directed Differential Fuzzing
32nd ACM SIGSOFT International Symposium on Software Testing and Analysis
Songtao Yang, Yubo He, Kaixiang Chen, Zheyu Ma, Xiapu Luo, Yong Xie, Jianjun Chen, Chao Zhang
paper bibtex
ISSTA'23
DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains
ACM SIGMETRICS 2023
Mingming Zhang, Xiang Li, Baojun Liu, Jianyu Lu, Yiming Zhang, Jianjun Chen, Haixin Duan, Shuang Hao, Xiaofeng Zheng
paper bibtex
SIGMETRICS'23
A Security Study about Electron Applications and a Programming Methodology to Tame DOM Functionalities
Proceedings 2023 Network and Distributed System Security Symposium
Zihao Jin, Shuo Chen, Yang Chen, Haixin Duan, Jianjun Chen, Jianping Wu
paper bibtex
NDSS'23
Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive Learning
2023 IEEE Symposium on Security and Privacy
Wenyu Zhu, Zhiyao Feng, Zihan Zhang, Jianjun Chen, Zhijian Ou, Min Yang, Chao Zhang
paper bibtex
S&P’23
A Large-scale and Longitudinal Measurement Study of DKIM Deployment
31th USENIX Conference on Security Symposium
Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan
paper bibtex
USENIX Security'22
HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations
52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Kaiwen Shen, Jianyu Lu, Yaru Yang, Jianjun Chen, Mingming Zhang, Haixin Duan, Jia Zhang, Xiaofeng Zheng
paper bibtex
DSN'22
Best Paper Award Runners Up
Composition Kills: A Case Study of Email Sender Authentication
29th USENIX Conference on Security Symposium
Jianjun Chen, Vern Paxson, Jian Jiang
Invited to appear in USENIX ;login: 2021[Invited Article]
Presented at BlackHat USA 2020 [talk abstract]
Coverage: Wired, CSO online, and Dark reading
paper slides talk code bibtex
USENIX Security'20
Distinguished Paper Award
CDN Judo: Breaking the CDN DoS Protection with Itself
Proceedings 2020 Network and Distributed System Security Symposium
Run Guo, Weizhong Li, Baojun Liu, Shuang Hao, Jia Zhang, Haixin Duan, Kaiwen Sheng, Jianjun Chen,Ying Liu
paper slides bibtex
NDSS'20
We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS
27th USENIX Conference on Security Symposium
Jianjun Chen, Jian Jiang, Haixin Duan, Tao Wan, Shuo Chen, Vern Paxson, Min Yang
Presented at DEFCON China 2018 [talk abstract]
paper slides talk code bibtex
USENIX Security'18
Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation
IEEE 37th Symposium on Reliable Distributed Systems
Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang, Chao Zhang, Haixin Duan, Tao Wan, Jian Jiang, Shuang Hao, Yaoqi Jia
paper bibtex
SRDS’18
Forwarding Loop Attacks in Content Delivery Networks
Proceedings 2016 Network and Distributed System Security Symposium
Jianjun Chen, Jian Jiang, Xiaofeng Zheng, Haixin Duan, Jinjin Liang, Kang Li, Tao Wan, Vern Paxson
Real-world impact: [Cloudflare blog] [Fastly blog] [CERT/CC] [RFC 8586]
paper slides bibtex
NDSS'16
Distinguished Paper Award
Host of Troubles: Multiple Host Ambiguities in HTTP Implementations
23rd ACM SIGSAC Conference on Computer and Communications Security
Jianjun Chen, Jian Jiang, Haixin Duan, Nicholas Weaver, Tao Wan, Vern Paxson
paper slides talk website bibtex
CCS'16
Best Paper Nominee
Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search
2016 IEEE Symposium on Security and Privacy
Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhongyu Pei, Hao Yang, Jianjun Chen, Haixin Duan, Kun Du, Eihal Alowaisheq, Sumayah Alrwais, Luyi Xing, Raheem Beyah
paper bibtex
S&P'16

Honors & Awards

  • 清华大学第十九届“良师益友”奖
    		•  2024
  • Distinguished Paper Award, ACM CCS 2023
    		•  2023
  • NSFC Excellent Young Scholar (国家级青年高层次人才)
    		•  2022
  • Best Paper Award Runners Up, IEEE/IFIP Dependable Systems and Networks (DSN) 2022
    		•  2022
  • Distinguished Paper Award, USENIX Security 2020
    		•  2020
  • ACM China SIGSAC Doctoral Dissertation Award
    		•  2019
  • Distinguished Paper Award, Network and Distributed System Security Symposium (NDSS) 2016
    		•  2016

    Professional Activities

    Editorial Board
  • Associate Editor, IEEE Transactions on Information Forensics and Security (T-IFS)
    		• 2024 - present

    TPC Member
  • Program committee member, ACM Conference on Computer and Communications Security (CCS)
    		• 2025
  • Program committee member, Network and Distributed System Security Symposium (NDSS)
    		• 2025
  • Program committee member, IEEE European Symposium on Security and Privacy (Euro S&P)
    		• 2025
  • Program committee member, IEEE Symposium on Security and Privacy (S&P)
    		• 2024
  • Program committee member, ACM Conference on Computer and Communications Security (CCS)
    		• 2024
  • Program committee member, IEEE European Symposium on Security and Privacy (Euro S&P)
    		• 2024
  • Program committee member, ACM Conference on Computer and Communications Security (CCS)
    		• 2023
  • Program committee member, ACM Internet Measurement Conference (IMC)
    		• 2023
  • Program committee member, IEEE European Symposium on Security and Privacy (Euro S&P)
    		• 2023

    Teaching

  • Web Security (Course No. 84120252)
    		• Fall 2023, Fall 2024
  • Security Design and Analysis of Network Protocols (Course No. 74120033)
    		•  Fall 2022, Fall 2023, Fall 2024
  • Advanced Cyber Attack and Defense Practice (Course No. 84120143)
    		•  Summer 2023

    Professional Experience

  • Associate Professor, Tsinghua University
    		• Jun 2024 - Present
  • Assistant Professor, Tsinghua University
    		• Oct 2021 - Jun 2024
  • Postdoctoral Fellow, University of Chicago
    		• Apr 2021 - Sep 2021
  • Postdoctoral Fellow, UC Berkeley
    		• Aug 2018 - Apr 2021
    京ICP备2024048418号