Email: c[lastname]

Tel: (852) 2241 5421

Fax: (852) 2559 8447

Office: Room 315A, Chow Yei Ching Building

The University of Hong Kong

Pokfulam, Hong Kong

I am an Assistant Professor at the Computer Science Department in The University of Hong Kong. I lead the HKUS3 Lab, where we design and build systems to automatically detect and prevent attacks in software and systems. Our research interests encompass program analysis, software debloating, dynamic/hybrid testing, and binary code analysis.

We have a number of openings for Ph.D. students, research assistants, and postdoctoral researchers. Please drop me an email if you are interested in software and system security.


  • [2023-04] Yingying Liu is awarded HKPFS.
  • [2023-02] Yingying Liu and Junzhe Li are awarded HKU Presidential PhD Scholarship.
  • [2022-09] The Software Debloating project gets funded by NSFC.
  • [2022-08] The Blockchain Security project gets funded by HKU-SCF FinTech Academy.
  • [2022-07] Qingyu Zhang join our groups as a Ph.D. student.
  • [2022-04] Jiayi Lin join our group as a Ph.D. student.

Selected Publications

Hao Zhou, Shuohan Wu, Chenxiong Qian, Xiapu Luo, Haipeng Cai, and Chao Zhang (2024). Beyond the Surface: Uncovering the Unprotected Components of Android Against Overlay Attack. (NDSS 2024).

Pengfei Jing, Zhiqiang Cai, Yingjie Cao, Le Yu, Yuefeng Du, Wenkai Zhang, Chenxiong Qian, Xiapu Luo, Sen Nie, and Shi Wu (2024). Revisiting Automotive Attack Surfaces: a Practitioners’ Perspective. (S&P 2024).

Shuohan Wu, Jianfeng Li, Hao Zhou, Yongsheng Fang, Kaifa Zhao, Haoyu Wang, Chenxiong Qian, and Xiapu Luo (2023). CydiOS: a model-based testing framework for iOS apps. ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023).

ChangSeok Oh, Sangho Lee, Chenxiong Qian, Hyungjoon Koo and Wenke Lee (2022). DeView: Confining Progressive Web Applications by Debloating Web APIs. Annual Computer Security Applications Conference (ACSAC 22).

Chenxiong Qian, Hyungjoon Koo, ChangSeok Oh, Taesoo Kim, Wenke Lee (2020). Slimium: Debloating the Chromium Browser with Feature Subsetting. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS).

Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho Chung, Taesoo Kim, Wenke Lee (2019). RAZOR: A Framework for Post-deployment Software Debloating. 28th USENIX Security Symposium (USENIX Security 19).

Lei Xue, Chenxiong Qian, Hao Zhou, Xiapu Luo, Yajin Zhou, Yuru Shao, Alvin T.S. Chan (2019). NDroid: Toward Tracking Information Flows Across Multiple Android Contexts. IEEE Transactions on Information Forensics and Security.

Wei Meng, Chenxiong Qian, Shuang Hao, Kevin Borgolte, Giovanni Vigna, Christopher Kruegel, Wenke Lee (2018). Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks. 27th USENIX Security Symposium (USENIX Security 18).

Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, Taesoo Kim (2018). Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels. 2018 IEEE Symposium on Security and Privacy (SP).

Le Yu, Xiapu Luo, Chenxiong Qian, Shuai Wang, Hareton K. N. Leung (2018). Enhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy. IEEE Transactions on Software Engineering.

Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Pak Ho Chung, William R. Harris, Taesoo Kim, Wenke Lee (2018). Enforcing Unique Code Target Property for Control-Flow Integrity. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.

Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, Wenke Lee (2017). Efficient Protection of Path-Sensitive Control Security. 26th USENIX Security Symposium (USENIX Security 17).

Yanick Fratantonio, Chenxiong Qian, Simon P. Chung, Wenke Lee (2017). Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop. 2017 IEEE Symposium on Security and Privacy (SP).

Full List


  • 2024
    • PC – USENIX Security 2024
  • 2023
    • PC – ACSAC 2023
    • PC – EAI SecureComm 2023
    • Reviewer – TDSC
    • Reviewer – Computers and Security
  • 2022
    • Reviewer – TDSC