个人简介:

南雨宏,副教授,博士生导师,院长助理。入选中央某部委人才项目、广东省重大人才工程项目、CCF高级会员、CCF计算机安全专委会、CCF网络与系统安全专委会执行委员。博士毕业于复旦大学,曾任美国普渡大学(Purdue University)计算机系博士后研究员,普渡CERIAS访问学者。

主要研究方向为系统安全及隐私保护。研究对象包括大模型智能体系统、移动互联网生态、区块链智能合约、APT攻击等。近年在USENIX Security、ACM CCS,NDSS, ICSE, FSE,ASE, ISSTA等系统安全及软件工程领域发表论文30余篇。主持国家自然科学基金面上项目、青年项目、广东省新一代电子信息(半导体)重点领域专项、广东省自然科学基金(面上)等国家、省部级项目。目前担任Usenix Security 26, ACM CCS 24-26、ACM/IEEE ASE 24, ASIACCS 21,22等国际会议程序委员会委员。担任IEEE TIFS, TDSC, TOPS,TMC, TSE,TOSEM等期刊审稿人。研究发现安全及隐私合规问题多次获得来自Google、Meta (Facebook)、X (Twitter)、Slack、国内三大电信运营商(移动、联通、电信)、以太坊基金会等机构的官方确认及致谢。

 

邮箱:

nanyh AT mail.sysu.edu.cn

 

研究内容:

系统软件安全攻防

  • 智能体应用安全
  • 大模型辅助安全攻防(漏洞检测、漏洞验证、漏洞利用)
  • 区块链平台安全(智能合约安全、客户端安全)
  • APT攻击检测

 

个人隐私保护

  • 智能体、端侧模型隐私保护
  • 敏感数据识别、数据脱敏
  • 隐私合规、隐私泄露检测

 

招生:

本年度尚有2名博士/硕士招生名额,研究方向为智能体安全、智能体可靠性,欢迎考研的同学邮件联系。长期招收校内外本科生参与课题/项目实习。

课题组为科研表现优异的同学提供多种形式的国内/海外学术交流访问机会,为优秀硕士生提供硕转博衔接培养机会。欢迎具有推免资格及考研的同学通过邮件与我取得联系。

 

科研项目:

  • 2026 - 2029:国家自然科学基金 面上项目,主持
  • 2025 - 2028:国家自然科学基金 内地-香港(NSFC-RGC)联合重点项目,合作高校负责人
  • 2025 - 2026:清华大学 互联网体系结构全国重点实验室课题 面上项目,主持
  • 2024 - 2025:工业和信息化部工业软件工程化与应用技术重点实验室课题,主持
  • 2024 - 2025:蚂蚁集团 校企合作项目,主持
  • 2022 - 2023:广东省新一代电子信息(半导体)重点领域专项,主持
  • 2023 - 2025:国家自然科学基金青年科学基金项目,主持
  • 2023 - 2025:广东省自然科学基金 面上项目,主持
  • 2022 - 2023:中央直属高校青年拔尖科研人才培育项目 ,主持
  • 2022 - 2023:阿里巴巴AIR创新基金,主持
  • 2021 - 2022:beat365唯一官方网站青年教师团队培育项目,参与

 

指导学生获奖情况:

  • 2025 “长城杯”信息安全铁人三项赛 作品赛 三等奖

  • 2025 全国大学生软件创新大赛-软件系统赛 华南赛区 一等奖,二等奖

  • 2024 全国大学生信息安全竞赛 作品赛 三等奖

  • 2023 全国大学生信息安全竞赛 作品赛 一等奖,三等奖,最具创新创业价值奖

  • 2023 中国网络安全产业联盟 网络安全优秀创新成果大赛 总决赛提名奖

  • 2023 粤港澳大湾区IT应用系统开发大赛 二等奖

  • 2023 广东省网络空间安全优秀论文 三等奖

  • 2023 美国大学生数学建模竞赛 特等奖 (前0.17%)

  • 2022 全国大学生数学建模竞赛 广东省赛区 二等奖

  • 2022 国家信息安全漏洞共享平台 CNVD高危漏洞确认 (共15项)

  • 2022 DataCon 大数据安全分析竞赛,软件安全赛道 优胜奖 (8/135)

 

讲授课程:

  • 2021 - 2026:SSE206/208 计算机网络 (本科)

  • 2021 - 2026:SSE5104 软件安全(研究生,本研贯通课程)

 

学术兼职:

组织委员会委员:

  • The 2nd ACM Workshop on Explainable and Reliable Software Systems (EXPRESS 2026) welcome to submit!

 

程序委员会委员:

  • The USENIX Security Symposium 2026
  • The ACM Conference on Computer and Communications Security (CCS) 2024,2025,2026
  • The Web Conference 2026 (WWW) 2025, 2026
  • The IEEE/ACM International Conference on Automated Software Engineering (ASE) 2024
  • ACM Asia Conference on Computer and Communications Security (ASIACCS) 2021, 2022
  • International Conference on Information and Communications Security (ICICS) 2021, 2022

 

期刊审稿人:

  • IEEE Transactions on Dependable and Secure Computing (TDSC).(CCF-A)
  • IEEE Transactions on Information Forensics and Security (TIFS). (CCF-A)
  • IEEE Transactions on Software Engineering (TSE).(CCF-A)
  • IEEE Transactions on Mobile Computing (TMC).(CCF-A)
  • ACM Transactions on Software Engineering and Methodology (TOSEM).(CCF-A)
  • ACM Computing Surveys (CSUR).(CCF-A)
  • ACM Transactions on Architecture and Code Optimization (TACO).(CCF-A)
  • ACM Transactions on Privacy and Security (TOPS). (CCF-B)

 

荣誉奖项:

  • 2025 Usenix Security 2025 Honorable Mention Award
  • 2024 移动互联网APP产品安全漏洞治理优秀案例(全国10项) 
  • 2023 浦江创新论坛 “青年先锋”称号(全国10人)
  • 2020 CSAW Applied Security Research Competition Top-10 Finalist,CSAW, 北美
  • 2020 USENIX WOOT 最佳论文奖
  • 2018 ACM SIGSAC China 优秀博士论文奖
  • 2018 复旦大学优秀博士毕业生
  • 2015 百度奖学金(20万元,全球10人), 百度在线网络技术有限公司

 

近五年代表性论文

  • [Preprint] AgentRaft: Automated Detection of Data Over-Exposure in LLM Agents. Yixi Lin*, Jiangrong Wu*, Yuhong Nan, Xueqiang Wang, Xinyuan Zhang, Zibin Zheng. arXiv preprint arXiv:2603.07557, 2026.
  • [Preprint] Control at Stake: Evaluating the Security Landscape of LLM-Driven Email Agents. Jiangrong Wu, Yuhong Nan, Jianliang Wu, Zitong Yao, Zibin Zheng. arXiv preprint arXiv:2507.02699, 2025.
  • [ICSE’26] Is My RPC Response Reliable? Detecting RPC Bugs in Ethereum Blockchain Client under Context. Zhijie Zhong, Yuhong Nan, Mingxi Ye, Qing Xue, Jiashui Wang, Xinlei Ying, Long Liu, Zibin Zheng. In Proceedings of the 48th ACM/IEEE International Conference on Software Engineering.
  • [Security’26] Cracking Federated Privacy: Initialization-Resilient Gradient Inversion with Fine-Grained Reconstruction. Kaiming Zhu, Jinsheng Yang, Siyang Guo, Huaqian Qin, Taiyu Wang, Junbo Wang, Yuhong Nan, Zibin Zheng. In USENIX Security Symposium 2026.
  • [ICSE’25] SmartReco: Detecting Read-Only Reentrancy via Fine-Grained Cross-DApp Analysis. Jingwen Zhang, Zibin Zheng, Yuhong Nan, Mingxi Ye, Kaiwen Ning, Yu Zhang, Weizhe Zhang. In Proceedings of the 47th ACM/IEEE International Conference on Software Engineering. ICSE 2025: 2138-2150.
  • [TOSEM’25] Detecting and Analyzing Fine-grained Third-party Library Dependencies in Solidity Smart Contracts. Sicheng Hao, Yuhong Nan, Zeqin Liao, Juan Zhai, and Zibin Zheng. ACM Transactions on Software Engineering and Methodology (2025).
  • [TSE’25] ASTRO: Detecting Access Control Vulnerabilities in Smart Contracts via Graph Similarity Comparison. Wei Li, Yuhong Nan, Mingxi Ye, Jingwen Zhang, Peilin Zheng, Zibin Zheng. IEEE Trans. Software Eng. 51(12): 3267-3283 (2025).
  • [TSE’25] Satellite: Detecting and Analyzing Smart Contract Vulnerabilities Caused by Subcontract Misuse. Zeqin Liao, Yuhong Nan, Zixu Gao, Henglong Liang, Sicheng Hao, Jiajing Wu, Zibin Zheng. IEEE Trans. Software Eng. 51(12): 3360-3375 (2025).
  • [TSE’25] Augmenting Smart Contract Decompiler Output Through Fine-Grained Dependency Analysis and LLM-Facilitated Semantic Recovery. Zeqin Liao, Yuhong Nan, Zixu Gao, Henglong Liang, Sicheng Hao, Peifan Reng, Zibin Zheng. IEEE Trans. Software Eng. 51(12): 3574-3590 (2025).
  • [ASE’25] Finding Insecure State Dependency in DApps via Multi-Source Tracing and Semantic Enrichment. Jingwen Zhang, Yuhong Nan, Wei Li, Kaiwen Ning, Zewei Lin, Zitong Yao, Yuming Feng, Weizhe Zhang, Zibin Zheng. In Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering. ASE 2025: 1529-1540.
  • [Security 25] Demystifying the (In)Security of QR Code-based Login in Real-world Deployments. Xin Zhang, Xiaohan Zhang, Bo Zhao, Yuhong Nan, Zhichen Liu, Jianzhou Chen, Huijun Zhou, Min Yang. In Proceedings of the 34th USENIX Security Symposium (USENIX Security'25), pp. 3161-3180 [Top] [CCF-A].
  • [ICSE 25] SmartReco: Detecting Read-Only Reentrancy via Fine-Grained Cross-DApp Analysis. Jingwen Zhang, Zibin Zheng, Yuhong Nan, Mingxi Ye, Kaiwen Ning, Yu Zhang, Weizhe Zhang. In Proceedings of the 47th IEEE/ACM International Conference on Software Engineering (ICSE 2025), pp. 2138-2150 [Top] [CCF-A].
  • [ICICS 25] Identifying Unusual Personal Data in Mobile Apps for Better Privacy Compliance Check. Jiatao Cheng, Yuhong Nan, Xueqiang Wang, Zhefan Chen, Yuliang Zhang. In Proceedings of the 18th International Conference on Information and Communications Security (ICICS 2025), pp. 545-563.
  • [Security 24] Navigating the Privacy Compliance Maze: Understanding Risks with Privacy-Configurable Mobile SDKs. Yifan Zhang, Zhaojie Hu, Xueqiang Wang, Yuhui Hong, Yuhong Nan, XiaoFeng Wang, Jiatao Cheng, Luyi Xing. In Proceedings of the 33th USENIX Security Symposium (USENIX Security’24) [Top] [CCF-A].
  • [CCS 24] Are We Getting Well-informed? An In-depth Study of Runtime Privacy Notice Practice in Mobile Apps. Shuai Li, Zhemin Yang, Yuhong Nan, Shutian Yu, Qirui Zhu, Min Yang. In Proceedings of the 31st ACM Conference on Computer and Communications Security, CCS’24. [Top] [CCF-A].
  • [CCS 24] Understanding Cross-Platform Referral Traffic for Illicit Drug Promotion. Mingming Zha, Zilong Lin, Siyuan Tang, Xiaojing Liao, Yuhong Nan, XiaoFeng Wang. In Proceedings of the 31st ACM Conference on Computer and Communications Security, CCS’24. [Top] [CCF-A].
  • [NDSS 24] Leaking the Privacy of Groups and More: Understanding Privacy Risks of Cross-App Content Sharing in Mobile Ecosystem. Jiangrong Wu, Yuhong Nan, Luyi Xing, Jiatao Cheng, Zimin Lin, Zibin Zheng, Min Yang. In proceedings of the 31th Network and Distributed System Security Symposium [Top] [CCF-A].
  • [Security 24] MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning. Zian Jia, Yun Xiong, Yuhong Nan, Yao Zhang, Jinjing Zhao, Mi Wen. In Proceedings of the 33th USENIX Security Symposium (USENIX Security’24) [Top] [CCF-A].
  • [FSE 24] SmartAxe: Detecting Cross-Chain Vulnerabilities in Bridge Smart Contracts via Fine-Grained Static Analysis. Zeqin Liao, Yuhong Nan, Henglong Liang, Sicheng Hao, Juan Zhai, Jiajing Wu, Zibin Zheng. Proc. ACM Softw. Eng. 1(FSE): 249-270 (2024). [Top] [CCF-A].
  • [ASE 23] SmartCoco: Checking Comment-code Inconsistency in Smart Contracts via Constraint Propagation and Binding. Sicheng Hao, Yuhong Nan, Zibin Zheng, Xiaohui Liu. In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering [Top] [CCF-A].
  • [Security 23] AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts. Hailun Ding, Juan Zhai, Yuhong Nan and Shiqing Ma. In Proceedings of the 32th USENIX Security Symposium (USENIX Security’23) [Top] [CCF-A].
  • [Security 23] Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps. Yuhong Nan, Xueqiang Wang, Luyi Xing, Xiaojing Liao, Ruoyu Wu, Jianliang Wu, Yifan Zhang, and XiaoFeng Wang. In Proceedings of the 32th USENIX Security Symposium [Top] [CCF-A].
  • [Security 22] ProFactory: Improving IoT Security via Formalized Protocol Customization. Fei Wang, Jianliang Wu, Yuhong Nan, Yousra Aafer, Xiangyu Zhang, Dongyan Xu, and Mathias Payer. In Proceedings of the 31th USENIX Security Symposium (USENIX Security’22) [Top] [CCF A].
  • [NDSS 22] Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat Systems. Mingming Zha, Jice Wang, Yuhong Nan, XiaoFeng Wang, Yuqing Zhang, and Weidong Jing. In Proceedings of the 29th Network and Distributed System Security Symposium (NDSS’22) [Top] [CCF A].
  • [NDSS 21] On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices. Zeyu Lei, Yuhong Nan, Yanick Fratantonio and Antonio Bianchi. In Proceedings of the 28th Network and Distributed System Security Symposium (Acceptance ratio 15.2%), [Top] [CCF A].
  • [Security 21] Understanding Malicious Cross-library Data Harvesting on Android. Jice Wang, Yue Xiao, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, Jinwei Dong, Nicolas Serrano, Haoran Lu, Xiaofeng Wang, and Yuqing Zhang. In Proceedings of the 30th USENIX Security Symposium [Top] [CCF-A].
  • [Security 21] ATLAS: A Sequence-based Learning Approach for Attack Investigation. Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Berkay Celik, Xiangyu Zhang and Dongyan Xu. In proceedings of the 30th USENIX Security Symposium [Top] [CCF-A]