Jianjun Chen is a postdoc supervised by Prof. Vern Paxson at International Computer Science Institute, an independent non-profit research institute affiliated with UC Berkeley. He was a Ph.D. student at Tsinghua University advised by Prof. Haixin Duan.

His research focuses on studying real-world systems to understand their security challenges and develop mitigation solutions. He worked in the areas of CDN security, HTTP implementations, web browsers, and email systems. His previous research was published on top-tier security conferences (NDSS, ACM CCS, USENIX Security), and led to some real-world security pushes, such as patches in popular HTTP implementations (e.g., Squid ^[1][2], Chrome ^[1], Firefox ^[1]), security advisories by industrial companies (e.g., Akamai ^[1], Cloudflare ^[1], Apple ^[1]), web standard change ^[1], and a new IETF RFC ^[1].

Talks:

• You have No Idea Who Sent that Email: 18 Attacks on Email Sender Authentication, Black Hat USA 2020, (To appear).
• Hacking Intranet from outside: security problems of Cross Origin Resource Sharing (CORS), DEF CON China, 2018, Beijing.
• Host of Troubles attack, The 2th China Cyber Security summit(CSS) 2016, Beijing.
• Improving IPv6 Attack Detector, Free and Open Source Software conference (FOSSAISA) 2014, Cambodia.

Selected vulnerabilities:

• CVE-2016-4553, Squid team evaluated it as a highest level(blocker) security vulnerability, which allowed an attacker to remotely poison the cache of any HTTP website with arbitrary content.
• CVE-2016-4554, A critical security vulnerability in Squid, which was introduced to version 1.0 in 1996.
• VU#938151, A new type of DoS attacks affecting all 16 CDNs we tested.

I am serving as an reviewer for IEEE/ACM Transactions on Networking(ToN).

• jianjun[AT]icsi[DOT]berkeley[DOT]edu
• Suite 600, 1947 Center Street, Berkeley, CA, USA