Chenxiong Qian

Assistant Professor, The University of Hong Kong

cqian [AT] cs.hku.hk

Bio

I am an Assistant Professor at the School of Computing and Data Science at The University of Hong Kong. I lead the System Security Lab, where we design and build systems to enhance computer security. Our research leverages methodologies and theories from programming languages, software engineering, operating systems, and artificial intelligence.

I earned my PhD in Computer Science from the Georgia Institute of Technology, advised by Prof. Wenke Lee and Dr. William Harris. I got my BA in Software Engineering from Nanjing University. Before pursuing my PhD, I spent one and a half years at Hong Kong PolyU doing research on Android security, advised by Prof. Daniel Xiapu Luo.

I am looking for highly-motivated PhD students and postdocs interested in security, program analysis, software engineering, and operating systems. If you are interested, please feel free to reach out.

Publications

Most recent publications on Google Scholar.
indicates first author is my student.

Specializing Language Models for Textual Fuzzing via Reinforcement Learning

Jiayi Lin, Liangcai Su, Junzhe Li, Chenxiong Qian

S&P'26: 2026 IEEE Symposium on Security and Privacy. 2026.

Paper Code HuggingFace

Scaling Agents via Continual Pre-training

Liangcai Su, Zhen Zhang, Guangyu Li, Zhuo Chen, Chenxi Wang, Maojia Song, Xinyu Wang, Kuan Li, Jialong Wu, Xuanzhong Chen, Zile Qiao, Zhongwang Zhang, Huifeng Yin, Shihao Cai, Runnan Fang, Zhengwei Tao, Wenbiao Yin, Rui Ye, Yong Jiang, Ningyu Zhang, Pengjun Xie, Fei Huang, Kai Ye, Kewei Tu, Chenxiong Qian, Jingren Zhou

ICLR'26: The Fourteenth International Conference on Learning Representations. 2026.

Paper Blog

XGuardian: Towards Explainable and Generalized AI Anti-Cheat on FPS Games

Jiayi Zhang, Chenxin Sun, Chenxiong Qian

SEC'26: The 35th USENIX Security Symposium. 2026.

IsolatOS: Detecting Double Fetch Bugs in COTS RTOS by Re-enabling Kernel Isolation

Yingjie Cao, Xiaogang Zhu, Dean Sullivan, Haowei Yang, Lei Xue, Xian Li, Chenxiong Qian, Minrui Yan, Xiapu Luo

NDSS'26: The 33rd Network and Distributed System Security Symposium. 2026.

Fuzzing JavaScript Engines by Fusing JavaScript and WebAssembly

Jiayi Lin, Changhua Luo, Mingxue Zhang, Lanteng Lin, Penghui Li, Chenxiong Qian

ICSE'26: The 48th IEEE/ACM International Conference on Software Engineering. 2026.

ImportSnare: Directed "Code Manual" Hijacking in Retrieval-Augmented Code Generation

Kai Ye, Liangcai Su, Chenxiong Qian

CCS'25: The 32nd ACM Conference on Computer and Communications Security. 2025.

Paper Code Homepage

How Far Are We from True Unlearnability?

Kai Ye, Liangcai Su, Chenxiong Qian

ICLR'25: The Thirteenth International Conference on Learning Representations. 2025.

Paper

Daredevil: Rescue Your Flash Storage from Inflexible Kernel Storage Stack

Junzhe Li, Ran Shu, Jiayi Lin, Qingyu Zhang, Ziyue Yang, Jie Zhang, Yongqiang Xiong, Chenxiong Qian

EuroSys'25: Twentieth European Conference on Computer Systems. 2025.

Code

Automatic Library Fuzzing through API Relation Evolvement

Jiayi Lin, Qingyu Zhang, Junzhe Li, Chenxin Sun, Changhua Luo, Hao Zhou, Chenxiong Qian

NDSS'25: The 32nd Network and Distributed System Security Symposium. 2025.

Invisibility Cloak: Proactive Defense Against Visual Game Cheating

Chenxin Sun, Kai Ye, Liangcai Su, Jiayi Zhang, Chenxiong Qian

SEC'24: 33rd USENIX Security Symposium. 2024.

Paper Slides Data Homepage

Beyond the Surface: Uncovering the Unprotected Components of Android Against Overlay Attack

Hao Zhou, Shuohan Wu, Chenxiong Qian, Xiapu Luo, Haipeng Cai, Chao Zhang

NDSS'24: The 31st Network and Distributed System Security Symposium. 2024.

Revisiting Automotive Attack Surfaces: a Practitioners' Perspective

Pengfei Jing, Zhiqiang Cai, Yingjie Cao, Le Yu, Yuefeng Du, Wenkai Zhang, Chenxiong Qian, Xiapu Luo, Sen Nie, Shi Wu

S&P'24: 2024 IEEE Symposium on Security and Privacy. 2024.

Slimium: Debloating the Chromium Browser with Feature Subsetting

Chenxiong Qian, Hyungjoon Koo, ChangSeok Oh, Taesoo Kim, Wenke Lee

CCS'20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020.

RAZOR: a Framework for Post-deployment Software Debloating

Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Chung, Taesoo Kim, Wenke Lee

SEC'19: Proceedings of the 28th USENIX Conference on Security Symposium. 2019.

Enforcing Unique Code Target Property for Control-Flow Integrity

Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Chung, William Harris, Taesoo Kim, Wenke Lee

CCS'18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018.

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels

Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, Taesoo Kim

S&P'18: 2018 IEEE Symposium on Security and Privacy. 2018.

Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop

Yanick Fratantonio, Chenxiong Qian, Simon Chung, Wenke Lee

S&P'17: 2017 IEEE Symposium on Security and Privacy. 2017.

Specializing Language Models for Textual Fuzzing via Reinforcement Learning

Jiayi Lin, Liangcai Su, Junzhe Li, Chenxiong Qian

S&P'26: 2026 IEEE Symposium on Security and Privacy. 2026.

Paper Code HuggingFace

Scaling Agents via Continual Pre-training

Liangcai Su, Zhen Zhang, Guangyu Li, Zhuo Chen, Chenxi Wang, Maojia Song, Xinyu Wang, Kuan Li, Jialong Wu, Xuanzhong Chen, Zile Qiao, Zhongwang Zhang, Huifeng Yin, Shihao Cai, Runnan Fang, Zhengwei Tao, Wenbiao Yin, Rui Ye, Yong Jiang, Ningyu Zhang, Pengjun Xie, Fei Huang, Kai Ye, Kewei Tu, Chenxiong Qian, Jingren Zhou

ICLR'26: The Fourteenth International Conference on Learning Representations. 2026.

Paper Blog

XGuardian: Towards Explainable and Generalized AI Anti-Cheat on FPS Games

Jiayi Zhang, Chenxin Sun, Chenxiong Qian

SEC'26: The 35th USENIX Security Symposium. 2026.

Bones of Contention: Exploring Query-Efficient Attacks Against Skeleton Recognition Systems

Yuxin Cao, Kai Ye, Derui Wang, Minhui Xue, Hao Ge, Chenxiong Qian, Jin Song Dong

TIFS'26: IEEE Transactions on Information Forensics and Security. 2026.

Identify as a Human Does: A Pathfinder of Next-Generation Anti-Cheat Framework for First-Person Shooter Games

Jiayi Zhang, Chenxin Sun, Yue Gu, Qingyu Zhang, Jiayi Lin, Xiaojiang Du, Chenxiong Qian

TIFS'26: IEEE Transactions on Information Forensics and Security. 2026.

IsolatOS: Detecting Double Fetch Bugs in COTS RTOS by Re-enabling Kernel Isolation

Yingjie Cao, Xiaogang Zhu, Dean Sullivan, Haowei Yang, Lei Xue, Xian Li, Chenxiong Qian, Minrui Yan, Xiapu Luo

NDSS'26: The 33rd Network and Distributed System Security Symposium. 2026.

Fuzzing JavaScript Engines by Fusing JavaScript and WebAssembly

Jiayi Lin, Changhua Luo, Mingxue Zhang, Lanteng Lin, Penghui Li, Chenxiong Qian

ICSE'26: The 48th IEEE/ACM International Conference on Software Engineering. 2026.

Merlin: Improving Page Prefetching via Online Reinforcement Learning

Yingying Liu, Junzhe Li, Junzhou Fang, Chenxiong Qian

PACMI'25: Practical Adoption Challenges of ML for Systems. 2025.

Indispensable CPU-centric Checkpointing for GPUs

Junzhe Li, Ran Shu, Ziyue Yang, Shuotao Xu, Chenxiong Qian, Yongqiang Xiong

APSys'25: The 16th ACM SIGOPS Asia-Pacific Workshop on Systems. 2025.

ImportSnare: Directed "Code Manual" Hijacking in Retrieval-Augmented Code Generation

Kai Ye, Liangcai Su, Chenxiong Qian

CCS'25: The 32nd ACM Conference on Computer and Communications Security. 2025.

Paper Code Homepage

How Far Are We from True Unlearnability?

Kai Ye, Liangcai Su, Chenxiong Qian

ICLR'25: The Thirteenth International Conference on Learning Representations. 2025.

Paper

Daredevil: Rescue Your Flash Storage from Inflexible Kernel Storage Stack

Junzhe Li, Ran Shu, Jiayi Lin, Qingyu Zhang, Ziyue Yang, Jie Zhang, Yongqiang Xiong, Chenxiong Qian

EuroSys'25: Twentieth European Conference on Computer Systems. 2025.

Code

Automatic Library Fuzzing through API Relation Evolvement

Jiayi Lin, Qingyu Zhang, Junzhe Li, Chenxin Sun, Changhua Luo, Hao Zhou, Chenxiong Qian

NDSS'25: The 32nd Network and Distributed System Security Symposium. 2025.

WizardMerge - Save Us From Merging Without Any Clues

Qingyu Zhang, Junzhe Li, Jiayi Lin, Jie Ding, Lanteng Lin, Chenxiong Qian

TOSEM'25: Transactions on Software Engineering and Methodology. 2025.

Code

CherryPicker: A Parallel Solving and State Sharing Hybrid Fuzzing System

Qingyu Zhang, Jiayi Lin, Chenxin Sun, Chenxiong Qian, Xiapu Luo

TDSC'25: IEEE Transactions on Dependable and Secure Computing. 2025.

Invisibility Cloak: Proactive Defense Against Visual Game Cheating

Chenxin Sun, Kai Ye, Liangcai Su, Jiayi Zhang, Chenxiong Qian

SEC'24: 33rd USENIX Security Symposium. 2024.

Paper Slides Data Homepage

Beyond the Surface: Uncovering the Unprotected Components of Android Against Overlay Attack

Hao Zhou, Shuohan Wu, Chenxiong Qian, Xiapu Luo, Haipeng Cai, Chao Zhang

NDSS'24: The 31st Network and Distributed System Security Symposium. 2024.

Revisiting Automotive Attack Surfaces: a Practitioners' Perspective

Pengfei Jing, Zhiqiang Cai, Yingjie Cao, Le Yu, Yuefeng Du, Wenkai Zhang, Chenxiong Qian, Xiapu Luo, Sen Nie, Shi Wu

S&P'24: 2024 IEEE Symposium on Security and Privacy. 2024.

Unearthing Gas-Wasting Code Smells in Smart Contracts with Large Language Models

Jinan Jiang, Zihao Li, Haoran Qin, Muhui Jiang, Xiapu Luo, Xiaoming Wu, Haoyu Wang, Yutian Tang, Chenxiong Qian, Ting Chen

TSE'24: IEEE Transactions on Software Engineering. 2024.

CydiOS: A Model-Based Testing Framework for iOS Apps

Shuohan Wu, Jianfeng Li, Hao Zhou, Yongsheng Fang, Kaifa Zhao, Haoyu Wang, Chenxiong Qian, Xiapu Luo

ISSTA'23: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 2023.

DeView: Confining Progressive Web Applications by Debloating Web APIs

ChangSeok Oh, Sangho Lee, Chenxiong Qian, Hyungjoon Koo, Wenke Lee

ACSAC'22: Proceedings of the 38th Annual Computer Security Applications Conference. 2022.

Slimium: Debloating the Chromium Browser with Feature Subsetting

Chenxiong Qian, Hyungjoon Koo, ChangSeok Oh, Taesoo Kim, Wenke Lee

CCS'20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020.

RAZOR: a Framework for Post-deployment Software Debloating

Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Chung, Taesoo Kim, Wenke Lee

SEC'19: Proceedings of the 28th USENIX Conference on Security Symposium. 2019.

NDroid: Toward Tracking Information Flows Across Multiple Android Contexts

Lei Xue, Chenxiong Qian, Hao Zhou, Xiapu Luo, Yajin Zhou, Yuru Shao, Alvin Chan

TIFS'19: IEEE Transactions on Information Forensics and Security. 2019.

Enforcing Unique Code Target Property for Control-Flow Integrity

Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Chung, William Harris, Taesoo Kim, Wenke Lee

CCS'18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018.

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels

Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, Taesoo Kim

S&P'18: 2018 IEEE Symposium on Security and Privacy. 2018.

Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks

Wei Meng, Chenxiong Qian, Shuang Hao, Kevin Borgolte, Giovanni Vigna, Christopher Kruegel, Wenke Lee

SEC'18: 27th USENIX Security Symposium. 2018.

Enhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy

Le Yu, Xiapu Luo, Chenxiong Qian, Shuai Wang, Hareton Leung

TOSE'18: IEEE Transactions on Software Engineering. 2018.

Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop

Yanick Fratantonio, Chenxiong Qian, Simon Chung, Wenke Lee

S&P'17: 2017 IEEE Symposium on Security and Privacy. 2017.

Efficient Protection of Path-Sensitive Control Security

Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, Wenke Lee

SEC'17: 26th USENIX Security Symposium. 2017.

Revisiting the Description-to-Behavior Fidelity in Android Applications

Le Yu, Xiapu Luo, Chenxiong Qian, Shuai Wang

SANER'16: 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering. 2016.

Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques

Meng Xu, Chengyu Song, Yang Ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, Taesoo Kim

ACM Computing Surveys. 2016.

VulHunter: Toward Discovering Vulnerabilities in Android Applications

Chenxiong Qian, Xiapu Luo, Yu Le, Guofei Gu

IEEE Micro. 2015.

AndroidPerf: A Cross-layer Profiling System for Android Applications

Lei Xue, Chenxiong Qian, Xiapu Luo

IWQoS'15: 2015 IEEE 23rd International Symposium on Quality of Service. 2015.

Towards a Scalable Resource-driven Approach for Detecting Repackaged Android Applications

Yuru Shao, Xiapu Luo, Chenxiong Qian, Pengfei Zhu, Lei Zhang

ACSAC'14: Proceedings of the 30th Annual Computer Security Applications Conference. 2014.

On Measuring One-Way Path Metrics from a Web Server

Xiapu Luo, Lei Xue, Cong Shi, Yuru Shao, Chenxiong Qian, Edmond Chan

ICNP'14: 2014 IEEE 22nd International Conference on Network Protocols. 2014.

On Tracking Information Flows through JNI in Android Applications

Chenxiong Qian, Xiapu Luo, Yuru Shao, Alvin Chan

DSN'14: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 2014.

RootGuard: Protecting Rooted Android Phones

Yuru Shao, Xiapu Luo, Chenxiong Qian

Computer. 2014.

Team

PhD Students
Research Assistants
MPhil Students
Alumni

Vitæ

Full Resume in PDF.

This website is based on a template by Martin Saveski.