Jianjia Yu

Jianjia Yu

Ph.D Student

Johns Hopkins University

Email:

Research Insterests: Web Security, System Security, Program Analysis

Linkedin | Google Scholar | Github | Resume | CV

I am final-year Ph.D Student in Computer Science at Johns Hopkins University , advised by Prof. Yinzhi Cao.

My research focuses on Web Security, System Security, and Program Analysis. Specifically, I design and develop techniques for vulnerability detection and privacy leak analysis through both static and dynamic program analysis methods.

Before JHU, I received my bachelor's degree at Computer Science Department of Zhejiang University in 2020.
I was a member of ACEE, Chu Kochen College .

Publications

The First Large-Scale Systematic Study of Python Class Pollution Vulnerability

Zhengyu Liu, Jiacheng Zhong, Jianjia Yu, Muxi Lyu, Zifeng Kang, and Yinzhi Cao

[S&P 2026 (To appear) ] Paper | Slides | Poster

The DOMino Effect: Detecting and Exploiting DOM Clobbering Gadgets via Concolic Execution with Symbolic DOM

🏆 Honorable Mention (6% of accepcted papers)

Artifact Badges: Available, Functional, Results Reproduced

Zhengyu Liu, Theo Lee, Jianjia Yu, Zifeng Kang, and Yinzhi Cao

[Security 2025] Paper | Slides | Poster

Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites

🏆 Distinguished Paper Award

Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, and Yinzhi Cao

[S&P 2025] Paper

RogueOne: Detecting Rogue Updates via Differential Data-flow Analysis Using Trust Domains

Raphael J. Sofaer, Yaniv David, Mingqing Kang, Jianjia Yu, Yinzhi Cao, Junfeng Yang, and Jason Nieh

[ICSE 2024] Paper

CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation

🏆 Distinguished Paper Award

Jianjia Yu, Song Li, Junmin Zhu, and Yinzhi Cao

[CCS 2023] Paper | Code

MiniTaintDev: Unveiling Mini-App Vulnerabilities through Dynamic Taint Analysis

Jianjia Yu, Zifeng Kang, and Yinzhi Cao

[ACM Workshop on Secure and Trustworthy Superapps (SaTS) 2023] Paper

Rendering Contention Channel Made Practical in Web Browsers

Shujiang Wu, Jianjia Yu , Min Yang, and Yinzhi Cao

[Security 2022] Paper

Talks

The DOMino Effect: Detecting and Exploiting DOM Clobbering Gadgets via Concolic Execution with Symbolic DOM

[DEFCON 33] Slides | Video

Experience

Research Assistant, Johns Hopkins University	2020 Sep. - Present
Advisor: Prof. Yinzhi Cao
Research Assistant, Zhejiang University	2020 Mar. - 2020 Jun.
Advisor: Prof. Shouling Ji
Research Assistant, Johns Hopkins University	2019 Jul. - 2019 Nov.
Advisor: Prof. Yinzhi Cao
Research Assistant, Zhejiang University	2018 Nov. - 2019 Jul.
Advisor: Prof. Kejun Zhang

Professional Services

Program Committee

• Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2025)

• The Annual Computer Security Applications Conference (ACSAC 2025)

Reviewer

• The IEEE Transactions on Information Forensics and Security (IEEE T-IFS 2024)

Artifact Evaluation Committee

• The 34th USENIX Security Symposium (USENIX Security 2025)

• The Annual Computer Security Applications Conference (ACSAC 2023)

External reviewer

• The 28th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2025)

• The 34th USENIX Security Symposium (USENIX Security 2025)

• The 46th IEEE Symposium on Security and Privacy (S&P 2025)

• The 19th ACM ASIA Conference on Computer and Communications Security (ASIACCS 2024)

• The 30th USENIX Security Symposium (USENIX Security 2021)

Organizer and Volunteer

• The 52nd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2022)

Teaching Experience

• Course Assistant, EN 601.640 - Web Security, JHU	2023 Fall, 2022 Fall
• Teaching Assistant, EN 601.280 - Full Stack JavaScript, JHU	2022 Spring

CVEs

CVE	App
• CVE-2025-29509	Jan
• CVE-2025-54063	Cherry Studio
• CVE-2025-58176	Dive
• CVE-2025-50477	lbry-desktop
• CVE-2025-44109	Pinokio
• CVE-2025-54374	Eidos
• CVE-2025-58357	5ire
• CVE-2025-55733	deepchat
• CVE-2025-8535	nanovault
• CVE-2025-64743	paperlib
• CVE-2025-55204	muffon

Misc

• My name "蒹葭"" originates from the Classic of Poetry《诗经》, where "蒹葭" refers to reeds. My name "bothered" me a lot when I was young and was not very skilled at handwriting--just count the strokes! My English name is Suzy, written as "苏茜" in Chinese. Try to find something in common between them.

• I play Pipa, a traditional Chinese instrument. I am a member of Hopkins East Asian Traditional (HEAT) Ensemble. Check out our Youtube and Instagram.

• See Gallery if you think Sony is the best camera and I am the best photographer.

• Want to know more? Check my Vlogs.