Selected Publications

More publications

. Composition Kills: A Case Study of Email Sender Authentication. In USENIX Security 2020. (Distinguished Paper Award)

PDF Code

. We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS. In USENIX Security 2018.

PDF Code Slides Video

. Host of Troubles: Multiple Host Ambiguities in HTTP Implementations. In CCS 2016. (Best Paper Nominee)

PDF Slides Video

. Forwarding Loop Attacks in Content Delivery Networks. In NDSS 2016. (Distinguished Paper Award)

PDF Slides



Selected vulnerabilities:

  • CVE-2016-4553, Squid team evaluated it as a highest level(blocker) security vulnerability, which allowed an attacker to remotely poison the cache of any HTTP website with arbitrary content.
  • CVE-2016-4554, A critical security vulnerability in Squid, which was introduced to version 1.0 in 1996.
  • VU#938151, A new type of DoS attacks affecting all 16 CDNs we tested.

I am serving as an reviewer for IEEE/ACM Transactions on Networking(ToN).


  • cjj[AT] or jianjun[AT]icsi.berkeley[DOT]edu
  • Suite 600, 1947 Center Street, Berkeley, CA, USA