Jianjia Yu

Ph.D Student

Computer Science Department

Johns Hopkins University

Email:

Research Insterests: Web Security, System Security, Program Analysis

Linkedin / Google Scholar / Github / CV / Gallery

I am a Ph.D Student (2020-) of Computer Science at Johns Hopkins University, where I am advised by Prof. Yinzhi Cao.

My research focuses on Web Security, System Security, and Program Analysis. Specifically, I propose and develop techniques for vulnerability detection and privacy leak analysis through both static and dynamic program analysis methods.

Before JHU, I received my bachelor's degree at Computer Science Department of Zhejiang University in 2020.
I was a member of ACEE, Chu Kochen College.

Publications

Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites

Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, and Yinzhi Cao

S&P 2025 / Paper

RogueOne: Detecting Rogue Updates via Differential Data-flow Analysis Using Trust Domains

Raphael J. Sofaer, Yaniv David, Mingqing Kang, Jianjia Yu, Yinzhi Cao, Junfeng Yang, and Jason Nieh

ICSE 2024 / Paper

CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation
Distinguished Paper Award

Jianjia Yu, Song Li, Junmin Zhu, and Yinzhi Cao

CCS 2023 / Paper / Code

MiniTaintDev: Unveiling Mini-App Vulnerabilities through Dynamic Taint Analysis

Jianjia Yu, Zifeng Kang, and Yinzhi Cao

ACM Workshop on Secure and Trustworthy Superapps (SaTS) 2023 / Paper

Rendering Contention Channel Made Practical in Web Browsers

Shujiang Wu, Jianjia Yu, Min Yang, and Yinzhi Cao

USENIX Security 2022 / Paper

Experience

Research Assistant, Johns Hopkins University	2020 Sep. - Present
Advisor: Prof. Yinzhi Cao
Research Assistant, Zhejiang University	2020 Mar. - 2020 Jun.
Advisor: Prof. Shouling Ji
Research Assistant, Johns Hopkins University	2019 Jul. - 2019 Nov.
Advisor: Prof. Yinzhi Cao
Research Assistant, Zhejiang University	2018 Nov. - 2019 Jul.
Advisor: Prof. Kejun Zhang

Professional Services

Program Committee, Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2025)	2025
Reviewer, The IEEE Transactions on Information Forensics and Security (IEEE T-IFS)	2024
External reviewer, The 46th IEEE Symposium on Security and Privacy (S&P 2025)	2024
External reviewer, The 19th ACM ASIA Conference on Computer and Communications Security (ASIACCS 2024)	2023
Artifact Evaluation Committee, The Annual Computer Security Applications Conference (ACSAC 2023)	2022
Organizer and Volunteer, The 52nd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2022)	2022
External reviewer, The USENIX Security Symposium 21'Fall (USENIX Security 2021)	2021

Teaching Experience

Course Assistant, EN 601.640 - Web Security, JHU	2023 Fall
Course Assistant, EN 601.640 - Web Security, JHU	2022 Fall
Teaching Assistant, EN 601.280 - Full Stack JavaScript, JHU	2022 Spring

Misc

My name "蒹葭"" originates from the Classic of Poetry《诗经》, where "蒹葭" refers to reeds. My name "bothered" me a lot when I was young and was not very skilled at handwriting--just count the strokes! My English name is Suzy, written as "苏茜" in Chinese. Try to find something in common between them.

I play Pipa, a traditional Chinese instrument. I am a member of Hopkins East Asian Traditional (HEAT) Ensemble. Check out our Youtube and Instagram.

See Gallery if you think Sony is the best camera and I am the best photographer.

Want to know more? Check my Vlogs.