Jianjun Chen is a postdoc at the University of Chicago supervised by Prof. Nick Feamster. Before that, he was a postdoc advised by Prof. Vern Paxson at International Computer Science Institute, an independent non-profit research institute affiliated with UC Berkeley. He was a Ph.D. student at Tsinghua University advised by Prof. Haixin Duan.

His research interest focus on network security, protocol security, and system security. His past research has discovered a series of high-impact security vulnerabilities in widely-used Internet protocols and systems. Those efforts have been recognized by the academic community, winning two Distinguished Paper Awards (NDSS and USENIX security) on the top-tier security conferences, and led to many real-world security responses, such as patches in popular HTTP implementations (e.g., Squid ^[1][2], Chrome ^[3], Firefox ^[4]), security advisories by industrial companies (e.g., Akamai ^[5], Cloudflare ^[6], Apple ^[7]), web standard change ^[8], and a new IETF RFC ^[9].

Talks:

• You have No Idea Who Sent that Email: 18 Attacks on Email Sender Authentication, Black Hat USA 2020, (To appear).
• Hacking Intranet from outside: security problems of Cross Origin Resource Sharing (CORS), DEF CON China, 2018, Beijing.
• Host of Troubles attack, The 2th China Cyber Security summit(CSS) 2016, Beijing.
• Improving IPv6 Attack Detector, Free and Open Source Software conference (FOSSAISA) 2014, Cambodia.

Selected vulnerabilities:

• CVE-2016-4553, Squid team evaluated it as a highest level(blocker) security vulnerability, which allowed an attacker to remotely poison the cache of any HTTP website with arbitrary content.
• CVE-2016-4554, A critical security vulnerability in Squid, which was introduced to version 1.0 in 1996.
• VU#938151, A new type of DoS attacks affecting all 16 CDNs we tested.

I am serving as an reviewer for IEEE/ACM Transactions on Networking(ToN).

• cjj[AT]uchicago.edu or jianjun[AT]icsi.berkeley[DOT]edu
• Suite 600, 1947 Center Street, Berkeley, CA, USA