Network and Information Security Lab @ Tsinghua University

A research team focusing on cyber security at Tsinghua University.
A playground for fun hacking and fundamental research.
Base of the CTF teams Blue-Lotus and RedBud.


Jan 2022 - Dr. Chao Zhang became a tenured associate professor.

Oct 2021 - Our paper Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange was accepted by SIGMETRICS 2022.

Sep 2021 - Our paper Detecting and Characterizing SMS Spearphising Attacks was accepted by ACSAC 2021.

Sep 2021 - Our paper Igor: Crash Deduplication Through Root-Cause Clustering was accepted by CCS 2021.

Aug 2021 - Our paper Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem was accepted by CCS 2021.

Aug 2021 - Our paper On Evaluating Delegated Digital Signing of Broadcasting Messages in 5G was accepted by Globecom 2021.

July 2021 - Our paper Site Isolation Enables Timing-Based Cross-Site Browsing Surveillance was accepted by IEEE S&P 2022.

May 2021 - Our paper iDEV: Exploring and Exploiting Semantic Deviations in ARM Instruction Processing was accepted by ISSTA 2021.

May 2021 - Our paper RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis was accepted by ISSTA 2021.

Mar 2021 - Our paper ZKCPlus: Optimized Fair-exchange ProtocolSupporting Practical and Flexible Data Exchange was accepted by ACM CCS 2021.

Feb 2021 - Our paper ROLoad: Securing Sensitive Operations with Pointee Integrity was accepted by Design Automation Conference (DAC) 2021.

Jan 2021 - Our paper VScape: Assessing and Escaping Virtual Call Protections was accepted by USENIX Security 2021.

Jan 2021 - Our paper MAZE: Towards Automated Heap Feng Shui was accepted by USENIX Security 2021.

Jan 2021 - Our paper Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems was accepted by USENIX Security 2021.

Dec 2020 - Our paper Code is the (F)Law: Demystifying and Mitigating Blockchain Inconsistency AttacksCaused by Software Bugs was accepted by INFOCOM 2021.

Sep 2020 - Our paper Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks was accepted by USENIX Security 2021.

Sep 2020 - Our paper POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming was accepted by NDSS 2021.


Web Security

Cookie Integrity...

Network Security

Protocol security analysis and design, HTTPS, SDN, 5G, IPv6.

System Security

BlockChain Security, IoT Security, ICS Security

Software Security

Vulnerability analysis, discovery, exploit and mitigation. Malware analysis.

Data-driven Security

Intrusion detection, underground economy analysis.

AI Security

AI for security, and Secure AI.


Looking for highly motivated students, postdoc, and research assistants.

Faculty positions are available as well.

Read more ...