Qinsheng Hou (侯勤胜)

About me

I am a Ph.D. candidate at Shandong University, advised by Prof. Shanqing Guo and Prof. Haixin Duan. Currently, I also work with Dr. Lingyun Ying at QI-ANXIN Technology Research Institute. I ever worked/interned at JD.com and ISCAS. My research interests are primarily in Mobile Security, Software Supply Chain Security, and IoT Security.

Publications

2024

  1. [WWW’24] Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying, Wenrui Diao, Yanan Li, Shanqing Guo, and Haixin Duan. From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps. The 33rd ACM Web Conference, Singapore. May 13-17, 2024. [Top] [CCF A] [QAX]

2023

  1. [APSEC’23] Shishuai Yang, Qinsheng Hou (✉️), Shuang Li, and Wenrui Diao (✉️). Do App Developers Follow the Android Official Security Guidelines? The 30th Asia-Pacific Software Engineering Conference, Seoul, Korea. December 4-7, 2023. [CCF C] [Conference]
  2. [IEEE TDSC] Libo Chen, Yanhao Wang, Jiaqi Linghu, Qinsheng Hou, Quanpu Cai, Shanqing Guo, and Zhi Xue. SaTC: Shared-Keyword Aware Taint Checking for Detecting Bugs in Embedded Systems. IEEE Transactions on Dependable and Secure Computing, Early Access, 2023. [CCF A] [Journal]
  3. [IEEE TSE] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Chenglin Mao, Lingyun Ying, Song Liu, Xiaofeng Liu, Yuanzhi Li, Shanqing Guo, Meining Nie, and Haixin Duan. Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem. IEEE Transactions on Software Engineering, 49(7): 3901-3921, 2023. [CCF A] [Journal]

2022

  1. [Euro S&P’22] Huikai Xu, Miao Yu, Yanhao Wang, Yue Liu, Qinsheng Hou, Zhenbang Ma, Haixin Duan, Jianwei Zhuge, and Baojun Liu. Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers. The 7th IEEE European Symposium on Security and Privacy, Genoa, Italy. June 6-10, 2022. [CCF C] [PDF] [QAX] [Gossip]
  2. [ICSE’22] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, and Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF] [Conference] [QAX] [Gossip]

2021

  1. [USENIX Security’21] Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, and Zhi Xue. Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems. The 30th USENIX Security Symposium, Virtual. August 11-13, 2021. [Top] [CCF A] [PDF] [Conference] [Gossip] [SJTU]

2020

  1. [ASIA CCS’20] Qinsheng Hou, Yao Cheng, and Lingyun Ying. NativeX: Native Executioner Freezes Android. The 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan, October 5-9, 2020. [CCF C] [PDF] [Conference] [QAX] [Gossip]

Projects and Competitions

Talks

Vulnerabilities and Acknowledgments

  • Acknowledgments (厂商致谢)
  • CVE (5)
    • 2021: CVE-2021-22486, CVE-2021-26281, CVE-2021-26279, CVE-2021-21742, CVE-2021-3720
  • CNVD (43)
    • 2023: CNVD-2023-60618, CNVD-2023-59491, CNVD-2023-59021, CNVD-2023-52831, CNVD-2023-52830, CNVD-2023-37621, CNVD-2023-30405, CNVD-2023-27536, CNVD-2023-27535, CNVD-2023-27534
    • 2021: CNVD-2021-67925, CNVD-2021-50158, CNVD-2021-42966, CNVD-2021-42949, CNVD-2021-44383, CNVD-2021-44382, CNVD-2021-48937, CNVD-2021-50157, CNVD-2021-42965, CNVD-2021-42964, CNVD-2021-42963, CNVD-2021-46708, CNVD-2021-48955, CNVD-2021-40258, CNVD-2021-37375, CNVD-2021-41512, CNVD-2021-40261, CNVD-2021-40262, CNVD-2021-37377, CNVD-2021-44691, CNVD-2021-40254, CNVD-2021-40255, CNVD-2021-40721, CNVD-2021-40259, CNVD-2021-41513, CNVD-2021-40256, CNVD-2021-40257, CNVD-2021-67925
    • 2020: CNVD-2020-33098, CNVD-2020-38456, CNVD-2020-28792
  • SVE (3)
    • 2022: SVE-2022-1177, SVE-2022-1178, SVE-2022-1179

Patents

  • 侯勤胜, 应凌云, 聂眉宁. 一种对应用程序进行测试的方法及装置, 发明专利, 2023, 专利号: ZL201910489985.1
  • 侯勤胜, 应凌云, 聂眉宁. 一种阻止基于原生代码攻击操作系统的方法及装置, 发明专利, 2021, 专利号: ZL201910489983.2

Services

  • Reviewer
    • SecureComm 2023
  • External Reviewer
    • ISSRE 2022
    • ESORICS 2020
  • Others
    • 电子科技大学协议副研究员
    • 网络安全学院学生创新资助计划指导老师 [SDU] [SJTU]
    • 东南大学专业学位硕士研究生校外指导教师
    • “观安杯”网络安全技能竞赛特聘专家