Photo
Jianjia Yu

Ph.D Student

Johns Hopkins University

Email

Research Insterests: Web Security, System Security, Program Analysis

Linkedin / Google Scholar / Github / Resume / CV / Gallery

Hi there! I am a Ph.D Student (2020-) of Computer Science at Johns Hopkins University , where I am advised by Prof. Yinzhi Cao.

My research focuses on Web Security, System Security, and Program Analysis. Specifically, I design and develop techniques for vulnerability detection and privacy leak analysis through both static and dynamic program analysis methods.

Before JHU, I received my bachelor's degree at Computer Science Department of Zhejiang University in 2020.
I was a member of ACEE, Chu Kochen College .

Publications

The DOMino Effect: Detecting and Exploiting DOM Clobbering Gadgets via Concolic Execution with Symbolic DOM
Zhengyu Liu, Theo Lee, Jianjia Yu, Zifeng Kang, and Yinzhi Cao
Security 2025 (Accept on shepherd approval) / Paper

Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites
Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, and Yinzhi Cao
S&P 2025 / Paper

RogueOne: Detecting Rogue Updates via Differential Data-flow Analysis Using Trust Domains
Raphael J. Sofaer, Yaniv David, Mingqing Kang, Jianjia Yu, Yinzhi Cao, Junfeng Yang, and Jason Nieh
ICSE 2024 / Paper

CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation
Distinguished Paper Award
Jianjia Yu, Song Li, Junmin Zhu, and Yinzhi Cao
CCS 2023 / Paper / Code

MiniTaintDev: Unveiling Mini-App Vulnerabilities through Dynamic Taint Analysis
Jianjia Yu, Zifeng Kang, and Yinzhi Cao
ACM Workshop on Secure and Trustworthy Superapps (SaTS) 2023 / Paper

Rendering Contention Channel Made Practical in Web Browsers
Shujiang Wu, Jianjia Yu , Min Yang, and Yinzhi Cao
Security 2022 / Paper

Experience

Research Assistant, Johns Hopkins University 2020 Sep. - Present
Advisor: Prof. Yinzhi Cao
Research Assistant, Zhejiang University 2020 Mar. - 2020 Jun.
Advisor: Prof. Shouling Ji
Research Assistant, Johns Hopkins University 2019 Jul. - 2019 Nov.
Advisor: Prof. Yinzhi Cao
Research Assistant, Zhejiang University 2018 Nov. - 2019 Jul.
Advisor: Prof. Kejun Zhang

Professional Services

Program Committee

• Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2025) 2025

Reviewer

• The IEEE Transactions on Information Forensics and Security (IEEE T-IFS) 2024

Artifact Evaluation Committee

• The 34th USENIX Security Symposium (USENIX Security 2025) 2025
• The Annual Computer Security Applications Conference (ACSAC 2023) 2022

External reviewer

• The 46th IEEE Symposium on Security and Privacy (S&P 2025) 2024
• The 19th ACM ASIA Conference on Computer and Communications Security (ASIACCS 2024) 2023
• The USENIX Security Symposium 21'Fall (USENIX Security 2021) 2021

Organizer and Volunteer

• The 52nd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2022) 2022

Teaching Experience

• Course Assistant, EN 601.640 - Web Security, JHU 2023 Fall, 2022 Fall
• Teaching Assistant, EN 601.280 - Full Stack JavaScript, JHU 2022 Spring

Misc

• My name "蒹葭"" originates from the Classic of Poetry《诗经》, where "蒹葭" refers to reeds. My name "bothered" me a lot when I was young and was not very skilled at handwriting--just count the strokes! My English name is Suzy, written as "苏茜" in Chinese. Try to find something in common between them.
• I play Pipa, a traditional Chinese instrument. I am a member of Hopkins East Asian Traditional (HEAT) Ensemble. Check out our Youtube and Instagram.
• See Gallery if you think Sony is the best camera and I am the best photographer.
• Want to know more? Check my Vlogs.

© Johns Hopkins University.